From 94290102b6e1b29b29c58318670da797394550c1 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 1 Feb 2017 18:05:02 -0800 Subject: tested extensible permissions by adding wiki permissions. Discovered a couple of issues that needed attention in the process. --- Zotlabs/Access/PermissionRoles.php | 51 +++++++++++++++++++++++++++----------- Zotlabs/Access/Permissions.php | 4 ++- Zotlabs/Lib/NativeWiki.php | 2 +- Zotlabs/Module/Wiki.php | 11 +++++++- boot.php | 16 ++++++------ 5 files changed, 59 insertions(+), 25 deletions(-) diff --git a/Zotlabs/Access/PermissionRoles.php b/Zotlabs/Access/PermissionRoles.php index f21025442..d7e162197 100644 --- a/Zotlabs/Access/PermissionRoles.php +++ b/Zotlabs/Access/PermissionRoles.php @@ -8,7 +8,7 @@ use Zotlabs\Lib as Zlib; class PermissionRoles { static public function version() { - return 1; + return 2; } static function role_perms($role) { @@ -25,7 +25,7 @@ class PermissionRoles { $ret['online'] = true; $ret['perms_connect'] = [ 'view_stream', 'view_profile', 'view_contacts', 'view_storage', - 'view_pages', 'send_stream', 'post_wall', 'post_comments', + 'view_pages', 'view_wiki', 'send_stream', 'post_wall', 'post_comments', 'post_mail', 'chat', 'post_like', 'republish' ]; $ret['limits'] = PermissionLimits::Std_Limits(); @@ -38,7 +38,7 @@ class PermissionRoles { $ret['online'] = true; $ret['perms_connect'] = [ 'view_stream', 'view_profile', 'view_contacts', 'view_storage', - 'view_pages', 'send_stream', 'post_wall', 'post_comments', + 'view_pages', 'view_wiki', 'send_stream', 'post_wall', 'post_comments', 'post_mail', 'chat', 'post_like' ]; $ret['limits'] = PermissionLimits::Std_Limits(); @@ -52,7 +52,7 @@ class PermissionRoles { $ret['online'] = false; $ret['perms_connect'] = [ 'view_stream', 'view_profile', 'view_contacts', 'view_storage', - 'view_pages', 'send_stream', 'post_wall', 'post_comments', + 'view_pages', 'view_wiki', 'send_stream', 'post_wall', 'post_comments', 'post_mail', 'post_like' ]; $ret['limits'] = PermissionLimits::Std_Limits(); $ret['limits']['view_contacts'] = PERMS_SPECIFIC; @@ -67,7 +67,7 @@ class PermissionRoles { $ret['online'] = false; $ret['perms_connect'] = [ 'view_stream', 'view_profile', 'view_contacts', 'view_storage', - 'view_pages', 'post_wall', 'post_comments', 'tag_deliver', + 'view_pages', 'view_wiki', 'post_wall', 'post_comments', 'tag_deliver', 'post_mail', 'post_like' , 'republish', 'chat' ]; $ret['limits'] = PermissionLimits::Std_Limits(); @@ -80,7 +80,7 @@ class PermissionRoles { $ret['online'] = false; $ret['perms_connect'] = [ 'view_stream', 'view_profile', 'view_contacts', 'view_storage', - 'view_pages', 'post_wall', 'post_comments', 'tag_deliver', + 'view_pages', 'view_wiki', 'post_wall', 'post_comments', 'tag_deliver', 'post_mail', 'post_like' , 'chat' ]; $ret['limits'] = PermissionLimits::Std_Limits(); @@ -95,7 +95,7 @@ class PermissionRoles { $ret['perms_connect'] = [ 'view_stream', 'view_profile', 'view_contacts', 'view_storage', - 'view_pages', 'post_wall', 'post_comments', + 'view_pages', 'view_wiki', 'post_wall', 'post_comments', 'post_mail', 'post_like' , 'chat' ]; $ret['limits'] = PermissionLimits::Std_Limits(); @@ -103,6 +103,7 @@ class PermissionRoles { $ret['limits']['view_contacts'] = PERMS_SPECIFIC; $ret['limits']['view_storage'] = PERMS_SPECIFIC; $ret['limits']['view_pages'] = PERMS_SPECIFIC; + $ret['limits']['view_wiki'] = PERMS_SPECIFIC; break; @@ -114,7 +115,7 @@ class PermissionRoles { $ret['perms_connect'] = [ 'view_stream', 'view_profile', 'view_contacts', 'view_storage', - 'view_pages', 'send_stream', 'post_wall', 'post_comments', + 'view_pages', 'view_wiki', 'send_stream', 'post_wall', 'post_comments', 'post_mail', 'post_like' , 