[platal.git] / plugins / pmwiki.platalAuth.php

<?php

$AuthFunction = 'AuthPlatal';

$Conditions['logged']      = logged();
$Conditions['identified']  = identified();
$Conditions['has_perms']   = has_perms();
$Conditions['public']      = 'true';
$Conditions['only_public'] = !identified();

$HandleAuth['diff'] = 'edit';
$HandleAuth['source'] = 'edit';

$InputTags['e_textarea'][':html'] =
 "<textarea \$InputFormArgs 
    onkeydown='if (event.keyCode==27) event.returnValue=false;' 
    >{literal}\$EditText{/literal}</textarea>";

// impossible to see the diff without the source because of the smarty tags
$DiffShow['source'] = 'y';
$DiffSourceFmt = '';

$DiffStartFmt = "{literal}<div class='diffbox'><div class='difftime'>\$DiffTime \$[by] <span class='diffauthor' title='\$DiffHost'>\$DiffAuthor</span></div>";
$DiffEndFmt = "</div>{/literal}";

// compute permissions based on the permission string (key)
// if could is true, compute permission that could be enabled with a mdp
// if smarty is true, return a string to insert in a smarty if tag
// otherwise return true or false
function authPerms($pagename, $key, $could=false, $smarty=false)
{
    $words = explode(' ', $key);
    $auth  = $smarty?"":false;
    $and   = false;
    foreach ($words as $word) {
    	if (strpos($word, '@') === 0) $word = substr($word,1);
        $iauth = false;
        if ($word == 'and:') {
            $and = true;
            continue;
        }
        $parts = explode(':', $word);
        $cond = $parts[0];
        $param = $parts[1];
        if ($cond == 'identified' && $could) {
            $cond = 'logged';
        }
	if ($smarty)
	   $iauth = '$'.$cond.($param?(' eq "'.$param.'"'):'');
	else
	{
	   if (strpos($cond, "smarty.") === 0)
	   {
	      $vars = explode('.', $cond);
	      $iauth = false;
	      switch ($vars[1])
	      {
	        case 'session':$iauth = Session::get($vars[2]) == $param; break;
		case 'request':$iauth = Env::get($vars[2]) == $param; break;
	      }
	   }
           else $iauth = CondText($pagename, 'if '.$cond.' '.$param, true);
	}

        if ($and) {
	    if ($smarty)
	      $auth = ($auth?"($auth) and ":"").$iauth;
	    else
              $auth &= $iauth;
        } else {
	    if ($smarty)
	      $auth = ($auth?"($auth) or ":"").$iauth;
	    else
              $auth |= $iauth;
        }
        $and = false;
    }
    if ($smarty)
    	$auth = "($auth) or \$wiki_admin";
    return $auth;
}

// try to find the best permission for a given page and a given level of auth
// in order: page > group > site
function TryAllAuths($pagename, $level, $page_read, $group_read)
{
    global $DefaultPasswords;
    if (isset($page_read['passwd'.$level]) && $page_read['passwd'.$level] != '*') {
        return array('page', $page_read['passwd'.$level]);
    }
    if (isset($group_read['passwd'.$level]) && $group_read['passwd'.$level] != '*') {
        return array('group', $group_read['passwd'.$level]);
    }
    if (isset($DefaultPasswords[$level])) {
        return array('site', $DefaultPasswords[$level]);
    }
    return array('none', '');
}

function auth_pmwiki_to_smarty($text, $pass)
{
    $ifc = authPerms("", $pass, false, true);
    if (!$ifc) return "";
    return "{if $ifc}\n".$text."{/if}";
}

// for read pages: will come only once so we have to be careful
// and translate any auth from the wiki to smarty auth
function AuthPlatal($pagename, $level, $authprompt, $since)
{
    global $Conditions;
    $authUser = false;
    $authPage = false;

    $page_read  = ReadPage($pagename, $since);
    $groupattr  = FmtPageName('$Group/GroupAttributes', $pagename);
    $group_read = ReadPage($groupattr, $since);

    $levels = array('read', 'attr', 'edit', 'upload');

    foreach ($levels as $l)
    {
        list($from, $pass) = TryAllAuths($pagename, $l, $page_read, $group_read);
        $passwds[$l] = $pass;
        $pwsources[$l] = $from;
    }

