diff options
Diffstat (limited to 'platform/www/lib/plugins/acl')
-rw-r--r-- | platform/www/lib/plugins/acl/action.php | 86 | ||||
-rw-r--r-- | platform/www/lib/plugins/acl/admin.php | 858 | ||||
-rw-r--r-- | platform/www/lib/plugins/acl/admin.svg | 1 | ||||
-rw-r--r-- | platform/www/lib/plugins/acl/lang/en/help.txt | 9 | ||||
-rw-r--r-- | platform/www/lib/plugins/acl/lang/en/lang.php | 46 | ||||
-rw-r--r-- | platform/www/lib/plugins/acl/pix/group.png | bin | 0 -> 699 bytes | |||
-rw-r--r-- | platform/www/lib/plugins/acl/pix/ns.png | bin | 0 -> 799 bytes | |||
-rw-r--r-- | platform/www/lib/plugins/acl/pix/page.png | bin | 0 -> 582 bytes | |||
-rw-r--r-- | platform/www/lib/plugins/acl/pix/user.png | bin | 0 -> 650 bytes | |||
-rw-r--r-- | platform/www/lib/plugins/acl/plugin.info.txt | 7 | ||||
-rw-r--r-- | platform/www/lib/plugins/acl/remote.php | 102 | ||||
-rw-r--r-- | platform/www/lib/plugins/acl/script.js | 121 | ||||
-rw-r--r-- | platform/www/lib/plugins/acl/style.css | 135 |
13 files changed, 1365 insertions, 0 deletions
diff --git a/platform/www/lib/plugins/acl/action.php b/platform/www/lib/plugins/acl/action.php new file mode 100644 index 0000000..86e5870 --- /dev/null +++ b/platform/www/lib/plugins/acl/action.php @@ -0,0 +1,86 @@ +<?php +/** + * AJAX call handler for ACL plugin + * + * @license GPL 2 (http://www.gnu.org/licenses/gpl.html) + * @author Andreas Gohr <andi@splitbrain.org> + */ + +/** + * Register handler + */ +class action_plugin_acl extends DokuWiki_Action_Plugin +{ + + /** + * Registers a callback function for a given event + * + * @param Doku_Event_Handler $controller DokuWiki's event controller object + * @return void + */ + public function register(Doku_Event_Handler $controller) + { + + $controller->register_hook('AJAX_CALL_UNKNOWN', 'BEFORE', $this, 'handleAjaxCallAcl'); + } + + /** + * AJAX call handler for ACL plugin + * + * @param Doku_Event $event event object by reference + * @param mixed $param empty + * @return void + */ + public function handleAjaxCallAcl(Doku_Event $event, $param) + { + if ($event->data !== 'plugin_acl') { + return; + } + $event->stopPropagation(); + $event->preventDefault(); + + global $ID; + global $INPUT; + + /** @var $acl admin_plugin_acl */ + $acl = plugin_load('admin', 'acl'); + if (!$acl->isAccessibleByCurrentUser()) { + echo 'for admins only'; + return; + } + if (!checkSecurityToken()) { + echo 'CRSF Attack'; + return; + } + + $ID = getID(); + $acl->handle(); + + $ajax = $INPUT->str('ajax'); + header('Content-Type: text/html; charset=utf-8'); + + if ($ajax == 'info') { + $acl->printInfo(); + } elseif ($ajax == 'tree') { + $ns = $INPUT->str('ns'); + if ($ns == '*') { + $ns = ''; + } + $ns = cleanID($ns); + $lvl = count(explode(':', $ns)); + $ns = utf8_encodeFN(str_replace(':', '/', $ns)); + + $data = $acl->makeTree($ns, $ns); + + foreach (array_keys($data) as $item) { + $data[$item]['level'] = $lvl + 1; + } + echo html_buildlist( + $data, + 'acl', + array($acl, 'makeTreeItem'), + array($acl, 'makeListItem') + ); + } + } +} diff --git a/platform/www/lib/plugins/acl/admin.php b/platform/www/lib/plugins/acl/admin.php new file mode 100644 index 0000000..02842fd --- /dev/null +++ b/platform/www/lib/plugins/acl/admin.php @@ -0,0 +1,858 @@ +<?php +/** + * ACL administration functions + * + * @license GPL 2 (http://www.gnu.org/licenses/gpl.html) + * @author Andreas Gohr <andi@splitbrain.org> + * @author Anika Henke <anika@selfthinker.org> (concepts) + * @author Frank Schubert <frank@schokilade.de> (old version) + */ + +/** + * All DokuWiki plugins to extend the admin function + * need to inherit from this class + */ +class admin_plugin_acl extends DokuWiki_Admin_Plugin +{ + public $acl = null; + protected $ns = null; + /** + * The currently selected item, associative array with id and type. + * Populated from (in this order): + * $_REQUEST['current_ns'] + * $_REQUEST['current_id'] + * $ns + * $ID + */ + protected $current_item = null; + protected $who = ''; + protected $usersgroups = array(); + protected $specials = array(); + + /** + * return prompt for admin menu + */ + public function getMenuText($language) + { + return $this->getLang('admin_acl'); + } + + /** + * return sort order for position in admin menu + */ + public function getMenuSort() + { + return 1; + } + + /** + * handle user request + * + * Initializes internal vars and handles modifications + * + * @author Andreas Gohr <andi@splitbrain.org> + */ + public function handle() + { + global $AUTH_ACL; + global $ID; + global $auth; + global $config_cascade; + global $INPUT; + + // fresh 1:1 copy without replacements + $AUTH_ACL = file($config_cascade['acl']['default']); + + // namespace given? + if ($INPUT->str('ns') == '*') { + $this->ns = '*'; + } else { + $this->ns = cleanID($INPUT->str('ns')); + } + + if ($INPUT->str('current_ns')) { + $this->current_item = array('id' => cleanID($INPUT->str('current_ns')), 