function setaclPages(&$request, $pages, $acl) { $ul = HTML::ul(); $count = 0; $dbi =& $request->_dbi; // check new_group and new_perm if (isset($acl['_add_group'])) { //add groups with perm foreach ($acl['_add_group'] as $access => $dummy) { $group = $acl['_new_group'][$access]; $acl[$access][$group] = isset($acl['_new_perm'][$access]) ? 1 : 0; } unset($acl['_add_group']); } unset($acl['_new_group']); unset($acl['_new_perm']); if (isset($acl['_del_group'])) { //del groups with perm foreach ($acl['_del_group'] as $access => $del) { while (list($group, $dummy) = each($del)) { unset($acl[$access][$group]); } } unset($acl['_del_group']); } if ($perm = new PagePermission($acl)) { $perm->sanify(); foreach ($pages as $pagename) { // check if unchanged? we need a deep array_equal $page = $dbi->getPage($pagename); $oldperm = getPagePermissions($page); if ($oldperm) { $oldperm->sanify(); } if ($oldperm and $perm->equal($oldperm->perm)) { // (serialize($oldperm->perm) == serialize($perm->perm)) $ul->pushContent(HTML::li(fmt("ACL not changed for page '%s'.", $pagename))); } elseif (mayAccessPage('change', $pagename)) { setPagePermissions($page, $perm); $ul->pushContent(HTML::li(fmt("ACL changed for page '%s'.", $pagename))); $count++; } else { $ul->pushContent(HTML::li(fmt("Access denied to change page '%s'.", $pagename))); } } } else { $ul->pushContent(HTML::li(fmt("Invalid ACL"))); } if ($count) { $dbi->touch(); return HTML($ul, HTML::p(fmt("%s pages have been changed.", $count))); } else { return HTML($ul, HTML::p(fmt("No pages changed."))); } }
function setaclPages(&$request, $pages, $acl) { $result = HTML::div(); $count = 0; $dbi =& $request->_dbi; // check new_group and new_perm if (isset($acl['_add_group'])) { //add groups with perm foreach ($acl['_add_group'] as $access => $dummy) { $group = $acl['_new_group'][$access]; $acl[$access][$group] = isset($acl['_new_perm'][$access]) ? 1 : 0; } unset($acl['_add_group']); } unset($acl['_new_group']); unset($acl['_new_perm']); if (isset($acl['_del_group'])) { //del groups with perm foreach ($acl['_del_group'] as $access => $del) { while (list($group, $dummy) = each($del)) { unset($acl[$access][$group]); } } unset($acl['_del_group']); } if ($perm = new PagePermission($acl)) { $perm->sanify(); foreach ($pages as $pagename) { // check if unchanged? we need a deep array_equal $page = $dbi->getPage($pagename); $oldperm = getPagePermissions($page); if ($oldperm) { $oldperm->sanify(); } if ($oldperm and $perm->equal($oldperm->perm)) { $result->setAttr('class', 'error'); $result->pushContent(HTML::p(fmt("ACL not changed for page '%s'.", $pagename))); } elseif (mayAccessPage('change', $pagename)) { setPagePermissions($page, $perm); $result->setAttr('class', 'feedback'); $result->pushContent(HTML::p(fmt("ACL changed for page '%s'", $pagename))); $result->pushContent(HTML::p(fmt("from '%s'", $oldperm ? $oldperm->asAclLines() : "None"))); $result->pushContent(HTML::p(fmt("to '%s'.", $perm->asAclLines()))); // Create new revision so that ACL change appears in history. $current = $page->getCurrentRevision(); $version = $current->getVersion(); $meta = $current->_data; $text = $current->getPackedContent(); $meta['summary'] = sprintf(_("ACL changed for page '%s' from '%s' to '%s'."), $pagename, $oldperm ? $oldperm->asAclLines() : "None", $perm->asAclLines()); $meta['is_minor_edit'] = 1; $meta['author'] = $request->_user->UserName(); unset($meta['mtime']); // force new date $page->save($text, $version + 1, $meta); $count++; } else { $result->setAttr('class', 'error'); $result->pushContent(HTML::p(fmt("Access denied to change page '%s'.", $pagename))); } } } else { $result->pushContent(HTML::p(fmt("Invalid ACL"))); } if ($count) { $dbi->touch(); $result->setAttr('class', 'feedback'); if ($count > 1) { $result->pushContent(HTML::p(fmt("%s pages have been changed.", $count))); } } else { $result->setAttr('class', 'error'); $result->pushContent(HTML::p(fmt("No pages changed."))); } return $result; }
require_once '../src/authentication/ActionPermissions.php'; require_once '../src/authentication/PagePermissions.php'; /* * auth.php * * This script verifies that a user is logged in and, if not, sends them * to the login page. It must be included in every file that should be * protected from unauthorized access (ie, all admin scripts/files) * */ //we need to check the sesssion to ensure that A) it matchees the user id that was signed in with if (session_id() == '') { session_start(); } if (isset($_SESSION['UID']) && isset($_SESSION['USER']) && isUserObjectValid()) { $GLOBALS['BAC_PAGE_PERMISSIONS'] = setPagePermissions(); } else { header("Location: " . get_absolute_uri('login.php')); die; } function setPagePermissions() { $uri = $_SERVER['REQUEST_URI']; $page = strrchr($uri, '/'); $page = substr($page, 1, strrpos($page, '.') - 1); return $_SESSION['USER']->getPagePermission($page); } //TODO: validate the user object held in the session function isUserObjectValid() { return true;