/**
* Checks if the current user is allowed to execute non anonymous methods
*/
function checkAuth()
{
global $conf;
global $USERINFO;
if (!$conf['useacl']) {
return true;
}
//no ACL - then no checks
if (trim($conf['xmlrpcuser']) == '') {
return true;
}
//no restrictions
return auth_isMember($conf['xmlrpcuser'], $_SERVER['REMOTE_USER'], (array) $USERINFO['grps']);
}
/**
* Check if a user is a manager
*
* Should usually be called without any parameters to check the current
* user.
*
* The info is available through $INFO['ismanager'], too
*
* @author Andreas Gohr <*****@*****.**>
* @see auth_isadmin
* @param string $user Username
* @param array $groups List of groups the user is in
* @param bool $adminonly when true checks if user is admin
* @return bool
*/
function auth_ismanager($user = null, $groups = null, $adminonly = false)
{
global $conf;
global $USERINFO;
/* @var auth_basic $auth */
global $auth;
if (!$auth) {
return false;
}
if (is_null($user)) {
if (!isset($_SERVER['REMOTE_USER'])) {
return false;
} else {
$user = $_SERVER['REMOTE_USER'];
}
}
if (is_null($groups)) {
$groups = (array) $USERINFO['grps'];
}
// check superuser match
if (auth_isMember($conf['superuser'], $user, $groups)) {
return true;
}
if ($adminonly) {
return false;
}
// check managers
if (auth_isMember($conf['manager'], $user, $groups)) {
return true;
}
return false;
}
/**
* @return bool true if the current user has access to remote api.
*/
public function hasAccess()
{
global $conf;
global $USERINFO;
if (!$conf['remote']) {
return false;
}
if (!$conf['useacl']) {
return true;
}
if (trim($conf['remoteuser']) == '') {
return true;
}
return auth_isMember($conf['remoteuser'], $_SERVER['REMOTE_USER'], (array) $USERINFO['grps']);
}
/**
* Check if a user is a manager
*
* Should usually be called without any parameters to check the current
* user.
*
* The info is available through $INFO['ismanager'], too
*
* @author Andreas Gohr <*****@*****.**>
* @see auth_isadmin
* @param string $user Username
* @param array $groups List of groups the user is in
* @param bool $adminonly when true checks if user is admin
* @return bool
*/
function auth_ismanager($user = null, $groups = null, $adminonly = false)
{
global $conf;
global $USERINFO;
/* @var DokuWiki_Auth_Plugin $auth */
global $auth;
/* @var Input $INPUT */
global $INPUT;
if (!$auth) {
return false;
}
if (is_null($user)) {
if (!$INPUT->server->has('REMOTE_USER')) {
return false;
} else {
$user = $INPUT->server->str('REMOTE_USER');
}
}
if (is_null($groups)) {
$groups = (array) $USERINFO['grps'];
}
// check superuser match
if (auth_isMember($conf['superuser'], $user, $groups)) {
return true;
}
if ($adminonly) {
return false;
}
// check managers
if (auth_isMember($conf['manager'], $user, $groups)) {
return true;
}
return false;
}
/**
* Determines if it would be okay to show a rename page button for the given page and current user
*
* @param $id
* @return bool
*/
public function renameOkay($id)
{
global $ACT;
global $USERINFO;
if (!($ACT == 'show' || empty($ACT))) {
return false;
}
if (!page_exists($id)) {
return false;
}
if (auth_quickaclcheck($id) < AUTH_EDIT) {
return false;
}
if (checklock($id) !== false || @file_exists(wikiLockFN($id))) {
return false;
}
if (!isset($_SERVER['REMOTE_USER'])) {
return false;
}
if (!auth_isMember($this->getConf('allowrename'), $_SERVER['REMOTE_USER'], (array) $USERINFO['grps'])) {
return false;
}
return true;
}
/**
* @return bool
*/
function isDiscussionMod()
{
global $USERINFO;
$groups = trim($this->getConf('moderatorgroups'));
if (auth_ismanager()) {
return true;
}
// Check if user is member of the moderator groups
if (!empty($groups) && auth_isMember($groups, $_SERVER['REMOTE_USER'], (array) $USERINFO['grps'])) {
return true;
}
return false;
}
/**
* @return bool true if the current user has access to remote api.
*/
public function hasAccess()
{
global $conf;
global $USERINFO;
/** @var Input $INPUT */
global $INPUT;
if (!$conf['remote']) {
return false;
}
if (!$conf['useacl']) {
return true;
}
if (trim($conf['remoteuser']) == '') {
return true;
}
return auth_isMember($conf['remoteuser'], $INPUT->server->str('REMOTE_USER'), (array) $USERINFO['grps']);
}
/**
* Checks if the current user may edit data in this schema
*
* @return bool
*/
public function isEditable()
{
global $USERINFO;
if ($this->editors == '') {
return true;
}
if (blank($_SERVER['REMOTE_USER'])) {
return false;
}
if (auth_isadmin()) {
return true;
}
return auth_isMember($this->editors, $_SERVER['REMOTE_USER'], $USERINFO['grps']);
}
/**
* Perform access check for current user
*
* @return bool true if the current user has access to remote api.
* @throws RemoteAccessDeniedException If remote access disabled
*/
public function hasAccess()
{
global $conf;
global $USERINFO;
/** @var Input $INPUT */
global $INPUT;
if (!$conf['remote']) {
throw new RemoteAccessDeniedException('server error. RPC server not enabled.', -32604);
//should not be here,just throw
}
if (trim($conf['remoteuser']) == '!!not set!!') {
return false;
}
if (!$conf['useacl']) {
return true;
}
if (trim($conf['remoteuser']) == '') {
return true;
}
return auth_isMember($conf['remoteuser'], $INPUT->server->str('REMOTE_USER'), (array) $USERINFO['grps']);
}
