4 * Copyright 2004 $ThePhpWikiProgrammingTeam
5 * Copyright 2009 Marc-Etienne Vargenau, Alcatel-Lucent
7 * This file is part of PhpWiki.
9 * PhpWiki is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * PhpWiki is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License along
20 * with PhpWiki; if not, write to the Free Software Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25 * Set individual PagePermissions
27 * Usage: <<WikiAdminSetAcl >> or called via WikiAdminSelect
28 * Author: Reini Urban <rurban@x-ray.at>
30 * TODO: UI to add custom group/username.
31 * Currently it's easier to dump a page, fix it manually and
32 * import it, than use Setacl
34 require_once 'lib/PageList.php';
35 require_once 'lib/plugin/WikiAdminSelect.php';
37 class WikiPlugin_WikiAdminSetAcl
38 extends WikiPlugin_WikiAdminSelect
40 function getDescription()
42 return _("Set individual page permissions.");
45 function getDefaultArguments()
49 WikiPlugin_WikiAdminSelect::getDefaultArguments(),
51 'p' => "[]", // list of pages
52 /* Columns to include in listing */
53 'info' => 'pagename,perm,mtime,owner,author',
57 function setaclPages(&$request, $pages, $acl)
59 $result = HTML::div();
61 $dbi =& $request->_dbi;
62 // check new_group and new_perm
63 if (isset($acl['_add_group'])) {
64 //add groups with perm
65 foreach ($acl['_add_group'] as $access => $dummy) {
66 $group = $acl['_new_group'][$access];
67 $acl[$access][$group] = isset($acl['_new_perm'][$access]) ? 1 : 0;
69 unset($acl['_add_group']);
71 unset($acl['_new_group']);
72 unset($acl['_new_perm']);
73 if (isset($acl['_del_group'])) {
74 //del groups with perm
75 foreach ($acl['_del_group'] as $access => $del) {
76 while (list($group, $dummy) = each($del))
77 unset($acl[$access][$group]);
79 unset($acl['_del_group']);
81 if ($perm = new PagePermission($acl)) {
83 foreach ($pages as $pagename) {
84 // check if unchanged? we need a deep array_equal
85 $page = $dbi->getPage($pagename);
86 $oldperm = getPagePermissions($page);
89 if ($oldperm and $perm->equal($oldperm->perm)) {
90 $result->setAttr('class', 'error');
91 $result->pushContent(HTML::p(fmt("ACL not changed for page “%s”.", $pagename)));
92 } elseif (mayAccessPage('change', $pagename)) {
93 setPagePermissions($page, $perm);
94 $result->setAttr('class', 'feedback');
95 $result->pushContent(HTML::p(fmt("ACL changed for page “%s”",
97 $result->pushContent(HTML::p(fmt("from “%s”",
98 $oldperm ? $oldperm->asAclLines() : "None")));
99 $result->pushContent(HTML::p(fmt("to “%s”.",
100 $perm->asAclLines())));
102 // Create new revision so that ACL change appears in history.
103 $current = $page->getCurrentRevision();
104 $version = $current->getVersion();
105 $meta = $current->_data;
106 $text = $current->getPackedContent();
107 $meta['summary'] = sprintf(_("ACL changed for page “%s” from “%s” to “%s”."),
109 $oldperm ? $oldperm->asAclLines() : "None",
110 $perm->asAclLines());
111 $meta['is_minor_edit'] = 1;
112 $meta['author'] = $request->_user->UserName();
113 unset($meta['mtime']); // force new date
114 $page->save($text, $version + 1, $meta);
118 $result->setAttr('class', 'error');
119 $result->pushContent(HTML::p(fmt("Access denied to change page “%s”.", $pagename)));
123 $result->pushContent(HTML::p(_("Invalid ACL")));
127 $result->setAttr('class', 'feedback');
129 $result->pushContent(HTML::p(fmt("%d pages have been changed.", $count)));
132 $result->setAttr('class', 'error');
133 $result->pushContent(HTML::p(_("No pages changed.")));
138 function run($dbi, $argstr, &$request, $basepage)
140 if ($request->getArg('action') != 'browse') {
141 if ($request->getArg('action') != __("PhpWikiAdministration")."/".__("SetAcl")) {
142 return $this->disabled(_("Plugin not run: not in browse mode"));
145 if (!ENABLE_PAGEPERM) {
146 return $this->disabled("ENABLE_PAGEPERM = false");
149 $args = $this->getArgs($argstr, $request);
150 $this->_args = $args;
151 $this->preSelectS($args, $request);
153 $p = $request->getArg('p');
154 $post_args = $request->getArg('admin_setacl');
155 $next_action = 'select';
157 if ($p && !$request->isPost())
159 elseif ($this->_list)
160 $pages = $this->_list;
161 $header = HTML::fieldset();
162 if ($p && $request->isPost() &&
163 !empty($post_args['acl']) && empty($post_args['cancel'])
165 // without individual PagePermissions:
166 if (!ENABLE_PAGEPERM and !$request->_user->isAdmin()) {
167 $request->_notAuthorized(WIKIAUTH_ADMIN);
168 $this->disabled("! user->isAdmin");
170 if ($post_args['action'] == 'verify') {
172 return $this->setaclPages($request, array_keys($p), $request->getArg('acl'));
174 if ($post_args['action'] == 'select') {
175 if (!empty($post_args['acl']))
176 $next_action = 'verify';
177 foreach ($p as $name => $c) {
182 if ($next_action == 'select' and empty($pages)) {
183 // List all pages to select from.
