Menu
▾
▴
[phpwiki-checkins] SF.net SVN: phpwiki:[7634] trunk/lib/PagePerm.php
|
From: <var...@us...> - 2010-08-09 15:30:26
|
Revision: 7634
http://phpwiki.svn.sourceforge.net/phpwiki/?rev=7634&view=rev
Author: vargenau
Date: 2010-08-09 15:30:20 +0000 (Mon, 09 Aug 2010)
Log Message:
-----------
PhpWikiAdministration/Replace --> PhpWikiAdministration/SearchReplace
Modified Paths:
--------------
trunk/lib/PagePerm.php
Modified: trunk/lib/PagePerm.php
===================================================================
--- trunk/lib/PagePerm.php 2010-08-09 14:00:30 UTC (rev 7633)
+++ trunk/lib/PagePerm.php 2010-08-09 15:30:20 UTC (rev 7634)
@@ -2,7 +2,7 @@
// rcs_id('$Id$');
/*
* Copyright 2004,2007 $ThePhpWikiProgrammingTeam
- * Copyright 2009 Marc-Etienne Vargenau, Alcatel-Lucent
+ * Copyright 2009-2010 Marc-Etienne Vargenau, Alcatel-Lucent
*
* This file is part of PhpWiki.
*
@@ -22,45 +22,45 @@
*/
/**
- Permissions per page and action based on current user,
- ownership and group membership implemented with ACL's (Access Control Lists),
- opposed to the simplier unix-like ugo:rwx system.
- The previous system was only based on action and current user. (lib/main.php)
+ * Permissions per page and action based on current user,
+ * ownership and group membership implemented with ACL's (Access Control Lists),
+ * opposed to the simplier unix-like ugo:rwx system.
+ * The previous system was only based on action and current user. (lib/main.php)
+ *
+ * Permissions may be inherited from its parent pages, a optional the
+ * optional master page ("."), and predefined default permissions, if "."
+ * is not defined.
+ * Pagenames starting with "." have special default permissions.
+ * For Authentication see WikiUserNew.php, WikiGroup.php and main.php
+ * Page Permissions are in PhpWiki since v1.3.9 and enabled since v1.4.0
+ *
+ * This file might replace the following functions from main.php:
+ * Request::_notAuthorized($require_level)
+ * display the denied message and optionally a login form
+ * to gain higher privileges
+ * Request::getActionDescription($action)
+ * helper to localize the _notAuthorized message per action,
+ * when login is tried.
+ * Request::getDisallowedActionDescription($action)
+ * helper to localize the _notAuthorized message per action,
+ * when it aborts
+ * Request::requiredAuthority($action)
+ * returns the needed user level
+ * has a hook for plugins on POST
+ * Request::requiredAuthorityForAction($action)
+ * just returns the level per action, will be replaced with the
+ * action + page pair
+ *
+ * The defined main.php actions map to simplier access types:
+ * browse => view
+ * edit => edit
+ * create => edit or create
+ * remove => remove
+ * rename => change
+ * store prefs => change
+ * list in PageList => list
+ */
- Permissions may be inherited from its parent pages, a optional the
- optional master page ("."), and predefined default permissions, if "."
- is not defined.
- Pagenames starting with "." have special default permissions.
- For Authentication see WikiUserNew.php, WikiGroup.php and main.php
- Page Permissions are in PhpWiki since v1.3.9 and enabled since v1.4.0
-
- This file might replace the following functions from main.php:
- Request::_notAuthorized($require_level)
- display the denied message and optionally a login form
- to gain higher privileges
- Request::getActionDescription($action)
- helper to localize the _notAuthorized message per action,
- when login is tried.
- Request::getDisallowedActionDescription($action)
- helper to localize the _notAuthorized message per action,
- when it aborts
- Request::requiredAuthority($action)
- returns the needed user level
- has a hook for plugins on POST
- Request::requiredAuthorityForAction($action)
- just returns the level per action, will be replaced with the
- action + page pair
-
- The defined main.php actions map to simplier access types:
- browse => view
- edit => edit
- create => edit or create
- remove => remove
- rename => change
- store prefs => change
- list in PageList => list
-*/
-
/* Symbolic special ACL groups. Untranslated to be stored in page metadata*/
define('ACL_EVERY', '_EVERY');
define('ACL_ANONYMOUS', '_ANONYMOUS');
@@ -89,7 +89,7 @@
} elseif ($perm = getPagePermissions($page)) {
return array('page', $perm);
// or no permissions defined; returned inherited permissions, to be displayed in gray
- } elseif ($pagename == '.') { // stop recursion in pathological case.
+ } elseif ($pagename == '.') { // stop recursion in pathological case.
// "." defined, without any acl
return array('default', new PagePermission());
} else {
@@ -141,10 +141,10 @@
return $perm->asTable($type);
}
-/**
+/**
* Check the permissions for the current action.
