]> CyberLeo.Net >> Repos - SourceForge/phpwiki.git/blob - lib/plugin/WikiAdminSetAcl.php
Let's assume PHP >= 4.2
[SourceForge/phpwiki.git] / lib / plugin / WikiAdminSetAcl.php
1 <?php // -*-php-*-
2 // rcs_id('$Id$');
3 /*
4  * Copyright 2004 $ThePhpWikiProgrammingTeam
5  * Copyright 2009 Marc-Etienne Vargenau, Alcatel-Lucent
6  *
7  * This file is part of PhpWiki.
8  *
9  * PhpWiki is free software; you can redistribute it and/or modify
10  * it under the terms of the GNU General Public License as published by
11  * the Free Software Foundation; either version 2 of the License, or
12  * (at your option) any later version.
13  *
14  * PhpWiki is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License
20  * along with PhpWiki; if not, write to the Free Software
21  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
22  */
23
24 /**
25  * Set individual PagePermissions
26  *
27  * Usage:   <<WikiAdminSetAcl >> or called via WikiAdminSelect
28  * Author:  Reini Urban <rurban@x-ray.at>
29  *
30  * TODO: UI to add custom group/username.
31  * Currently it's easier to dump a page, fix it manually and
32  * import it, than use Setacl
33  */
34 require_once('lib/PageList.php');
35 require_once('lib/plugin/WikiAdminSelect.php');
36
37 class WikiPlugin_WikiAdminSetAcl
38 extends WikiPlugin_WikiAdminSelect
39 {
40     function getName() {
41         return _("WikiAdminSetAcl");
42     }
43
44     function getDescription() {
45         return _("Set individual page permissions.");
46     }
47
48     function getDefaultArguments() {
49         return array_merge
50             (
51              WikiPlugin_WikiAdminSelect::getDefaultArguments(),
52              array(
53                      'p'        => "[]",  // list of pages
54                      /* Columns to include in listing */
55                      'info'     => 'pagename,perm,mtime,owner,author',
56                      ));
57     }
58
59     function setaclPages(&$request, $pages, $acl) {
60         $result = HTML::div();
61         $count = 0;
62         $dbi =& $request->_dbi;
63         // check new_group and new_perm
64         if (isset($acl['_add_group'])) {
65             //add groups with perm
66             foreach ($acl['_add_group'] as $access => $dummy) {
67                 $group = $acl['_new_group'][$access];
68                 $acl[$access][$group] = isset($acl['_new_perm'][$access]) ? 1 : 0;
69             }
70             unset($acl['_add_group']);
71         }
72         unset($acl['_new_group']); unset($acl['_new_perm']);
73         if (isset($acl['_del_group'])) {
74             //del groups with perm
75             foreach ($acl['_del_group'] as $access => $del) {
76                 while (list($group,$dummy) = each($del))
77                     unset($acl[$access][$group]);
78             }
79             unset($acl['_del_group']);
80         }
81         if ($perm = new PagePermission($acl)) {
82             $perm->sanify();
83             foreach ($pages as $pagename) {
84                     // check if unchanged? we need a deep array_equal
85                     $page = $dbi->getPage($pagename);
86                     $oldperm = getPagePermissions($page);
87                 if ($oldperm)
88                     $oldperm->sanify();
89                     if ($oldperm and $perm->equal($oldperm->perm)) {
90                     $result->setAttr('class', 'error');
91                     $result->pushContent(HTML::p(fmt("ACL not changed for page '%s'.",$pagename)));
92                 } elseif (mayAccessPage('change', $pagename)) {
93                     setPagePermissions ($page, $perm);
94                     $result->setAttr('class', 'feedback');
95                     $result->pushContent(HTML::p(fmt("ACL changed for page '%s'",
96                                                      $pagename)));
97                     $result->pushContent(HTML::p(fmt("from '%s'",
98                                                      $oldperm ? $oldperm->asAclGroupLines() : "None")));
99                     $result->pushContent(HTML::p(fmt("to '%s'.",
100                                                      $perm->asAclGroupLines())));
101
102                     // Create new revision so that ACL change appears in history.
