lib/plugin/WikiAdminSetAcl.php

   1 <?php // -*-php-*-
   2 // rcs_id('$Id$');
   3 /*
   4  * Copyright 2004 $ThePhpWikiProgrammingTeam
   5  * Copyright 2009 Marc-Etienne Vargenau, Alcatel-Lucent
   6  *
   7  * This file is part of PhpWiki.
   8  *
   9  * PhpWiki is free software; you can redistribute it and/or modify
  10  * it under the terms of the GNU General Public License as published by
  11  * the Free Software Foundation; either version 2 of the License, or
  12  * (at your option) any later version.
  13  *
  14  * PhpWiki is distributed in the hope that it will be useful,
  15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17  * GNU General Public License for more details.
  18  *
  19  * You should have received a copy of the GNU General Public License
  20  * along with PhpWiki; if not, write to the Free Software
  21  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  22  */
  23
  24 /**
  25  * Set individual PagePermissions
  26  *
  27  * Usage:   <?plugin WikiAdminSetAcl ?> or called via WikiAdminSelect
  28  * Author:  Reini Urban <rurban@x-ray.at>
  29  *
  30  * KNOWN ISSUES:
  31  * Requires PHP 4.2 so far.
  32  *
  33  * TODO: UI to add custom group/username.
  34  * Currently it's easier to dump a page, fix it manually and
  35  * import it, than use Setacl
  36  */
  37 require_once('lib/PageList.php');
  38 require_once('lib/plugin/WikiAdminSelect.php');
  39
  40 class WikiPlugin_WikiAdminSetAcl
  41 extends WikiPlugin_WikiAdminSelect
  42 {
  43     function getName() {
  44         return _("WikiAdminSetAcl");
  45     }
  46
  47     function getDescription() {
  48         return _("Set individual page permissions.");
  49     }
  50
  51     function getDefaultArguments() {
  52         return array_merge
  53             (
  54              WikiPlugin_WikiAdminSelect::getDefaultArguments(),
  55              array(
  56                      'p'        => "[]",  // list of pages
  57                      /* Columns to include in listing */
  58                      'info'     => 'pagename,perm,mtime,owner,author',
  59                      ));
  60     }
  61
  62     function setaclPages(&$request, $pages, $acl) {
  63         $result = HTML::div();
  64         $count = 0;
  65         $dbi =& $request->_dbi;
  66         // check new_group and new_perm
  67         if (isset($acl['_add_group'])) {
  68             //add groups with perm
  69             foreach ($acl['_add_group'] as $access => $dummy) {
  70                 $group = $acl['_new_group'][$access];
  71                 $acl[$access][$group] = isset($acl['_new_perm'][$access]) ? 1 : 0;
  72             }
  73             unset($acl['_add_group']);
  74         }
  75         unset($acl['_new_group']); unset($acl['_new_perm']);
  76         if (isset($acl['_del_group'])) {
  77             //del groups with perm
  78             foreach ($acl['_del_group'] as $access => $del) {
  79                 while (list($group,$dummy) = each($del))
  80                     unset($acl[$access][$group]);
  81             }
  82             unset($acl['_del_group']);
  83         }
  84         if ($perm = new PagePermission($acl)) {
  85             $perm->sanify();
  86             foreach ($pages as $pagename) {
  87                     // check if unchanged? we need a deep array_equal
  88                     $page = $dbi->getPage($pagename);
  89                     $oldperm = getPagePermissions($page);
  90                 if ($oldperm)
  91                     $oldperm->sanify();
  92                     if ($oldperm and $perm->equal($oldperm->perm)) {
  93                     $result->setAttr('class', 'error');
  94                     $result->pushContent(HTML::p(fmt("ACL not changed for page '%s'.",$pagename)));
  95                 } elseif (mayAccessPage('change', $pagename)) {
  96                     setPagePermissions ($page, $perm);
  97                     $result->setAttr('class', 'feedback');
  98                     $result->pushContent(HTML::p(fmt("ACL changed for page '%s'",
  99                                                      $pagename)));
 100                     $result->pushContent(HTML::p(fmt("from '%s'",
 101                                                      $oldperm ? $oldperm->asAclGroupLines() : "None")));
 102                     $result->pushContent(HTML::p(fmt("to '%s'.",
 103                                                      $perm->asAclGroupLines())));
 104
 105                     // Create new revision so that ACL change appears in history.
