4 * Copyright 2004,2007 $ThePhpWikiProgrammingTeam
5 * Copyright 2009-2010 Marc-Etienne Vargenau, Alcatel-Lucent
7 * This file is part of PhpWiki.
9 * PhpWiki is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * PhpWiki is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License along
20 * with PhpWiki; if not, write to the Free Software Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25 * Permissions per page and action based on current user,
26 * ownership and group membership implemented with ACL's (Access Control Lists),
27 * opposed to the simplier unix-like ugo:rwx system.
28 * The previous system was only based on action and current user. (lib/main.php)
30 * Permissions may be inherited from its parent pages, a optional the
31 * optional master page ("."), and predefined default permissions, if "."
33 * Pagenames starting with "." have special default permissions.
34 * For Authentication see WikiUserNew.php, WikiGroup.php and main.php
35 * Page Permissions are in PhpWiki since v1.3.9 and enabled since v1.4.0
37 * This file might replace the following functions from main.php:
38 * Request::_notAuthorized($require_level)
39 * display the denied message and optionally a login form
40 * to gain higher privileges
41 * Request::getActionDescription($action)
42 * helper to localize the _notAuthorized message per action,
43 * when login is tried.
44 * Request::getDisallowedActionDescription($action)
45 * helper to localize the _notAuthorized message per action,
47 * Request::requiredAuthority($action)
48 * returns the needed user level
49 * has a hook for plugins on POST
50 * Request::requiredAuthorityForAction($action)
51 * just returns the level per action, will be replaced with the
54 * The defined main.php actions map to simplier access types:
57 * create => edit or create
60 * store prefs => change
61 * list in PageList => list
64 /* Symbolic special ACL groups. Untranslated to be stored in page metadata*/
65 define('ACL_EVERY', '_EVERY');
66 define('ACL_ANONYMOUS', '_ANONYMOUS');
67 define('ACL_BOGOUSER', '_BOGOUSER');
68 define('ACL_HASHOMEPAGE', '_HASHOMEPAGE');
69 define('ACL_SIGNED', '_SIGNED');
70 define('ACL_AUTHENTICATED', '_AUTHENTICATED');
71 define('ACL_ADMIN', '_ADMIN');
72 define('ACL_OWNER', '_OWNER');
73 define('ACL_CREATOR', '_CREATOR');
75 // Return an page permissions array for this page.
76 // To provide ui helpers to view and change page permissions:
77 // <tr><th>Group</th><th>Access</th><th>Allow or Forbid</th></tr>
78 // <tr><td>$group</td><td>_($access)</td><td> [ ] </td></tr>
79 function pagePermissions($pagename)
82 $page = $request->getPage($pagename);
83 // Page not found (new page); returned inherited permissions, to be displayed in gray
84 if (!$page->exists()) {
85 if ($pagename == '.') // stop recursion
86 return array('default', new PagePermission());
88 return array('inherited', pagePermissions(getParentPage($pagename)));
90 } elseif ($perm = getPagePermissions($page)) {
91 return array('page', $perm);
92 // or no permissions defined; returned inherited permissions, to be displayed in gray
93 } elseif ($pagename == '.') { // stop recursion in pathological case.