'type' => 'd'); + } elseif ($INPUT->str('current_id')) { + $this->current_item = array('id' => cleanID($INPUT->str('current_id')), 'type' => 'f'); + } elseif ($this->ns) { + $this->current_item = array('id' => $this->ns, 'type' => 'd'); + } else { + $this->current_item = array('id' => $ID, 'type' => 'f'); + } + + // user or group choosen? + $who = trim($INPUT->str('acl_w')); + if ($INPUT->str('acl_t') == '__g__' && $who) { + $this->who = '@'.ltrim($auth->cleanGroup($who), '@'); + } elseif ($INPUT->str('acl_t') == '__u__' && $who) { + $this->who = ltrim($who, '@'); + if ($this->who != '%USER%' && $this->who != '%GROUP%') { #keep wildcard as is + $this->who = $auth->cleanUser($this->who); + } + } elseif ($INPUT->str('acl_t') && + $INPUT->str('acl_t') != '__u__' && + $INPUT->str('acl_t') != '__g__') { + $this->who = $INPUT->str('acl_t'); + } elseif ($who) { + $this->who = $who; + } + + // handle modifications + if ($INPUT->has('cmd') && checkSecurityToken()) { + $cmd = $INPUT->extract('cmd')->str('cmd'); + + // scope for modifications + if ($this->ns) { + if ($this->ns == '*') { + $scope = '*'; + } else { + $scope = $this->ns.':*'; + } + } else { + $scope = $ID; + } + + if ($cmd == 'save' && $scope && $this->who && $INPUT->has('acl')) { + // handle additions or single modifications + $this->deleteACL($scope, $this->who); + $this->addOrUpdateACL($scope, $this->who, $INPUT->int('acl')); + } elseif ($cmd == 'del' && $scope && $this->who) { + // handle single deletions + $this->deleteACL($scope, $this->who); + } elseif ($cmd == 'update') { + $acl = $INPUT->arr('acl'); + + // handle update of the whole file + foreach ($INPUT->arr('del') as $where => $names) { + // remove all rules marked for deletion + foreach ($names as $who) + unset($acl[$where][$who]); + } + // prepare lines + $lines = array(); + // keep header + foreach ($AUTH_ACL as $line) { + if ($line[0] == '#') { + $lines[] = $line; + } else { + break; + } + } + // re-add all rules + foreach ($acl as $where => $opt) { + foreach ($opt as $who => $perm) { + if ($who[0]=='@') { + if ($who!='@ALL') { + $who = '@'.ltrim($auth->cleanGroup($who), '@'); + } + } elseif ($who != '%USER%' && $who != '%GROUP%') { #keep wildcard as is + $who = $auth->cleanUser($who); + } + $who = auth_nameencode($who, true); + $lines[] = "$where\t$who\t$perm\n"; + } + } + // save it + io_saveFile($config_cascade['acl']['default'], join('', $lines)); + } + + // reload ACL config + $AUTH_ACL = file($config_cascade['acl']['default']); + } + + // initialize ACL array + $this->initAclConfig(); + } + + /** + * ACL Output function + * + * print a table with all significant permissions for the + * current id + * + * @author Frank Schubert <frank@schokilade.de> + * @author Andreas Gohr <andi@splitbrain.org> + */ + public function html() + { + echo '<div id="acl_manager">'.NL; + echo '<h1>'.$this->getLang('admin_acl').'</h1>'.NL; + echo '<div class="level1">'.NL; + + echo '<div id="acl__tree">'.NL; + $this->makeExplorer(); + echo '</div>'.NL; + + echo '<div id="acl__detail">'.NL; + $this->printDetail(); + echo '</div>'.NL; + echo '</div>'.NL; + + echo '<div class="clearer"></div>'; + echo '<h2>'.$this->getLang('current').'</h2>'.NL; + echo '<div class="level2">'.NL; + $this->printAclTable(); + echo '</div>'.NL; + + echo '<div class="footnotes"><div class="fn">'.NL; + echo '<sup><a id="fn__1" class="fn_bot" href="#fnt__1">1)</a></sup>'.NL; + echo '<div class="content">'.$this->getLang('p_include').'</div>'; + echo '</div></div>'; + + echo '</div>'.NL; + } + + /** + * returns array with set options for building links + * + * @author Andreas Gohr <andi@splitbrain.org> + */ + protected function getLinkOptions($addopts = null) + { + $opts = array( + 'do'=>'admin', + 'page'=>'acl', + ); + if ($this->ns) $opts['ns'] = $this->ns; + if ($this->who) $opts['acl_w'] = $this->who; + + if (is_null($addopts)) return $opts; + return array_merge($opts, $addopts); + } + + /** + * Display a tree menu to select a page or namespace + * + * @author Andreas Gohr <andi@splitbrain.org> + */ + protected function makeExplorer() + { + global $conf; + global $ID; + global $lang; + + $ns = $this->ns; + if (empty($ns)) { + $ns = dirname(str_replace(':', '/', $ID)); + if ($ns == '.') $ns =''; + } elseif ($ns == '*') { + $ns =''; + } + $ns = utf8_encodeFN(str_replace(':', '/', $ns)); + + $data = $this->makeTree($ns); + + // wrap a list with the root level around the other namespaces + array_unshift($data, array( 'level' => 0, 'id' => '*', 'type' => 'd', + 'open' =>'true', 'label' => '['.