[platal.git] / plugins / pmwiki.platalAuth.php

<?php

$AuthFunction = 'AuthPlatal';

$Conditions['logged']      = S::logged();
$Conditions['identified']  = S::identified();
$Conditions['has_perms']   = S::has_perms();
$Conditions['public']      = 'true';

$HandleAuth['diff']        = 'edit';
$HandleAuth['source']      = 'edit';

$InputTags['e_textarea'][':html'] = "<textarea \$InputFormArgs
     onkeydown='if (event.keyCode==27) event.returnValue=false;'
    >{literal}\$EditText{/literal}</textarea>";

// impossible to see the diff without the source because of the smarty tags
$DiffShow['source'] = 'y';
$DiffSourceFmt = '';

$DiffStartFmt = "{literal}<div class='diffbox'><div class='difftime'>\$DiffTime \$[by] <span class='diffauthor' title='\$DiffHost'>\$DiffAuthor</span></div>";
$DiffEndFmt = "</div>{/literal}";

// compute permissions based on the permission string (key)
// if could is true, compute permission that could be enabled with a mdp
// if smarty is true, return a string to insert in a smarty if tag
// otherwise return true or false
function authPerms($pagename, $key, $could=false, $smarty=false)
{
    $words = explode(' ', $key);
    $auth  = $smarty?"":false;
    $and   = false;
    foreach ($words as $word) {
        if (strpos($word, '@') === 0) $word = substr($word,1);
        $iauth = false;
        if ($word == 'and:') {
            $and = true;
            continue;
        }
        $parts = explode(':', $word);
        $cond = $parts[0];
        $param = $parts[1];
        if ($cond == 'identified' && $could) {
            $cond = 'logged';
        }
        if ($smarty) {
            $iauth = '$'.$cond.($param?(' eq "'.$param.'"'):'');
        } else {
            if (strpos($cond, "smarty.") === 0) {
                $vars = explode('.', $cond);
                $iauth = false;
                switch ($vars[1])
                {
                  case 'session':$iauth = S::v($vars[2]) == $param; break;
                  case 'request':$iauth = Env::get($vars[2]) == $param; break;
                }
            }
            else $iauth = CondText($pagename, 'if '.$cond.' '.$param, true);
        }

        if ($and) {
            if ($smarty)
                $auth = ($auth?"($auth) and ":"").$iauth;
            else
                $auth &= $iauth;
        } else {
            if ($smarty)
                $auth = ($auth?"($auth) or ":"").$iauth;
            else
                $auth |= $iauth;
        }
        $and = false;
    }
    return $auth;
}

// try to find the best permission for a given page and a given level of auth
// in order: page > group > site
function TryAllAuths($pagename, $level, $page_read, $group_read)
{
    global $DefaultPasswords;
    if (isset($page_read['passwd'.$level]) && $page_read['passwd'.$level] != '*') {
        return array('page', $page_read['passwd'.$level]);
    }
    if (isset($group_read['passwd'.$level]) && $group_read['passwd'.$level] != '*') {
        return array('group', $group_read['passwd'.$level]);
    }
    if (isset($DefaultPasswords[$level])) {
        return array('site', $DefaultPasswords[$level]);
    }
    return array('none', '');
}

function auth_pmwiki_to_smarty($text, $pass)
{
    $ifc = authPerms("", $pass, false, true);
    if (!$ifc)
        return "";
    return "{if $ifc}\n".$text."\n{else}(:div class='erreur':Droits insuffisants.:){/if}";
}

// for read pages: will come only once so we have to be careful
// and translate any auth from the wiki to smarty auth
function AuthPlatal($pagename, $level, $authprompt)
{
    global $Conditions, $page;
    $authUser = false;
    $authPage = false;

    $page_read  = ReadPage($pagename);
    $groupattr  = FmtPageName('$Group/GroupAttributes', $pagename);
    $group_read = ReadPage($groupattr);

    $levels = array('read', 'attr', 'edit', 'upload');

    foreach ($levels as $l) {
        list($from, $pass) = TryAllAuths($pagename, $l, $page_read, $group_read);
        $passwds[$l]   = $pass;
        $pwsources[$l] = $from;
    }

    $canedit = authPerms($pagename, $passwds['edit'], true, true);
    $canattr = authPerms($pagename, $passwds['attr'], true, true);
    $panel  = "{if ($canedit) or ($canattr)}\n";
    $panel .= ">>frame<<\n";
    $panel .= "[[{\$FullName} |Voir la page]]\\\\\n";
    $panel .= "{if ($canedit)}\n";
    $panel .= "[[{\$FullName}?action=edit |Editer]]\\\\\n";
    $panel .= "[[{\$FullName}?action=diff |Historique]]\\\\\n";
    $panel .= "[[{\$FullName}?action=upload |Upload]]\\\\\n";
    $panel .= "{/if}{if ($canattr)}\n";
    $panel .= "[[{\$FullName}?action=attr |Droits]]\\\\\n";
    $panel .= "[[{\$Group}/GroupAttributes?action=attr|Droits du groupe]]\\\\\n";
    $panel .= "{/if}\n";
    $panel .= ">><<\n";
    $panel .= "{/if}\n";

    if ((S::identified() && S::has_perms()) || authPerms($pagename, $passwds[$level]))
    {
        $page_read['=passwd']   = $passwds;
        $page_read['=pwsource'] = $pwsources;

