From b70c6809648bb3c78e5e26f9293727b3a7aa4025 Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Thu, 2 Jun 2016 22:27:26 -0400 Subject: Major corrections to access control and page construction. --- Zotlabs/Lib/Apps.php | 1 + Zotlabs/Module/Wiki.php | 211 +++++++++++++++++++++++++----------------------- app/wiki.apd | 4 + app/wiki.png | Bin 0 -> 10668 bytes include/widgets.php | 24 +++--- include/wiki.php | 13 +-- view/tpl/wiki.tpl | 2 + 7 files changed, 135 insertions(+), 120 deletions(-) create mode 100644 app/wiki.apd create mode 100644 app/wiki.png diff --git a/Zotlabs/Lib/Apps.php b/Zotlabs/Lib/Apps.php index 6d2ef4e45..07a50766e 100644 --- a/Zotlabs/Lib/Apps.php +++ b/Zotlabs/Lib/Apps.php @@ -169,6 +169,7 @@ class Apps { 'Settings' => t('Settings'), 'Files' => t('Files'), 'Webpages' => t('Webpages'), + 'Wiki' => t('Wiki'), 'Channel Home' => t('Channel Home'), 'View Profile' => t('View Profile'), 'Photos' => t('Photos'), diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php index 0f8db9350..ef7b4dfe1 100644 --- a/Zotlabs/Module/Wiki.php +++ b/Zotlabs/Module/Wiki.php @@ -6,19 +6,18 @@ class Wiki extends \Zotlabs\Web\Controller { function init() { // Determine which channel's wikis to display to the observer - $which = null; - if(argc() > 1) - $which = argv(1); // if the channel name is in the URL, use that - if(! $which) { // if no channel name was provided, assume the current logged in channel - if(local_channel()) { - $channel = \App::get_channel(); - if($channel && $channel['channel_address']) - $which = $channel['channel_address']; - goaway(z_root().'/wiki/'.$which); + $nick = null; + if (argc() > 1) + $nick = argv(1); // if the channel name is in the URL, use that + if (!$nick && local_channel()) { // if no channel name was provided, assume the current logged in channel + $channel = \App::get_channel(); + if ($channel && $channel['channel_address']) { + $nick = $channel['channel_address']; + goaway(z_root() . '/wiki/' . $nick); } } - if(! $which) { - notice( t('You must be logged in to see this page.') . EOL ); + if (!$nick) { + notice(t('You must be logged in to see this page.') . EOL); goaway('/login'); } } @@ -31,95 +30,103 @@ class Wiki extends \Zotlabs\Web\Controller { $wiki_owner = false; $showNewWikiButton = false; $pageHistory = array(); - if(local_channel()) { - $channel = \App::get_channel(); - } - - // Obtain the default permission settings of the channel - $channel_acl = array( - 'allow_cid' => $channel['channel_allow_cid'], - 'allow_gid' => $channel['channel_allow_gid'], - 'deny_cid' => $channel['channel_deny_cid'], - 'deny_gid' => $channel['channel_deny_gid'] - ); - // Initialize the ACL to the channel default permissions - $x = array( - 'lockstate' => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), - 'acl' => populate_acl($channel_acl), - 'bang' => '' - ); - + $local_observer = null; $resource_id = ''; $pagename = ''; - if(argc() > 1) { - $channel = get_channel_by_nick(argv(1)); - if(local_channel() === intval($channel['channel_id'])) { - $wiki_owner = true; - } + + // init() should have forced the URL to redirect to /wiki/channel so assume argc() > 1 + $nick = argv(1); + $channel = get_channel_by_nick($nick); // The channel who owns the wikis being viewed + if(! $channel) { + notice('Invalid channel' . EOL); + goaway('/' . argv(0)); } - // GET https://hubzilla.hub/argv(0)/argv(1)/argv(2)/argv(3)/argv(4)/... - if(argc() > 2) { - // GET /wiki/channel/wiki - // Check if wiki exists andr redirect if it does not - $w = wiki_exists_by_name($channel['channel_id'], argv(2)); - if(!$w['resource_id']) { - notice('Wiki not found' . EOL); - goaway('/'.argv(0).'/'.argv(1)); - } else { - $resource_id = $w['resource_id']; - } - if (!$wiki_owner) { - // Check for observer permissionswhich); - $observer_hash = get_observer_hash(); - $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash); - if(!