/**
* if the current user has permission to publish pages, write the respective
* form data back to the database, thereby allowing a page to be published (with
* viewing rights for users not logged in) or not published.
*
* @param array save associative array of ewiki form data
*/
function ewiki_edit_save_liveuser_publish($save)
{
global $liveuser, $liveuserBaseRings;
// alter only if user has publisher right and form field exists
if ($liveuser->checkRight(LU_R_LW_PUBLISHER)) {
if (isset($_REQUEST['liveuserPermsPublish']) && $_REQUEST['liveuserPermsPublish'] == 'checked') {
liveuser_addPerm($save['id'], $liveuserBaseRings['view'], LU_R_NOTLOGGEDIN);
} else {
liveuser_removePerm($save['id'], LU_R_NOTLOGGEDIN);
}
}
}
/**
* admin gui for modifying LiveUser perms
*
* @param string id
* @param mixed data
* @param string action
* @return string page output response
*/
function ewiki_page_liveuser_admin_perms($id, $data, $action)
{
global $liveuserDB, $liveuserPermAdmin, $liveuserBaseRings;
ob_start();
// flip livewebRings keys to values, vice versa
$ringdefs = array_flip($liveuserBaseRings);
// check if viewing read only
$readonly = $id == 'AdminPermsReport';
// preserve filters across forms
$preservePageFilter = isset($_REQUEST['pagefilter']) ? $_REQUEST['pagefilter'] : '';
$preserveClassFilter = isset($_POST['classfilter']) ? $_POST['classfilter'] : '';
$preserveLetterFilter = isset($_REQUEST['letterfilter']) ? $_REQUEST['letterfilter'] : '';
echo ewiki_make_title($id, $id, 2);
$rights = $liveuserPermAdmin->getRights();
if (!$readonly) {
// Handle POSTed deletes or updates
foreach ($_POST as $key => $value) {
list($prefix, $id) = explode('_', $key, 2);
if ($prefix == 'chk' && is_numeric($id) && $value == 'on' && isset($_POST['submit_changeperm'])) {
if (liveuser_removePerm($id)) {
echo '<p>Permission ' . $id . ' was successfully deleted.</p>';
} else {
echo '<p>Deletion of permission ' . $id . ' failed.</p>';
}
}
if ($prefix == 'ring' && is_numeric($id) && $value != '-1' && isset($_POST['submit_changeperm'])) {
if (liveuser_addPerm($id, $value)) {
echo '<p>Permission ' . $id . ' was successfully updated.</p>';
} else {
echo '<p>Update of permission ' . $id . ' failed.</p>';
}
}
}
// Handle POSTed new rows
if (!empty($_POST['pagename_text']) && !empty($_POST['right_list']) && isset($_POST['submit_addperm'])) {
$livewebperm = liveuser_checkPerm($_POST['pagename_text'], $_POST['right_list']);
if ($livewebperm === false) {
$livewebperm = liveuser_addPerm($_POST['pagename_text'], $_POST['ring_list'], $_POST['right_list']);
if ($livewebperm !== false) {
echo '<p>Permission for ' . $_POST['pagename_text'] . ' was successfully created.</p>';
} else {
echo '<p>Creation of permission for ' . $_POST['pagename_text'] . ' failed.</p>';
}
} else {
echo '<p>Permission for ' . $_POST['pagename_text'] . ' with class ' . $_POST['right_list'] . ' already exists.</p>';
}
}
// Show Add a new row section
?>
<form method="post" action="">
<h3>Add a Page Permission</h3>
<?php
echo empty($preservePageFilter) ? '' : '<input type="hidden" name="pagefilter" value="' . $preservePageFilter . '" />';
?>
<?php
echo empty($preserveClassFilter) ? '' : '<input type="hidden" name="classfilter" value="' . $preserveClassFilter . '" />';
?>
<?php
echo empty($preserveLetterFilter) ? '' : '<input type="hidden" name="letterfilter" value="' . $preserveLetterFilter . '" />';
?>
<label for="pagename_text">Page Name</label>
