From 8ea4a3d18ee4a9112b23926122b17bba5bf93fc1 Mon Sep 17 00:00:00 2001 From: garvinhicking Date: Fri, 9 Sep 2005 12:09:12 +0000 Subject: [PATCH] Support category read/write permissions: http://blog.s9y.org/archives/63-Category-ReadWrite-Permissions.html --- docs/NEWS | 12 +- include/admin/category.inc.php | 72 +++++++-- include/admin/users.inc.php | 2 +- include/functions_config.inc.php | 145 +++++++++++++++++- include/functions_entries.inc.php | 33 +++- include/tpl/config_local.inc.php | 7 + lang/UTF-8/serendipity_lang_bg.inc.php | 6 + lang/UTF-8/serendipity_lang_cn.inc.php | 6 + lang/UTF-8/serendipity_lang_cs.inc.php | 6 + lang/UTF-8/serendipity_lang_cz.inc.php | 6 + lang/UTF-8/serendipity_lang_da.inc.php | 6 + lang/UTF-8/serendipity_lang_de.inc.php | 8 +- lang/UTF-8/serendipity_lang_en.inc.php | 6 + lang/UTF-8/serendipity_lang_es.inc.php | 6 + lang/UTF-8/serendipity_lang_fa.inc.php | 6 + lang/UTF-8/serendipity_lang_fi.inc.php | 6 + lang/UTF-8/serendipity_lang_fr.inc.php | 6 + lang/UTF-8/serendipity_lang_hu.inc.php | 6 + lang/UTF-8/serendipity_lang_is.inc.php | 6 + lang/UTF-8/serendipity_lang_it.inc.php | 6 + lang/UTF-8/serendipity_lang_ja.inc.php | 6 + lang/UTF-8/serendipity_lang_ko.inc.php | 6 + lang/UTF-8/serendipity_lang_nl.inc.php | 6 + lang/UTF-8/serendipity_lang_no.inc.php | 6 + lang/UTF-8/serendipity_lang_pt.inc.php | 6 + lang/UTF-8/serendipity_lang_pt_PT.inc.php | 6 + lang/UTF-8/serendipity_lang_ro.inc.php | 6 + lang/UTF-8/serendipity_lang_ru.inc.php | 6 + lang/UTF-8/serendipity_lang_se.inc.php | 6 + lang/UTF-8/serendipity_lang_tn.inc.php | 6 + lang/UTF-8/serendipity_lang_tw.inc.php | 7 +- lang/UTF-8/serendipity_lang_zh.inc.php | 6 + lang/addlang.txt | 3 +- lang/serendipity_lang_bg.inc.php | 6 + lang/serendipity_lang_cn.inc.php | 6 + lang/serendipity_lang_cs.inc.php | 6 + lang/serendipity_lang_cz.inc.php | 6 + lang/serendipity_lang_da.inc.php | 6 + lang/serendipity_lang_de.inc.php | 6 + lang/serendipity_lang_en.inc.php | 6 + lang/serendipity_lang_es.inc.php | 6 + lang/serendipity_lang_fa.inc.php | 6 + lang/serendipity_lang_fi.inc.php | 6 + lang/serendipity_lang_fr.inc.php | 6 + lang/serendipity_lang_hu.inc.php | 6 + lang/serendipity_lang_is.inc.php | 6 + lang/serendipity_lang_it.inc.php | 6 + lang/serendipity_lang_ja.inc.php | 6 + lang/serendipity_lang_ko.inc.php | 6 + lang/serendipity_lang_nl.inc.php | 6 + lang/serendipity_lang_no.inc.php | 6 + lang/serendipity_lang_pt.inc.php | 6 + lang/serendipity_lang_pt_PT.inc.php | 6 + lang/serendipity_lang_ro.inc.php | 6 + lang/serendipity_lang_ru.inc.php | 6 + lang/serendipity_lang_se.inc.php | 6 + lang/serendipity_lang_tn.inc.php | 6 + lang/serendipity_lang_tw.inc.php | 7 +- lang/serendipity_lang_zh.inc.php | 6 + .../serendipity_event_entryproperties.php | 28 ++-- serendipity_config.inc.php | 2 +- sql/db.sql | 13 ++ sql/db_update_0.9-alpha4_0.9-alpha5_mysql.sql | 12 ++ 63 files changed, 600 insertions(+), 45 deletions(-) create mode 100644 sql/db_update_0.9-alpha4_0.9-alpha5_mysql.sql diff --git a/docs/NEWS b/docs/NEWS index 291ca77..e91cfbc 100644 --- a/docs/NEWS +++ b/docs/NEWS @@ -3,6 +3,9 @@ Version 0.9 () ------------------------------------------------------------------------ + * Read/Write permissions for user-groups for specific categories. + (garvinhicking) + * Fix "DATA_TRACKBACK_APPROVED" showing of constants when approving trackbacks/comments instead of the properly formatted message. (Would've required a template change for a "pretty solution", but @@ -139,15 +142,6 @@ Version 0.9 () * Introduce permission groups with customizable permission sets. (garvinhicking) - This Feature is currently declared "unstable" and will definitely - need finetuning before it usable in restricted environments. - TODO: - * Check Plugins like loginform, adduser to use group-functionality. - * Get rid of as many obsolete userlevel checks in the Admin user/groups - panel. - * Chief editors may not join Admin group if forbidden? - * Chief editors may not enter siteConfiguration if forbidden? - * Make bblog importer recognize trackbacks. Thanks to Hanno! * Spartacus plugin can now properly handle plugins which contain both diff --git a/include/admin/category.inc.php b/include/admin/category.inc.php index 4af3e99..54f5671 100644 --- a/include/admin/category.inc.php +++ b/include/admin/category.inc.php @@ -16,7 +16,13 @@ $admin_category = (!serendipity_checkPermission('adminCategoriesMaintainOthers') if (isset($_POST['SAVE'])) { $name = $serendipity['POST']['cat']['name']; $desc = $serendipity['POST']['cat']['description']; - $authorid = (isset($serendipity['POST']['cat']['all_authors']) && $serendipity['POST']['cat']['all_authors'] == 'true') ? 0 : $serendipity['authorid']; + + if (in_array(0, $serendipity['POST']['cat']['write_authors'])) { + $authorid = 0; + } else { + $authorid = $serendipity['authorid']; + } + $icon = $serendipity['POST']['cat']['icon']; $parentid = (isset($serendipity['POST']['cat']['parent_cat']) && is_numeric($serendipity['POST']['cat']['parent_cat'])) ? $serendipity['POST']['cat']['parent_cat'] : 0; @@ -36,7 +42,10 @@ if (isset($_POST['SAVE'])) { if ( $sql ) { echo '
'. sprintf(CATEGORY_ALREADY_EXIST, htmlspecialchars($name)) .'
'; } else { - serendipity_addCategory($name, $desc, $authorid, $icon, $parentid); + $catid = serendipity_addCategory($name, $desc, $authorid, $icon, $parentid); + serendipity_ACLGrant($catid, 'category', 'read', $serendipity['POST']['cat']['read_authors']); + serendipity_ACLGrant($catid, 'category', 'write', $serendipity['POST']['cat']['write_authors']); + echo '
'. CATEGORY_SAVED .'
'; } @@ -48,6 +57,8 @@ if (isset($_POST['SAVE'])) { AND categoryid <> ". (int)$serendipity['GET']['cid'], true); if ( $sql ) { echo '
'. sprintf(CATEGORY_ALREADY_EXIST, htmlspecialchars($name)) .'
'; + } else if (!serendipity_ACLCheck($serendipity['authorid'], $serendipity['GET']['cid'], 'category', 'write')) { + echo '
'. PERM_DENIED .'
'; } else { /* Check to make sure parent is not a child of self */ $r = serendipity_db_query("SELECT categoryid FROM {$serendipity['dbPrefix']}category c @@ -59,6 +70,8 @@ if (isset($_POST['SAVE'])) { echo sprintf(ALREADY_SUBCATEGORY, htmlspecialchars($r[0]['category_name']), htmlspecialchars($name)); } else { serendipity_updateCategory($serendipity['GET']['cid'], $name, $desc, $authorid, $icon, $parentid); + serendipity_ACLGrant($serendipity['GET']['cid'], 'category', 'read', $serendipity['POST']['cat']['read_authors']); + serendipity_ACLGrant($serendipity['GET']['cid'], 'category', 'write', $serendipity['POST']['cat']['read_authors']); echo '
'. CATEGORY_SAVED .'
