includes/pageutils.php
changeset 219 b1530b6a06d2
parent 218 e878bcf0227e
child 226 0e6478521004
equal deleted inserted replaced
218:e878bcf0227e 219:b1530b6a06d2
  2160    */
  2160    */
  2161    
  2161    
  2162   function aclmanager($parms)
  2162   function aclmanager($parms)
  2163   {
  2163   {
  2164     global $db, $session, $paths, $template, $plugins; // Common objects
  2164     global $db, $session, $paths, $template, $plugins; // Common objects
       
  2165     global $lang;
  2165     ob_start();
  2166     ob_start();
  2166     // Convenience
  2167     // Convenience
  2167     $formstart = '<form 
  2168     $formstart = '<form 
  2168                     action="' . makeUrl($paths->page, 'do=aclmanager', true) . '"
  2169                     action="' . makeUrl($paths->page, 'do=aclmanager', true) . '"
  2169                     method="post" enctype="multipart/form-data"
  2170                     method="post" enctype="multipart/form-data"
  2180     {
  2181     {
  2181       case 'debug':
  2182       case 'debug':
  2182         echo '<pre>' . htmlspecialchars($response['text']) . '</pre>';
  2183         echo '<pre>' . htmlspecialchars($response['text']) . '</pre>';
  2183         break;
  2184         break;
  2184       case 'stage1':
  2185       case 'stage1':
  2185         echo '<h3>Manage page access</h3>
  2186         echo '<h3>' . $lang->get('acl_lbl_welcome_title') . '</h3>
  2186               <p>Please select who should be affected by this access rule.</p>';
  2187               <p>' . $lang->get('acl_lbl_welcome_body') . '</p>';
  2187         echo $formstart;
  2188         echo $formstart;
  2188         echo '<p><label><input type="radio" name="data[target_type]" value="' . ACL_TYPE_GROUP . '" checked="checked" /> A usergroup</label></p>
  2189         echo '<p><label><input type="radio" name="data[target_type]" value="' . ACL_TYPE_GROUP . '" checked="checked" /> ' . $lang->get('acl_radio_usergroup') . '</label></p>
  2189               <p><select name="data[target_id_grp]">';
  2190               <p><select name="data[target_id_grp]">';
  2190         foreach ( $response['groups'] as $group )
  2191         foreach ( $response['groups'] as $group )
  2191         {
  2192         {
  2192           echo '<option value="' . $group['id'] . '">' . $group['name'] . '</option>';
  2193           echo '<option value="' . $group['id'] . '">' . $group['name'] . '</option>';
  2193         }
  2194         }
       
