function setaclPages(&$request, $pages, $acl)
{
$ul = HTML::ul();
$count = 0;
$dbi =& $request->_dbi;
// check new_group and new_perm
if (isset($acl['_add_group'])) {
//add groups with perm
foreach ($acl['_add_group'] as $access => $dummy) {
$group = $acl['_new_group'][$access];
$acl[$access][$group] = isset($acl['_new_perm'][$access]) ? 1 : 0;
}
unset($acl['_add_group']);
}
unset($acl['_new_group']);
unset($acl['_new_perm']);
if (isset($acl['_del_group'])) {
//del groups with perm
foreach ($acl['_del_group'] as $access => $del) {
while (list($group, $dummy) = each($del)) {
unset($acl[$access][$group]);
}
}
unset($acl['_del_group']);
}
if ($perm = new PagePermission($acl)) {
$perm->sanify();
foreach ($pages as $pagename) {
// check if unchanged? we need a deep array_equal
$page = $dbi->getPage($pagename);
$oldperm = getPagePermissions($page);
if ($oldperm) {
$oldperm->sanify();
}
if ($oldperm and $perm->equal($oldperm->perm)) {
// (serialize($oldperm->perm) == serialize($perm->perm))
$ul->pushContent(HTML::li(fmt("ACL not changed for page '%s'.", $pagename)));
} elseif (mayAccessPage('change', $pagename)) {
setPagePermissions($page, $perm);
$ul->pushContent(HTML::li(fmt("ACL changed for page '%s'.", $pagename)));
$count++;
} else {
$ul->pushContent(HTML::li(fmt("Access denied to change page '%s'.", $pagename)));
}
}
} else {
$ul->pushContent(HTML::li(fmt("Invalid ACL")));
}
if ($count) {
$dbi->touch();
return HTML($ul, HTML::p(fmt("%s pages have been changed.", $count)));
} else {
return HTML($ul, HTML::p(fmt("No pages changed.")));
}
}
function setaclPages(&$request, $pages, $acl)
{
$result = HTML::div();
$count = 0;
$dbi =& $request->_dbi;
// check new_group and new_perm
if (isset($acl['_add_group'])) {
//add groups with perm
foreach ($acl['_add_group'] as $access => $dummy) {
$group = $acl['_new_group'][$access];
$acl[$access][$group] = isset($acl['_new_perm'][$access]) ? 1 : 0;
}
unset($acl['_add_group']);
}
unset($acl['_new_group']);
unset($acl['_new_perm']);
if (isset($acl['_del_group'])) {
//del groups with perm
foreach ($acl['_del_group'] as $access => $del) {
while (list($group, $dummy) = each($del)) {
unset($acl[$access][$group]);
}
}
unset($acl['_del_group']);
}
if ($perm = new PagePermission($acl)) {
$perm->sanify();
foreach ($pages as $pagename) {
// check if unchanged? we need a deep array_equal
$page = $dbi->getPage($pagename);
$oldperm = getPagePermissions($page);
if ($oldperm) {
$oldperm->sanify();
}
if ($oldperm and $perm->equal($oldperm->perm)) {
$result->setAttr('class', 'error');
$result->pushContent(HTML::p(fmt("ACL not changed for page '%s'.", $pagename)));
} elseif (mayAccessPage('change', $pagename)) {
setPagePermissions($page, $perm);
$result->setAttr('class', 'feedback');
$result->pushContent(HTML::p(fmt("ACL changed for page '%s'", $pagename)));
$result->pushContent(HTML::p(fmt("from '%s'", $oldperm ? $oldperm->asAclLines() : "None")));
$result->pushContent(HTML::p(fmt("to '%s'.", $perm->asAclLines())));
// Create new revision so that ACL change appears in history.
$current = $page->getCurrentRevision();
$version = $current->getVersion();
$meta = $current->_data;
$text = $current->getPackedContent();
$meta['summary'] = sprintf(_("ACL changed for page '%s' from '%s' to '%s'."), $pagename, $oldperm ? $oldperm->asAclLines() : "None", $perm->asAclLines());
$meta['is_minor_edit'] = 1;
$meta['author'] = $request->_user->UserName();
unset($meta['mtime']);
// force new date
$page->save($text, $version + 1, $meta);
$count++;
} else {
$result->setAttr('class', 'error');
$result->pushContent(HTML::p(fmt("Access denied to change page '%s'.", $pagename)));
}
}
} else {
$result->pushContent(HTML::p(fmt("Invalid ACL")));
}
if ($count) {
$dbi->touch();
$result->setAttr('class', 'feedback');
if ($count > 1) {
$result->pushContent(HTML::p(fmt("%s pages have been changed.", $count)));
}
} else {
$result->setAttr('class', 'error');
$result->pushContent(HTML::p(fmt("No pages changed.")));
}
return $result;
}
require_once '../src/authentication/ActionPermissions.php';
require_once '../src/authentication/PagePermissions.php';
/*
* auth.php
*
* This script verifies that a user is logged in and, if not, sends them
* to the login page. It must be included in every file that should be
* protected from unauthorized access (ie, all admin scripts/files)
*
*/
//we need to check the sesssion to ensure that A) it matchees the user id that was signed in with
if (session_id() == '') {
session_start();
}
if (isset($_SESSION['UID']) && isset($_SESSION['USER']) && isUserObjectValid()) {
$GLOBALS['BAC_PAGE_PERMISSIONS'] = setPagePermissions();
} else {
header("Location: " . get_absolute_uri('login.php'));
die;
}
function setPagePermissions()
{
$uri = $_SERVER['REQUEST_URI'];
$page = strrchr($uri, '/');
$page = substr($page, 1, strrpos($page, '.') - 1);
return $_SESSION['USER']->getPagePermission($page);
}
//TODO: validate the user object held in the session
function isUserObjectValid()
{
return true;
