lib/plugin/WikiAdminSetAcl.php

   1 <?php
   2
   3 /*
   4  * Copyright 2004 $ThePhpWikiProgrammingTeam
   5  * Copyright 2009 Marc-Etienne Vargenau, Alcatel-Lucent
   6  *
   7  * This file is part of PhpWiki.
   8  *
   9  * PhpWiki is free software; you can redistribute it and/or modify
  10  * it under the terms of the GNU General Public License as published by
  11  * the Free Software Foundation; either version 2 of the License, or
  12  * (at your option) any later version.
  13  *
  14  * PhpWiki is distributed in the hope that it will be useful,
  15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17  * GNU General Public License for more details.
  18  *
  19  * You should have received a copy of the GNU General Public License along
  20  * with PhpWiki; if not, write to the Free Software Foundation, Inc.,
  21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  22  */
  23
  24 /**
  25  * Set individual PagePermissions
  26  *
  27  * Usage:   <<WikiAdminSetAcl >> or called via WikiAdminSelect
  28  * Author:  Reini Urban <rurban@x-ray.at>
  29  *
  30  * TODO: UI to add custom group/username.
  31  * Currently it's easier to dump a page, fix it manually and
  32  * import it, than use Setacl
  33  */
  34 require_once 'lib/PageList.php';
  35 require_once 'lib/plugin/WikiAdminSelect.php';
  36
  37 class WikiPlugin_WikiAdminSetAcl
  38     extends WikiPlugin_WikiAdminSelect
  39 {
  40     function getName()
  41     {
  42         return _("WikiAdminSetAcl");
  43     }
  44
  45     function getDescription()
  46     {
  47         return _("Set individual page permissions.");
  48     }
  49
  50     function getDefaultArguments()
  51     {
  52         return array_merge
  53         (
  54             WikiPlugin_WikiAdminSelect::getDefaultArguments(),
  55             array(
  56                 'p' => "[]", // list of pages
  57                 /* Columns to include in listing */
  58                 'info' => 'pagename,perm,mtime,owner,author',
  59             ));
  60     }
  61
  62     function setaclPages(&$request, $pages, $acl)
  63     {
  64         $result = HTML::div();
  65         $count = 0;
  66         $dbi =& $request->_dbi;
  67         // check new_group and new_perm
  68         if (isset($acl['_add_group'])) {
  69             //add groups with perm
  70             foreach ($acl['_add_group'] as $access => $dummy) {
  71                 $group = $acl['_new_group'][$access];
  72                 $acl[$access][$group] = isset($acl['_new_perm'][$access]) ? 1 : 0;
  73             }
  74             unset($acl['_add_group']);
  75         }
  76         unset($acl['_new_group']);
  77         unset($acl['_new_perm']);
  78         if (isset($acl['_del_group'])) {
  79             //del groups with perm
  80             foreach ($acl['_del_group'] as $access => $del) {
  81                 while (list($group, $dummy) = each($del))
  82                     unset($acl[$access][$group]);
  83             }
  84             unset($acl['_del_group']);
  85         }
  86         if ($perm = new PagePermission($acl)) {
  87             $perm->sanify();
  88             foreach ($pages as $pagename) {
  89                 // check if unchanged? we need a deep array_equal
  90                 $page = $dbi->getPage($pagename);
  91                 $oldperm = getPagePermissions($page);
  92                 if ($oldperm)
  93                     $oldperm->sanify();
  94                 if ($oldperm and $perm->equal($oldperm->perm)) {
  95                     $result->setAttr('class', 'error');
  96                     $result->pushContent(HTML::p(fmt("ACL not changed for page “%s”.", $pagename)));
  97                 } elseif (mayAccessPage('change', $pagename)) {
  98                     setPagePermissions($page, $perm);
  99                     $result->setAttr('class', 'feedback');
 100                     $result->pushContent(HTML::p(fmt("ACL changed for page “%s”",
 101                         $pagename)));
 102                     $result->pushContent(HTML::p(fmt("from “%s”",
 103                         $oldperm ? $oldperm->asAclLines() : "None")));
 104                     $result->pushContent(HTML::p(fmt("to “%s”.",
 105                         $perm->asAclLines())));
 106
 107                     // Create new revision so that ACL change appears in history.