    $canedit = authPerms($pagename, $passwds['edit'], true, true);
    $canattr = authPerms($pagename, $passwds['attr'], true, true);
    $panel  = "{if ($canedit) or ($canattr)}\n";
    $panel .= ">>frame<<\n";
    $panel .= "[[{\$FullName} |Voir la page]]\\\\\n";
    $panel .= "{if ($canedit)}\n";
    $panel .= "[[{\$FullName}?action=edit |Editer]]\\\\\n";
    $panel .= "[[{\$FullName}?action=diff |Historique]]\\\\\n";
    $panel .= "[[{\$FullName}?action=upload |Upload]]\\\\\n";
    $panel .= "{/if}{if ($canattr)}\n";
    $panel .= "[[{\$FullName}?action=attr |Droits]]\\\\\n";
    $panel .= "[[{\$Group}/GroupAttributes?action=attr|Droits du groupe]]\\\\\n";
    $panel .= "{/if}\n";
    $panel .= ">><<\n";
    $panel .= "{/if}\n";
  
    if (((identifed() && has_perms()) || authPerms($pagename, $passwds[$level]))
    {
        $page_read['=passwd'] = $passwds;
        $page_read['=pwsource'] = $pwsources;
	// if try to read, add the permission limitation as a smarty if tag
	if ($level == 'read')
	{
	  $page_read['text'] = auth_pmwiki_to_smarty($page_read['text'], $passwds['read']);
	  $page_read['text'] = $panel.$page_read['text'];
	}
//	print_r($page_read); die();
        return $page_read;
    }

    // if we arrive here, the user doesn't have enough permission to access page

    // maybe it is because he is not identified
    if ($authprompt && !identified())
    {
        new_skinned_page('wiki.tpl', AUTH_MDP); 
    }

    global $page;
    new_skinned_page('', AUTH_MDP); 
    if (has_perms()) {
        $page->trig('Erreur : page Wiki inutilisable sur plat/al');
    } else {
        $page->trig("Tu n'as pas le droit d'acc�der � ce service");
    }
    $page->run();
    // don't return false or pmwiki will send an exit breaking smarty page
    return 1;
}