'republish' ]; $ret['limits'] = PermissionLimits::Std_Limits(); @@ -128,7 +129,7 @@ class PermissionRoles { $ret['online'] = false; $ret['perms_connect'] = [ 'view_stream', 'view_profile', 'view_contacts', 'view_storage', - 'view_pages', 'send_stream', 'post_wall', 'post_comments', + 'view_pages', 'view_wiki', 'send_stream', 'post_wall', 'post_comments', 'post_mail', 'post_like' , 'republish' ]; $ret['limits'] = PermissionLimits::Std_Limits(); @@ -143,7 +144,7 @@ class PermissionRoles { $ret['perms_connect'] = [ 'view_stream', 'view_profile', 'view_contacts', 'view_storage', - 'view_pages', 'post_like' , 'republish' ]; + 'view_pages', 'view_wiki', 'post_like' , 'republish' ]; $ret['limits'] = PermissionLimits::Std_Limits(); @@ -157,8 +158,8 @@ class PermissionRoles { $ret['perms_connect'] = [ 'view_stream', 'view_profile', 'view_contacts', 'view_storage', - 'view_pages', 'write_storage', 'write_pages', 'post_wall', 'post_comments', 'tag_deliver', - 'post_mail', 'post_like' , 'republish', 'chat' ]; + 'view_pages', 'view_wiki', 'write_storage', 'write_pages', 'post_wall', 'post_comments', 'tag_deliver', + 'post_mail', 'post_like' , 'republish', 'chat', 'write_wiki' ]; $ret['limits'] = PermissionLimits::Std_Limits(); break; @@ -185,6 +186,12 @@ class PermissionRoles { // if($perm === 'mynewperm') // \Zotlabs\Access\PermissionLimits::Set($uid,$perm,1); + if($perm === 'view_wiki') + \Zotlabs\Access\PermissionLimits::Set($uid,$perm,PERMS_PUBLIC); + + if($perm === 'write_wiki') + \Zotlabs\Access\PermissionLimits::Set($uid,$perm,PERMS_SPECIFIC); + // set autoperms here if applicable // choices are to set to 0, 1, or the value of an existing perm @@ -195,7 +202,13 @@ class PermissionRoles { $value = 0; // if($perm === 'mynewperm') - // $value = get_abconfig($uid,$c['channel_hash'],'autoperms','someexistingperm')); + // $value = get_abconfig($uid,$c['channel_hash'],'autoperms','someexistingperm'); + + if($perm === 'view_wiki') + $value = get_abconfig($uid,$c['channel_hash'],'autoperms','view_pages'); + + if($perm === 'write_wiki') + $value = get_abconfig($uid,$c['channel_hash'],'autoperms','write_pages'); if($c) { set_abconfig($uid,$c['channel_hash'],'autoperms',$perm,$value); @@ -212,8 +225,16 @@ class PermissionRoles { // case 'mynewperm': // choices are to set to 1, set to 0, or clone an existing perm // set_abconfig($uid,$ab['abook_xchan'],'my_perms',$perm, - // get_abconfig($uid,$ab['abook_xchan'],'my_perms','someexistingperm')); - + // intval(get_abconfig($uid,$ab['abook_xchan'],'my_perms','someexistingperm'))); + + case 'view_wiki': + set_abconfig($uid,$ab['abook_xchan'],'my_perms',$perm, + intval(get_abconfig($uid,$ab['abook_xchan'],'my_perms','view_pages'))); + + case 'write_wiki': + set_abconfig($uid,$ab['abook_xchan'],'my_perms',$perm, + intval(get_abconfig($uid,$ab['abook_xchan'],'my_perms','write_pages'))); + default: break; } diff --git a/Zotlabs/Access/Permissions.php b/Zotlabs/Access/Permissions.php index 5fded5f03..81408f122 100644 --- a/Zotlabs/Access/Permissions.php +++ b/Zotlabs/Access/Permissions.php @@ -36,7 +36,7 @@ class Permissions { static public function version() { // This must match the version in PermissionRoles.php before permission updates can run. - return 1; + return 2; } @@ -50,7 +50,9 @@ class Permissions { 'view_storage' => t('Can view my file storage and photos'), 'write_storage' => t('Can upload/modify my file storage and photos'), 'view_pages' => t('Can view my channel webpages'), + 'view_wiki' => t('Can view my wiki pages'), 'write_pages' => t('Can create/edit my channel webpages'), + 'write_wiki' => t('Can write to my wiki pages'), 'post_wall' => t('Can post on my channel (wall) page'), 'post_comments' => t('Can comment on or like my posts'), 'post_mail' => t('Can