2 rcs_id('$Id: WikiAdminSetAcl.php,v 1.23 2005-02-12 17:24:24 rurban Exp $');
4 Copyright 2004 $ThePhpWikiProgrammingTeam
6 This file is part of PhpWiki.
8 PhpWiki is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 PhpWiki is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with PhpWiki; if not, write to the Free Software
20 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
24 * Set individual PagePermissions
26 * Usage: <?plugin WikiAdminSetAcl ?> or called via WikiAdminSelect
27 * Author: Reini Urban <rurban@x-ray.at>
30 * Requires PHP 4.2 so far.
32 require_once('lib/PageList.php');
33 require_once('lib/plugin/WikiAdminSelect.php');
35 class WikiPlugin_WikiAdminSetAcl
36 extends WikiPlugin_WikiAdminSelect
39 return _("WikiAdminSetAcl");
42 function getDescription() {
43 return _("Set individual page permissions.");
46 function getVersion() {
47 return preg_replace("/[Revision: $]/", '',
48 "\$Revision: 1.23 $");
51 function getDefaultArguments() {
54 PageList::supportedArgs(),
56 'p' => "[]", // list of pages
57 's' => false, /* select by pagename */
58 /* Columns to include in listing */
59 'info' => 'pagename,perm,mtime,owner,author',
63 function setaclPages(&$request, $pages, $acl) {
66 $dbi =& $request->_dbi;
67 // check new_group and new_perm
68 if (isset($acl['_add_group'])) {
69 //add groups with perm
70 foreach ($acl['_add_group'] as $access => $dummy) {
71 $group = $acl['_new_group'][$access];
72 $acl[$access][$group] = isset($acl['_new_perm'][$access]) ? 1 : 0;
74 unset($acl['_add_group']);
76 unset($acl['_new_group']); unset($acl['_new_perm']);
77 if (isset($acl['_del_group'])) {
78 //del groups with perm
79 foreach ($acl['_del_group'] as $access => $del) {
80 while (list($group,$dummy) = each($del))
81 unset($acl[$access][$group]);
83 unset($acl['_del_group']);
85 if ($perm = new PagePermission($acl)) {
87 foreach ($pages as $pagename) {
88 // check if unchanged? we need a deep array_equal
89 $page = $dbi->getPage($pagename);
90 $oldperm = getPagePermissions($page);
93 if ($oldperm and $perm->equal($oldperm->perm)) // (serialize($oldperm->perm) == serialize($perm->perm))
94 $ul->pushContent(HTML::li(fmt("ACL not changed for page '%s'.",$pagename)));
95 elseif (mayAccessPage('change', $pagename)) {
96 setPagePermissions ($page, $perm);
97 $ul->pushContent(HTML::li(fmt("ACL changed for page '%s'.",$pagename)));
100 $ul->pushContent(HTML::li(fmt("Access denied to change page '%s'.",$pagename)));
104 $ul->pushContent(HTML::li(fmt("Invalid ACL")));
109 HTML::p(fmt("%s pages have been changed.",$count)));
112 HTML::p(fmt("No pages changed.")));
116 function run($dbi, $argstr, &$request, $basepage) {
118 // return $this->disabled("WikiAdminSetAcl not yet enabled. Set DEBUG to try it.");
119 if ($request->getArg('action') != 'browse')
120 if ($request->getArg('action') != _("PhpWikiAdministration/SetAcl"))
121 return $this->disabled("(action != 'browse')");
122 if (!ENABLE_PAGEPERM)
123 return $this->disabled("ENABLE_PAGEPERM = false");
125 $args = $this->getArgs($argstr, $request);
126 $this->_args = $args;
127 $this->preSelectS($args, $request);
129 $p = $request->getArg('p');
130 $post_args = $request->getArg('admin_setacl');
131 $next_action = 'select';
133 if ($p && !$request->isPost())
135 elseif ($this->_list)
136 $pages = $this->_list;
138 if ($p && $request->isPost() &&
139 !empty($post_args['acl']) && empty($post_args['cancel'])) {
140 // without individual PagePermissions:
141 if (!ENABLE_PAGEPERM and !$request->_user->isAdmin()) {
142 $request->_notAuthorized(WIKIAUTH_ADMIN);
143 $this->disabled("! user->isAdmin");
145 if ($post_args['action'] == 'verify') {
147 $header->pushContent(
148 $this->setaclPages($request, array_keys($p),
149 $request->getArg('acl')));
151 if ($post_args['action'] == 'select') {
152 if (!empty($post_args['acl']))
153 $next_action = 'verify';
154 foreach ($p as $name => $c) {
159 if ($next_action == 'select' and empty($pages)) {
160 // List all pages to select from.
