Very experimental. I tested it until my head went into flames.
Testers very much appreciated. There's a little notice in the docs/NEWs
file for future TODOs.
I need QA guys who check if the system is exploitable; please read
more on the mailinglist.
Version 0.9 ()
------------------------------------------------------------------------
+ * Introduce permission groups with customizable permission sets.
+ (garvinhicking)
+
+ This Feature is currently declared "unstable" and will definitely
+ need finetuning before it usable in restricted environments.
+ TODO:
+ * Check Plugins like loginform, adduser to use group-functionality.
+ * Get rid of as many obsolete userlevel checks in the Admin user/groups
+ panel.
+ * Chief editors may not join Admin group if forbidden?
+ * Chief editors may not enter siteConfiguration if forbidden?
+
+ * Make bblog importer recognize trackbacks. Thanks to Hanno!
+
* Spartacus plugin can now properly handle plugins which contain both
sidebar and event plugins in one directory (garvinhicking)
die ("Don't hack!");
}
-if ($serendipity['no_create']) {
+if (!serendipity_checkPermission('adminCategory')) {
return;
}
-$admin_category = ($serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF ? "AND (authorid = 0 OR authorid = " . (int)$serendipity['authorid'] . ")" : '');
+$admin_category = (!serendipity_checkPermission('adminCategoriesMaintainOthers') ? "AND (authorid = 0 OR authorid = " . (int)$serendipity['authorid'] . ")" : '');
/* Add a new category */
if (isset($_POST['SAVE'])) {
<?php
if ( $serendipity['GET']['adminAction'] == 'delete' ) {
$this_cat = serendipity_fetchCategoryInfo($serendipity['GET']['cid']);
- if ($serendipity['serendipityUserlevel'] >= USERLEVEL_CHIEF || $serendipity['authorid'] == $this_cat['authorid'] || $this_cat['authorid'] == '0') {
+ if ( (serendipity_checkPermission('adminCategoriesDelete') && serendipity_checkPermission('adminCategoriesMaintainOthers'))
+ || (serendipity_checkPermission('adminCategoriesDelete') && ($serendipity['authorid'] == $this_cat['authorid'] || $this_cat['authorid'] == '0')) ) {
?>
<form method="POST" name="serendipityCategory" action="?serendipity[adminModule]=category&serendipity[adminAction]=doDelete&serendipity[cid]=<?php echo $serendipity['GET']['cid'] ?>">
<br />
$cats = serendipity_fetchCategories('all');
/* TODO, show dropdown as nested categories */
foreach ($cats as $cat_data) {
- if ($cat_data['categoryid'] != $serendipity['GET']['cid'] && ($serendipity['serendipityUserlevel'] >= USERLEVEL_ADMIN || $cat_data['authorid'] == '0' || $cat_data['authorid'] == $serendipity['authorid'])) {
+ if ($cat_data['categoryid'] != $serendipity['GET']['cid'] && (serendipity_checkPermission('adminCategoriesMaintainOthers') || $cat_data['authorid'] == '0' || $cat_data['authorid'] == $serendipity['authorid'])) {
echo '<option value="' . $cat_data['categoryid'] . '">' . htmlspecialchars($cat_data['category_name']) . '</option>' . "\n";
}
}
die ("Don't hack!");
}
-if ($serendipity['no_create']) {
+if (!serendipity_checkPermission('adminComments')) {
return;
}
LEFT JOIN {$serendipity['dbPrefix']}entries e ON (e.id = c.entry_id)
WHERE type = '$c_type'
". $and ."
- " . (($serendipity['serendipityUserlevel'] != USERLEVEL_ADMIN) ? 'AND e.authorid = ' . (int)$serendipity['authorid'] : '') . "
+ " . (!serendipity_checkPermission('adminEntriesMaintainOthers') ? 'AND e.authorid = ' . (int)$serendipity['authorid'] : '') . "
ORDER BY c.id DESC $limit");
?>
<script type="text/javascript">
$_POST['installAction'] = '';
}
+if (!serendipity_checkPermission('siteConfiguration') && !!serendipity_checkPermission('blogConfiguration')) {
+ return;
+}
+
switch ($_POST['installAction']) {
case 'check':
$oldConfig = $serendipity;
}
}
-print_r($permalinkOld); // DEBUG
-print_r($permalinkNew); // DEBUG
-
- if ($serendipity['serendipityUserlevel'] >= USERLEVEL_ADMIN && serialize($permalinkOld) != serialize($permalinkNew)) {
+ if (serendipity_checkPermission('siteConfiguration') && serialize($permalinkOld) != serialize($permalinkNew)) {
printf(ATTEMPT_WRITE_FILE, $serendipity['serendipityPath'] . '.htaccess');
$res = serendipity_installFiles($serendipity['serendipityPath']);
if (is_array($res)) {
die ("Don't hack!");
}
-if ($serendipity['no_create']) {
+if (!serendipity_checkPermission('adminEntries')) {
return;
}
--- /dev/null
+<?php # $Id: users.inc.php 114 2005-05-22 15:37:11Z garvinhicking $
+# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
+# All rights reserved. See LICENSE file for licensing details
+
+if (IN_serendipity !== true) {
+ die ('Don\'t hack!');
+}
+
+if (!serendipity_checkPermission('adminUsersGroups')) {
+ return;
+}
+
+/* Delete a group */
+if (isset($_POST['DELETE_YES'])) {
+ $group = serendipity_fetchGroup($serendipity['POST']['group']);
+ serendipity_deleteGroup($serendipity['POST']['group']);
+ printf('<div class="serendipityAdminMsgSuccess">' . DELETED_GROUP . '</div>', $serendipity['POST']['group'], $group['name']);
+}
+
+/* Save new group */
+if (isset($_POST['SAVE_NEW'])) {
+ $serendipity['POST']['group'] = serendipity_addGroup($serendipity['POST']['name']);
+ $perms = serendipity_getAllPermissionNames();
+ serendipity_updateGroupConfig($serendipity['POST']['group'], $perms, $serendipity['POST']);
+ printf('<div class="serendipityAdminMsgSuccess">' . CREATED_GROUP . '</div>', '#' . $serendipity['POST']['group'] . ', ' . $serendipity['POST']['name']);
+}
+
+
+/* Edit a group */
+if (isset($_POST['SAVE_EDIT'])) {
+ $perms = serendipity_getAllPermissionNames();
+ serendipity_updateGroupConfig($serendipity['POST']['group'], $perms, $serendipity['POST']);
+ printf('<div class="serendipityAdminMsgSuccess">' . MODIFIED_GROUP . '</div>', $serendipity['POST']['name']);
+}
+
+if ( $serendipity['GET']['adminAction'] != 'delete' ) {
+?>
+ <table width="100%">
+ <tr>
+ <td><strong><?php echo GROUP; ?></strong></td>
+ <td width="200"> </td>
+ </tr>
+ <tr>
+ <td colspan="3">
+<?php
+if (serendipity_checkPermission('adminUsersMaintainOthers')) {
+ $groups = serendipity_getAllGroups();
+} elseif (serendipity_checkPermission('adminUsersMaintainSame')) {
+ $groups = serendipity_getAllGroups($serendipity['authorid']);
+} else {
+ $groups = array();
+}
+$i = 0;
+foreach($groups as $group) {
+?>
+<div class="serendipity_admin_list_item serendipity_admin_list_item_<?php echo ($i++ % 2) ? 'even' : 'uneven' ?>">
+<table width="100%">
+ <tr>
+ <td><?php echo htmlspecialchars($group['name']); ?></td>
+ <td width="200" align="right"> [<a href="?serendipity[adminModule]=groups&serendipity[adminAction]=edit&serendipity[group]=<?php echo $group['id'] ?>"><?php echo EDIT ?></a>]
+ - [<a href="?serendipity[adminModule]=groups&serendipity[adminAction]=delete&serendipity[group]=<?php echo $group['id'] ?>"><?php echo DELETE ?></a>]</td>
+ </tr>
+</table>
+</div>
+<?php
+ }
+?>
+ </tr>
+ </tr>
+<?php if ( !isset($_POST['NEW']) ) { ?>
+ <tr>
+ <td colspan="3" align="right">
+ <form action="?serendipity[adminModule]=groups" method="post">
+ <input type="submit" name="NEW" value="<?php echo CREATE_NEW_GROUP; ?>" class="serendipityPrettyButton" />
+ </form>
+ </td>
+ </tr>
+<?php } ?>
+ </table>
+
+<?php
+}
+
+
+if ($serendipity['GET']['adminAction'] == 'edit' || isset($_POST['NEW'])) {
+?>
+<br />
+<br />
+<hr noshade="noshade">
+<form action="?serendipity[adminModule]=groups" method="post">
+ <div>
+ <h3>
+<?php
+if ($serendipity['GET']['adminAction'] == 'edit') {
+ $group = serendipity_fetchGroup($serendipity['GET']['group']);
+ echo EDIT;
+ $from = &$group;
+ echo '<input type="hidden" name="serendipity[group]" value="' . $from['id'] . '" />';
+} else {
+ echo CREATE;
+ $from = array();
+}
+?>
+ </h3>
+
+<table>
+ <tr>
+ <td><?php echo NAME; ?></td>
+ <td><input type="text" name="serendipity[name]" value="<?php echo htmlspecialchars($from['name']); ?>" /></td>
+ </tr>
+ <tr>
+ <td valign="top"><?php echo USERCONF_GROUPS; ?></td>
+ <td><select name="serendipity[members][]" multiple="multiple" size="5">
+<?php
+$allusers = serendipity_fetchUsers();
+$users = serendipity_getGroupUsers($from['id']);
+
+$selected = array();
+foreach($users AS $user) {
+ $selected[$user['id']] = true;
+}
+
+foreach($allusers AS $user) {
+ echo '<option value="' . (int)$user['authorid'] . '" ' . (isset($selected[$user['authorid']]) ? 'selected="selected"' : '') . '>' . htmlspecialchars($user['realname']) . '</option>' . "\n";
+}
+?>
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2"> </td>
+ </tr>
+<?php
+ $perms = serendipity_getAllPermissionNames();
+ ksort($perms);
+ foreach($perms AS $perm => $userlevels) {
+ if (isset($from[$perm]) && $from[$perm] === 'true') {
+ $selected = 'checked="checked"';
+ } else {
+ $selected = '';
+ }
+
+ if (!isset($section)) {
+ $section = $perm;
+ }
+
+ if ($section != $perm && substr($perm, 0, strlen($section)) == $section) {
+ $indent = ' ';
+ $indentB = '';
+ } elseif ($section != $perm) {
+ $indent = '<br />';
+ $indentB = '<br />';
+ $section = $perm;
+ }
+
+ if (in_array('protected', $userlevels, true) && !serendipity_checkPermission($perm)) {
+ echo "<tr>\n";
+ echo "<td>$indent" . htmlspecialchars($perm) . "</td>\n";
+ echo '<td>' . $indentB . ' ' . (!empty($selected) ? YES : NO) . '</td>' . "\n";
+ echo "</tr>\n";
+ } else {
+ echo "<tr>\n";
+ echo "<td>$indent<label for=\"" . htmlspecialchars($perm) . "\">" . htmlspecialchars($perm) . "</label></td>\n";
+ echo '<td>' . $indentB . '<input id="' . htmlspecialchars($perm) . '" type="checkbox" name="serendipity[' . htmlspecialchars($perm) . ']" value="true" ' . $selected . ' /></td>' . "\n";
+ echo "</tr>\n";
+ }
+ }
+?>
+</table>
+
+<?php
+if ($serendipity['GET']['adminAction'] == 'edit') { ?>
+ <input type="submit" name="SAVE_EDIT" value="<?php echo SAVE; ?>" class="serendipityPrettyButton" />
+<?php } else { ?>
+ <input type="submit" name="SAVE_NEW" value="<?php echo CREATE_NEW_GROUP; ?>" class="serendipityPrettyButton" />
+<?php } ?>
+
+ </div>
+</form>
+<?php
+} elseif ($serendipity['GET']['adminAction'] == 'delete') {
+ $group = serendipity_fetchGroup($serendipity['GET']['group']);
+?>
+<form action="?serendipity[adminModule]=groups" method="post">
+ <div>
+ <?php printf(DELETE_GROUP, $serendipity['GET']['group'], $group['name']); ?>
+ <br /><br />
+ <input type="hidden" name="serendipity[group]" value="<?php echo $serendipity['GET']['group']; ?>" />
+ <input type="submit" name="DELETE_YES" value="<?php echo DUMP_IT; ?>" class="serendipityPrettyButton" />
+ <input type="submit" name="NO" value="<?php echo NOT_REALLY; ?>" class="serendipityPrettyButton" />
+ </div>
+</form>
+<?php
+}
+
+/* vim: set sts=4 ts=4 expandtab : */
+?>
die ("Don't hack!");
}
-if ($serendipity['no_create']) {
+if (!serendipity_checkPermission('adminImages')) {
return;
}
switch ($serendipity['GET']['adminAction']) {
case 'sync':
+ if (!serendipity_checkPermission('adminImagesSync')) {
+ break;
+ }
set_time_limit(0);
ignore_user_abort();
break;
case 'DoDelete':
+ if (!serendipity_checkPermission('adminImagesDelete')) {
+ break;
+ }
+
$file = $serendipity['GET']['fname'];
serendipity_deleteImage($serendipity['GET']['fid']);
break;
case 'delete':
$file = serendipity_fetchImageFromDatabase($serendipity['GET']['fid']);
- if ($serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid']) {
+ if (!serendipity_checkPermission('adminImagesDelete') || (!serendipity_checkPermission('adminImagesMaintainOthers') && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid'])) {
return;
}
$file = serendipity_fetchImageFromDatabase($serendipity['GET']['fid']);
$serendipity['GET']['newname'] = serendipity_uploadSecure($serendipity['GET']['newname'], true);
- if ($serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid']) {
+ if (!serendipity_checkPermission('adminImagesDelete') || (!serendipity_checkPermission('adminImagesMaintainOthers') && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid'])) {
return;
}
break;
case 'add':
+ if (!serendipity_checkPermission('adminImagesAdd')) {
+ return;
+ }
+
?>
<b><?php echo ADDING_IMAGE; ?></b>
<br /><br />
case 'directoryDoDelete':
- if ($serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF) {
+ if (!serendipity_checkPermission('adminImagesDirectories')) {
return;
}
}
break;
+
case 'directoryDelete':
- if ($serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF) {
+ if (!serendipity_checkPermission('adminImagesDirectories')) {
return;
}
?>
<?php
break;
-
case 'directoryDoCreate':
- if ($serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF) {
+ if (!serendipity_checkPermission('adminImagesDirectories')) {
return;
}
printf(DIRECTORY_WRITE_ERROR, $new_dir);
}
-
-
break;
-
case 'directoryCreate':
- if ($serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF) {
+ if (!serendipity_checkPermission('adminImagesDirectories')) {
return;
}
?>
break;
case 'directorySelect':
- if ($serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF) {
+ if (!serendipity_checkPermission('adminImagesDirectories')) {
return;
}
break;
case 'addSelect':
+ if (!serendipity_checkPermission('adminImagesAdd')) {
+ return;
+ }
+
?>
<?php echo ADD_MEDIA_BLAHBLAH; ?>
break;
case 'rotateCW':
- if ( serendipity_rotateImg($serendipity['GET']['fid'], -90) ) {
+ $file = serendipity_fetchImageFromDatabase($serendipity['GET']['fid']);
+ if (!serendipity_checkPermission('adminImagesDelete') || (!serendipity_checkPermission('adminImagesMaintainOthers') && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid'])) {
+ return;
+ }
+
+ if (serendipity_rotateImg($serendipity['GET']['fid'], -90)) {
?>
<script language="javascript" type="text/javascript">
location.href="<?php echo $_SERVER['HTTP_REFERER'] ?>";
break;
case 'rotateCCW':
- if ( serendipity_rotateImg($serendipity['GET']['fid'], 90) ) {
+ $file = serendipity_fetchImageFromDatabase($serendipity['GET']['fid']);
+ if (!serendipity_checkPermission('adminImagesDelete') || (!serendipity_checkPermission('adminImagesMaintainOthers') && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid'])) {
+ return;
+ }
+
+ if (serendipity_rotateImg($serendipity['GET']['fid'], 90)) {
?>
<script language="javascript" type="text/javascript">
location.href="<?php echo $_SERVER['HTTP_REFERER'] ?>";
case 'scale':
$file = serendipity_fetchImageFromDatabase($serendipity['GET']['fid']);
- if ($serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid']) {
+ if (!serendipity_checkPermission('adminImagesDelete') || (!serendipity_checkPermission('adminImagesMaintainOthers') && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid'])) {
return;
}
case 'scaleSelect':
$file = serendipity_fetchImageFromDatabase($serendipity['GET']['fid']);
- if ($serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid']) {
+ if (!serendipity_checkPermission('adminImagesDelete') || (!serendipity_checkPermission('adminImagesMaintainOthers') && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid'])) {
return;
}
break;
default:
+ if (!serendipity_checkPermission('adminImagesView')) {
+ return;
+ }
+
?>
<script type="text/javascript" language="javascript">
<!--
if (IN_serendipity !== true) {
die ("Don't hack!");
}
-if ( $serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF ) {
+
+if (!serendipity_checkPermission('adminImport')) {
return;
}
die ("Don't hack!");
}
+if (!serendipity_checkPermission('personalConfiguration')) {
+ return;
+}
+
$from = array();
if ( $serendipity['GET']['adminAction'] == 'save' ) {
$config = serendipity_parseTemplate(S9Y_CONFIG_USERTEMPLATE);
- if ((int)$_POST['userlevel'] > $serendipity['serendipityUserlevel']) {
+ if (!serendipity_checkPermission('adminUsersEditUserlevel') && (int)$_POST['userlevel'] > $serendipity['serendipityUserlevel']) {
echo '<div class="serendipityAdminMsgError">' . CREATE_NOT_AUTHORIZED_USERLEVEL . '</div>';
} else {
foreach($config as $category) {
foreach ($category['items'] as $item) {
- if ( serendipity_checkConfigItemFlags($item, 'local') ) {