  2195         
  2194         // page group selector
  2196         // page group selector
  2195         $groupsel = '';
  2197         $groupsel = '';
  2196         if ( count($response['page_groups']) > 0 )
  2198         if ( count($response['page_groups']) > 0 )
  2197         {
  2199         {
  2198           $groupsel = '<p><label><input type="radio" name="data[scope]" value="page_group" /> A group of pages</label></p>
  2200           $groupsel = '<p><label><input type="radio" name="data[scope]" value="page_group" /> ' . $lang->get('acl_radio_scope_pagegroup') . '</label></p>
  2199                        <p><select name="data[pg_id]">';
  2201                        <p><select name="data[pg_id]">';
  2200           foreach ( $response['page_groups'] as $grp )
  2202           foreach ( $response['page_groups'] as $grp )
  2201           {
  2203           {
  2202             $groupsel .= '<option value="' . $grp['id'] . '">' . htmlspecialchars($grp['name']) . '</option>';
  2204             $groupsel .= '<option value="' . $grp['id'] . '">' . htmlspecialchars($grp['name']) . '</option>';
  2203           }
  2205           }
  2204           $groupsel .= '</select></p>';
  2206           $groupsel .= '</select></p>';
  2205         }
  2207         }
  2206         
  2208         
  2207         echo '</select></p>
  2209         echo '</select></p>
  2208               <p><label><input type="radio" name="data[target_type]" value="' . ACL_TYPE_USER . '" /> A specific user</label></p>
  2210               <p><label><input type="radio" name="data[target_type]" value="' . ACL_TYPE_USER . '" /> ' . $lang->get('acl_radio_user') . '</label></p>
  2209               <p>' . $template->username_field('data[target_id_user]') . '</p>
  2211               <p>' . $template->username_field('data[target_id_user]') . '</p>
  2210               <p>What should this access rule control?</p>
  2212               <p>' . $lang->get('acl_lbl_scope') . '</p>
  2211               <p><label><input name="data[scope]" value="only_this" type="radio" checked="checked" /> Only this page</p>
  2213               <p><label><input name="data[scope]" value="only_this" type="radio" checked="checked" /> ' . $lang->get('acl_radio_scope_thispage') . '</p>
  2212               ' . $groupsel . '
  2214               ' . $groupsel . '
  2213               <p><label><input name="data[scope]" value="entire_site" type="radio" /> The entire site</p>
  2215               <p><label><input name="data[scope]" value="entire_site" type="radio" /> ' . $lang->get('acl_radio_scope_wholesite') . '</p>
  2214               <div style="margin: 0 auto 0 0; text-align: right;">
  2216               <div style="margin: 0 auto 0 0; text-align: right;">
  2215                 <input name="data[mode]" value="seltarget" type="hidden" />
  2217                 <input name="data[mode]" value="seltarget" type="hidden" />
  2216                 <input type="hidden" name="data[page_id]" value="' . $paths->cpage['urlname_nons'] . '" />
  2218                 <input type="hidden" name="data[page_id]" value="' . $paths->cpage['urlname_nons'] . '" />
  2217                 <input type="hidden" name="data[namespace]" value="' . $paths->namespace . '" />
  2219                 <input type="hidden" name="data[namespace]" value="' . $paths->namespace . '" />
  2218                 <input type="submit" value="Next &gt;" />
  2220                 <input type="submit" value="' . htmlspecialchars($lang->get('etc_wizard_next')) . '" />
  2219               </div>';
  2221               </div>';
  2220         echo $formend;
  2222         echo $formend;
  2221         break;
  2223         break;
  2222       case 'success':
  2224       case 'success':
  2223         echo '<div class="info-box">
  2225         echo '<div class="info-box">
  2224                 <b>Permissions updated</b><br />
  2226                 <b>' . $lang->get('acl_lbl_save_success_title') . '</b><br />
  2225                 The permissions for ' . $response['target_name'] . ' on this page have been updated successfully.<br />
  2227                 ' . $lang->get('acl_lbl_save_success_body', array( 'target_name' => $response['target_name'] )) . '<br />
  2226                 ' . $formstart . '
  2228                 ' . $formstart . '
  2227                 <input type="hidden" name="data[mode]" value="seltarget" />
  2229                 <input type="hidden" name="data[mode]" value="seltarget" />
  2228                 <input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
  2230                 <input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
  2229                 <input type="hidden" name="data[target_id_user]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
  2231                 <input type="hidden" name="data[target_id_user]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
  2230                 <input type="hidden" name="data[target_id_grp]"  value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
  2232                 <input type="hidden" name="data[target_id_grp]"  value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
  2231                 <input type="hidden" name="data[scope]" value="' . ( ( $response['page_id'] ) ? 'only_this' : 'entire_site' ) . '" />
  2233                 <input type="hidden" name="data[scope]" value="' . ( ( $response['page_id'] ) ? 'only_this' : 'entire_site' ) . '" />
