plugins/pmwiki.platalAuth.php

   1 <?php
   2
   3 $AuthFunction = 'AuthPlatal';
   4
   5 $Conditions['logged']      = S::logged();
   6 $Conditions['identified']  = S::identified();
   7 $Conditions['has_perms']   = S::has_perms();
   8 $Conditions['public']      = 'true';
   9
  10 $HandleAuth['diff']        = 'edit';
  11 $HandleAuth['source']      = 'edit';
  12
  13 $InputTags['e_textarea'][':html'] = "<textarea \$InputFormArgs
  14      onkeydown='if (event.keyCode==27) event.returnValue=false;'
  15     >{literal}\$EditText{/literal}</textarea>";
  16
  17 // impossible to see the diff without the source because of the smarty tags
  18 $DiffShow['source'] = 'y';
  19 $DiffSourceFmt = '';
  20
  21 $DiffStartFmt = "{literal}<div class='diffbox'><div class='difftime'>\$DiffTime \$[by] <span class='diffauthor' title='\$DiffHost'>\$DiffAuthor</span></div>";
  22 $DiffEndFmt = "</div>{/literal}";
  23
  24 // compute permissions based on the permission string (key)
  25 // if could is true, compute permission that could be enabled with a mdp
  26 // if smarty is true, return a string to insert in a smarty if tag
  27 // otherwise return true or false
  28 function authPerms($pagename, $key, $could=false, $smarty=false)
  29 {
  30     $words = explode(' ', $key);
  31     $auth  = $smarty?"":false;
  32     $and   = false;
  33     foreach ($words as $word) {
  34         if (strpos($word, '@') === 0) $word = substr($word,1);
  35         $iauth = false;
  36         if ($word == 'and:') {
  37             $and = true;
  38             continue;
  39         }
  40         $parts = explode(':', $word);
  41         $cond  = $parts[0];
  42         $param = $parts[1];
  43         if ($cond == 'identified' && $could) {
  44             $cond = 'logged';
  45         }
  46         if ($smarty) {
  47             $iauth = '$'.$cond.($param?(' eq "'.$param.'"'):'');
  48         } else {
  49             if (strpos($cond, "smarty.") === 0) {
  50                 $vars = explode('.', $cond);
  51                 $iauth = false;
  52                 switch ($vars[1])
  53                 {
  54                   case 'session':$iauth = S::v($vars[2]) == $param; break;
  55                   case 'request':$iauth = Env::get($vars[2]) == $param; break;
  56                 }
  57             }
  58             else $iauth = CondText($pagename, 'if '.$cond.' '.$param, true);
  59         }
  60
  61         if ($and) {
  62             if ($smarty)
  63                 $auth = ($auth?"($auth) and ":"").$iauth;
  64             else
  65                 $auth &= $iauth;
  66         } else {
  67             if ($smarty)
  68                 $auth = ($auth?"($auth) or ":"").$iauth;
  69             else
  70                 $auth |= $iauth;
  71         }
  72         $and = false;
  73     }
  74     return $auth;
  75 }
  76
  77 // try to find the best permission for a given page and a given level of auth
  78 // in order: page > site
  79 function TryAllAuths($pagename, $level, $page_read)
  80 {
  81     global $DefaultPasswords;
  82     if (isset($page_read['passwd'.$level]) && $page_read['passwd'.$level] != '*') {
  83         return array('page', $page_read['passwd'.$level]);
  84     }
  85     if (isset($DefaultPasswords[$level])) {
  86         return array('site', $DefaultPasswords[$level]);
  87     }
  88     return array('none', '');
  89 }
  90
  91 function auth_pmwiki_to_smarty($text, $pass)
  92 {
  93     $ifc = authPerms("", $pass, false, true);
  94     if (!$ifc)
  95         return "";
  96     return "{if $ifc}\n".$text."\n{else}(:div class='erreur':Droits insuffisants.:){/if}";
  97 }
  98
  99 // for read pages: will come only once so we have to be careful
 100 // and translate any auth from the wiki to smarty auth
 101 function AuthPlatal($pagename, $level, $authprompt)
 102 {
 103     global $Conditions, $page;
 104
 105     $page_read = ReadPage($pagename);
 106
 107     $levels = array('read', 'attr', 'edit', 'upload');
 108
 109     foreach ($levels as $l) {
 110         list($from, $pass) = TryAllAuths($pagename, $l, $page_read);
 111         $passwds[$l]   = $pass;
 112         $pwsources[$l] = $from;
 113     }
 114
 115     $canedit = authPerms($pagename, $passwds['edit'], true, true);
 116     $canattr = authPerms($pagename, $passwds['attr'], true, true);
 117     $panel  = "{if ($canedit) or ($canattr)}\n";
 118     $panel .= ">>frame<<\n";
 119     $panel .= "[[{\$FullName} |Voir la page]]\\\\\n";
 120     $panel .= "{if ($canedit)}\n";
 121     $panel .= "[[{\$FullName}?action=edit |Editer]]\\\\\n";
 122     $panel .= "[[{\$FullName}?action=diff |Historique]]\\\\\n";
 123     $panel .= "[[{\$FullName}?action=upload |Upload]]\\\\\n";
 124     $panel .= "{/if}{if ($canattr)}\n";
 125     $panel .= "[[{\$FullName}?action=attr |Droits]]\\\\\n";
 126     $panel .= "{/if}\n";
 127     $panel .= ">><<\n";
 128     $panel .= "{/if}\n";
 129
 130     if ((S::identified() && S::has_perms()) || authPerms($pagename, $passwds[$level]))
 131     {
 132         $page_read['=passwd']   = $passwds;
 133         $page_read['=pwsource'] = $pwsources;
 134
 135         // if try to read, add the permission limitation as a smarty if tag
 136         if ($level == 'read') {
 137             $page_read['text'] = auth_pmwiki_to_smarty($page_read['text'], $passwds['read']);
 138             $page_read['text'] = $panel.$page_read['text'];
 139         }
 140
 141         return $page_read;
 142     }
 143
 144     // if we arrive here, the user doesn't have enough permission to access page
 145
 146     // maybe it is because he is not identified
 147     if ($authprompt && !S::identified()) {
 148         require_once dirname(__FILE__).'/../classes/Platal.php';
 149         require_once dirname(__FILE__).'/../classes/PLModule.php';
 150         $platal = new Platal();
 151         $platal->force_login($page);
 152     }
 153
 154     if (S::has_perms()) {
 155         $page->trig('Erreur : page Wiki inutilisable sur plat/al');
 156     }
 157     $page->run();
 158 }
 159
 160 ?>