lib/plugin/WikiAdminSetAcl.php

   1 <?php // -*-php-*-
   2 rcs_id('$Id: WikiAdminSetAcl.php,v 1.10 2004-05-27 17:49:06 rurban Exp $');
   3 /*
   4  Copyright 2004 $ThePhpWikiProgrammingTeam
   5
   6  This file is part of PhpWiki.
   7
   8  PhpWiki is free software; you can redistribute it and/or modify
   9  it under the terms of the GNU General Public License as published by
  10  the Free Software Foundation; either version 2 of the License, or
  11  (at your option) any later version.
  12
  13  PhpWiki is distributed in the hope that it will be useful,
  14  but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16  GNU General Public License for more details.
  17
  18  You should have received a copy of the GNU General Public License
  19  along with PhpWiki; if not, write to the Free Software
  20  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  21  */
  22
  23 /**
  24  * Set individual PagePermissions
  25  *
  26  * Usage:   <?plugin WikiAdminSetAcl ?> or called via WikiAdminSelect
  27  * Author:  Reini Urban <rurban@x-ray.at>
  28  *
  29  * KNOWN ISSUES:
  30  * Doesn't accept yet s=wildcard preselection
  31  * Fixed to use PagePermissions authorization.
  32  *   (require_authority_for_post != WIKIAUTH_ADMIN)
  33  * Requires PHP 4.2 so far.
  34  */
  35 require_once('lib/PageList.php');
  36 require_once('lib/plugin/WikiAdminSelect.php');
  37
  38 class WikiPlugin_WikiAdminSetAcl
  39 extends WikiPlugin_WikiAdminSelect
  40 {
  41     function getName() {
  42         return _("WikiAdminSetAcl");
  43     }
  44
  45     function getDescription() {
  46         return _("Set individual page permissions.");
  47     }
  48
  49     function getVersion() {
  50         return preg_replace("/[Revision: $]/", '',
  51                             "\$Revision: 1.10 $");
  52     }
  53
  54     function getDefaultArguments() {
  55         return array(
  56                      'p'        => "[]",
  57                      /* Pages to exclude in listing */
  58                      'exclude'  => '',
  59                      /* Columns to include in listing */
  60                      'info'     => 'pagename,perm,mtime,owner,author',
  61                      /* How to sort */
  62                      'sortby'   => 'pagename',
  63                      'limit'    => 0,
  64                      );
  65     }
  66
  67     function setaclPages(&$request, $pages, $acl) {
  68         $ul = HTML::ul();
  69         $count = 0;
  70         $dbi =& $request->_dbi;
  71         // check new_group and new_perm
  72         if (isset($acl['_add_group'])) {
  73             //add groups with perm
  74             foreach ($acl['_add_group'] as $access => $dummy) {
  75                 $group = $acl['_new_group'][$access];
  76                 $acl[$access][$group] = isset($acl['_new_perm'][$access]) ? 1 : 0;
  77             }
  78             unset($acl['_add_group']); unset($acl['_new_group']); unset($acl['_new_perm']);
  79         }
  80         if (isset($acl['_del_group'])) {
  81             //del groups with perm
  82             foreach ($acl['_del_group'] as $access => $del) {
  83                 while (list($group,$dummy) = each($del))
  84                     unset($acl[$access][$group]);
  85             }
  86             unset($acl['_del_group']);
  87         }
  88         if ($perm = new PagePermission($acl)) {
  89             $perm->sanify();
  90             foreach ($pages as $pagename) {
  91                 // check if unchanged? we need a deep array_equal
  92                 $page = $dbi->getPage($pagename);
  93                 $oldperm = getPagePermissions($page);
  94                 $oldperm->sanify();
  95                 if ($perm->equal($oldperm->perm)) // (serialize($oldperm->perm) == serialize($perm->perm))
  96                     $ul->pushContent(HTML::li(fmt("ACL not changed for page '%s'.",$pagename)));
  97                 elseif (mayAccessPage('change',$pagename)) {
  98                     setPagePermissions ($page,$perm);
  99                     $ul->pushContent(HTML::li(fmt("ACL changed for page '%s'.",$pagename)));
 100                     $count++;
 101                 } else {
 102                     $ul->pushContent(HTML::li(fmt("Access denied to change page '%s'.",$pagename)));
 103                 }
 104             }
 105         } else {
 106             $ul->pushContent(HTML::li(fmt("Invalid ACL")));
 107         }
 108         if ($count) {
 109             $dbi->touch();
 110             return HTML($ul,
 111                         HTML::p(fmt("%s pages have been changed.",$count)));
 112         } else {
 113             return HTML($ul,
 114                         HTML::p(fmt("No pages changed.")));
 115         }
 116     }
 117
 118     function run($dbi, $argstr, &$request, $basepage) {
 119         //if (!DEBUG)
 120         //    return $this->disabled("WikiAdminSetAcl not yet enabled. Set DEBUG to try it.");
 121
 122         $args = $this->getArgs($argstr, $request);
 123         $this->_args = $args;
 124         if (!empty($args['exclude']))
 125             $exclude = explodePageList($args['exclude']);
 126         else