 108                     $current = $page->getCurrentRevision();
 109                     $version = $current->getVersion();
 110                     $meta = $current->_data;
 111                     $text = $current->getPackedContent();
 112                     $meta['summary'] = sprintf(_("ACL changed for page “%s” from “%s” to “%s”."),
 113                         $pagename,
 114                         $oldperm ? $oldperm->asAclLines() : "None",
 115                         $perm->asAclLines());
 116                     $meta['is_minor_edit'] = 1;
 117                     $meta['author'] = $request->_user->UserName();
 118                     unset($meta['mtime']); // force new date
 119                     $page->save($text, $version + 1, $meta);
 120
 121                     $count++;
 122                 } else {
 123                     $result->setAttr('class', 'error');
 124                     $result->pushContent(HTML::p(fmt("Access denied to change page “%s”.", $pagename)));
 125                 }
 126             }
 127         } else {
 128             $result->pushContent(HTML::p(_("Invalid ACL")));
 129         }
 130         if ($count) {
 131             $dbi->touch();
 132             $result->setAttr('class', 'feedback');
 133             if ($count > 1) {
 134                 $result->pushContent(HTML::p(fmt("%d pages have been changed.", $count)));
 135             }
 136         } else {
 137             $result->setAttr('class', 'error');
 138             $result->pushContent(HTML::p(_("No pages changed.")));
 139         }
 140         return $result;
 141     }
 142
 143     function run($dbi, $argstr, &$request, $basepage)
 144     {
 145         if ($request->getArg('action') != 'browse') {
 146             if ($request->getArg('action') != _("PhpWikiAdministration/SetAcl")) {
 147                 return $this->disabled(_("Plugin not run: not in browse mode"));
 148             }
 149         }
 150         if (!ENABLE_PAGEPERM) {
 151             return $this->disabled("ENABLE_PAGEPERM = false");
 152         }
 153
 154         $args = $this->getArgs($argstr, $request);
 155         $this->_args = $args;
 156         $this->preSelectS($args, $request);
 157
 158         $p = $request->getArg('p');
 159         $post_args = $request->getArg('admin_setacl');
 160         $next_action = 'select';
 161         $pages = array();
 162         if ($p && !$request->isPost())
 163             $pages = $p;
 164         elseif ($this->_list)
 165             $pages = $this->_list;
 166         $header = HTML::fieldset();
 167         if ($p && $request->isPost() &&
 168             !empty($post_args['acl']) && empty($post_args['cancel'])
 169         ) {
 170             // without individual PagePermissions:
 171             if (!ENABLE_PAGEPERM and !$request->_user->isAdmin()) {
 172                 $request->_notAuthorized(WIKIAUTH_ADMIN);
 173                 $this->disabled("! user->isAdmin");
 174             }
 175             if ($post_args['action'] == 'verify') {
 176                 // Real action
 177                 return $this->setaclPages($request, array_keys($p), $request->getArg('acl'));
 178             }
 179             if ($post_args['action'] == 'select') {
 180                 if (!empty($post_args['acl']))
 181                     $next_action = 'verify';
 182                 foreach ($p as $name => $c) {
 183                     $pages[$name] = 1;
 184                 }
 185             }
 186         }
 187         if ($next_action == 'select' and empty($pages)) {
 188             // List all pages to select from.