$lang['mediaroot'].']')); + + echo html_buildlist( + $data, + 'acl', + array($this, 'makeTreeItem'), + array($this, 'makeListItem') + ); + } + + /** + * get a combined list of media and page files + * + * also called via AJAX + * + * @param string $folder an already converted filesystem folder of the current namespace + * @param string $limit limit the search to this folder + * @return array + */ + public function makeTree($folder, $limit = '') + { + global $conf; + + // read tree structure from pages and media + $data = array(); + search($data, $conf['datadir'], 'search_index', array('ns' => $folder), $limit); + $media = array(); + search($media, $conf['mediadir'], 'search_index', array('ns' => $folder, 'nofiles' => true), $limit); + $data = array_merge($data, $media); + unset($media); + + // combine by sorting and removing duplicates + usort($data, array($this, 'treeSort')); + $count = count($data); + if ($count>0) for ($i=1; $i<$count; $i++) { + if ($data[$i-1]['id'] == $data[$i]['id'] && $data[$i-1]['type'] == $data[$i]['type']) { + unset($data[$i]); + $i++; // duplicate found, next $i can't be a duplicate, so skip forward one + } + } + return $data; + } + + /** + * usort callback + * + * Sorts the combined trees of media and page files + */ + public function treeSort($a, $b) + { + // handle the trivial cases first + if ($a['id'] == '') return -1; + if ($b['id'] == '') return 1; + // split up the id into parts + $a_ids = explode(':', $a['id']); + $b_ids = explode(':', $b['id']); + // now loop through the parts + while (count($a_ids) && count($b_ids)) { + // compare each level from upper to lower + // until a non-equal component is found + $cur_result = strcmp(array_shift($a_ids), array_shift($b_ids)); + if ($cur_result) { + // if one of the components is the last component and is a file + // and the other one is either of a deeper level or a directory, + // the file has to come after the deeper level or directory + if (empty($a_ids) && $a['type'] == 'f' && (count($b_ids) || $b['type'] == 'd')) return 1; + if (empty($b_ids) && $b['type'] == 'f' && (count($a_ids) || $a['type'] == 'd')) return -1; + return $cur_result; + } + } + // The two ids seem to be equal. One of them might however refer + // to a page, one to a namespace, the namespace needs to be first. + if (empty($a_ids) && empty($b_ids)) { + if ($a['type'] == $b['type']) return 0; + if ($a['type'] == 'f') return 1; + return -1; + } + // Now the empty part is either a page in the parent namespace + // that obviously needs to be after the namespace + // Or it is the namespace that contains the other part and should be + // before that other part. + if (empty($a_ids)) return ($a['type'] == 'd') ? -1 : 1; + if (empty($b_ids)) return ($b['type'] == 'd') ? 1 : -1; + return 0; //shouldn't happen + } + + /** + * Display the current ACL for selected where/who combination with + * selectors and modification form + * + * @author Andreas Gohr <andi@splitbrain.org> + */ + protected function printDetail() + { + global $ID; + + echo '<form action="'.wl().'" method="post" accept-charset="utf-8"><div class="no">'.NL; + + echo '<div id="acl__user">'; + echo $this->getLang('acl_perms').' '; + $inl = $this->makeSelect(); + echo '<input type="text" name="acl_w" class="edit" value="'.(($inl)?'':hsc(ltrim($this->who, '@'))).'" />'.NL; + echo '<button type="submit">'.$this->getLang('btn_select').'</button>'.NL; + echo '</div>'.NL; + + echo '<div id="acl__info">'; + $this->printInfo(); + echo '</div>'; + + echo '<input type="hidden" name="ns" value="'.hsc($this->ns).'" />'.NL; + echo '<input type="hidden" name="id" value="'.hsc($ID).'" />'.NL; + echo '<input type="hidden" name="do" value="admin" />'.NL; + echo '<input type="hidden" name="page" value="acl" />'.NL; + echo '<input type="hidden" name="sectok" value="'.getSecurityToken().'" />'.NL; + echo '</div></form>'.NL; + } + + /** + * Print info and editor + * + * also loaded via Ajax + */ + public function printInfo() + { + global $ID; + + if ($this->who) { + $current = $this->getExactPermisson(); + + // explain current permissions + $this->printExplanation($current); + // load editor + $this->printAclEditor($current); + } else { + echo '<p>'; + if ($this->ns) { + printf($this->getLang('p_choose_ns'), hsc($this->ns)); + } else { + printf($this->getLang('p_choose_id'), hsc($ID)); + } + echo '</p>'; + + echo $this->locale_xhtml('help'); + } + } + + /** + * Display the ACL editor + * + * @author Andreas Gohr <andi@splitbrain.org> + */ + protected function printAclEditor($current) + { + global $lang; + + echo '<fieldset>'; + if (is_null($current)) { + echo '<legend>'.$this->getLang('acl_new').'</legend>'; + } else { + echo '<legend>'.$this->getLang('acl_mod').'</legend>'; + } + + echo $this->makeCheckboxes($current, empty($this->ns), 'acl'); + + if (is_null($current)) { + echo '<button type="submit" name="cmd[save]">'.$lang['btn_save'].'</button>'.NL; + } else { + echo '<button type="submit" name="cmd[save]">'.$lang['btn_update'].'</button>'.NL; + echo '<button type="submit" name="cmd[del]">'.$lang['btn_delete'].'