4 * Copyright (c) 2003, The Burgiss Group, LLC
5 * This source code is part of eWiki LiveUser Plugin.
7 * eWiki LiveUser Plugin is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version.
12 * eWiki LiveUser Plugin is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
14 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with Wiki LiveUser Plugin; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23 * ewiki: liveuser permissions plugin
25 * @author andy fundinger <afundinger@burgiss.com>
26 * @author alex wan <alex@burgiss.com>
27 * @author jeremy mikola <jmikola@arsjerm.net>
30 require_once(dirname(__FILE__).'/liveuser_aux.php');
31 require_once('plugins/lib/protmode.php');
34 * auth constants must be defined to override auth_liveuser to never validate,
35 * so that any ring test with $ewiki_plugins['auth_perm'] will fail.
37 define('EWIKI_LOGGEDIN_RING', max($liveuserPermRings) + 1);
38 define('EWIKI_NOT_LOGGEDIN_RING', max($liveuserPermRings) + 1);
39 require_once(dirname(__FILE__).'/auth_liveuser.php');
41 // ewiki callbacks for perm check, and page editing form hooks
42 $ewiki_plugins['auth_perm'][0] = 'ewiki_auth_perm_liveuser';
43 $ewiki_plugins['edit_form_append'][] = 'ewiki_edit_form_append_liveuser_manage';
44 $ewiki_plugins['edit_form_append'][] = 'ewiki_edit_form_append_liveuser_publish';
45 $ewiki_plugins['edit_save'][] = 'ewiki_edit_save_liveuser_manage';
46 $ewiki_plugins['edit_save'][] = 'ewiki_edit_save_liveuser_publish';
47 $ewiki_plugins['action_always']['manage'] = 'ewiki_action_manage_liveuser';
48 $ewiki_plugins['action_binary']['manage'] = 'ewiki_action_manage_liveuser';
49 $ewiki_plugins['binary_handler'][] = 'ewiki_binary_handler_liveuser_setdefault_rights';
51 // html page output response messages
52 $ewiki_t['en']['MANAGE_TITLE'] = 'Manage This Page';
53 $ewiki_t['en']['MANAGE_NEWPAGE'] = '<p>The requested page is not available for management.</p>';
56 * given a page id and action as input, resolves action to a ring level as
57 * defined herein, and then queries a table linking liveuser perms/rights with
58 * ewiki page id and ring combinations. the current user is then checked against
59 * all possible rights that would satisfy the page id and ring combination.
60 * this function alters ewiki_ring to the resolved ring value.
62 * @param string page_name page name
64 * @param string action page action
65 * @param int ewiki_ring ring level corresponding to action (set by reference)
66 * @param int request_auth
67 * @return boolean true if current user has access, false otherwise
69 function ewiki_auth_perm_liveuser($page_name, &$data, $action, $ewiki_ring, $request_auth)
71 global $liveuser, $liveuserDB, $liveuserPermRings,$ewiki_config;
73 // if we are authenticating for the page we are creating
74 if ($page_name == $ewiki_config["create"] ) {
75 $page_name = '[NewPage]';
79 * checks for an explicit request for admin level rights, requires our top
80 * level right on such a request, otherwise we select our own ring based on
81 * the internal action table.
83 if (($ewiki_ring !== 0) && (array_key_exists($action, $liveuserPermRings))) {
84 $ewiki_ring = $liveuserPermRings[$action];
86 // for unknown actions, require highest perm level (min numerical value)
87 $ewiki_ring = min($liveuserPermRings);
90 // fetch all perms matching page id and ring level
91 $right_ids = $liveuserDB->getCol('SELECT right_id FROM '.LW_PREFIX.'_perms WHERE pagename = ? AND ring <= ?', 0,
92 array($page_name, (int)$ewiki_ring));
94 foreach ($right_ids as $right_id) {
96 if ($right_id == LU_R_NOTLOGGEDIN) {
98 } else if ($right_id == LU_R_LOGGEDIN && $liveuser->isLoggedIn()) {
100 } else if ($liveuser->checkRight($right_id) && $liveuser->isLoggedIn()) {
109 * the set of all rights in the system must be filtered by the list of all
110 * publically viewable rights, and the resulting list returned as a series of
111 * form field selection options. The fourth parameter is used internally to
112 * hide the permissions for page editing and defaults to true (edit box is shown).
