3 * ACL administration functions
5 * @license GPL 2 (http://www.gnu.org/licenses/gpl.html)
6 * @author Andreas Gohr <andi@splitbrain.org>
7 * @author Anika Henke <anika@selfthinker.org> (concepts)
8 * @author Frank Schubert <frank@schokilade.de> (old version)
10 // must be run within Dokuwiki
11 if(!defined('DOKU_INC')) die();
13 if(!defined('DOKU_PLUGIN')) define('DOKU_PLUGIN',DOKU_INC
.'lib/plugins/');
14 require_once(DOKU_PLUGIN
.'admin.php');
17 * All DokuWiki plugins to extend the admin function
18 * need to inherit from this class
20 class admin_plugin_acl
extends DokuWiki_Admin_Plugin
{
24 var $usersgroups = array();
25 var $specials = array();
32 'author' => 'Andreas Gohr',
33 'email' => 'andi@splitbrain.org',
34 'date' => '2010-01-17',
35 'name' => 'ACL Manager',
36 'desc' => 'Manage Page Access Control Lists',
37 'url' => 'http://dokuwiki.org/plugin:acl',
42 * return prompt for admin menu
44 function getMenuText($language) {
45 return $this->getLang('admin_acl');
49 * return sort order for position in admin menu
51 function getMenuSort() {
58 * Initializes internal vars and handles modifications
60 * @author Andreas Gohr <andi@splitbrain.org>
67 // fresh 1:1 copy without replacements
68 $AUTH_ACL = file(DOKU_CONF
.'acl.auth.php');
72 if($_REQUEST['ns'] == '*'){
75 $this->ns
= cleanID($_REQUEST['ns']);
78 // user or group choosen?
79 $who = trim($_REQUEST['acl_w']);
80 if($_REQUEST['acl_t'] == '__g__' && $who){
81 $this->who
= '@'.ltrim($auth->cleanGroup($who),'@');
82 }elseif($_REQUEST['acl_t'] == '__u__' && $who){
83 $this->who
= ltrim($auth->cleanUser($who),'@');
84 }elseif($_REQUEST['acl_t'] &&
85 $_REQUEST['acl_t'] != '__u__' &&
86 $_REQUEST['acl_t'] != '__g__'){
87 $this->who
= $_REQUEST['acl_t'];
92 // handle modifications
93 if(isset($_REQUEST['cmd']) && checkSecurityToken()){
95 // scope for modifications
100 $scope = $this->ns
.':*';
106 if(isset($_REQUEST['cmd']['save']) && $scope && $this->who
&& isset($_REQUEST['acl'])){
107 // handle additions or single modifications
108 $this->_acl_del($scope, $this->who
);
109 $this->_acl_add($scope, $this->who
, (int) $_REQUEST['acl']);
110 }elseif(isset($_REQUEST['cmd']['del']) && $scope && $this->who
){
111 // handle single deletions
112 $this->_acl_del($scope, $this->who
);
113 }elseif(isset($_REQUEST['cmd']['update'])){
114 // handle update of the whole file
115 foreach((array) $_REQUEST['del'] as $where => $names){
116 // remove all rules marked for deletion
117 foreach($names as $who)
118 unset($_REQUEST['acl'][$where][$who]);
123 foreach($AUTH_ACL as $line){
131 foreach((array) $_REQUEST['acl'] as $where => $opt){
132 foreach($opt as $who => $perm){
133 $who = auth_nameencode($who,true);
134 $lines[] = "$where\t$who\t$perm\n";
138 io_saveFile(DOKU_CONF
.'acl.auth.php', join('',$lines));
142 $AUTH_ACL = file(DOKU_CONF
.'acl.auth.php');
145 // initialize ACL array
146 $this->_init_acl_config();
150 * ACL Output function
152 * print a table with all significant permissions for the
155 * @author Frank Schubert <frank@schokilade.de>
156 * @author Andreas Gohr <andi@splitbrain.org>
161 echo '<div id="acl_manager">'.NL
;
162 echo '<h1>'.$this->getLang('admin_acl').'</h1>'.NL