161 $pages = $this->collectPages($pages, $dbi, $args['sortby'], $args['limit'], $args['exclude']);
163 if ($next_action == 'verify') {
164 $args['info'] = "checkbox,pagename,perm,mtime,owner,author";
166 $pagelist = new PageList_Selectable($args['info'],
168 array('types' => array(
170 => new _PageList_Column_perm('perm', _("Permission")),
172 => new _PageList_Column_acl('acl', _("ACL")))));
174 $pagelist->addPageList($pages);
175 if ($next_action == 'verify') {
176 $button_label = _("Yes");
177 $header = $this->setaclForm($header, $post_args, $pages);
178 $header->pushContent(
179 HTML::p(HTML::strong(
180 _("Are you sure you want to permanently change access to the selected files?"))));
183 $button_label = _("SetAcl");
184 $header = $this->setaclForm($header, $post_args, $pages);
185 $header->pushContent(HTML::p(_("Select the pages to change:")));
188 $buttons = HTML::p(Button('submit:admin_setacl[acl]', $button_label, 'wikiadmin'),
189 Button('submit:admin_setacl[cancel]', _("Cancel"), 'button'));
191 return HTML::form(array('action' => $request->getPostURL(),
194 $pagelist->getContent(),
195 HiddenInputs($request->getArgs(),
197 array('admin_setacl')),
198 HiddenInputs(array('admin_setacl[action]' => $next_action)),
201 : HiddenInputs(array('require_authority_for_post' => WIKIAUTH_ADMIN)),
205 function setaclForm(&$header, $post_args, $pagehash) {
206 $acl = $post_args['acl'];
208 //FIXME: find intersection of all pages perms, not just from the last pagename
210 foreach ($pagehash as $name => $checked) {
211 if ($checked) $pages[] = $name;
213 $perm_tree = pagePermissions($name);
214 $table = pagePermissionsAclFormat($perm_tree, !empty($pages));
215 $header->pushContent(HTML::strong(_("Selected Pages: ")), HTML::tt(join(', ',$pages)), HTML::br());
216 $first_page = $GLOBALS['request']->_dbi->getPage($name);
217 $owner = $first_page->getOwner();
218 list($type, $perm) = pagePermissionsAcl($perm_tree[0], $perm_tree);
219 //if (DEBUG) $header->pushContent(HTML::pre("Permission tree for $name:\n",print_r($perm_tree,true)));
220 if ($type == 'inherited')
221 $type = sprintf(_("page permission inherited from %s"), $perm_tree[1][0]);
222 elseif ($type == 'page')
223 $type = _("invidual page permission");
224 elseif ($type == 'default')
225 $type = _("default page permission");
226 $header->pushContent(HTML::strong(_("Type").': '), HTML::tt($type),HTML::br());
227 $header->pushContent(HTML::strong(_("getfacl").': '), pagePermissionsSimpleFormat($perm_tree, $owner),HTML::br());
228 $header->pushContent(HTML::strong(_("ACL").': '), HTML::tt($perm->asAclLines()),HTML::br());
230 $header->pushContent(HTML::p(HTML::strong(_("Description").': '),
231 _("Selected Grant checkboxes allow access, unselected checkboxes deny access."),
232 _("To ignore delete the line."),
233 _("To add check 'Add' near the dropdown list.")
235 $header->pushContent(HTML::blockquote($table));
237 // display array of checkboxes for existing perms
238 // and a dropdown for user/group to add perms.
239 // disabled if inherited,
240 // checkbox to disable inheritance,
241 // another checkbox to progate new permissions to all childs (if there exist some)
243 // warn if more pages are selected and they have different perms
244 //$header->pushContent(HTML::input(array('name' => 'admin_setacl[acl]',
245 // 'value' => $post_args['acl'])));
246 $header->pushContent(HTML::br());
247 if (!empty($pages) and DEBUG) {
248 $checkbox = HTML::input(array('type' => 'checkbox',
249 'name' => 'admin_setacl[updatechildren]',
251 if (!empty($post_args['updatechildren'])) $checkbox->setAttr('checked','checked');
252 $header->pushContent($checkbox,
253 _("Propagate new permissions to all subpages?"),
254 HTML::raw(" "),
255 HTML::em(_("(disable individual page permissions, enable inheritance)?")),
256 HTML::br(),HTML::em(_("(Currently not working)"))
259 $header->pushContent(HTML::hr(),HTML::p());
264 class _PageList_Column_acl extends _PageList_Column {
265 function _getValue ($page_handle, &$revision_handle) {
266 $perm_tree = pagePermissions($page_handle->_pagename);
267 return pagePermissionsAclFormat($perm_tree);
271 class _PageList_Column_perm extends _PageList_Column {
272 function _getValue ($page_handle, &$revision_handle) {
273 $perm_array = pagePermissions($page_handle->_pagename);
274 return pagePermissionsSimpleFormat($perm_array,
275 $page_handle->get('author'),
276 $page_handle->get('group'));
280 // $Log: not supported by cvs2svn $
281 // Revision 1.22 2005/01/25 08:05:17 rurban
282 // protect against !ENABLE_PAGEPERM
284 // Revision 1.21 2004/11/23 15:17:20 rurban
285 // better support for case_exact search (not caseexact for consistency),
286 // plugin args simplification:
287 // handle and explode exclude and pages argument in WikiPlugin::getArgs
288 // and exclude in advance (at the sql level if possible)
289 // handle sortby and limit from request override in WikiPlugin::getArgs
290 // ListSubpages: renamed pages to maxpages
292 // Revision 1.20 2004/11/01 10:43:59 rurban
293 // seperate PassUser methods into seperate dir (memory usage)
294 // fix WikiUser (old) overlarge data session
295 // remove wikidb arg from various page class methods, use global ->_dbi instead
298 // Revision 1.19 2004/06/16 10:38:59 rurban
299 // Disallow refernces in calls if the declaration is a reference
300 // ("allow_call_time_pass_reference clean").