'; } } @@ -72,7 +85,8 @@ if (isset($_POST['SAVE'])) { if ($serendipity['GET']['adminAction'] == 'doDelete') { if ($serendipity['GET']['cid'] != 0) { $remaining_cat = (int)$serendipity['POST']['cat']['remaining_catid']; - $category_range = implode(' AND ', serendipity_fetchCategoryRange((int)$serendipity['GET']['cid'])); + $category_ranges = serendipity_fetchCategoryRange((int)$serendipity['GET']['cid']); + $category_range = implode(' AND ', $category_ranges); if ($serendipity['dbType'] == 'postgres' || $serendipity['dbType'] == 'sqlite') { $query = "UPDATE {$serendipity['dbPrefix']}entrycat SET categoryid={$remaining_cat} WHERE entryid IN @@ -95,6 +109,14 @@ if ($serendipity['GET']['adminAction'] == 'doDelete') { } if ( serendipity_db_query($query) ) { if (serendipity_deleteCategory($category_range, $admin_category) ) { + + foreach($category_ranges AS $cid) { + if (serendipity_ACLCheck($serendipity['authorid'], $cid, 'category', 'write')) { + serendipity_ACLGrant($cid, 'category', 'read', array()); + serendipity_ACLGrant($cid, 'category', 'write', array()); + } + } + echo '
'. ($remaining_cat ? sprintf(CATEGORY_DELETED_ARTICLES_MOVED, (int)$serendipity['GET']['cid'], $remaining_cat) : sprintf(CATEGORY_DELETED,(int)$serendipity['GET']['cid'])) .'
'; $serendipity['GET']['adminAction'] = 'view'; } @@ -109,7 +131,8 @@ if ($serendipity['GET']['adminAction'] == 'doDelete') { if ( $serendipity['GET']['adminAction'] == 'delete' ) { $this_cat = serendipity_fetchCategoryInfo($serendipity['GET']['cid']); if ( (serendipity_checkPermission('adminCategoriesDelete') && serendipity_checkPermission('adminCategoriesMaintainOthers')) - || (serendipity_checkPermission('adminCategoriesDelete') && ($serendipity['authorid'] == $this_cat['authorid'] || $this_cat['authorid'] == '0')) ) { + || (serendipity_checkPermission('adminCategoriesDelete') && ($serendipity['authorid'] == $this_cat['authorid'] || $this_cat['authorid'] == '0')) + || (serendipity_checkPermission('adminCategoriesDelete') && serendipity_ACLCheck($serendipity['authorid'], $serendipity['GET']['cid'], 'category', 'write'))) { ?>

@@ -141,12 +164,18 @@ if ($serendipity['GET']['adminAction'] == 'doDelete') { $this_cat = serendipity_fetchCategoryInfo($cid); echo ''. sprintf(EDIT_THIS_CAT, htmlspecialchars($this_cat['category_name'])) .''; $save = SAVE; + $read_groups = serendipity_ACLGet($cid, 'category', 'read'); + $write_groups = serendipity_ACLGet($cid, 'category', 'write'); } else { $cid = false; $this_cat = array(); echo ''. CREATE_NEW_CAT .''; $save = CREATE; + $read_groups = array(0 => 0); + $write_groups = array(0 => 0); } + + $groups = serendipity_getAllGroups(); ?> @@ -171,9 +200,33 @@ if ($serendipity['GET']['adminAction'] == 'doDelete') { - - + + + + + + + +
/> + +
+ +
@@ -207,7 +260,7 @@ if ( $serendipity['GET']['adminAction'] == 'view' ) { if (empty($admin_category)) { $cats = serendipity_fetchCategories('all'); } else { - $cats = serendipity_fetchCategories(); + $cats = serendipity_fetchCategories(null, null, null, 'write'); } if ( is_array($cats) && sizeof($cats) > 0 ) { @@ -239,7 +292,6 @@ if ( $serendipity['GET']['adminAction'] == 'view' ) {
- - diff --git a/include/admin/users.inc.php b/include/admin/users.inc.php index 1e9f33a..49b6f37 100644 --- a/include/admin/users.inc.php +++ b/include/admin/users.inc.php @@ -89,7 +89,7 @@ if (isset($_POST['SAVE_NEW'])) { /* Edit a user */ if (isset($_POST['SAVE_EDIT'])) { $user = serendipity_fetchUsers($serendipity['POST']['user']); - if (!serendipity_checkPermission('adminUsersMaintainOthers') && $user[0]['userlevel'] >= $serendipity['serendipityUserlevel'] || !serendipity_checkPermission('adminUsersCreateNew')) { + if (!serendipity_checkPermission('adminUsersMaintainOthers') && $user[0]['userlevel'] >= $serendipity['serendipityUserlevel']) { echo '
' . CREATE_NOT_AUTHORIZED . '
'; } elseif ($_POST['userlevel'] > $serendipity['serendipityUserlevel']) { echo '
' . CREATE_NOT_AUTHORIZED_USERLEVEL . '