;
163 echo '<div class="level1">'.NL
;
165 echo '<div id="acl__tree">'.NL
;
166 $this->_html_explorer($_REQUEST['ns']);
169 echo '<div id="acl__detail">'.NL
;
170 $this->_html_detail();
174 echo '<div class="clearer"></div>';
175 echo '<h2>'.$this->getLang('current').'</h2>'.NL
;
176 echo '<div class="level2">'.NL
;
177 $this->_html_table();
180 echo '<div class="footnotes"><div class="fn">'.NL
;
181 echo '<sup><a id="fn__1" class="fn_bot" name="fn__1" href="#fnt__1">1)</a></sup>'.NL
;
182 echo $this->getLang('p_include');
189 * returns array with set options for building links
191 * @author Andreas Gohr <andi@splitbrain.org>
193 function _get_opts($addopts=null){
199 if($this->ns
) $opts['ns'] = $this->ns
;
200 if($this->who
) $opts['acl_w'] = $this->who
;
202 if(is_null($addopts)) return $opts;
203 return array_merge($opts, $addopts);
207 * Display a tree menu to select a page or namespace
209 * @author Andreas Gohr <andi@splitbrain.org>
211 function _html_explorer(){
212 require_once(DOKU_INC
.'inc/search.php');
217 $dir = $conf['datadir'];
220 $ns = dirname(str_replace(':','/',$ID));
221 if($ns == '.') $ns ='';
225 $ns = utf8_encodeFN(str_replace(':','/',$ns));
227 $data = $this->_get_tree($ns);
229 // wrap a list with the root level around the other namespaces
230 $item = array( 'level' => 0, 'id' => '*', 'type' => 'd',
231 'open' =>'true', 'label' => '['.$lang['mediaroot'].']');
233 echo '<ul class="acltree">';
234 echo $this->_html_li_acl($item);
235 echo '<div class="li">';
236 echo $this->_html_list_acl($item);
238 echo html_buildlist($data,'acl',
239 array($this,'_html_list_acl'),
240 array($this,'_html_li_acl'));
247 * get a combined list of media and page files
249 * @param string $folder an already converted filesystem folder of the current namespace
250 * @param string $limit limit the search to this folder
252 function _get_tree($folder,$limit=''){
255 // read tree structure from pages and media
257 search($data,$conf['datadir'],'search_index',array('ns' => $folder),$limit);
259 search($media,$conf['mediadir'],'search_index',array('ns' => $folder, 'nofiles' => true),$limit);
260 $data = array_merge($data,$media);
263 // combine by sorting and removing duplicates
264 usort($data,array($this,'_tree_sort'));
265 $count = count($data);
266 if($count>0) for($i=1; $i<$count; $i++
){
267 if($data[$i]['type'] == 'f') break; // namespaces come first, we're done
268 if($data[$i-1]['id'] == $data[$i]['id']) unset($data[$i]);
276 * Sorts the combined trees of media and page files
278 function _tree_sort($a,$b){
279 if($a['type'] == 'd' && $b['type'] == 'f'){
281 }elseif($a['type'] == 'f' && $b['type'] == 'd'){
284 return strcmp($a['id'],$b['id']);
289 * Display the current ACL for selected where/who combination with
290 * selectors and modification form
292 * @author Andreas Gohr <andi@splitbrain.org>
294 function _html_detail(){
298 echo '<form action="'.wl().'" method="post" accept-charset="utf-8"><div class="no">'.NL
;
300 echo '<div id="acl__user">';
301 echo $this->getLang('acl_perms').' ';
302 $inl = $this->_html_select();
303 echo '<input type="text" name="acl_w" class="edit" value="'.(($inl)?
