[platal.git] / plugins / pmwiki.platalAuth.php

<?php

$AuthFunction = 'AuthPlatal';

$Conditions['logged']      = S::logged();
$Conditions['identified']  = S::identified();
$Conditions['has_perms']   = S::has_perms();
$Conditions['public']      = 'true';

$HandleAuth['diff']        = 'edit';
$HandleAuth['source']      = 'edit';

$InputTags['e_textarea'][':html'] = "<textarea \$InputFormArgs
     onkeydown='if (event.keyCode==27) event.returnValue=false;'
    >{literal}\$EditText{/literal}</textarea>";

// impossible to see the diff without the source because of the smarty tags
$DiffShow['source'] = 'y';
$DiffSourceFmt = '';

$DiffStartFmt = "{literal}<div class='diffbox'><div class='difftime'>\$DiffTime \$[by] <span class='diffauthor' title='\$DiffHost'>\$DiffAuthor</span></div>";
$DiffEndFmt = "</div>{/literal}";

// compute permissions based on the permission string (key)
// if could is true, compute permission that could be enabled with a mdp
// if smarty is true, return a string to insert in a smarty if tag
// otherwise return true or false
function authPerms($pagename, $key, $could=false, $smarty=false)
{
    $words = explode(' ', $key);
    $auth  = $smarty?"":false;
    $and   = false;
    foreach ($words as $word) {
        if (strpos($word, '@') === 0) $word = substr($word,1);
        $iauth = false;
        if ($word == 'and:') {
            $and = true;
            continue;
        }
        $parts = explode(':', $word);
        $cond  = $parts[0];
        $param = $parts[1];
        if ($cond == 'identified' && $could) {
            $cond = 'logged';
        }
        if ($smarty) {
            $iauth = '$'.$cond.($param?(' eq "'.$param.'"'):'');
        } else {
            if (strpos($cond, "smarty.") === 0) {
                $vars = explode('.', $cond);
                $iauth = false;
                switch ($vars[1])
                {
                  case 'session':$iauth = S::v($vars[2]) == $param; break;
                  case 'request':$iauth = Env::get($vars[2]) == $param; break;
                }
            }
            else $iauth = CondText($pagename, 'if '.$cond.' '.$param, true);
        }

        if ($and) {
            if ($smarty)
                $auth = ($auth?"($auth) and ":"").$iauth;
            else
                $auth &= $iauth;
        } else {
            if ($smarty)
                $auth = ($auth?"($auth) or ":"").$iauth;
            else
                $auth |= $iauth;
        }
        $and = false;
    }
    return $auth;
}

// try to find the best permission for a given page and a given level of auth
// in order: page > site
function TryAllAuths($pagename, $level, $page_read)
{
    global $DefaultPasswords;
    if (isset($page_read['passwd'.$level]) && $page_read['passwd'.$level] != '*') {
        return array('page', $page_read['passwd'.$level]);
    }
    if (isset($DefaultPasswords[$level])) {
        return array('site', $DefaultPasswords[$level]);
    }
    return array('none', '');
}

function auth_pmwiki_to_smarty($text, $pass)
{
    $ifc = authPerms("", $pass, false, true);
    if (!$ifc)
        return "";
    return "{if $ifc}\n".$text."\n{else}(:div class='erreur':Droits insuffisants.:){/if}";
}

// for read pages: will come only once so we have to be careful
// and translate any auth from the wiki to smarty auth
function AuthPlatal($pagename, $level, $authprompt)
{
    global $Conditions, $page;

    $page_read = ReadPage($pagename);

    $levels = array('read', 'attr', 'edit', 'upload');

    foreach ($levels as $l) {
        list($from, $pass) = TryAllAuths($pagename, $l, $page_read);
        $passwds[$l]   = $pass;
        $pwsources[$l] = $from;
    }

    $canedit = authPerms($pagename, $passwds['edit'], true, true);
    $canattr = authPerms($pagename, $passwds['attr'], true, true);
    $panel  = "{if ($canedit) or ($canattr)}\n";
    $panel .= ">>frame<<\n";
    $panel .= "[[{\$FullName} |Voir la page]]\\\\\n";
    $panel .= "{if ($canedit)}\n";
    $panel .= "[[{\$FullName}?action=edit |Editer]]\\\\\n";
    $panel .= "[[{\$FullName}?action=diff |Historique]]\\\\\n";
    $panel .= "[[{\$FullName}?action=upload |Upload]]\\\\\n";
    $panel .= "{/if}{if ($canattr)}\n";
    $panel .= "[[{\$FullName}?action=attr |Droits]]\\\\\n";
    $panel .= "{/if}\n";
    $panel .= ">><<\n";
    $panel .= "{/if}\n";

    if ((S::identified() && S::has_perms()) || authPerms($pagename, $passwds[$level]))
    {
        $page_read['=passwd']   = $passwds;
        $page_read['=pwsource'] = $pwsources;