$perms['read']) { - notice('Permission denied.' . EOL); + // Determine if the observer is the channel owner so the ACL dialog can be populated + if (local_channel() === intval($channel['channel_id'])) { + $local_observer = \App::get_channel(); + $wiki_owner = true; + + // Obtain the default permission settings of the channel + $channel_acl = array( + 'allow_cid' => $local_observer['channel_allow_cid'], + 'allow_gid' => $local_observer['channel_allow_gid'], + 'deny_cid' => $local_observer['channel_deny_cid'], + 'deny_gid' => $local_observer['channel_deny_gid'] + ); + // Initialize the ACL to the channel default permissions + $x = array( + 'lockstate' => (( $local_observer['channel_allow_cid'] || + $local_observer['channel_allow_gid'] || + $local_observer['channel_deny_cid'] || + $local_observer['channel_deny_gid']) + ? 'lock' : 'unlock'), + 'acl' => populate_acl($channel_acl), + 'bang' => '' + ); + } else { + // Not the channel owner + $channel_acl = $x = array(); + } + + switch (argc()) { + case 2: + // Configure page template + $wikiheader = t('Wiki Sandbox'); + $content = '"# Wiki Sandbox\n\nContent you **edit** and **preview** here *will not be saved*."'; + $hide_editor = false; + $showPageControls = false; + $showNewWikiButton = $wiki_owner; + $showNewPageButton = false; + break; + case 3: + // /wiki/channel/wiki -> No page was specified, so redirect to Home.md + goaway('/'.argv(0).'/'.argv(1).'/'.argv(2).'/Home.md'); + case 4: + // GET /wiki/channel/wiki/page + // Fetch the wiki info and determine observer permissions + $wikiname = argv(2); + $pagename = argv(3); + $w = wiki_exists_by_name($channel['channel_id'], $wikiname); + if(!$w['resource_id']) { + notice('Wiki not found' . EOL); goaway('/'.argv(0).'/'.argv(1)); + } + $resource_id = $w['resource_id']; + + if (!$wiki_owner) { + // Check for observer permissions + $observer_hash = get_observer_hash(); + $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash); + if(!$perms['read']) { + notice('Permission denied.' . EOL); + goaway('/'.argv(0).'/'.argv(1)); + } } - } - } - - if(argc()<3) { - // GET /wiki/channel - $channel = get_channel_by_nick(argv(1)); - $wikiheader = t('Wiki Sandbox'); - $content = '"# Wiki Sandbox\n\nContent you **edit** and **preview** here *will not be saved*."'; - $hide_editor = false; - $showPageControls = false; - $showNewWikiButton = $wiki_owner; - } elseif (argc()<4) { - // GET /wiki/channel/wiki - // No page was specified, so redirect to Home.md - goaway('/'.argv(0).'/'.argv(1).'/'.argv(2).'/Home.md'); - $wikiheader = rawurldecode(argv(2)); // show wiki name - $content = '""'; - $hide_editor = true; - // Until separate read and write permissions are implemented, only allow - // the wiki owner to see page controls - $showPageControls = $wiki_owner; - $showNewWikiButton = $wiki_owner; - } elseif (argc()<5) { - // GET /wiki/channel/wiki/page - $pagename = argv(3); - $wikiheader = rawurldecode(argv(2)) . ': ' . rawurldecode($pagename); // show wiki name and page - $p = wiki_get_page_content(array('wiki_resource_id' => $resource_id, 'page' => $pagename)); - if(!$p['success']) { - $content = 'Error retrieving page content. Try again.'; - } - $content = ($p['content'] !== '' ? $p['content'] : '"# New page\n"'); - $hide_editor = false; - $showPageControls = $wiki_owner; - $showNewWikiButton = $wiki_owner; - $pageHistory = wiki_page_history(array('resource_id' => $resource_id, 'page' => $pagename)); + $wikiheader = rawurldecode($wikiname) . ': ' . rawurldecode($pagename); // show wiki name and page + $p = wiki_get_page_content(array('resource_id' => $resource_id, 'page' => $pagename)); + if(!$p['success']) { + notice('Error retrieving page content' . EOL); + goaway('/'.argv(0).'/'.argv(1).'/'.argv(2)); + } + $content = ($p['content'] !== '' ? $p['content'] : '"# New page\n"'); + $hide_editor = false; + $showPageControls = $wiki_owner; + $showNewWikiButton = $wiki_owner; + $showNewPageButton = $wiki_owner; + $pageHistory = wiki_page_history(array('resource_id' => $resource_id, 'page' => $pagename)); + break; + default: // Strip the extraneous URL components + goaway('/'.argv(0).'/'.argv(1).'/'.argv(2).'/'.argv(3)); } - require_once('library/markdown.php'); - $renderedContent = Markdown(json_decode($content)); + // Render the Markdown-formatted page content in HTML + require_once('library/markdown.php'); $o .