diff options
author | zotlabs <mike@macgirvin.com> | 2016-11-15 18:43:26 -0800 |
---|---|---|
committer | zotlabs <mike@macgirvin.com> | 2016-11-15 18:43:26 -0800 |
commit | 501bd814c3a057684b102bc4c6cb8e0b7403debd (patch) | |
tree | 5ff6ac2e4c14b98fa9286cebc5a90f412cc05f8b /Zotlabs/Module | |
parent | 0f5a166cceef6dcfb5f29077122eabd09ef290be (diff) | |
download | volse-hubzilla-501bd814c3a057684b102bc4c6cb8e0b7403debd.tar.gz volse-hubzilla-501bd814c3a057684b102bc4c6cb8e0b7403debd.tar.bz2 volse-hubzilla-501bd814c3a057684b102bc4c6cb8e0b7403debd.zip |
wiki: simplify permission model, reduce duplicate calls to get the same channel info and permissions, return the owner permissions with the normal permission check (keeping all permission fetching in one place), rename the 'channel' variable to 'owner' in several places to identify this channel role more clearly as to the way it is being used in this module, update the deprecated call to proc_run (include/notifier) and make several notice messages translatable.
Diffstat (limited to 'Zotlabs/Module')
-rw-r--r-- | Zotlabs/Module/Wiki.php | 217 |
1 files changed, 102 insertions, 115 deletions
diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php index 9fd1234e3..edcd6ec58 100644 --- a/Zotlabs/Module/Wiki.php +++ b/Zotlabs/Module/Wiki.php @@ -54,41 +54,41 @@ class Wiki extends \Zotlabs\Web\Controller { // init() should have forced the URL to redirect to /wiki/channel so assume argc() > 1 $nick = argv(1); - $channel = channelx_by_nick($nick); // The channel who owns the wikis being viewed - if(! $channel) { - notice('Invalid channel' . EOL); + $owner = channelx_by_nick($nick); // The channel who owns the wikis being viewed + if(! $owner) { + notice( t('Invalid channel') . EOL); goaway('/' . argv(0)); } // Determine if the observer is the channel owner so the ACL dialog can be populated - if (local_channel() === intval($channel['channel_id'])) { - $local_observer = \App::get_channel(); + if (local_channel() === intval($owner['channel_id'])) { + $wiki_owner = true; // Obtain the default permission settings of the channel - $channel_acl = array( - 'allow_cid' => $local_observer['channel_allow_cid'], - 'allow_gid' => $local_observer['channel_allow_gid'], - 'deny_cid' => $local_observer['channel_deny_cid'], - 'deny_gid' => $local_observer['channel_deny_gid'] + $owner_acl = array( + 'allow_cid' => $owner['channel_allow_cid'], + 'allow_gid' => $owner['channel_allow_gid'], + 'deny_cid' => $owner['channel_deny_cid'], + 'deny_gid' => $owner['channel_deny_gid'] ); // Initialize the ACL to the channel default permissions $x = array( - 'lockstate' => (( $local_observer['channel_allow_cid'] || - $local_observer['channel_allow_gid'] || - $local_observer['channel_deny_cid'] || - $local_observer['channel_deny_gid']) + 'lockstate' => (( $owner['channel_allow_cid'] || + $owner['channel_allow_gid'] || + $owner['channel_deny_cid'] || + $owner['channel_deny_gid']) ? 'lock' : 'unlock' ), - 'acl' => populate_acl($channel_acl), - 'allow_cid' => acl2json($channel_acl['allow_cid']), - 'allow_gid' => acl2json($channel_acl['allow_gid']), - 'deny_cid' => acl2json($channel_acl['deny_cid']), - 'deny_gid' => acl2json($channel_acl['deny_gid']), + 'acl' => populate_acl($owner_acl), + 'allow_cid' => acl2json($owner_acl['allow_cid']), + 'allow_gid' => acl2json($owner_acl['allow_gid']), + 'deny_cid' => acl2json($owner_acl['deny_cid']), + 'deny_gid' => acl2json($owner_acl['deny_gid']), 'bang' => '' ); } else { // Not the channel owner - $channel_acl = $x = array(); + $owner_acl = $x = array(); } // Download a wiki @@ -96,13 +96,13 @@ class Wiki extends \Zotlabs\Web\Controller { $resource_id = argv(4); $w = wiki_get_wiki($resource_id); if (!$w['path']) { - notice('Error retrieving wiki' . EOL); + notice(t('Error retrieving wiki') . EOL); } $zip_folder_name = random_string(10); $zip_folderpath = '/tmp/' . $zip_folder_name; if (!mkdir($zip_folderpath, 0770, false)) { logger('Error creating zip file export folder: ' . $zip_folderpath, LOGGER_NORMAL); - notice('Error creating zip file export folder' . EOL); + notice(t('Error creating zip file export folder') . EOL); } $zip_filename = $w['urlName']; $zip_filepath = '/tmp/' . $zip_folder_name . '/' . $zip_filename; @@ -144,9 +144,9 @@ class Wiki extends \Zotlabs\Web\Controller { // Fetch the wiki info and determine observer permissions $wikiUrlName = urlencode(argv(2)); $pageUrlName = urlencode(argv(3)); - $w = wiki_exists_by_name($channel['channel_id'], $wikiUrlName); + $w = wiki_exists_by_name($owner['channel_id'], $wikiUrlName); if(!