</button>'.NL; + } + + echo '</fieldset>'; + } + + /** + * Explain the currently set permissions in plain english/$lang + * + * @author Andreas Gohr <andi@splitbrain.org> + */ + protected function printExplanation($current) + { + global $ID; + global $auth; + + $who = $this->who; + $ns = $this->ns; + + // prepare where to check + if ($ns) { + if ($ns == '*') { + $check='*'; + } else { + $check=$ns.':*'; + } + } else { + $check = $ID; + } + + // prepare who to check + if ($who[0] == '@') { + $user = ''; + $groups = array(ltrim($who, '@')); + } else { + $user = $who; + $info = $auth->getUserData($user); + if ($info === false) { + $groups = array(); + } else { + $groups = $info['grps']; + } + } + + // check the permissions + $perm = auth_aclcheck($check, $user, $groups); + + // build array of named permissions + $names = array(); + if ($perm) { + if ($ns) { + if ($perm >= AUTH_DELETE) $names[] = $this->getLang('acl_perm16'); + if ($perm >= AUTH_UPLOAD) $names[] = $this->getLang('acl_perm8'); + if ($perm >= AUTH_CREATE) $names[] = $this->getLang('acl_perm4'); + } + if ($perm >= AUTH_EDIT) $names[] = $this->getLang('acl_perm2'); + if ($perm >= AUTH_READ) $names[] = $this->getLang('acl_perm1'); + $names = array_reverse($names); + } else { + $names[] = $this->getLang('acl_perm0'); + } + + // print permission explanation + echo '<p>'; + if ($user) { + if ($ns) { + printf($this->getLang('p_user_ns'), hsc($who), hsc($ns), join(', ', $names)); + } else { + printf($this->getLang('p_user_id'), hsc($who), hsc($ID), join(', ', $names)); + } + } else { + if ($ns) { + printf($this->getLang('p_group_ns'), hsc(ltrim($who, '@')), hsc($ns), join(', ', $names)); + } else { + printf($this->getLang('p_group_id'), hsc(ltrim($who, '@')), hsc($ID), join(', ', $names)); + } + } + echo '</p>'; + + // add note if admin + if ($perm == AUTH_ADMIN) { + echo '<p>'.$this->getLang('p_isadmin').'</p>'; + } elseif (is_null($current)) { + echo '<p>'.$this->getLang('p_inherited').'</p>'; + } + } + + + /** + * Item formatter for the tree view + * + * User function for html_buildlist() + * + * @author Andreas Gohr <andi@splitbrain.org> + */ + public function makeTreeItem($item) + { + $ret = ''; + // what to display + if (!empty($item['label'])) { + $base = $item['label']; + } else { + $base = ':'.$item['id']; + $base = substr($base, strrpos($base, ':')+1); + } + + // highlight? + if (($item['type']== $this->current_item['type'] && $item['id'] == $this->current_item['id'])) { + $cl = ' cur'; + } else { + $cl = ''; + } + + // namespace or page? + if ($item['type']=='d') { + if ($item['open']) { + $img = DOKU_BASE.'lib/images/minus.gif'; + $alt = '−'; + } else { + $img = DOKU_BASE.'lib/images/plus.gif'; + $alt = '+'; + } + $ret .= '<img src="'.$img.'" alt="'.$alt.'" />'; + $ret .= '<a href="'. + wl('', $this->getLinkOptions(array('ns'=> $item['id'], 'sectok'=>getSecurityToken()))). + '" class="idx_dir'.$cl.'">'; + $ret .= $base; + $ret .= '</a>'; + } else { + $ret .= '<a href="'. + wl('', $this->getLinkOptions(array('id'=> $item['id'], 'ns'=>'', 'sectok'=>getSecurityToken()))). + '" class="wikilink1'.$cl.'">'; + $ret .= noNS($item['id']); + $ret .= '</a>'; + } + return $ret; + } + + /** + * List Item formatter + * + * @param array $item + * @return string + */ + public function makeListItem($item) + { + return '<li class="level' . $item['level'] . ' ' . + ($item['open'] ? 'open' : 'closed') . '">'; + } + + + /** + * Get current ACL settings as multidim array + * + * @author Andreas Gohr <andi@splitbrain.org> + */ + public function initAclConfig() + { + global $AUTH_ACL; + global $conf; + $acl_config=array(); + $usersgroups = array(); + + // get special users and groups + $this->specials[] = '@ALL'; + $this->specials[] = '@'.$conf['defaultgroup']; + if ($conf['manager'] != '!!not set!!') { + $this->specials = array_merge( + $this->specials, + array_map( + 'trim', + explode(',', $conf['manager']) + ) + ); + } + $this->specials = array_filter($this->specials); + $this->specials = array_unique($this->specials); + sort($this->specials); + + foreach ($AUTH_ACL as $line) { + $line = trim(preg_replace('/#.*$/', '', $line)); //ignore comments + if (!$line) continue; + + $acl = preg_split('/[ \t]+/', $line); + //0 is pagename, 1 is user, 2 is acl + + $acl[1] = rawurldecode($acl[1]); + $acl_config[$acl[0]][$acl[1]] = $acl[2]; + + // store non-special users and groups for later selection dialog + $ug = $acl[1]; + if (in_array($ug, $this->specials)) continue; + $usersgroups[] = $ug; + } + + $usersgroups = array_unique($usersgroups); + sort($usersgroups); + ksort($acl_config); + + $this->acl = $acl_config; + $this->usersgroups = $usersgroups; + } + + /** + * Display all currently set permissions in a table + * + * @author Andreas Gohr <andi@splitbrain.org> + */ + protected function printAclTable() + { + global $lang; + global $ID; + + echo '<form action="'.wl().'" method="post" accept-charset="utf-8"><div class="no">'.NL; + if ($this->ns) { + echo '<input type="hidden" name="ns" value="'.hsc($this->ns).'" />'.NL; + } else { + echo '<input type="hidden" name="id" value="'.hsc($ID).'" />'.NL; + } + echo '<input type="hidden" name="acl_w" value="'.hsc($this->who).'" />'.NL; + echo '<input type="hidden" name="do" value="admin" />'.NL; + echo '<input type="hidden" name="page" value="acl" />'.NL; + echo '<input type="hidden" name="sectok" value="'.getSecurityToken().'" />'.NL; + echo '<div class="table">'; + echo '<table class="inline">'; + echo '<tr>'; + echo '<th>'.