= replace_macros(get_markup_template('wiki.tpl'),array( '$wikiheader' => $wikiheader, '$hideEditor' => $hide_editor, '$showPageControls' => $showPageControls, '$showNewWikiButton'=> $showNewWikiButton, + '$showNewPageButton'=> $showNewPageButton, '$channel' => $channel['channel_address'], '$resource_id' => $resource_id, '$page' => $pagename, @@ -127,12 +134,12 @@ class Wiki extends \Zotlabs\Web\Controller { '$acl' => $x['acl'], '$bang' => $x['bang'], '$content' => $content, - '$renderedContent' => $renderedContent, + '$renderedContent' => Markdown(json_decode($content)), '$wikiName' => array('wikiName', t('Enter the name of your new wiki:'), '', ''), '$pageName' => array('pageName', t('Enter the name of the new page:'), '', ''), '$pageHistory' => $pageHistory['history'] )); - head_add_js('library/ace/ace.js'); + head_add_js('library/ace/ace.js'); // Ace Code Editor return $o; } @@ -151,13 +158,13 @@ class Wiki extends \Zotlabs\Web\Controller { // Create a new wiki // /wiki/channel/create/wiki if ((argc() > 3) && (argv(2) === 'create') && (argv(3) === 'wiki')) { - $which = argv(1); + $nick = argv(1); // Determine if observer has permission to create wiki $observer_hash = get_observer_hash(); if (local_channel()) { $channel = \App::get_channel(); } else { - $channel = get_channel_by_nick($which); + $channel = get_channel_by_nick($nick); // Figure out who the page owner is. $perms = get_all_perms(intval($channel['channel_id']), $observer_hash); // TODO: Create a new permission setting for wiki analogous to webpages. Until @@ -180,9 +187,9 @@ class Wiki extends \Zotlabs\Web\Controller { $homePage = wiki_create_page('Home.md', $r['item']['resource_id']); if(!$homePage['success']) { notice('Wiki created, but error creating Home page.'); - goaway('/wiki/'.$which.'/'.$name); + goaway('/wiki/'.$nick.'/'.$name); } - goaway('/wiki/'.$which.'/'.$name.'/Home.md'); + goaway('/wiki/'.$nick.'/'.$name.'/Home.md'); } else { notice('Error creating wiki'); goaway('/wiki'); @@ -191,12 +198,12 @@ class Wiki extends \Zotlabs\Web\Controller { // Delete a wiki if ((argc() > 3) && (argv(2) === 'delete') && (argv(3) === 'wiki')) { - $which = argv(1); + $nick = argv(1); // Determine if observer has permission to create wiki if (local_channel()) { $channel = \App::get_channel(); } else { - $channel = get_channel_by_nick($which); + $channel = get_channel_by_nick($nick); $observer_hash = get_observer_hash(); // Figure out who the page owner is. $perms = get_all_perms(intval($channel['channel_id']), $observer_hash); @@ -219,13 +226,13 @@ class Wiki extends \Zotlabs\Web\Controller { // Create a page if ((argc() === 4) && (argv(2) === 'create') && (argv(3) === 'page')) { - $which = argv(1); + $nick = argv(1); $resource_id = $_POST['resource_id']; // Determine if observer has permission to create wiki if (local_channel()) { $channel = \App::get_channel(); } else { - $channel = get_channel_by_nick($which); + $channel = get_channel_by_nick($nick); $observer_hash = get_observer_hash(); // Figure out who the page owner is. $perms = get_all_perms(intval($channel['channel_id']), $observer_hash); @@ -273,7 +280,7 @@ class Wiki extends \Zotlabs\Web\Controller { // Save a page if ((argc() === 4) && (argv(2) === 'save') && (argv(3) === 'page')) { - $which = argv(1); + $nick = argv(1); $resource_id = $_POST['resource_id']; $pagename = escape_tags(urlencode($_POST['name'])); $content = escape_tags($_POST['content']); //Get new content @@ -281,7 +288,7 @@ class Wiki extends \Zotlabs\Web\Controller { if (local_channel()) { $channel = \App::get_channel(); } else { - $channel = get_channel_by_nick($which); + $channel = get_channel_by_nick($nick); $observer_hash = get_observer_hash(); // Figure out who the page owner is. $perms = get_all_perms(intval($channel['channel_id']), $observer_hash); @@ -319,14 +326,14 @@ class Wiki extends \Zotlabs\Web\Controller { // Update page history // /wiki/channel/history/page if ((argc() === 4) && (argv(2) === 'history') && (argv(3) === 'page')) { - $which = argv(1); + $nick = argv(1); $resource_id = $_POST['resource_id']; $pagename = escape_tags(urlencode($_POST['name'])); // Determine if observer has permission to view content if (local_channel()) { $channel = \App::get_channel(); } else { - $channel = get_channel_by_nick($which); + $channel = get_channel_by_nick($nick); $observer_hash = get_observer_hash(); $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash); if (!