301 // PhpWiki is now allow_call_time_pass_reference = Off clean,
302 // but several external libraries may not.
303 // In detail these libs look to be affected (not tested):
307 // Revision 1.18 2004/06/14 11:31:39 rurban
308 // renamed global $Theme to $WikiTheme (gforge nameclash)
309 // inherit PageList default options from PageList
310 // default sortby=pagename
311 // use options in PageList_Selectable (limit, sortby, ...)
312 // added action revert, with button at action=diff
313 // added option regex to WikiAdminSearchReplace
315 // Revision 1.17 2004/06/13 15:33:20 rurban
316 // new support for arguments owner, author, creator in most relevant
317 // PageList plugins. in WikiAdmin* via preSelectS()
319 // Revision 1.16 2004/06/08 13:50:43 rurban
320 // show getfacl and acl line
322 // Revision 1.15 2004/06/08 10:05:12 rurban
323 // simplified admin action shortcuts
325 // Revision 1.14 2004/06/07 22:28:06 rurban
326 // add acl field to mimified dump
328 // Revision 1.13 2004/06/04 20:32:54 rurban
329 // Several locale related improvements suggested by Pierrick Meignen
330 // LDAP fix by John Cole
331 // reanable admin check without ENABLE_PAGEPERM in the admin plugins
333 // Revision 1.12 2004/06/03 22:24:48 rurban
334 // reenable admin check on !ENABLE_PAGEPERM, honor s=Wildcard arg, fix warning after Remove
336 // Revision 1.11 2004/06/01 15:28:02 rurban
337 // AdminUser only ADMIN_USER not member of Administrators
338 // some RateIt improvements by dfrankow
339 // edit_toolbar buttons
341 // Revision 1.10 2004/05/27 17:49:06 rurban
342 // renamed DB_Session to DbSession (in CVS also)
343 // added WikiDB->getParam and WikiDB->getAuthParam method to get rid of globals
344 // remove leading slash in error message
345 // added force_unlock parameter to File_Passwd (no return on stale locks)
346 // fixed adodb session AffectedRows
347 // added FileFinder helpers to unify local filenames and DATA_PATH names
348 // editpage.php: new edit toolbar javascript on ENABLE_EDIT_TOOLBAR
350 // Revision 1.9 2004/05/24 17:34:53 rurban
353 // Revision 1.8 2004/05/16 22:32:54 rurban
356 // Revision 1.7 2004/05/16 22:07:35 rurban
357 // check more config-default and predefined constants
358 // various PagePerm fixes:
359 // fix default PagePerms, esp. edit and view for Bogo and Password users
360 // implemented Creator and Owner
361 // BOGOUSERS renamed to BOGOUSER
362 // fixed syntax errors in signin.tmpl
364 // Revision 1.5 2004/04/07 23:13:19 rurban
365 // fixed pear/File_Passwd for Windows
366 // fixed FilePassUser sessions (filehandle revive) and password update
368 // Revision 1.4 2004/03/17 20:23:44 rurban
369 // fixed p[] pagehash passing from WikiAdminSelect, fixed problem removing pages with [] in the pagename
371 // Revision 1.3 2004/03/12 13:31:43 rurban
372 // enforce PagePermissions, errormsg if not Admin
374 // Revision 1.2 2004/02/24 04:02:07 rurban
375 // Better warning messages
377 // Revision 1.1 2004/02/23 21:30:25 rurban
378 // more PagePerm stuff: (working against 1.4.0)
379 // ACL editing and simplification of ACL's to simple rwx------ string
388 // c-hanging-comment-ender-p: nil
389 // indent-tabs-mode: nil