+ if (in_array('groups', $item['flags'])) {
+ serendipity_updateGroups($_POST[$item['var']], $serendipity['authorid']);
+ continue;
+ }
+
+ if (serendipity_checkConfigItemFlags($item, 'local')) {
serendipity_set_user_var($item['var'], $_POST[$item['var']], $serendipity['authorid'], true);
}
- if ( serendipity_checkConfigItemFlags($item, 'configuration') ) {
+ if (serendipity_checkConfigItemFlags($item, 'configuration')) {
serendipity_set_config_var($item['var'], $_POST[$item['var']], $serendipity['authorid']);
}
}
<form action="?serendipity[adminModule]=personal&serendipity[adminAction]=save" method="post">
<?php
-$template = serendipity_parseTemplate(S9Y_CONFIG_USERTEMPLATE);
-$user = serendipity_fetchUsers($serendipity['authorid']);
-$from = $user[0];
+$template = serendipity_parseTemplate(S9Y_CONFIG_USERTEMPLATE);
+$user = serendipity_fetchUsers($serendipity['authorid']);
+$from = $user[0];
+$from['groups'] = serendipity_getGroups($serendipity['authorid']);
unset($from['password']);
serendipity_printConfigTemplate($template, $from, true, false);
?>
die ('Don\'t hack!');
}
-if ($serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF) {
+if (!serendipity_checkPermission('adminPlugins')) {
return;
}
foreach ($plugins as $plugin_data) {
$plugin =& serendipity_plugin_api::load_plugin($plugin_data['name'], $plugin_data['authorid']);
$key = urlencode($plugin_data['name']);
- $is_plugin_owner = ($plugin_data['authorid'] == $serendipity['authorid'] || $serendipity['serendipityUserlevel'] >= USERLEVEL_ADMIN);
+ $is_plugin_owner = ($plugin_data['authorid'] == $serendipity['authorid'] || serendipity_checkPermission('adminPluginsMaintainOthers'));
$is_plugin_editable = ($is_plugin_owner || $plugin_data['authorid'] == '0');
if (!is_object($plugin)) {
$title = serendipity_plugin_api::get_plugin_title($plugin, '[' . $name . ']');
- if ($bag->is_set('configuration') && ($plugin->protected === FALSE || $plugin_data['authorid'] == '0' || $plugin_data['authorid'] == $serendipity['authorid'] || $serendipity['serendipityUserlevel'] >= USERLEVEL_ADMIN)) {
+ if ($bag->is_set('configuration') && ($plugin->protected === FALSE || $plugin_data['authorid'] == '0' || $plugin_data['authorid'] == $serendipity['authorid'] || serendipity_checkPermission('adminPluginsMaintainOthers'))) {
$can_configure = true;
} else {
$can_configure = false;
/* configure a specific instance */
$plugin =& serendipity_plugin_api::load_plugin($_GET['serendipity']['plugin_to_conf']);
- if (!($plugin->protected === FALSE || $plugin->serendipity_owner == '0' || $plugin->serendipity_owner == $serendipity['authorid'] || $serendipity['serendipityUserlevel'] >= USERLEVEL_ADMIN)) {
+ if (!($plugin->protected === FALSE || $plugin->serendipity_owner == '0' || $plugin->serendipity_owner == $serendipity['authorid'] || serendipity_checkPermission('adminPluginsMaintainOthers'))) {
return;
}
if (isset($serendipity['GET']['install_plugin'])) {
$authorid = $serendipity['authorid'];
- if ($serendipity['serendipityUserlevel'] >= USERLEVEL_ADMIN) {
+ if (serendipity_checkPermission('adminPluginsMaintainOthers')) {
$authorid = '0';
}
foreach ($_POST['serendipity']['plugin_to_remove'] as $key) {
$plugin =& serendipity_plugin_api::load_plugin($key);
- if ($plugin->serendipity_owner == '0' || $plugin->serendipity_owner == $serendipity['authorid'] || $serendipity['serendipityUserlevel'] >= USERLEVEL_ADMIN) {
+ if ($plugin->serendipity_owner == '0' || $plugin->serendipity_owner == $serendipity['authorid'] || serendipity_checkPermission('adminPluginsMaintainOthers')) {
serendipity_plugin_api::remove_plugin_instance($key);
}
}
die ("Don't hack!");
}
-if ($serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF) {
+if (!serendipity_checkPermission('adminTemplates')) {
return;
}
'function' => 'serendipity_buildPermalinks',
'title' => 'Build permalink patterns',
'desc' => 'This version introduces user-configurable Permalinks and needs to pre-cache the list of all permalinks to be later able to fetch the corresponding entries for a permalink.'),
+
+ array('version' => '0.9-alpha3',
+ 'function' => 'serendipity_addDefaultGroups',
+ 'title' => 'Introduce author groups',
+ 'desc' => 'This version introduces customizable user groups. Your existing users will be migrated into the new default groups.'),
+
);
/* Fetch SQL files which needs to be run */
die ('Don\'t hack!');
}
-if ($serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF) {
+if (!serendipity_checkPermission('adminUsers')) {
return;
}
/* Delete a user */
if (isset($_POST['DELETE_YES'])) {
$user = serendipity_fetchUsers($serendipity['POST']['user']);
- if ($user[0]['userlevel'] >= $serendipity['serendipityUserlevel'] && $serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN) {
+ if ($user[0]['userlevel'] >= $serendipity['serendipityUserlevel'] || !serendipity_checkPermission('adminUsersDelete')) {
echo '<div class="serendipityAdminMsgError">' . CREATE_NOT_AUTHORIZED . '</div>';
} elseif ($_POST['userlevel'] > $serendipity['serendipityUserlevel']) {
echo '<div class="serendipityAdminMsgError">' . CREATE_NOT_AUTHORIZED_USERLEVEL . '</div>';
} else {
- serendipity_deleteAuthor($user[0]['authorid']);
- printf('<div class="serendipityAdminMsgSuccess">' . DELETED_USER . '</div>', $serendipity['POST']['user'], $user[0]['realname']);
+ $group_intersect = serendipity_intersectGroup($user[0]['authorid']);
+
+ if (serendipity_checkPermission('adminUsersMaintainOthers') ||
+ (serendipity_checkPermission('adminUsersMaintainSame') && $group_intersect)) {
+ serendipity_deleteAuthor($user[0]['authorid']);
+ printf('<div class="serendipityAdminMsgSuccess">' . DELETED_USER . '</div>', $serendipity['POST']['user'], $user[0]['realname']);
+ } else {
+ echo '<div class="serendipityAdminMsgError">' . CREATE_NOT_AUTHORIZED_USERLEVEL . '</div>';
+ }
}
}
/* Save new user */
if (isset($_POST['SAVE_NEW'])) {
- if ($_POST['userlevel'] >= $serendipity['serendipityUserlevel'] && $serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN) {
+ if ($_POST['userlevel'] >= $serendipity['serendipityUserlevel'] || !serendipity_checkPermission('adminUsersCreateNew')) {
echo '<div class="serendipityAdminMsgError">' . CREATE_NOT_AUTHORIZED . '</div>';
} else {
$serendipity['POST']['user'] = serendipity_addAuthor($_POST['username'], $_POST['pass'], $_POST['realname'], $_POST['email'], $_POST['userlevel']);
+ $valid_groups = serendipity_getGroups($serendipity['authorid'], true);
/* Save all the properties */
$config = serendipity_parseTemplate(S9Y_CONFIG_USERTEMPLATE);
foreach($config as $category) {
foreach ($category['items'] as $item) {
- if ( serendipity_checkConfigItemFlags($item, 'local') ) {
+ if (in_array('groups', $item['flags'])) {
+ if (serendipity_checkPermission('adminUsersMaintainOthers')) {
+
+ // Void, no fixing neccessarry
+
+ } elseif (serendipity_checkPermission('adminUsersMaintainSame')) {
+
+ // Check that no user may assign groups he's not allowed to.
+ foreach($_POST[$item['var']] AS $groupkey => $groupval) {
+ if (in_array($group_val, $valid_groups)) {
+ continue;
+ }
+
+ unset($_POST[$item['var']][$groupkey]);
+ }
+
+ } else {
+ continue;
+ }
+
+ serendipity_updateGroups($_POST[$item['var']], $serendipity['POST']['user']);
+ continue;
+ }
+
+ if (serendipity_checkConfigItemFlags($item, 'local')) {
serendipity_set_user_var($item['var'], $_POST[$item['var']], $serendipity['POST']['user'], ($serendipity['authorid'] == $serendipity['POST']['authorid'] ? true : false));
}
- if ( serendipity_checkConfigItemFlags($item, 'configuration') ) {
+
+ if (serendipity_checkConfigItemFlags($item, 'configuration')) {
serendipity_set_config_var($item['var'], $_POST[$item['var']], $serendipity['POST']['user']);
}
}
/* Edit a user */
if (isset($_POST['SAVE_EDIT'])) {
- $user = serendipity_fetchUsers($serendipity['POST']['authorid']);
- if ($user[0]['userlevel'] >= $serendipity['serendipityUserlevel'] && $serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN) {
+ $user = serendipity_fetchUsers($serendipity['POST']['user']);
+ if ($user[0]['userlevel'] >= $serendipity['serendipityUserlevel'] || !serendipity_checkPermission('adminUsersCreateNew')) {
echo '<div class="serendipityAdminMsgError">' . CREATE_NOT_AUTHORIZED . '</div>';
} elseif ($_POST['userlevel'] > $serendipity['serendipityUserlevel']) {
echo '<div class="serendipityAdminMsgError">' . CREATE_NOT_AUTHORIZED_USERLEVEL . '</div>';
} else {
+ $valid_groups = serendipity_getGroups($serendipity['authorid'], true);
$config = serendipity_parseTemplate(S9Y_CONFIG_USERTEMPLATE);
foreach($config as $category) {
foreach ($category['items'] as $item) {
- if ( serendipity_checkConfigItemFlags($item, 'local') ) {
- serendipity_set_user_var($item['var'], $_POST[$item['var']], $serendipity['POST']['user'], ($serendipity['authorid'] == $serendipity['POST']['authorid'] ? true : false));
+ if (in_array('groups', $item['flags'])) {
+ if (serendipity_checkPermission('adminUsersMaintainOthers')) {
+
+ // Void, no fixing neccessarry
+
+ } elseif (serendipity_checkPermission('adminUsersMaintainSame')) {
+
+ // Check that no user may assign groups he's not allowed to.
+ foreach($_POST[$item['var']] AS $groupkey => $groupval) {
+ if (in_array($group_val, $valid_groups)) {
+ continue;
+ }
+
+ unset($_POST[$item['var']][$groupkey]);
+ }
+
+ } else {
+ continue;
+ }
+
+ serendipity_updateGroups($_POST[$item['var']], $serendipity['POST']['user']);
+ continue;
+ }
+
+ if (serendipity_checkConfigItemFlags($item, 'local')) {
+ serendipity_set_user_var($item['var'], $_POST[$item['var']], $serendipity['POST']['user'], ($serendipity['authorid'] == $serendipity['POST']['user'] ? true : false));
}
- if ( serendipity_checkConfigItemFlags($item, 'configuration') ) {
+
+ if (serendipity_checkConfigItemFlags($item, 'configuration')) {
serendipity_set_config_var($item['var'], $_POST[$item['var']], $serendipity['POST']['user']);
}
}
}
+
$pl_data = array(
'authorid' => $serendipity['POST']['authorid'],
'username' => $_POST['username'],
}
}
-if ( $serendipity['GET']['adminAction'] != 'delete' ) {
+if ($serendipity['GET']['adminAction'] != 'delete') {
?>
<table width="100%">
<tr>
<tr>
<td colspan="3">
<?php
-$users = serendipity_fetchUsers();
+if (serendipity_checkPermission('adminUsersMaintainOthers')) {
+ $users = serendipity_fetchUsers('');
+} elseif (serendipity_checkPermission('adminUsersMaintainSame')) {
+ $users = serendipity_fetchUsers('', serendipity_getGroups($serendipity['authorid'], true));
+} else {
+ $users = serendipity_fetchUsers($serendipity['authorid']);
+}
+
$i = 0;
foreach($users as $user) {
if ($user['userlevel'] < $serendipity['serendipityUserlevel'] || $user['authorid'] == $serendipity['authorid'] || $serendipity['serendipityUserlevel'] >= USERLEVEL_ADMIN ) {
-
- if ( $user['userlevel'] >= USERLEVEL_ADMIN ) {
- $img = serendipity_getTemplateFile('admin/img/user_admin.png');
- } elseif ( $user['userlevel'] >= USERLEVEL_CHIEF ) {
- $img = serendipity_getTemplateFile('admin/img/user_chief.png');
- } else {
- $img = serendipity_getTemplateFile('admin/img/user_editor.png');
- }
+ if ( $user['userlevel'] >= USERLEVEL_ADMIN ) {
+ $img = serendipity_getTemplateFile('admin/img/user_admin.png');
+ } elseif ( $user['userlevel'] >= USERLEVEL_CHIEF ) {
+ $img = serendipity_getTemplateFile('admin/img/user_chief.png');
+ } else {
+ $img = serendipity_getTemplateFile('admin/img/user_editor.png');
+ }
?>
<div class="serendipity_admin_list_item serendipity_admin_list_item_<?php echo ($i++ % 2) ? 'even' : 'uneven' ?>">
<table width="100%">
?>
</tr>
</tr>
-<?php if ( !isset($_POST['NEW']) ) { ?>
+<?php if ( !isset($_POST['NEW']) && serendipity_checkPermission('adminUsersCreateNew')) { ?>
<tr>
<td colspan="3" align="right">
<form action="?serendipity[adminModule]=users" method="post">
}
-if ($serendipity['GET']['adminAction'] == 'edit' || isset($_POST['NEW'])) {
+if ( ($serendipity['GET']['adminAction'] == 'edit' && serendipity_checkPermission('adminUsersDelete')) || (isset($_POST['NEW']) && serendipity_checkPermission('adminUsersCreateNew')) ) {
?>
<br />
<br />
<?php
if ($serendipity['GET']['adminAction'] == 'edit') {
$user = serendipity_fetchUsers($serendipity['GET']['userid']);
- if ($user[0]['userlevel'] >= $serendipity['serendipityUserlevel'] && $user[0]['authorid'] != $serendipity['authorid'] && $serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN) {
+ $group_intersect = serendipity_intersectGroup($user[0]['authorid']);
+
+ if ($user[0]['userlevel'] >= $serendipity['serendipityUserlevel'] && $user[0]['authorid'] != $serendipity['authorid'] && !serendipity_checkPermission('adminUsersMaintainOthers')) {
echo '<strong>' . CREATE_NOT_AUTHORIZED . '</strong><br />';
echo EDIT;
$from = array();
- } else {
+ } elseif (serendipity_checkPermission('adminUsersMaintainOthers') ||
+ (serendipity_checkPermission('adminUsersMaintainSame') && $group_intersect)) {
echo EDIT;
$from = &$user[0];
unset($from['password']);
echo '<input type="hidden" name="serendipity[user]" value="' . $from['authorid'] . '" />';
+ } else {
+ echo '<strong>' . CREATE_NOT_AUTHORIZED . '</strong><br />';
+ echo EDIT;
+ $from = array();
}
} else {
echo CREATE;
<?php
$config = serendipity_parseTemplate(S9Y_CONFIG_USERTEMPLATE);
+if (!empty($serendipity['GET']['userid'])) {
+ $from['groups'] = serendipity_getGroups($serendipity['GET']['userid']);
+} else {
+ $from['groups'] = array();
+}
+
serendipity_printConfigTemplate($config, $from, true, false);
if ($serendipity['GET']['adminAction'] == 'edit') { ?>
</div>
</form>
<?php
-} elseif ($serendipity['GET']['adminAction'] == 'delete') {
+} elseif ($serendipity['GET']['adminAction'] == 'delete' && serendipity_checkPermission('adminUsersDelete')) {
$user = serendipity_fetchUsers($serendipity['GET']['userid']);
+ $group_intersect = serendipity_intersectGroup($user[0]['authorid']);
+
+ if (serendipity_checkPermission('adminUsersMaintainOthers') ||
+ (serendipity_checkPermission('adminUsersMaintainSame') && $group_intersect)) {
?>
<form action="?serendipity[adminModule]=users" method="post">
<div>
</div>
</form>
<?php
+ }
}
/* vim: set sts=4 ts=4 expandtab : */
-?>
+?>
\ No newline at end of file
return $_resArray;
}
-function serendipity_fetchUsers($user = '') {
+function serendipity_fetchUsers($user = '', $group = null) {
global $serendipity;
$where = '';
$where = "WHERE authorid = '" . (int)$user ."'";
}
- $querystring = "SELECT * FROM {$serendipity['dbPrefix']}authors $where ORDER BY realname ASC";
+ if ($group === null) {
+ $querystring = "SELECT *
+ FROM {$serendipity['dbPrefix']}authors
+ $where
+ ORDER BY realname ASC";
+ } else {
+ if (is_array($group)) {
+ foreach($group AS $idx => $groupid) {
+ $group[$idx] = (int)$groupid;
+ }
+ $group_sql = implode(', ', $group);
+ } else {
+ $group_sql = (int)$group;
+ }
+ $querystring = "SELECT a.*
+ FROM {$serendipity['dbPrefix']}authors AS a
+ LEFT OUTER JOIN {$serendipity['dbPrefix']}authorgroups AS ag
+ ON a.authorid = ag.authorid
+ LEFT OUTER JOIN {$serendipity['dbPrefix']}groups AS g
+ ON ag.groupid = g.id
+ WHERE g.id IN ($group_sql)
+ $where
+ GROUP BY a.authorid
+ ORDER BY a.realname ASC";
+ }
+
return serendipity_db_query($querystring);
}
if ($_SESSION['serendipityAuthedUser'] === true) {
$admin = '';
- if ($_SESSION['serendipityUserlevel'] < USERLEVEL_CHIEF) {
+ if (!serendipity_checkPermission('adminEntriesMaintainOthers')) {
$admin = " AND authorid = " . (int)$_SESSION['serendipityAuthorid'] ."'";
}
if ($_SESSION['serendipityAuthedUser'] === true) {
$admin = '';
- if ($_SESSION['serendipityUserlevel'] < USERLEVEL_CHIEF) {
+ if (!serendipity_checkPermission('adminEntriesMaintainOthers')) {
$admin = " AND authorid = '" . (int)$_SESSION['serendipityAuthorid'] ."'";
}
LEFT JOIN {$serendipity['dbPrefix']}entries e ON (e.id = c.entry_id)
LEFT JOIN {$serendipity['dbPrefix']}authors a ON (e.authorid = a.authorid)
WHERE c.id = '". (int)$cid ."'
