lib/plugin/WikiAdminSetAcl.php

   1 <?php // -*-php-*-
   2 rcs_id('$Id$');
   3 /*
   4  Copyright 2004 $ThePhpWikiProgrammingTeam
   5
   6  This file is part of PhpWiki.
   7
   8  PhpWiki is free software; you can redistribute it and/or modify
   9  it under the terms of the GNU General Public License as published by
  10  the Free Software Foundation; either version 2 of the License, or
  11  (at your option) any later version.
  12
  13  PhpWiki is distributed in the hope that it will be useful,
  14  but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16  GNU General Public License for more details.
  17
  18  You should have received a copy of the GNU General Public License
  19  along with PhpWiki; if not, write to the Free Software
  20  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  21  */
  22
  23 /**
  24  * Set individual PagePermissions
  25  *
  26  * Usage:   <?plugin WikiAdminSetAcl ?> or called via WikiAdminSelect
  27  * Author:  Reini Urban <rurban@x-ray.at>
  28  *
  29  * KNOWN ISSUES:
  30  * Requires PHP 4.2 so far.
  31  *
  32  * TODO: UI to add custom group/username.
  33  * Currently it's easier to dump a page, fix it manually and
  34  * import it, than use Setacl
  35  */
  36 require_once('lib/PageList.php');
  37 require_once('lib/plugin/WikiAdminSelect.php');
  38
  39 class WikiPlugin_WikiAdminSetAcl
  40 extends WikiPlugin_WikiAdminSelect
  41 {
  42     function getName() {
  43         return _("WikiAdminSetAcl");
  44     }
  45
  46     function getDescription() {
  47         return _("Set individual page permissions.");
  48     }
  49
  50     function getVersion() {
  51         return preg_replace("/[Revision: $]/", '',
  52                             "\$Revision$");
  53     }
  54
  55     function getDefaultArguments() {
  56         return array_merge
  57             (
  58              PageList::supportedArgs(),
  59              array(
  60                      'p'        => "[]",  // list of pages
  61                      's'        => false, /* select by pagename */
  62                      /* Columns to include in listing */
  63                      'info'     => 'pagename,perm,mtime,owner,author',
  64                      ));
  65     }
  66
  67     function setaclPages(&$request, $pages, $acl) {
  68         $result = HTML::div();
  69         $count = 0;
  70         $dbi =& $request->_dbi;
  71         // check new_group and new_perm
  72         if (isset($acl['_add_group'])) {
  73             //add groups with perm
  74             foreach ($acl['_add_group'] as $access => $dummy) {
  75                 $group = $acl['_new_group'][$access];
  76                 $acl[$access][$group] = isset($acl['_new_perm'][$access]) ? 1 : 0;
  77             }
  78             unset($acl['_add_group']);
  79         }
  80         unset($acl['_new_group']); unset($acl['_new_perm']);
  81         if (isset($acl['_del_group'])) {
  82             //del groups with perm
  83             foreach ($acl['_del_group'] as $access => $del) {
  84                 while (list($group,$dummy) = each($del))
  85                     unset($acl[$access][$group]);
  86             }
  87             unset($acl['_del_group']);
  88         }
  89         if ($perm = new PagePermission($acl)) {
  90             $perm->sanify();
  91             foreach ($pages as $pagename) {
  92                 // check if unchanged? we need a deep array_equal
  93                 $page = $dbi->getPage($pagename);
  94                 $oldperm = getPagePermissions($page);
  95                 if ($oldperm)
  96                     $oldperm->sanify();
  97                 if ($oldperm and $perm->equal($oldperm->perm)) {
  98                     $result->setAttr('class', 'error');
  99                     $result->pushContent(HTML::p(fmt("ACL not changed for page '%s'.",$pagename)));
 100                 } elseif (mayAccessPage('change', $pagename)) {
 101                     setPagePermissions ($page, $perm);
 102                     $result->setAttr('class', 'feedback');
 103                     $result->pushContent(HTML::p(fmt("ACL changed for page '%s'",
 104                                                      $pagename)));
 105                     $result->pushContent(HTML::p(fmt("from '%s'",
 106                                                      $oldperm ? $oldperm->asAclGroupLines() : "None")));
 107                     $result->pushContent(HTML::p(fmt("to '%s'.",
 108                                                      $perm->asAclGroupLines())));
 109
 110                     // Create new revision so that ACL change appears in history.
