aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2016-11-15 18:43:26 -0800
committerzotlabs <mike@macgirvin.com>2016-11-15 18:43:26 -0800
commit501bd814c3a057684b102bc4c6cb8e0b7403debd (patch)
tree5ff6ac2e4c14b98fa9286cebc5a90f412cc05f8b
parent0f5a166cceef6dcfb5f29077122eabd09ef290be (diff)
downloadvolse-hubzilla-501bd814c3a057684b102bc4c6cb8e0b7403debd.tar.gz
volse-hubzilla-501bd814c3a057684b102bc4c6cb8e0b7403debd.tar.bz2
volse-hubzilla-501bd814c3a057684b102bc4c6cb8e0b7403debd.zip
wiki: simplify permission model, reduce duplicate calls to get the same channel info and permissions, return the owner permissions with the normal permission check (keeping all permission fetching in one place), rename the 'channel' variable to 'owner' in several places to identify this channel role more clearly as to the way it is being used in this module, update the deprecated call to proc_run (include/notifier) and make several notice messages translatable.
-rw-r--r--Zotlabs/Module/Wiki.php217
-rw-r--r--include/wiki.php28
2 files changed, 117 insertions, 128 deletions
diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php
index 9fd1234e3..edcd6ec58 100644
--- a/Zotlabs/Module/Wiki.php
+++ b/Zotlabs/Module/Wiki.php
@@ -54,41 +54,41 @@ class Wiki extends \Zotlabs\Web\Controller {
// init() should have forced the URL to redirect to /wiki/channel so assume argc() > 1
$nick = argv(1);
- $channel = channelx_by_nick($nick); // The channel who owns the wikis being viewed
- if(! $channel) {
- notice('Invalid channel' . EOL);
+ $owner = channelx_by_nick($nick); // The channel who owns the wikis being viewed
+ if(! $owner) {
+ notice( t('Invalid channel') . EOL);
goaway('/' . argv(0));
}
// Determine if the observer is the channel owner so the ACL dialog can be populated
- if (local_channel() === intval($channel['channel_id'])) {
- $local_observer = \App::get_channel();
+ if (local_channel() === intval($owner['channel_id'])) {
+
$wiki_owner = true;
// Obtain the default permission settings of the channel
- $channel_acl = array(
- 'allow_cid' => $local_observer['channel_allow_cid'],
- 'allow_gid' => $local_observer['channel_allow_gid'],
- 'deny_cid' => $local_observer['channel_deny_cid'],
- 'deny_gid' => $local_observer['channel_deny_gid']
+ $owner_acl = array(
+ 'allow_cid' => $owner['channel_allow_cid'],
+ 'allow_gid' => $owner['channel_allow_gid'],
+ 'deny_cid' => $owner['channel_deny_cid'],
+ 'deny_gid' => $owner['channel_deny_gid']
);
// Initialize the ACL to the channel default permissions
$x = array(
- 'lockstate' => (( $local_observer['channel_allow_cid'] ||
- $local_observer['channel_allow_gid'] ||
- $local_observer['channel_deny_cid'] ||
- $local_observer['channel_deny_gid'])
+ 'lockstate' => (( $owner['channel_allow_cid'] ||
+ $owner['channel_allow_gid'] ||
+ $owner['channel_deny_cid'] ||
+ $owner['channel_deny_gid'])
? 'lock' : 'unlock'
),
- 'acl' => populate_acl($channel_acl),
- 'allow_cid' => acl2json($channel_acl['allow_cid']),
- 'allow_gid' => acl2json($channel_acl['allow_gid']),
- 'deny_cid' => acl2json($channel_acl['deny_cid']),
- 'deny_gid' => acl2json($channel_acl['deny_gid']),
+ 'acl' => populate_acl($owner_acl),
+ 'allow_cid' => acl2json($owner_acl['allow_cid']),
+ 'allow_gid' => acl2json($owner_acl['allow_gid']),
+ 'deny_cid' => acl2json($owner_acl['deny_cid']),
+ 'deny_gid' => acl2json($owner_acl['deny_gid']),
'bang' => ''
);
} else {
// Not the channel owner
- $channel_acl = $x = array();
+ $owner_acl = $x = array();
}
// Download a wiki
@@ -96,13 +96,13 @@ class Wiki extends \Zotlabs\Web\Controller {
$resource_id = argv(4);
$w = wiki_get_wiki($resource_id);
if (!$w['path']) {
- notice('Error retrieving wiki' . EOL);
+ notice(t('Error retrieving wiki') . EOL);
}
$zip_folder_name = random_string(10);
$zip_folderpath = '/tmp/' . $zip_folder_name;