$this->getLang('where').'</th>'; + echo '<th>'.$this->getLang('who').'</th>'; + echo '<th>'.$this->getLang('perm').'<sup><a id="fnt__1" class="fn_top" href="#fn__1">1)</a></sup></th>'; + echo '<th>'.$lang['btn_delete'].'</th>'; + echo '</tr>'; + foreach ($this->acl as $where => $set) { + foreach ($set as $who => $perm) { + echo '<tr>'; + echo '<td>'; + if (substr($where, -1) == '*') { + echo '<span class="aclns">'.hsc($where).'</span>'; + $ispage = false; + } else { + echo '<span class="aclpage">'.hsc($where).'</span>'; + $ispage = true; + } + echo '</td>'; + + echo '<td>'; + if ($who[0] == '@') { + echo '<span class="aclgroup">'.hsc($who).'</span>'; + } else { + echo '<span class="acluser">'.hsc($who).'</span>'; + } + echo '</td>'; + + echo '<td>'; + echo $this->makeCheckboxes($perm, $ispage, 'acl['.$where.']['.$who.']'); + echo '</td>'; + + echo '<td class="check">'; + echo '<input type="checkbox" name="del['.hsc($where).'][]" value="'.hsc($who).'" />'; + echo '</td>'; + echo '</tr>'; + } + } + + echo '<tr>'; + echo '<th class="action" colspan="4">'; + echo '<button type="submit" name="cmd[update]">'.$lang['btn_update'].'</button>'; + echo '</th>'; + echo '</tr>'; + echo '</table>'; + echo '</div>'; + echo '</div></form>'.NL; + } + + /** + * Returns the permission which were set for exactly the given user/group + * and page/namespace. Returns null if no exact match is available + * + * @author Andreas Gohr <andi@splitbrain.org> + */ + protected function getExactPermisson() + { + global $ID; + if ($this->ns) { + if ($this->ns == '*') { + $check = '*'; + } else { + $check = $this->ns.':*'; + } + } else { + $check = $ID; + } + + if (isset($this->acl[$check][$this->who])) { + return $this->acl[$check][$this->who]; + } else { + return null; + } + } + + /** + * adds new acl-entry to conf/acl.auth.php + * + * @author Frank Schubert <frank@schokilade.de> + */ + public function addOrUpdateACL($acl_scope, $acl_user, $acl_level) + { + global $config_cascade; + + // first make sure we won't end up with 2 lines matching this user and scope. See issue #1115 + $this->deleteACL($acl_scope, $acl_user); + $acl_user = auth_nameencode($acl_user, true); + + // max level for pagenames is edit + if (strpos($acl_scope, '*') === false) { + if ($acl_level > AUTH_EDIT) $acl_level = AUTH_EDIT; + } + + $new_acl = "$acl_scope\t$acl_user\t$acl_level\n"; + + return io_saveFile($config_cascade['acl']['default'], $new_acl, true); + } + + /** + * remove acl-entry from conf/acl.auth.php + * + * @author Frank Schubert <frank@schokilade.de> + */ + public function deleteACL($acl_scope, $acl_user) + { + global $config_cascade; + $acl_user = auth_nameencode($acl_user, true); + + $acl_pattern = '^'.preg_quote($acl_scope, '/').'[ \t]+'.$acl_user.'[ \t]+[0-8].*$'; + + return io_deleteFromFile($config_cascade['acl']['default'], "/$acl_pattern/", true); + } + + /** + * print the permission radio boxes + * + * @author Frank Schubert <frank@schokilade.de> + * @author Andreas Gohr <andi@splitbrain.org> + */ + protected function makeCheckboxes($setperm, $ispage, $name) + { + global $lang; + + static $label = 0; //number labels + $ret = ''; + + if ($ispage && $setperm > AUTH_EDIT) $setperm = AUTH_EDIT; + + foreach (array(AUTH_NONE,AUTH_READ,AUTH_EDIT,AUTH_CREATE,AUTH_UPLOAD,AUTH_DELETE) as $perm) { + $label += 1; + + //general checkbox attributes + $atts = array( 'type' => 'radio', + 'id' => 'pbox'.$label, + 'name' => $name, + 'value' => $perm ); + //dynamic attributes + if (!is_null($setperm) && $setperm == $perm) $atts['checked'] = 'checked'; + if ($ispage && $perm > AUTH_EDIT) { + $atts['disabled'] = 'disabled'; + $class = ' class="disabled"'; + } else { + $class = ''; + } + + //build code + $ret .= '<label for="pbox'.$label.'"'.$class.'>'; + $ret .= '<input '.buildAttributes($atts).' /> '; + $ret .= $this->getLang('acl_perm'.$perm); + $ret .= '</label>'.NL; + } + return $ret; + } + + /** + * Print a user/group selector (reusing already used users and groups) + * + * @author Andreas Gohr <andi@splitbrain.org> + */ + protected function makeSelect() + { + $inlist = false; + $usel = ''; + $gsel = ''; + + if ($this->who && + !in_array($this->who, $this->usersgroups) && + !in_array($this->who, $this->specials)) { + if ($this->who[0] == '@') { + $gsel = ' selected="selected"'; + } else { + $usel = ' selected="selected"'; + } + } else { + $inlist = true; + } + + echo '<select name="acl_t" class="edit">'.NL; + echo ' <option value="__g__" class="aclgroup"'.