 106                     $current = $page->getCurrentRevision();
 107                     $version = $current->getVersion();
 108                     $meta = $current->_data;
 109                     $text = $current->getPackedContent();
 110                     $meta['summary'] = sprintf(_("ACL changed for page '%s' from '%s' to '%s'."),
 111                                                $pagename,
 112                                                $oldperm ? $oldperm->asAclGroupLines() : "None",
 113                                                $perm->asAclGroupLines());
 114                     $meta['is_minor_edit'] = 1;
 115                     $meta['author'] =  $request->_user->UserName();
 116                     unset($meta['mtime']); // force new date
 117                     $page->save($text, $version + 1, $meta);
 118
 119                     $count++;
 120                 } else {
 121                     $result->setAttr('class', 'error');
 122                     $result->pushContent(HTML::p(fmt("Access denied to change page '%s'.",$pagename)));
 123                 }
 124             }
 125         } else {
 126             $result->pushContent(HTML::p(fmt("Invalid ACL")));
 127         }
 128         if ($count) {
 129             $dbi->touch();
 130             $result->setAttr('class', 'feedback');
 131             if ($count > 1) {
 132                 $result->pushContent(HTML::p(fmt("%s pages have been changed.",$count)));
 133             }
 134         } else {
 135             $result->setAttr('class', 'error');
 136             $result->pushContent(HTML::p(fmt("No pages changed.")));
 137         }
 138         return $result;
 139     }
 140
 141     function run($dbi, $argstr, &$request, $basepage) {
 142         //if (!DEBUG)
 143         //    return $this->disabled("WikiAdminSetAcl not yet enabled. Set DEBUG to try it.");
 144         if ($request->getArg('action') != 'browse')
 145             if ($request->getArg('action') != _("PhpWikiAdministration/SetAcl"))
 146                 return $this->disabled("(action != 'browse')");
 147         if (!ENABLE_PAGEPERM)
 148             return $this->disabled("ENABLE_PAGEPERM = false");
 149
 150         $args = $this->getArgs($argstr, $request);
 151         $this->_args = $args;
 152         $this->preSelectS($args, $request);
 153
 154         $p = $request->getArg('p');
 155         $post_args = $request->getArg('admin_setacl');
 156         $next_action = 'select';
 157         $pages = array();
 158         if ($p && !$request->isPost())
 159             $pages = $p;
 160         elseif ($this->_list)
 161             $pages = $this->_list;
 162         $header = HTML::fieldset();
 163         if ($p && $request->isPost() &&
 164             !empty($post_args['acl']) && empty($post_args['cancel'])) {
 165             // without individual PagePermissions:
 166             if (!ENABLE_PAGEPERM and !$request->_user->isAdmin()) {
 167                 $request->_notAuthorized(WIKIAUTH_ADMIN);
 168                 $this->disabled("! user->isAdmin");
 169             }
 170             if ($post_args['action'] == 'verify') {
 171                 // Real action
 172                 return $this->setaclPages($request, array_keys($p), $request->getArg('acl'));
 173             }
 174             if ($post_args['action'] == 'select') {
 175                 if (!empty($post_args['acl']))
 176                     $next_action = 'verify';
 177                 foreach ($p as $name => $c) {
 178                     $pages[$name] = 1;
 179                 }
 180             }
 181         }
 182         if ($next_action == 'select' and empty($pages)) {
 183             // List all pages to select from.
 184             $pages = $this->collectPages($pages, $dbi, $args['sortby'], $args['limit'], $args['exclude']);
 185         }
 186         if ($next_action == 'verify') {
 187             $args['info'] = "checkbox,pagename,perm,mtime,owner,author";
 188         }
 189         $pagelist = new PageList_Selectable($args['info'],
 190                                             $args['exclude'],
 191                                             array('types' => array(
 192                                                   'perm'
 193                                                   => new _PageList_Column_perm('perm', _("Permission")),
 194                                                   'acl'
 195                                                   => new _PageList_Column_acl('acl', _("ACL")))));
 196
 197         $pagelist->addPageList($pages);
 198         if ($next_action == 'verify') {
 199             $button_label = _("Yes");
 200             $header = $this->setaclForm($header, $post_args, $pages);
 201             $header->pushContent(
 202               HTML::p(HTML::strong(
 203                   _("Are you sure you want to permanently change access rights to the selected files?"))));
 204         }
 205         else {
 206             $button_label = _("Change Access Rights");
 207             $header = $this->setaclForm($header, $post_args, $pages);
 208             $header->pushContent(HTML::legend(_("Select the pages where to change access rights")));
 209         }
 210
 211         $buttons = HTML::p(Button('submit:admin_setacl[acl]', $button_label, 'wikiadmin'),
 212                            Button('submit:admin_setacl[cancel]', _("Cancel"), 'button'));
 213         $header->pushContent($buttons);
 214
 215         return HTML::form(array('action' => $request->getPostURL(),