'; diff --git a/include/functions_config.inc.php b/include/functions_config.inc.php index 62f90c5..3b307c9 100644 --- a/include/functions_config.inc.php +++ b/include/functions_config.inc.php @@ -670,10 +670,10 @@ function serendipity_checkPermission($permName, $authorid = null, $returnMyGroup return false; } -function serendipity_updateGroups($groups, $authorid) { +function serendipity_updateGroups($groups, $authorid, $apply_acl = true) { global $serendipity; - if (!serendipity_checkPermission('adminUsersMaintainOthers')) { + if ($apply_acl && !serendipity_checkPermission('adminUsersMaintainOthers')) { return false; } @@ -952,5 +952,144 @@ function serendipity_addDefaultGroup($name, $level) { return true; } +function serendipity_ACLGrant($artifact_id, $artifact_type, $artifact_mode, $groups) { + global $serendipity; + + if (empty($groups) || !is_array($groups)) { + return false; + } + + // Delete all old existing relations. + serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}access + WHERE artifact_id = " . (int)$artifact_id . " + AND artifact_type = '" . serendipity_db_escape_string($artifact_type) . "' + AND artifact_mode = '" . serendipity_db_escape_string($artifact_mode) . "'"); + + $data = array( + 'artifact_id' => (int)$artifact_id, + 'artifact_type' => $artifact_type, + 'artifact_mode' => $artifact_mode, + 'artifact_index' => '' + ); + + if (count($data) < 1) { + return true; + } + + foreach($groups AS $group) { + $data['groupid'] = $group; + serendipity_db_insert('access', $data); + } + + return true; +} + +function serendipity_ACLGet($artifact_id, $artifact_type, $artifact_mode) { + global $serendipity; + + $sql = "SELECT groupid, artifact_index FROM {$serendipity['dbPrefix']}access + WHERE artifact_type = '" . serendipity_db_escape_string($artifact_type) . "' + AND artifact_id = '" . (int)$artifact_id . "' + AND artifact_mode = '" . serendipity_db_escape_string($artifact_mode) . "'"; + $rows = serendipity_db_query($sql, false, 'assoc'); + + if (!is_array($rows)) { + return false; + } + + $acl = array(); + foreach($rows AS $row) { + $acl[$row['groupid']] = $row['artifact_index']; + } + + return $acl; +} + +function serendipity_ACLCheck($authorid, $artifact_id, $artifact_type, $artifact_mode) { + global $serendipity; + + $artifact_sql = array(); + switch($artifact_type) { + default: + case 'category': + $artifact_sql['unique']= "atf.categoryid"; + $artifact_sql['cond'] = "atf.categoryid = " . (int)$artifact_id; + $artifact_sql['where'] = "OR a.artifact_type IS NULL AND (atf.authorid = " . (int)$authorid . " OR atf.authorid = 0)"; + $artifact_sql['table'] = 'category'; + } + + $sql = "SELECT {$artifact_sql['unique']} AS result + FROM {$serendipity['dbPrefix']}{$artifact_sql['table']} AS atf + LEFT OUTER JOIN {$serendipity['dbPrefix']}authorgroups AS ag + ON ag.authorid = ". (int)$authorid . " + LEFT OUTER JOIN {$serendipity['dbPrefix']}access AS a + ON (ag.groupid = a.groupid OR a.groupid = 0) + + WHERE {$artifact_sql['cond']} + AND (( + a.artifact_id = " . (int)$artifact_id . " + AND a.artifact_type = '" . serendipity_db_escape_string($artifact_type) . "' + AND a.artifact_mode = '" . serendipity_db_escape_string($artifact_mode) . "' + ) + {$artifact_sql['where']} + ) + GROUP BY result"; + + $res = serendipity_db_query($sql, true, 'assoc'); + if (is_array($res) && !empty($res['result'])) { + return true; + } + + return false; +} + +function serendipity_ACL_SQL(&$cond, $append_category = false) { + global $serendipity; + + if (!isset($serendipity['enableACL']) || $serendipity['enableACL'] === true) { + if ($_SESSION['serendipityAuthedUser'] === true) { + $read_id = (int)$serendipity['authorid']; + $read_id_sql = 'acl_a.groupid'; + } else { + // "0" as category property counts as "anonymous viewers" + $read_id = 0; + $read_id_sql = 0; + } + + if ($append_category) { + if ($append_category !== 'limited') { + $cond['joins'] .= " LEFT JOIN {$serendipity['dbPrefix']}entrycat ec + ON e.id = ec.entryid"; + } + + $cond['joins'] .= " LEFT JOIN {$serendipity['dbPrefix']}category c + ON ec.categoryid = c.categoryid"; + } + + $cond['joins'] .