'':hsc(ltrim($this->who
,'@'))).'" />'.NL
;
304 echo '<input type="submit" value="'.$this->getLang('btn_select').'" class="button" />'.NL
;
307 echo '<div id="acl__info">';
311 echo '<input type="hidden" name="ns" value="'.hsc($this->ns
).'" />'.NL
;
312 echo '<input type="hidden" name="id" value="'.hsc($ID).'" />'.NL
;
313 echo '<input type="hidden" name="do" value="admin" />'.NL
;
314 echo '<input type="hidden" name="page" value="acl" />'.NL
;
315 echo '<input type="hidden" name="sectok" value="'.getSecurityToken().'" />'.NL
;
316 echo '</div></form>'.NL
;
320 * Print infos and editor
322 function _html_info(){
326 $current = $this->_get_exact_perm();
328 // explain current permissions
329 $this->_html_explain($current);
331 $this->_html_acleditor($current);
335 printf($this->getLang('p_choose_ns'),hsc($this->ns
));
337 printf($this->getLang('p_choose_id'),hsc($ID));
341 echo $this->locale_xhtml('help');
346 * Display the ACL editor
348 * @author Andreas Gohr <andi@splitbrain.org>
350 function _html_acleditor($current){
354 if(is_null($current)){
355 echo '<legend>'.$this->getLang('acl_new').'</legend>';
357 echo '<legend>'.$this->getLang('acl_mod').'</legend>';
361 echo $this->_html_checkboxes($current,empty($this->ns
),'acl');
363 if(is_null($current)){
364 echo '<input type="submit" name="cmd[save]" class="button" value="'.$lang['btn_save'].'" />'.NL
;
366 echo '<input type="submit" name="cmd[save]" class="button" value="'.$lang['btn_update'].'" />'.NL
;
367 echo '<input type="submit" name="cmd[del]" class="button" value="'.$lang['btn_delete'].'" />'.NL
;
374 * Explain the currently set permissions in plain english/$lang
376 * @author Andreas Gohr <andi@splitbrain.org>
378 function _html_explain($current){
385 // prepare where to check
396 // prepare who to check
399 $groups = array(ltrim($who,'@'));
401 $user = auth_nameencode($who);
402 $info = $auth->getUserData($user);
406 $groups = $info['grps'];
410 // check the permissions
411 $perm = auth_aclcheck($check,$user,$groups);
413 // build array of named permissions
417 if($perm >= AUTH_DELETE
) $names[] = $this->getLang('acl_perm16');
418 if($perm >= AUTH_UPLOAD
) $names[] = $this->getLang('acl_perm8');
419 if($perm >= AUTH_CREATE
) $names[] = $this->getLang('acl_perm4');
421 if($perm >= AUTH_EDIT
) $names[] = $this->getLang('acl_perm2');
422 if($perm >= AUTH_READ
) $names[] = $this->getLang('acl_perm1');
423 $names = array_reverse($names);
425 $names[] = $this->getLang('acl_perm0');
428 // print permission explanation
432 printf($this->getLang('p_user_ns'),hsc($who),hsc($ns),join(', ',$names));
434 printf($this->getLang('p_user_id'),hsc($who),hsc($ID),join(', ',$names));
438 printf($this->getLang('p_group_ns'),hsc(ltrim($who,'@')),hsc($ns),join(', ',$names));
440 printf($this->getLang('p_group_id'),hsc(ltrim($who,'@')),hsc($ID),join(', ',$names));
446 if($perm == AUTH_ADMIN
){
447 echo '<p>'.$this->getLang('p_isadmin').'</p>';
448 }elseif(is_null($current)){
449 echo '<p>'.$this->getLang('p_inherited').'</p>';
455 * Item formatter for the tree view
457 * User function for html_buildlist()
459 * @author Andreas Gohr <andi@splitbrain.org>
461 function _html_list_acl($item){
466 $base = $item['label'];
468 $base = ':'.$item['id'];
469 $base = substr($base,strrpos($base,':')+
1);
473 if( ($item['type']=='d' && $item['id'] == $this->ns
) ||
474 ($item['type']!='d' && $item['id'] == $ID)) $cl = ' cur';
476 // namespace or page?