94 // "." defined, without any acl
95 return array('default', new PagePermission());
97 return array('inherited', pagePermissions(getParentPage($pagename)));
101 function pagePermissionsSimpleFormat($perm_tree, $owner, $group = false)
103 list($type, $perm) = pagePermissionsAcl($perm_tree[0], $perm_tree);
105 $type = $perm_tree[0];
106 $perm = pagePermissionsAcl($perm_tree);
107 if (is_object($perm_tree[1]))
108 $perm = $perm_tree[1];
109 elseif (is_array($perm_tree[1])) {
110 $perm_tree = pagePermissionsSimpleFormat($perm_tree[1],$owner,$group);
111 if (isa($perm_tree[1],'pagepermission'))
112 $perm = $perm_tree[1];
113 elseif (isa($perm_tree,'htmlelement'))
118 return HTML::tt(HTML::strong($perm->asRwxString($owner, $group)));
119 elseif ($type == 'default')
120 return HTML::tt($perm->asRwxString($owner, $group)); elseif ($type == 'inherited') {
121 return HTML::tt(array('class' => 'inherited', 'style' => 'color:#aaa;'),
122 $perm->asRwxString($owner, $group));
126 function pagePermissionsAcl($type, $perm_tree)
128 $perm = $perm_tree[1];
129 while (!is_object($perm)) {
130 $perm_tree = pagePermissionsAcl($type, $perm);
131 $perm = $perm_tree[1];
133 return array($type, $perm);
138 function pagePermissionsAclFormat($perm_tree, $editable = false)
140 list($type, $perm) = pagePermissionsAcl($perm_tree[0], $perm_tree);
142 return $perm->asEditableTable($type);
144 return $perm->asTable($type);
148 * Check the permissions for the current action.
149 * Walk down the inheritance tree. Collect all permissions until
150 * the minimum required level is gained, which is not
151 * overruled by more specific forbid rules.
152 * Todo: cache result per access and page in session?
154 function requiredAuthorityForPage($action)
157 $auth = _requiredAuthorityForPagename(action2access($action),
158 $request->getArg('pagename'));
159 assert($auth !== -1);
161 return $request->_user->_level;
163 return WIKIAUTH_UNOBTAINABLE;
166 // Translate action or plugin to the simplier access types:
167 function action2access($action)
180 // performance and security relevant
189 // invent a new access-perm massedit? or switch back to change, or keep it at edit?
190 case _("PhpWikiAdministration") . "/" . _("Rename"):
191 case _("PhpWikiAdministration") . "/" . _("SearchReplace"):
198 $page = $request->getPage();
199 if (!$page->exists())
206 // probably create/edit but we cannot check all page permissions, can we?
216 //Todo: Plugins should be able to override its access type
217 if (isWikiWord($action))
225 // Recursive helper to do the real work.
226 // Using a simple perm cache for page-access pairs.
227 // Maybe page-(current+edit+change?)action pairs will help
228 function _requiredAuthorityForPagename($access, $pagename)
230 static $permcache = array();
232 if (array_key_exists($pagename, $permcache)
233 and array_key_exists($access, $permcache[$pagename])
235 return $permcache[$pagename][$access];
238 $page = $request->getPage($pagename);
242 if ($pagename != '.' && isset($request->_user->_is_external) && $request->_user->_is_external && !$page->get('external')) {
243 $permcache[$pagename][$access] = 0;
247 if ((READONLY or $request->_dbi->readonly)
248 and in_array($access, array('edit', 'create', 'change'))
253 // Page not found; check against default permissions
254 if (!$page->exists()) {
255 $perm = new PagePermission();
256 $result = ($perm->isAuthorized($access, $request->_user) === true);
257 $permcache[$pagename][$access] = $result;
260 // no ACL defined; check for special dotfile or walk down
261 if (!($perm = getPagePermissions($page))) {
262 if ($pagename == '.') {
263 $perm = new PagePermission();
264 if ($perm->isAuthorized('change', $request->_user)) {
265 // warn the user to set ACL of ".", if he has permissions to do so.
266 trigger_error(". (dotpage == rootpage for inheriting pageperm ACLs) exists without any ACL!\n" .
267 "Please do ?action=setacl&pagename=.", E_USER_WARNING);
269 $result = ($perm->isAuthorized($access, $request->_user) === true);
270 $permcache[$pagename][$access] = $result;
272 } elseif ($pagename[0] == '.') {
273 $perm = new PagePermission(PagePermission::dotPerms());
274 $result = ($perm->isAuthorized($access, $request->_user) === true);
275 $permcache[$pagename][$access] = $result;
278 return _requiredAuthorityForPagename($access, getParentPage($pagename));
280 // ACL defined; check if isAuthorized returns true or false or undecided
281 $authorized = $perm->isAuthorized($access, $request->_user);
282 if ($authorized !== -1) { // interestingly true is also -1
283 $permcache[$pagename][$access] = $authorized;
285 } elseif ($pagename == '.') {
288 return _requiredAuthorityForPagename($access, getParentPage($pagename));
293 * @param string $pagename page from which the parent page is searched.
