mbirth/LuckyCoinkydink
1
0
Fork 0
Code Issues Pull Requests Activity

Major new feature: Allow to restrict plugin hooks and plugins to only specific usergroups

Browse Source
This commit is contained in:
Garvin Hicking 2006-08-23 13:51:56 +00:00
parent bfaa79709f
commit ae10cad21c
11 changed files with 171 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/NEWS
View File

@ -1,11 +1,17 @@
# $Id$
Version 1.1-beta2 ()
Version 1.1-beta4 ()
------------------------------------------------------------------------
* Group management now allows to disallow certain plugins or even
specific plugin hooks per usergroup (garvinhicking)
Version 1.1-beta3 ()
------------------------------------------------------------------------
* Change permalinks to allow "%" in URLS. Fix templatedropdown
plugin to remove double "//". Fix bad htmlspecialchars of the
RDF ident link.
RDF ident link. (garvinhicking)
* Allow to apply current permissions of a directory to all sub-
directories (Matthew Groeninger)

60
include/admin/groups.inc.php
View File

@ -21,7 +21,7 @@ if (isset($_POST['DELETE_YES']) && serendipity_checkFormToken()) {
if (isset($_POST['SAVE_NEW']) && serendipity_checkFormToken()) {
$serendipity['POST']['group'] = serendipity_addGroup($serendipity['POST']['name']);
$perms = serendipity_getAllPermissionNames();
serendipity_updateGroupConfig($serendipity['POST']['group'], $perms, $serendipity['POST']);
serendipity_updateGroupConfig($serendipity['POST']['group'], $perms, $serendipity['POST'], false, $serendipity['POST']['forbidden_plugins'], $serendipity['POST']['forbidden_hooks']);
printf('<div class="serendipityAdminMsgSuccess">' . CREATED_GROUP . '</div>', '#' . $serendipity['POST']['group'] . ', ' . $serendipity['POST']['name']);
}
@ -29,7 +29,7 @@ if (isset($_POST['SAVE_NEW']) && serendipity_checkFormToken()) {
/* Edit a group */
if (isset($_POST['SAVE_EDIT']) && serendipity_checkFormToken()) {
$perms = serendipity_getAllPermissionNames();
serendipity_updateGroupConfig($serendipity['POST']['group'], $perms, $serendipity['POST']);
serendipity_updateGroupConfig($serendipity['POST']['group'], $perms, $serendipity['POST'], false, $serendipity['POST']['forbidden_plugins'], $serendipity['POST']['forbidden_hooks']);
printf('<div class="serendipityAdminMsgSuccess">' . MODIFIED_GROUP . '</div>', $serendipity['POST']['name']);
}
@ -135,6 +135,10 @@ foreach($allusers AS $user) {
$perms = serendipity_getAllPermissionNames();
ksort($perms);
foreach($perms AS $perm => $userlevels) {
if (substr($perm, 0, 2) == 'f_') {
continue;
}
if (isset($from[$perm]) && $from[$perm] === 'true') {
$selected = 'checked="checked"';
} else {
@ -172,6 +176,58 @@ foreach($allusers AS $user) {
echo "</tr>\n";
}
}
if ($serendipity['enablePluginACL']) {
$allplugins =& serendipity_plugin_api::get_event_plugins();
$allhooks = array();
?>
<tr>
<td colspan="2">&nbsp;</td>
</tr>
<tr>
<td valign="top"><?php echo PERMISSION_FORBIDDEN_PLUGINS; ?></td>
<td>
<select name="serendipity[forbidden_plugins][]" multiple="multiple" size="5">
<?php
foreach($allplugins AS $plugid => $currentplugin) {
foreach($currentplugin['b']->properties['event_hooks'] AS $hook => $set) {
$allhooks[$hook] = true;
}
echo '<option value="' . urlencode($plugid) . '" ' . (serendipity_hasPluginPermissions($plugid) ? '' : 'selected="selected"') . '>' . htmlspecialchars($currentplugin['b']->properties['name']) . '</option>' . "\n";
}
ksort($allhooks);
?>
</select>
</td>
</tr>
<tr>
<td colspan="2">&nbsp;</td>
</tr>
<tr>
<td valign="top"><?php echo PERMISSION_FORBIDDEN_HOOKS; ?></td>
<td>
<select name="serendipity[forbidden_hooks][]" multiple="multiple" size="5">
<?php
foreach($allhooks AS $hook => $set) {
echo '<option value="' . urlencode($hook) . '" ' . (serendipity_hasPluginPermissions($hook) ? '' : 'selected="selected"') . '>' . htmlspecialchars($hook) . '</option>' . "\n";
}
?>
</select>
</td>
</tr>
<?php
} else {
?>
<tr>
<td colspan="2">&nbsp;</td>
</tr>
<tr>
<td colspan="2"><?php echo PERMISSION_FORBIDDEN_ENABLE_DESC; ?></td>
</tr>
<?php
}
?>
</table>