if (!mkdir($zip_folderpath, 0770, false)) {
logger('Error creating zip file export folder: ' . $zip_folderpath, LOGGER_NORMAL);
- notice('Error creating zip file export folder' . EOL);
+ notice(t('Error creating zip file export folder') . EOL);
}
$zip_filename = $w['urlName'];
$zip_filepath = '/tmp/' . $zip_folder_name . '/' . $zip_filename;
@@ -144,9 +144,9 @@ class Wiki extends \Zotlabs\Web\Controller {
// Fetch the wiki info and determine observer permissions
$wikiUrlName = urlencode(argv(2));
$pageUrlName = urlencode(argv(3));
- $w = wiki_exists_by_name($channel['channel_id'], $wikiUrlName);
+ $w = wiki_exists_by_name($owner['channel_id'], $wikiUrlName);
if(!$w['resource_id']) {
- notice('Wiki not found' . EOL);
+ notice(t('Wiki not found') . EOL);
goaway('/'.argv(0).'/'.argv(1));
}
$resource_id = $w['resource_id'];
@@ -154,9 +154,9 @@ class Wiki extends \Zotlabs\Web\Controller {
if (!$wiki_owner) {
// Check for observer permissions
$observer_hash = get_observer_hash();
- $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash);
+ $perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash);
if(!$perms['read']) {
- notice('Permission denied.' . EOL);
+ notice(t('Permission denied.') . EOL);
goaway('/'.argv(0).'/'.argv(1));
}
if($perms['write']) {
@@ -171,7 +171,7 @@ class Wiki extends \Zotlabs\Web\Controller {
$wikiheaderPage = urldecode($pageUrlName);
$p = wiki_get_page_content(array('resource_id' => $resource_id, 'pageUrlName' => $pageUrlName));
if(!$p['success']) {
- notice('Error retrieving page content' . EOL);
+ notice(t('Error retrieving page content') . EOL);
goaway('/'.argv(0).'/'.argv(1).'/'.$wikiUrlName);
}
$content = ($p['content'] !== '' ? htmlspecialchars_decode($p['content'],ENT_COMPAT) : '"# New page\n"');
@@ -216,7 +216,7 @@ class Wiki extends \Zotlabs\Web\Controller {
'$showNewPageButton'=> $showNewPageButton,
'$hidePageHistory' => $hidePageHistory,
'$showCommitMsg' => $showCommitMsg,
- '$channel' => $channel['channel_address'],
+ '$channel' => $owner['channel_address'],
'$resource_id' => $resource_id,
'$page' => $pageUrlName,
'$lockstate' => $x['lockstate'],
@@ -253,6 +253,16 @@ class Wiki extends \Zotlabs\Web\Controller {
function post() {
require_once('include/wiki.php');
+
+ $nick = argv(1);
+ $owner = channelx_by_nick($nick);
+ $observer_hash = get_observer_hash();
+
+ if(! $owner) {
+ notice( t('Permission denied.') . EOL);
+ return;
+ }
+
// /wiki/channel/preview
// Render mardown-formatted text in HTML for preview
@@ -271,15 +281,14 @@ class Wiki extends \Zotlabs\Web\Controller {
// Create a new wiki
// /wiki/channel/create/wiki
if ((argc() > 3) && (argv(2) === 'create') && (argv(3) === 'wiki')) {
- $nick = argv(1);
- $channel = channelx_by_nick($nick);
- // Determine if observer has permission to create wiki
- $observer_hash = get_observer_hash();
+
// Only the channel owner can create a wiki, at least until we create a
// more detail permissions framework
- if (local_channel() !== intval($channel['channel_id'])) {
- goaway('/'.argv(0).'/'.$nick.'/');
+
+ if (local_channel() !== intval($owner['channel_id'])) {
+ goaway('/' . argv(0) . '/' . $nick . '/');
}
+
$wiki = array();
// Generate new wiki info from input name
$wiki['postVisible'] = ((intval($_POST['postVisible']) === 0) ? 0 : 1);
@@ -287,34 +296,33 @@ class Wiki extends \Zotlabs\Web\Controller {
$wiki['htmlName'] = escape_tags($_POST['wikiName']);
$wiki['urlName'] = urlencode($_POST['wikiName']);
if($wiki['urlName'] === '') {
- notice('Error creating wiki. Invalid name.');
+ notice( t('Error creating wiki. Invalid name.') . EOL);
goaway('/wiki');
}
// Get ACL for permissions
- $acl = new \Zotlabs\Access\AccessList($channel);
+ $acl = new \Zotlabs\Access\AccessList($owner);
$acl->set_from_array($_POST);
- $r = wiki_create_wiki($channel, $observer_hash, $wiki, $acl);