477 if($item['type']=='d'){
479 $img = DOKU_BASE
.'lib/images/minus.gif';
482 $img = DOKU_BASE
.'lib/images/plus.gif';
485 $ret .= '<img src="'.$img.'" alt="'.$alt.'" />';
486 $ret .= '<a href="'.wl('',$this->_get_opts(array('ns'=>$item['id'],'sectok'=>getSecurityToken()))).'" class="idx_dir'.$cl.'">';
490 $ret .= '<a href="'.wl('',$this->_get_opts(array('id'=>$item['id'],'ns'=>'','sectok'=>getSecurityToken()))).'" class="wikilink1'.$cl.'">';
491 $ret .= noNS($item['id']);
498 function _html_li_acl($item){
499 return '<li class="level'.$item['level'].'">';
504 * Get current ACL settings as multidim array
506 * @author Andreas Gohr <andi@splitbrain.org>
508 function _init_acl_config(){
512 $usersgroups = array();
514 // get special users and groups
515 $this->specials
[] = '@ALL';
516 $this->specials
[] = '@'.$conf['defaultgroup'];
517 if($conf['manager'] != '!!not set!!'){
518 $this->specials
= array_merge($this->specials
,
520 explode(',',$conf['manager'])));
522 $this->specials
= array_filter($this->specials
);
523 $this->specials
= array_unique($this->specials
);
524 sort($this->specials
);
526 foreach($AUTH_ACL as $line){
527 $line = trim(preg_replace('/#.*$/','',$line)); //ignore comments
530 $acl = preg_split('/\s+/',$line);
531 //0 is pagename, 1 is user, 2 is acl
533 $acl[1] = rawurldecode($acl[1]);
534 $acl_config[$acl[0]][$acl[1]] = $acl[2];
536 // store non-special users and groups for later selection dialog
538 if(in_array($ug,$this->specials
)) continue;
539 $usersgroups[] = $ug;
542 $usersgroups = array_unique($usersgroups);
546 $this->acl
= $acl_config;
547 $this->usersgroups
= $usersgroups;
551 * Display all currently set permissions in a table
553 * @author Andreas Gohr <andi@splitbrain.org>
555 function _html_table(){
559 echo '<form action="'.wl().'" method="post" accept-charset="utf-8"><div class="no">'.NL
;
561 echo '<input type="hidden" name="ns" value="'.hsc($this->ns
).'" />'.NL
;
563 echo '<input type="hidden" name="id" value="'.hsc($ID).'" />'.NL
;
565 echo '<input type="hidden" name="acl_w" value="'.hsc($this->who
).'" />'.NL
;
566 echo '<input type="hidden" name="do" value="admin" />'.NL
;
567 echo '<input type="hidden" name="page" value="acl" />'.NL
;
568 echo '<input type="hidden" name="sectok" value="'.getSecurityToken().'" />'.NL
;
569 echo '<table class="inline">';
571 echo '<th>'.$this->getLang('where').'</th>';
572 echo '<th>'.$this->getLang('who').'</th>';
573 echo '<th>'.$this->getLang('perm').'<sup><a id="fnt__1" class="fn_top" name="fnt__1" href="#fn__1">1)</a></sup></th>';
574 echo '<th>'.$lang['btn_delete'].'</th>';
576 foreach($this->acl
as $where => $set){
577 foreach($set as $who => $perm){
580 if(substr($where,-1) == '*'){
581 echo '<span class="aclns">'.hsc($where).'</span>';
584 echo '<span class="aclpage">'.hsc($where).'</span>';
591 echo '<span class="aclgroup">'.hsc($who).'</span>';
593 echo '<span class="acluser">'.hsc($who).'</span>';
598 echo $this->_html_checkboxes($perm,$ispage,'acl['.$where.']['.$who.']');
601 echo '<td align="center">';
602 echo '<input type="checkbox" name="del['.hsc($where).'][]" value="'.hsc($who).'" />';
609 echo '<th align="right" colspan="4">';
610 echo '<input type="submit" value="'.$lang['btn_update'].'" name="cmd[update]" class="button" />';
614 echo '</div></form>'.NL
;
619 * Returns the permission which were set for exactly the given user/group
620 * and page/namespace. Returns null if no exact match is available
622 * @author Andreas Gohr <andi@splitbrain.org>