$gsel.'>'.$this->getLang('acl_group').'</option>'.NL; + echo ' <option value="__u__" class="acluser"'.$usel.'>'.$this->getLang('acl_user').'</option>'.NL; + if (!empty($this->specials)) { + echo ' <optgroup label=" ">'.NL; + foreach ($this->specials as $ug) { + if ($ug == $this->who) { + $sel = ' selected="selected"'; + $inlist = true; + } else { + $sel = ''; + } + + if ($ug[0] == '@') { + echo ' <option value="'.hsc($ug).'" class="aclgroup"'.$sel.'>'.hsc($ug).'</option>'.NL; + } else { + echo ' <option value="'.hsc($ug).'" class="acluser"'.$sel.'>'.hsc($ug).'</option>'.NL; + } + } + echo ' </optgroup>'.NL; + } + if (!empty($this->usersgroups)) { + echo ' <optgroup label=" ">'.NL; + foreach ($this->usersgroups as $ug) { + if ($ug == $this->who) { + $sel = ' selected="selected"'; + $inlist = true; + } else { + $sel = ''; + } + + if ($ug[0] == '@') { + echo ' <option value="'.hsc($ug).'" class="aclgroup"'.$sel.'>'.hsc($ug).'</option>'.NL; + } else { + echo ' <option value="'.hsc($ug).'" class="acluser"'.$sel.'>'.hsc($ug).'</option>'.NL; + } + } + echo ' </optgroup>'.NL; + } + echo '</select>'.NL; + return $inlist; + } +} diff --git a/platform/www/lib/plugins/acl/admin.svg b/platform/www/lib/plugins/acl/admin.svg new file mode 100644 index 0000000..b5cf001 --- /dev/null +++ b/platform/www/lib/plugins/acl/admin.svg @@ -0,0 +1 @@ +<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><path d="M22 18v4h-4v-3h-3v-3h-3l-2.26-2.26c-.55.17-1.13.26-1.74.26a6 6 0 0 1-6-6 6 6 0 0 1 6-6 6 6 0 0 1 6 6c0 .61-.09 1.19-.26 1.74L22 18M7 5a2 2 0 0 0-2 2 2 2 0 0 0 2 2 2 2 0 0 0 2-2 2 2 0 0 0-2-2z"/></svg>
\ No newline at end of file diff --git a/platform/www/lib/plugins/acl/lang/en/help.txt b/platform/www/lib/plugins/acl/lang/en/help.txt new file mode 100644 index 0000000..e865bbb --- /dev/null +++ b/platform/www/lib/plugins/acl/lang/en/help.txt @@ -0,0 +1,9 @@ +=== Quick Help: === + +On this page you can add and remove permissions for namespaces and pages in your wiki. + * The left pane displays all available namespaces and pages. + * The form above allows you to see and modify the permissions of a selected user or group. + * In the table below all currently set access control rules are shown. You can use it to quickly delete or change multiple rules. + +Reading the [[doku>acl|official documentation on ACL]] might help you to fully understand how access control works in DokuWiki. + diff --git a/platform/www/lib/plugins/acl/lang/en/lang.php b/platform/www/lib/plugins/acl/lang/en/lang.php new file mode 100644 index 0000000..0c86489 --- /dev/null +++ b/platform/www/lib/plugins/acl/lang/en/lang.php @@ -0,0 +1,46 @@ +<?php +/** + * english language file + * + * @license GPL 2 (http://www.gnu.org/licenses/gpl.html) + * @author Andreas Gohr <andi@splitbrain.org> + * @author Anika Henke <anika@selfthinker.org> + * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> + */ + +$lang['admin_acl'] = 'Access Control List Management'; +$lang['acl_group'] = 'Group:'; +$lang['acl_user'] = 'User:'; +$lang['acl_perms'] = 'Permissions for'; +$lang['page'] = 'Page'; +$lang['namespace'] = 'Namespace'; + +$lang['btn_select'] = 'Select'; + +$lang['p_user_id'] = 'User <b class="acluser">%s</b> currently has the following permissions on page <b class="aclpage">%s</b>: <i>%s</i>.'; +$lang['p_user_ns'] = 'User <b class="acluser">%s</b> currently has the following permissions in namespace <b class="aclns">%s</b>: <i>%s</i>.'; +$lang['p_group_id'] = 'Members of group <b class="aclgroup">%s</b> currently have the following permissions on page <b class="aclpage">%s</b>: <i>%s</i>.'; +$lang['p_group_ns'] = 'Members of group <b class="aclgroup">%s</b> currently have the following permissions in namespace <b class="aclns">%s</b>: <i>%s</i>.'; + +$lang['p_choose_id'] = 'Please <b>enter a user or group</b> in the form above to view or edit the permissions set for the page <b class="aclpage">%s</b>.'; +$lang['p_choose_ns'] = 'Please <b>enter a user or group</b> in the form above to view or edit the permissions set for the namespace <b class="aclns">%s</b>.'; + + +$lang['p_inherited'] = 'Note: Those permissions were not set explicitly but were inherited from other groups or higher namespaces.'; +$lang['p_isadmin'] = 'Note: The selected group or user has always full permissions because it is configured as superuser.'; +$lang['p_include'] = 'Higher permissions include lower ones. Create, Upload and Delete permissions only apply to namespaces, not pages.'; + +$lang['current'] = 'Current ACL Rules'; +$lang['where'] = 'Page/Namespace'; +$lang['who'] = 'User/Group'; +$lang['perm'] = 'Permissions'; + +$lang['acl_perm0'] = 'None'; +$lang['acl_perm1'] = 'Read'; +$lang['acl_perm2'] = 'Edit'; +$lang['acl_perm4'] = 'Create'; +$lang['acl_perm8'] = 'Upload'; +$lang['acl_perm16'] = 