= " LEFT JOIN {$serendipity['dbPrefix']}authorgroups AS acl_a + ON acl_a.authorid = " . $read_id . " + LEFT JOIN {$serendipity['dbPrefix']}access AS acl_acc + ON acl_acc.groupid = " . $read_id_sql; + + if (empty($cond['and'])) { + $cond['and'] .= ' WHERE '; + } else { + $cond['and'] .= ' AND '; + } + + $cond['and'] .= " ( + c.categoryid IS NULL + OR (acl_acc.artifact_type = 'category' + AND acl_acc.artifact_mode = 'read' + AND acl_acc.artifact_id = c.categoryid) + OR (acl_acc.artifact_id IS NULL + AND (c.authorid = 0 OR c.authorid = " . $read_id . ") + ) + )"; + return true; + } + + return false; +} + /* vim: set sts=4 ts=4 expandtab : */ -?> \ No newline at end of file diff --git a/include/functions_entries.inc.php b/include/functions_entries.inc.php index f14e28e..836b098 100644 --- a/include/functions_entries.inc.php +++ b/include/functions_entries.inc.php @@ -231,6 +231,8 @@ function serendipity_fetchEntries($range = null, $full = true, $limit = '', $fet $group = 'GROUP BY e.id'; $distinct = ''; } + + serendipity_ACL_SQL($cond); // Store the unique query condition for entries for later reference, like getting the total article count. $serendipity['fullCountQuery'] = " @@ -334,6 +336,8 @@ function serendipity_fetchEntry($key, $val, $full = true, $fetchDrafts = 'false' $cond['and'] = " AND e.authorid = '" . $serendipity['authorid'] . "'"; } + serendipity_ACL_SQL($cond, true); + serendipity_plugin_api::hook_event('frontend_fetchentry', $cond, array('noSticky' => true)); $querystring = "SELECT @@ -381,9 +385,17 @@ function serendipity_fetchEntryProperties($id) { /** * Fetches a users categories **/ -function serendipity_fetchCategories($authorid = null, $name = '', $order = 'category_name ASC') { +function serendipity_fetchCategories($authorid = null, $name = null, $order = null, $artifact_mode = 'write') { global $serendipity; + if ($name === null) { + $name = ''; + } + + if ($order === null) { + $order = 'category_name ASC'; + } + if (!isset($authorid) || $authorid === null) { $authorid = ((isset($serendipity['authorid']) && !empty($serendipity['GET']['adminModule'])) ? $serendipity['authorid'] : 1); } @@ -393,7 +405,14 @@ function serendipity_fetchCategories($authorid = null, $name = '', $order = 'cat } if ($authorid != 'all' && is_numeric($authorid)) { - $where = " WHERE (c.authorid = $authorid OR c.authorid = 0)"; + if (!serendipity_checkPermission('adminCategoriesMaintainOthers', $authorid)) { + $where = " WHERE (c.authorid = $authorid OR c.authorid = 0)"; + $where .= "OR ( + acl.artifact_type = 'category' + AND acl.artifact_mode = '" . serendipity_db_escape_string($artifact_mode) . "' + )"; + + } } else { $where = ''; } @@ -414,7 +433,13 @@ function serendipity_fetchCategories($authorid = null, $name = '', $order = 'cat a.realname FROM {$serendipity['dbPrefix']}category AS c LEFT OUTER JOIN {$serendipity['dbPrefix']}authors AS a - ON c.authorid = a.authorid $where"; + ON c.authorid = a.authorid + LEFT OUTER JOIN {$serendipity['dbPrefix']}authorgroups AS ag + ON ag.authorid = a.authorid + LEFT OUTER JOIN {$serendipity['dbPrefix']}access AS acl + ON (ag.groupid = acl.groupid AND acl.artifact_id = c.categoryid) + $where + GROUP BY c.categoryid"; if (!empty($order)) { $querystring .= "\n ORDER BY $order"; @@ -484,6 +509,8 @@ function serendipity_searchEntries($term, $limit = '') { $cond['and'] = " AND isdraft = 'false' " . (!serendipity_db_bool($serendipity['showFutureEntries']) ? " AND timestamp <= " . time() : ''); serendipity_plugin_api::hook_event('frontend_fetchentries', $cond, array('source' => 'search')); + serendipity_ACL_SQL($cond, 'limited'); + $serendipity['fullCountQuery'] = " FROM {$serendipity['dbPrefix']}entries e diff --git a/include/tpl/config_local.inc.php b/include/tpl/config_local.inc.php index 02a0ba9..e340102 100644 --- a/include/tpl/config_local.inc.php +++ b/include/tpl/config_local.inc.php @@ -430,6 +430,13 @@ 'type' => 'bool', 'default' => false, 'permission' => 'blogConfiguration'), + + array('var' => 'enableACL', + 'title' => INSTALL_ACL, + 'description' => INSTALL_ACL_DESC, + 'type' => 