294 * @return string parent pagename or the (possibly pseudo) dot-pagename.
296 function getParentPage($pagename)
298 if (isSubPage($pagename)) {
299 return subPageSlice($pagename, 0);
305 // Read the ACL from the page
306 // Done: Not existing pages should NOT be queried.
307 // Check the parent page instead and don't take the default ACL's
308 function getPagePermissions($page)
310 if ($hash = $page->get('perm')) // hash => object
311 return new PagePermission(unserialize($hash));
316 // Store the ACL in the page
317 function setPagePermissions($page, $perm)
322 function getAccessDescription($access)
324 static $accessDescriptions;
325 if (!$accessDescriptions) {
326 $accessDescriptions = array(
327 'list' => _("List this page and all subpages"),
328 'view' => _("View this page and all subpages"),
329 'edit' => _("Edit this page and all subpages"),
330 'create' => _("Create a new (sub)page"),
331 'dump' => _("Download page contents"),
332 'change' => _("Change page attributes"),
333 'remove' => _("Remove this page"),
334 'purge' => _("Purge this page"),
337 if (in_array($access, array_keys($accessDescriptions)))
338 return $accessDescriptions[$access];
344 * The ACL object per page. It is stored in a page, but can also
345 * be merged with ACL's from other pages or taken from the master (pseudo) dot-file.
347 * A hash of "access" => "requires" pairs.
348 * "access" is a shortcut for common actions, which map to main.php actions
349 * "requires" required username or groupname or any special group => true or false
351 * Define any special rules here, like don't list dot-pages.
357 function PagePermission($hash = array())
359 $this->_group = &$GLOBALS['request']->getGroup();
360 if (is_array($hash) and !empty($hash)) {
361 $accessTypes = $this->accessTypes();
362 foreach ($hash as $access => $requires) {
363 if (in_array($access, $accessTypes))
364 $this->perm[$access] = $requires;
366 trigger_error(sprintf(_("Unsupported ACL access type %s ignored."), $access),
370 // set default permissions, the so called dot-file acl's
371 $this->perm = $this->defaultPerms();
377 * The workhorse to check the user against the current ACL pairs.
378 * Must translate the various special groups to the actual users settings
379 * (userid, group membership).
381 function isAuthorized($access, $user)
384 if (!empty($this->perm{$access})) {
385 foreach ($this->perm[$access] as $group => $bool) {
386 if ($this->isMember($user, $group)) {
388 } elseif ($allow == -1) { // not a member and undecided: check other groups
393 return $allow; // undecided
397 * Translate the various special groups to the actual users settings
398 * (userid, group membership).
400 function isMember($user, $group)
403 if ($group === ACL_EVERY) return true;
404 if (!isset($this->_group)) $member =& $request->getGroup();
405 else $member =& $this->_group;
406 //$user = & $request->_user;
407 if ($group === ACL_ADMIN) // WIKI_ADMIN or member of _("Administrators")
408 return $user->isAdmin() or
409 ($user->isAuthenticated() and
410 $member->isMember(GROUP_ADMIN));
411 if ($group === ACL_ANONYMOUS)
412 return !$user->isSignedIn();
413 if ($group === ACL_BOGOUSER)
415 return isa($user, '_BogoUser') or
416 (isWikiWord($user->_userid) and $user->_level >= WIKIAUTH_BOGO);
417 else return isWikiWord($user->UserName());
418 if ($group === ACL_HASHOMEPAGE)
419 return $user->hasHomePage();
420 if ($group === ACL_SIGNED)
421 return $user->isSignedIn();
422 if ($group === ACL_AUTHENTICATED)
423 return $user->isAuthenticated();
424 if ($group === ACL_OWNER) {
425 if (!$user->isAuthenticated()) return false;
426 $page = $request->getPage();
427 $owner = $page->getOwner();
428 return ($owner === $user->UserName()
429 or $member->isMember($owner));
431 if ($group === ACL_CREATOR) {
432 if (!$user->isAuthenticated()) return false;
433 $page = $request->getPage();
434 $creator = $page->getCreator();
435 return ($creator === $user->UserName()
436 or $member->isMember($creator));
438 /* Or named groups or usernames.