        // if try to read, add the permission limitation as a smarty if tag
        if ($level == 'read') {
            $page_read['text'] = auth_pmwiki_to_smarty($page_read['text'], $passwds['read']);
            $page_read['text'] = $panel.$page_read['text'];
        }

        return $page_read;
    }

    // if we arrive here, the user doesn't have enough permission to access page

    // maybe it is because he is not identified
    if ($authprompt && !S::identified()) {
        require_once dirname(__FILE__).'/../classes/Platal.php';
        require_once dirname(__FILE__).'/../classes/PLModule.php';
        $platal = new Platal();
        $platal->force_login($page);
    }

    if (S::has_perms()) {
        $page->trig('Erreur : page Wiki inutilisable sur plat/al');
    }
    $page->run();
}

?>
Commit	Line	Data
121cdae0	1	<?php
121cdae0	2
6f8f3f52	3	$AuthFunction = 'AuthPlatal';
121cdae0	4
cab08090	5	$Conditions['logged'] = S::logged();
	6	$Conditions['identified'] = S::identified();
	7	$Conditions['has_perms'] = S::has_perms();
6f8f3f52	8	$Conditions['public'] = 'true';
6f8f3f52	9
06a5e65b	10	$HandleAuth['diff'] = 'edit';
06a5e65b	11	$HandleAuth['source'] = 'edit';
2907d401	12
06a5e65b	13	$InputTags['e_textarea'][':html'] = "<textarea \$InputFormArgs
06a5e65b	14	onkeydown='if (event.keyCode==27) event.returnValue=false;'
2907d401	15	>{literal}\$EditText{/literal}</textarea>";
	16
	17	// impossible to see the diff without the source because of the smarty tags
	18	$DiffShow['source'] = 'y';
	19	$DiffSourceFmt = '';
	20
	21	$DiffStartFmt = "{literal}<div class='diffbox'><div class='difftime'>\$DiffTime \$[by] <span class='diffauthor' title='\$DiffHost'>\$DiffAuthor</span></div>";
	22	$DiffEndFmt = "</div>{/literal}";
	23
	24	// compute permissions based on the permission string (key)
	25	// if could is true, compute permission that could be enabled with a mdp
	26	// if smarty is true, return a string to insert in a smarty if tag
	27	// otherwise return true or false
	28	function authPerms($pagename, $key, $could=false, $smarty=false)
121cdae0	29	{
fd5c9770	30	$words = explode(' ', $key);
2907d401	31	$auth = $smarty?"":false;
fd5c9770	32	$and = false;
fd5c9770	33	foreach ($words as $word) {
06a5e65b	34	if (strpos($word, '@') === 0) $word = substr($word,1);
fd5c9770	35	$iauth = false;
	36	if ($word == 'and:') {
	37	$and = true;
	38	continue;
	39	}
	40	$parts = explode(':', $word);
251b9351	41	$cond = $parts[0];
fd5c9770	42	$param = $parts[1];
6f8f3f52	43	if ($cond == 'identified' && $could) {
6f8f3f52	44	$cond = 'logged';
fd5c9770	45	}
06a5e65b	46	if ($smarty) {
	47	$iauth = '$'.$cond.($param?(' eq "'.$param.'"'):'');
	48	} else {
	49	if (strpos($cond, "smarty.") === 0) {
	50	$vars = explode('.', $cond);
	51	$iauth = false;
	52	switch ($vars[1])
	53	{
	54	case 'session':$iauth = S::v($vars[2]) == $param; break;
	55	case 'request':$iauth = Env::get($vars[2]) == $param; break;
	56	}
	57	}
	58	else $iauth = CondText($pagename, 'if '.$cond.' '.$param, true);
	59	}
2907d401	60
fd5c9770	61	if ($and) {
06a5e65b	62	if ($smarty)
	63	$auth = ($auth?"($auth) and ":"").$iauth;
	64	else
	65	$auth &= $iauth;
fd5c9770	66	} else {
06a5e65b	67	if ($smarty)
	68	$auth = ($auth?"($auth) or ":"").$iauth;
	69	else
	70	$auth \|= $iauth;
fd5c9770	71	}
	72	$and = false;