+ $r = wiki_create_wiki($owner, $observer_hash, $wiki, $acl);
if ($r['success']) {
$homePage = wiki_create_page('Home', $r['item']['resource_id']);
if(!$homePage['success']) {
- notice('Wiki created, but error creating Home page.');
+ notice( t('Wiki created, but error creating Home page.'));
goaway('/wiki/'.$nick.'/'.$wiki['urlName']);
}
goaway('/wiki/'.$nick.'/'.$wiki['urlName'].'/'.$homePage['page']['urlName']);
} else {
- notice('Error creating wiki');
+ notice(t('Error creating wiki'));
goaway('/wiki');
}
}
// Delete a wiki
if ((argc() > 3) && (argv(2) === 'delete') && (argv(3) === 'wiki')) {
- $nick = argv(1);
- $channel = channelx_by_nick($nick);
+
// Only the channel owner can delete a wiki, at least until we create a
// more detail permissions framework
- if (local_channel() !== intval($channel['channel_id'])) {
- logger('Wiki delete permission denied.' . EOL);
+ if (local_channel() !== intval($owner['channel_id'])) {
+ logger('Wiki delete permission denied.');
json_return_and_die(array('message' => 'Wiki delete permission denied.', 'success' => false));
}
$resource_id = $_POST['resource_id'];
@@ -330,18 +338,17 @@ class Wiki extends \Zotlabs\Web\Controller {
// Create a page
if ((argc() === 4) && (argv(2) === 'create') && (argv(3) === 'page')) {
- $nick = argv(1);
+
$resource_id = $_POST['resource_id'];
// Determine if observer has permission to create a page
- $channel = channelx_by_nick($nick);
- if (local_channel() !== intval($channel['channel_id'])) {
- $observer_hash = get_observer_hash();
- $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash);
- if(!$perms['write']) {
- logger('Wiki write permission denied. ' . EOL);
- json_return_and_die(array('success' => false));
- }
+
+
+ $perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash);
+ if(!$perms['write']) {
+ logger('Wiki write permission denied. ' . EOL);
+ json_return_and_die(array('success' => false));
}
+
$name = $_POST['name']; //Get new page name
if(urlencode(escape_tags($_POST['name'])) === '') {
json_return_and_die(array('message' => 'Error creating page. Invalid name.', 'success' => false));
@@ -358,15 +365,13 @@ class Wiki extends \Zotlabs\Web\Controller {
// Fetch page list for a wiki
if ((argc() === 5) && (argv(2) === 'get') && (argv(3) === 'page') && (argv(4) === 'list')) {
$resource_id = $_POST['resource_id']; // resource_id for wiki in db
- $channel = channelx_by_nick(argv(1));
- $observer_hash = get_observer_hash();
- if (local_channel() !== intval($channel['channel_id'])) {
- $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash);
- if(!$perms['read']) {
- logger('Wiki read permission denied.' . EOL);
- json_return_and_die(array('pages' => null, 'message' => 'Permission denied.', 'success' => false));
- }
+
+ $perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash);
+ if(!$perms['read']) {
+ logger('Wiki read permission denied.' . EOL);
+ json_return_and_die(array('pages' => null, 'message' => 'Permission denied.', 'success' => false));
}
+
$page_list_html = widget_wiki_pages(array(
'resource_id' => $resource_id,
'refresh' => true,
@@ -385,16 +390,12 @@ class Wiki extends \Zotlabs\Web\Controller {
if ($commitMsg === '') {
$commitMsg = 'Updated ' . $pageHtmlName;
}
- $nick = argv(1);
- $channel = channelx_by_nick($nick);
+
// Determine if observer has permission to save content
- if (local_channel() !== intval($channel['channel_id'])) {
- $observer_hash = get_observer_hash();
- $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash);
- if(!$perms['write']) {
- logger('Wiki write permission denied. ' . EOL);
- json_return_and_die(array('success' => false));
- }
+ $perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash);
+ if(!$perms['write']) {
+ logger('Wiki write permission denied. ' . EOL);
+ json_return_and_die(array('success' => false));
