tiki-objectpermissions.php 28.5 KB
Newer Older
lrargerich's avatar
lrargerich committed
1
<?php
changi67's avatar
changi67 committed
2 3 4
/**
 * @package tikiwiki
 */
5
// (c) Copyright by authors of the Tiki Wiki CMS Groupware Project
6
//
7 8
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
9
// $Id$
changi67's avatar
changi67 committed
10

rjsmelo's avatar
rjsmelo committed
11 12 13
include_once('tiki-setup.php');
if (! empty($_REQUEST['objectType']) && $_REQUEST['objectType'] != 'global') {
	if (! isset($_REQUEST['objectName']) || empty($_REQUEST['objectId'])) {
14 15
		$smarty->assign('msg', tra('Not enough information to display this page'));
		$smarty->display('error.tpl');
16 17
		die;
	}
18
}
19

20 21 22 23 24 25
if (empty($_REQUEST['objectType'])) {
	 $_REQUEST['objectType'] = 'global';
	 $_REQUEST['objectName'] = '';
	 $_REQUEST['objectId'] = '';
}

rjsmelo's avatar
rjsmelo committed
26
$auto_query_args = [
27 28 29 30 31 32
	'referer',
	'reloff',
	'objectName',
	'objectType',
	'permType',
	'objectId',
33
	'filegals_manager',
34
	'insertion_syntax',
35
	//'show_disabled_features',	// this seems to cause issues - the $_GET version overrides the $_POST one...
rjsmelo's avatar
rjsmelo committed
36
];
37

38
$perm = 'tiki_p_assign_perm_' . preg_replace('/[ +]/', '_', $_REQUEST['objectType']);
39 40
if ($_REQUEST['objectType'] == 'wiki page') {
	if ($tiki_p_admin_wiki == 'y') {
41
		$special_perm = 'y';
42 43 44
	} else {
		$info = $tikilib->get_page_info($_REQUEST['objectName']);
		$tikilib->get_perm_object($_REQUEST['objectId'], $_REQUEST['objectType'], $info);
45
	}
rjsmelo's avatar
rjsmelo committed
46
} elseif ($_REQUEST['objectType'] == 'global') {
47
	$access->check_permission('tiki_p_admin');
48 49
} else {
	$tikilib->get_perm_object($_REQUEST['objectId'], $_REQUEST['objectType']);
50
	if ($_REQUEST['objectType'] == 'tracker') {
51 52
		$definition = Tracker_Definition::get($_REQUEST['objectId']);
		if ($groupCreatorFieldId = $definition->getWriterGroupField()) {
53 54 55
			$smarty->assign('group_tracker', 'y');
		}
	}
56
}
57

rjsmelo's avatar
rjsmelo committed
58
if (! ($tiki_p_admin_objects == 'y' || (isset($$perm) && $$perm == 'y') || (isset($special_perm) && $special_perm == 'y'))) {
59
	$smarty->assign('errortype', 401);
60 61
	$smarty->assign('msg', tra('You do not have permission to assign permissions for this object'));
	$smarty->display('error.tpl');
62
	die;
lrargerich's avatar
lrargerich committed
63
}
64

rjsmelo's avatar
rjsmelo committed
65
if (! isset($_REQUEST['referer'])) {
66
	if (isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], 'tiki-objectpermissions.php') === false) {
67
		$_REQUEST['referer'] = $_SERVER['HTTP_REFERER'];
68
	} else {
69
		unset($_REQUEST['referer']);
70
	}
lrargerich's avatar
lrargerich committed
71
}
72 73 74

if (isset($_REQUEST['referer'])) {
	$smarty->assign('referer', $_REQUEST['referer']);
75 76
} else {
	$smarty->assign('referer', '');
77
}
78 79 80

$_REQUEST['objectId'] = urldecode($_REQUEST['objectId']);
$_REQUEST['objectType'] = urldecode($_REQUEST['objectType']);
81
$_REQUEST['parentId'] = ! empty($_REQUEST['parentId']) ? urldecode($_REQUEST['parentId']) : null;
rjsmelo's avatar
rjsmelo committed
82
$_REQUEST['permType'] = ! empty($_REQUEST['permType']) ? urldecode($_REQUEST['permType']) : 'global';
83 84 85 86
$smarty->assign('objectName', $_REQUEST['objectName']);
$smarty->assign('objectId', $_REQUEST['objectId']);
$smarty->assign('objectType', $_REQUEST['objectType']);
$smarty->assign_by_ref('permType', $_REQUEST['permType']);
87

rjsmelo's avatar
rjsmelo committed
88
if ($_REQUEST['objectType'] == 'wiki') {
89 90 91 92
	$_REQUEST['objectType'] = 'wiki page';
}

$objectFactory = Perms_Reflection_Factory::getDefaultFactory();
93
$currentObject = $objectFactory->get($_REQUEST['objectType'], $_REQUEST['objectId'], $_REQUEST['parentId']);
94 95

$permissionApplier = new Perms_Applier;
96
$permissionApplier->addObject($currentObject);
97

rjsmelo's avatar
rjsmelo committed
98
if ($restrictions = perms_get_restrictions()) {
99
	$permissionApplier->restrictPermissions($restrictions);
100 101
}