<input id="pagename_text" name="pagename_text" type="text" /><br />
<label for="ring_list">Permission Level</label>
<select id="ring_list" name="ring_list">
<?php
foreach ($ringdefs as $key => $value) {
echo '<option value="' . $key . '">' . $value . '</option>';
}
?>
</select><br />
<label for="right_list">Classes</label>
<select id="right_list" name="right_list">
<?php
foreach ($rights as $right) {
echo '<option value="' . $right['right_id'] . '">' . $right['define_name'] . '</option>';
}
?>
</select><br />
<input type="submit" name="submit_addperm" value="Create Permission" />
</form>
<?php
}
// Show filtering form
?>
<form method="post" action="<?php
echo ewiki_script('', $data['id']);
?>
">
<h3>Filter Permissions</h3>
<table>
<tr>
<td>
<label for="pagefilter">Page Name</label>
<input id="pagefilter" name="pagefilter" type="text" /><br />
</td>
<td>
<label for="classfilter">Class</label>
<select id="classfilter" name="classfilter">
<option value=""></option>
<?php
foreach ($rights as $right) {
echo '<option value="' . $right['right_id'] . '">' . $right['define_name'] . '</option>';
}
?>
</select>
</td>
<td><input type="submit" name="submit_filterperm" value="Filter" /></td>
</tr><tr><td colspan="3"><label>First Letter</label>
<?php
foreach (range('A', 'Z') as $letter) {
echo '<a href="' . ewiki_script('', $data['id'], array('letterfilter' => $letter)) . '">' . $letter . '</a> ';
}
?>
<a href="<?php
echo ewiki_script('', $data['id'], array('letterfilter' => '0-9'));
?>
">0-9</a>
<a href="<?php
echo ewiki_script('', $data['id'], array('letterfilter' => 'other'));
?>
">Other</a>
<a href="<?php
echo ewiki_script('', $data['id'], array('letterfilter' => 'all'));
?>
">All</a>
</td></tr></table>
</form>
<?php
// Show current table listing of pages and permissions
$query = '
SELECT ' . LW_PREFIX . '_perms.id, ' . LW_PREFIX . '_perms.pagename, ' . LW_PREFIX . '_perms.ring, liveuser_rights.right_define_name
FROM ' . LW_PREFIX . '_perms, liveuser_rights
WHERE ' . LW_PREFIX . '_perms.right_id = liveuser_rights.right_id';
$filter = '';
if (!empty($_REQUEST['pagefilter'])) {
$filter .= ' AND UPPER(' . LW_PREFIX . '_perms.pagename) LIKE "%' . strtoupper($_REQUEST['pagefilter']) . '%"';
}
if (!empty($_POST['classfilter'])) {
$filter .= ' AND ' . LW_PREFIX . '_perms.right_id = ' . $_POST['classfilter'];
}
if (!empty($_REQUEST['letterfilter'])) {
if (strlen($_REQUEST['letterfilter']) == 1 && $_REQUEST['letterfilter'] >= 'A' && $_REQUEST['letterfilter'] <= 'Z') {
$filter = ' AND UPPER(' . LW_PREFIX . '_perms.pagename) LIKE "' . $_REQUEST['letterfilter'] . '%"';
}
if ($_REQUEST['letterfilter'] == '0-9') {
$filter = ' AND ' . LW_PREFIX . '_perms.pagename REGEXP "^[0-9]"';
}
if ($_REQUEST['letterfilter'] == 'other') {
$filter = ' AND ' . LW_PREFIX . '_perms.pagename REGEXP "^[^0-9A-Za-z]"';
}
}
$query .= $filter;
$query .= ' ORDER BY ' . LW_PREFIX . '_perms.pagename ASC';
if (isset($_REQUEST['pagefilter']) || isset($_POST['classfilter']) || isset($_REQUEST['letterfilter'])) {
$perms = $liveuserDB->getAll($query);
if (is_array($perms) && !empty($perms)) {
if (!$readonly) {
// Display regular AdminPerms page
?>
<form method="post" action="">
<?php
echo empty($preservePageFilter) ? '' : '<input type="hidden" name="pagefilter" value="' . $preservePageFilter . '" />';
?>
<?php
echo empty($preserveClassFilter) ? '' : '<input type="hidden" name="classfilter" value="' . $preserveClassFilter . '" />';