        // if try to read, add the permission limitation as a smarty if tag
        if ($level == 'read') {
            $page_read['text'] = auth_pmwiki_to_smarty($page_read['text'], $passwds['read']);
            $page_read['text'] = $panel.$page_read['text'];
        }

        return $page_read;
    }

    // if we arrive here, the user doesn't have enough permission to access page

    // maybe it is because he is not identified
    if ($authprompt && !S::identified()) {
        require_once dirname(__FILE__).'/../classes/Platal.php';
        require_once dirname(__FILE__).'/../classes/PLModule.php';
        $platal = new Platal();
        $platal->force_login($page);
    }

    if (S::has_perms()) {
        $page->trig('Erreur : page Wiki inutilisable sur plat/al');
    }
    $page->run();
}

?>
Commit	Line	Data
121cdae0	1	<?php
121cdae0	2
6f8f3f52	3	$AuthFunction = 'AuthPlatal';
121cdae0	4
cab08090	5	$Conditions['logged'] = S::logged();
	6	$Conditions['identified'] = S::identified();
	7	$Conditions['has_perms'] = S::has_perms();
6f8f3f52	8	$Conditions['public'] = 'true';
6f8f3f52	9
06a5e65b	10	$HandleAuth['diff'] = 'edit';
06a5e65b	11	$HandleAuth['source'] = 'edit';
2907d401	12
06a5e65b	13	$InputTags['e_textarea'][':html'] = "<textarea \$InputFormArgs
06a5e65b	14	onkeydown='if (event.keyCode==27) event.returnValue=false;'
2907d401	15	>{literal}\$EditText{/literal}</textarea>";
	16
	17	// impossible to see the diff without the source because of the smarty tags
	18	$DiffShow['source'] = 'y';
	19	$DiffSourceFmt = '';
	20
	21	$DiffStartFmt = "{literal}<div class='diffbox'><div class='difftime'>\$DiffTime \$[by] <span class='diffauthor' title='\$DiffHost'>\$DiffAuthor</span></div>";
	22	$DiffEndFmt = "</div>{/literal}";
	23
	24	// compute permissions based on the permission string (key)
	25	// if could is true, compute permission that could be enabled with a mdp
	26	// if smarty is true, return a string to insert in a smarty if tag
	27	// otherwise return true or false
	28	function authPerms($pagename, $key, $could=false, $smarty=false)
121cdae0	29	{
fd5c9770	30	$words = explode(' ', $key);
2907d401	31	$auth = $smarty?"":false;
fd5c9770	32	$and = false;
fd5c9770	33	foreach ($words as $word) {
06a5e65b	34	if (strpos($word, '@') === 0) $word = substr($word,1);
fd5c9770	35	$iauth = false;
	36	if ($word == 'and:') {
	37	$and = true;
	38	continue;
	39	}
	40	$parts = explode(':', $word);
	41	$cond = $parts[0];
	42	$param = $parts[1];
6f8f3f52	43	if ($cond == 'identified' && $could) {
6f8f3f52	44	$cond = 'logged';
fd5c9770	45	}
06a5e65b	46	if ($smarty) {
	47	$iauth = '$'.$cond.($param?(' eq "'.$param.'"'):'');
	48	} else {
	49	if (strpos($cond, "smarty.") === 0) {
	50	$vars = explode('.', $cond);
	51	$iauth = false;
	52	switch ($vars[1])
	53	{
	54	case 'session':$iauth = S::v($vars[2]) == $param; break;
	55	case 'request':$iauth = Env::get($vars[2]) == $param; break;
	56	}
	57	}
	58	else $iauth = CondText($pagename, 'if '.$cond.' '.$param, true);
	59	}
2907d401	60
fd5c9770	61	if ($and) {
06a5e65b	62	if ($smarty)
	63	$auth = ($auth?"($auth) and ":"").$iauth;
	64	else
	65	$auth &= $iauth;
fd5c9770	66	} else {
06a5e65b	67	if ($smarty)
	68	$auth = ($auth?"($auth) or ":"").$iauth;
	69	else
	70	$auth \|= $iauth;
fd5c9770	71	}
	72	$and = false;
	73	}
	74	return $auth;
121cdae0	75	}
121cdae0	76
2907d401	77	// try to find the best permission for a given page and a given level of auth
2907d401	78	// in order: page > group > site
d0adba41	79	function TryAllAuths($pagename, $level, $page_read, $group_read)