102
if ($_REQUEST['objectType'] == 'wiki page') {
lphuberdeau's avatar
lphuberdeau committed
103
	$structlib = TikiLib::lib('struct');
104 105 106 107
	$pageInfoTree = $structlib->s_get_structure_pages($structlib->get_struct_ref_id($_REQUEST['objectId']));
	if (count($pageInfoTree) > 1) {
		$smarty->assign('inStructure', 'y');
	}
108

109
	// If assign to structure is requested, add subelements to the applier
rjsmelo's avatar
rjsmelo committed
110 111
	if (! empty($_REQUEST['assignstructure']) && $_REQUEST['assignstructure'] == 'on' && ! empty($pageInfoTree)) {
		foreach ($pageInfoTree as $subPage) {
112 113
			$sub = $objectFactory->get($_REQUEST['objectType'], $subPage['pageName']);
			$permissionApplier->addObject($sub);
114 115
		}
	}
lphuberdeau's avatar
lphuberdeau committed
116
	$cachelib = TikiLib::lib('cache');
rjsmelo's avatar
rjsmelo committed
117 118
	$cachelib->empty_type_cache('menu_');
	$cachelib->empty_type_cache('structure_');
119 120
}

rjsmelo's avatar
rjsmelo committed
121
if ($_REQUEST['objectType'] == 'category' && isset($_REQUEST['propagate_category'])) {
122
	$categlib = TikiLib::lib('categ');
123
	$descendants = $categlib->get_category_descendants($_REQUEST['objectId']);
124

rjsmelo's avatar
rjsmelo committed
125
	foreach ($descendants as $child) {
126
		$o = $objectFactory->get($_REQUEST['objectType'], $child, $_REQUEST['objectId']);
127
		$permissionApplier->addObject($o);
128 129 130
	}
}

131 132
// apply feature filter change
if (isset($_REQUEST['feature_select'])) {
rjsmelo's avatar
rjsmelo committed
133 134
	if (! isset($_REQUEST['feature_filter'])) {
		$_REQUEST['feature_filter'] = [];
135 136 137 138 139 140 141
	}
	$tikilib->set_user_preference($user, 'objectperm_admin_features', serialize($_REQUEST['feature_filter']));
	$cookietab = '1';
}

$feature_filter = unserialize($tikilib->get_user_preference($user, 'objectperm_admin_features'));

142 143
// apply group filter change
if (isset($_REQUEST['group_select'])) {
rjsmelo's avatar
rjsmelo committed
144 145
	if (! isset($_REQUEST['group_filter'])) {
		$_REQUEST['group_filter'] = [];
146 147 148 149 150 151 152 153 154
	}
	$tikilib->set_user_preference($user, 'objectperm_admin_groups', serialize($_REQUEST['group_filter']));
	$cookietab = '1';
}

$group_filter = unserialize($tikilib->get_user_preference($user, 'objectperm_admin_groups'));

// Get a list of groups
$groups = $userlib->get_groups(0, -1, 'id_asc', '', '', 'n');
155
$smarty->assign_by_ref('groups', $groups['data']);
156

157
$OBJECTPERM_ADMIN_MAX_GROUPS = 4;
158

159 160
if ($group_filter === false) {
	$c = 0;
161
	foreach ($groups['data'] as $g) {	//	filter out if too many groups and hide Admins by default
162
		if ($c < $OBJECTPERM_ADMIN_MAX_GROUPS && $g['groupName'] != 'Admins') {
163
			$group_filter[] = $g['id'];
164
			$c++;
165 166
		}
	}
167
	if (count($groups['data']) > $OBJECTPERM_ADMIN_MAX_GROUPS) {
168 169 170 171
		$cookietab = '2';
		$smarty->assign('groupsFiltered', 'y');
	}
	$tikilib->set_user_preference($user, 'objectperm_admin_groups', serialize($group_filter));
172 173
}

174 175
if (isset($_REQUEST['group'])) {
	$grp_id = 0;
176
	foreach ($groups['data'] as $grp) {
177 178
		if ($grp['groupName'] == $_REQUEST['group']) {
			$grp_id = $grp['id'];
179
			break;
180 181
		}
	}
rjsmelo's avatar
rjsmelo committed
182
	if ($grp_id > 0 && ! in_array($grp_id, $group_filter)) {
183 184 185 186
		$group_filter[] = $grp_id;
	}
}

187
// Process the form to assign a new permission to this object
rjsmelo's avatar
rjsmelo committed
188
if (isset($_REQUEST['assign']) && ! isset($_REQUEST['quick_perms'])) {
189
	$access->check_authenticity(tr('Are you sure you want to modify permissions?'));
rjsmelo's avatar
rjsmelo committed
190
	if (isset($_REQUEST['perm']) && ! empty($_REQUEST['perm'])) {
191 192
		foreach ($_REQUEST['perm'] as $group => $gperms) {
			foreach ($gperms as $perm) {
rjsmelo's avatar
rjsmelo committed
193
				if ($tiki_p_admin_objects != 'y' && ! $userlib->user_has_perm_on_object($user, $_REQUEST['objectId'], $_REQUEST['objectType'], $perm)) {
194 195 196 197 198
					$smarty->assign('errortype', 401);
					$smarty->assign('msg', tra('Permission denied'));
					$smarty->display('error.tpl');
					die;
				}
199 200 201 202
			}
		}
	}
	$newPermissions = get_assign_permissions();
203
	$permissionApplier->apply($newPermissions);
204 205 206
	if (isset($_REQUEST['group'])) {
		$smarty->assign('groupName', $_REQUEST['group']);
	}
207