 127             $exclude = false;
 128
 129         $p = $request->getArg('p');
 130         $post_args = $request->getArg('admin_setacl');
 131         $next_action = 'select';
 132         $pages = array();
 133         if ($p && !$request->isPost())
 134             $pages = $p;
 135         $header = HTML::p();
 136         if ($p && $request->isPost() &&
 137             !empty($post_args['acl']) && empty($post_args['cancel'])) {
 138
 139             // DONE: check individual PagePermissions
 140             /*
 141             if (!$request->_user->isAdmin()) {
 142                 $request->_notAuthorized(WIKIAUTH_ADMIN);
 143                 $this->disabled("! user->isAdmin");
 144             }
 145             */
 146             if ($post_args['action'] == 'verify') {
 147                 // Real action
 148                 $header->pushContent(
 149                     $this->setaclPages($request, array_keys($p),
 150                                        $request->getArg('acl')));
 151             }
 152             if ($post_args['action'] == 'select') {
 153                 if (!empty($post_args['acl']))
 154                     $next_action = 'verify';
 155                 foreach ($p as $name => $c) {
 156                     $pages[$name] = 1;
 157                 }
 158             }
 159         }
 160         if ($next_action == 'select' and empty($pages)) {
 161             // List all pages to select from.
 162             $pages = $this->collectPages($pages, $dbi, $args['sortby'], $args['limit']);
 163         }
 164         if ($next_action == 'verify') {
 165             $args['info'] = "checkbox,pagename,perm,mtime,owner,author";
 166         }
 167         $pagelist = new PageList_Selectable($args['info'],
 168                                             $exclude,
 169                                             array('types' => array(
 170                                                   'perm'
 171                                                   => new _PageList_Column_perm('perm', _("Permission")),
 172                                                   'acl'
 173                                                   => new _PageList_Column_acl('acl', _("ACL")))));
 174
 175         $pagelist->addPageList($pages);
 176         if ($next_action == 'verify') {
 177             $button_label = _("Yes");
 178             $header = $this->setaclForm($header, $post_args, $pages);
 179             $header->pushContent(
 180               HTML::p(HTML::strong(
 181                   _("Are you sure you want to permanently change access to the selected files?"))));
 182         }
 183         else {
 184             $button_label = _("SetAcl");
 185             $header = $this->setaclForm($header, $post_args, $pages);
 186             $header->pushContent(HTML::p(_("Select the pages to change:")));
 187         }
 188
 189         $buttons = HTML::p(Button('submit:admin_setacl[acl]', $button_label, 'wikiadmin'),
 190                            Button('submit:admin_setacl[cancel]', _("Cancel"), 'button'));
 191
 192         return HTML::form(array('action' => $request->getPostURL(),
 193                                 'method' => 'post'),
 194                           $header,
 195                           $pagelist->getContent(),
 196                           HiddenInputs($request->getArgs(),
 197                                         false,
 198                                         array('admin_setacl')),
 199                           HiddenInputs(array('admin_setacl[action]' => $next_action)),
 200                           $buttons);
 201     }
 202
 203     function setaclForm(&$header, $post_args, $pagehash) {
 204         $acl = $post_args['acl'];
 205         //$header->pushContent(HTML::p(HTML::em(_("This plugin is currently under development and does not work!"))));
 206         //todo: find intersection of all page perms
 207         $pages = array();
 208         foreach ($pagehash as $name => $checked) {
 209            if ($checked) $pages[] = $name;
 210         }
 211         $perm_tree = pagePermissions($name);
 212         $table = pagePermissionsAclFormat($perm_tree,!empty($pages));
 213         $header->pushContent(HTML::p(fmt("Selected Pages: %s",join(', ',$pages))));
 214         if (DEBUG) {
 215             ;//$header->pushContent(HTML::pre("Permission tree for $name:\n",print_r($perm_tree,true)));
 216         }
 217         $type = $perm_tree[0];
 218         if ($type == 'inherited')
 219             $type = sprintf(_("page permission inherited from %s"),$perm_tree[1][0]);
 220         elseif ($type == 'page')
 221             $type = _("invidual page permission");
 222         elseif ($type == 'default')
 223             $type = _("default page permission");
 224         $header->pushContent(HTML::p(_("Type: "),$type));
 225         $header->pushContent(HTML::p(
 226                                      _("Description: Selected Grant checkboxes allow access, unselected checkboxes deny access."),
 227                                      _("To ignore delete the line."),
 228                                      _("To add check 'Add' near the dropdown list.")