121cdae0	80	{
fd5c9770	81	global $DefaultPasswords;
	82	if (isset($page_read['passwd'.$level]) && $page_read['passwd'.$level] != '*') {
	83	return array('page', $page_read['passwd'.$level]);
	84	}
	85	if (isset($group_read['passwd'.$level]) && $group_read['passwd'.$level] != '*') {
	86	return array('group', $group_read['passwd'.$level]);
	87	}
	88	if (isset($DefaultPasswords[$level])) {
	89	return array('site', $DefaultPasswords[$level]);
	90	}
	91	return array('none', '');
121cdae0	92	}
121cdae0	93
2907d401	94	function auth_pmwiki_to_smarty($text, $pass)
	95	{
	96	$ifc = authPerms("", $pass, false, true);
06a5e65b	97	if (!$ifc)
	98	return "";
	99	return "{if $ifc}\n".$text."\n{else}(:div class='erreur':Droits insuffisants.:){/if}";
2907d401	100	}
	101
	102	// for read pages: will come only once so we have to be careful
	103	// and translate any auth from the wiki to smarty auth
06a5e65b	104	function AuthPlatal($pagename, $level, $authprompt)
121cdae0	105	{
801fcad8	106	global $Conditions, $page;
fd5c9770	107	$authUser = false;
fd5c9770	108	$authPage = false;
121cdae0	109
06a5e65b	110	$page_read = ReadPage($pagename);
fd5c9770	111	$groupattr = FmtPageName('$Group/GroupAttributes', $pagename);
06a5e65b	112	$group_read = ReadPage($groupattr);
121cdae0	113
fd5c9770	114	$levels = array('read', 'attr', 'edit', 'upload');
d0adba41	115
06a5e65b	116	foreach ($levels as $l) {
fd5c9770	117	list($from, $pass) = TryAllAuths($pagename, $l, $page_read, $group_read);
06a5e65b	118	$passwds[$l] = $pass;
fd5c9770	119	$pwsources[$l] = $from;
fd5c9770	120	}
121cdae0	121
2907d401	122	$canedit = authPerms($pagename, $passwds['edit'], true, true);
	123	$canattr = authPerms($pagename, $passwds['attr'], true, true);
	124	$panel = "{if ($canedit) or ($canattr)}\n";
	125	$panel .= ">>frame<<\n";
	126	$panel .= "[[{\$FullName} \|Voir la page]]\\\\\n";
	127	$panel .= "{if ($canedit)}\n";
	128	$panel .= "[[{\$FullName}?action=edit \|Editer]]\\\\\n";
	129	$panel .= "[[{\$FullName}?action=diff \|Historique]]\\\\\n";
	130	$panel .= "[[{\$FullName}?action=upload \|Upload]]\\\\\n";
	131	$panel .= "{/if}{if ($canattr)}\n";
	132	$panel .= "[[{\$FullName}?action=attr \|Droits]]\\\\\n";
	133	$panel .= "[[{\$Group}/GroupAttributes?action=attr\|Droits du groupe]]\\\\\n";
	134	$panel .= "{/if}\n";
	135	$panel .= ">><<\n";
	136	$panel .= "{/if}\n";
06a5e65b	137
cab08090	138	if ((S::identified() && S::has_perms()) \|\| authPerms($pagename, $passwds[$level]))
fd5c9770	139	{
06a5e65b	140	$page_read['=passwd'] = $passwds;
fd5c9770	141	$page_read['=pwsource'] = $pwsources;
06a5e65b	142
	143	// if try to read, add the permission limitation as a smarty if tag
	144	if ($level == 'read') {
	145	$page_read['text'] = auth_pmwiki_to_smarty($page_read['text'], $passwds['read']);
	146	$page_read['text'] = $panel.$page_read['text'];
	147	}
	148
fd5c9770	149	return $page_read;
	150	}
	151
2907d401	152	// if we arrive here, the user doesn't have enough permission to access page
	153
	154	// maybe it is because he is not identified
06a5e65b	155	if ($authprompt && !S::identified()) {
	156	require_once dirname(__FILE__).'/../classes/Platal.php';
	157	require_once dirname(__FILE__).'/../classes/PLModule.php';
	158	$platal = new Platal();
	159	$platal->force_login($page);
fd5c9770	160	}
fd5c9770	161
cab08090	162	if (S::has_perms()) {
6f8f3f52	163	$page->trig('Erreur : page Wiki inutilisable sur plat/al');
fd5c9770	164	}
2907d401	165	$page->run();
121cdae0	166	}
121cdae0	167
fd5c9770	168	?>