208 209 210 211 212 213
	//identify permissions changed for feedback message
	$newPerms = $_REQUEST['perm'];
	$oldPerms = $_REQUEST['old_perm'];
	$groupNames = array_unique(array_merge(array_keys($newPerms), array_keys($oldPerms)));
	$changed = [];
	foreach ($groupNames as $groupName) {
rjsmelo's avatar
rjsmelo committed
214 215
		$newPerms[$groupName] = ! isset($newPerms[$groupName]) ? [] : $newPerms[$groupName];
		$oldPerms[$groupName] = ! isset($oldPerms[$groupName]) ? [] : $oldPerms[$groupName];
216 217 218
		$changed['added'][$groupName] = array_diff($newPerms[$groupName], $oldPerms[$groupName]);
		$changed['deleted'][$groupName] = array_diff($oldPerms[$groupName], $newPerms[$groupName]);
	}
219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266

	$groupInheritance = [];
	foreach ($groups['data'] as $row) {
		if ($group_filter !== false && in_array($row['id'], $group_filter)) {
			$groupList[] = $row['groupName'];
			$groupInheritance[] = $userlib->get_included_groups($row['groupName']);
		}
	}

	foreach ($changed['added'] as $groupName => $addPerms) { // group messages about permissions added by parent group
		if (count($addPerms) == 0) {
			continue;
		}

		$isParentGroup = false;
		foreach ($groupInheritance as $index => $gi) {
			if (is_array($gi) && in_array($groupName, $gi)) {
				$delPerms = $changed['deleted'][$groupList[$index]];
				$changed['deleted'][$groupList[$index]] = array_diff($delPerms, $addPerms);
				$isParentGroup = true;
			}
		}

		if ($isParentGroup) {
			$changed['added'][tr('%0 and all the children groups', $groupName)] = $changed['added'][$groupName];
			unset($changed['added'][$groupName]);
		}
	}

	foreach ($changed['deleted'] as $groupName => $delPerms) {  // group messages about permissions removed by parent group
		if (count($delPerms) == 0) {
			continue;
		}

		$isParentGroup = false;
		foreach ($groupInheritance as $index => $gi) {
			if (is_array($gi) && in_array($groupName, $gi)) {
				$isParentGroup = true;
				break;
			}
		}

		if ($isParentGroup) {
			$changed['deleted'][tr('%0 and all the children groups', $groupName)] = $changed['deleted'][$groupName];
			unset($changed['deleted'][$groupName]);
		}
	}

267 268 269 270
	if (in_array('tiki_p_admin', $changed['deleted']['Admins'])) {
		unset($changed['deleted']['Admins'][array_search('tiki_p_admin', $changed['deleted']['Admins'])]);
	}

271
	//clean up array of changed permissions and indicate section for feedback
272 273 274 275 276 277
	$permInfo = $userlib->get_enabled_permissions();
	$changeCount = 0;
	foreach ($changed as $directionName => $directionInfo) {
		foreach ($directionInfo as $groupName => $groupInfo) {
			if (empty($groupInfo)) {
				unset($changed[$directionName][$groupName]);
278
			} else {
279 280 281
				foreach ($groupInfo as $no => $p) {
					$changed[$directionName][$groupName][$no] = $p . ' (' . $permInfo[$p]['type'] . ')';
					$changeCount++;
282 283 284
				}
			}
		}
285 286
		if (empty($changed[$directionName])) {
			unset($changed[$directionName]);
287 288
		}
	}
289
	if ($changeCount > 0) {
290 291 292 293 294
		Feedback::add(['type' => $_REQUEST['permType'],
			'mes' => $changed,
			'objname' => $_REQUEST['objectName'],
			'objid' => $_REQUEST['objectId'],
			'objtype' => $_REQUEST['objectType'],
295
			'count' => $changeCount,
296 297 298 299
			'tpl' => 'perm']);
	} else {
		Feedback::note(tr('No permissions were changed'));
	}
300 301
}

302
if (isset($_REQUEST['remove'])) {
303
	$access->check_authenticity(tra('Are you sure you want to remove the direct permissions from this object?'));
304
	$newPermissions = new Perms_Reflection_PermissionSet;
305
	$permissionApplier->apply($newPermissions);
306 307
}

308 309
if (isset($_REQUEST['copy'])) {
	$newPermissions = get_assign_permissions();
310
	$filter = TikiFilter::get('text');
rjsmelo's avatar
rjsmelo committed
311
	$to_copy = [
312 313 314
					'perms' => $newPermissions->getPermissionArray(),
					'object' => $filter->filter($_REQUEST['objectId']),
					'type' => $filter->filter($_REQUEST['objectType'])
rjsmelo's avatar
rjsmelo committed
315
	];
316
	$_SESSION['perms_clipboard'] = $to_copy;
317 318
}

rjsmelo's avatar
rjsmelo committed
319
if (! empty($_SESSION['perms_clipboard'])) {
320
	$perms_clipboard = $_SESSION['perms_clipboard'];
321
	$smarty->assign(
322 323
		'perms_clipboard_source',
		$perms_clipboard['type'] . (empty($perms_clipboard['object']) ? '' : ' : ') . $perms_clipboard['object']
324
	);
325 326

	if (isset($_REQUEST['paste'])) {
327
		$access->check_authenticity(tra('Are you sure you want to paste the copied permissions into this object?'));
328
		unset($_SESSION['perms_clipboard']);
329