'Delete'; +$lang['acl_new'] = 'Add new Entry'; +$lang['acl_mod'] = 'Modify Entry'; +//Setup VIM: ex: et ts=2 : diff --git a/platform/www/lib/plugins/acl/pix/group.png b/platform/www/lib/plugins/acl/pix/group.png Binary files differnew file mode 100644 index 0000000..348d4e5 --- /dev/null +++ b/platform/www/lib/plugins/acl/pix/group.png diff --git a/platform/www/lib/plugins/acl/pix/ns.png b/platform/www/lib/plugins/acl/pix/ns.png Binary files differnew file mode 100644 index 0000000..77e03b1 --- /dev/null +++ b/platform/www/lib/plugins/acl/pix/ns.png diff --git a/platform/www/lib/plugins/acl/pix/page.png b/platform/www/lib/plugins/acl/pix/page.png Binary files differnew file mode 100644 index 0000000..b1b7ebe --- /dev/null +++ b/platform/www/lib/plugins/acl/pix/page.png diff --git a/platform/www/lib/plugins/acl/pix/user.png b/platform/www/lib/plugins/acl/pix/user.png Binary files differnew file mode 100644 index 0000000..8d5d1c2 --- /dev/null +++ b/platform/www/lib/plugins/acl/pix/user.png diff --git a/platform/www/lib/plugins/acl/plugin.info.txt b/platform/www/lib/plugins/acl/plugin.info.txt new file mode 100644 index 0000000..1b2c82c --- /dev/null +++ b/platform/www/lib/plugins/acl/plugin.info.txt @@ -0,0 +1,7 @@ +base acl +author Andreas Gohr +email andi@splitbrain.org +date 2015-07-25 +name ACL Manager +desc Manage Page Access Control Lists +url http://dokuwiki.org/plugin:acl diff --git a/platform/www/lib/plugins/acl/remote.php b/platform/www/lib/plugins/acl/remote.php new file mode 100644 index 0000000..8d19add --- /dev/null +++ b/platform/www/lib/plugins/acl/remote.php @@ -0,0 +1,102 @@ +<?php + +use dokuwiki\Remote\AccessDeniedException; + +/** + * Class remote_plugin_acl + */ +class remote_plugin_acl extends DokuWiki_Remote_Plugin +{ + + /** + * Returns details about the remote plugin methods + * + * @return array Information about all provided methods. {@see dokuwiki\Remote\RemoteAPI} + */ + public function _getMethods() + { + return array( + 'listAcls' => array( + 'args' => array(), + 'return' => 'Array of ACLs {scope, user, permission}', + 'name' => 'listAcls', + 'doc' => 'Get the list of all ACLs', + ),'addAcl' => array( + 'args' => array('string','string','int'), + 'return' => 'int', + 'name' => 'addAcl', + 'doc' => 'Adds a new ACL rule.' + ), 'delAcl' => array( + 'args' => array('string','string'), + 'return' => 'int', + 'name' => 'delAcl', + 'doc' => 'Delete an existing ACL rule.' + ), + ); + } + + /** + * List all ACL config entries + * + * @throws AccessDeniedException + * @return dictionary {Scope: ACL}, where ACL = dictionnary {user/group: permissions_int} + */ + public function listAcls() + { + if (!auth_isadmin()) { + throw new AccessDeniedException( + 'You are not allowed to access ACLs, superuser permission is required', + 114 + ); + } + /** @var admin_plugin_acl $apa */ + $apa = plugin_load('admin', 'acl'); + $apa->initAclConfig(); + return $apa->acl; + } + + /** + * Add a new entry to ACL config + * + * @param string $scope + * @param string $user + * @param int $level see also inc/auth.php + * @throws AccessDeniedException + * @return bool + */ + public function addAcl($scope, $user, $level) + { + if (!auth_isadmin()) { + throw new AccessDeniedException( + 'You are not allowed to access ACLs, superuser permission is required', + 114 + ); + } + + /** @var admin_plugin_acl $apa */ + $apa = plugin_load('admin', 'acl'); + return $apa->addOrUpdateACL($scope, $user, $level); + } + + /** + * Remove an entry from ACL config + * + * @param string $scope + * @param string $user + * @throws AccessDeniedException + * @return bool + */ + public function delAcl($scope, $user) + { + if (!auth_isadmin()) { + throw new AccessDeniedException( + 'You are not allowed to access ACLs, superuser permission is required', + 114 + ); + } + + /** @var admin_plugin_acl $apa */ + $apa = plugin_load('admin', 'acl'); + return $apa->deleteACL($scope, $user); + } +} diff --git a/platform/www/lib/plugins/acl/script.js b/platform/www/lib/plugins/acl/script.js new file mode 100644 index 0000000..95621a2 --- /dev/null +++ b/platform/www/lib/plugins/acl/script.js @@ -0,0 +1,121 @@ +/** + * ACL Manager AJAX enhancements + * + * @author Andreas Gohr <andi@splitbrain.org> + */ +var dw_acl = { + /** + * Initialize the object and attach the event handlers + */ + init: function () { + var $tree; + + //FIXME only one underscore!! + if (jQuery('#acl_manager').length === 0) { + return; + } + + jQuery('#acl__user select').on('change', dw_acl.userselhandler); + jQuery('#acl__user button').on('click', dw_acl.loadinfo); + + $tree = jQuery('#acl__tree'); + $tree.dw_tree({toggle_selector: 'img', + load_data: function (show_sublist, $clicky) { + // get the enclosed link and the edit form + var $frm = jQuery('#acl__detail form'); + + jQuery.post( + DOKU_BASE + 'lib/exe/ajax.php', + jQuery.extend(dw_acl.parseatt($clicky.parent().find('a')[0].search), + {call: 'plugin_acl', + ajax: 'tree', + current_ns: $frm.find('input[name=ns]').val(), + current_id: $frm.find('input[name=id]').val()}), + show_sublist, + 'html' + ); + }, + + toggle_display: function ($clicky, opening) { + $clicky.attr('src', + DOKU_BASE + 'lib/images/' + + (opening ? 