	73	}
	74	return $auth;
121cdae0	75	}
121cdae0	76
2907d401	77	// try to find the best permission for a given page and a given level of auth
251b9351	78	// in order: page > site
251b9351	79	function TryAllAuths($pagename, $level, $page_read)
121cdae0	80	{
fd5c9770	81	global $DefaultPasswords;
	82	if (isset($page_read['passwd'.$level]) && $page_read['passwd'.$level] != '*') {
	83	return array('page', $page_read['passwd'.$level]);
	84	}
fd5c9770	85	if (isset($DefaultPasswords[$level])) {
	86	return array('site', $DefaultPasswords[$level]);
	87	}
	88	return array('none', '');
121cdae0	89	}
121cdae0	90
2907d401	91	function auth_pmwiki_to_smarty($text, $pass)
	92	{
	93	$ifc = authPerms("", $pass, false, true);
06a5e65b	94	if (!$ifc)
	95	return "";
	96	return "{if $ifc}\n".$text."\n{else}(:div class='erreur':Droits insuffisants.:){/if}";
2907d401	97	}
	98
	99	// for read pages: will come only once so we have to be careful
	100	// and translate any auth from the wiki to smarty auth
06a5e65b	101	function AuthPlatal($pagename, $level, $authprompt)
121cdae0	102	{
801fcad8	103	global $Conditions, $page;
121cdae0	104
251b9351	105	$page_read = ReadPage($pagename);
121cdae0	106
fd5c9770	107	$levels = array('read', 'attr', 'edit', 'upload');
d0adba41	108
06a5e65b	109	foreach ($levels as $l) {
251b9351	110	list($from, $pass) = TryAllAuths($pagename, $l, $page_read);
06a5e65b	111	$passwds[$l] = $pass;
fd5c9770	112	$pwsources[$l] = $from;
fd5c9770	113	}
121cdae0	114
2907d401	115	$canedit = authPerms($pagename, $passwds['edit'], true, true);
	116	$canattr = authPerms($pagename, $passwds['attr'], true, true);
	117	$panel = "{if ($canedit) or ($canattr)}\n";
	118	$panel .= ">>frame<<\n";
	119	$panel .= "[[{\$FullName} \|Voir la page]]\\\\\n";
	120	$panel .= "{if ($canedit)}\n";
	121	$panel .= "[[{\$FullName}?action=edit \|Editer]]\\\\\n";
	122	$panel .= "[[{\$FullName}?action=diff \|Historique]]\\\\\n";
	123	$panel .= "[[{\$FullName}?action=upload \|Upload]]\\\\\n";
	124	$panel .= "{/if}{if ($canattr)}\n";
	125	$panel .= "[[{\$FullName}?action=attr \|Droits]]\\\\\n";
2907d401	126	$panel .= "{/if}\n";
	127	$panel .= ">><<\n";
	128	$panel .= "{/if}\n";
06a5e65b	129
cab08090	130	if ((S::identified() && S::has_perms()) \|\| authPerms($pagename, $passwds[$level]))
fd5c9770	131	{
06a5e65b	132	$page_read['=passwd'] = $passwds;
fd5c9770	133	$page_read['=pwsource'] = $pwsources;
06a5e65b	134
	135	// if try to read, add the permission limitation as a smarty if tag
	136	if ($level == 'read') {
	137	$page_read['text'] = auth_pmwiki_to_smarty($page_read['text'], $passwds['read']);
	138	$page_read['text'] = $panel.$page_read['text'];
	139	}
	140
fd5c9770	141	return $page_read;
	142	}
	143
2907d401	144	// if we arrive here, the user doesn't have enough permission to access page
	145
	146	// maybe it is because he is not identified
06a5e65b	147	if ($authprompt && !S::identified()) {
	148	require_once dirname(__FILE__).'/../classes/Platal.php';
	149	require_once dirname(__FILE__).'/../classes/PLModule.php';
	150	$platal = new Platal();
	151	$platal->force_login($page);
fd5c9770	152	}
fd5c9770	153
cab08090	154	if (S::has_perms()) {
6f8f3f52	155	$page->trig('Erreur : page Wiki inutilisable sur plat/al');
fd5c9770	156	}
2907d401	157	$page->run();
121cdae0	158	}
121cdae0	159
fd5c9770	160	?>