$w['resource_id']) { - notice('Wiki not found' . EOL); + notice(t('Wiki not found') . EOL); goaway('/'.argv(0).'/'.argv(1)); } $resource_id = $w['resource_id']; @@ -154,9 +154,9 @@ class Wiki extends \Zotlabs\Web\Controller { if (!$wiki_owner) { // Check for observer permissions $observer_hash = get_observer_hash(); - $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash); + $perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash); if(!$perms['read']) { - notice('Permission denied.' . EOL); + notice(t('Permission denied.') . EOL); goaway('/'.argv(0).'/'.argv(1)); } if($perms['write']) { @@ -171,7 +171,7 @@ class Wiki extends \Zotlabs\Web\Controller { $wikiheaderPage = urldecode($pageUrlName); $p = wiki_get_page_content(array('resource_id' => $resource_id, 'pageUrlName' => $pageUrlName)); if(!$p['success']) { - notice('Error retrieving page content' . EOL); + notice(t('Error retrieving page content') . EOL); goaway('/'.argv(0).'/'.argv(1).'/'.$wikiUrlName); } $content = ($p['content'] !== '' ? htmlspecialchars_decode($p['content'],ENT_COMPAT) : '"# New page\n"'); @@ -216,7 +216,7 @@ class Wiki extends \Zotlabs\Web\Controller { '$showNewPageButton'=> $showNewPageButton, '$hidePageHistory' => $hidePageHistory, '$showCommitMsg' => $showCommitMsg, - '$channel' => $channel['channel_address'], + '$channel' => $owner['channel_address'], '$resource_id' => $resource_id, '$page' => $pageUrlName, '$lockstate' => $x['lockstate'], @@ -253,6 +253,16 @@ class Wiki extends \Zotlabs\Web\Controller { function post() { require_once('include/wiki.php'); + + $nick = argv(1); + $owner = channelx_by_nick($nick); + $observer_hash = get_observer_hash(); + + if(! $owner) { + notice( t('Permission denied.') . EOL); + return; + } + // /wiki/channel/preview // Render mardown-formatted text in HTML for preview @@ -271,15 +281,14 @@ class Wiki extends \Zotlabs\Web\Controller { // Create a new wiki // /wiki/channel/create/wiki if ((argc() > 3) && (argv(2) === 'create') && (argv(3) === 'wiki')) { - $nick = argv(1); - $channel = channelx_by_nick($nick); - // Determine if observer has permission to create wiki - $observer_hash = get_observer_hash(); + // Only the channel owner can create a wiki, at least until we create a // more detail permissions framework - if (local_channel() !== intval($channel['channel_id'])) { - goaway('/'.argv(0).'/'.$nick.'/'); + + if (local_channel() !== intval($owner['channel_id'])) { + goaway('/' . argv(0) . '/' . $nick . '/'); } + $wiki = array(); // Generate new wiki info from input name $wiki['postVisible'] = ((intval($_POST['postVisible']) === 0) ? 0 : 1); @@ -287,34 +296,33 @@ class Wiki extends \Zotlabs\Web\Controller { $wiki['htmlName'] = escape_tags($_POST['wikiName']); $wiki['urlName'] = urlencode($_POST['wikiName']); if($wiki['urlName'] === '') { - notice('Error creating wiki. Invalid name.'); + notice( t('Error creating wiki. Invalid name.') . EOL); goaway('/wiki'); } // Get ACL for permissions - $acl = new \Zotlabs\Access\AccessList($channel); + $acl = new \Zotlabs\Access\AccessList($owner); $acl->set_from_array($_POST); - $r = wiki_create_wiki($channel, $observer_hash, $wiki, $acl); + $r = wiki_create_wiki($owner, $observer_hash, $wiki, $acl); if ($r['success']) { $homePage = wiki_create_page('Home', $r['item']['resource_id']); if(!$homePage['success']) { - notice('Wiki created, but error creating Home page.'); + notice( t('Wiki created, but error creating Home page.')); goaway('/wiki/'.$nick.'/'.$wiki['urlName']); } goaway('/wiki/'.$nick.'/'.$wiki['urlName'].'/'.$homePage['page']['urlName']); } else { - notice('Error creating wiki'); + notice(t('Error creating wiki')); goaway('/wiki'); } } // Delete a wiki if ((argc() > 3) && (argv(2) === 'delete') && (argv(3) === 'wiki')) { - $nick = argv(1); - $channel = channelx_by_nick($nick); + // Only the channel owner can delete a wiki, at least until we create a // more detail permissions framework - if (local_channel() !