- * Walk down the inheritance tree. Collect all permissions until
- * the minimum required level is gained, which is not
+ * Walk down the inheritance tree. Collect all permissions until
+ * the minimum required level is gained, which is not
* overruled by more specific forbid rules.
* Todo: cache result per access and page in session?
*/
@@ -188,7 +188,7 @@
// invent a new access-perm massedit? or switch back to change, or keep it at edit?
case _("PhpWikiAdministration")."/"._("Rename"):
- case _("PhpWikiAdministration")."/"._("Replace"):
+ case _("PhpWikiAdministration")."/"._("SearchReplace"):
case 'replace':
case 'rename':
case 'revert':
@@ -199,10 +199,10 @@
if (!$page->exists())
return 'create';
else
- return 'view';
+ return 'view';
break;
case 'upload':
- case 'loadfile':
+ case 'loadfile':
// probably create/edit but we cannot check all page permissions, can we?
case 'remove':
case 'purge':
@@ -227,11 +227,11 @@
// Maybe page-(current+edit+change?)action pairs will help
function _requiredAuthorityForPagename($access, $pagename) {
static $permcache = array();
-
+
if (array_key_exists($pagename, $permcache)
and array_key_exists($access, $permcache[$pagename]))
return $permcache[$pagename][$access];
-
+
global $request;
$page = $request->getPage($pagename);
@@ -256,7 +256,7 @@
return $result;
}
// no ACL defined; check for special dotfile or walk down
- if (! ($perm = getPagePermissions($page))) {
+ if (! ($perm = getPagePermissions($page))) {
if ($pagename == '.') {
$perm = new PagePermission();
if ($perm->isAuthorized('change', $request->_user)) {
@@ -282,7 +282,7 @@
return $authorized;
} elseif ($pagename == '.') {
return false;
- } else {
+ } else {
return _requiredAuthorityForPagename($access, getParentPage($pagename));
}
}
@@ -300,12 +300,12 @@
}
// Read the ACL from the page
-// Done: Not existing pages should NOT be queried.
+// Done: Not existing pages should NOT be queried.
// Check the parent page instead and don't take the default ACL's
function getPagePermissions ($page) {
if ($hash = $page->get('perm')) // hash => object
return new PagePermission(unserialize($hash));
- else
+ else
return false;
}
@@ -335,7 +335,7 @@
}
/**
- * The ACL object per page. It is stored in a page, but can also
+ * The ACL object per page. It is stored in a page, but can also
* be merged with ACL's from other pages or taken from the master (pseudo) dot-file.
*
* A hash of "access" => "requires" pairs.
@@ -343,7 +343,7 @@
* "requires" required username or groupname or any special group => true or false
*
* Define any special rules here, like don't list dot-pages.
- */
+ */
class PagePermission {
var $perm;
@@ -367,7 +367,7 @@
/**
* The workhorse to check the user against the current ACL pairs.
- * Must translate the various special groups to the actual users settings
+ * Must translate the various special groups to the actual users settings
* (userid, group membership).
*/
function isAuthorized($access, $user) {
@@ -385,7 +385,7 @@
}
/**
- * Translate the various special groups to the actual users settings
+ * Translate the various special groups to the actual users settings
* (userid, group membership).
*/
function isMember($user, $group) {
@@ -395,14 +395,14 @@
else $member =& $this->_group;
//$user = & $request->_user;
if ($group === ACL_ADMIN) // WIKI_ADMIN or member of _("Administrators")
- return $user->isAdmin() or
- ($user->isAuthenticated() and
+ return $user->isAdmin() or
+ ($user->isAuthenticated() and
$member->isMember(GROUP_ADMIN));
- if ($group === ACL_ANONYMOUS)
+ if ($group === ACL_ANONYMOUS)
return ! $user->isSignedIn();
if ($group === ACL_BOGOUSER)
if (ENABLE_USER_NEW)
- return isa($user,'_BogoUser') or
+ return isa($user,'_BogoUser') or
(isWikiWord($user->_userid) and $user->_level >= WIKIAUTH_BOGO);
else return isWikiWord($user->UserName());
if ($group === ACL_HASHOMEPAGE)
@@ -415,19 +415,19 @@
if (!$user->isAuthenticated()) return false;
$page = $request->getPage();
$owner = $page->getOwner();
- return ($owner === $user->UserName()
+ return ($owner === $user->UserName()
or $member->isMember($owner));
}
if ($group === ACL_CREATOR) {
if (!$user->isAuthenticated()) return false;
$page = $request->getPage();
$creator = $page->getCreator();
- return ($creator === $user->UserName()
+ return ($creator === $user->UserName()
or $member->isMember($creator));
}
/* Or named groups or usernames.
- Note: We don't seperate groups and users here.
- Users overrides groups with the same name.