 111                     $current = $page->getCurrentRevision();
 112                     $version = $current->getVersion();
 113                     $meta = $current->_data;
 114                     $text = $current->getPackedContent();
 115                     $meta['summary'] = sprintf(_("ACL changed for page '%s' from '%s' to '%s'."),
 116                                                $pagename,
 117                                                $oldperm ? $oldperm->asAclGroupLines() : "None",
 118                                                $perm->asAclGroupLines());
 119                     $meta['is_minor_edit'] = 0;
 120                     $meta['author'] =  $request->_user->UserName();
 121                     unset($meta['mtime']); // force new date
 122                     $page->save($text, $version + 1, $meta);
 123
 124                     $count++;
 125                 } else {
 126                     $result->setAttr('class', 'error');
 127                     $result->pushContent(HTML::p(fmt("Access denied to change page '%s'.",$pagename)));
 128                 }
 129             }
 130         } else {
 131             $result->pushContent(HTML::p(fmt("Invalid ACL")));
 132         }
 133         if ($count) {
 134             $dbi->touch();
 135             $result->setAttr('class', 'feedback');
 136             if ($count > 1) {
 137                 $result->pushContent(HTML::p(fmt("%s pages have been changed.",$count)));
 138             }
 139         } else {
 140             $result->setAttr('class', 'error');
 141             $result->pushContent(HTML::p(fmt("No pages changed.")));
 142         }
 143         return $result;
 144     }
 145
 146     function run($dbi, $argstr, &$request, $basepage) {
 147         //if (!DEBUG)
 148         //    return $this->disabled("WikiAdminSetAcl not yet enabled. Set DEBUG to try it.");
 149         if ($request->getArg('action') != 'browse')
 150             if ($request->getArg('action') != _("PhpWikiAdministration/SetAcl"))
 151                 return $this->disabled("(action != 'browse')");
 152         if (!ENABLE_PAGEPERM)
 153             return $this->disabled("ENABLE_PAGEPERM = false");
 154
 155         $args = $this->getArgs($argstr, $request);
 156         $this->_args = $args;
 157         $this->preSelectS($args, $request);
 158
 159         $p = $request->getArg('p');
 160         $post_args = $request->getArg('admin_setacl');
 161         $next_action = 'select';
 162         $pages = array();
 163         if ($p && !$request->isPost())
 164             $pages = $p;
 165         elseif ($this->_list)
 166             $pages = $this->_list;
 167         $header = HTML::div();
 168         if ($p && $request->isPost() &&
 169             !empty($post_args['acl']) && empty($post_args['cancel'])) {
 170             // without individual PagePermissions:
 171             if (!ENABLE_PAGEPERM and !$request->_user->isAdmin()) {
 172                 $request->_notAuthorized(WIKIAUTH_ADMIN);
 173                 $this->disabled("! user->isAdmin");
 174             }
 175             if ($post_args['action'] == 'verify') {
 176                 // Real action
 177                 $header->pushContent(
 178                     $this->setaclPages($request, array_keys($p),
 179                                        $request->getArg('acl')));
 180             }
 181             if ($post_args['action'] == 'select') {
 182                 if (!empty($post_args['acl']))
 183                     $next_action = 'verify';
 184                 foreach ($p as $name => $c) {
 185                     $pages[$name] = 1;
 186                 }
 187             }
 188         }
 189         if ($next_action == 'select' and empty($pages)) {
 190             // List all pages to select from.
 191             $pages = $this->collectPages($pages, $dbi, $args['sortby'], $args['limit'], $args['exclude']);
 192         }
 193         if ($next_action == 'verify') {
 194             $args['info'] = "checkbox,pagename,perm,mtime,owner,author";
 195         }
 196         $pagelist = new PageList_Selectable($args['info'],
 197                                             $args['exclude'],
 198                                             array('types' => array(
 199                                                   'perm'
 200                                                   => new _PageList_Column_perm('perm', _("Permission")),
 201                                                   'acl'
 202                                                   => new _PageList_Column_acl('acl', _("ACL")))));
 203
 204         $pagelist->addPageList($pages);
 205         if ($next_action == 'verify') {
 206             $button_label = _("Yes");
 207             $header = $this->setaclForm($header, $post_args, $pages);
 208             $header->pushContent(
 209               HTML::p(HTML::strong(
 210                   _("Are you sure you want to permanently change access to the selected files?"))));
 211         }
 212         else {
 213             $button_label = _("SetAcl");
 214             $header = $this->setaclForm($header, $post_args, $pages);
 215             $header->pushContent(HTML::p(_("Select the pages to change:")));
 216         }
 217
 218         $buttons = HTML::p(Button('submit:admin_setacl[acl]', $button_label, 'wikiadmin'),
 219                            Button('submit:admin_setacl[cancel]', _("Cancel"), 'button'));
 220
 221         return HTML::form(array('action' => $request->getPostURL(),