}
$saved = wiki_save_page(array('resource_id' => $resource_id, 'pageUrlName' => $pageUrlName, 'content' => $content));
@@ -423,17 +424,15 @@ class Wiki extends \Zotlabs\Web\Controller {
$resource_id = $_POST['resource_id'];
$pageUrlName = $_POST['name'];
- $nick = argv(1);
- $channel = channelx_by_nick($nick);
+
// Determine if observer has permission to read content
- if (local_channel() !== intval($channel['channel_id'])) {
- $observer_hash = get_observer_hash();
- $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash);
- if(!$perms['read']) {
- logger('Wiki read permission denied.' . EOL);
- json_return_and_die(array('historyHTML' => '', 'message' => 'Permission denied.', 'success' => false));
- }
+
+ $perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash);
+ if(!$perms['read']) {
+ logger('Wiki read permission denied.' . EOL);
+ json_return_and_die(array('historyHTML' => '', 'message' => 'Permission denied.', 'success' => false));
}
+
$historyHTML = widget_wiki_page_history(array(
'resource_id' => $resource_id,
'pageUrlName' => $pageUrlName
@@ -449,16 +448,13 @@ class Wiki extends \Zotlabs\Web\Controller {
json_return_and_die(array('message' => 'Cannot delete Home','success' => false));
}
// Determine if observer has permission to delete pages
- $nick = argv(1);
- $channel = channelx_by_nick($nick);
- if (local_channel() !== intval($channel['channel_id'])) {
- $observer_hash = get_observer_hash();
- $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash);
- if(!$perms['write']) {
- logger('Wiki write permission denied. ' . EOL);
- json_return_and_die(array('success' => false));
- }
+
+ $perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash);
+ if(!$perms['write']) {
+ logger('Wiki write permission denied. ' . EOL);
+ json_return_and_die(array('success' => false));
}
+
$deleted = wiki_delete_page(array('resource_id' => $resource_id, 'pageUrlName' => $pageUrlName));
if($deleted['success']) {
$ob = \App::get_observer();
@@ -484,16 +480,13 @@ class Wiki extends \Zotlabs\Web\Controller {
$pageUrlName = $_POST['name'];
$commitHash = $_POST['commitHash'];
// Determine if observer has permission to revert pages
- $nick = argv(1);
- $channel = channelx_by_nick($nick);
- if (local_channel() !== intval($channel['channel_id'])) {
- $observer_hash = get_observer_hash();
- $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash);
- if(!$perms['write']) {
- logger('Wiki write permission denied.' . EOL);
- json_return_and_die(array('success' => false));
- }
+
+ $perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash);
+ if(!$perms['write']) {
+ logger('Wiki write permission denied.' . EOL);
+ json_return_and_die(array('success' => false));
}
+
$reverted = wiki_revert_page(array('commitHash' => $commitHash, 'resource_id' => $resource_id, 'pageUrlName' => $pageUrlName));
if($reverted['success']) {
json_return_and_die(array('content' => $reverted['content'], 'message' => '', 'success' => true));
@@ -509,16 +502,13 @@ class Wiki extends \Zotlabs\Web\Controller {
$compareCommit = $_POST['compareCommit'];
$currentCommit = $_POST['currentCommit'];
// Determine if observer has permission to revert pages
- $nick = argv(1);
- $channel = channelx_by_nick($nick);
- if (local_channel() !== intval($channel['channel_id'])) {
- $observer_hash = get_observer_hash();
- $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash);
- if(!$perms['read']) {
- logger('Wiki read permission denied.' . EOL);
- json_return_and_die(array('success' => false));
- }
+
+ $perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash);
+ if(!$perms['read']) {
+ logger('Wiki read permission denied.' . EOL);
+ json_return_and_die(array('success' => false));
}
+
$compare = wiki_compare_page(array('currentCommit' => $currentCommit, 'compareCommit' => $compareCommit, 'resource_id' => $resource_id, 'pageUrlName' => $pageUrlName));