== intval($channel['channel_id'])) { - logger('Wiki delete permission denied.' . EOL); + if (local_channel() !== intval($owner['channel_id'])) { + logger('Wiki delete permission denied.'); json_return_and_die(array('message' => 'Wiki delete permission denied.', 'success' => false)); } $resource_id = $_POST['resource_id']; @@ -330,18 +338,17 @@ class Wiki extends \Zotlabs\Web\Controller { // Create a page if ((argc() === 4) && (argv(2) === 'create') && (argv(3) === 'page')) { - $nick = argv(1); + $resource_id = $_POST['resource_id']; // Determine if observer has permission to create a page - $channel = channelx_by_nick($nick); - if (local_channel() !== intval($channel['channel_id'])) { - $observer_hash = get_observer_hash(); - $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash); - if(!$perms['write']) { - logger('Wiki write permission denied. ' . EOL); - json_return_and_die(array('success' => false)); - } + + + $perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash); + if(!$perms['write']) { + logger('Wiki write permission denied. ' . EOL); + json_return_and_die(array('success' => false)); } + $name = $_POST['name']; //Get new page name if(urlencode(escape_tags($_POST['name'])) === '') { json_return_and_die(array('message' => 'Error creating page. Invalid name.', 'success' => false)); @@ -358,15 +365,13 @@ class Wiki extends \Zotlabs\Web\Controller { // Fetch page list for a wiki if ((argc() === 5) && (argv(2) === 'get') && (argv(3) === 'page') && (argv(4) === 'list')) { $resource_id = $_POST['resource_id']; // resource_id for wiki in db - $channel = channelx_by_nick(argv(1)); - $observer_hash = get_observer_hash(); - if (local_channel() !== intval($channel['channel_id'])) { - $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash); - if(!$perms['read']) { - logger('Wiki read permission denied.' . EOL); - json_return_and_die(array('pages' => null, 'message' => 'Permission denied.', 'success' => false)); - } + + $perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash); + if(!$perms['read']) { + logger('Wiki read permission denied.' . EOL); + json_return_and_die(array('pages' => null, 'message' => 'Permission denied.', 'success' => false)); } + $page_list_html = widget_wiki_pages(array( 'resource_id' => $resource_id, 'refresh' => true, @@ -385,16 +390,12 @@ class Wiki extends \Zotlabs\Web\Controller { if ($commitMsg === '') { $commitMsg = 'Updated ' . $pageHtmlName; } - $nick = argv(1); - $channel = channelx_by_nick($nick); + // Determine if observer has permission to save content - if (local_channel() !== intval($channel['channel_id'])) { - $observer_hash = get_observer_hash(); - $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash); - if(!$perms['write']) { - logger('Wiki write permission denied. ' . EOL); - json_return_and_die(array('success' => false)); - } + $perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash); + if(!$perms['write']) { + logger('Wiki write permission denied. ' . EOL); + json_return_and_die(array('success' => false)); } $saved = wiki_save_page(array('resource_id' => $resource_id, 'pageUrlName' => $pageUrlName, 'content' => $content)); @@ -423,17 +424,15 @@ class Wiki extends \Zotlabs\Web\Controller { $resource_id = $_POST['resource_id']; $pageUrlName = $_POST['name']; - $nick = argv(1); - $channel = channelx_by_nick($nick); + // Determine if observer has permission to read content - if (local_channel() !== intval($channel['channel_id'])) { - $observer_hash = get_observer_hash(); - $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash); - if(!$perms['read']) { - logger('Wiki read permission denied.' . EOL); - json_return_and_die(array('historyHTML' => '', 'message' => 'Permission denied.', 'success' => false)); - } + + $perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash); + if(!$perms['read']) { + logger('Wiki read permission denied.' . EOL); + json_return_and_die(array('historyHTML' => '', 'message' => 'Permission denied.', 'success' => false)); } + $historyHTML = widget_wiki_page_history(array( 'resource_id' => $resource_id, 'pageUrlName' => $pageUrlName @@ -449,16 +448,13 @@ class Wiki extends \Zotlabs\Web\Controller { json_return_and_die(array('message' => 'Cannot delete Home','success' => false)); } // Determine if observer has permission to delete pages - $nick = argv(1); - $channel = channelx_by_nick($nick); - if (local_channel() !