 222                                 'method' => 'post'),
 223                           $header,
 224                           $buttons,
 225                           $pagelist->getContent(),
 226                           HiddenInputs($request->getArgs(),
 227                                         false,
 228                                         array('admin_setacl')),
 229                           HiddenInputs(array('admin_setacl[action]' => $next_action)),
 230                           ENABLE_PAGEPERM
 231                           ? ''
 232                           : HiddenInputs(array('require_authority_for_post' => WIKIAUTH_ADMIN)));
 233     }
 234
 235     function setaclForm(&$header, $post_args, $pagehash) {
 236         $acl = $post_args['acl'];
 237
 238         //FIXME: find intersection of all pages perms, not just from the last pagename
 239         $pages = array();
 240         foreach ($pagehash as $name => $checked) {
 241            if ($checked) $pages[] = $name;
 242         }
 243         $perm_tree = pagePermissions($name);
 244         $table = pagePermissionsAclFormat($perm_tree, !empty($pages));
 245         $header->pushContent(HTML::strong(_("Selected Pages: ")), HTML::tt(join(', ',$pages)), HTML::br());
 246         $first_page = $GLOBALS['request']->_dbi->getPage($name);
 247         $owner = $first_page->getOwner();
 248         list($type, $perm) = pagePermissionsAcl($perm_tree[0], $perm_tree);
 249         //if (DEBUG) $header->pushContent(HTML::pre("Permission tree for $name:\n",print_r($perm_tree,true)));
 250         if ($type == 'inherited')
 251             $type = sprintf(_("page permission inherited from %s"), $perm_tree[1][0]);
 252         elseif ($type == 'page')
 253             $type = _("individual page permission");
 254         elseif ($type == 'default')
 255             $type = _("default page permission");
 256         $header->pushContent(HTML::strong(_("Type").': '), HTML::tt($type),HTML::br());
 257         $header->pushContent(HTML::strong(_("ACL").': '), HTML::tt($perm->asAclGroupLines()),HTML::br());
 258
 259         $header->pushContent(HTML::p(HTML::strong(_("Description").': '),
 260                                      _("Selected Grant checkboxes allow access, unselected checkboxes deny access."),
 261                                      _("To ignore delete the line."),
 262                                      _("To add check 'Add' near the dropdown list.")
 263                                      ));
 264         $header->pushContent($table);
 265         //
 266         // display array of checkboxes for existing perms
 267         // and a dropdown for user/group to add perms.
 268         // disabled if inherited,
 269         // checkbox to disable inheritance,
 270         // another checkbox to progate new permissions to all childs (if there exist some)
 271         //Todo:
 272         // warn if more pages are selected and they have different perms
 273         //$header->pushContent(HTML::input(array('name' => 'admin_setacl[acl]',
 274         //                                       'value' => $post_args['acl'])));
 275         $header->pushContent(HTML::br());
 276         if (!empty($pages) and DEBUG) {
 277           $checkbox = HTML::input(array('type' => 'checkbox',
 278                                         'name' => 'admin_setacl[updatechildren]',
 279                                         'value' => 1));
 280           if (!empty($post_args['updatechildren']))  $checkbox->setAttr('checked','checked');
 281           $header->pushContent($checkbox,
 282                   _("Propagate new permissions to all subpages?"),
 283                   HTML::raw("&nbsp;&nbsp;"),
 284                   HTML::em(_("(disable individual page permissions, enable inheritance)?")),
 285                   HTML::br(),HTML::em(_("(Currently not working)"))
 286                                );
 287         }
 288         $header->pushContent(HTML::hr());
 289         return $header;
 290     }
 291 }
 292
 293 class _PageList_Column_acl extends _PageList_Column {
 294     function _getValue ($page_handle, &$revision_handle) {
 295         $perm_tree = pagePermissions($page_handle->_pagename);
 296
 297         list($type, $perm) = pagePermissionsAcl($perm_tree[0], $perm_tree);
 298         if ($type == 'inherited') {
 299             $type = sprintf(_("page permission inherited from %s"), $perm_tree[1][0]);
 300         } elseif ($type == 'page') {
 301             $type = _("individual page permission");
 302         } elseif ($type == 'default') {
 303             $type = _("default page permission");
 304         }
 305         $result = HTML::span();
 306         $result->pushContent($type);
 307         $result->pushContent(HTML::br());
 308         $result->pushContent($perm->asAclGroupLines());
 309         return $result;
 310     }
 311 };
 312
 313 class _PageList_Column_perm extends _PageList_Column {
 314     function _getValue ($page_handle, &$revision_handle) {
 315         $perm_array = pagePermissions($page_handle->_pagename);
 316         return pagePermissionsSimpleFormat($perm_array,
 317                                            $page_handle->get('author'),
 318                                            $page_handle->get('group'));
 319     }
 320 };
 321
 322 // Local Variables:
 323 // mode: php
 324 // tab-width: 8
 325 // c-basic-offset: 4
 326 // c-hanging-comment-ender-p: nil
 327 // indent-tabs-mode: nil
 328 // End:
 329 ?>