 229                                      ));
 230         $header->pushContent(HTML::blockquote($table));
 231         //
 232         // display array of checkboxes for existing perms
 233         // and a dropdown for user/group to add perms.
 234         // disabled if inherited,
 235         // checkbox to disable inheritance,
 236         // another checkbox to progate new permissions to all childs (if there exist some)
 237         //Todo:
 238         // warn if more pages are selected and they have different perms
 239         //$header->pushContent(HTML::input(array('name' => 'admin_setacl[acl]',
 240         //                                       'value' => $post_args['acl'])));
 241         $header->pushContent(HTML::br());
 242         if (!empty($pages) and DEBUG) {
 243           $checkbox = HTML::input(array('type' => 'checkbox',
 244                                         'name' => 'admin_setacl[updatechildren]',
 245                                         'value' => 1));
 246           if (!empty($post_args['updatechildren']))  $checkbox->setAttr('checked','checked');
 247           $header->pushContent($checkbox,
 248                   _("Propagate new permissions to all subpages?"),
 249                   HTML::raw("&nbsp;&nbsp;"),
 250                   HTML::em(_("(disable individual page permissions, enable inheritance)?")),
 251                   HTML::em(_("(Currently not working)"))
 252                                );
 253         }
 254         $header->pushContent(HTML::hr(),HTML::p());
 255         return $header;
 256     }
 257 }
 258
 259 class _PageList_Column_acl extends _PageList_Column {
 260     function _getValue ($page_handle, &$revision_handle) {
 261         $perm_tree = pagePermissions($page_handle->_pagename);
 262         return pagePermissionsAclFormat($perm_tree);
 263         if (0) {
 264             ob_start();
 265             var_dump($perm_array);
 266             $xml = ob_get_contents();
 267             ob_end_clean();
 268             return $xml;
 269         }
 270     }
 271 };
 272
 273 class _PageList_Column_perm extends _PageList_Column {
 274     function _getValue ($page_handle, &$revision_handle) {
 275         $perm_array = pagePermissions($page_handle->_pagename);
 276         return pagePermissionsSimpleFormat($perm_array,
 277                                            $page_handle->get('author'),
 278                                            $page_handle->get('group'));
 279         if (0) {
 280             ob_start();
 281             var_dump($perm_array);
 282             $xml = ob_get_contents();
 283             ob_end_clean();
 284             return $xml;
 285         }
 286     }
 287 };
 288
 289 // $Log: not supported by cvs2svn $
 290 // Revision 1.9  2004/05/24 17:34:53  rurban
 291 // use ACLs
 292 //
 293 // Revision 1.8  2004/05/16 22:32:54  rurban
 294 // setacl icons
 295 //
 296 // Revision 1.7  2004/05/16 22:07:35  rurban
 297 // check more config-default and predefined constants
 298 // various PagePerm fixes:
 299 //   fix default PagePerms, esp. edit and view for Bogo and Password users
 300 //   implemented Creator and Owner
 301 //   BOGOUSERS renamed to BOGOUSER
 302 // fixed syntax errors in signin.tmpl
 303 //
 304 // Revision 1.5  2004/04/07 23:13:19  rurban
 305 // fixed pear/File_Passwd for Windows
 306 // fixed FilePassUser sessions (filehandle revive) and password update
 307 //
 308 // Revision 1.4  2004/03/17 20:23:44  rurban
 309 // fixed p[] pagehash passing from WikiAdminSelect, fixed problem removing pages with [] in the pagename
 310 //
 311 // Revision 1.3  2004/03/12 13:31:43  rurban
 312 // enforce PagePermissions, errormsg if not Admin
 313 //
 314 // Revision 1.2  2004/02/24 04:02:07  rurban
 315 // Better warning messages
 316 //
 317 // Revision 1.1  2004/02/23 21:30:25  rurban
 318 // more PagePerm stuff: (working against 1.4.0)
 319 //   ACL editing and simplification of ACL's to simple rwx------ string
 320 //   not yet working.
 321 //
 322 //
 323
 324 // Local Variables:
 325 // mode: php
 326 // tab-width: 8
 327 // c-basic-offset: 4
 328 // c-hanging-comment-ender-p: nil
 329 // indent-tabs-mode: nil
 330 // End:
 331 ?>