?>
<?php
echo empty($preserveLetterFilter) ? '' : '<input type="hidden" name="letterfilter" value="' . $preserveLetterFilter . '" />';
?>
<h3>Edit Permissions</h3>
<table border="1">
<tr><th>Delete</th><th>Page Name</th><th>Permission Level</th><th>Class</th></tr>
<?php
foreach ($perms as $perm) {
?>
<tr>
<td><input name="chk_<?php
echo $perm['id'];
?>
" type="checkbox" /></td>
<td><a href="<?php
echo ewiki_script($perm['pagename']);
?>
"><?php
echo $perm['pagename'];
?>
</a></td>
<td><select name="ring_<?php
echo $perm['id'];
?>
">
<?php
foreach ($ringdefs as $key => $value) {
if ($key == $perm['ring']) {
echo '<option value="-1" selected>' . $value . '</option>';
} else {
echo '<option value="' . $key . '">' . $value . '</option>';
}
}
?>
</select></td>
<td><?php
echo $perm['right_define_name'];
?>
</td>
</tr>
<?php
}
?>
</table>
<input type="reset" value="Reset" />
<input name="submit_changeperm" type="submit" value="Submit Changes" />
</form>
<?php
} else {
// Display readonly AdminPermsReport page
?>
<h3>View Permissions</h3>
<table border="1">
<tr><th>Pagename</th><th>Perm Level</th><th>Class</th></tr>
<?php
foreach ($perms as $perm) {
?>
<tr>
<td><a href ="<?php
echo ewiki_script($perm['pagename']);
?>
"><?php
echo $perm['pagename'];
?>
</a></td>
<td><?php
echo $ringdefs[$perm['ring']];
?>
</td>
<td><?php
echo $perm['right_define_name'];
?>
</td>
</tr>
<?php
}
echo '</table>';
}
} else {
?>
<h3><?php
echo $readonly ? 'View' : 'Edit';
?>
Permissions</h3>
<p>No permissions were found in the database.</p>
<?php
}
}
$o = ob_get_contents();
ob_end_clean();
return $o;
}
liveuser_addPerm('WordIndex', $liveuserBaseRings['view'], $defs['LU_R_STAFF']);
liveuser_addPerm('PageCalendar', $liveuserBaseRings['view'], $defs['LU_R_STAFF']);
liveuser_addPerm('PageYearCalendar', $liveuserBaseRings['view'], $defs['LU_R_STAFF']);
liveuser_addPerm('OrphanedPages', $liveuserBaseRings['view'], $defs['LU_R_STAFF']);
liveuser_addPerm('NewestPages', $liveuserBaseRings['view'], $defs['LU_R_STAFF']);
liveuser_addPerm('MostVisitedPages', $liveuserBaseRings['view'], $defs['LU_R_STAFF']);
liveuser_addPerm('MostOftenChangedPages', $liveuserBaseRings['view'], $defs['LU_R_STAFF']);
liveuser_addPerm('UpdatedPages', $liveuserBaseRings['view'], $defs['LU_R_STAFF']);
liveuser_addPerm('FileUpload', $liveuserBaseRings['view'], $defs['LU_R_STAFF']);
liveuser_addPerm('FileDownload', $liveuserBaseRings['view'], $defs['LU_R_STAFF']);
liveuser_addPerm('AboutPlugins', $liveuserBaseRings['view'], $defs['LU_R_STAFF']);
// ability to create new pages
liveuser_addPerm('[NewPage]', $liveuserBaseRings['manage'], $defs['LU_R_STAFF']);
// set rights on all existing pagename's
foreach ($pagenames as $pagename) {
liveuser_addPerm($pagename['pagename'], $liveuserBaseRings['manage'], $defs['LU_R_STAFF']);
}
echo "// add the following lines to liveuser_conf.php\n";
foreach ($defs as $key => $value) {
echo 'define(\'' . $key . '\', ' . (is_numeric($value) ? $value : '\'' . $value . '\'') . ");\n";
define($key, $value);
}
// default user list
$users = array('user1', 'user2', 'user3');
// add users (password = username) and set group memberships for default users
foreach ($users as $user) {
if (liveuser_checkEntity('user', $user) === false) {
if (liveuser_addEntity('user', array($user, $user)) !== false) {
echo 'added user ' . $user . "\n";
}
$id = liveuser_checkEntity('user', $user);