  2232                 <input type="hidden" name="data[page_id]" value="' . ( ( $response['page_id'] ) ? $response['page_id'] : 'false' ) . '" />
  2234                 <input type="hidden" name="data[page_id]" value="' . ( ( $response['page_id'] ) ? $response['page_id'] : 'false' ) . '" />
  2233                 <input type="hidden" name="data[namespace]" value="' . ( ( $response['namespace'] ) ? $response['namespace'] : 'false' ) . '" />
  2235                 <input type="hidden" name="data[namespace]" value="' . ( ( $response['namespace'] ) ? $response['namespace'] : 'false' ) . '" />
  2234                 <input type="submit" value="Return to ACL editor" /> <input type="submit" name="data[act_go_stage1]" value="Return to user/scope selection" />
  2236                 <input type="submit" value="' . $lang->get('acl_btn_returnto_editor') . '" /> <input type="submit" name="data[act_go_stage1]" value="' . $lang->get('acl_btn_returnto_userscope') . '" />
  2235                 ' . $formend . '
  2237                 ' . $formend . '
  2236               </div>';
  2238               </div>';
  2237         break;
  2239         break;
  2238       case 'delete':
  2240       case 'delete':
  2239         echo '<div class="info-box">
  2241         echo '<div class="info-box">
  2240                 <b>Rule deleted</b><br />
  2242                 <b>' . $lang->get('acl_lbl_delete_success_title') . '</b><br />
  2241                 The selected access rule has been successfully deleted.<br />
  2243                 ' . $lang->get('acl_lbl_delete_success_body', array('target_name' => $response['target_name'])) . '<br />
  2242                 ' . $formstart . '
  2244                 ' . $formstart . '
  2243                 <input type="hidden" name="data[mode]" value="seltarget" />
  2245                 <input type="hidden" name="data[mode]" value="seltarget" />
  2244                 <input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
  2246                 <input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
  2245                 <input type="hidden" name="data[target_id_user]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
  2247                 <input type="hidden" name="data[target_id_user]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
  2246                 <input type="hidden" name="data[target_id_grp]"  value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
  2248                 <input type="hidden" name="data[target_id_grp]"  value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
  2247                 <input type="hidden" name="data[scope]" value="' . ( ( $response['page_id'] ) ? 'only_this' : 'entire_site' ) . '" />
  2249                 <input type="hidden" name="data[scope]" value="' . ( ( $response['page_id'] ) ? 'only_this' : 'entire_site' ) . '" />
  2248                 <input type="hidden" name="data[page_id]" value="' . ( ( $response['page_id'] ) ? $response['page_id'] : 'false' ) . '" />
  2250                 <input type="hidden" name="data[page_id]" value="' . ( ( $response['page_id'] ) ? $response['page_id'] : 'false' ) . '" />
  2249                 <input type="hidden" name="data[namespace]" value="' . ( ( $response['namespace'] ) ? $response['namespace'] : 'false' ) . '" />
  2251                 <input type="hidden" name="data[namespace]" value="' . ( ( $response['namespace'] ) ? $response['namespace'] : 'false' ) . '" />
  2250                 <input type="submit" value="Return to ACL editor" /> <input type="submit" name="data[act_go_stage1]" value="Return to user/scope selection" />
  2252                 <input type="submit" value="' . $lang->get('acl_btn_returnto_editor') . '" /> <input type="submit" name="data[act_go_stage1]" value="' . $lang->get('acl_btn_returnto_userscope') . '" />
  2251                 ' . $formend . '
  2253                 ' . $formend . '
  2252               </div>';
  2254               </div>';
  2253         break;
  2255         break;
  2254       case 'seltarget':
  2256       case 'seltarget':
  2255         if ( $response['type'] == 'edit' )
  2257         if ( $response['type'] == 'edit' )
  2256         {
  2258         {
  2257           echo '<h3>Editing permissions</h3>';
  2259           echo '<h3>' . $lang->get('acl_lbl_editwin_title_edit') . '</h3>';
  2258         }
  2260         }
  2259         else
  2261         else
  2260         {
  2262         {
  2261           echo '<h3>Create new rule</h3>';
  2263           echo '<h3>' . $lang->get('acl_lbl_editwin_title_create') . '</h3>';
  2262         }
  2264         }
  2263         $type  = ( $response['target_type'] == ACL_TYPE_GROUP ) ? 'group' : 'user';
  2265         $type  = ( $response['target_type'] == ACL_TYPE_GROUP ) ? $lang->get('acl_target_type_group') : $lang->get('acl_target_type_user');
  2264         $scope = ( $response['page_id'] ) ? ( $response['namespace'] == '__PageGroup' ? 'this group of pages' : 'this page' ) : 'this entire site';
  2266         $scope = ( $response['page_id'] ) ? ( $response['namespace'] == '__PageGroup' ? $lang->get('acl_scope_type_pagegroup') : $lang->get('acl_scope_type_thispage') ) : $lang->get('acl_scope_type_wholesite');
  2265         echo 'This panel allows you to edit what the ' . $type . ' "' . $response['target_name'] . '" can do on <b>' . $scope . '</b>. Unless you set a permission to "Deny", these permissions may be overridden by other rules.';
  2267         $subs = array(
       