330
		$set = new Perms_Reflection_PermissionSet;
331

rjsmelo's avatar
rjsmelo committed
332 333 334
		if (isset($perms_clipboard['perms'])) {
			foreach ($perms_clipboard['perms'] as $group => $gperms) {
				foreach ($gperms as $perm) {
335
					$set->add($group, $perm);
336 337 338
				}
			}
		}
339
		$permissionApplier->apply($set);
340
		$smarty->assign('perms_clipboard_source', '');
341 342 343
	}
}

344 345 346 347
// Prepare display
// Get the individual object permissions if any
$displayedPermissions = get_displayed_permissions();

348
//Quickperms apply {{{
349
//Test to map permissions of ile galleries into read write admin admin levels.
rjsmelo's avatar
rjsmelo committed
350
if ($prefs['feature_quick_object_perms'] == 'y') {
351 352
	$qperms = quickperms_get_data();
	$smarty->assign('quickperms', $qperms);
353
	$quickperms = new Perms_Reflection_Quick;
354

rjsmelo's avatar
rjsmelo committed
355
	foreach ($qperms as $type => $data) {
356
		$quickperms->configure($type, $data['data']);
357 358
	}

rjsmelo's avatar
rjsmelo committed
359 360
	$groupNames = [];
	foreach ($groups['data'] as $key => $group) {
361 362 363 364 365
		$groupNames[] = $group['groupName'];
	}

	$map = $quickperms->getAppliedPermissions($displayedPermissions, $groupNames);

rjsmelo's avatar
rjsmelo committed
366
	foreach ($groups['data'] as $key => $group) {
367 368 369
		$groups['data'][$key]['groupSumm'] = $map[ $group['groupName'] ];
	}

370
	if (isset($_REQUEST['assign']) && isset($_REQUEST['quick_perms'])) {
371
		$access->check_authenticity(tr('Are you sure you want to modify permissions?'));
372

373
		$groups = $userlib->get_groups(0, -1, 'groupName_asc', '', '', 'n');
374

rjsmelo's avatar
rjsmelo committed
375
		$userInput = [];
376
		foreach ($groups['data'] as $group) {
377 378
			$groupNameEncoded = rawurlencode($group['groupName']);
			if (isset($_REQUEST['perm_' . $groupNameEncoded])) {
379
				$group = $group['groupName'];
380
				$permission = $_REQUEST['perm_' . $groupNameEncoded];
381 382

				$userInput[$group] = $permission;
383 384
			}
		}
385 386

		$current = $currentObject->getDirectPermissions();
387
		$newPermissions = $quickperms->getPermissions($current, $userInput);
388 389 390
		if (! $newPermissions->has('Admins', 'tiki_p_admin')) {
			$newPermissions->add('Admins', 'tiki_p_admin');
		}
391
		$permissionApplier->apply($newPermissions);
392 393 394 395 396 397
		$url = $_SERVER['REQUEST_URI'];
		$query = array_filter(array_intersect_key($_REQUEST, array_flip(['objectType', 'objectId', 'permType', 'objectName'])));
		if ($query) {
			$url .= '?' . http_build_query($query, null, '&');
		}
		$access->redirect($url);
398 399
	}
}
400 401

if (isset($_REQUEST['used_groups'])) {
rjsmelo's avatar
rjsmelo committed
402 403
	$group_filter = [];
	foreach ($displayedPermissions->getPermissionArray() as $group => $perms) {
404 405 406 407
		$group_filter[] = $group;
		$group_filter = array_merge($group_filter, $userlib->get_including_groups($group, 'y'));
	}
	if (empty($group_filter)) {
rjsmelo's avatar
rjsmelo committed
408
		$group_filter = ['Anonymous', 'Registered', 'Admins'];
409
	}
rjsmelo's avatar
rjsmelo committed
410
	foreach ($group_filter as $i => $group) {
411 412 413 414 415 416
		$ginfo = $userlib->get_group_info($group);
		$group_filter[$i] = $ginfo['id'];
	}
	$cookietab = 1;
}

417

418 419
// get groupNames etc - TODO: jb will tidy...
//$checkboxInfo = array();
rjsmelo's avatar
rjsmelo committed
420 421 422 423
$permGroups = [];
$groupNames = [];
$groupIndices = [];
$groupInheritance = [];
424

425
foreach ($groups['data'] as &$row) {
sylvieg's avatar
sylvieg committed
426
	if ($group_filter !== false && in_array($row['id'], $group_filter)) {
427
		$groupNames[] = $row['groupName'];
rjsmelo's avatar
rjsmelo committed
428
		$permGroups[] = 'perm[' . $row['groupName'] . ']';
429 430
		$groupInheritance[] = $userlib->get_included_groups($row['groupName']);
		$inh = $userlib->get_included_groups($row['groupName']);
431

432
		$groupIndices[] = $row['groupName'] . '_hasPerm';
433

434
		$row['in_group_filter'] = 'y';
435
	} else {
436
		$row['in_group_filter'] = 'n';
437
	}
438 439