'bool', + 'default' => true, + 'permission' => 'blogConfiguration'), )); $res['imagehandling'] = diff --git a/lang/UTF-8/serendipity_lang_bg.inc.php b/lang/UTF-8/serendipity_lang_bg.inc.php index 1b4a779..742faee 100644 --- a/lang/UTF-8/serendipity_lang_bg.inc.php +++ b/lang/UTF-8/serendipity_lang_bg.inc.php @@ -759,3 +759,9 @@ @define('CALENDAR_ENABLE_EXTERNAL_EVENTS', 'Enable Plugin API hook'); @define('CALENDAR_EXTEVENT_DESC', 'If enabled, plugins can hook into the calendar to display their own events highlighted. Only enable if you have installed plugins that need this, otherwise it just decreases performance.'); @define('XMLRPC_NO_LONGER_BUNDLED', 'The XML-RPC API Interface to Serendipity is no longer bundled because of ongoing security issues with this API and not many people using it. Thus you need to install the XML-RPC Plugin to use the XML-RPC API. The URL to use in your applications will NOT change - as soon as you have installed the plugin, you will again be able to use the API.'); +@define('PERM_READ', 'Read permission'); +@define('PERM_WRITE', 'Write permission'); + +@define('PERM_DENIED', 'Permission denied.'); +@define('INSTALL_ACL', 'Apply read-permissions for categories'); +@define('INSTALL_ACL_DESC', 'If enabled, the usergroup permission settings you setup for categories will be applied when logged-in users view your blog. If disabled, the read-permissions of the categories are NOT applied, but the positive effect is a little speedup on your blog. So if you don\'t need multi-user read permissions for your blog, disable this setting.'); diff --git a/lang/UTF-8/serendipity_lang_cn.inc.php b/lang/UTF-8/serendipity_lang_cn.inc.php index 4fcce2d..dfdae15 100644 --- a/lang/UTF-8/serendipity_lang_cn.inc.php +++ b/lang/UTF-8/serendipity_lang_cn.inc.php @@ -773,3 +773,9 @@ @define('CALENDAR_ENABLE_EXTERNAL_EVENTS', 'Enable Plugin API hook'); @define('CALENDAR_EXTEVENT_DESC', 'If enabled, plugins can hook into the calendar to display their own events highlighted. Only enable if you have installed plugins that need this, otherwise it just decreases performance.'); @define('XMLRPC_NO_LONGER_BUNDLED', 'The XML-RPC API Interface to Serendipity is no longer bundled because of ongoing security issues with this API and not many people using it. Thus you need to install the XML-RPC Plugin to use the XML-RPC API. The URL to use in your applications will NOT change - as soon as you have installed the plugin, you will again be able to use the API.'); +@define('PERM_READ', 'Read permission'); +@define('PERM_WRITE', 'Write permission'); + +@define('PERM_DENIED', 'Permission denied.'); +@define('INSTALL_ACL', 'Apply read-permissions for categories'); +@define('INSTALL_ACL_DESC', 'If enabled, the usergroup permission settings you setup for categories will be applied when logged-in users view your blog. If disabled, the read-permissions of the categories are NOT applied, but the positive effect is a little speedup on your blog. So if you don\'t need multi-user read permissions for your blog, disable this setting.'); diff --git a/lang/UTF-8/serendipity_lang_cs.inc.php b/lang/UTF-8/serendipity_lang_cs.inc.php index e7a1b61..c1e9628 100644 --- a/lang/UTF-8/serendipity_lang_cs.inc.php +++ b/lang/UTF-8/serendipity_lang_cs.inc.php @@ -775,3 +775,9 @@ @define('CALENDAR_ENABLE_EXTERNAL_EVENTS', 'Enable Plugin API hook'); @define('CALENDAR_EXTEVENT_DESC', 'If enabled, plugins can hook into the calendar to display their own events highlighted. Only enable if you have installed plugins that need this, otherwise it just decreases performance.'); @define('XMLRPC_NO_LONGER_BUNDLED', 'The XML-RPC API Interface to Serendipity is no longer bundled because of ongoing security issues with this API and not many people using it. Thus you need to install the XML-RPC Plugin to use the XML-RPC API. The URL to use in your applications will NOT change - as soon as you have installed the plugin, you will again be able to use the API.'); +@define('PERM_READ', 'Read permission'); +@define('PERM_WRITE', 'Write