1
include/db/mysql.inc.php
View File

@ -88,7 +88,6 @@ function &serendipity_db_query($sql, $single = false, $result_type = "both", $re
echo "[bench: " . ($end-$start) . "s] $sql<br />\n";
}
if (!$expectError && mysql_error($serendipity['dbConn']) != '') {
$msg = '<pre>' . $sql . '</pre> / ' . mysql_error($serendipity['dbConn']);
return $msg;

67
include/functions_config.inc.php
View File

@ -990,7 +990,11 @@ function serendipity_checkPermission($permName, $authorid = null, $returnMyGroup
}
if ($returnMyGroups) {
return $group[$authorid]['membership'];
if ($returnMyGroups === 'all') {
return $group[$authorid];
} else {
return $group[$authorid]['membership'];
}
}
if ($authorid == $serendipity['authorid'] && $serendipity['no_create']) {
@ -1322,9 +1326,11 @@ function serendipity_intersectGroup($checkuser = null, $myself = null) {
* @param array The associative array of permission names
* @param array The associative array of new values for the permissions. Needs the same associative keys like the $perms array.
* @param bool Indicates if an all new privilege should be inserted (true) or if an existing privilege is going to be checked
* @param array The associative array of plugin permission names
* @param array The associative array of plugin permission hooks
* @return true
*/
function serendipity_updateGroupConfig($groupid, &$perms, &$values, $isNewPriv = false) {
function serendipity_updateGroupConfig($groupid, &$perms, &$values, $isNewPriv = false, $forbidden_plugins = null, $forbidden_hooks = null) {
global $serendipity;
if (!serendipity_checkPermission('adminUsersGroups')) {
@ -1343,6 +1349,10 @@ function serendipity_updateGroupConfig($groupid, &$perms, &$values, $isNewPriv =
serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}groupconfig WHERE id = " . (int)$groupid);
foreach ($perms AS $perm => $userlevels) {
if (substr($perm, 0, 2) == 'f_') {
continue;
}
if (isset($values[$perm]) && $values[$perm] == 'true') {
$value = 'true';
} elseif (isset($values[$perm]) && $values[$perm] === 'false') {
@ -1370,6 +1380,28 @@ function serendipity_updateGroupConfig($groupid, &$perms, &$values, $isNewPriv =
);
}
if (is_array($forbidden_plugins)) {
foreach($forbidden_plugins AS $plugid) {
serendipity_db_query(
sprintf("INSERT INTO {$serendipity['dbPrefix']}groupconfig (id, property, value) VALUES (%d, '%s', 'true')",
(int)$groupid,
serendipity_db_escape_string('f_' . urldecode($plugid))
)
);
}
}
if (is_array($forbidden_hooks)) {
foreach($forbidden_hooks AS $hook) {
serendipity_db_query(
sprintf("INSERT INTO {$serendipity['dbPrefix']}groupconfig (id, property, value) VALUES (%d, '%s', 'true')",
(int)$groupid,
serendipity_db_escape_string('f_' . urldecode($hook))
)
);
}
}
serendipity_db_query("UPDATE {$serendipity['dbPrefix']}groups SET name = '" . serendipity_db_escape_string($values['name']) . "' WHERE id = " . (int)$groupid);
if (is_array($values['members'])) {
@ -1824,4 +1856,35 @@ function &serendipity_loadThemeOptions(&$template_config) {
return $template_vars;
}
function serendipity_hasPluginPermissions($plugin) {
static $forbidden = null;
global $serendipity;
if (empty($serendipity['authorid'])) {
return true;
}
if ($forbidden === null) {
$forbidden = array();
$groups =& serendipity_checkPermission(null, null, 'all');
foreach($groups AS $idx => $group) {
if ($idx == 'membership') {
continue;
}
foreach($group AS $key => $val) {
if (substr($key, 0, 2) == 'f_') {
$forbidden[$key] = true;
}
}
}
}
if (isset($forbidden['f_' . $plugin])) {
return false;
} else {
return true;
}
}
/* vim: set sts=4 ts=4 expandtab : */

