Exemplo n.º 1
0
/**
 * admin gui for modifying LiveUser perms
 *
 * @param string id
 * @param mixed data
 * @param string action
 * @return string page output response
 */
function ewiki_page_liveuser_admin_perms($id, $data, $action)
{
    global $liveuserDB, $liveuserPermAdmin, $liveuserBaseRings;
    ob_start();
    // flip livewebRings keys to values, vice versa
    $ringdefs = array_flip($liveuserBaseRings);
    // check if viewing read only
    $readonly = $id == 'AdminPermsReport';
    // preserve filters across forms
    $preservePageFilter = isset($_REQUEST['pagefilter']) ? $_REQUEST['pagefilter'] : '';
    $preserveClassFilter = isset($_POST['classfilter']) ? $_POST['classfilter'] : '';
    $preserveLetterFilter = isset($_REQUEST['letterfilter']) ? $_REQUEST['letterfilter'] : '';
    echo ewiki_make_title($id, $id, 2);
    $rights = $liveuserPermAdmin->getRights();
    if (!$readonly) {
        // Handle POSTed deletes or updates
        foreach ($_POST as $key => $value) {
            list($prefix, $id) = explode('_', $key, 2);
            if ($prefix == 'chk' && is_numeric($id) && $value == 'on' && isset($_POST['submit_changeperm'])) {
                if (liveuser_removePerm($id)) {
                    echo '<p>Permission ' . $id . ' was successfully deleted.</p>';
                } else {
                    echo '<p>Deletion of permission ' . $id . ' failed.</p>';
                }
            }
            if ($prefix == 'ring' && is_numeric($id) && $value != '-1' && isset($_POST['submit_changeperm'])) {
                if (liveuser_addPerm($id, $value)) {
                    echo '<p>Permission ' . $id . ' was successfully updated.</p>';
                } else {
                    echo '<p>Update of permission ' . $id . ' failed.</p>';
                }
            }
        }
        // Handle POSTed new rows
        if (!empty($_POST['pagename_text']) && !empty($_POST['right_list']) && isset($_POST['submit_addperm'])) {
            $livewebperm = liveuser_checkPerm($_POST['pagename_text'], $_POST['right_list']);
            if ($livewebperm === false) {
                $livewebperm = liveuser_addPerm($_POST['pagename_text'], $_POST['ring_list'], $_POST['right_list']);
                if ($livewebperm !== false) {
                    echo '<p>Permission for ' . $_POST['pagename_text'] . ' was successfully created.</p>';
                } else {
                    echo '<p>Creation of permission for ' . $_POST['pagename_text'] . ' failed.</p>';
                }
            } else {
                echo '<p>Permission for ' . $_POST['pagename_text'] . ' with class ' . $_POST['right_list'] . ' already exists.</p>';
            }
        }
        // Show Add a new row section
        ?>
	    <form method="post" action="">
	    <h3>Add a Page Permission</h3>
            <?php 
        echo empty($preservePageFilter) ? '' : '<input type="hidden" name="pagefilter" value="' . $preservePageFilter . '" />';
        ?>
            <?php 
        echo empty($preserveClassFilter) ? '' : '<input type="hidden" name="classfilter" value="' . $preserveClassFilter . '" />';
        ?>
            <?php 
        echo empty($preserveLetterFilter) ? '' : '<input type="hidden" name="letterfilter" value="' . $preserveLetterFilter . '" />';
        ?>
	    <label for="pagename_text">Page Name</label>
	    <input id="pagename_text" name="pagename_text" type="text" /><br />
	    <label for="ring_list">Permission Level</label>
	    <select id="ring_list" name="ring_list">
        <?php 
        foreach ($ringdefs as $key => $value) {
            echo '<option value="' . $key . '">' . $value . '</option>';
        }
        ?>
	    </select><br />
	    <label for="right_list">Classes</label>
	    <select id="right_list" name="right_list">
        <?php 
        foreach ($rights as $right) {
            echo '<option value="' . $right['right_id'] . '">' . $right['define_name'] . '</option>';
        }
        ?>
	    </select><br />
	    <input type="submit" name="submit_addperm" value="Create Permission" />
	    </form>
        <?php 
    }
    // Show filtering form
    ?>
        <form method="post" action="<?php 
    echo ewiki_script('', $data['id']);
    ?>
">
        <h3>Filter Permissions</h3>
        <table>
        <tr>
            <td>
                <label for="pagefilter">Page Name</label>
                <input id="pagefilter" name="pagefilter" type="text" /><br />
            </td>
            <td>
                <label for="classfilter">Class</label>
                <select id="classfilter" name="classfilter">
                <option value=""></option>
    <?php 
    foreach ($rights as $right) {
        echo '<option value="' . $right['right_id'] . '">' . $right['define_name'] . '</option>';
    }
    ?>
                </select>
            </td>
            <td><input type="submit" name="submit_filterperm" value="Filter" /></td>
        </tr><tr><td colspan="3"><label>First Letter</label>&nbsp;&nbsp;
    <?php 
    foreach (range('A', 'Z') as $letter) {
        echo '<a href="' . ewiki_script('', $data['id'], array('letterfilter' => $letter)) . '">' . $letter . '</a>&nbsp;';
    }
    ?>
	<a href="<?php 
    echo ewiki_script('', $data['id'], array('letterfilter' => '0-9'));
    ?>
">0-9</a>
	<a href="<?php 
    echo ewiki_script('', $data['id'], array('letterfilter' => 'other'));
    ?>
">Other</a>
	<a href="<?php 
    echo ewiki_script('', $data['id'], array('letterfilter' => 'all'));
    ?>
">All</a>
	</td></tr></table>
        </form>
    <?php 
    // Show current table listing of pages and permissions
    $query = '
        SELECT ' . LW_PREFIX . '_perms.id, ' . LW_PREFIX . '_perms.pagename, ' . LW_PREFIX . '_perms.ring, liveuser_rights.right_define_name 