	// info for nested group treetable
rjsmelo's avatar
rjsmelo committed
440
	$parents = array_merge([$row['groupName']], $userlib->get_included_groups($row['groupName']));
441 442 443 444
	$parents = preg_replace('/[\s,]+/', '_', $parents);
	$parents = implode(",", array_reverse($parents));
	$row['parents'] = $parents;

445 446 447 448 449
// More TODO - merge all this into a single array - but that means considerable changes to treetable (soon)
//	$checkboxInfo[] = array('name' => $row['groupName'],
//						 'key' => 'perm['.$row['groupName'].']',
//						 'index' => $groupIndex,
//						 'inheritance' => $inh);
450 451
}

452
$smarty->assign('permGroups', $permGroups);
453
$smarty->assign('permGroupCols', $groupIndices);
454
$smarty->assign('groupNames', $groupNames);
455
//$smarty->assign('groupInheritance', $groupInheritance);
456 457 458


// Get the big list of permissions
459
if (isset($_REQUEST['show_disabled_features']) && ($_REQUEST['show_disabled_features'] == 'on' || $_REQUEST['show_disabled_features'] == 'y')) {
460
	$show_disabled_features = 'y';
461
} else {
462
	$show_disabled_features = 'n';
463 464
}
$smarty->assign('show_disabled_features', $show_disabled_features);
465 466

// get "master" list of all perms
467
$candidates = $userlib->get_permissions(0, -1, 'permName_asc', '', $_REQUEST['permType'], '', $show_disabled_features != 'y' ? true : false);
468

469 470
// list of all features
$ftemp = $userlib->get_permission_types();
rjsmelo's avatar
rjsmelo committed
471
$features = [];
472
foreach ($ftemp as $f) {
rjsmelo's avatar
rjsmelo committed
473
	$features[] = ['featureName' => $f, 'in_feature_filter' => $feature_filter === false || in_array($f, $feature_filter) ? 'y' : 'n'];
474
}
rjsmelo's avatar
rjsmelo committed
475
$features_enabled = [];
476 477

// build $masterPerms list and used (enabled) features
rjsmelo's avatar
rjsmelo committed
478
$masterPerms = [];
479

480
foreach ($candidates['data'] as $perm) {
481
	$perm['label'] = tra($perm['permDesc']) . ' <em>(' . $perm['permName'] . ')</em>' . '<span style="display:none;">' . tra($perm['level'] . '</span>');
482

rjsmelo's avatar
rjsmelo committed
483
	foreach ($groupNames as $index => $groupName) {
484
		$p = $displayedPermissions->has($groupName, $perm['permName']) ? 'y' : 'n';
485 486
		$perm[$groupName . '_hasPerm'] = $p;
		$perm[$groupIndices[$index]] = $p;
487
	}
488

489 490 491
	// work out if specific feature is on
	$pref_feature = false;
	if (isset($perm['feature_check'])) {
492
		foreach (explode(',', $perm['feature_check']) as $fchk) {
493 494 495 496 497 498 499 500
			if ($prefs[$fchk] == 'y') {
				$pref_feature = true;
				break;
			}
		}
	} else {	// if no feature check you can't turn them off (?)
		$pref_feature = true;
	}
501

502 503 504 505
	if (($feature_filter === false || in_array($perm['type'], $feature_filter))
				&& ($restrictions === false || in_array($perm['permName'], $restrictions))
				&& $pref_feature
	) {
506
		$masterPerms[] = $perm;
507
	}
rjsmelo's avatar
rjsmelo committed
508
	if ($show_disabled_features != 'y' && ! in_array($perm['type'], $features_enabled)) {
509
		// perms can be dependant on multiple features
510
		if ($pref_feature) {
511 512 513
			$features_enabled[] = $perm['type'];
		}
	}
514 515
}

516
if ($show_disabled_features != 'y') {
rjsmelo's avatar
rjsmelo committed
517
	$features_filtered = [];
518
	foreach ($features as $f) {
rjsmelo's avatar
rjsmelo committed
519
		if (in_array($f['featureName'], $features_enabled) && ! in_array($f, $features_filtered)) {
520 521 522 523 524
			$features_filtered[] = $f;
		}
	}
	$features = $features_filtered;
}
525

526
$smarty->assign_by_ref('perms', $masterPerms);
527
$smarty->assign_by_ref('features', $features);
528

529
// Create JS to set up checkboxs (showing group inheritance)
530
$js = '$("#perms_busy").show();
531 532
';
$i = 0;
rjsmelo's avatar
rjsmelo committed
533
foreach ($groupNames as $groupName) {
534
	$groupName = addslashes($groupName);
535
	$beneficiaries = '';
rjsmelo's avatar
rjsmelo committed
536 537 538 539
	foreach ($groupInheritance as $index => $gi) {
		if (is_array($gi) && in_array($groupName, $gi)) {
			$beneficiaries .= ! empty($beneficiaries) ? ',' : '';
			$beneficiaries .= 'input[name="perm[' . addslashes($groupNames[$index]) . '][]"]';
540 541 542
		}
	}

543 544 545 546
	$js .= "\$('input[name=\"perm[$groupName][]\"]').eachAsync({
	delay: 10,
	bulk: 0,
";
rjsmelo's avatar
rjsmelo committed
547
	if ($i == count($groupNames) - 1) {
548
		$js .= "end: function () {
549
				\$('#perms_busy').hide();
550
			},
551
";
552
	}
553
	$js .= "loop: function() { 		// each one of this group
554