103                     $current = $page->getCurrentRevision();
104                     $version = $current->getVersion();
105                     $meta = $current->_data;
106                     $text = $current->getPackedContent();
107                     $meta['summary'] = sprintf(_("ACL changed for page '%s' from '%s' to '%s'."),
108                                                $pagename,
109                                                $oldperm ? $oldperm->asAclGroupLines() : "None",
110                                                $perm->asAclGroupLines());
111                     $meta['is_minor_edit'] = 1;
112                     $meta['author'] =  $request->_user->UserName();
113                     unset($meta['mtime']); // force new date
114                     $page->save($text, $version + 1, $meta);
115
116                     $count++;
117                 } else {
118                     $result->setAttr('class', 'error');
119                     $result->pushContent(HTML::p(fmt("Access denied to change page '%s'.",$pagename)));
120                 }
121             }
122         } else {
123             $result->pushContent(HTML::p(fmt("Invalid ACL")));
124         }
125         if ($count) {
126             $dbi->touch();
127             $result->setAttr('class', 'feedback');
128             if ($count > 1) {
129                 $result->pushContent(HTML::p(fmt("%s pages have been changed.",$count)));
130             }
131         } else {
132             $result->setAttr('class', 'error');
133             $result->pushContent(HTML::p(fmt("No pages changed.")));
134         }
135         return $result;
136     }
137
138     function run($dbi, $argstr, &$request, $basepage) {
139         //if (!DEBUG)
140         //    return $this->disabled("WikiAdminSetAcl not yet enabled. Set DEBUG to try it.");
141         if ($request->getArg('action') != 'browse')
142             if ($request->getArg('action') != _("PhpWikiAdministration/SetAcl"))
143                 return $this->disabled("(action != 'browse')");
144         if (!ENABLE_PAGEPERM)
145             return $this->disabled("ENABLE_PAGEPERM = false");
146
147         $args = $this->getArgs($argstr, $request);
148         $this->_args = $args;
149         $this->preSelectS($args, $request);
150
151         $p = $request->getArg('p');
152         $post_args = $request->getArg('admin_setacl');
153         $next_action = 'select';
154         $pages = array();
155         if ($p && !$request->isPost())
156             $pages = $p;
157         elseif ($this->_list)
158             $pages = $this->_list;
159         $header = HTML::fieldset();
160         if ($p && $request->isPost() &&
161             !empty($post_args['acl']) && empty($post_args['cancel'])) {
162             // without individual PagePermissions:
163             if (!ENABLE_PAGEPERM and !$request->_user->isAdmin()) {
164                 $request->_notAuthorized(WIKIAUTH_ADMIN);
165                 $this->disabled("! user->isAdmin");
166             }
167             if ($post_args['action'] == 'verify') {
168                 // Real action
169                 return $this->setaclPages($request, array_keys($p), $request->getArg('acl'));
170             }
171             if ($post_args['action'] == 'select') {
172                 if (!empty($post_args['acl']))
173                     $next_action = 'verify';
174                 foreach ($p as $name => $c) {
175                     $pages[$name] = 1;
176                 }
177             }
178         }
179         if ($next_action == 'select' and empty($pages)) {
180             // List all pages to select from.
181             $pages = $this->collectPages($pages, $dbi, $args['sortby'], $args['limit'], $args['exclude']);
182         }
183         if ($next_action == 'verify') {
184             $args['info'] = "checkbox,pagename,perm,mtime,owner,author";
185         }
186         $pagelist = new PageList_Selectable($args['info'],
187                                             $args['exclude'],
188                                             array('types' => array(
189                                                   'perm'
190                                                   => new _PageList_Column_perm('perm', _("Permission")),
191                                                   'acl'
192                                                   => new _PageList_Column_acl('acl', _("ACL")))));
193
194         $pagelist->addPageList($pages);
195         if ($next_action == 'verify') {
196             $button_label = _("Yes");
197             $header = $this->setaclForm($header, $post_args, $pages);
198             $header->pushContent(
199               HTML::p(HTML::strong(
200                   _("Are you sure you want to permanently change access rights to the selected files?"))));
201         }
202         else {
203             $button_label = _("Change Access Rights");
204             $header = $this->setaclForm($header, $post_args, $pages);
205             $header->pushContent(HTML::legend(_("Select the pages where to change access rights")));
206         }
207
208         $buttons = HTML::p(Button('submit:admin_setacl[acl]', $button_label, 'wikiadmin'),
209                            Button('submit:admin_setacl[cancel]', _("Cancel"), 'button'));
210         $header->pushContent($buttons);
211
212         return HTML::form(array('action' => $request->getPostURL(),