- ". (($serendipity['serendipityUserlevel'] != USERLEVEL_ADMIN && $force !== true) ? "AND e.authorid = '". (int)$serendipity['authorid'] ."'" : '') ."
+ ". ((!serendipity_checkPermission('adminEntriesMaintainOthers') && $force !== true) ? "AND e.authorid = '". (int)$serendipity['authorid'] ."'" : '') ."
". (($force === true) ? "" : "AND status = 'pending'");
$rs = serendipity_db_query($sql, true);
function serendipity_deleteAuthor($authorid) {
global $serendipity;
- if (serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}authors WHERE authorid=" . (int)$authorid ." and userlevel <= ". (int)$serendipity['serendipityUserlevel'])) {
+
+ if (!serendipity_checkPermission('adminUsersDelete')) {
+ return false;
+ }
+
+ if (serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}authors WHERE authorid=" . (int)$authorid)) {
serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}permalinks WHERE entry_id=" . (int)$authorid ." and type='author'");
}
return true;
serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}config where name='" . serendipity_db_escape_string($name) . "' AND authorid = " . (int)$authorid);
$r = serendipity_db_insert('config', array('name' => $name, 'value' => $val, 'authorid' => $authorid));
- $serendipity[$name] = $val;
+
+ if ($authorid === 0 || $authorid === $serendipity['authorid']) {
+ $serendipity[$name] = $val;
+ }
+
if (is_string($r)) {
echo $r;
}
$query = "SELECT DISTINCT
email, authorid, userlevel, right_publish
FROM
- $serendipity[dbPrefix]authors
+ {$serendipity['dbPrefix']}authors
WHERE
username = '" . serendipity_db_escape_string($username) . "'
AND password = '" . serendipity_db_escape_string($password) . "'";
return $lang;
}
+function &serendipity_getPermissions($authorid) {
+ global $serendipity;
+
+ // Get group information
+ $groups = serendipity_db_query("SELECT ag.groupid, g.name, gc.property, gc.value
+ FROM {$serendipity['dbPrefix']}authorgroups AS ag
+ LEFT OUTER JOIN {$serendipity['dbPrefix']}groups AS g
+ ON ag.groupid = g.id
+ LEFT OUTER JOIN {$serendipity['dbPrefix']}groupconfig AS gc
+ ON gc.id = g.id
+ WHERE ag.authorid = " . (int)$authorid);
+ $perm = array('membership' => array());
+ if (is_array($groups)) {
+ foreach($groups AS $group) {
+ $perm['membership'][$group['groupid']] = $group['groupid'];
+ $perm[$group['groupid']][$group['property']] = $group['value'];
+ }
+ }
+ return $perm;
+}
+
+function serendipity_getPermissionNames() {
+ return array(
+ 'personalConfiguration'
+ => array(USERLEVEL_ADMIN, USERLEVEL_CHIEF, USERLEVEL_EDITOR),
+ 'personalConfigurationUserlevel'
+ => array(USERLEVEL_ADMIN, USERLEVEL_CHIEF),
+ 'personalConfigurationNoCreate'
+ => array(USERLEVEL_ADMIN, USERLEVEL_CHIEF),
+ 'personalConfigurationRightPublish'
+ => array(USERLEVEL_ADMIN, USERLEVEL_CHIEF),
+ 'siteConfiguration'
+ => array(USERLEVEL_ADMIN),
+ 'blogConfiguration'
+ => array(USERLEVEL_ADMIN, USERLEVEL_CHIEF),
+
+ 'adminEntries'
+ => array(USERLEVEL_ADMIN, USERLEVEL_CHIEF, USERLEVEL_EDITOR),
+ 'adminEntriesMaintainOthers'
+ => array(USERLEVEL_ADMIN, USERLEVEL_CHIEF),
+
+ 'adminImport'
+ => array(USERLEVEL_ADMIN, USERLEVEL_CHIEF),
+
+ 'adminCategories'
+ => array(USERLEVEL_ADMIN, USERLEVEL_CHIEF, USERLEVEL_EDITOR),
+ 'adminCategoriesMaintainOthers'
+ => array(USERLEVEL_ADMIN, USERLEVEL_CHIEF),
+ 'adminCategoriesDelete'
+ => array(USERLEVEL_ADMIN, USERLEVEL_CHIEF),
+
+ 'adminUsers'
+ => array(USERLEVEL_ADMIN, USERLEVEL_CHIEF),
+ 'adminUsersDelete'
+ => array(USERLEVEL_ADMIN, USERLEVEL_CHIEF),
+ 'adminUsersEditUserlevel'
+ => array(USERLEVEL_ADMIN, USERLEVEL_CHIEF),
+ 'adminUsersMaintainSame'
+ => array(USERLEVEL_ADMIN, USERLEVEL_CHIEF),
+ 'adminUsersMaintainOthers'
+ => array('protected', USERLEVEL_ADMIN),
+ 'adminUsersCreateNew'
+ => array(USERLEVEL_ADMIN, USERLEVEL_CHIEF),
+ 'adminUsersGroups'
+ => array(USERLEVEL_ADMIN, USERLEVEL_CHIEF),
+
+ 'adminPlugins'
+ => array(USERLEVEL_ADMIN, USERLEVEL_CHIEF),
+ 'adminPluginsMaintainOthers'
+ => array(USERLEVEL_ADMIN),
+
+ 'adminImages'
+ => array(USERLEVEL_ADMIN, USERLEVEL_CHIEF, USERLEVEL_EDITOR),
+ 'adminImagesDirectories'
+ => array(USERLEVEL_ADMIN, USERLEVEL_CHIEF),
+ 'adminImagesAdd'
+ => array(USERLEVEL_ADMIN, USERLEVEL_CHIEF, USERLEVEL_EDITOR),
+ 'adminImagesDelete'
+ => array(USERLEVEL_ADMIN, USERLEVEL_CHIEF, USERLEVEL_EDITOR),
+ 'adminImagesMaintainOthers'
+ => array(USERLEVEL_ADMIN, USERLEVEL_CHIEF),
+ 'adminImagesView'
+ => array(USERLEVEL_ADMIN, USERLEVEL_CHIEF, USERLEVEL_EDITOR),
+ 'adminImagesSync'
+ => array(USERLEVEL_ADMIN, USERLEVEL_CHIEF),
+
+ 'adminComments'
+ => array(USERLEVEL_ADMIN, USERLEVEL_CHIEF),
+
+ 'adminTemplates'
+ => array(USERLEVEL_ADMIN, USERLEVEL_CHIEF),
+ );
+}
+
+function serendipity_checkPermission($permName, $authorid = null, $returnMyGroups = false) {
+ global $serendipity;
+
+ // Define old serendipity permissions
+ static $permissions = null;
+ static $group = null;
+
+ if ($permissions === null) {
+ $permissions = serendipity_getPermissionNames();
+ }
+
+ if ($group === null) {
+ $group = array();
+ }
+
+ if ($authorid === null) {
+ $authorid = $serendipity['authorid'];
+ }
+
+ if ($authorid == $serendipity['authorid'] && $serendipity['no_create']) {
+ // This no_create user privilege overrides other permissions.
+ return false;
+ }
+
+ if (!isset($group[$authorid])) {
+ $group[$authorid] = serendipity_getPermissions($authorid);
+ }
+
+ if ($returnMyGroups) {
+ return $group[$authorid]['membership'];
+ }
+
+ $return = true;
+ foreach($group[$authorid] AS $item) {
+ if (!isset($item[$permName])) {
+ continue;
+ }
+
+ if ($item[$permName] === 'true') {
+ return true;
+ } else {
+ $return = false;
+ }
+ }
+
+ // If the function did not yet return it means there's a check for a permission which is not defined anywhere.
+ // Let's use a backwards compatible way.
+ if ($return && in_array($serendipity['serendipityUserlevel'], $permissions[$permName])) {
+ return true;
+ }
+
+ return false;
+}
+
+function serendipity_updateGroups($groups, $authorid) {
+ global $serendipity;
+
+ if (!serendipity_checkPermission('adminUsersMaintainOthers')) {
+ return false;
+ }
+
+ serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}authorgroups WHERE authorid = " . (int)$authorid);
+
+ foreach($groups AS $group) {
+ serendipity_db_query("INSERT INTO {$serendipity['dbPrefix']}authorgroups (authorid, groupid) VALUES (" . (int)$authorid . ", " . (int)$group . ")");
+ }
+ return true;
+}
+
+function &serendipity_getAllGroups($apply_ACL_user = false) {
+ global $serendipity;
+
+ if ($apply_ACL_user) {
+ $groups =& serendipity_db_query("SELECT g.id AS confkey,
+ g.name AS confvalue,
+ g.id AS id,
+ g.name AS name
+ FROM {$serendipity['dbPrefix']}authorgroups AS ag
+ LEFT OUTER JOIN {$serendipity['dbPrefix']}groups AS g
+ ON g.id = ag.groupid
+ WHERE ag.authorid = " . (int)$apply_ACL_user . "
+ ORDER BY g.name", false, 'assoc');
+ } else {
+ $groups =& serendipity_db_query("SELECT g.id AS confkey,
+ g.name AS confvalue,
+ g.id AS id,
+ g.name AS name
+ FROM {$serendipity['dbPrefix']}groups AS g
+ ORDER BY g.name", false, 'assoc');
+ }
+
+ return $groups;
+}
+
+function &serendipity_fetchGroup($groupid) {
+ global $serendipity;
+
+ $conf = array();
+ $groups =& serendipity_db_query("SELECT g.id AS confkey,
+ g.name AS confvalue,
+ g.id AS id,
+ g.name AS name,
+
+ gc.property AS property,
+ gc.value AS value
+ FROM {$serendipity['dbPrefix']}groups AS g
+ LEFT OUTER JOIN {$serendipity['dbPrefix']}groupconfig AS gc
+ ON g.id = gc.id
+ WHERE g.id = " . (int)$groupid, false, 'assoc');
+ foreach($groups AS $group) {
+ $conf[$group['property']] = $group['value'];
+ }
+
+ // The following are unique
+ $conf['name'] = $groups[0]['name'];
+ $conf['id'] = $groups[0]['id'];
+ $conf['confkey'] = $groups[0]['confkey'];
+ $conf['confvalue'] = $groups[0]['confvalue'];
+
+ return $conf;
+}
+
+
+function &serendipity_getGroups($authorid, $sequence = false) {
+ global $serendipity;
+
+ $groups =& serendipity_db_query("SELECT g.id AS confkey,
+ g.name AS confvalue,
+ g.id AS id,
+ g.name AS name
+ FROM {$serendipity['dbPrefix']}authorgroups AS ag
+ LEFT OUTER JOIN {$serendipity['dbPrefix']}groups AS g
+ ON g.id = ag.groupid
+ WHERE ag.authorid = " . (int)$authorid, false, 'assoc');
+ if ($sequence) {
+ $_groups = $groups;
+ $groups = array();
+ foreach($_groups AS $grouprow) {
+ $groups[] = $grouprow['confkey'];
+ }
+ }
+
+ return $groups;
+}
+
+function &serendipity_getGroupUsers($groupid) {
+ global $serendipity;
+
+ $groups =& serendipity_db_query("SELECT g.name AS name,
+ a.realname AS author,
+ a.authorid AS id
+ FROM {$serendipity['dbPrefix']}authorgroups AS ag
+ LEFT OUTER JOIN {$serendipity['dbPrefix']}groups AS g
+ ON g.id = ag.groupid
+ LEFT OUTER JOIN {$serendipity['dbPrefix']}authors AS a
+ ON ag.authorid = a.authorid
+ WHERE ag.groupid = " . (int)$groupid, false, 'assoc');
+ return $groups;
+}
+
+function serendipity_deleteGroup($groupid) {
+ global $serendipity;
+
+ if (!serendipity_checkPermission('adminUsersGroups')) {
+ return false;
+ }
+
+ if (!serendipity_checkPermission('adminUsersMaintainOthers')) {
+ // Only groups should be accessible where a user has access rights.