'minus' : 'plus') + '.gif'); + }}); + $tree.delegate('a', 'click', dw_acl.treehandler); + }, + + /** + * Handle user dropdown + * + * Hides or shows the user/group entry box depending on what was selected in the + * dropdown element + */ + userselhandler: function () { + // make entry field visible/invisible + jQuery('#acl__user input').toggle(this.value === '__g__' || + this.value === '__u__'); + dw_acl.loadinfo(); + }, + + /** + * Load the current permission info and edit form + */ + loadinfo: function () { + jQuery('#acl__info') + .attr('role', 'alert') + .html('<img src="'+DOKU_BASE+'lib/images/throbber.gif" alt="..." />') + .load( + DOKU_BASE + 'lib/exe/ajax.php', + jQuery('#acl__detail form').serialize() + '&call=plugin_acl&ajax=info' + ); + return false; + }, + + /** + * parse URL attributes into a associative array + * + * @todo put into global script lib? + */ + parseatt: function (str) { + if (str[0] === '?') { + str = str.substr(1); + } + var attributes = {}; + var all = str.split('&'); + for (var i = 0; i < all.length; i++) { + var att = all[i].split('='); + attributes[att[0]] = decodeURIComponent(att[1]); + } + return attributes; + }, + + /** + * Handles clicks to the tree nodes + */ + treehandler: function () { + var $link, $frm; + + $link = jQuery(this); + + // remove highlighting + jQuery('#acl__tree a.cur').removeClass('cur'); + + // add new highlighting + $link.addClass('cur'); + + // set new page to detail form + $frm = jQuery('#acl__detail form'); + if ($link.hasClass('wikilink1')) { + $frm.find('input[name=ns]').val(''); + $frm.find('input[name=id]').val(dw_acl.parseatt($link[0].search).id); + } else if ($link.hasClass('idx_dir')) { + $frm.find('input[name=ns]').val(dw_acl.parseatt($link[0].search).ns); + $frm.find('input[name=id]').val(''); + } + dw_acl.loadinfo(); + + return false; + } +}; + +jQuery(dw_acl.init); diff --git a/platform/www/lib/plugins/acl/style.css b/platform/www/lib/plugins/acl/style.css new file mode 100644 index 0000000..4233cd3 --- /dev/null +++ b/platform/www/lib/plugins/acl/style.css @@ -0,0 +1,135 @@ +#acl__tree { + font-size: 90%; + width: 25%; + height: 300px; + float: left; + overflow: auto; + border: 1px solid __border__; + text-align: left; +} +[dir=rtl] #acl__tree { + float: right; + text-align: right; +} + +#acl__tree a.cur { + background-color: __highlight__; + font-weight: bold; +} + +#acl__tree ul { + list-style-type: none; + margin: 0; + padding: 0; +} + +#acl__tree li { + padding-left: 1em; + list-style-image: none; +} +[dir=rtl] #acl__tree li { + padding-left: 0em; + padding-right: 1em; +} + +#acl__tree ul img { + margin-right: 0.25em; + cursor: pointer; +} +[dir=rtl] #acl__tree ul img { + margin-left: 0.25em; + margin-right: 0em; +} + +#acl__detail { + width: 73%; + height: 300px; + float: right; + overflow: auto; +} +[dir=rtl] #acl__detail { + float: left; +} + +#acl__detail fieldset { + width: 90%; +} + +#acl__detail div#acl__user { + border: 1px solid __border__; + padding: 0.5em; + margin-bottom: 0.6em; +} + +#acl_manager table.inline { + width: 100%; + margin: 0; +} + +#acl_manager table .check { + text-align: center; +} + +#acl_manager table .action { + text-align: right; +} + +#acl_manager .aclgroup { + background: transparent url(pix/group.png) 0px 1px no-repeat; + padding: 1px 0px 1px 18px; +} +[dir=rtl] #acl_manager .aclgroup { + background: transparent url(pix/group.png) right 1px no-repeat; + padding: 1px 18px 1px 0px; +} + +#acl_manager .acluser { + background: transparent url(pix/user.png) 0px 1px no-repeat; + padding: 1px 0px 1px 18px; +} +[dir=rtl] #acl_manager .acluser { + background: transparent url(pix/user.png) right 1px no-repeat; + padding: 1px 18px 1px 0px; +} + +#acl_manager .aclpage { + background: transparent url(pix/page.png) 0px 1px no-repeat; + padding: 1px 0px 1px 18px; +} +[dir=rtl] #acl_manager .aclpage { + background: transparent url(pix/page.png) right 1px no-repeat; + padding: 1px 18px 1px 0px; +} + +#acl_manager .aclns { + background: transparent url(pix/ns.png) 0px 1px no-repeat; + padding: 1px 0px 1px 18px; +} +[dir=rtl] #acl_manager .aclns { + background: transparent url(pix/ns.png) right 1px no-repeat; + padding: 1px 18px 1px 0px; +} + +#acl_manager label.disabled { + opacity: .5; + cursor: auto; +} + +#acl_manager label { + text-align: left; + font-weight: normal; + display: inline; +} + +#acl_manager table { + margin-left: 10%; + width: 80%; +} + +#acl_manager table tr { + background-color: inherit; +} + +#acl_manager table tr:hover { + background-color: __background_alt__; +} |