?>
Commit	Line	Data
121cdae0	1	<?php
121cdae0	2
6f8f3f52	3	$AuthFunction = 'AuthPlatal';
121cdae0	4
6f8f3f52	5	$Conditions['logged'] = logged();
	6	$Conditions['identified'] = identified();
	7	$Conditions['has_perms'] = has_perms();
	8	$Conditions['public'] = 'true';
	9	$Conditions['only_public'] = !identified();
	10
2907d401	11	$HandleAuth['diff'] = 'edit';
	12	$HandleAuth['source'] = 'edit';
	13
	14	$InputTags['e_textarea'][':html'] =
	15	"<textarea \$InputFormArgs
	16	onkeydown='if (event.keyCode==27) event.returnValue=false;'
	17	>{literal}\$EditText{/literal}</textarea>";
	18
	19	// impossible to see the diff without the source because of the smarty tags
	20	$DiffShow['source'] = 'y';
	21	$DiffSourceFmt = '';
	22
	23	$DiffStartFmt = "{literal}<div class='diffbox'><div class='difftime'>\$DiffTime \$[by] <span class='diffauthor' title='\$DiffHost'>\$DiffAuthor</span></div>";
	24	$DiffEndFmt = "</div>{/literal}";
	25
	26	// compute permissions based on the permission string (key)
	27	// if could is true, compute permission that could be enabled with a mdp
	28	// if smarty is true, return a string to insert in a smarty if tag
	29	// otherwise return true or false
	30	function authPerms($pagename, $key, $could=false, $smarty=false)
121cdae0	31	{
fd5c9770	32	$words = explode(' ', $key);
2907d401	33	$auth = $smarty?"":false;
fd5c9770	34	$and = false;
fd5c9770	35	foreach ($words as $word) {
2907d401	36	if (strpos($word, '@') === 0) $word = substr($word,1);
fd5c9770	37	$iauth = false;
	38	if ($word == 'and:') {
	39	$and = true;
	40	continue;
	41	}
	42	$parts = explode(':', $word);
	43	$cond = $parts[0];
	44	$param = $parts[1];
6f8f3f52	45	if ($cond == 'identified' && $could) {
6f8f3f52	46	$cond = 'logged';
fd5c9770	47	}
2907d401	48	if ($smarty)
	49	$iauth = '$'.$cond.($param?(' eq "'.$param.'"'):'');
	50	else
	51	{
	52	if (strpos($cond, "smarty.") === 0)
	53	{
	54	$vars = explode('.', $cond);
	55	$iauth = false;
	56	switch ($vars[1])
	57	{
	58	case 'session':$iauth = Session::get($vars[2]) == $param; break;
	59	case 'request':$iauth = Env::get($vars[2]) == $param; break;
	60	}
	61	}
	62	else $iauth = CondText($pagename, 'if '.$cond.' '.$param, true);
	63	}
	64
fd5c9770	65	if ($and) {
2907d401	66	if ($smarty)
	67	$auth = ($auth?"($auth) and ":"").$iauth;
	68	else
	69	$auth &= $iauth;
fd5c9770	70	} else {
2907d401	71	if ($smarty)
	72	$auth = ($auth?"($auth) or ":"").$iauth;
	73	else
	74	$auth \|= $iauth;
fd5c9770	75	}
	76	$and = false;
	77	}
2907d401	78	if ($smarty)
2907d401	79	$auth = "($auth) or \$wiki_admin";
fd5c9770	80	return $auth;
121cdae0	81	}
121cdae0	82
2907d401	83	// try to find the best permission for a given page and a given level of auth
2907d401	84	// in order: page > group > site
d0adba41	85	function TryAllAuths($pagename, $level, $page_read, $group_read)
121cdae0	86	{
fd5c9770	87	global $DefaultPasswords;
	88	if (isset($page_read['passwd'.$level]) && $page_read['passwd'.$level] != '*') {
	89	return array('page', $page_read['passwd'.$level]);
	90	}
	91	if (isset($group_read['passwd'.$level]) && $group_read['passwd'.$level] != '*') {
	92	return array('group', $group_read['passwd'.$level]);
	93	}
	94	if (isset($DefaultPasswords[$level])) {
	95	return array('site', $DefaultPasswords[$level]);
	96	}
	97	return array('none', '');
121cdae0	98	}
121cdae0	99
2907d401	100	function auth_pmwiki_to_smarty($text, $pass)
	101	{
	102	$ifc = authPerms("", $pass, false, true);
	103	if (!$ifc) return "";
	104	return "{if $ifc}\n".$text."{/if}";
	105	}
	106
	107	// for read pages: will come only once so we have to be careful
	108	// and translate any auth from the wiki to smarty auth
121cdae0	109	function AuthPlatal($pagename, $level, $authprompt, $since)
121cdae0	110	{
fd5c9770	111	global $Conditions;
	112	$authUser = false;
	113	$authPage = false;
121cdae0	114
fd5c9770	115	$page_read = ReadPage($pagename, $since);
	116	$groupattr = FmtPageName('$Group/GroupAttributes', $pagename);
	117	$group_read = ReadPage($groupattr, $since);
121cdae0	118
fd5c9770	119	$levels = array('read', 'attr', 'edit', 'upload');
d0adba41	120
fd5c9770	121	foreach ($levels as $l)
	122	{
	123	list($from, $pass) = TryAllAuths($pagename, $l, $page_read, $group_read);
	124	$passwds[$l] = $pass;
	125	$pwsources[$l] = $from;
	126	}
121cdae0	127
2907d401	128	$canedit = authPerms($pagename, $passwds['edit'], true, true);
	129	$canattr = authPerms($pagename, $passwds['attr'], true, true);
	130	$panel = "{if ($canedit) or ($canattr)}\n";
	131	$panel .= ">>frame<<\n";
	132	$panel .= "[[{\$FullName} \|Voir la page]]\\\\\n";
	133	$panel .= "{if ($canedit)}\n";
	134	$panel .= "[[{\$FullName}?action=edit \|Editer]]\\\\\n";
	135	$panel .= "[[{\$FullName}?action=diff \|Historique]]\\\\\n";
	136	$panel .= "[[{\$FullName}?action=upload \|Upload]]\\\\\n";
	137	$panel .= "{/if}{if ($canattr)}\n";
	138	$panel .= "[[{\$FullName}?action=attr \|Droits]]\\\\\n";
	139	$panel .= "[[{\$Group}/GroupAttributes?action=attr\|Droits du groupe]]\\\\\n";
	140	$panel .= "{/if}\n";
	141	$panel .= ">><<\n";
	142	$panel .= "{/if}\n";
	143
	144	if (((identifed() && has_perms()) \|\| authPerms($pagename, $passwds[$level]))
fd5c9770	145	{
	146	$page_read['=passwd'] = $passwds;
	147	$page_read['=pwsource'] = $pwsources;
2907d401	148	// if try to read, add the permission limitation as a smarty if tag
	149	if ($level == 'read')
	150	{
	151	$page_read['text'] = auth_pmwiki_to_smarty($page_read['text'], $passwds['read']);
	152	$page_read['text'] = $panel.$page_read['text'];
	153	}
	154	// print_r($page_read); die();
fd5c9770	155	return $page_read;
	156	}
	157
2907d401	158	// if we arrive here, the user doesn't have enough permission to access page
	159
	160	// maybe it is because he is not identified
fd5c9770	161	if ($authprompt && !identified())
	162	{
	163	new_skinned_page('wiki.tpl', AUTH_MDP);
	164	}
	165
	166	global $page;
	167	new_skinned_page('', AUTH_MDP);
	168	if (has_perms()) {
6f8f3f52	169	$page->trig('Erreur : page Wiki inutilisable sur plat/al');
fd5c9770	170	} else {
	171	$page->trig("Tu n'as pas le droit d'acc�der � ce service");
	172	}
2907d401	173	$page->run();
fd5c9770	174	// don't return false or pmwiki will send an exit breaking smarty page
fd5c9770	175	return 1;
121cdae0	176	}
121cdae0	177
fd5c9770	178	?>