$perms['read']) { diff --git a/app/wiki.apd b/app/wiki.apd new file mode 100644 index 000000000..95245055c --- /dev/null +++ b/app/wiki.apd @@ -0,0 +1,4 @@ +url: $baseurl/wiki/$nick +requires: local_channel +name: Wiki +photo: $baseurl/app/wiki.png diff --git a/app/wiki.png b/app/wiki.png new file mode 100644 index 000000000..31d981679 Binary files /dev/null and b/app/wiki.png differ diff --git a/include/widgets.php b/include/widgets.php index 536af8818..d9dac1afa 100644 --- a/include/widgets.php +++ b/include/widgets.php @@ -857,27 +857,27 @@ function widget_chatroom_members() { function widget_wiki_list($arr) { require_once("include/wiki.php"); - if (argc() > 1) { - $nick = argv(1); - $channel = get_channel_by_nick($nick); - } else { + $channel = null; + if (argc() < 2 && local_channel()) { + // This should not occur because /wiki should redirect to /wiki/channel ... $channel = \App::get_channel(); - $nick = $channel['channel_address']; - } - $wikis = wiki_list($channel, get_observer_hash()); - if (local_channel() === intval($channel['channel_id'])) { - $showControls = true; } else { - $showControls = false; + $channel = get_channel_by_nick(argv(1)); // Channel being viewed by observer } + if (!$channel) { + return ''; + } + $wikis = wiki_list($channel, get_observer_hash()); if ($wikis) { return replace_macros(get_markup_template('wikilist.tpl'), array( '$header' => t('Wiki List'), - '$channel' => $nick, + '$channel' => $channel['channel_address'], '$wikis' => $wikis['wikis'], - '$showControls' => $showControls + // If the observer is the local channel owner, show the wiki controls + '$showControls' => ((local_channel() === intval($channel['channel_id'])) ? true : false) )); } + return ''; } function widget_wiki_pages($arr) { diff --git a/include/wiki.php b/include/wiki.php index 14e8cc53a..84e7d8dfa 100644 --- a/include/wiki.php +++ b/include/wiki.php @@ -9,8 +9,9 @@ define ( 'WIKI_ITEM_RESOURCE_TYPE', 'wiki' ); function wiki_list($channel, $observer_hash) { $sql_extra = item_permissions_sql($channel['channel_id'], $observer_hash); - $wikis = q("SELECT * FROM item WHERE resource_type = '%s' AND mid = parent_mid AND item_deleted = 0 $sql_extra", - dbesc(WIKI_ITEM_RESOURCE_TYPE) + $wikis = q("SELECT * FROM item WHERE resource_type = '%s' AND mid = parent_mid AND uid = %d AND item_deleted = 0 $sql_extra", + dbesc(WIKI_ITEM_RESOURCE_TYPE), + intval($channel['channel_id']) ); // TODO: query db for wikis the observer can access. Return with two lists, for read and write access return array('wikis' => $wikis); @@ -195,8 +196,8 @@ function wiki_create_page($name, $resource_id) { function wiki_get_page_content($arr) { $page = ((array_key_exists('page',$arr)) ? $arr['page'] : ''); // TODO: look for page resource_id and retrieve that way alternatively - $wiki_resource_id = ((array_key_exists('wiki_resource_id',$arr)) ? $arr['wiki_resource_id'] : ''); - $w = wiki_get_wiki($wiki_resource_id); + $resource_id = ((array_key_exists('resource_id',$arr)) ? $arr['resource_id'] : ''); + $w = wiki_get_wiki($resource_id); if (!$w['path']) { return array('content' => null, 'message' => 'Error reading wiki', 'success' => false); } @@ -230,7 +231,7 @@ function wiki_page_history($arr) { if($reponame === '') { $reponame = 'repo'; } - $git = new GitRepo('sys', null, false, $w['wiki']['title'], $w['path']); + $git = new GitRepo('', null, false, $w['wiki']['title'], $w['path']); try { $gitlog = $git->git->log('', $page_path , array('limit' => 50)); logger('gitlog: ' . json_encode($gitlog)); @@ -272,7 +273,7 @@ function wiki_git_commit($arr) { if($reponame === '') { $reponame = 'repo'; } - $git = new GitRepo('sys', null, false, $w['wiki']['title'], $w['path']); + $git = new GitRepo($observer['xchan_addr'], null, false, $w['wiki']['title'], $w['path']); try { $git->setIdentity($observer['xchan_name'], $observer['xchan_addr']); if ($files === null) { diff --git a/view/tpl/wiki.tpl b/view/tpl/wiki.tpl index d2ce03f5a..86c503bb3 100644 --- a/view/tpl/wiki.tpl +++ b/view/tpl/wiki.tpl @@ -16,6 +16,8 @@
{{if $showNewWikiButton}} + {{/if}} + {{if $showNewPageButton}} {{/if}}