439 Note: We don't seperate groups and users here.
440 Users overrides groups with the same name.
442 return $user->UserName() === $group or
443 $member->isMember($group);
447 * returns hash of default permissions.
448 * check if the page '.' exists and returns this instead.
450 function defaultPerms()
452 //Todo: check for the existance of '.' and take this instead.
453 //Todo: honor more config.ini auth settings here
454 $perm = array('view' => array(ACL_EVERY => true),
455 'edit' => array(ACL_EVERY => true),
456 'create' => array(ACL_EVERY => true),
457 'list' => array(ACL_EVERY => true),
458 'remove' => array(ACL_ADMIN => true,
460 'purge' => array(ACL_ADMIN => true,
462 'dump' => array(ACL_ADMIN => true,
464 'change' => array(ACL_ADMIN => true,
467 $perm['dump'] = array(ACL_ADMIN => true,
469 elseif (INSECURE_ACTIONS_LOCALHOST_ONLY) {
471 $perm['dump'] = array(ACL_EVERY => true);
473 $perm['dump'] = array(ACL_ADMIN => true);
475 $perm['dump'] = array(ACL_EVERY => true);
476 if (defined('REQUIRE_SIGNIN_BEFORE_EDIT') && REQUIRE_SIGNIN_BEFORE_EDIT)
477 $perm['edit'] = array(ACL_SIGNED => true);
479 if (!ALLOW_ANON_USER) {
480 if (!ALLOW_USER_PASSWORDS)
481 $perm['view'] = array(ACL_SIGNED => true);
483 $perm['view'] = array(ACL_AUTHENTICATED => true);
484 $perm['view'][ACL_BOGOUSER] = ALLOW_BOGO_LOGIN ? true : false;
487 if (!ALLOW_ANON_EDIT) {
488 if (!ALLOW_USER_PASSWORDS)
489 $perm['edit'] = array(ACL_SIGNED => true);
491 $perm['edit'] = array(ACL_AUTHENTICATED => true);
492 $perm['edit'][ACL_BOGOUSER] = ALLOW_BOGO_LOGIN ? true : false;
493 $perm['create'] = $perm['edit'];
499 * FIXME: check valid groups and access
503 foreach ($this->perm as $access => $groups) {
504 foreach ($groups as $group => $bool) {
505 $this->perm[$access][$group] = (boolean)$bool;
511 * do a recursive comparison
513 function equal($otherperm)
515 // The equal function seems to be unable to detect removed perm.
516 // Use case is when a rule is removed.
517 return (print_r($this->perm, true) === print_r($otherperm, true));
521 * returns list of all supported access types.
523 function accessTypes()
525 return array_keys(PagePermission::defaultPerms());
529 * special permissions for dot-files, beginning with '.'
530 * maybe also for '_' files?