+ $my_groups = serendipity_getGroups($serendipity['authorid'], true);
+ if (!in_array($groupid, $my_groups)) {
+ return false;
+ }
+ }
+
+ serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}groups WHERE id = " . (int)$groupid);
+ serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}authorgroups WHERE groupid = " . (int)$groupid);
+
+ return true;
+}
+
+function serendipity_addGroup($name) {
+ global $serendipity;
+
+ serendipity_db_query("INSERT INTO {$serendipity['dbPrefix']}groups (name) VALUES ('" . serendipity_db_escape_string($name) . "')");
+ $gid = serendipity_db_insert_id('groups', 'id');
+
+ return $gid;
+}
+
+function &serendipity_getDBPermissionNames() {
+ global $serendipity;
+
+ $config =& serendipity_db_query("SELECT property FROM {$serendipity['dbPrefix']}groupconfig GROUP BY property ORDER BY property", false, 'assoc');
+
+ return $config;
+}
+
+function &serendipity_getAllPermissionNames() {
+ global $serendipity;
+
+ $DBperms =& serendipity_getDBPermissionNames();
+ $perms =& serendipity_getPermissionNames();
+
+ foreach($DBperms AS $perm) {
+ if (!isset($perms[$perm['property']])) {
+ $perms[$perm['property']] = array();
+ }
+ }
+
+ return $perms;
+}
+
+function serendipity_intersectGroup($checkuser = null, $myself = null) {
+ global $serendipity;
+
+ if ($myself === null) {
+ $myself = $serendipity['authorid'];
+ }
+
+ $my_groups = serendipity_getGroups($myself, true);
+ $his_groups = serendipity_getGroups($checkuser, true);
+
+ foreach($his_groups AS $his_group) {
+ if (in_array($his_group, $my_groups)) {
+ return true;
+ }
+ }
+
+ return false;
+}
+
+function serendipity_updateGroupConfig($groupid, &$perms, &$values) {
+ global $serendipity;
+
+ if (!serendipity_checkPermission('adminUsersGroups')) {
+ return false;
+ }
+
+ if (!serendipity_checkPermission('adminUsersMaintainOthers')) {
+ // Only groups should be accessible where a user has access rights.
+ $my_groups = serendipity_getGroups($serendipity['authorid'], true);
+ if (!in_array($groupid, $my_groups)) {
+ return false;
+ }
+ }
+
+ $storage = serendipity_fetchGroup($groupid);
+
+ serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}groupconfig WHERE id = " . (int)$groupid);
+ foreach ($perms AS $perm => $userlevels) {
+ if (isset($values[$perm]) && $values[$perm] == 'true') {
+ $value = 'true';
+ } elseif (isset($values[$perm]) && $values[$perm] === 'false') {
+ $value = 'false';
+ } elseif (isset($values[$perm])) {
+ $value = $values[$perm];
+ } else {
+ $value = 'false';
+ }
+
+ if (in_array('protected', $userlevels) && !serendipity_checkPermission($perm)) {
+ $value = $storage[$perm];
+ }
+
+ serendipity_db_query(
+ sprintf("INSERT INTO {$serendipity['dbPrefix']}groupconfig (id, property, value) VALUES (%d, '%s', '%s')",
+ (int)$groupid,
+ serendipity_db_escape_string($perm),
+ serendipity_db_escape_string($value)
+ )
+ );
+ }
+
+ serendipity_db_query("UPDATE {$serendipity['dbPrefix']}groups SET name = '" . serendipity_db_escape_string($values['name']) . "' WHERE id = " . (int)$groupid);
+
+ if (is_array($values['members'])) {
+ serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}authorgroups WHERE groupid = " . (int)$groupid);
+ foreach($values['members'] AS $member) {
+ serendipity_db_query(
+ sprintf("INSERT INTO {$serendipity['dbPrefix']}authorgroups (groupid, authorid) VALUES (%d, %d)",
+ (int)$groupid,
+ (int)$member
+ )
+ );
+ }
+ }
+
+ return true;
+}
/* vim: set sts=4 ts=4 expandtab : */
?>
$limit = serendipity_db_limit_sql($limit);
}
- if (isset($serendipity['GET']['adminModule']) && $serendipity['GET']['adminModule'] == 'entries' && $serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF) {
+ if (isset($serendipity['GET']['adminModule']) && $serendipity['GET']['adminModule'] == 'entries' && !serendipity_checkPermission('adminEntriesMaintainOthers')) {
if (!empty($cond['and'])) {
$cond['and'] .= " AND e.authorid = '" . $serendipity['authorid'] . "'";
} else {
$cond['and'] = " AND e.isdraft = 'false' " . (!serendipity_db_bool($serendipity['showFutureEntries']) ? " AND e.timestamp <= " . time() : '');
}
- if (isset($serendipity['GET']['adminModule']) && $serendipity['GET']['adminModule'] == 'entries' && $serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF) {
+ if (isset($serendipity['GET']['adminModule']) && $serendipity['GET']['adminModule'] == 'entries' && !serendipity_checkPermission('adminEntriesMaintainOthers')) {
$cond['and'] = " AND e.authorid = '" . $serendipity['authorid'] . "'";
}
$authorid = ((isset($serendipity['authorid']) && !empty($serendipity['GET']['adminModule'])) ? $serendipity['authorid'] : 1);
}
- if ($serendipity['serendipityUserlevel'] == USERLEVEL_ADMIN) {
- $authorid = 'all';
+ if (isset($serendipity['authorid']) && !empty($serendipity['GET']['adminModule']) && $authorid != $serendipity['authorid'] && !serendipity_checkPermission('adminCategoriesMaintainOthers')) {
+ $authorid = $serendipity['authorid'];
}
if ($authorid != 'all' && is_numeric($authorid)) {
- $where = " WHERE ((c.authorid = $authorid OR c.authorid = 0) " . (!empty($serendipity['serendipityUserlevel']) ? " OR a.userlevel < {$serendipity['serendipityUserlevel']}" : '') . ')';
+ $where = " WHERE (c.authorid = $authorid OR c.authorid = 0)";
} else {
$where = '';
}
$entry['label_trackbacks'] = $entry['trackbacks'] == 1 ? TRACKBACK : TRACKBACKS;
}
- if ($_SESSION['serendipityAuthedUser'] === true && ($_SESSION['serendipityUserlevel'] >= USERLEVEL_CHIEF || $_SESSION['serendipityAuthorid'] == $entry['authorid'])) {
+ if ($_SESSION['serendipityAuthedUser'] === true && ($_SESSION['serendipityAuthorid'] == $entry['authorid'] || serendipity_checkPermission('adminEntriesMaintainOthers'))) {
$entry['is_entry_owner'] = true;
}
$_entry = serendipity_fetchEntry('id', $entry['id'], 1, 1);
$entry['authorid'] = $_entry['authorid'];
- if (isset($serendipity['GET']['adminModule']) && $serendipity['GET']['adminModule'] == 'entries' && $serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF && $entry['authorid'] != $serendipity['authorid']) {
+ if (isset($serendipity['GET']['adminModule']) && $serendipity['GET']['adminModule'] == 'entries' && $entry['authorid'] != $serendipity['authorid'] && !serendipity_checkPermission('adminEntriesMaintainOthers')) {
// Only chiefs and admins can change other's entry. Else update fails.
return;
}
// Purge the daily/monthly entries so they can be rebuilt
$result = serendipity_db_query("SELECT timestamp, authorid FROM {$serendipity['dbPrefix']}entries WHERE id = '". (int)$id ."'", true);
- if ($serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF && $result[1] != $serendipity['authorid']) {
+ if ($result[1] != $serendipity['authorid'] && !serendipity_checkPermission('adminEntriesMaintainOthers')) {
// Only admins and chief users can delete entries which do not belong to the author
return;
}
global $serendipity;
$admin = '';
- if ($serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF) {
+ if (!serendipity_checkPermission('adminImagesAdd')) {
$admin = ' AND (authorid = ' . $serendipity['authorid'] . ' OR authorid = 0)';
}
$dThumb = $file['path'] . $file['name'] .'.'. $file['thumbnail_name'] .'.'. $file['extension'];
$admin = '';
- if ($serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid']) {
+ if (!serendipity_checkPermission('adminImagesDelete')) {
+ return;
+ }
+
+ if (!serendipity_checkPermission('adminImagesMaintainOthers') && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid']) {
// A non-admin user may not delete private files from other users.
return;
}
$file = serendipity_fetchImageFromDatabase($id);
$admin = '';
- if ($serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid']) {
+ if (!serendipity_checkPermission('adminImagesMaintainOthers') && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid']) {
return;
}
$file = serendipity_fetchImageFromDatabase($id);
$admin = '';
- if ($serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid']) {
+ if (!serendipity_checkPermission('adminImagesMaintainOthers') && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid']) {
// A non-admin user may not delete private files from other users.
return false;
}
<tr>
<td valign="top" width="16" rowspan="3">
<?php
- if ($serendipity['authorid'] == $file['authorid'] || $file['authorid'] == '0' || $serendipity['serendipityUserlevel'] >= USERLEVEL_CHIEF) {
+ if ($serendipity['authorid'] == $file['authorid'] || $file['authorid'] == '0' || serendipity_checkPermission('adminImagesMaintainOthers')) {
$popupWidth = ($is_image ? ($file['dimensions_width'] + 20) : 600);
$popupHeight = ($is_image ? ($file['dimensions_height'] + 20) : 500);
?>
}
switch ($optname) {
-
case 'permalinkStructure':
return $default;
foreach ( $category['items'] as $i => $item ) {
$items = &$config[$n]['items'][$i];
+
if (!isset($items['userlevel']) || !is_numeric($items['userlevel'])) {
$items['userlevel'] = USERLEVEL_ADMIN;
}
- if ($userlevel < $items['userlevel']) {
+ if (!isset($items['permission']) && $userlevel < $items['userlevel']) {
+ unset($config[$n]['items'][$i]);
+ continue;
+ } elseif (!is_array($items['permission']) && !serendipity_checkPermission($items['permission'])) {
unset($config[$n]['items'][$i]);
continue;
+ } elseif (is_array($items['permission'])) {
+ $one_found = false;
+ $all_found = true;
+ foreach($items['permission'] AS $check_permission) {
+ if (serendipity_checkPermission($check_permission)) {
+ $one_found = true;
+ } else {
+ $all_found = false;
+ }
+ }
+
+ if (!isset($items['perm_mode'])) {
+ $items['perm_mode'] = 'or';
+ }
+
+ if ($items['perm_mode'] == 'or' && !$one_found) {
+ unset($config[$n]['items'][$i]);
+ continue;
+ } elseif ($items['perm_mode'] == 'and' && !$one_found && !$all_found) {
+ unset($config[$n]['items'][$i]);
+ continue;
+ }
}
if (!isset($items['flags']) || !is_array($items['flags'])) {
global $serendipity;
switch ($type) {
- case 'bool' :
+ case 'bool':
$value = serendipity_get_bool($value);
echo '<input id="radio_cfg_' . $name . '_yes" type="radio" name="' . $name . '" value="true" ';
echo (($value == true) ? 'checked="checked"' : ''). ' /><label for="radio_cfg_' . $name . '_yes"> ' . YES . '</label> ';
echo (($value == true) ? '' : 'checked="checked"'). ' /><label for="radio_cfg_' . $name . '_no"> ' . NO . '</label>';
break;
- case 'protected' :
+ case 'protected':
echo '<input type="password" size="30" name="' . $name . '" value="' . htmlspecialchars($value) . '" />';
break;
- case 'list' :
+ case 'multilist':
+ echo '<select name="'. $name .'[]" multiple="multiple">';
+ foreach ((array)$default as $k => $v) {
+ print_r($v);
+ $selected = false;
+ foreach((array)$value AS $vk => $vv) {
+ if ($vv['confkey'] == $v['confkey']) {
+ $selected = true;
+ }
+ }
+
+ printf('<option value="%s"%s>%s</option>'. "\n",
+ $v['confkey'],
+ ($selected ? ' selected="selected"' : ''),
+ $v['confvalue']);
+ }
+ echo '</select>';
+ break;
+
+ case 'list':
echo '<select name="'. $name .'">';
- foreach ((array)$default as $k=>$v) {
+
+ foreach ((array)$default as $k => $v) {
+ $selected = ($k == $value);
+
printf('<option value="%s"%s>%s</option>'. "\n",
$k,
- (($k == $value) ? ' selected="selected"' : ''),
+ ($selected ? ' selected="selected"' : ''),
$v);
}
echo '</select>';
break;
- case 'file' :
+
+ case 'file':
echo '<input type="file" size="30" name="' . $name . '" />';
break;
- default :
+
+ default:
echo '<input type="text" size="30" name="' . $name . '" value="' . htmlspecialchars($value) . '" />';
break;
}
}
}
- if (IS_installed === false || $serendipity['serendipityUserlevel'] >= USERLEVEL_ADMIN) {
+ if (IS_installed === false || serendipity_checkPermission('siteConfiguration')) {
return serendipity_updateLocalConfig($_POST['dbName'],
$_POST['dbPrefix'],
$_POST['dbHost'],
break;
}
}
-?>
+
+function serendipity_addDefaultGroups() {
+ global $serendipity;
+
+ serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}groups");
+ serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}groupconfig");
+ serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}authorgroups");
+
+ serendipity_addDefaultGroup(USERLEVEL_EDITOR_DESC, USERLEVEL_EDITOR);
+ serendipity_addDefaultGroup(USERLEVEL_CHIEF_DESC, USERLEVEL_CHIEF);
+ serendipity_addDefaultGroup(USERLEVEL_ADMIN_DESC, USERLEVEL_ADMIN);
+}
+
+function serendipity_addDefaultGroup($name, $level) {
+ global $serendipity;
+
+ static $perms = null;
+ if ($perms === null) {
+ $perms = serendipity_getPermissionNames();
+ }
+
+ serendipity_db_query("INSERT INTO {$serendipity['dbPrefix']}groups (name) VALUES ('" . serendipity_db_escape_string($name) . "')");
+ $gid = (int)serendipity_db_insert_id('groups', 'id');
+ serendipity_db_query("INSERT INTO {$serendipity['dbPrefix']}groupconfig (id, property, value) VALUES ($gid, 'userlevel', '" . (int)$level . "')");
+
+ $authors = serendipity_db_query("SELECT * FROM {$serendipity['dbPrefix']}authors WHERE userlevel = " . (int)$level);
+ if (!is_array($authors)) {
+ return;
+ }
+
+ foreach($authors AS $author) {
+ serendipity_db_query("INSERT INTO {$serendipity['dbPrefix']}authorgroups (authorid, groupid) VALUES ('{$author['authorid']}', '$gid')");
+ }
+
+ foreach($perms AS $permName => $permArray) {
+ if (in_array($level, $permArray)) {
+ serendipity_db_query("INSERT INTO {$serendipity['dbPrefix']}groupconfig (id, property, value) VALUES ($gid, '" . serendipity_db_escape_string($permName) . "', 'true')");
+ } else {
+ serendipity_db_query("INSERT INTO {$serendipity['dbPrefix']}groupconfig (id, property, value) VALUES ($gid, '" . serendipity_db_escape_string($permName) . "', 'false')");
+ }
+ }
+
+ return true;
+}
+
+?>
\ No newline at end of file
global $serendipity;
$admin = '';
- if ($serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN && $placement == 'hidden') {
+ if (!serendipity_checkPermission('adminPlugins') && $placement == 'hidden') {
// Only administrators can set plugins to 'hidden' if they are not the owners.