116 * @param string action
117 * @param boolean showEdit shows editing permissions if true, hides if false
118 * @return string html output for perm selection fields
120 function ewiki_edit_form_append_liveuser_manage($id, $data, $action, $showEdit = true)
122 global $liveuserDB, $liveuserBaseRings, $liveuserDefaultPermsView, $liveuserDefaultPermsEdit;
127 if (!ewiki_auth_perm_liveuser($id, $data, 'manage', $ewiki_ring, 0)) {
131 $liveuserCurrentPermsView = null;
132 $liveuserCurrentPermsEdit = null;
135 // fetch config default rights for new pages, existing set rights otherwise
136 if (page_exists($id, $data)) {
137 $liveuserCurrentPermsView = $liveuserDB->getCol('SELECT right_id FROM '.LW_PREFIX.'_perms WHERE pagename = ? AND ring <= ?', 0,
138 array($id, $liveuserBaseRings['view']));
139 $liveuserCurrentPermsEdit = $liveuserDB->getCol('SELECT right_id FROM '.LW_PREFIX.'_perms WHERE pagename = ? AND ring <= ?', 0,
140 array($id, $liveuserBaseRings['edit']));
143 // fetch the set of public permissions
144 $rightOptions = liveuser_perm_getPublicPerms();
146 $o .= '<br /><label for="liveuserPermsView">View Rights (active rights selected)</label><br />';
147 $o .= '<select id="liveuserPermsView" name="liveuserPermsView[]" size="5" multiple="multiple">';
149 // to pre-select perms, check for occurrence in currentPerms if page exists, or defaultPerms otherwise
150 foreach ($rightOptions as $value => $label) {
151 $selected = (is_array($liveuserCurrentPermsView) ? in_array($value, $liveuserCurrentPermsView) : in_array($label, $liveuserDefaultPermsView));
152 $o .= '<option value="'.htmlentities($value).'"'.($selected ? ' selected="selected"' : '').'>'.htmlentities($label).'</option>';
155 $o .= '</select><br /><br />';
158 $o .= '<label for="liveuserPermsEdit">Edit Rights</label><br />';
159 $o .= '<select id="liveuserPermsEdit" name="liveuserPermsEdit[]" size="5" multiple="multiple">';
161 foreach ($rightOptions as $value => $label) {
162 $selected = (is_array($liveuserCurrentPermsEdit) ? in_array($value, $liveuserCurrentPermsEdit) : in_array($label, $liveuserDefaultPermsEdit));
163 $o .= '<option value="'.htmlentities($value).'"'.($selected ? ' selected="selected"' : '').'>'.htmlentities($label).'</option>';
166 $o .= '</select><br /><br />';
173 * if the current user has permission to publish pages (viewable by those not
174 * logged in), append the respective checkbox to the edit form.
178 * @param string action
179 * @return string html output for perm selection fields
181 function ewiki_edit_form_append_liveuser_publish($id, $data, $action)
187 if ($liveuser->checkRight(LU_R_LW_PUBLISHER)) {
188 // check if permission for anonymous users exists
189 $published = (liveuser_checkPerm($id, LU_R_NOTLOGGEDIN) !== false);
190 $o = '<br /><label for="liveuserPermsPublish">Publish</label> <input type="checkbox" name="liveuserPermsPublish" id="liveuserPermsPublish" value="checked" '.($published ? 'checked="checked" ' : ' ').'/><br />';
197 * A binary handler to adjust rights to default on upload or cache
201 * @param string action
203 function ewiki_binary_handler_liveuser_setdefault_rights($id, &$data, $action)
205 if ($action == 'save') {
206 ewiki_liveuser_setdefault_rights($data);
212 * called on pages that need to have their default rights set
213 * applied to binary and non-binary pages
215 * @param array save associative array of ewiki page data
216 * @param action the action by which this page is being reset to default rights
218 function ewiki_liveuser_setdefault_rights(&$save)
220 // remove any existing rights
221 $perms = liveuser_getPerms($save['id']);
222 foreach ($perms as $perm) {
223 liveuser_removePerm($save['id'], $perm['right_id']);
226 if (isset($save['PageType']) && ($save['PageType'] == 'CachedImage')) {
227 // if a page type is set, get rights based on the PageType
228 $perms = liveuser_getPerms('['.$save['PageType'].']');
230 // select rights for [NewPage]
231 $perms = liveuser_getPerms('[NewPage]');
234 // duplicate them for the page being created
235 foreach ($perms as $perm) {
236 liveuser_addPerm($save['id'], $perm['ring'], $perm['right_id']);
242 * iterate over posted form data and extract selected liveuser rights to associate
243 * with view and edit permissions for the current ewiki page id.