555
	if (\$(this).is(':checked')) {
556
		\$('input[value=\"'+\$(this).val()+'\"]').					// other checkboxes of same value (perm)
557 558 559
			filter('$beneficiaries').								// which inherit from this
			prop('checked',\$(this).is(':checked')).				// check and disable
			prop('disabled',\$(this).is(':checked'));
560
	}
561

562
	\$(this).on( 'change', function(e, parent) {	// bind click event
563

564
		if (\$(this).is(':checked')) {
565
			\$('input[value=\"'+\$(this).val()+'\"]').			// same...
566 567 568 569 570 571
				filter('$beneficiaries').each(function() {
					$(this).
						prop('checked',true).					// check?
						prop('disabled',true).					// disable
						trigger('change', [this]);
				});
572
		} else {
573
			\$('input[value=\"'+\$(this).val()+'\"]').			// same...
574 575 576 577 578 579
				filter('$beneficiaries').each(function() {
					$(this).
						prop('checked',false).					// check?
						prop('disabled',false).					// disable
						trigger('change', [this]);
				});
580
		}
581
	});
582
}
583 584
});

585
";
586
	$i++;
587 588
}	// end of for $groupNames loop

589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609
	// add cell colouring helpers
	$js .= '
$("table.objectperms input[type=checkbox]").change(function () {
	var $this = $(this);
	var $parent = $this.parent();
	if ($this.is(":checked")) {
		if ($parent.hasClass("removed")) {
			$parent.removeClass("removed");
		} else {
			$parent.addClass("added");
		}
	} else {
		if ($parent.hasClass("added")) {
			$parent.removeClass("added");
		} else {
			$parent.addClass("removed");
		}
	}
});
';

610
$headerlib->add_jq_onready($js);
611

612 613
// setup smarty remarks flags

614
// Display the template
changi67's avatar
changi67 committed
615 616
$smarty->assign('mid', 'tiki-objectpermissions.tpl');
if (isset($_REQUEST['filegals_manager']) && $_REQUEST['filegals_manager'] != '') {
617
	$smarty->assign('filegals_manager', $_REQUEST['filegals_manager']);
618
	$smarty->display('tiki-print.tpl');
changi67's avatar
changi67 committed
619
} else {
620
	$smarty->display('tiki.tpl');
621
}
622 623


624 625 626
/**
 * @return mixed
 */
627 628
function get_assign_permissions()
{
629
	global $objectFactory;
630

631
	// get existing perms
632
	$currentObject = $objectFactory->get($_REQUEST['objectType'], $_REQUEST['objectId'], $_REQUEST['parentId']);
633
	$currentPermissions = $currentObject->getDirectPermissions();
634
	if (count($currentPermissions->getPermissionArray()) === 0) {
635 636
		// get "default" perms so disabled feature perms don't get removed
		$currentPermissions = $currentObject->getParentPermissions();
637
	}
638

639
	// set any checked ones
rjsmelo's avatar
rjsmelo committed
640 641 642
	if (isset($_REQUEST['perm']) && ! empty($_REQUEST['perm'])) {
		foreach ($_REQUEST['perm'] as $group => $gperms) {
			foreach ($gperms as $perm) {
643
				$currentPermissions->add($group, $perm);
644 645 646
			}
		}
	}
647

648
	// unset any old_perms not there now
rjsmelo's avatar
rjsmelo committed
649 650 651 652
	if (isset($_REQUEST['old_perm'])) {
		foreach ($_REQUEST['old_perm'] as $group => $gperms) {
			foreach ($gperms as $perm) {
				if (! isset($_REQUEST['perm'][$group]) || ! in_array($perm, $_REQUEST['perm'][$group])) {
653
					$currentPermissions->remove($group, $perm);
654
				}
655 656 657
			}
		}
	}
658

659
	return $currentPermissions;
660 661
}

662 663 664
/**
 * @return array
 */
665 666
function quickperms_get_data()
{
rjsmelo's avatar
rjsmelo committed
667
	if ($_REQUEST['permType'] == 'file galleries') {
668 669 670 671 672 673
		return quickperms_get_filegal();
	} else {
		return quickperms_get_generic();
	}
}

674 675 676
/**
 * @return array
 */
677 678
function quickperms_get_filegal()
{
rjsmelo's avatar
rjsmelo committed
679 680
	return [
		'admin' => [
681
			'name' => 'admin',
rjsmelo's avatar
rjsmelo committed
682
			'data' => [
683 684 685 686 687 688 689 690 691
				'tiki_p_admin_file_galleries' => 'tiki_p_admin_file_galleries',
				'tiki_p_assign_perm_file_gallery' => 'tiki_p_assign_perm_file_gallery',
				'tiki_p_batch_upload_files' => 'tiki_p_batch_upload_files',
				'tiki_p_batch_upload_file_dir' => 'tiki_p_batch_upload_file_dir',
				'tiki_p_create_file_galleries' => 'tiki_p_create_file_galleries',
				'tiki_p_download_files' => 'tiki_p_download_files',
				'tiki_p_edit_gallery_file' => 'tiki_p_edit_gallery_file',
				'tiki_p_list_file_galleries' => 'tiki_p_list_file_galleries',
				'tiki_p_upload_files' => 'tiki_p_upload_files',
692
				'tiki_p_remove_files' => 'tiki_p_remove_files',
693 694 695
				'tiki_p_view_fgal_explorer' => 'tiki_p_view_fgal_explorer',
				'tiki_p_view_fgal_path' => 'tiki_p_view_fgal_path',
				'tiki_p_view_file_gallery' => 'tiki_p_view_file_gallery',
rjsmelo's avatar
rjsmelo committed
696 697 698
			],
		],
		'write' => [
699
			'name' => 'write',
rjsmelo's avatar
rjsmelo committed
700
			'data' => [
701 702 703 704 705 706 707
				'tiki_p_batch_upload_files' => 'tiki_p_batch_upload_files',
				'tiki_p_batch_upload_file_dir' => 'tiki_p_batch_upload_file_dir',
				'tiki_p_create_file_galleries' => 'tiki_p_create_file_galleries',
				'tiki_p_download_files' => 'tiki_p_download_files',
				'tiki_p_edit_gallery_file' => 'tiki_p_edit_gallery_file',
				'tiki_p_list_file_galleries' => 'tiki_p_list_file_galleries',
				'tiki_p_upload_files' => 'tiki_p_upload_files',
708
				'tiki_p_remove_files' => 'tiki_p_remove_files',
709 710 711
				'tiki_p_view_fgal_explorer' => 'tiki_p_view_fgal_explorer',
				'tiki_p_view_fgal_path' => 'tiki_p_view_fgal_path',
				'tiki_p_view_file_gallery' => 'tiki_p_view_file_gallery',
rjsmelo's avatar
rjsmelo committed
712 713 714
			],
		],
		'read' => [
715
			'name' => 'read',
rjsmelo's avatar
rjsmelo committed
716
			'data' => [
717 718 719 720 721
				'tiki_p_download_files' => 'tiki_p_download_files',
				'tiki_p_list_file_galleries' => 'tiki_p_list_file_galleries',
				'tiki_p_view_fgal_explorer' => 'tiki_p_view_fgal_explorer',
				'tiki_p_view_fgal_path' => 'tiki_p_view_fgal_path',
				'tiki_p_view_file_gallery' => 'tiki_p_view_file_gallery',
rjsmelo's avatar
rjsmelo committed
722 723 724
			],
		],
		'none' => [
725
			'name' => 'none',
rjsmelo's avatar
rjsmelo committed
726 727 728 729
			'data' => [
			],
		],
	];
730 731
}

732 733 734
/**
 * @return array
 */
735 736
function quickperms_get_generic()
{
737
	$userlib = TikiLib::lib('user');
738

739
	$databaseperms = $userlib->get_permissions(0, -1, 'permName_asc', '', $_REQUEST['permType'], '', true);
740
	foreach ($databaseperms['data'] as $perm) {
rjsmelo's avatar
rjsmelo committed
741
		if ($perm['level'] == 'basic') {
742
			$quickperms_['basic'][$perm['permName']] = $perm['permName'];
rjsmelo's avatar
rjsmelo committed
743
		} elseif ($perm['level'] == 'registered') {
744
			$quickperms_['registered'][$perm['permName']] = $perm['permName'];
rjsmelo's avatar
rjsmelo committed
745
		} elseif ($perm['level'] == 'editors') {
746
			$quickperms_['editors'][$perm['permName']] = $perm['permName'];
rjsmelo's avatar
rjsmelo committed
747
		} elseif ($perm['level'] == 'admin') {
748
			$quickperms_['admin'][$perm['permName']] = $perm['permName'];
rjsmelo's avatar
rjsmelo committed
749
		}
750 751
	}

rjsmelo's avatar
rjsmelo committed
752 753 754 755 756 757 758 759 760 761 762 763
	if (! isset($quickperms_['basic'])) {
		$quickperms_['basic'] = [];
	}
	if (! isset($quickperms_['registered'])) {
		$quickperms_['registered'] = [];
	}
	if (! isset($quickperms_['editors'])) {
		$quickperms_['editors'] = [];
	}
	if (! isset($quickperms_['admin'])) {
		$quickperms_['admin'] = [];
	}
764

rjsmelo's avatar
rjsmelo committed
765
	$perms = [];
766
	$perms['basic']['name'] = 'basic';
767
	$perms['basic']['data'] = array_merge($quickperms_['basic']);
768
	$perms['registered']['name'] = 'registered';
769
	$perms['registered']['data'] = array_merge($quickperms_['basic'], $quickperms_['registered']);
770 771 772
	$perms['editors']['name'] = 'editors';

	$perms['editors']['data'] = array_merge(
773 774 775
		$quickperms_['basic'],
		$quickperms_['registered'],
		$quickperms_['editors']
776 777 778 779 780
	);

	$perms['admin']['name'] = 'admin';

	$perms['admin']['data'] = array_merge(
781 782 783 784
		$quickperms_['basic'],
		$quickperms_['registered'],
		$quickperms_['editors'],
		$quickperms_['admin']
785 786
	);
	$perms['none']['name'] = 'none';
rjsmelo's avatar
rjsmelo committed
787
	$perms['none']['data'] = [];
788 789 790

	return $perms;
}
791

792 793 794
/**
 * @return array|bool
 */
795 796
function perms_get_restrictions()
{
797
	$userlib = TikiLib::lib('user');
798 799
	$perms = Perms::get();

rjsmelo's avatar
rjsmelo committed
800
	if ($perms->admin_objects) {
801 802 803
		return false;
	}

804
	$masterPerms = $userlib->get_permissions(0, -1, 'permName_asc', '', $_REQUEST['permType']);
805 806
	$masterPerms = $masterPerms['data'];

rjsmelo's avatar
rjsmelo committed
807
	$allowed = [];
808
	// filter out non-admin's unavailable perms
809
	foreach ($masterPerms as $perm) {
810 811
		$name = $perm['permName'];

rjsmelo's avatar
rjsmelo committed
812
		if ($perms->$name) {
813 814 815 816 817 818 819
			$allowed[] = $name;
		}
	}

	return $allowed;
}

820 821 822
/**
 * @return mixed
 */
823 824
function get_displayed_permissions()
{
825 826
	global $objectFactory;
	$smarty = TikiLib::lib('smarty');
827

828
	$currentObject = $objectFactory->get($_REQUEST['objectType'], $_REQUEST['objectId'], $_REQUEST['parentId']);
829
	$displayedPermissions = $currentObject->getDirectPermissions();
830
	$globPerms = $objectFactory->get('global', null)->getDirectPermissions();	// global perms
831

832
	$comparator = new Perms_Reflection_PermissionComparator($displayedPermissions, new Perms_Reflection_PermissionSet);
833 834

	$smarty->assign('permissions_displayed', 'direct');
rjsmelo's avatar
rjsmelo committed
835
	if ($comparator->equal()) {
836
		$parent = $currentObject->getParentPermissions();							// inherited perms (could be category ones)
837 838
		$comparator = new Perms_Reflection_PermissionComparator($globPerms, $parent);

839 840 841 842 843 844 845 846 847 848 849 850 851 852 853
		if ($comparator->equal()) {
			$smarty->assign('permissions_displayed', 'global');
		} else {																	// parent not globals, check parent object or category
			$parentType = Perms::parentType($_REQUEST['objectType']);
			$parentObject = $objectFactory->get($parentType, $_REQUEST['parentId']);
			$parentPerms = $parentObject->getDirectPermissions();
			$comparator = new Perms_Reflection_PermissionComparator($parentPerms, $parent);
			if ($comparator->equal()) {
				$smarty->assign('permissions_displayed', 'parent');
				$smarty->assign('permissions_parent_id', $_REQUEST['parentId']);
				$smarty->assign('permissions_parent_type', $parentType);
				$smarty->assign('permissions_parent_name', TikiLib::lib('object')->get_title($parentType, $_REQUEST['parentId']));
			} else {
				$smarty->assign('permissions_displayed', 'category');
			}
854
		}
855
		$displayedPermissions = $parent;
856
	} else {																		// direct object perms
857
		$comparator = new Perms_Reflection_PermissionComparator($globPerms, $displayedPermissions);
rjsmelo's avatar
rjsmelo committed
858 859
		$permissions_added = [];
		$permissions_removed = [];
860
		foreach ($comparator->getAdditions() as $p) {
rjsmelo's avatar
rjsmelo committed
861 862
			if (! isset($permissions_added[$p[0]])) {
				$permissions_added[$p[0]] = [];
863 864
			}
			$permissions_added[$p[0]][] = str_replace('tiki_p_', '', $p[1]);
865
		}
866
		foreach ($comparator->getRemovals() as $p) {
rjsmelo's avatar
rjsmelo committed
867 868
			if (! isset($permissions_removed[$p[0]])) {
				$permissions_removed[$p[0]] = [];
869 870 871
			}
			$permissions_removed[$p[0]][] = str_replace('tiki_p_', '', $p[1]);
		}
rjsmelo's avatar
rjsmelo committed
872 873
		$added = '';
		$removed = '';
874
		foreach ($permissions_added as $gp => $pm) {
875 876 877
			$added .= '<br />';
			$added .= '<strong>' . $gp . ':</strong> ' . implode(', ', $pm);
		}
878
		foreach ($permissions_removed as $gp => $pm) {
879 880
			$removed .= '<br />';
			$removed .= '<strong>' . $gp . ':</strong> ' . implode(', ', $pm);
881
		}
882
		$smarty->assign('permissions_added', $added);
883
		$smarty->assign('permissions_removed', $removed);
884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902

		TikiLib::lib('header')->add_jq_onready('
var permsAdded = ' . json_encode($permissions_added) . ';
var permsRemoved = ' . json_encode($permissions_removed) . ';
for (var group in permsAdded) {
	if (permsAdded.hasOwnProperty(group)) {
		for (var i = 0; i < permsAdded[group].length; i++) {
			 $("input[name=\'perm[" + group + "][]\'][value=\'tiki_p_" + permsAdded[group][i] + "\']").parent().addClass("added");
		}
	}
}
for (var group in permsRemoved) {
	if (permsRemoved.hasOwnProperty(group)) {
		for (var i = 0; i < permsRemoved[group].length; i++) {
			 $("input[name=\'perm[" + group + "][]\'][value=\'tiki_p_" + permsRemoved[group][i] + "\']").parent().addClass("removed");
		}
	}
}
');
903 904 905 906
	}

	return $displayedPermissions;
}