534 $def = array(ACL_ADMIN => true,
537 foreach (PagePermission::accessTypes() as $access) {
538 $perm[$access] = $def;
544 * dead code. not needed inside the object. see getPagePermissions($page)
546 function retrieve($page)
548 $hash = $page->get('perm');
549 if ($hash) // hash => object
550 $perm = new PagePermission(unserialize($hash));
552 $perm = new PagePermission();
557 function store($page)
561 return $page->set('perm', serialize($this->perm));
564 function groupName($group)
566 if ($group[0] == '_') return constant("GROUP" . $group);
570 /* type: page, default, inherited */
571 function asTable($type)
573 $table = HTML::table();
574 foreach ($this->perm as $access => $perms) {
575 $td = HTML::table(array('class' => 'cal'));
576 foreach ($perms as $group => $bool) {
577 $td->pushContent(HTML::tr(HTML::td(array('align' => 'right'), $group),
578 HTML::td($bool ? '[X]' : '[ ]')));
580 $table->pushContent(HTML::tr(array('valign' => 'top'),
581 HTML::td($access), HTML::td($td)));
583 if ($type == 'default')
584 $table->setAttr('style', 'border: dotted thin black; background-color:#eee;');
585 elseif ($type == 'inherited')
586 $table->setAttr('style', 'border: dotted thin black; background-color:#ddd;'); elseif ($type == 'page')
587 $table->setAttr('style', 'border: solid thin black; font-weight: bold;');
591 /* type: page, default, inherited */
592 function asEditableTable($type)
595 if (!isset($this->_group)) {
596 $this->_group =& $GLOBALS['request']->getGroup();
598 $table = HTML::table();
599 $table->pushContent(HTML::tr(
600 HTML::th(array('align' => 'left'),
602 HTML::th(array('align' => 'right'),
604 HTML::th(_("Grant")),
605 HTML::th(_("Del/+")),
606 HTML::th(_("Description"))));
608 $allGroups = $this->_group->_specialGroups();
609 foreach ($this->_group->getAllGroupsIn() as $group) {
610 if (!in_array($group, $this->_group->specialGroups()))
611 $allGroups[] = $group;
613 //array_unique(array_merge($this->_group->getAllGroupsIn(),
614 $deletesrc = $WikiTheme->_findData('images/delete.png');
615 $addsrc = $WikiTheme->_findData('images/add.png');
616 $nbsp = HTML::raw(' ');
617 foreach ($this->perm as $access => $groups) {
618 //$permlist = HTML::table(array('class' => 'cal'));
620 $newperm = HTML::input(array('type' => 'checkbox',
621 'name' => "acl[_new_perm][$access]",
623 $addbutton = HTML::input(array('type' => 'checkbox',
624 'name' => "acl[_add_group][$access]",
627 'title' => _("Add this ACL"),
629 $newgroup = HTML::select(array('name' => "acl[_new_group][$access]",
630 'style' => 'text-align: right;',
632 foreach ($allGroups as $groupname) {
633 if (!isset($groups[$groupname]))
634 $newgroup->pushContent(HTML::option(array('value' => $groupname),
635 $this->groupName($groupname)));
637 if (empty($groups)) {
638 $addbutton->setAttr('checked', 'checked');
639 $newperm->setAttr('checked', 'checked');
641 HTML::tr(array('valign' => 'top'),
642 HTML::td(HTML::strong($access . ":")),
644 HTML::td($nbsp, $newperm),
645 HTML::td($nbsp, $addbutton),
646 HTML::td(HTML::em(getAccessDescription($access)))));
648 foreach ($groups as $group => $bool) {
649 $checkbox = HTML::input(array('type' => 'checkbox',
650 'name' => "acl[$access][$group]",
651 'title' => _("Allow / Deny"),
653 if ($bool) $checkbox->setAttr('checked', 'checked');
654 $checkbox = HTML(HTML::input(array('type' => 'hidden',
655 'name' => "acl[$access][$group]",
658 $deletebutton = HTML::input(array('type' => 'checkbox',
659 'name' => "acl[_del_group][$access][$group]",
660 'style' => 'background: #aaa url(' . $deletesrc . ')',