245 * @param array save associative array of ewiki form data
247 function ewiki_edit_save_liveuser_manage(&$save)
249 global $liveuserBaseRings, $liveuserDefaultPerms;
251 // determine what form data is available to be processed
252 $handleView = isset($_REQUEST['liveuserPermsView']) && is_array($_REQUEST['liveuserPermsView']);
253 $handleEdit = isset($_REQUEST['liveuserPermsEdit']) && is_array($_REQUEST['liveuserPermsEdit']);
257 // set default rights for new pages
258 if ($save['version'] == 1) {
259 ewiki_liveuser_setdefault_rights($save);
262 // if not authorized to manage this page or form data is unavailable quit out.
263 if (!ewiki_auth_perm_liveuser($save['id'], $save, 'manage', $ewiki_ring, 0) || !($handleView || $handleEdit)) {
266 // fetch the set of public permissions
267 $rightOptions = liveuser_perm_getPublicPerms();
270 * clear database of all records for public field options for rings levels
271 * below edit or view. the minimum removal level (edit or view) will be determined
272 * based on whether form data for edit permissions was submitted, or just
273 * form data for view.
275 if ($handleView || $handleEdit) {
276 foreach ($rightOptions as $right_id => $name) {
277 liveuser_removePerm($save['id'], $right_id, ($handleEdit ? $liveuserBaseRings['edit'] : $liveuserBaseRings['view']));
282 foreach($_REQUEST['liveuserPermsView'] as $right_id) {
283 if (array_key_exists($right_id, $rightOptions)) {
284 liveuser_addPerm($save['id'], $liveuserBaseRings['view'], $right_id, true);
290 foreach($_REQUEST['liveuserPermsEdit'] as $right_id) {
291 if (array_key_exists($right_id, $rightOptions)) {
292 liveuser_addPerm($save['id'], $liveuserBaseRings['edit'], $right_id, true);
300 * if the current user has permission to publish pages, write the respective
301 * form data back to the database, thereby allowing a page to be published (with
302 * viewing rights for users not logged in) or not published.
304 * @param array save associative array of ewiki form data
306 function ewiki_edit_save_liveuser_publish($save)
308 global $liveuser, $liveuserBaseRings;
310 // alter only if user has publisher right and form field exists
311 if ($liveuser->checkRight(LU_R_LW_PUBLISHER)) {
312 if (isset($_REQUEST['liveuserPermsPublish']) && $_REQUEST['liveuserPermsPublish'] == 'checked') {
313 liveuser_addPerm($save['id'], $liveuserBaseRings['view'], LU_R_NOTLOGGEDIN);
315 liveuser_removePerm($save['id'], LU_R_NOTLOGGEDIN);
320 function page_exists($id, &$data){
321 return(!(empty($data['content'])&& empty($data['meta']) && !array_key_exists($id, $GLOBALS['ewiki_plugins']['page'])));
325 * this manage action will display a form to edit viewing rights on an internal
326 * or binary page. the ability to publish (make publicly viewable) is also
331 * @param string action
332 * @return string html output for perm selection fields
334 function ewiki_action_manage_liveuser($id, $data, $action)
339 if (!page_exists($id, $data)) {
340 $o .= ewiki_make_title('', ewiki_t('MANAGE_TITLE').' » '.$id.' «');
341 $o .= ewiki_t('MANAGE_NEWPAGE');
345 // handle form submission
346 if (isset($_REQUEST['submit_manage'])) {
347 // process view permissions form data
348 ewiki_edit_save_liveuser_manage($data);
350 // process published-status form data
351 ewiki_edit_save_liveuser_publish($data);
354 // construct manage form
355 $o .= ewiki_make_title('', ewiki_t('MANAGE_TITLE').' » '.$id.' «');
356 $o .= '<form action="" method="post">';
357 $o .= ewiki_edit_form_append_liveuser_manage($id, $data, $action, false);
358 $o .= ewiki_edit_form_append_liveuser_publish($id, $data, $action);
359 $o .= '<input type="submit" name="submit_manage" /></form>';
365 * fetches a list of all public permissions used in the ewiki page edit form to
366 * assign view and edit permissions.
368 * @return array set of publically viewable right_id [key] and name [value] pairs
370 function liveuser_perm_getPublicPerms()
372 global $liveuser, $liveuserPublicPerms, $liveuserPermAdmin;
374 $rights = $liveuserPermAdmin->getRights();
375 $publicRights = array();
376 foreach ($rights as $right) {
377 // add only rights whose name exists in the global liveuserPublicPerms array
378 if (in_array($right['name'], $liveuserPublicPerms)) {
379 $publicRights[$right['right_id']] = $right['name'];
383 return $publicRights;