$admin = " AND (authorid = 0 OR authorid = {$serendipity['authorid']})";
}
}
$admin = '';
- if ($serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN) {
+ if (!serendipity_checkPermission('adminPlugins')) {
$admin = " AND (authorid = 0 OR authorid = {$serendipity['authorid']})";
}
'description' => INSTALL_DBTYPE_DESC,
'type' => 'list',
'default' => array(),
+ 'permission' => 'siteConfiguration',
'flags' => array('nosave', 'simpleInstall', 'probeDefault')),
array('var' => 'dbHost',
'description' => INSTALL_DBHOST_DESC,
'type' => 'string',
'default' => 'localhost',
+ 'permission' => 'siteConfiguration',
'flags' => array('nosave', 'simpleInstall')),
array('var' => 'dbUser',
'description' => INSTALL_DBUSER_DESC,
'type' => 'string',
'default' => 'serendipity',
+ 'permission' => 'siteConfiguration',
'flags' => array('nosave', 'simpleInstall')),
array('var' => 'dbPass',
'description' => INSTALL_DBPASS_DESC,
'type' => 'protected',
'default' => '',
+ 'permission' => 'siteConfiguration',
'flags' => array('nosave', 'hideValue', 'simpleInstall')),
array('var' => 'dbName',
'description' => INSTALL_DBNAME_DESC,
'type' => 'string',
'default' => 'serendipity',
+ 'permission' => 'siteConfiguration',
'flags' => array('nosave', 'simpleInstall')),
array('var' => 'dbPrefix',
'description' => INSTALL_DBPREFIX_DESC,
'type' => 'string',
'default' => 'serendipity_',
+ 'permission' => 'siteConfiguration',
'flags' => array('nosave')),
array('var' => 'dbPersistent',
'description' => INSTALL_DBPERSISTENT_DESC,
'type' => 'bool',
'default' => false,
+ 'permission' => 'siteConfiguration',
'flags' => array('nosave'))
));
'title' => INSTALL_FULLPATH,
'description' => INSTALL_FULLPATH_DESC,
'type' => 'string',
+ 'permission' => 'siteConfiguration',
'default' => '/webroot/serendipity/'),
array('var' => 'uploadPath',
'title' => INSTALL_UPLOADPATH,
'description' => INSTALL_UPLOADPATH_DESC,
'type' => 'string',
+ 'permission' => 'siteConfiguration',
'default' => 'uploads/'),
array('var' => 'serendipityHTTPPath',
'title' => INSTALL_RELPATH,
'description' => INSTALL_RELPATH_DESC,
'type' => 'string',
+ 'permission' => 'siteConfiguration',
'default' => '/serendipity/'),
array('var' => 'templatePath',
'title' => INSTALL_RELTEMPLPATH,
'description' => INSTALL_RELTEMPLPATH_DESC,
'type' => 'string',
+ 'permission' => 'siteConfiguration',
'default' => 'templates/'),
array('var' => 'uploadHTTPPath',
'title' => INSTALL_RELUPLOADPATH,
'description' => INSTALL_RELUPLOADPATH_DESC,
'type' => 'string',
+ 'permission' => 'siteConfiguration',
'default' => 'uploads/'),
array('var' => 'baseURL',
'title' => INSTALL_URL,
'description' => INSTALL_URL_DESC,
'type' => 'string',
+ 'permission' => 'siteConfiguration',
'default' => 'http://www.example.com/serendipity/'),
array('var' => 'autodetect_baseURL',
'title' => INSTALL_AUTODETECT_URL,
'description' => INSTALL_AUTODETECT_URL_DESC,
'type' => 'bool',
+ 'permission' => 'siteConfiguration',
'default' => false),
array('var' => 'indexFile',
'title' => INSTALL_INDEXFILE,
'description' => INSTALL_INDEXFILE_DESC,
'type' => 'string',
+ 'permission' => 'siteConfiguration',
'default' => 'index.php'),
));
'description' => INSTALL_PERMALINK_DESC,
'type' => 'string',
'default' => 'archives/%id%-%title%.html',
+ 'permission' => 'siteConfiguration',
'flags' => array('ifEmpty')),
array('var' => 'permalinkAuthorStructure',
'description' => INSTALL_PERMALINK_AUTHOR_DESC,
'type' => 'string',
'default' => 'authors/%id%-%realname%',
+ 'permission' => 'siteConfiguration',
'flags' => array('ifEmpty')),
array('var' => 'permalinkCategoryStructure',
'description' => INSTALL_PERMALINK_CATEGORY_DESC,
'type' => 'string',
'default' => 'categories/%id%-%name%',
+ 'permission' => 'siteConfiguration',
'flags' => array('ifEmpty')),
array('var' => 'permalinkFeedCategoryStructure',
'description' => INSTALL_PERMALINK_FEEDCATEGORY_DESC,
'type' => 'string',
'default' => 'feeds/categories/%id%-%name%.rss',
+ 'permission' => 'siteConfiguration',
'flags' => array('ifEmpty')),
array('var' => 'permalinkArchivesPath',
'description' => '',
'type' => 'string',
'default' => 'archives',
+ 'permission' => 'siteConfiguration',
'flags' => array('ifEmpty')),
array('var' => 'permalinkArchivePath',
'description' => '',
'type' => 'string',
'default' => 'archive',
+ 'permission' => 'siteConfiguration',
'flags' => array('ifEmpty')),
array('var' => 'permalinkCategoriesPath',
'description' => '',
'type' => 'string',
'default' => 'categories',
+ 'permission' => 'siteConfiguration',
'flags' => array('ifEmpty')),
array('var' => 'permalinkUnsubscribePath',
'description' => '',
'type' => 'string',
'default' => 'unsubscribe',
+ 'permission' => 'siteConfiguration',
'flags' => array('ifEmpty')),
array('var' => 'permalinkDeletePath',
'description' => '',
'type' => 'string',
'default' => 'delete',
+ 'permission' => 'siteConfiguration',
'flags' => array('ifEmpty')),
array('var' => 'permalinkApprovePath',
'description' => '',
'type' => 'string',
'default' => 'approve',
+ 'permission' => 'siteConfiguration',
'flags' => array('ifEmpty')),
array('var' => 'permalinkFeedsPath',
'description' => '',
'type' => 'string',
'default' => 'feeds',
+ 'permission' => 'siteConfiguration',
'flags' => array('ifEmpty')),
array('var' => 'permalinkPluginPath',
'description' => '',
'type' => 'string',
'default' => 'plugin',
+ 'permission' => 'siteConfiguration',
'flags' => array('ifEmpty')),
array('var' => 'permalinkAdminPath',
'description' => '',
'type' => 'string',
'default' => 'admin',
+ 'permission' => 'siteConfiguration',
'flags' => array('ifEmpty')),
array('var' => 'permalinkSearchPath',
'description' => '',
'type' => 'string',
'default' => 'search',
+ 'permission' => 'siteConfiguration',
'flags' => array('ifEmpty')),
)
'description' => INSTALL_USERNAME_DESC,
'type' => 'string',
'default' => 'John Doe',
+ 'permission' => 'siteConfiguration',
'flags' => array('installOnly', 'local', 'simpleInstall')),
array('var' => 'pass',
'description' => INSTALL_PASSWORD_DESC,
'type' => 'protected',
'default' => 'john',
+ 'permission' => 'siteConfiguration',
'flags' => array('installOnly', 'local', 'simpleInstall')),
array('var' => 'realname',
'description' => USERCONF_REALNAME_DESC,
'type' => 'string',
'default' => 'John Doe',
+ 'permission' => 'siteConfiguration',
'flags' => array('installOnly', 'local', 'simpleInstall')),
array('var' => 'email',
'description' => INSTALL_EMAIL_DESC,
'type' => 'string',
'default' => 'john@example.com',
+ 'permission' => 'siteConfiguration',
'flags' => array('installOnly', 'local', 'simpleInstall')),
array('var' => 'want_mail',
'description' => INSTALL_SENDMAIL_DESC,
'type' => 'bool',
'default' => true,
+ 'permission' => 'siteConfiguration',
'flags' => array('installOnly', 'local')),
array('var' => 'allowSubscriptions',
'title' => INSTALL_SUBSCRIBE,
'description' => INSTALL_SUBSCRIBE_DESC,
'type' => 'bool',
+ 'permission' => 'siteConfiguration',
'default' => true),
array('var' => 'blogTitle',
'description' => INSTALL_BLOGNAME_DESC,
'type' => 'string',
'default' => 'John Doe\'s personal blog',
- 'userlevel' => USERLEVEL_CHIEF,
+ 'permission' => 'blogConfiguration',
'flags' => array('simpleInstall')),
array('var' => 'blogDescription',
'description' => INSTALL_BLOGDESC_DESC,
'type' => 'string',
'default' => 'My little place on the web...',
- 'userlevel' => USERLEVEL_CHIEF,
+ 'permission' => 'blogConfiguration',
'flags' => array('simpleInstall')),
array('var' => 'lang',
'description' => INSTALL_LANG_DESC,
'type' => 'list',
'default' => $serendipity['languages'],
+ 'permission' => 'siteConfiguration',
'flags' => array('simpleInstall')),
array('var' => 'calendar',
'title' => INSTALL_CAL,
'description' => INSTALL_CAL_DESC,
'type' => 'list',
+ 'permission' => 'blogConfiguration',
'default' => $serendipity['calendars']),
array('var' => 'lang_content_negotiation',
'description' => AUTOLANG_DESC,
'type' => 'bool',
'default' => false,
- 'userlevel' => USERLEVEL_CHIEF),
+ 'permission' => 'blogConfiguration'),
));
$res['display'] =
'description' => INSTALL_FETCHLIMIT_DESC,
'type' => 'int',
'default' => 15,
- 'userlevel' => USERLEVEL_CHIEF),
+ 'permission' => 'blogConfiguration'),
array('var' => 'useGzip',
'title' => INSTALL_USEGZIP,
'description' => INSTALL_USEGZIP_DESC,
'type' => 'bool',
+ 'permission' => 'siteConfiguration',
'default' => false),
array('var' => 'wysiwyg',
'description' => INSTALL_WYSIWYG_DESC,
'type' => 'bool',
'default' => false,
- 'userlevel' => USERLEVEL_CHIEF,
+ 'permission' => 'blogConfiguration',
'flags' => array('simpleInstall', 'installOnly')),
array('var' => 'XHTML11',
'title' => INSTALL_XHTML11,
'description' => INSTALL_XHTML11_DESC,
'type' => 'bool',
+ 'permission' => 'siteConfiguration',
'default' => false),
array('var' => 'enablePopup',
'description' => INSTALL_POPUP_DESC,
'type' => 'bool',
'default' => false,
- 'userlevel' => USERLEVEL_CHIEF),
+ 'permission' => 'blogConfiguration'),
array('var' => 'embed',
'title' => INSTALL_EMBED,
'description' => INSTALL_EMBED_DESC,
'type' => 'bool',
+ 'permission' => 'siteConfiguration',
'default' => 'false'),
array('var' => 'top_as_links',
'title' => INSTALL_SHOW_EXTERNAL_LINKS,
'description' => INSTALL_SHOW_EXTERNAL_LINKS_DESC,
'type' => 'bool',
+ 'permission' => 'siteConfiguration',
'default' => false),
array('var' => 'blockReferer',
'description' => INSTALL_BLOCKREF_DESC,
'type' => 'string',
'default' => ';',
- 'userlevel' => USERLEVEL_CHIEF),
+ 'permission' => 'blogConfiguration'),
array('var' => 'rewrite',
'title' => INSTALL_REWRITE,
'description' => INSTALL_REWRITE_DESC,
'type' => 'list',
'default' => array(),
+ 'permission' => 'siteConfiguration',
'flags' => array('probeDefault')),
array('var' => 'serverOffsetHours',
'description' => INSTALL_OFFSET_DESC,
'type' => 'int',
'default' => 0,
- 'userlevel' => USERLEVEL_CHIEF,
+ 'permission' => 'blogConfiguration',
'flags' => array('parseDescription')),
array('var' => 'showFutureEntries',
'description' => INSTALL_SHOWFUTURE_DESC,
'type' => 'bool',
'default' => false,
- 'userlevel' => USERLEVEL_CHIEF),
+ 'permission' => 'blogConfiguration'),
));
$res['imagehandling'] =
'title' => INSTALL_IMAGEMAGICK,
'description' => INSTALL_IMAGEMAGICK_DESC,
'type' => 'bool',
+ 'permission' => 'siteConfiguration',
'default' => false),
array('var' => 'convert',
'title' => INSTALL_IMAGEMAGICKPATH,
'description' => INSTALL_IMAGEMAGICKPATH_DESC,
'type' => 'string',
+ 'permission' => 'siteConfiguration',
'default' => '/usr/local/bin/convert'),
array('var' => 'thumbSuffix',
'title' => INSTALL_THUMBSUFFIX,
'description' => INSTALL_THUMBSUFFIX_DESC,
'type' => 'string',
+ 'permission' => 'siteConfiguration',
'default' => 'serendipityThumb'),
array('var' => 'thumbSize',
'title' => INSTALL_THUMBWIDTH,
'description' => INSTALL_THUMBWIDTH_DESC,
'type' => 'int',
+ 'permission' => 'siteConfiguration',
'default' => 110),
));
'description' => USERCONF_USERNAME_DESC,
'type' => 'string',
'default' => 'johndoe',
- 'userlevel' => USERLEVEL_EDITOR),
+ 'permission' => 'personalConfiguration'),
array('var' => 'password',
'title' => USERCONF_PASSWORD,
'description' => USERCONF_PASSWORD_DESC,
'type' => 'protected',
'default' => '',
- 'userlevel' => USERLEVEL_EDITOR),
+ 'permission' => 'personalConfiguration'),
array('var' => 'realname',
'title' => USERCONF_REALNAME,
'description' => USERCONF_REALNAME_DESC,
'type' => 'string',
'default' => 'John Doe',
- 'userlevel' => USERLEVEL_EDITOR),
+ 'permission' => 'personalConfiguration'),
array('var' => 'userlevel',
'title' => USERCONF_USERLEVEL,
- 'description' => USERCONF_USERLEVEL_DESC,
+ 'description' => USERCONF_USERLEVEL_DESC . "\n" . USERLEVEL_OBSOLETE,
'type' => 'list',
'default' => $serendipity['permissionLevels'],
- 'userlevel' => USERLEVEL_CHIEF),
+ 'permission' => 'personalConfigurationUserlevel'),
+
+ array('var' => 'groups',
+ 'title' => USERCONF_GROUPS,
+ 'description' => USERCONF_GROUPS_DESC,
+ 'type' => 'multilist',
+ 'permission' => array('adminUsersMaintainOthers', 'adminUsersMaintainSame'),
+ 'perm_mode' => 'or',
+ 'default' => serendipity_getAllGroups(),
+ 'flags' => array('groups')),
array('var' => 'email',
'title' => USERCONF_EMAIL,
'description' => USERCONF_EMAIL_DESC,
'type' => 'string',
'default' => 'john@example.com',
- 'userlevel' => USERLEVEL_EDITOR),
+ 'permission' => 'personalConfiguration'),
array('var' => 'lang',
'title' => INSTALL_LANG,
'description' => INSTALL_LANG_DESC,
'type' => 'list',
'default' => $serendipity['languages'],
- 'userlevel' => USERLEVEL_EDITOR,
+ 'permission' => 'personalConfiguration',
'flags' => array('config')),
array('var' => 'wysiwyg',
'description' => INSTALL_WYSIWYG_DESC,
'type' => 'bool',
'default' => false,
- 'userlevel' => USERLEVEL_EDITOR,
+ 'permission' => 'personalConfiguration',
'flags' => array('config')),
array('var' => 'mail_comments',
'description' => USERCONF_SENDCOMMENTS_DESC,
'type' => 'bool',
'default' => true,
- 'userlevel' => USERLEVEL_EDITOR),
+ 'permission' => 'personalConfiguration'),
array('var' => 'mail_trackbacks',
'title' => USERCONF_SENDTRACKBACKS,
'description' => USERCONF_SENDTRACKBACKS_DESC,
'type' => 'bool',
'default' => true,
- 'userlevel' => USERLEVEL_EDITOR),
+ 'permission' => 'personalConfiguration'),
array('var' => 'no_create',
'title' => USERCONF_CREATE,
'description' => USERCONF_CREATE_DESC,
'type' => 'bool',
'default' => false,
- 'userlevel' => USERLEVEL_CHIEF,
+ 'permission' => 'personalConfigurationNoCreate',
'flags' => array('config')),
array('var' => 'right_publish',
'description' => USERCONF_ALLOWPUBLISH_DESC,
'type' => 'bool',
'default' => true,
- 'userlevel' => USERLEVEL_CHIEF),
+ 'permission' => 'personalConfigurationRightPublish')
));
$res['defaults'] =
'description' => '',
'type' => 'bool',
'default' => false,
- 'userlevel' => USERLEVEL_EDITOR,
+ 'permission' => 'personalConfiguration',
'flags' => array('config')),
array('var' => 'allowCommentsDefault',
'description' => '',
'type' => 'bool',
'default' => true,
- 'userlevel' => USERLEVEL_EDITOR,
+ 'permission' => 'personalConfiguration',