213                                 'method' => 'post'),
214                           $header,
215                           $pagelist->getContent(),
216                           HiddenInputs($request->getArgs(),
217                                         false,
218                                         array('admin_setacl')),
219                           HiddenInputs(array('admin_setacl[action]' => $next_action)),
220                           ENABLE_PAGEPERM
221                           ? ''
222                           : HiddenInputs(array('require_authority_for_post' => WIKIAUTH_ADMIN)));
223     }
224
225     function setaclForm(&$header, $post_args, $pagehash) {
226         $acl = $post_args['acl'];
227
228         //FIXME: find intersection of all pages perms, not just from the last pagename
229         $pages = array();
230         foreach ($pagehash as $name => $checked) {
231            if ($checked) $pages[] = $name;
232         }
233         $perm_tree = pagePermissions($name);
234         $table = pagePermissionsAclFormat($perm_tree, !empty($pages));
235         $header->pushContent(HTML::strong(_("Selected Pages: ")), HTML::tt(join(', ',$pages)), HTML::br());
236         $first_page = $GLOBALS['request']->_dbi->getPage($name);
237         $owner = $first_page->getOwner();
238         list($type, $perm) = pagePermissionsAcl($perm_tree[0], $perm_tree);
239         //if (DEBUG) $header->pushContent(HTML::pre("Permission tree for $name:\n",print_r($perm_tree,true)));
240         if ($type == 'inherited')
241             $type = sprintf(_("page permission inherited from %s"), $perm_tree[1][0]);
242         elseif ($type == 'page')
243             $type = _("individual page permission");
244         elseif ($type == 'default')
245             $type = _("default page permission");
246         $header->pushContent(HTML::strong(_("Type").': '), HTML::tt($type),HTML::br());
247         $header->pushContent(HTML::strong(_("ACL").': '), HTML::tt($perm->asAclGroupLines()),HTML::br());
248
249         $header->pushContent(HTML::p(HTML::strong(_("Description").': '),
250                                      _("Selected Grant checkboxes allow access, unselected checkboxes deny access."),
251                                      _("To ignore delete the line."),
252                                      _("To add check 'Add' near the dropdown list.")
253                                      ));
254         $header->pushContent($table);
255         //
256         // display array of checkboxes for existing perms
257         // and a dropdown for user/group to add perms.
258         // disabled if inherited,
259         // checkbox to disable inheritance,
260         // another checkbox to progate new permissions to all childs (if there exist some)
261         //Todo:
262         // warn if more pages are selected and they have different perms
263         //$header->pushContent(HTML::input(array('name' => 'admin_setacl[acl]',
264         //                                       'value' => $post_args['acl'])));
265         $header->pushContent(HTML::br());
266         if (!empty($pages) and defined('EXPERIMENTAL') and EXPERIMENTAL) {
267           $checkbox = HTML::input(array('type' => 'checkbox',
268                                         'name' => 'admin_setacl[updatechildren]',
269                                         'value' => 1));
270           if (!empty($post_args['updatechildren']))  $checkbox->setAttr('checked','checked');
271           $header->pushContent($checkbox,
272                     _("Propagate new permissions to all subpages?"),
273                   HTML::raw("&nbsp;&nbsp;"),
274                   HTML::em(_("(disable individual page permissions, enable inheritance)?")),
275                   HTML::br(),HTML::em(_("(Currently not working)"))
276                                );
277         }
278         $header->pushContent(HTML::hr());
279         return $header;
280     }
281 }
282
283 class _PageList_Column_acl extends _PageList_Column {
284     function _getValue ($page_handle, &$revision_handle) {
285         $perm_tree = pagePermissions($page_handle->_pagename);
286
287         list($type, $perm) = pagePermissionsAcl($perm_tree[0], $perm_tree);
288         if ($type == 'inherited') {
289             $type = sprintf(_("page permission inherited from %s"), $perm_tree[1][0]);
290         } elseif ($type == 'page') {
291             $type = _("individual page permission");
292         } elseif ($type == 'default') {
293             $type = _("default page permission");
294         }
295         $result = HTML::span();
296         $result->pushContent($type);
297         $result->pushContent(HTML::br());
298         $result->pushContent($perm->asAclGroupLines());
299         return $result;
300     }
301 };
302
303 class _PageList_Column_perm extends _PageList_Column {
304     function _getValue ($page_handle, &$revision_handle) {
305         $perm_array = pagePermissions($page_handle->_pagename);
306         return pagePermissionsSimpleFormat($perm_array,
307                                            $page_handle->get('author'),
308                                            $page_handle->get('group'));
309     }
310 };
311
312 // Local Variables:
313 // mode: php
314 // tab-width: 8
315 // c-basic-offset: 4
316 // c-hanging-comment-ender-p: nil
317 // indent-tabs-mode: nil
318 // End:
319 ?>