if($compare['success']) {
$diffHTML = '<table class="text-center" width="100%"><tr><td class="lead" width="50%">Current Revision</td><td class="lead" width="50%">Selected Revision</td></tr></table>' . $compare['diff'];
@@ -540,16 +530,13 @@ class Wiki extends \Zotlabs\Web\Controller {
json_return_and_die(array('message' => 'Error renaming page. Invalid name.', 'success' => false));
}
// Determine if observer has permission to rename pages
- $nick = argv(1);
- $channel = channelx_by_nick($nick);
- if (local_channel() !== intval($channel['channel_id'])) {
- $observer_hash = get_observer_hash();
- $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash);
- if(!$perms['write']) {
- logger('Wiki write permission denied. ' . EOL);
- json_return_and_die(array('success' => false));
- }
+
+ $perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash);
+ if(!$perms['write']) {
+ logger('Wiki write permission denied. ' . EOL);
+ json_return_and_die(array('success' => false));
}
+
$renamed = wiki_rename_page(array('resource_id' => $resource_id, 'pageUrlName' => $pageUrlName, 'pageNewName' => $pageNewName));
if($renamed['success']) {
$ob = \App::get_observer();
@@ -570,7 +557,7 @@ class Wiki extends \Zotlabs\Web\Controller {
}
}
- //notice('You must be authenticated.');
+ //notice( t('You must be authenticated.'));
json_return_and_die(array('message' => 'You must be authenticated.', 'success' => false));
}
diff --git a/include/wiki.php b/include/wiki.php
index 1d1e20e27..ffa8b66d3 100644
--- a/include/wiki.php
+++ b/include/wiki.php
@@ -13,11 +13,13 @@ function wiki_list($channel, $observer_hash) {
dbesc(WIKI_ITEM_RESOURCE_TYPE),
intval($channel['channel_id'])
);
- foreach($wikis as &$w) {
- $w['rawName'] = get_iconfig($w, 'wiki', 'rawName');
- $w['htmlName'] = get_iconfig($w, 'wiki', 'htmlName');
- $w['urlName'] = get_iconfig($w, 'wiki', 'urlName');
- $w['path'] = get_iconfig($w, 'wiki', 'path');
+ if($wikis) {
+ foreach($wikis as &$w) {
+ $w['rawName'] = get_iconfig($w, 'wiki', 'rawName');
+ $w['htmlName'] = get_iconfig($w, 'wiki', 'htmlName');
+ $w['urlName'] = get_iconfig($w, 'wiki', 'urlName');
+ $w['path'] = get_iconfig($w, 'wiki', 'path');
+ }
}
// TODO: query db for wikis the observer can access. Return with two lists, for read and write access
return array('wikis' => $wikis);
@@ -125,7 +127,7 @@ function wiki_create_wiki($channel, $observer_hash, $wiki, $acl) {
$item_id = $post['item_id'];
if ($item_id) {
- proc_run('php', "include/notifier.php", "activity", $item_id);
+ \Zotlabs\Daemon\Master::Summon(array('Notifier', 'activity', $item_id));
return array('item' => $arr, 'success' => true);
} else {
return array('item' => null, 'success' => false);
@@ -192,23 +194,23 @@ function wiki_exists_by_name($uid, $urlName) {
function wiki_get_permissions($resource_id, $owner_id, $observer_hash) {
// TODO: For now, only the owner can edit
$sql_extra = item_permissions_sql($owner_id, $observer_hash);
+
+ if(local_channel() && local_channel == $owner_id) {
+ return [ 'read' => true, 'write' => true, 'success' => true ];
+ }
+
$r = q("SELECT * FROM item WHERE uid = %d and resource_type = '%s' AND resource_id = '%s' $sql_extra LIMIT 1",
intval($owner_id),
dbesc(WIKI_ITEM_RESOURCE_TYPE),
dbesc($resource_id)
);
-
+
if (!$r) {
return array('read' => false, 'write' => false, 'success' => true);
} else {
- $perms = get_all_perms($owner_id, $observer_hash);
// TODO: Create a new permission setting for wiki analogous to webpages. Until
// then, use webpage permissions
- if (!$perms['write_pages']) {
- $write = false;
- } else {
- $write = true;
- }
+ $write = perm_is_allowed($owner_id, $observer_hash,'write_pages');
return array('read' => true, 'write' => $write, 'success' => true);
}
}