'flags' => array('config')),
array('var' => 'publishDefault',
'description' => '',
'type' => 'list',
'default' => array('publish' => PUBLISH, 'draft' => DRAFT),
- 'userlevel' => USERLEVEL_EDITOR,
+ 'permission' => 'personalConfiguration',
'flags' => array('config')),
));
@define('INSTALL_CAL', 'Calendar Type');
@define('INSTALL_CAL_DESC', 'Choose your desired Calendar format');
@define('REPLY', 'Reply');
+@define('USERCONF_GROUPS', 'Group Memberships');
+@define('USERCONF_GROUPS_DESC', 'This user is a member of the following groups. Multiple memberships are possible.');
+@define('MANAGE_GROUPS', 'Manage groups');
+@define('DELETED_GROUP', 'Group #%d %s deleted.');
+@define('CREATED_GROUP', 'A new group %s has been created');
+@define('MODIFIED_GROUP', 'The properties of group %s have been changed');
+@define('GROUP', 'Group');
+@define('CREATE_NEW_GROUP', 'Create new group');
+@define('DELETE_GROUP', 'You are about to delete group #%d %s. Are you serious?');
+@define('USERLEVEL_OBSOLETE', 'NOTICE: The userlevel attribute is now only used for backward compatibility to plugins and fallback authorisation. User privileges are now handled by group memberships!');
/* vim: set sts=4 ts=4 expandtab : */
?>
@define('INSTALL_CAL', 'Calendar Type');
@define('INSTALL_CAL_DESC', 'Choose your desired Calendar format');
@define('REPLY', 'Reply');
+@define('USERCONF_GROUPS', 'Group Memberships');
+@define('USERCONF_GROUPS_DESC', 'This user is a member of the following groups. Multiple memberships are possible.');
+@define('MANAGE_GROUPS', 'Manage groups');
+@define('DELETED_GROUP', 'Group #%d %s deleted.');
+@define('CREATED_GROUP', 'A new group %s has been created');
+@define('MODIFIED_GROUP', 'The properties of group %s have been changed');
+@define('GROUP', 'Group');
+@define('CREATE_NEW_GROUP', 'Create new group');
+@define('DELETE_GROUP', 'You are about to delete group #%d %s. Are you serious?');
+@define('USERLEVEL_OBSOLETE', 'NOTICE: The userlevel attribute is now only used for backward compatibility to plugins and fallback authorisation. User privileges are now handled by group memberships!');
/* vim: set sts=4 ts=4 expandtab : */
?>
@define('INSTALL_CAL', 'Calendar Type');
@define('INSTALL_CAL_DESC', 'Choose your desired Calendar format');
@define('REPLY', 'Reply');
+@define('USERCONF_GROUPS', 'Group Memberships');
+@define('USERCONF_GROUPS_DESC', 'This user is a member of the following groups. Multiple memberships are possible.');
+@define('MANAGE_GROUPS', 'Manage groups');
+@define('DELETED_GROUP', 'Group #%d %s deleted.');
+@define('CREATED_GROUP', 'A new group %s has been created');
+@define('MODIFIED_GROUP', 'The properties of group %s have been changed');
+@define('GROUP', 'Group');
+@define('CREATE_NEW_GROUP', 'Create new group');
+@define('DELETE_GROUP', 'You are about to delete group #%d %s. Are you serious?');
+@define('USERLEVEL_OBSOLETE', 'NOTICE: The userlevel attribute is now only used for backward compatibility to plugins and fallback authorisation. User privileges are now handled by group memberships!');
/* vim: set sts=4 ts=4 expandtab : */
?>
\ No newline at end of file
@define('INSTALL_CAL', 'Calendar Type');
@define('INSTALL_CAL_DESC', 'Choose your desired Calendar format');
@define('REPLY', 'Reply');
+@define('USERCONF_GROUPS', 'Group Memberships');
+@define('USERCONF_GROUPS_DESC', 'This user is a member of the following groups. Multiple memberships are possible.');
+@define('MANAGE_GROUPS', 'Manage groups');
+@define('DELETED_GROUP', 'Group #%d %s deleted.');
+@define('CREATED_GROUP', 'A new group %s has been created');
+@define('MODIFIED_GROUP', 'The properties of group %s have been changed');
+@define('GROUP', 'Group');
+@define('CREATE_NEW_GROUP', 'Create new group');
+@define('DELETE_GROUP', 'You are about to delete group #%d %s. Are you serious?');
+@define('USERLEVEL_OBSOLETE', 'NOTICE: The userlevel attribute is now only used for backward compatibility to plugins and fallback authorisation. User privileges are now handled by group memberships!');
/* vim: set sts=4 ts=4 expandtab : */
?>
\ No newline at end of file
@define('INSTALL_CAL', 'Calendar Type');
@define('INSTALL_CAL_DESC', 'Choose your desired Calendar format');
@define('REPLY', 'Reply');
+@define('USERCONF_GROUPS', 'Group Memberships');
+@define('USERCONF_GROUPS_DESC', 'This user is a member of the following groups. Multiple memberships are possible.');
+@define('MANAGE_GROUPS', 'Manage groups');
+@define('DELETED_GROUP', 'Group #%d %s deleted.');
+@define('CREATED_GROUP', 'A new group %s has been created');
+@define('MODIFIED_GROUP', 'The properties of group %s have been changed');
+@define('GROUP', 'Group');
+@define('CREATE_NEW_GROUP', 'Create new group');
+@define('DELETE_GROUP', 'You are about to delete group #%d %s. Are you serious?');
+@define('USERLEVEL_OBSOLETE', 'NOTICE: The userlevel attribute is now only used for backward compatibility to plugins and fallback authorisation. User privileges are now handled by group memberships!');
/* vim: set sts=4 ts=4 expandtab : */
?>
@define('INSTALL_CAL', 'Calendar Type');
@define('INSTALL_CAL_DESC', 'Choose your desired Calendar format');
@define('REPLY', 'Reply');
+@define('USERCONF_GROUPS', 'Group Memberships');
+@define('USERCONF_GROUPS_DESC', 'This user is a member of the following groups. Multiple memberships are possible.');
+@define('MANAGE_GROUPS', 'Manage groups');
+@define('DELETED_GROUP', 'Group #%d %s deleted.');
+@define('CREATED_GROUP', 'A new group %s has been created');
+@define('MODIFIED_GROUP', 'The properties of group %s have been changed');
+@define('GROUP', 'Group');
+@define('CREATE_NEW_GROUP', 'Create new group');
+@define('DELETE_GROUP', 'You are about to delete group #%d %s. Are you serious?');
+@define('USERLEVEL_OBSOLETE', 'NOTICE: The userlevel attribute is now only used for backward compatibility to plugins and fallback authorisation. User privileges are now handled by group memberships!');
/* vim: set sts=4 ts=4 expandtab : */
?>
@define('INSTALL_CAL', 'Calendar Type');
@define('INSTALL_CAL_DESC', 'Choose your desired Calendar format');
@define('REPLY', 'Reply');
+@define('USERCONF_GROUPS', 'Group Memberships');
+@define('USERCONF_GROUPS_DESC', 'This user is a member of the following groups. Multiple memberships are possible.');
+@define('MANAGE_GROUPS', 'Manage groups');
+@define('DELETED_GROUP', 'Group #%d %s deleted.');
+@define('CREATED_GROUP', 'A new group %s has been created');
+@define('MODIFIED_GROUP', 'The properties of group %s have been changed');
+@define('GROUP', 'Group');
+@define('CREATE_NEW_GROUP', 'Create new group');
+@define('DELETE_GROUP', 'You are about to delete group #%d %s. Are you serious?');
+@define('USERLEVEL_OBSOLETE', 'NOTICE: The userlevel attribute is now only used for backward compatibility to plugins and fallback authorisation. User privileges are now handled by group memberships!');
/* vim: set sts=4 ts=4 expandtab : */
?>
@define('INSTALL_CAL', 'Calendar Type');
@define('INSTALL_CAL_DESC', 'Choose your desired Calendar format');
@define('REPLY', 'Reply');
+@define('USERCONF_GROUPS', 'Group Memberships');
+@define('USERCONF_GROUPS_DESC', 'This user is a member of the following groups. Multiple memberships are possible.');
+@define('MANAGE_GROUPS', 'Manage groups');
+@define('DELETED_GROUP', 'Group #%d %s deleted.');
+@define('CREATED_GROUP', 'A new group %s has been created');
+@define('MODIFIED_GROUP', 'The properties of group %s have been changed');
+@define('GROUP', 'Group');
+@define('CREATE_NEW_GROUP', 'Create new group');
+@define('DELETE_GROUP', 'You are about to delete group #%d %s. Are you serious?');
+@define('USERLEVEL_OBSOLETE', 'NOTICE: The userlevel attribute is now only used for backward compatibility to plugins and fallback authorisation. User privileges are now handled by group memberships!');
/* vim: set sts=4 ts=4 expandtab : */
?>
\ No newline at end of file
@define('INSTALL_CAL', 'تقویم');
@define('INSTALL_CAL_DESC', 'نوع تقویم خود را انتخاب کنید');
@define('REPLY', 'Reply');
+@define('USERCONF_GROUPS', 'Group Memberships');
+@define('USERCONF_GROUPS_DESC', 'This user is a member of the following groups. Multiple memberships are possible.');
+@define('MANAGE_GROUPS', 'Manage groups');
+@define('DELETED_GROUP', 'Group #%d %s deleted.');
+@define('CREATED_GROUP', 'A new group %s has been created');
+@define('MODIFIED_GROUP', 'The properties of group %s have been changed');
+@define('GROUP', 'Group');
+@define('CREATE_NEW_GROUP', 'Create new group');
+@define('DELETE_GROUP', 'You are about to delete group #%d %s. Are you serious?');
+@define('USERLEVEL_OBSOLETE', 'NOTICE: The userlevel attribute is now only used for backward compatibility to plugins and fallback authorisation. User privileges are now handled by group memberships!');
/* vim: set sts=4 ts=4 expandtab : */
?>
@define('INSTALL_CAL', 'Calendar Type');
@define('INSTALL_CAL_DESC', 'Choose your desired Calendar format');
@define('REPLY', 'Reply');
+@define('USERCONF_GROUPS', 'Group Memberships');
+@define('USERCONF_GROUPS_DESC', 'This user is a member of the following groups. Multiple memberships are possible.');
+@define('MANAGE_GROUPS', 'Manage groups');
+@define('DELETED_GROUP', 'Group #%d %s deleted.');
+@define('CREATED_GROUP', 'A new group %s has been created');
+@define('MODIFIED_GROUP', 'The properties of group %s have been changed');
+@define('GROUP', 'Group');
+@define('CREATE_NEW_GROUP', 'Create new group');
+@define('DELETE_GROUP', 'You are about to delete group #%d %s. Are you serious?');
+@define('USERLEVEL_OBSOLETE', 'NOTICE: The userlevel attribute is now only used for backward compatibility to plugins and fallback authorisation. User privileges are now handled by group memberships!');
/* vim: set sts=4 ts=4 expandtab : */
?>
@define('INSTALL_CAL', 'Calendar Type');
@define('INSTALL_CAL_DESC', 'Choose your desired Calendar format');
@define('REPLY', 'Reply');
+@define('USERCONF_GROUPS', 'Group Memberships');
+@define('USERCONF_GROUPS_DESC', 'This user is a member of the following groups. Multiple memberships are possible.');
+@define('MANAGE_GROUPS', 'Manage groups');
+@define('DELETED_GROUP', 'Group #%d %s deleted.');
+@define('CREATED_GROUP', 'A new group %s has been created');
+@define('MODIFIED_GROUP', 'The properties of group %s have been changed');
+@define('GROUP', 'Group');
+@define('CREATE_NEW_GROUP', 'Create new group');
+@define('DELETE_GROUP', 'You are about to delete group #%d %s. Are you serious?');
+@define('USERLEVEL_OBSOLETE', 'NOTICE: The userlevel attribute is now only used for backward compatibility to plugins and fallback authorisation. User privileges are now handled by group memberships!');
/* vim: set sts=4 ts=4 expandtab : */
?>
\ No newline at end of file
@define('INSTALL_CAL', 'Calendar Type');
@define('INSTALL_CAL_DESC', 'Choose your desired Calendar format');
@define('REPLY', 'Reply');
+@define('USERCONF_GROUPS', 'Group Memberships');
+@define('USERCONF_GROUPS_DESC', 'This user is a member of the following groups. Multiple memberships are possible.');
+@define('MANAGE_GROUPS', 'Manage groups');
+@define('DELETED_GROUP', 'Group #%d %s deleted.');
+@define('CREATED_GROUP', 'A new group %s has been created');
+@define('MODIFIED_GROUP', 'The properties of group %s have been changed');
+@define('GROUP', 'Group');
+@define('CREATE_NEW_GROUP', 'Create new group');
+@define('DELETE_GROUP', 'You are about to delete group #%d %s. Are you serious?');
+@define('USERLEVEL_OBSOLETE', 'NOTICE: The userlevel attribute is now only used for backward compatibility to plugins and fallback authorisation. User privileges are now handled by group memberships!');
/* vim: set sts=4 ts=4 expandtab : */
?>
@define('INSTALL_CAL', 'Calendar Type');
@define('INSTALL_CAL_DESC', 'Choose your desired Calendar format');
@define('REPLY', 'Reply');
+@define('USERCONF_GROUPS', 'Group Memberships');
+@define('USERCONF_GROUPS_DESC', 'This user is a member of the following groups. Multiple memberships are possible.');
+@define('MANAGE_GROUPS', 'Manage groups');
+@define('DELETED_GROUP', 'Group #%d %s deleted.');
+@define('CREATED_GROUP', 'A new group %s has been created');
+@define('MODIFIED_GROUP', 'The properties of group %s have been changed');
+@define('GROUP', 'Group');
+@define('CREATE_NEW_GROUP', 'Create new group');
+@define('DELETE_GROUP', 'You are about to delete group #%d %s. Are you serious?');
+@define('USERLEVEL_OBSOLETE', 'NOTICE: The userlevel attribute is now only used for backward compatibility to plugins and fallback authorisation. User privileges are now handled by group memberships!');
/* vim: set sts=4 ts=4 expandtab : */
?>
@define('INSTALL_CAL', 'カレンダーの種類');
@define('INSTALL_CAL_DESC', 'Choose your desired Calendar format');
@define('REPLY', 'Reply');
+@define('USERCONF_GROUPS', 'Group Memberships');
+@define('USERCONF_GROUPS_DESC', 'This user is a member of the following groups. Multiple memberships are possible.');
+@define('MANAGE_GROUPS', 'Manage groups');
+@define('DELETED_GROUP', 'Group #%d %s deleted.');
+@define('CREATED_GROUP', 'A new group %s has been created');
+@define('MODIFIED_GROUP', 'The properties of group %s have been changed');
+@define('GROUP', 'Group');
+@define('CREATE_NEW_GROUP', 'Create new group');
+@define('DELETE_GROUP', 'You are about to delete group #%d %s. Are you serious?');
+@define('USERLEVEL_OBSOLETE', 'NOTICE: The userlevel attribute is now only used for backward compatibility to plugins and fallback authorisation. User privileges are now handled by group memberships!');
/* vim: set sts=4 ts=4 expandtab : */
?>
@define('INSTALL_CAL', 'Calendar Type');
@define('INSTALL_CAL_DESC', 'Choose your desired Calendar format');
@define('REPLY', 'Reply');
+@define('USERCONF_GROUPS', 'Group Memberships');
+@define('USERCONF_GROUPS_DESC', 'This user is a member of the following groups. Multiple memberships are possible.');
+@define('MANAGE_GROUPS', 'Manage groups');
+@define('DELETED_GROUP', 'Group #%d %s deleted.');
+@define('CREATED_GROUP', 'A new group %s has been created');
+@define('MODIFIED_GROUP', 'The properties of group %s have been changed');
+@define('GROUP', 'Group');
+@define('CREATE_NEW_GROUP', 'Create new group');
+@define('DELETE_GROUP', 'You are about to delete group #%d %s. Are you serious?');
+@define('USERLEVEL_OBSOLETE', 'NOTICE: The userlevel attribute is now only used for backward compatibility to plugins and fallback authorisation. User privileges are now handled by group memberships!');
/* vim: set sts=4 ts=4 expandtab : */
?>
@define('INSTALL_CAL', 'Calendar Type');
@define('INSTALL_CAL_DESC', 'Choose your desired Calendar format');
@define('REPLY', 'Reply');
+@define('USERCONF_GROUPS', 'Group Memberships');
+@define('USERCONF_GROUPS_DESC', 'This user is a member of the following groups. Multiple memberships are possible.');
+@define('MANAGE_GROUPS', 'Manage groups');
+@define('DELETED_GROUP', 'Group #%d %s deleted.');
+@define('CREATED_GROUP', 'A new group %s has been created');
+@define('MODIFIED_GROUP', 'The properties of group %s have been changed');
+@define('GROUP', 'Group');
+@define('CREATE_NEW_GROUP', 'Create new group');
+@define('DELETE_GROUP', 'You are about to delete group #%d %s. Are you serious?');
+@define('USERLEVEL_OBSOLETE', 'NOTICE: The userlevel attribute is now only used for backward compatibility to plugins and fallback authorisation. User privileges are now handled by group memberships!');
/* vim: set sts=4 ts=4 expandtab : */
?>
@define('INSTALL_CAL', 'Calendar Type');
@define('INSTALL_CAL_DESC', 'Choose your desired Calendar format');
@define('REPLY', 'Reply');
+@define('USERCONF_GROUPS', 'Group Memberships');
+@define('USERCONF_GROUPS_DESC', 'This user is a member of the following groups. Multiple memberships are possible.');
+@define('MANAGE_GROUPS', 'Manage groups');
+@define('DELETED_GROUP', 'Group #%d %s deleted.');
+@define('CREATED_GROUP', 'A new group %s has been created');
+@define('MODIFIED_GROUP', 'The properties of group %s have been changed');
+@define('GROUP', 'Group');
+@define('CREATE_NEW_GROUP', 'Create new group');
+@define('DELETE_GROUP', 'You are about to delete group #%d %s. Are you serious?');
+@define('USERLEVEL_OBSOLETE', 'NOTICE: The userlevel attribute is now only used for backward compatibility to plugins and fallback authorisation. User privileges are now handled by group memberships!');
?>
@define('INSTALL_CAL', 'Calendar Type');
@define('INSTALL_CAL_DESC', 'Choose your desired Calendar format');
@define('REPLY', 'Reply');
+@define('USERCONF_GROUPS', 'Group Memberships');
+@define('USERCONF_GROUPS_DESC', 'This user is a member of the following groups. Multiple memberships are possible.');
+@define('MANAGE_GROUPS', 'Manage groups');
+@define('DELETED_GROUP', 'Group #%d %s deleted.');
+@define('CREATED_GROUP', 'A new group %s has been created');
+@define('MODIFIED_GROUP', 'The properties of group %s have been changed');
+@define('GROUP', 'Group');
+@define('CREATE_NEW_GROUP', 'Create new group');
+@define('DELETE_GROUP', 'You are about to delete group #%d %s. Are you serious?');
+@define('USERLEVEL_OBSOLETE', 'NOTICE: The userlevel attribute is now only used for backward compatibility to plugins and fallback authorisation. User privileges are now handled by group memberships!');
/* vim: set sts=4 ts=4 expandtab : */
?>
@define('INSTALL_CAL', 'Calendar Type');
@define('INSTALL_CAL_DESC', 'Choose your desired Calendar format');
@define('REPLY', 'Reply');
+@define('USERCONF_GROUPS', 'Group Memberships');
+@define('USERCONF_GROUPS_DESC', 'This user is a member of the following groups. Multiple memberships are possible.');
+@define('MANAGE_GROUPS', 'Manage groups');
+@define('DELETED_GROUP', 'Group #%d %s deleted.');
+@define('CREATED_GROUP', 'A new group %s has been created');
+@define('MODIFIED_GROUP', 'The properties of group %s have been changed');
+@define('GROUP', 'Group');
+@define('CREATE_NEW_GROUP', 'Create new group');
+@define('DELETE_GROUP', 'You are about to delete group #%d %s. Are you serious?');
+@define('USERLEVEL_OBSOLETE', 'NOTICE: The userlevel attribute is now only used for backward compatibility to plugins and fallback authorisation. User privileges are now handled by group memberships!');
/* vim: set sts=4 ts=4 expandtab : */
?>
@define('INSTALL_CAL', 'Calendar Type');
@define('INSTALL_CAL_DESC', 'Choose your desired Calendar format');
@define('REPLY', 'Reply');
+@define('USERCONF_GROUPS', 'Group Memberships');
+@define('USERCONF_GROUPS_DESC', 'This user is a member of the following groups. Multiple memberships are possible.');
+@define('MANAGE_GROUPS', 'Manage groups');
+@define('DELETED_GROUP', 'Group #%d %s deleted.');
+@define('CREATED_GROUP', 'A new group %s has been created');
+@define('MODIFIED_GROUP', 'The properties of group %s have been changed');
+@define('GROUP', 'Group');
+@define('CREATE_NEW_GROUP', 'Create new group');
+@define('DELETE_GROUP', 'You are about to delete group #%d %s. Are you serious?');
+@define('USERLEVEL_OBSOLETE', 'NOTICE: The userlevel attribute is now only used for backward compatibility to plugins and fallback authorisation. User privileges are now handled by group memberships!');
/* vim: set sts=4 ts=4 expandtab : */
?>
@define('INSTALL_CAL', 'Calendar Type');\r
@define('INSTALL_CAL_DESC', 'Choose your desired Calendar format');\r
@define('REPLY', 'Reply');\r
+@define('USERCONF_GROUPS', 'Group Memberships');\r
+@define('USERCONF_GROUPS_DESC', 'This user is a member of the following groups. Multiple memberships are possible.');\r
+@define('MANAGE_GROUPS', 'Manage groups');\r
+@define('DELETED_GROUP', 'Group #%d %s deleted.');\r
+@define('CREATED_GROUP', 'A new group %s has been created');\r
+@define('MODIFIED_GROUP', 'The properties of group %s have been changed');\r
+@define('GROUP', 'Group');\r
+@define('CREATE_NEW_GROUP', 'Create new group');\r
+@define('DELETE_GROUP', 'You are about to delete group #%d %s. Are you serious?');\r
+@define('USERLEVEL_OBSOLETE', 'NOTICE: The userlevel attribute is now only used for backward compatibility to plugins and fallback authorisation. User privileges are now handled by group memberships!');\r
\r
/* vim: set sts=4 ts=4 expandtab : */\r
?>
\ No newline at end of file
@define('INSTALL_CAL', 'Calendar Type');
@define('INSTALL_CAL_DESC', 'Choose your desired Calendar format');
@define('REPLY', 'Reply');
+@define('USERCONF_GROUPS', 'Group Memberships');
+@define('USERCONF_GROUPS_DESC', 'This user is a member of the following groups. Multiple memberships are possible.');
+@define('MANAGE_GROUPS', 'Manage groups');
+@define('DELETED_GROUP', 'Group #%d %s deleted.');
+@define('CREATED_GROUP', 'A new group %s has been created');
+@define('MODIFIED_GROUP', 'The properties of group %s have been changed');
+@define('GROUP', 'Group');
+@define('CREATE_NEW_GROUP', 'Create new group');
+@define('DELETE_GROUP', 'You are about to delete group #%d %s. Are you serious?');
+@define('USERLEVEL_OBSOLETE', 'NOTICE: The userlevel attribute is now only used for backward compatibility to plugins and fallback authorisation. User privileges are now handled by group memberships!');
/* vim: set sts=4 ts=4 expandtab : */
?>
@define('INSTALL_CAL', 'Calendar Type');
@define('INSTALL_CAL_DESC', 'Choose your desired Calendar format');
@define('REPLY', 'Reply');
+@define('USERCONF_GROUPS', 'Group Memberships');
+@define('USERCONF_GROUPS_DESC', 'This user is a member of the following groups. Multiple memberships are possible.');
+@define('MANAGE_GROUPS', 'Manage groups');
+@define('DELETED_GROUP', 'Group #%d %s deleted.');
+@define('CREATED_GROUP', 'A new group %s has been created');
+@define('MODIFIED_GROUP', 'The properties of group %s have been changed');
+@define('GROUP', 'Group');
+@define('CREATE_NEW_GROUP', 'Create new group');
+@define('DELETE_GROUP', 'You are about to delete group #%d %s. Are you serious?');
+@define('USERLEVEL_OBSOLETE', 'NOTICE: The userlevel attribute is now only used for backward compatibility to plugins and fallback authorisation. User privileges are now handled by group memberships!');
?>
@define('INSTALL_CAL', 'Calendar Type');
@define('INSTALL_CAL_DESC', 'Choose your desired Calendar format');
@define('REPLY', 'Reply');
+@define('USERCONF_GROUPS', 'Group Memberships');
+@define('USERCONF_GROUPS_DESC', 'This user is a member of the following groups. Multiple memberships are possible.');
+@define('MANAGE_GROUPS', 'Manage groups');
+@define('DELETED_GROUP', 'Group #%d %s deleted.');
+@define('CREATED_GROUP', 'A new group %s has been created');
+@define('MODIFIED_GROUP', 'The properties of group %s have been changed');
+@define('GROUP', 'Group');
+@define('CREATE_NEW_GROUP', 'Create new group');
+@define('DELETE_GROUP', 'You are about to delete group #%d %s. Are you serious?');
+@define('USERLEVEL_OBSOLETE', 'NOTICE: The userlevel attribute is now only used for backward compatibility to plugins and fallback authorisation. User privileges are now handled by group memberships!');
/* vim: set sts=4 ts=4 expandtab : */
?>
@define('PLUGIN_EVENT_ENTRYPROPERTIES_STICKYPOSTS', 'Dauerhafte Artikel');
@define('PLUGIN_EVENT_ENTRYPROPERTIES_ACCESS', 'Artikel können gelesen werden von');
@define('PLUGIN_EVENT_ENTRYPROPERTIES_ACCESS_PRIVATE', 'mir selbst');
- @define('PLUGIN_EVENT_ENTRYPROPERTIES_ACCESS_MEMBER', 'Co-Autoren');
+ @define('PLUGIN_EVENT_ENTRYPROPERTIES_ACCESS_MEMBERS', 'Co-Autoren');
@define('PLUGIN_EVENT_ENTRYPROPERTIES_ACCESS_PUBLIC', 'allen');
@define('PLUGIN_EVENT_ENTRYPROPERTIES_CACHE', 'Artikel cachen?');
@define('PLUGIN_EVENT_ENTRYPROPERTIES_CACHE_DESC', 'Falls diese Option aktiviert ist, wird eine Cache-Version des Artikels gespeichert. Dieses Caching wird zwar die Performance erhöhen, aber Flexibilität anderer Plugins eventuell einschränken.');
@define('PLUGIN_EVENT_ENTRYPROPERTIES_CACHE_TOTAL', ' (insgesamt %d Artikel vorhanden)...');
@define('PLUGIN_EVENT_ENTRYPROPERTIES_NL2BR', 'Automatischen Zeilenumbruch deaktivieren');
@define('PLUGIN_EVENT_ENTRYPROPERTIES_NO_FRONTPAGE', 'Nicht in Artikelübersicht zeigen');
+ @define('PLUGIN_EVENT_ENTRYPROPERTIES_GROUPS', 'Leserechte auf Gruppen beschränken');
+ @define('PLUGIN_EVENT_ENTRYPROPERTIES_GROUPS_DESC', 'Wenn aktiviert, können Leserechte abhängig von Gruppen vergeben werden. Dies wirkt sich auf die Performance der Artikelübersicht stark aus. Aktivieren Sie die Option daher nur, wenn Sie sie wirklich benötigen.');
break;
case 'en':
@define('PLUGIN_EVENT_ENTRYPROPERTIES_STICKYPOSTS', 'Mark this entry as a Sticky Post');
@define('PLUGIN_EVENT_ENTRYPROPERTIES_ACCESS', 'Entries can be read by');
@define('PLUGIN_EVENT_ENTRYPROPERTIES_ACCESS_PRIVATE', 'Myself');
- @define('PLUGIN_EVENT_ENTRYPROPERTIES_ACCESS_MEMBER', 'Co-authors');
+ @define('PLUGIN_EVENT_ENTRYPROPERTIES_ACCESS_MEMBERS', 'Co-authors');
@define('PLUGIN_EVENT_ENTRYPROPERTIES_ACCESS_PUBLIC', 'Everyone');
@define('PLUGIN_EVENT_ENTRYPROPERTIES_CACHE', 'Allow to cache entries?');
@define('PLUGIN_EVENT_ENTRYPROPERTIES_CACHE_DESC', 'If enabled, a cached version will be generated on every saving. Caching will increase performance, but maybe decrease flexibility for other plugins.');
@define('PLUGIN_EVENT_ENTRYPROPERTIES_CACHE_TOTAL', ' (totalling %d entries)...');
@define('PLUGIN_EVENT_ENTRYPROPERTIES_NL2BR', 'Disable nl2br');
@define('PLUGIN_EVENT_ENTRYPROPERTIES_NO_FRONTPAGE', 'Hide from article overview / frontpage');
+ @define('PLUGIN_EVENT_ENTRYPROPERTIES_GROUPS', 'Use group-based restrictions');
+ @define('PLUGIN_EVENT_ENTRYPROPERTIES_GROUPS_DESC', 'If enabled, you can define which users of a usergroup may be able to read entries. This option has a large impact on the performance of your article overview. Only enable this if you are really going to use this feature.');
break;
}
$propbag->add('description', PLUGIN_EVENT_ENTRYPROPERTIES_DESC);
$propbag->add('stackable', false);
$propbag->add('author', 'Garvin Hicking');
- $propbag->add('version', '1.1');
+ $propbag->add('version', '1.2');
$propbag->add('requirements', array(
'serendipity' => '0.8',
'smarty' => '2.6.7',
'frontend_entryproperties_query' => true
));
- $propbag->add('configuration', array('cache', 'default_read'));
+ $propbag->add('configuration', array('cache', 'use_groups', 'default_read'));
}
function introspect_config_item($name, &$propbag)
$propbag->add('name', USE_DEFAULT . ': ' . PLUGIN_EVENT_ENTRYPROPERTIES_ACCESS);
$propbag->add('description', '');
$propbag->add('radio', array(
- 'value' => array('private', 'member', 'public'),
- 'desc' => array(PLUGIN_EVENT_ENTRYPROPERTIES_ACCESS_PRIVATE, PLUGIN_EVENT_ENTRYPROPERTIES_ACCESS_MEMBER, PLUGIN_EVENT_ENTRYPROPERTIES_ACCESS_PUBLIC)
+ 'value' => array('private', 'public', 'member'),
+ 'desc' => array(PLUGIN_EVENT_ENTRYPROPERTIES_ACCESS_PRIVATE, PLUGIN_EVENT_ENTRYPROPERTIES_ACCESS_PUBLIC, PLUGIN_EVENT_ENTRYPROPERTIES_ACCESS_MEMBERS)
));
$propbag->add('default', 'public');
$propbag->add('radio_per_row', '1');
break;
+ case 'use_groups':
+ $propbag->add('type', 'boolean');
+ $propbag->add('name', PLUGIN_EVENT_ENTRYPROPERTIES_GROUPS);
+ $propbag->add('description', PLUGIN_EVENT_ENTRYPROPERTIES_GROUPS_DESC);
+ $propbag->add('default', 'false');
+ break;
+
case 'cache':
$propbag->add('type', 'boolean');
$propbag->add('name', PLUGIN_EVENT_ENTRYPROPERTIES_CACHE);
}
function getSupportedProperties() {
- static $supported_properties = array('is_sticky', 'access', 'cache_body', 'cache_extended', 'no_nl2br', 'no_frontpage');
+ static $supported_properties = array('is_sticky', 'access', 'access_groups', 'cache_body', 'cache_extended', 'no_nl2br', 'no_frontpage');
return $supported_properties;
}
foreach($supported_properties AS $prop_key) {
$prop_val = (isset($properties[$prop_key]) ? $properties[$prop_key] : null);
$prop_key = 'ep_' . $prop_key;
- if (!isset($property[$prop_key]) && !empty($prop_val)) {
- $q = "INSERT INTO {$serendipity['dbPrefix']}entryproperties (entryid, property, value) VALUES (" . (int)$eventData['id'] . ", '" . serendipity_db_escape_string($prop_key) . "', '" . serendipity_db_escape_string($prop_val) . "')";
