/** * Check permission per page. * Returns true or false. */ function mayAccessPage($access, $pagename) { if (ENABLE_PAGEPERM) { return _requiredAuthorityForPagename($access, $pagename); } else { return true; } }
function _requiredAuthorityForPagename($access, $pagename) { static $permcache = array(); if (array_key_exists($pagename, $permcache) and array_key_exists($access, $permcache[$pagename])) { return $permcache[$pagename][$access]; } global $request; $page = $request->getPage($pagename); // Page not found; check against default permissions if (!$page->exists()) { $perm = new PagePermission(); $result = $perm->isAuthorized($access, $request->_user) === true; $permcache[$pagename][$access] = $result; return $result; } // no ACL defined; check for special dotfile or walk down if (!($perm = getPagePermissions($page))) { if ($pagename == '.') { $perm = new PagePermission(); if ($perm->isAuthorized('change', $request->_user)) { // warn the user to set ACL of ".", if he has permissions to do so. trigger_error(". (dotpage == rootpage for inheriting pageperm ACLs) exists without any ACL!\n" . "Please do ?action=setacl&pagename=.", E_USER_WARNING); } $result = $perm->isAuthorized($access, $request->_user) === true; $permcache[$pagename][$access] = $result; return $result; } elseif ($pagename[0] == '.') { $perm = new PagePermission(PagePermission::dotPerms()); $result = $perm->isAuthorized($access, $request->_user) === true; $permcache[$pagename][$access] = $result; return $result; } return _requiredAuthorityForPagename($access, getParentPage($pagename)); } // ACL defined; check if isAuthorized returns true or false or undecided $authorized = $perm->isAuthorized($access, $request->_user); if ($authorized !== -1) { // interestingly true is also -1 $permcache[$pagename][$access] = $authorized; return $authorized; } elseif ($pagename == '.') { return false; } else { return _requiredAuthorityForPagename($access, getParentPage($pagename)); } }