 189             $pages = $this->collectPages($pages, $dbi, $args['sortby'], $args['limit'], $args['exclude']);
 190         }
 191         if ($next_action == 'verify') {
 192             $args['info'] = "checkbox,pagename,perm,mtime,owner,author";
 193         }
 194         $pagelist = new PageList_Selectable($args['info'],
 195             $args['exclude'],
 196             array('types' => array(
 197                 'perm'
 198                 => new _PageList_Column_perm('perm', _("Permission")),
 199                 'acl'
 200                 => new _PageList_Column_acl('acl', _("ACL")))));
 201
 202         $pagelist->addPageList($pages);
 203         if ($next_action == 'verify') {
 204             $button_label = _("Yes");
 205             $header = $this->setaclForm($header, $post_args, $pages);
 206             $header->pushContent(
 207                 HTML::p(HTML::strong(
 208                     _("Are you sure you want to permanently change access rights to the selected files?"))));
 209         } else {
 210             $button_label = _("Change Access Rights");
 211             $header = $this->setaclForm($header, $post_args, $pages);
 212             $header->pushContent(HTML::legend(_("Select the pages where to change access rights")));
 213         }
 214
 215         $buttons = HTML::p(Button('submit:admin_setacl[acl]', $button_label, 'wikiadmin'),
 216             Button('submit:admin_setacl[cancel]', _("Cancel"), 'button'));
 217         $header->pushContent($buttons);
 218
 219         return HTML::form(array('action' => $request->getPostURL(),
 220                 'method' => 'post'),
 221             $header,
 222             $pagelist->getContent(),
 223             HiddenInputs($request->getArgs(),
 224                 false,
 225                 array('admin_setacl')),
 226             HiddenInputs(array('admin_setacl[action]' => $next_action)),
 227             ENABLE_PAGEPERM
 228                 ? ''
 229                 : HiddenInputs(array('require_authority_for_post' => WIKIAUTH_ADMIN)));
 230     }
 231
 232     function setaclForm(&$header, $post_args, $pagehash)
 233     {
 234         $acl = $post_args['acl'];
 235
 236         //FIXME: find intersection of all pages perms, not just from the last pagename
 237         $pages = array();
 238         foreach ($pagehash as $name => $checked) {
 239             if ($checked) $pages[] = $name;
 240         }
 241         $perm_tree = pagePermissions($name);
 242         $table = pagePermissionsAclFormat($perm_tree, !empty($pages));
 243         $header->pushContent(HTML::strong(_("Selected Pages: ")), HTML::tt(join(', ', $pages)), HTML::br());
 244         $first_page = $GLOBALS['request']->_dbi->getPage($name);
 245         $owner = $first_page->getOwner();
 246         list($type, $perm) = pagePermissionsAcl($perm_tree[0], $perm_tree);
 247         //if (DEBUG) $header->pushContent(HTML::pre("Permission tree for $name:\n",print_r($perm_tree,true)));
 248         if ($type == 'inherited')
 249             $type = sprintf(_("page permission inherited from %s"), $perm_tree[1][0]);
 250         elseif ($type == 'page')
 251             $type = _("individual page permission"); elseif ($type == 'default')
 252             $type = _("default page permission");
 253         $header->pushContent(HTML::strong(_("Type") . _(": ")), HTML::tt($type), HTML::br());
 254         $header->pushContent(HTML::strong(_("ACL") . _(": ")), HTML::tt($perm->asAclLines()), HTML::br());
 255
 256         $header->pushContent(HTML::p(HTML::strong(_("Description") . _(": ")),
 257             _("Selected Grant checkboxes allow access, unselected checkboxes deny access."),
 258             _("To ignore delete the line."),
 259             _("To add check 'Add' near the dropdown list.")
 260         ));
 261         $header->pushContent($table);
 262         //
 263         // display array of checkboxes for existing perms
 264         // and a dropdown for user/group to add perms.
 265         // disabled if inherited,
 266         // checkbox to disable inheritance,
 267         // another checkbox to progate new permissions to all childs (if there exist some)
 268         //Todo:
 269         // warn if more pages are selected and they have different perms
 270         //$header->pushContent(HTML::input(array('name' => 'admin_setacl[acl]',
 271         //                                       'value' => $post_args['acl'])));
 272         $header->pushContent(HTML::br());
 273         if (!empty($pages) and defined('EXPERIMENTAL') and EXPERIMENTAL) {
 274             $checkbox = HTML::input(array('type' => 'checkbox',
 275                 'name' => 'admin_setacl[updatechildren]',
 276                 'value' => 1));
 277             if (!empty($post_args['updatechildren'])) $checkbox->setAttr('checked', 'checked');
 278             $header->pushContent($checkbox,
 279                 _("Propagate new permissions to all subpages?"),
 280                 HTML::raw("&nbsp;&nbsp;"),
 281                 HTML::em(_("(disable individual page permissions, enable inheritance)?")),
 282                 HTML::br(), HTML::em(_("(Currently not working)"))
 283             );
 284         }
 285         $header->pushContent(HTML::hr());
 286         return $header;
 287     }
 288 }
 289
 290 // Local Variables:
 291 // mode: php
 292 // tab-width: 8
 293 // c-basic-offset: 4
 294 // c-hanging-comment-ender-p: nil
 295 // indent-tabs-mode: nil
 296 // End: