tested extensible permissions by adding wiki permissions. Discovered a couple of issues that needed attention in the process.
This commit is contained in:
zotlabs
parent
f94c244b9f
commit
94290102b6
@ -8,7 +8,7 @@ use Zotlabs\Lib as Zlib;
|
||||
class PermissionRoles {
|
||||
|
||||
static public function version() {
|
||||
return 1;
|
||||
return 2;
|
||||
}
|
||||
|
||||
static function role_perms($role) {
|
||||
@ -25,7 +25,7 @@ class PermissionRoles {
|
||||
$ret['online'] = true;
|
||||
$ret['perms_connect'] = [
|
||||
'view_stream', 'view_profile', 'view_contacts', 'view_storage',
|
||||
'view_pages', 'send_stream', 'post_wall', 'post_comments',
|
||||
'view_pages', 'view_wiki', 'send_stream', 'post_wall', 'post_comments',
|
||||
'post_mail', 'chat', 'post_like', 'republish' ];
|
||||
|
||||
$ret['limits'] = PermissionLimits::Std_Limits();
|
||||
@ -38,7 +38,7 @@ class PermissionRoles {
|
||||
$ret['online'] = true;
|
||||
$ret['perms_connect'] = [
|
||||
'view_stream', 'view_profile', 'view_contacts', 'view_storage',
|
||||
'view_pages', 'send_stream', 'post_wall', 'post_comments',
|
||||
'view_pages', 'view_wiki', 'send_stream', 'post_wall', 'post_comments',
|
||||
'post_mail', 'chat', 'post_like' ];
|
||||
|
||||
$ret['limits'] = PermissionLimits::Std_Limits();
|
||||
@ -52,7 +52,7 @@ class PermissionRoles {
|
||||
$ret['online'] = false;
|
||||
$ret['perms_connect'] = [
|
||||
'view_stream', 'view_profile', 'view_contacts', 'view_storage',
|
||||
'view_pages', 'send_stream', 'post_wall', 'post_comments',
|
||||
'view_pages', 'view_wiki', 'send_stream', 'post_wall', 'post_comments',
|
||||
'post_mail', 'post_like' ];
|
||||
$ret['limits'] = PermissionLimits::Std_Limits();
|
||||
$ret['limits']['view_contacts'] = PERMS_SPECIFIC;
|
||||
@ -67,7 +67,7 @@ class PermissionRoles {
|
||||
$ret['online'] = false;
|
||||
$ret['perms_connect'] = [
|
||||
'view_stream', 'view_profile', 'view_contacts', 'view_storage',
|
||||
'view_pages', 'post_wall', 'post_comments', 'tag_deliver',
|
||||
'view_pages', 'view_wiki', 'post_wall', 'post_comments', 'tag_deliver',
|
||||
'post_mail', 'post_like' , 'republish', 'chat' ];
|
||||
|
||||
$ret['limits'] = PermissionLimits::Std_Limits();
|
||||
@ -80,7 +80,7 @@ class PermissionRoles {
|
||||
$ret['online'] = false;
|
||||
$ret['perms_connect'] = [
|
||||
'view_stream', 'view_profile', 'view_contacts', 'view_storage',
|
||||
'view_pages', 'post_wall', 'post_comments', 'tag_deliver',
|
||||
'view_pages', 'view_wiki', 'post_wall', 'post_comments', 'tag_deliver',
|
||||
'post_mail', 'post_like' , 'chat' ];
|
||||
|
||||
$ret['limits'] = PermissionLimits::Std_Limits();
|
||||
@ -95,7 +95,7 @@ class PermissionRoles {
|
||||
|
||||
$ret['perms_connect'] = [
|
||||
'view_stream', 'view_profile', 'view_contacts', 'view_storage',
|
||||
'view_pages', 'post_wall', 'post_comments',
|
||||
'view_pages', 'view_wiki', 'post_wall', 'post_comments',
|
||||
'post_mail', 'post_like' , 'chat' ];
|
||||
|
||||
$ret['limits'] = PermissionLimits::Std_Limits();
|
||||
@ -103,6 +103,7 @@ class PermissionRoles {
|
||||
$ret['limits']['view_contacts'] = PERMS_SPECIFIC;
|
||||
$ret['limits']['view_storage'] = PERMS_SPECIFIC;
|
||||
$ret['limits']['view_pages'] = PERMS_SPECIFIC;
|
||||
$ret['limits']['view_wiki'] = PERMS_SPECIFIC;
|
||||
|
||||
break;
|
||||
|
||||
@ -114,7 +115,7 @@ class PermissionRoles {
|
||||
|
||||
$ret['perms_connect'] = [
|
||||
'view_stream', 'view_profile', 'view_contacts', 'view_storage',
|
||||
'view_pages', 'send_stream', 'post_wall', 'post_comments',
|
||||
'view_pages', 'view_wiki', 'send_stream', 'post_wall', 'post_comments',
|
||||
'post_mail', 'post_like' , 'republish' ];
|
||||
|
||||
$ret['limits'] = PermissionLimits::Std_Limits();
|
||||
@ -128,7 +129,7 @@ class PermissionRoles {
|
||||
$ret['online'] = false;
|
||||
$ret['perms_connect'] = [
|
||||
'view_stream', 'view_profile', 'view_contacts', 'view_storage',
|
||||
'view_pages', 'send_stream', 'post_wall', 'post_comments',
|
||||
'view_pages', 'view_wiki', 'send_stream', 'post_wall', 'post_comments',
|
||||
'post_mail', 'post_like' , 'republish' ];
|
||||
|
||||
$ret['limits'] = PermissionLimits::Std_Limits();
|
||||
@ -143,7 +144,7 @@ class PermissionRoles {
|
||||
|
||||
$ret['perms_connect'] = [
|
||||
'view_stream', 'view_profile', 'view_contacts', 'view_storage',
|
||||
'view_pages', 'post_like' , 'republish' ];
|
||||
'view_pages', 'view_wiki', 'post_like' , 'republish' ];
|
||||
|
||||
$ret['limits'] = PermissionLimits::Std_Limits();
|
||||
|
||||
@ -157,8 +158,8 @@ class PermissionRoles {
|
||||
|
||||
$ret['perms_connect'] = [
|
||||
'view_stream', 'view_profile', 'view_contacts', 'view_storage',
|
||||
'view_pages', 'write_storage', 'write_pages', 'post_wall', 'post_comments', 'tag_deliver',
|
||||
'post_mail', 'post_like' , 'republish', 'chat' ];
|
||||
'view_pages', 'view_wiki', 'write_storage', 'write_pages', 'post_wall', 'post_comments', 'tag_deliver',
|
||||
'post_mail', 'post_like' , 'republish', 'chat', 'write_wiki' ];
|
||||
|
||||
$ret['limits'] = PermissionLimits::Std_Limits();
|
||||
break;
|
||||
@ -185,6 +186,12 @@ class PermissionRoles {
|
||||
// if($perm === 'mynewperm')
|
||||
// \Zotlabs\Access\PermissionLimits::Set($uid,$perm,1);
|
||||
|
||||
if($perm === 'view_wiki')
|
||||
\Zotlabs\Access\PermissionLimits::Set($uid,$perm,PERMS_PUBLIC);
|
||||
|
||||
if($perm === 'write_wiki')
|
||||
\Zotlabs\Access\PermissionLimits::Set($uid,$perm,PERMS_SPECIFIC);
|
||||
|
||||
|
||||
// set autoperms here if applicable
|
||||
// choices are to set to 0, 1, or the value of an existing perm
|
||||
@ -195,7 +202,13 @@ class PermissionRoles {
|
||||
$value = 0;
|
||||
|
||||
// if($perm === 'mynewperm')
|
||||
// $value = get_abconfig($uid,$c['channel_hash'],'autoperms','someexistingperm'));
|
||||
// $value = get_abconfig($uid,$c['channel_hash'],'autoperms','someexistingperm');
|
||||
|
||||
if($perm === 'view_wiki')
|
||||
$value = get_abconfig($uid,$c['channel_hash'],'autoperms','view_pages');
|
||||
|
||||
if($perm === 'write_wiki')
|
||||
$value = get_abconfig($uid,$c['channel_hash'],'autoperms','write_pages');
|
||||
|
||||
if($c) {
|
||||
set_abconfig($uid,$c['channel_hash'],'autoperms',$perm,$value);
|
||||
@ -212,8 +225,16 @@ class PermissionRoles {
|
||||
// case 'mynewperm':
|
||||
// choices are to set to 1, set to 0, or clone an existing perm
|
||||
// set_abconfig($uid,$ab['abook_xchan'],'my_perms',$perm,
|
||||
// get_abconfig($uid,$ab['abook_xchan'],'my_perms','someexistingperm'));
|
||||
|
||||
// intval(get_abconfig($uid,$ab['abook_xchan'],'my_perms','someexistingperm')));
|
||||
|
||||
case 'view_wiki':
|
||||
set_abconfig($uid,$ab['abook_xchan'],'my_perms',$perm,
|
||||
intval(get_abconfig($uid,$ab['abook_xchan'],'my_perms','view_pages')));
|
||||
|
||||
case 'write_wiki':
|
||||
set_abconfig($uid,$ab['abook_xchan'],'my_perms',$perm,
|
||||
intval(get_abconfig($uid,$ab['abook_xchan'],'my_perms','write_pages')));
|
||||
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
@ -36,7 +36,7 @@ class Permissions {
|
||||
|
||||
static public function version() {
|
||||
// This must match the version in PermissionRoles.php before permission updates can run.
|
||||
return 1;
|
||||
return 2;
|
||||
}
|
||||
|
||||
|
||||
@ -50,7 +50,9 @@ class Permissions {
|
||||
'view_storage' => t('Can view my file storage and photos'),
|
||||
'write_storage' => t('Can upload/modify my file storage and photos'),
|
||||
'view_pages' => t('Can view my channel webpages'),
|
||||
'view_wiki' => t('Can view my wiki pages'),
|
||||
'write_pages' => t('Can create/edit my channel webpages'),
|
||||
'write_wiki' => t('Can write to my wiki pages'),
|
||||
'post_wall' => t('Can post on my channel (wall) page'),
|
||||
'post_comments' => t('Can comment on or like my posts'),
|
||||
'post_mail' => t('Can send me private mail messages'),
|
||||
|
||||
@ -201,7 +201,7 @@ class NativeWiki {
|
||||
else {
|
||||
// TODO: Create a new permission setting for wiki analogous to webpages. Until
|
||||
// then, use webpage permissions
|
||||
$write = perm_is_allowed($owner_id, $observer_hash,'write_pages');
|
||||
$write = perm_is_allowed($owner_id, $observer_hash,'write_wiki');
|
||||
return array('read' => true, 'write' => $write, 'success' => true);
|
||||
}
|
||||
}
|
||||
|
||||
@ -45,6 +45,11 @@ class Wiki extends \Zotlabs\Web\Controller {
|
||||
}
|
||||
|
||||
|
||||
if(! perm_is_allowed(\App::$profile_uid,get_observer_hash(),'view_wiki')) {
|
||||
notice( t('Permission denied.') . EOL);
|
||||
return;
|
||||
}
|
||||
|
||||
// TODO: Combine the interface configuration into a unified object
|
||||
// Something like $interface = array('new_page_button' => false, 'new_wiki_button' => false, ...)
|
||||
|
||||
@ -309,7 +314,11 @@ class Wiki extends \Zotlabs\Web\Controller {
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
if(! perm_is_allowed(\App::$profile_uid,get_observer_hash(),'write_wiki')) {
|
||||
notice( t('Permission denied.') . EOL);
|
||||
return;
|
||||
}
|
||||
|
||||
// /wiki/channel/preview
|
||||
// Render mardown-formatted text in HTML for preview
|
||||
if((argc() > 2) && (argv(2) === 'preview')) {
|
||||
|
||||
16
boot.php
16
boot.php
@ -2464,6 +2464,7 @@ function check_for_new_perms() {
|
||||
return;
|
||||
|
||||
$pregistered = get_config('system','perms');
|
||||
|
||||
$pcurrent = array_keys(\Zotlabs\Access\Permissions::Perms());
|
||||
|
||||
if(! $pregistered) {
|
||||
@ -2475,6 +2476,7 @@ function check_for_new_perms() {
|
||||
|
||||
foreach($pcurrent as $p) {
|
||||
if(! in_array($p,$pregistered)) {
|
||||
|
||||
$found_new_perm = true;
|
||||
// for all channels
|
||||
$c = q("select channel_id from channel where true");
|
||||
@ -2482,12 +2484,12 @@ function check_for_new_perms() {
|
||||
foreach($c as $cc) {
|
||||
// get the permission role
|
||||
$r = q("select v from pconfig where uid = %d and cat = 'system' and k = 'permissions_role'",
|
||||
intval($cc['uid'])
|
||||
intval($cc['channel_id'])
|
||||
);
|
||||
if($r) {
|
||||
// get a list of connections
|
||||
$x = q("select abook_xchan from abook where abook_channel = %d and abook_self = 0",
|
||||
intval($cc['uid'])
|
||||
intval($cc['channel_id'])
|
||||
);
|
||||
// get the permissions role details
|
||||
$rp = \Zotlabs\Access\PermissionRoles::role_perms($r[0]['v']);
|
||||
@ -2495,23 +2497,23 @@ function check_for_new_perms() {
|
||||
|
||||
// for custom permission roles we need to customise how we initiate this new permission
|
||||
if(array_key_exists('role',$rp) && ($rp['role'] === 'custom' || $rp['role'] === '')) {
|
||||
\Zotlabs\Access\PermissionRoles::new_custom_perms($cc['uid'],$p,$x);
|
||||
\Zotlabs\Access\PermissionRoles::new_custom_perms($cc['channel_id'],$p,$x);
|
||||
}
|
||||
else {
|
||||
// set the channel limits if appropriate or 0
|
||||
if(array_key_exists('limits',$rp) && array_key_exists($p,$rp['limits'])) {
|
||||
\Zotlabs\Access\PermissionLimits::Set($cc['uid'],$p,$rp['limits'][$p]);
|
||||
\Zotlabs\Access\PermissionLimits::Set($cc['channel_id'],$p,$rp['limits'][$p]);
|
||||
}
|
||||
else {
|
||||
\Zotlabs\Access\PermissionLimits::Set($cc['uid'],$p,0);
|
||||
\Zotlabs\Access\PermissionLimits::Set($cc['channel_id'],$p,0);
|
||||
}
|
||||
|
||||
|
||||
$set = ((array_key_exists('perms_connect',$rp) && array_key_exists($p,$rp['perms_connect'])) ? true : false);
|
||||
$set = ((array_key_exists('perms_connect',$rp) && in_array($p,$rp['perms_connect'])) ? 1 : 0);
|
||||
// foreach connection set to the perms_connect value
|
||||
if($x) {
|
||||
foreach($x as $xx) {
|
||||
set_abconfig($cc['uid'],$xx['abook_xchan'],'my_perms',$p,intval($set));
|
||||
set_abconfig($cc['channel_id'],$xx['abook_xchan'],'my_perms',$p,intval($set));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user