        FROM ' . LW_PREFIX . '_perms, liveuser_rights
        WHERE ' . LW_PREFIX . '_perms.right_id = liveuser_rights.right_id';
    $filter = '';
    if (!empty($_REQUEST['pagefilter'])) {
        $filter .= ' AND UPPER(' . LW_PREFIX . '_perms.pagename) LIKE "%' . strtoupper($_REQUEST['pagefilter']) . '%"';
    }
    if (!empty($_POST['classfilter'])) {
        $filter .= ' AND ' . LW_PREFIX . '_perms.right_id = ' . $_POST['classfilter'];
    }
    if (!empty($_REQUEST['letterfilter'])) {
        if (strlen($_REQUEST['letterfilter']) == 1 && $_REQUEST['letterfilter'] >= 'A' && $_REQUEST['letterfilter'] <= 'Z') {
            $filter = ' AND UPPER(' . LW_PREFIX . '_perms.pagename) LIKE "' . $_REQUEST['letterfilter'] . '%"';
        }
        if ($_REQUEST['letterfilter'] == '0-9') {
            $filter = ' AND ' . LW_PREFIX . '_perms.pagename REGEXP "^[0-9]"';
        }
        if ($_REQUEST['letterfilter'] == 'other') {
            $filter = ' AND ' . LW_PREFIX . '_perms.pagename REGEXP "^[^0-9A-Za-z]"';
        }
    }
    $query .= $filter;
    $query .= ' ORDER BY ' . LW_PREFIX . '_perms.pagename ASC';
    if (isset($_REQUEST['pagefilter']) || isset($_POST['classfilter']) || isset($_REQUEST['letterfilter'])) {
        $perms = $liveuserDB->getAll($query);
        if (is_array($perms) && !empty($perms)) {
            if (!$readonly) {
                // Display regular AdminPerms page
                ?>
		    <form method="post" action="">
		    <?php 
                echo empty($preservePageFilter) ? '' : '<input type="hidden" name="pagefilter" value="' . $preservePageFilter . '" />';
                ?>
		    <?php 
                echo empty($preserveClassFilter) ? '' : '<input type="hidden" name="classfilter" value="' . $preserveClassFilter . '" />';
                ?>
		    <?php 
                echo empty($preserveLetterFilter) ? '' : '<input type="hidden" name="letterfilter" value="' . $preserveLetterFilter . '" />';
                ?>
                    <h3>Edit Permissions</h3>
		    <table border="1">
		    <tr><th>Delete</th><th>Page Name</th><th>Permission Level</th><th>Class</th></tr>
                <?php 
                foreach ($perms as $perm) {
                    ?>
			<tr>
                            <td><input name="chk_<?php 
                    echo $perm['id'];
                    ?>
" type="checkbox" /></td>
                            <td><a href="<?php 
                    echo ewiki_script($perm['pagename']);
                    ?>
"><?php 
                    echo $perm['pagename'];
                    ?>
</a></td>
                            <td><select name="ring_<?php 
                    echo $perm['id'];
                    ?>
">
                    <?php 
                    foreach ($ringdefs as $key => $value) {
                        if ($key == $perm['ring']) {
                            echo '<option value="-1" selected>' . $value . '</option>';
                        } else {
                            echo '<option value="' . $key . '">' . $value . '</option>';
                        }
                    }
                    ?>
                            </select></td>
                            <td><?php 
                    echo $perm['right_define_name'];
                    ?>
</td>
                        </tr>
                    <?php 
                }
                ?>
                    </table>
                    <input type="reset" value="Reset" />
                    <input name="submit_changeperm" type="submit" value="Submit Changes" />
                    </form>
                <?php 
            } else {
                // Display readonly AdminPermsReport page
                ?>
                    <h3>View Permissions</h3>
		    <table border="1">
		    <tr><th>Pagename</th><th>Perm Level</th><th>Class</th></tr>
                <?php 
                foreach ($perms as $perm) {
                    ?>
			<tr>
                            <td><a href ="<?php 
                    echo ewiki_script($perm['pagename']);
                    ?>
"><?php 
                    echo $perm['pagename'];
                    ?>
</a></td>
                            <td><?php 
                    echo $ringdefs[$perm['ring']];
                    ?>
</td>
                            <td><?php 
                    echo $perm['right_define_name'];
                    ?>
</td>
                        </tr>
                    <?php 
                }
                echo '</table>';
            }
        } else {
            ?>
                <h3><?php 
            echo $readonly ? 'View' : 'Edit';
            ?>
 Permissions</h3>
                <p>No permissions were found in the database.</p>
            <?php 
        }
    }
    $o = ob_get_contents();
    ob_end_clean();
    return $o;
}
Exemplo n.º 2
0
/**
 * if the current user has permission to publish pages, write the respective
 * form data back to the database, thereby allowing a page to be published (with
 * viewing rights for users not logged in) or not published.
 *
 * @param array save associative array of ewiki form data
 */
function ewiki_edit_save_liveuser_publish($save)
{
    global $liveuser, $liveuserBaseRings;
    // alter only if user has publisher right and form field exists
    if ($liveuser->checkRight(LU_R_LW_PUBLISHER)) {
        if (isset($_REQUEST['liveuserPermsPublish']) && $_REQUEST['liveuserPermsPublish'] == 'checked') {
            liveuser_addPerm($save['id'], $liveuserBaseRings['view'], LU_R_NOTLOGGEDIN);
        } else {
            liveuser_removePerm($save['id'], LU_R_NOTLOGGEDIN);
        }
    }
}