permission'); + +@define('PERM_DENIED', 'Permission denied.'); +@define('INSTALL_ACL', 'Apply read-permissions for categories'); +@define('INSTALL_ACL_DESC', 'If enabled, the usergroup permission settings you setup for categories will be applied when logged-in users view your blog. If disabled, the read-permissions of the categories are NOT applied, but the positive effect is a little speedup on your blog. So if you don\'t need multi-user read permissions for your blog, disable this setting.'); diff --git a/lang/UTF-8/serendipity_lang_cz.inc.php b/lang/UTF-8/serendipity_lang_cz.inc.php index b231ae2..32a54f4 100644 --- a/lang/UTF-8/serendipity_lang_cz.inc.php +++ b/lang/UTF-8/serendipity_lang_cz.inc.php @@ -775,3 +775,9 @@ @define('CALENDAR_ENABLE_EXTERNAL_EVENTS', 'Enable Plugin API hook'); @define('CALENDAR_EXTEVENT_DESC', 'If enabled, plugins can hook into the calendar to display their own events highlighted. Only enable if you have installed plugins that need this, otherwise it just decreases performance.'); @define('XMLRPC_NO_LONGER_BUNDLED', 'The XML-RPC API Interface to Serendipity is no longer bundled because of ongoing security issues with this API and not many people using it. Thus you need to install the XML-RPC Plugin to use the XML-RPC API. The URL to use in your applications will NOT change - as soon as you have installed the plugin, you will again be able to use the API.'); +@define('PERM_READ', 'Read permission'); +@define('PERM_WRITE', 'Write permission'); + +@define('PERM_DENIED', 'Permission denied.'); +@define('INSTALL_ACL', 'Apply read-permissions for categories'); +@define('INSTALL_ACL_DESC', 'If enabled, the usergroup permission settings you setup for categories will be applied when logged-in users view your blog. If disabled, the read-permissions of the categories are NOT applied, but the positive effect is a little speedup on your blog. So if you don\'t need multi-user read permissions for your blog, disable this setting.'); diff --git a/lang/UTF-8/serendipity_lang_da.inc.php b/lang/UTF-8/serendipity_lang_da.inc.php index d355011..845362a 100644 --- a/lang/UTF-8/serendipity_lang_da.inc.php +++ b/lang/UTF-8/serendipity_lang_da.inc.php @@ -774,3 +774,9 @@ @define('CALENDAR_ENABLE_EXTERNAL_EVENTS', 'Enable Plugin API hook'); @define('CALENDAR_EXTEVENT_DESC', 'If enabled, plugins can hook into the calendar to display their own events highlighted. Only enable if you have installed plugins that need this, otherwise it just decreases performance.'); @define('XMLRPC_NO_LONGER_BUNDLED', 'The XML-RPC API Interface to Serendipity is no longer bundled because of ongoing security issues with this API and not many people using it. Thus you need to install the XML-RPC Plugin to use the XML-RPC API. The URL to use in your applications will NOT change - as soon as you have installed the plugin, you will again be able to use the API.'); +@define('PERM_READ', 'Read permission'); +@define('PERM_WRITE', 'Write permission'); + +@define('PERM_DENIED', 'Permission denied.'); +@define('INSTALL_ACL', 'Apply read-permissions for categories'); +@define('INSTALL_ACL_DESC', 'If enabled, the usergroup permission settings you setup for categories will be applied when logged-in users view your blog. If disabled, the read-permissions of the categories are NOT applied, but the positive effect is a little speedup on your blog. So if you don\'t need multi-user read permissions for your blog, disable this setting.'); diff --git a/lang/UTF-8/serendipity_lang_de.inc.php b/lang/UTF-8/serendipity_lang_de.inc.php index 7ddccfe..d6c4f40 100644 --- a/lang/UTF-8/serendipity_lang_de.inc.php +++ b/lang/UTF-8/serendipity_lang_de.inc.php @@ -1,4 +1,4 @@ - 0) { @@ -553,26 +553,26 @@ class serendipity_event_entryproperties extends serendipity_event } if ($is_cache && (!isset($addData['noCache']) || !