+ Note: We don't seperate groups and users here.
+ Users overrides groups with the same name.
*/
return $user->UserName() === $group or
$member->isMember($group);
@@ -467,17 +467,17 @@
$perm['edit'] = array(ACL_SIGNED => true);
// view:
if (!ALLOW_ANON_USER) {
- if (!ALLOW_USER_PASSWORDS)
+ if (!ALLOW_USER_PASSWORDS)
$perm['view'] = array(ACL_SIGNED => true);
- else
+ else
$perm['view'] = array(ACL_AUTHENTICATED => true);
$perm['view'][ACL_BOGOUSER] = ALLOW_BOGO_LOGIN ? true : false;
}
// edit:
if (!ALLOW_ANON_EDIT) {
- if (!ALLOW_USER_PASSWORDS)
+ if (!ALLOW_USER_PASSWORDS)
$perm['edit'] = array(ACL_SIGNED => true);
- else
+ else
$perm['edit'] = array(ACL_AUTHENTICATED => true);
$perm['edit'][ACL_BOGOUSER] = ALLOW_BOGO_LOGIN ? true : false;
$perm['create'] = $perm['edit'];
@@ -504,7 +504,7 @@
// Use case is when a rule is removed.
return (print_r($this->perm, true) === print_r($otherperm, true));
}
-
+
/**
* returns list of all supported access types.
*/
@@ -533,7 +533,7 @@
$hash = $page->get('perm');
if ($hash) // hash => object
$perm = new PagePermission(unserialize($hash));
- else
+ else
$perm = new PagePermission();
$perm->sanify();
return $perm;
@@ -549,7 +549,7 @@
if ($group[0] == '_') return constant("GROUP".$group);
else return $group;
}
-
+
/* type: page, default, inherited */
function asTable($type) {
$table = HTML::table();
@@ -570,11 +570,11 @@
$table->setAttr('style','border: solid thin black; font-weight: bold;');
return $table;
}
-
+
/* type: page, default, inherited */
function asEditableTable($type) {
global $WikiTheme;
- if (!isset($this->_group)) {
+ if (!isset($this->_group)) {
$this->_group =& $GLOBALS['request']->getGroup();
}
$table = HTML::table();
@@ -586,7 +586,7 @@
HTML::th(_("Grant")),
HTML::th(_("Del/+")),
HTML::th(_("Description"))));
-
+
$allGroups = $this->_group->_specialGroups();
foreach ($this->_group->getAllGroupsIn() as $group) {
if (!in_array($group,$this->_group->specialGroups()))
@@ -740,33 +740,33 @@
$perm =& $this->perm;
// get effective user and group
$s = '---------+';
- if (isset($perm['view'][$owner]) or
+ if (isset($perm['view'][$owner]) or
(isset($perm['view'][ACL_AUTHENTICATED]) and $request->_user->isAuthenticated()))
$s[0] = 'r';
- if (isset($perm['edit'][$owner]) or
+ if (isset($perm['edit'][$owner]) or
(isset($perm['edit'][ACL_AUTHENTICATED]) and $request->_user->isAuthenticated()))
$s[1] = 'w';
- if (isset($perm['change'][$owner]) or
+ if (isset($perm['change'][$owner]) or
(isset($perm['change'][ACL_AUTHENTICATED]) and $request->_user->isAuthenticated()))
$s[2] = 'x';
if (!empty($group)) {
- if (isset($perm['view'][$group]) or
+ if (isset($perm['view'][$group]) or
(isset($perm['view'][ACL_AUTHENTICATED]) and $request->_user->isAuthenticated()))
$s[3] = 'r';
- if (isset($perm['edit'][$group]) or
+ if (isset($perm['edit'][$group]) or
(isset($perm['edit'][ACL_AUTHENTICATED]) and $request->_user->isAuthenticated()))
$s[4] = 'w';
- if (isset($perm['change'][$group]) or
+ if (isset($perm['change'][$group]) or
(isset($perm['change'][ACL_AUTHENTICATED]) and $request->_user->isAuthenticated()))
$s[5] = 'x';
}
- if (isset($perm['view'][ACL_EVERY]) or
+ if (isset($perm['view'][ACL_EVERY]) or
(isset($perm['view'][ACL_AUTHENTICATED]) and $request->_user->isAuthenticated()))
$s[6] = 'r';
- if (isset($perm['edit'][ACL_EVERY]) or
+ if (isset($perm['edit'][ACL_EVERY]) or
(isset($perm['edit'][ACL_AUTHENTICATED]) and $request->_user->isAuthenticated()))
$s[7] = 'w';
- if (isset($perm['change'][ACL_EVERY]) or
+ if (isset($perm['change'][ACL_EVERY]) or
(isset($perm['change'][ACL_AUTHENTICATED]) and $request->_user->isAuthenticated()))
$s[8] = 'x';
return $s;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