661 //'src' => $deletesrc,
663 'title' => _("Delete this ACL"),
668 HTML::td(HTML::strong($access . ":")),
669 HTML::td(array('class' => 'cal-today', 'align' => 'right'),
670 HTML::strong($this->groupName($group))),
671 HTML::td(array('align' => 'center'), $nbsp, $checkbox),
672 HTML::td(array('align' => 'right', 'style' => 'background: #aaa url(' . $deletesrc . ') no-repeat'), $deletebutton),
673 HTML::td(HTML::em(getAccessDescription($access)))));
679 HTML::td(array('class' => 'cal-today', 'align' => 'right'),
680 HTML::strong($this->groupName($group))),
681 HTML::td(array('align' => 'center'), $nbsp, $checkbox),
682 HTML::td(array('align' => 'right', 'style' => 'background: #aaa url(' . $deletesrc . ') no-repeat'), $deletebutton),
688 HTML::tr(array('valign' => 'top'),
689 HTML::td(array('align' => 'right'), _("add ")),
691 HTML::td(array('align' => 'center'), $nbsp, $newperm),
692 HTML::td(array('align' => 'right', 'style' => 'background: #ccc url(' . $addsrc . ') no-repeat'), $addbutton),
693 HTML::td(HTML::small(_("Check to add this ACL")))));
695 if ($type == 'default')
696 $table->setAttr('style', 'border: dotted thin black; background-color:#eee;');
697 elseif ($type == 'inherited')
698 $table->setAttr('style', 'border: dotted thin black; background-color:#ddd;'); elseif ($type == 'page')
699 $table->setAttr('style', 'border: solid thin black; font-weight: bold;');
703 // Print ACL as lines of [+-]user[,group,...]:access[,access...]
704 // Seperate acl's by "; " or whitespace
705 // See http://opag.ca/wiki/HelpOnAccessControlLists
706 // As used by WikiAdminSetAclSimple
707 function asAclLines()
712 foreach ($this->perm as $access => $groups) {
713 // unify groups for same access+bool
714 // view:CREATOR,-OWNER,
715 $line = $access . ':';
716 foreach ($groups as $group => $bool) {
717 $line .= ($bool ? '' : '-') . $group . ",";
719 if (substr($line, -1) == ',')
720 $s .= substr($line, 0, -1) . "; ";
722 if (substr($s, -2) == '; ')
723 $s = substr($s, 0, -2);
727 // This is just a bad hack for testing.
728 // Simplify the ACL to a unix-like "rwx------+" string
730 function asRwxString($owner, $group = false)
733 // simplify object => rwxrw---x+ string as in cygwin (+ denotes additional ACLs)
734 $perm =& $this->perm;
735 // get effective user and group
737 if (isset($perm['view'][$owner]) or
738 (isset($perm['view'][ACL_AUTHENTICATED]) and $request->_user->isAuthenticated())
741 if (isset($perm['edit'][$owner]) or
742 (isset($perm['edit'][ACL_AUTHENTICATED]) and $request->_user->isAuthenticated())
745 if (isset($perm['change'][$owner]) or
746 (isset($perm['change'][ACL_AUTHENTICATED]) and $request->_user->isAuthenticated())
749 if (!empty($group)) {
750 if (isset($perm['view'][$group]) or
751 (isset($perm['view'][ACL_AUTHENTICATED]) and $request->_user->isAuthenticated())
754 if (isset($perm['edit'][$group]) or
755 (isset($perm['edit'][ACL_AUTHENTICATED]) and $request->_user->isAuthenticated())
758 if (isset($perm['change'][$group]) or
759 (isset($perm['change'][ACL_AUTHENTICATED]) and $request->_user->isAuthenticated())
763 if (isset($perm['view'][ACL_EVERY]) or
764 (isset($perm['view'][ACL_AUTHENTICATED]) and $request->_user->isAuthenticated())
767 if (isset($perm['edit'][ACL_EVERY]) or
768 (isset($perm['edit'][ACL_AUTHENTICATED]) and $request->_user->isAuthenticated())
771 if (isset($perm['change'][ACL_EVERY]) or
772 (isset($perm['change'][ACL_AUTHENTICATED]) and $request->_user->isAuthenticated())
783 // c-hanging-comment-ender-p: nil
784 // indent-tabs-mode: nil
projects / SourceForge / phpwiki.git / blob