8
include/plugin_api.inc.php
View File

@ -972,6 +972,10 @@ class serendipity_plugin_api {
return false;
}
if ($serendipity['enablePluginACL'] && !serendipity_hasPluginPermissions($event_name)) {
return false;
}
// We can NOT use a "return by reference" here, because then when
// a plugin executes another event_hook, the referenced variable within
// that call will overwrite the previous original plugin listing and
@ -985,6 +989,7 @@ class serendipity_plugin_api {
$bag = &$plugin_data['b'];
$phooks = &$bag->get('event_hooks');
if (isset($phooks[$event_name])) {
// Check for cachable events.
if (isset($eventData['is_cached']) && $eventData['is_cached']) {
$chooks = &$bag->get('cachable_events');
@ -993,6 +998,9 @@ class serendipity_plugin_api {
}
}
if ($serendipity['enablePluginACL'] && !serendipity_hasPluginPermissions($plugin)) {
continue;
}
$plugin_data['p']->event_hook($event_name, $bag, $eventData, $addData);
}
}

7
include/tpl/config_local.inc.php
View File

@ -377,6 +377,13 @@
'type' => 'bool',
'default' => false,
'permission' => 'blogConfiguration'),
array('var' => 'enablePluginACL',
'title' => PERMISSION_FORBIDDEN_ENABLE,
'description' => PERMISSION_FORBIDDEN_ENABLE_DESC,
'type' => 'bool',
'default' => false,
'permission' => 'blogConfiguration'),
));
$res['display'] =

2
serendipity_config.inc.php
View File

@ -27,7 +27,7 @@ if (IS_installed === true && !defined('IN_serendipity')) {
include(S9Y_INCLUDE_PATH . 'include/compat.inc.php');
// The version string
$serendipity['version'] = '1.1-beta3';
$serendipity['version'] = '1.1-beta4';
// Setting this to 'false' will enable debugging output. All alpa/beta/cvs snapshot versions will emit debug information by default. To increase the debug level (to enable Smarty debugging), set this flag to 'debug'.
$serendipity['production'] = (preg_match('@\-(alpha|beta|cvs)@', $serendipity['version']) ? false : true);

4
sql/db.sql
View File

@ -30,8 +30,8 @@ create table {PREFIX}groups (
create table {PREFIX}groupconfig (
id int(10) {UNSIGNED} not null default '0',
property varchar(64) default null,
value varchar(128) default null
property varchar(128) default null,
value varchar(32) default null
) {UTF_8};
CREATE INDEX groupid_idx ON {PREFIX}groupconfig (id);

2
sql/db_update_1.1-beta3_1.1-beta4_mysql.sql Normal file
View File

@ -0,0 +1,2 @@
ALTER TABLE {PREFIX}groupconfig CHANGE property property varchar(128) NULL DEFAULT NULL;
ALTER TABLE {PREFIX}groupconfig CHANGE value value varchar(64) NULL DEFAULT NULL;

0
sql/db_update_1.1-beta3_1.1-beta4_postgres.sql Normal file
View File

20
sql/db_update_1.1-beta3_1.1-beta4_sqlite.sql Normal file
View File

@ -0,0 +1,20 @@
create table {PREFIX}tempgroupconfig (
id int(10) {UNSIGNED} not null default '0',
property varchar(128) default null,
value varchar(32) default null
) {UTF_8};
INSERT INTO {PREFIX}tempgroupconfig (id,property,value) SELECT id,property,value FROM {PREFIX}groupconfig;
DROP TABLE {PREFIX}groupconfig;
create table {PREFIX}groupconfig (
id int(10) {UNSIGNED} not null default '0',
property varchar(128) default null,
value varchar(32) default null
) {UTF_8};
CREATE INDEX groupid_idx ON {PREFIX}groupconfig (id);
CREATE INDEX groupprop_idx ON {PREFIX}groupconfig (id, property);
INSERT INTO {PREFIX}groupconfig (id,property,value) SELECT id,property,value FROM {PREFIX}tempgroupconfig;
DROP TABLE {PREFIX}tempgroupconfig;