== intval($channel['channel_id'])) { - $observer_hash = get_observer_hash(); - $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash); - if(!$perms['write']) { - logger('Wiki write permission denied. ' . EOL); - json_return_and_die(array('success' => false)); - } + + $perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash); + if(!$perms['write']) { + logger('Wiki write permission denied. ' . EOL); + json_return_and_die(array('success' => false)); } + $deleted = wiki_delete_page(array('resource_id' => $resource_id, 'pageUrlName' => $pageUrlName)); if($deleted['success']) { $ob = \App::get_observer(); @@ -484,16 +480,13 @@ class Wiki extends \Zotlabs\Web\Controller { $pageUrlName = $_POST['name']; $commitHash = $_POST['commitHash']; // Determine if observer has permission to revert pages - $nick = argv(1); - $channel = channelx_by_nick($nick); - if (local_channel() !== intval($channel['channel_id'])) { - $observer_hash = get_observer_hash(); - $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash); - if(!$perms['write']) { - logger('Wiki write permission denied.' . EOL); - json_return_and_die(array('success' => false)); - } + + $perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash); + if(!$perms['write']) { + logger('Wiki write permission denied.' . EOL); + json_return_and_die(array('success' => false)); } + $reverted = wiki_revert_page(array('commitHash' => $commitHash, 'resource_id' => $resource_id, 'pageUrlName' => $pageUrlName)); if($reverted['success']) { json_return_and_die(array('content' => $reverted['content'], 'message' => '', 'success' => true)); @@ -509,16 +502,13 @@ class Wiki extends \Zotlabs\Web\Controller { $compareCommit = $_POST['compareCommit']; $currentCommit = $_POST['currentCommit']; // Determine if observer has permission to revert pages - $nick = argv(1); - $channel = channelx_by_nick($nick); - if (local_channel() !== intval($channel['channel_id'])) { - $observer_hash = get_observer_hash(); - $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash); - if(!$perms['read']) { - logger('Wiki read permission denied.' . EOL); - json_return_and_die(array('success' => false)); - } + + $perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash); + if(!$perms['read']) { + logger('Wiki read permission denied.' . EOL); + json_return_and_die(array('success' => false)); } + $compare = wiki_compare_page(array('currentCommit' => $currentCommit, 'compareCommit' => $compareCommit, 'resource_id' => $resource_id, 'pageUrlName' => $pageUrlName)); if($compare['success']) { $diffHTML = '<table class="text-center" width="100%"><tr><td class="lead" width="50%">Current Revision</td><td class="lead" width="50%">Selected Revision</td></tr></table>' . $compare['diff']; @@ -540,16 +530,13 @@ class Wiki extends \Zotlabs\Web\Controller { json_return_and_die(array('message' => 'Error renaming page. Invalid name.', 'success' => false)); } // Determine if observer has permission to rename pages - $nick = argv(1); - $channel = channelx_by_nick($nick); - if (local_channel() !== intval($channel['channel_id'])) { - $observer_hash = get_observer_hash(); - $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash); - if(!$perms['write']) { - logger('Wiki write permission denied. ' . EOL); - json_return_and_die(array('success' => false)); - } + + $perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash); + if(!$perms['write']) { + logger('Wiki write permission denied. ' . EOL); + json_return_and_die(array('success' => false)); } + $renamed = wiki_rename_page(array('resource_id' => $resource_id, 'pageUrlName' => $pageUrlName, 'pageNewName' => $pageNewName)); if($renamed['success']) { $ob = \App::get_observer(); @@ -570,7 +557,7 @@ class Wiki extends \Zotlabs\Web\Controller { } } - //notice('You must be authenticated.'); + //notice( t('You must be authenticated.')); json_return_and_die(array('message' => 'You must be authenticated.', 'success' => false)); } |