  2268             'target_type' => $type,
       
  2269             'target' => $response['target_name'],
       
  2270             'scope_type' => $scope
       
  2271           );
       
  2272         echo $lang->get('acl_lbl_editwin_body', $subs);
  2266         echo $formstart;
  2273         echo $formstart;
  2267         $parser = $template->makeParserText( $response['template']['acl_field_begin'] );
  2274         $parser = $template->makeParserText( $response['template']['acl_field_begin'] );
  2268         echo $parser->run();
  2275         echo $parser->run();
  2269         $parser = $template->makeParserText( $response['template']['acl_field_item'] );
  2276         $parser = $template->makeParserText( $response['template']['acl_field_item'] );
  2270         $cls = 'row2';
  2277         $cls = 'row2';
  2294              case AUTH_DENY:
  2301              case AUTH_DENY:
  2295               $vars['FIELD_DENY_CHECKED'] = 'checked="checked"';
  2302               $vars['FIELD_DENY_CHECKED'] = 'checked="checked"';
  2296               break;
  2303               break;
  2297           }
  2304           }
  2298           $vars['FIELD_NAME'] = 'data[perms][' . $acl_type . ']';
  2305           $vars['FIELD_NAME'] = 'data[perms][' . $acl_type . ']';
  2299           $vars['FIELD_DESC'] = $response['acl_descs'][$acl_type];
  2306           if ( preg_match('/^([a-z0-9_]+)$/', $response['acl_descs'][$acl_type]) )
       
  2307           {
       
  2308             $vars['FIELD_DESC'] = $lang->get($response['acl_descs'][$acl_type]);
       
  2309           }
       
  2310           else
       
  2311           {
       
  2312             $vars['FIELD_DESC'] = $response['acl_descs'][$acl_type];
       
  2313           }
  2300           $parser->assign_vars($vars);
  2314           $parser->assign_vars($vars);
  2301           echo $parser->run();
  2315           echo $parser->run();
  2302         }
  2316         }
  2303         $parser = $template->makeParserText( $response['template']['acl_field_end'] );
  2317         $parser = $template->makeParserText( $response['template']['acl_field_end'] );
  2304         echo $parser->run();
  2318         echo $parser->run();
  2307                 <input type="hidden" name="data[page_id]" value="'   . (( $response['page_id']   ) ? $response['page_id']   : 'false') . '" />
  2321                 <input type="hidden" name="data[page_id]" value="'   . (( $response['page_id']   ) ? $response['page_id']   : 'false') . '" />
  2308                 <input type="hidden" name="data[namespace]" value="' . (( $response['namespace'] ) ? $response['namespace'] : 'false') . '" />
  2322                 <input type="hidden" name="data[namespace]" value="' . (( $response['namespace'] ) ? $response['namespace'] : 'false') . '" />
  2309                 <input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
  2323                 <input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
  2310                 <input type="hidden" name="data[target_id]" value="' . $response['target_id'] . '" />
  2324                 <input type="hidden" name="data[target_id]" value="' . $response['target_id'] . '" />
  2311                 <input type="hidden" name="data[target_name]" value="' . $response['target_name'] . '" />
  2325                 <input type="hidden" name="data[target_name]" value="' . $response['target_name'] . '" />
  2312                 ' . ( ( $response['type'] == 'edit' ) ? '<input type="submit" value="Save changes" />&nbsp;&nbsp;<input type="submit" name="data[act_delete_rule]" value="Delete rule" style="color: #AA0000;" onclick="return confirm(\'Do you really want to delete this ACL rule?\');" />' : '<input type="submit" value="Create rule" />' ) . '
  2326                 ' . ( ( $response['type'] == 'edit' ) ? '<input type="submit" value="' . $lang->get('etc_save_changes') . '" />&nbsp;&nbsp;<input type="submit" name="data[act_delete_rule]" value="' . $lang->get('acl_btn_deleterule') . '" style="color: #AA0000;" onclick="return confirm(\'' . addslashes($lang->get('acl_msg_deleterule_confirm')) . '\');" />' : '<input type="submit" value="' . $lang->get('acl_btn_createrule') . '" />' ) . '
  2313               </div>';
  2327               </div>';
  2314         echo $formend;
  2328         echo $formend;
  2315         break;
  2329         break;
  2316       case 'error':
  2330       case 'error':
  2317         ob_end_clean();
  2331         ob_end_clean();