send me private mail messages'), diff --git a/Zotlabs/Lib/NativeWiki.php b/Zotlabs/Lib/NativeWiki.php index ccb0ff150..519102d24 100644 --- a/Zotlabs/Lib/NativeWiki.php +++ b/Zotlabs/Lib/NativeWiki.php @@ -201,7 +201,7 @@ class NativeWiki { else { // TODO: Create a new permission setting for wiki analogous to webpages. Until // then, use webpage permissions - $write = perm_is_allowed($owner_id, $observer_hash,'write_pages'); + $write = perm_is_allowed($owner_id, $observer_hash,'write_wiki'); return array('read' => true, 'write' => $write, 'success' => true); } } diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php index 5397deebe..d42c26681 100644 --- a/Zotlabs/Module/Wiki.php +++ b/Zotlabs/Module/Wiki.php @@ -45,6 +45,11 @@ class Wiki extends \Zotlabs\Web\Controller { } + if(! perm_is_allowed(\App::$profile_uid,get_observer_hash(),'view_wiki')) { + notice( t('Permission denied.') . EOL); + return; + } + // TODO: Combine the interface configuration into a unified object // Something like $interface = array('new_page_button' => false, 'new_wiki_button' => false, ...) @@ -309,7 +314,11 @@ class Wiki extends \Zotlabs\Web\Controller { return; } - + if(! perm_is_allowed(\App::$profile_uid,get_observer_hash(),'write_wiki')) { + notice( t('Permission denied.') . EOL); + return; + } + // /wiki/channel/preview // Render mardown-formatted text in HTML for preview if((argc() > 2) && (argv(2) === 'preview')) { diff --git a/boot.php b/boot.php index 5fe42a03f..8d007d805 100755 --- a/boot.php +++ b/boot.php @@ -2464,6 +2464,7 @@ function check_for_new_perms() { return; $pregistered = get_config('system','perms'); + $pcurrent = array_keys(\Zotlabs\Access\Permissions::Perms()); if(! $pregistered) { @@ -2475,6 +2476,7 @@ function check_for_new_perms() { foreach($pcurrent as $p) { if(! in_array($p,$pregistered)) { + $found_new_perm = true; // for all channels $c = q("select channel_id from channel where true"); @@ -2482,12 +2484,12 @@ function check_for_new_perms() { foreach($c as $cc) { // get the permission role $r = q("select v from pconfig where uid = %d and cat = 'system' and k = 'permissions_role'", - intval($cc['uid']) + intval($cc['channel_id']) ); if($r) { // get a list of connections $x = q("select abook_xchan from abook where abook_channel = %d and abook_self = 0", - intval($cc['uid']) + intval($cc['channel_id']) ); // get the permissions role details $rp = \Zotlabs\Access\PermissionRoles::role_perms($r[0]['v']); @@ -2495,23 +2497,23 @@ function check_for_new_perms() { // for custom permission roles we need to customise how we initiate this new permission if(array_key_exists('role',$rp) && ($rp['role'] === 'custom' || $rp['role'] === '')) { - \Zotlabs\Access\PermissionRoles::new_custom_perms($cc['uid'],$p,$x); + \Zotlabs\Access\PermissionRoles::new_custom_perms($cc['channel_id'],$p,$x); } else { // set the channel limits if appropriate or 0 if(array_key_exists('limits',$rp) && array_key_exists($p,$rp['limits'])) { - \Zotlabs\Access\PermissionLimits::Set($cc['uid'],$p,$rp['limits'][$p]); + \Zotlabs\Access\PermissionLimits::Set($cc['channel_id'],$p,$rp['limits'][$p]); } else { - \Zotlabs\Access\PermissionLimits::Set($cc['uid'],$p,0); + \Zotlabs\Access\PermissionLimits::Set($cc['channel_id'],$p,0); } - $set = ((array_key_exists('perms_connect',$rp) && array_key_exists($p,$rp['perms_connect'])) ? true : false); + $set = ((array_key_exists('perms_connect',$rp) && in_array($p,$rp['perms_connect'])) ? 1 : 0); // foreach connection set to the perms_connect value if($x) { foreach($x as $xx) { - set_abconfig($cc['uid'],$xx['abook_xchan'],'my_perms',$p,intval($set)); + set_abconfig($cc['channel_id'],$xx['abook_xchan'],'my_perms',$p,intval($set)); } } } -- cgit v1.2.3