- } elseif ($property[$propkey] != $prop_val && !empty($prop_val)) {
- $q = "UPDATE {$serendipity['dbPrefix']}entryproperties SET value = '" . serendipity_db_escape_string($prop_val) . "' WHERE entryid = " . (int)$eventData['id'] . " AND property = '" . serendipity_db_escape_string($prop_key) . "'";
- } else {
- $q = "DELETE FROM {$serendipity['dbPrefix']}entryproperties WHERE entryid = " . (int)$eventData['id'] . " AND property = '" . serendipity_db_escape_string($prop_key) . "'";
+
+ if (is_array($prop_val)) {
+ $prop_val = ";" . implode(';', $prop_val) . ";";
}
-
+
+ $q = "DELETE FROM {$serendipity['dbPrefix']}entryproperties WHERE entryid = " . (int)$eventData['id'] . " AND property = '" . serendipity_db_escape_string($prop_key) . "'";
serendipity_db_query($q);
+
+ if (!isset($property[$prop_key]) && !empty($prop_val) || $property[$propkey] != $prop_val && !empty($prop_val)) {
+ $q = "INSERT INTO {$serendipity['dbPrefix']}entryproperties (entryid, property, value) VALUES (" . (int)$eventData['id'] . ", '" . serendipity_db_escape_string($prop_key) . "', '" . serendipity_db_escape_string($prop_val) . "')";
+ serendipity_db_query($q);
+ }
}
}
$hooks = &$bag->get('event_hooks');
$is_cache = serendipity_db_bool($this->get_config('cache', 'true'));
+ $use_groups = serendipity_db_bool($this->get_config('use_groups'));
+
if (isset($hooks[$event])) {
switch($event) {
case 'frontend_entryproperties_query':
$access_values = array(
PLUGIN_EVENT_ENTRYPROPERTIES_ACCESS_PRIVATE => 'private',
- PLUGIN_EVENT_ENTRYPROPERTIES_ACCESS_MEMBER => 'member',
PLUGIN_EVENT_ENTRYPROPERTIES_ACCESS_PUBLIC => 'public',
+ PLUGIN_EVENT_ENTRYPROPERTIES_ACCESS_MEMBERS => 'member',
);
if (isset($eventData['properties']['ep_access'])) {
} else {
$access = $this->get_config('default_read', 'public');
}
+
+ if (isset($eventData['properties']['ep_access_groups'])) {
+ $access_groups = explode(';', $eventData['properties']['ep_access_groups']);
+ } elseif (isset($serendipity['POST']['properties']['access_groups'])) {
+ $access_groups = $serendipity['POST']['properties']['access_groups'];
+ } else {
+ $access_groups = array();
+ }
?>
<fieldset style="margin: 5px">
<legend><?php echo PLUGIN_EVENT_ENTRYPROPERTIES_TITLE; ?></legend>
<?php } ?>
- <?php echo PLUGIN_EVENT_ENTRYPROPERTIES_ACCESS; ?>:
+ <br />
+ <?php echo PLUGIN_EVENT_ENTRYPROPERTIES_ACCESS; ?>:<br />
+ <div style="margin-left: 10px">
<?php
foreach($access_values AS $radio_title => $radio_value) {
?>
<label title="<?php echo $radio_title; ?>" for="properties_access_<?php echo $radio_value; ?>"> <?php echo $radio_title; ?> </label>
<?php
}
+
+ if ($use_groups) {
+ $my_groups = serendipity_getGroups($serendipity['authorid']);
+?>
+ <br /><select onchange="document.getElementById('properties_access_member').checked = true;" style="margin-left: 5px" multiple="multiple" name="serendipity[properties][access_groups][]" size="4">
+<?php
+ foreach($my_groups AS $group) {
+?>
+ <option value="<?php echo $group['id']; ?>" <?php echo (in_array($group['id'], $access_groups) ? 'selected="selected"' : ''); ?>><?php echo htmlspecialchars($group['name']); ?></option>
+<?php
+ }
+ }
?>
+ </select>
+ </div>
<br />
</fieldset>
<?php
$serendipity['POST']['properties']['cache_body'] = $eventData['body'];
$serendipity['POST']['properties']['cache_extended'] = $eventData['extended'];
}
+
+ if (is_array($serendipity['POST']['properties']['access_groups']) && $serendipity['POST']['properties']['access'] != 'member') {
+ unset($serendipity['POST']['properties']['access_groups']);
+ }
$this->addProperties($serendipity['POST']['properties'], $eventData);
$conds = array();
if ($_SESSION['serendipityAuthedUser'] === true) {
$conds[] = " (ep_access.property IS NULL OR ep_access.value = 'member' OR ep_access.value = 'public' OR (ep_access.value = 'private' AND e.authorid = " . (int)$serendipity['authorid'] . ")) ";
+
+ if ($use_groups) {
+ $mygroups = serendipity_checkPermission(null, null, true);
+ $groupcond = array();
+ foreach($mygroups AS $mygroup) {
+ $groupcond[] .= "ep_access_groups.value LIKE '%;$mygroup;%'";
+ }
+ $conds[] = " (ep_access_groups.property IS NULL OR ep_access.value = 'member' AND (" . implode(' OR ', $groupcond) . "))";
+ }
} else {
$conds[] = " (ep_access.property IS NULL OR ep_access.value = 'public') ";
}
}
$joins[] = "LEFT OUTER JOIN {$serendipity['dbPrefix']}entryproperties ep_access
ON (e.id = ep_access.entryid AND ep_access.property = 'ep_access')";
+ if ($use_groups) {
+ $joins[] = "LEFT OUTER JOIN {$serendipity['dbPrefix']}entryproperties ep_access_groups
+ ON (e.id = ep_access_groups.entryid AND ep_access_groups.property = 'ep_access_groups')";
+ }
if (!isset($addData['noSticky']) || $addData['noSticky'] !== true) {
$joins[] = "LEFT JOIN {$serendipity['dbPrefix']}entryproperties ep_sticky
if (isset($hooks[$event])) {
switch($event) {
case 'backend_sidebar_entries':
- // if ($serendipity['serendipityUserlevel'] >= USERLEVEL_EDITOR) {
?>
<li><a href="?serendipity[adminModule]=event_display&serendipity[adminAction]=statistics"><?php echo PLUGIN_EVENT_STATISTICS_NAME; ?></a></li>
<?php
- // }
break;
<td id="serendipitySideBar">
<ul class="serendipitySideBarMenu">
<li><a href="serendipity_admin.php"><?php echo ADMIN_FRONTPAGE; ?></a></li>
+<?php if (serendipity_checkPermission('personalConfiguration')) { ?>
<li><a href="serendipity_admin.php?serendipity[adminModule]=personal"><?php echo PERSONAL_SETTINGS; ?></a></li>
+<?php } ?>
</ul>
<br />
-<?php if (!$serendipity['no_create']) { ?>
+<?php if (serendipity_checkPermission('adminEntries')) { ?>
<ul class="serendipitySideBarMenu">
<li class="serendipitySideBarMenuHead"><?php echo ADMIN_ENTRIES ?></li>
<li><a href="serendipity_admin.php?serendipity[adminModule]=entries&serendipity[adminAction]=new"><?php echo NEW_ENTRY; ?></a></li>
<li><a href="serendipity_admin.php?serendipity[adminModule]=entries&serendipity[adminAction]=editSelect"><?php echo EDIT_ENTRIES; ?></a></li>
+<?php if (serendipity_checkPermission('adminComments')) { ?>
<li><a href="serendipity_admin.php?serendipity[adminModule]=comments"><?php echo COMMENTS; ?></a></li>
+<?php } ?>
+<?php if (serendipity_checkPermission('adminCategories')) { ?>
<li><a href="serendipity_admin.php?serendipity[adminModule]=category&serendipity[adminAction]=view"><?php echo CATEGORIES; ?></a></li>
+<?php } ?>
<?php serendipity_plugin_api::hook_event('backend_sidebar_entries', $serendipity); ?>
</ul>
<?php } ?>
-<?php if (!$serendipity['no_create']) { ?>
+<?php if (serendipity_checkPermission('adminImages')) { ?>
<ul class="serendipitySideBarMenu">
<li class="serendipitySideBarMenuHead"><?php echo MEDIA; ?></li>
+<?php if (serendipity_checkPermission('adminImagesAdd')) { ?>
<li><a href="serendipity_admin.php?serendipity[adminModule]=media&serendipity[adminAction]=addSelect"><?php echo ADD_MEDIA; ?></a></li>
+<?php } ?>
+<?php if (serendipity_checkPermission('adminImagesView')) { ?>
<li><a href="serendipity_admin.php?serendipity[adminModule]=media"><?php echo MEDIA_LIBRARY; ?></a></li>
- <?php if ($serendipity['serendipityUserlevel'] >= USERLEVEL_CHIEF) { ?>
+<?php } ?>
+<?php if (serendipity_checkPermission('adminImagesDirectories')) { ?>
<li><a href="serendipity_admin.php?serendipity[adminModule]=media&serendipity[adminAction]=directorySelect"><?php echo MANAGE_DIRECTORIES; ?></a></li>
- <?php } ?>
+<?php } ?>
+<?php if (serendipity_checkPermission('adminImagesSync')) { ?>
<li><a href="serendipity_admin.php?serendipity[adminModule]=media&serendipity[adminAction]=sync" onclick="return confirm('<?php echo WARNING_THIS_BLAHBLAH; ?>');"><?php echo CREATE_THUMBS; ?></a></li>
+<?php } ?>
<?php serendipity_plugin_api::hook_event('backend_sidebar_entries_images', $serendipity); ?>
</ul>
<?php } ?>
-<?php if ($serendipity['serendipityUserlevel'] >= USERLEVEL_CHIEF) { ?>
+<?php if (serendipity_checkPermission('adminTemplates') || serendipity_checkPermission('adminPlugins')) { ?>
<ul class="serendipitySideBarMenu">
<li class="serendipitySideBarMenuHead"><?php echo APPEARANCE; ?></li>
+<?php if (serendipity_checkPermission('adminTemplates')) { ?>
<li><a href="serendipity_admin.php?serendipity[adminModule]=templates"><?php echo MANAGE_STYLES; ?></a></li>
+<?php } ?>
+<?php if (serendipity_checkPermission('adminPlugins')) { ?>
<li><a href="serendipity_admin.php?serendipity[adminModule]=plugins"><?php echo CONFIGURE_PLUGINS; ?></a></li>
+<?php } ?>
<?php serendipity_plugin_api::hook_event('backend_sidebar_admin_appearance', $serendipity); ?>
</ul>
<?php } ?>
+<?php if (serendipity_checkPermission('siteConfiguration') || serendipity_checkPermission('blogConfiguration') || serendipity_checkPermission('adminUsers') || serendipity_checkPermission('adminUsersGroups') || serendipity_checkPermission('adminImport')) { ?>
<ul class="serendipitySideBarMenu">
<li class="serendipitySideBarMenuHead"><?php echo ADMIN; ?></li>
- <?php if ($serendipity['serendipityUserlevel'] >= USERLEVEL_CHIEF) { ?>
+<?php if (serendipity_checkPermission('siteConfiguration') || serendipity_checkPermission('blogConfiguration')) { ?>
<li><a href="serendipity_admin.php?serendipity[adminModule]=configuration"><?php echo CONFIGURATION; ?></a></li>
- <?php } ?>
- <?php if ($serendipity['serendipityUserlevel'] >= USERLEVEL_CHIEF) { ?>
+<?php } ?>
+<?php if (serendipity_checkPermission('adminUsers')) { ?>
<li><a href="serendipity_admin.php?serendipity[adminModule]=users"><?php echo MANAGE_USERS; ?></a></li>
- <?php } ?>
- <?php if (!$serendipity['no_create']) { ?>
+<?php } ?>
+<?php if (serendipity_checkPermission('adminUsersGroups')) { ?>
+ <li><a href="serendipity_admin.php?serendipity[adminModule]=groups"><?php echo MANAGE_GROUPS; ?></a></li>
+<?php } ?>
+<?php if (serendipity_checkPermission('adminImport')) { ?>
<li><a href="serendipity_admin.php?serendipity[adminModule]=import"><?php echo IMPORT_ENTRIES; ?></a></li>
<li><a href="serendipity_admin.php?serendipity[adminModule]=export"><?php echo EXPORT_ENTRIES; ?></a></li>
- <?php } ?>
+<?php } ?>
<?php serendipity_plugin_api::hook_event('backend_sidebar_admin', $serendipity); ?>
</ul>
+<?php } ?>
<br />
<ul class="serendipitySideBarMenu">
<li><a href="<?php echo $serendipity['baseURL']; ?>"><?php echo BACK_TO_BLOG; ?></a></li>
switch($serendipity['GET']['adminModule']) {
case 'installer':
case 'configuration':
+ if (!serendipity_checkPermission('siteConfiguration') && !serendipity_checkPermission('blogConfiguration')) {
+ break;
+ }
+
include S9Y_INCLUDE_PATH . 'include/admin/configuration.inc.php';
break;
case 'media':
case 'images':
+ if (!serendipity_checkPermission('adminImages')) {
+ break;
+ }
+
include S9Y_INCLUDE_PATH . 'include/admin/images.inc.php';
break;
case 'templates':
+ if (!serendipity_checkPermission('adminTemplates')) {
+ break;
+ }
+
include S9Y_INCLUDE_PATH . 'include/admin/templates.inc.php';
break;
case 'plugins':
+ if (!serendipity_checkPermission('adminPlugins')) {
+ break;
+ }
+
include S9Y_INCLUDE_PATH . 'include/admin/plugins.inc.php';
break;
case 'users':
+ if (!serendipity_checkPermission('adminUsers')) {
+ break;
+ }
+
include S9Y_INCLUDE_PATH . 'include/admin/users.inc.php';
break;
+ case 'groups':
+ if (!serendipity_checkPermission('adminUsersGroups')) {
+ break;
+ }
+
+ include S9Y_INCLUDE_PATH . 'include/admin/groups.inc.php';
+ break;
+
case 'personal':
+ if (!serendipity_checkPermission('personalConfiguration')) {
+ break;
+ }
+
include S9Y_INCLUDE_PATH . 'include/admin/personal.inc.php';
break;
case 'export':
+ if (!serendipity_checkPermission('adminImport')) {
+ break;
+ }
+
include S9Y_INCLUDE_PATH . 'include/admin/export.inc.php';
break;
case 'import':
+ if (!serendipity_checkPermission('adminImport')) {
+ break;
+ }
+
include S9Y_INCLUDE_PATH . 'include/admin/import.inc.php';
break;
case 'entries':
+ if (!serendipity_checkPermission('adminEntries')) {
+ break;
+ }
+
include S9Y_INCLUDE_PATH . 'include/admin/entries.inc.php';
break;
case 'comments':
+ if (!serendipity_checkPermission('adminComments')) {
+ break;
+ }
+
include S9Y_INCLUDE_PATH . 'include/admin/comments.inc.php';
break;
case 'category':
case 'categories':
+ if (!serendipity_checkPermission('adminCategories')) {
+ break;
+ }
+
include S9Y_INCLUDE_PATH . 'include/admin/category.inc.php';
break;
include_once(S9Y_INCLUDE_PATH . 'include/compat.inc.php');
// The version string
-$serendipity['version'] = '0.9-alpha2';
+$serendipity['version'] = '0.9-alpha3';
// Name of folder for the default theme
$serendipity['defaultTemplate'] = 'default';
right_publish int(1) default '1'
);
+create table {PREFIX}groups (
+ id {AUTOINCREMENT} {PRIMARY},
+ name varchar(64) default null
+);
+
+create table {PREFIX}groupconfig (
+ id int(10) {UNSIGNED} not null default '0',
+ property varchar(64) default null,
+ value varchar(128) default null
+);
+
+CREATE INDEX groupid_idx ON {PREFIX}groupconfig (id);
+CREATE INDEX groupprop_idx ON {PREFIX}groupconfig (id, property);
+
+create table {PREFIX}authorgroups (
+ groupid int(10) {UNSIGNED} not null default '0',
+ authorid int(10) {UNSIGNED} not null default '0'
+);
+
+CREATE INDEX authorgroup_idxA ON {PREFIX}authorgroups (groupid);
+CREATE INDEX authorgroup_idxB ON {PREFIX}authorgroups (authorid);
+
#
# table structure for table '{PREFIX}comments'
#
--- /dev/null
+create table {PREFIX}groups (
+ id {AUTOINCREMENT} {PRIMARY},
+ name varchar(64) default null
+);
+
+create table {PREFIX}groupconfig (
+ id int(10) {UNSIGNED} not null default '0',
+ property varchar(64) default null,
+ value varchar(128) default null
+);
+
+CREATE INDEX groupid_idx ON {PREFIX}groupconfig (id);
+CREATE INDEX groupprop_idx ON {PREFIX}groupconfig (id, property);
+
+create table {PREFIX}authorgroups (
+ groupid int(10) {UNSIGNED} not null default '0',
+ authorid int(10) {UNSIGNED} not null default '0'
+);
+
+CREATE INDEX authorgroup_idxA ON {PREFIX}authorgroups (groupid);
+CREATE INDEX authorgroup_idxB ON {PREFIX}authorgroups (authorid);
projects / s9y.git / commitdiff