$addData['noCache'])) { - $joins[] = "LEFT OUTER JOIN {$serendipity['dbPrefix']}entryproperties ep_cache_extended - ON (e.id = ep_cache_extended.entryid AND ep_cache_extended.property = 'ep_cache_extended')"; - $joins[] = "LEFT OUTER JOIN {$serendipity['dbPrefix']}entryproperties ep_cache_body - ON (e.id = ep_cache_body.entryid AND ep_cache_body.property = 'ep_cache_body')"; + $joins[] = " LEFT OUTER JOIN {$serendipity['dbPrefix']}entryproperties ep_cache_extended + ON (e.id = ep_cache_extended.entryid AND ep_cache_extended.property = 'ep_cache_extended')"; + $joins[] = " LEFT OUTER JOIN {$serendipity['dbPrefix']}entryproperties ep_cache_body + ON (e.id = ep_cache_body.entryid AND ep_cache_body.property = 'ep_cache_body')"; } - $joins[] = "LEFT OUTER JOIN {$serendipity['dbPrefix']}entryproperties ep_access - ON (e.id = ep_access.entryid AND ep_access.property = 'ep_access')"; + $joins[] = " LEFT OUTER JOIN {$serendipity['dbPrefix']}entryproperties ep_access + ON (e.id = ep_access.entryid AND ep_access.property = 'ep_access')"; if ($use_groups) { - $joins[] = "LEFT OUTER JOIN {$serendipity['dbPrefix']}entryproperties ep_access_groups - ON (e.id = ep_access_groups.entryid AND ep_access_groups.property = 'ep_access_groups')"; + $joins[] = " LEFT OUTER JOIN {$serendipity['dbPrefix']}entryproperties ep_access_groups + ON (e.id = ep_access_groups.entryid AND ep_access_groups.property = 'ep_access_groups')"; } if ($use_users) { - $joins[] = "LEFT OUTER JOIN {$serendipity['dbPrefix']}entryproperties ep_access_users - ON (e.id = ep_access_users.entryid AND ep_access_users.property = 'ep_access_users')"; + $joins[] = " LEFT OUTER JOIN {$serendipity['dbPrefix']}entryproperties ep_access_users + ON (e.id = ep_access_users.entryid AND ep_access_users.property = 'ep_access_users')"; } if (!isset($addData['noSticky']) || $addData['noSticky'] !== true) { - $joins[] = "LEFT JOIN {$serendipity['dbPrefix']}entryproperties ep_sticky - ON (e.id = ep_sticky.entryid AND ep_sticky.property = 'ep_is_sticky')"; + $joins[] = " LEFT JOIN {$serendipity['dbPrefix']}entryproperties ep_sticky + ON (e.id = ep_sticky.entryid AND ep_sticky.property = 'ep_is_sticky')"; } $cond = implode("\n", $joins); diff --git a/serendipity_config.inc.php b/serendipity_config.inc.php index 34b04bd..cddd680 100644 --- a/serendipity_config.inc.php +++ b/serendipity_config.inc.php @@ -21,7 +21,7 @@ if (IS_installed === true && !defined('IN_serendipity')) { include_once(S9Y_INCLUDE_PATH . 'include/compat.inc.php'); // The version string -$serendipity['version'] = '0.9-alpha4'; +$serendipity['version'] = '0.9-alpha5'; // Name of folder for the default theme $serendipity['defaultTemplate'] = 'default'; diff --git a/sql/db.sql b/sql/db.sql index 4c9e4c8..744a1ea 100644 --- a/sql/db.sql +++ b/sql/db.sql @@ -45,6 +45,19 @@ create table {PREFIX}authorgroups ( CREATE INDEX authorgroup_idxA ON {PREFIX}authorgroups (groupid); CREATE INDEX authorgroup_idxB ON {PREFIX}authorgroups (authorid); +create table {PREFIX}access ( + groupid int(10) {UNSIGNED} not null default '0', + artifact_id int(10) {UNSIGNED} not null default '0', + artifact_type varchar(64) NOT NULL default '', + artifact_mode varchar(64) NOT NULL default '', + artifact_index varchar(64) NOT NULL default '' +); + +CREATE INDEX accessgroup_idx ON {PREFIX}access(groupid); +CREATE INDEX accessgroupT_idx ON {PREFIX}access(artifact_id,artifact_type,artifact_mode); +CREATE INDEX accessforeign_idx ON {PREFIX}access(artifact_id); + + # # table structure for table '{PREFIX}comments' # diff --git a/sql/db_update_0.9-alpha4_0.9-alpha5_mysql.sql b/sql/db_update_0.9-alpha4_0.9-alpha5_mysql.sql new file mode 100644 index 0000000..f6a1ae2 --- /dev/null +++ b/sql/db_update_0.9-alpha4_0.9-alpha5_mysql.sql @@ -0,0 +1,12 @@ +create table {PREFIX}access ( + groupid int(10) {UNSIGNED} not null default '0', + artifact_id int(10) {UNSIGNED} not null default '0', + artifact_type varchar(64) NOT NULL default '', + artifact_mode varchar(64) NOT NULL default '', + artifact_index varchar(64) NOT NULL default '' +); + +CREATE INDEX accessgroup_idx ON {PREFIX}access(groupid); +CREATE INDEX accessgroupT_idx ON {PREFIX}access(artifact_id,artifact_type,artifact_mode); +CREATE INDEX accessforeign_idx ON {PREFIX}access(artifact_id); + -- 2.39.5