624 function _get_exact_perm(){
627 if($this->ns
== '*'){
630 $check = $this->ns
.':*';
636 if(isset($this->acl
[$check][$this->who
])){
637 return $this->acl
[$check][$this->who
];
644 * adds new acl-entry to conf/acl.auth.php
646 * @author Frank Schubert <frank@schokilade.de>
648 function _acl_add($acl_scope, $acl_user, $acl_level){
649 $acl_config = file_get_contents(DOKU_CONF
.'acl.auth.php');
650 $acl_user = auth_nameencode($acl_user,true);
652 // max level for pagenames is edit
653 if(strpos($acl_scope,'*') === false) {
654 if($acl_level > AUTH_EDIT
) $acl_level = AUTH_EDIT
;
658 $new_acl = "$acl_scope\t$acl_user\t$acl_level\n";
660 $new_config = $acl_config.$new_acl;
662 return io_saveFile(DOKU_CONF
.'acl.auth.php', $new_config);
666 * remove acl-entry from conf/acl.auth.php
668 * @author Frank Schubert <frank@schokilade.de>
670 function _acl_del($acl_scope, $acl_user){
671 $acl_config = file(DOKU_CONF
.'acl.auth.php');
672 $acl_user = auth_nameencode($acl_user,true);
674 $acl_pattern = '^'.preg_quote($acl_scope,'/').'\s+'.$acl_user.'\s+[0-8].*$';
676 // save all non!-matching
677 $new_config = preg_grep("/$acl_pattern/", $acl_config, PREG_GREP_INVERT
);
679 return io_saveFile(DOKU_CONF
.'acl.auth.php', join('',$new_config));
683 * print the permission radio boxes
685 * @author Frank Schubert <frank@schokilade.de>
686 * @author Andreas Gohr <andi@splitbrain.org>
688 function _html_checkboxes($setperm,$ispage,$name){
691 static $label = 0; //number labels
694 if($ispage && $setperm > AUTH_EDIT
) $perm = AUTH_EDIT
;
696 foreach(array(AUTH_NONE
,AUTH_READ
,AUTH_EDIT
,AUTH_CREATE
,AUTH_UPLOAD
,AUTH_DELETE
) as $perm){
699 //general checkbox attributes
700 $atts = array( 'type' => 'radio',
701 'id' => 'pbox'.$label,
705 if(!is_null($setperm) && $setperm == $perm) $atts['checked'] = 'checked';
706 if($ispage && $perm > AUTH_EDIT
){
707 $atts['disabled'] = 'disabled';
708 $class = ' class="disabled"';
714 $ret .= '<label for="pbox'.$label.'" title="'.$this->getLang('acl_perm'.$perm).'"'.$class.'>';
715 $ret .= '<input '.html_attbuild($atts).' /> ';
716 $ret .= $this->getLang('acl_perm'.$perm);
717 $ret .= '</label>'.NL
;
723 * Print a user/group selector (reusing already used users and groups)
725 * @author Andreas Gohr <andi@splitbrain.org>
727 function _html_select(){
732 !in_array($this->who
,$this->usersgroups
) &&
733 !in_array($this->who
,$this->specials
)){
735 if($this->who
{0} == '@'){
736 $gsel = ' selected="selected"';
738 $usel = ' selected="selected"';
747 echo '<select name="acl_t" class="edit">'.NL
;
748 echo ' <option value="__g__" class="aclgroup"'.$gsel.'>'.$this->getLang('acl_group').':</option>'.NL
;
749 echo ' <option value="__u__" class="acluser"'.$usel.'>'.$this->getLang('acl_user').':</option>'.NL
;
750 echo ' <optgroup label=" ">'.NL
;
751 foreach($this->specials
as $ug){
752 if($ug == $this->who
){
753 $sel = ' selected="selected"';
760 echo ' <option value="'.hsc($ug).'" class="aclgroup"'.$sel.'>'.hsc($ug).'</option>'.NL
;
762 echo ' <option value="'.hsc($ug).'" class="acluser"'.$sel.'>'.hsc($ug).'</option>'.NL
;
765 echo ' </optgroup>'.NL
;
766 echo ' <optgroup label=" ">'.NL
;
767 foreach($this->usersgroups
as $ug){
768 if($ug == $this->who
){
769 $sel = ' selected="selected"';
776 echo ' <option value="'.hsc($ug).'" class="aclgroup"'.$sel.'>'.hsc($ug).'</option>'.NL
;
778 echo ' <option value="'.hsc($ug).'" class="acluser"'.$sel.'>'.hsc($ug).'</option>'.NL
;
781 echo ' </optgroup>'.NL
;