 216                                 'method' => 'post'),
 217                           $header,
 218                           $pagelist->getContent(),
 219                           HiddenInputs($request->getArgs(),
 220                                         false,
 221                                         array('admin_setacl')),
 222                           HiddenInputs(array('admin_setacl[action]' => $next_action)),
 223                           ENABLE_PAGEPERM
 224                           ? ''
 225                           : HiddenInputs(array('require_authority_for_post' => WIKIAUTH_ADMIN)));
 226     }
 227
 228     function setaclForm(&$header, $post_args, $pagehash) {
 229         $acl = $post_args['acl'];
 230
 231         //FIXME: find intersection of all pages perms, not just from the last pagename
 232         $pages = array();
 233         foreach ($pagehash as $name => $checked) {
 234            if ($checked) $pages[] = $name;
 235         }
 236         $perm_tree = pagePermissions($name);
 237         $table = pagePermissionsAclFormat($perm_tree, !empty($pages));
 238         $header->pushContent(HTML::strong(_("Selected Pages: ")), HTML::tt(join(', ',$pages)), HTML::br());
 239         $first_page = $GLOBALS['request']->_dbi->getPage($name);
 240         $owner = $first_page->getOwner();
 241         list($type, $perm) = pagePermissionsAcl($perm_tree[0], $perm_tree);
 242         //if (DEBUG) $header->pushContent(HTML::pre("Permission tree for $name:\n",print_r($perm_tree,true)));
 243         if ($type == 'inherited')
 244             $type = sprintf(_("page permission inherited from %s"), $perm_tree[1][0]);
 245         elseif ($type == 'page')
 246             $type = _("individual page permission");
 247         elseif ($type == 'default')
 248             $type = _("default page permission");
 249         $header->pushContent(HTML::strong(_("Type").': '), HTML::tt($type),HTML::br());
 250         $header->pushContent(HTML::strong(_("ACL").': '), HTML::tt($perm->asAclGroupLines()),HTML::br());
 251
 252         $header->pushContent(HTML::p(HTML::strong(_("Description").': '),
 253                                      _("Selected Grant checkboxes allow access, unselected checkboxes deny access."),
 254                                      _("To ignore delete the line."),
 255                                      _("To add check 'Add' near the dropdown list.")
 256                                      ));
 257         $header->pushContent($table);
 258         //
 259         // display array of checkboxes for existing perms
 260         // and a dropdown for user/group to add perms.
 261         // disabled if inherited,
 262         // checkbox to disable inheritance,
 263         // another checkbox to progate new permissions to all childs (if there exist some)
 264         //Todo:
 265         // warn if more pages are selected and they have different perms
 266         //$header->pushContent(HTML::input(array('name' => 'admin_setacl[acl]',
 267         //                                       'value' => $post_args['acl'])));
 268         $header->pushContent(HTML::br());
 269         if (!empty($pages) and defined('EXPERIMENTAL') and EXPERIMENTAL) {
 270           $checkbox = HTML::input(array('type' => 'checkbox',
 271                                         'name' => 'admin_setacl[updatechildren]',
 272                                         'value' => 1));
 273           if (!empty($post_args['updatechildren']))  $checkbox->setAttr('checked','checked');
 274           $header->pushContent($checkbox,
 275                     _("Propagate new permissions to all subpages?"),
 276                   HTML::raw("&nbsp;&nbsp;"),
 277                   HTML::em(_("(disable individual page permissions, enable inheritance)?")),
 278                   HTML::br(),HTML::em(_("(Currently not working)"))
 279                                );
 280         }
 281         $header->pushContent(HTML::hr());
 282         return $header;
 283     }
 284 }
 285
 286 class _PageList_Column_acl extends _PageList_Column {
 287     function _getValue ($page_handle, &$revision_handle) {
 288         $perm_tree = pagePermissions($page_handle->_pagename);
 289
 290         list($type, $perm) = pagePermissionsAcl($perm_tree[0], $perm_tree);
 291         if ($type == 'inherited') {
 292             $type = sprintf(_("page permission inherited from %s"), $perm_tree[1][0]);
 293         } elseif ($type == 'page') {
 294             $type = _("individual page permission");
 295         } elseif ($type == 'default') {
 296             $type = _("default page permission");
 297         }
 298         $result = HTML::span();
 299         $result->pushContent($type);
 300         $result->pushContent(HTML::br());
 301         $result->pushContent($perm->asAclGroupLines());
 302         return $result;
 303     }
 304 };
 305
 306 class _PageList_Column_perm extends _PageList_Column {
 307     function _getValue ($page_handle, &$revision_handle) {
 308         $perm_array = pagePermissions($page_handle->_pagename);
 309         return pagePermissionsSimpleFormat($perm_array,
 310                                            $page_handle->get('author'),
 311                                            $page_handle->get('group'));
 312     }
 313 };
 314
 315 // Local Variables:
 316 // mode: php
 317 // tab-width: 8
 318 // c-basic-offset: 4
 319 // c-hanging-comment-ender-p: nil
 320 // indent-tabs-mode: nil
 321 // End:
 322 ?>