184 $pages = $this->collectPages($pages, $dbi, $args['sortby'], $args['limit'], $args['exclude']);
186 if ($next_action == 'verify') {
187 $args['info'] = "checkbox,pagename,perm,mtime,owner,author";
189 $pagelist = new PageList_Selectable($args['info'],
191 array('types' => array(
193 => new _PageList_Column_perm('perm', _("Permission")),
195 => new _PageList_Column_acl('acl', _("ACL")))));
197 $pagelist->addPageList($pages);
198 if ($next_action == 'verify') {
199 $button_label = _("Yes");
200 $header = $this->setaclForm($header, $post_args, $pages);
201 $header->pushContent(
202 HTML::p(HTML::strong(
203 _("Are you sure you want to permanently change access rights to the selected files?"))));
205 $button_label = _("Change Access Rights");
206 $header = $this->setaclForm($header, $post_args, $pages);
207 $header->pushContent(HTML::legend(_("Select the pages where to change access rights")));
210 $buttons = HTML::p(Button('submit:admin_setacl[acl]', $button_label, 'wikiadmin'),
211 Button('submit:admin_setacl[cancel]', _("Cancel"), 'button'));
212 $header->pushContent($buttons);
214 return HTML::form(array('action' => $request->getPostURL(),
217 $pagelist->getContent(),
218 HiddenInputs($request->getArgs(),
220 array('admin_setacl')),
221 HiddenInputs(array('admin_setacl[action]' => $next_action)),
224 : HiddenInputs(array('require_authority_for_post' => WIKIAUTH_ADMIN)));
227 function setaclForm(&$header, $post_args, $pagehash)
229 $acl = $post_args['acl'];
231 //FIXME: find intersection of all pages perms, not just from the last pagename
233 foreach ($pagehash as $name => $checked) {
234 if ($checked) $pages[] = $name;
236 $perm_tree = pagePermissions($name);
237 $table = pagePermissionsAclFormat($perm_tree, !empty($pages));
238 $header->pushContent(HTML::strong(_("Selected Pages: ")), HTML::tt(join(', ', $pages)), HTML::br());
239 $first_page = $GLOBALS['request']->_dbi->getPage($name);
240 $owner = $first_page->getOwner();
241 list($type, $perm) = pagePermissionsAcl($perm_tree[0], $perm_tree);
242 //if (DEBUG) $header->pushContent(HTML::pre("Permission tree for $name:\n",print_r($perm_tree,true)));
243 if ($type == 'inherited')
244 $type = sprintf(_("page permission inherited from %s"), $perm_tree[1][0]);
245 elseif ($type == 'page')
246 $type = _("individual page permission"); elseif ($type == 'default')
247 $type = _("default page permission");
248 $header->pushContent(HTML::strong(_("Type") . _(": ")), HTML::tt($type), HTML::br());
249 $header->pushContent(HTML::strong(_("ACL") . _(": ")), HTML::tt($perm->asAclLines()), HTML::br());
251 $header->pushContent(HTML::p(HTML::strong(_("Description") . _(": ")),
252 _("Selected Grant checkboxes allow access, unselected checkboxes deny access."),
253 _("To ignore delete the line."),
254 _("To add check 'Add' near the dropdown list.")
256 $header->pushContent($table);
258 // display array of checkboxes for existing perms
259 // and a dropdown for user/group to add perms.
260 // disabled if inherited,
261 // checkbox to disable inheritance,
262 // another checkbox to progate new permissions to all childs (if there exist some)
264 // warn if more pages are selected and they have different perms
265 //$header->pushContent(HTML::input(array('name' => 'admin_setacl[acl]',
266 // 'value' => $post_args['acl'])));
267 $header->pushContent(HTML::br());
268 if (!empty($pages) and defined('EXPERIMENTAL') and EXPERIMENTAL) {
269 $checkbox = HTML::input(array('type' => 'checkbox',
270 'name' => 'admin_setacl[updatechildren]',
272 if (!empty($post_args['updatechildren'])) $checkbox->setAttr('checked', 'checked');
273 $header->pushContent($checkbox,
274 _("Propagate new permissions to all subpages?"),
275 HTML::raw(" "),
276 HTML::em(_("(disable individual page permissions, enable inheritance)?")),
277 HTML::br(), HTML::em(_("(Currently not working)"))
280 $header->pushContent(HTML::hr());
289 // c-hanging-comment-ender-p: nil
290 // indent-tabs-mode: nil