[geeklog-cvs] geeklog: Add new permissions plugin.install and plugin.upload fo...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Sun Jan 25 11:28:53 EST 2009
details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/51b1f7bf224c
changeset: 6725:51b1f7bf224c
user: Dirk Haun <dirk at haun-online.de>
date: Sun Jan 25 17:28:17 2009 +0100
description:
Add new permissions plugin.install and plugin.upload for more fine-grained control to the plugin admin panel (bug #0000637)
diffstat:
7 files changed, 137 insertions(+), 46 deletions(-)
public_html/admin/install/lib-upgrade.php | 2
public_html/admin/plugins.php | 81 +++++++++++++++++------------
public_html/docs/history | 26 +++++----
sql/mssql_tableanddata.php | 6 +-
sql/mysql_tableanddata.php | 6 +-
sql/updates/mssql_1.5.2_to_1.6.0.php | 31 +++++++++++
sql/updates/mysql_1.5.2_to_1.6.0.php | 31 +++++++++++
diffs (truncated from 358 to 300 lines):
diff -r 952553d86ad1 -r 51b1f7bf224c public_html/admin/install/lib-upgrade.php
--- a/public_html/admin/install/lib-upgrade.php Sun Jan 25 11:10:01 2009 +0100
+++ b/public_html/admin/install/lib-upgrade.php Sun Jan 25 17:28:17 2009 +0100
@@ -461,8 +461,10 @@
case '1.5.2':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.5.2_to_1.6.0.php';
+ INST_updateDB($_SQL);
update_ConfValues();
+ upgrade_addPluginPermissions();
$current_gl_version = '1.6.0';
$_SQL = '';
diff -r 952553d86ad1 -r 51b1f7bf224c public_html/admin/plugins.php
--- a/public_html/admin/plugins.php Sun Jan 25 11:10:01 2009 +0100
+++ b/public_html/admin/plugins.php Sun Jan 25 17:28:17 2009 +0100
@@ -48,7 +48,7 @@
$display = '';
-if (!SEC_hasrights('plugin.edit')) {
+if (!SEC_hasRights('plugin.edit')) {
$display .= COM_siteHeader('menu', $MESSAGE[30])
. COM_showMessageText($MESSAGE[29], $MESSAGE[30])
. COM_siteFooter();
@@ -65,7 +65,7 @@
* @return string HTML for plugin editor form or error message
*
*/
-function plugineditor ($pi_name, $confirmed = 0)
+function plugineditor($pi_name, $confirmed = 0)
{
global $_CONF, $_TABLES, $_USER, $LANG32, $LANG_ADMIN;
@@ -104,9 +104,11 @@
$plg_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
$plg_templates->set_var('lang_delete', $LANG_ADMIN['delete']);
$plg_templates->set_var('pi_icon', PLG_getIcon($pi_name));
- if (!empty($pi_name)) {
- $plg_templates->set_var ('delete_option', '<input type="submit" value="'
- . $LANG_ADMIN['delete'] . '" name="mode"' . XHTML . '>');
+ if (SEC_hasRights('plugin.install')) {
+ $plg_templates->set_var('delete_option', '<input type="submit" value="'
+ . $LANG_ADMIN['delete'] . '" name="mode"' . XHTML . '>');
+ } else {
+ $plg_templates->set_var('delete_option', '');
}
$plugin_code_version = PLG_chkVersion($pi_name);
if (empty($plugin_code_version)) {
@@ -816,10 +818,13 @@
$token = SEC_createToken();
$retval .= listplugins($token);
- $retval .= show_newplugins($token);
+ if (SEC_hasRights('plugin.install')) {
+ $retval .= show_newplugins($token);
+ }
// If the web server will allow the user to upload a plugin
- if (plugin_upload_enabled()) {
+ if (plugin_upload_enabled() &&
+ SEC_hasRights('plugin.install,plugin.upload')) {
$retval .= plugin_show_uploadform($token);
}
@@ -1164,23 +1169,28 @@
}
if (($mode == $LANG_ADMIN['delete']) && !empty($LANG_ADMIN['delete'])) {
$pi_name = COM_applyFilter($_POST['pi_name']);
- if (($_POST['confirmed'] == 1) && SEC_checkToken()) {
- $msg = do_uninstall($pi_name);
- if ($msg === false) {
- echo COM_refresh($_CONF['site_admin_url'] . '/plugins.php');
- } else {
- echo COM_refresh($_CONF['site_admin_url'] . '/plugins.php?msg='
- . $msg);
+ if ((! empty($pi_name)) && SEC_hasRights('plugin.install')) {
+ if (($_POST['confirmed'] == 1) && SEC_checkToken()) {
+ $msg = do_uninstall($pi_name);
+ if ($msg === false) {
+ echo COM_refresh($_CONF['site_admin_url'] . '/plugins.php');
+ } else {
+ echo COM_refresh($_CONF['site_admin_url'] . '/plugins.php?msg='
+ . $msg);
+ }
+ exit;
+ } else { // ask user for confirmation
+ $display .= COM_siteHeader('menu', $LANG32[30]);
+ $display .= COM_startBlock($LANG32[30], '',
+ COM_getBlockTemplate('_msg_block', 'header'));
+ $display .= $LANG32[31];
+ $display .= COM_endBlock(COM_getBlockTemplate('_msg_block',
+ 'footer'));
+ $display .= plugineditor($pi_name, 1);
+ $display .= COM_siteFooter();
}
- exit;
- } else { // ask user for confirmation
- $display .= COM_siteHeader('menu', $LANG32[30]);
- $display .= COM_startBlock($LANG32[30], '',
- COM_getBlockTemplate('_msg_block', 'header'));
- $display .= $LANG32[31];
- $display .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
- $display .= plugineditor($pi_name, 1);
- $display .= COM_siteFooter();
+ } else {
+ $display = COM_refresh($_CONF['site_admin_url'] . '/plugins.php');
}
} elseif ((($mode == $LANG32[34]) && !empty($LANG32[34])) && SEC_checkToken()) { // update
@@ -1205,19 +1215,24 @@
$enabled, COM_applyFilter($_POST['pi_homepage']));
} elseif (($mode == 'autoinstall') && SEC_checkToken()) {
- $plugin = '';
- if (isset($_GET['plugin'])) {
- $plugin = COM_applyFilter($_GET['plugin']);
- }
- if (plugin_autoinstall($plugin)) {
- $display .= COM_refresh($_CONF['site_admin_url']
- . '/plugins.php?msg=44');
+ if (SEC_hasRights('plugin.install')) {
+ $plugin = '';
+ if (isset($_GET['plugin'])) {
+ $plugin = COM_applyFilter($_GET['plugin']);
+ }
+ if (plugin_autoinstall($plugin)) {
+ $display .= COM_refresh($_CONF['site_admin_url']
+ . '/plugins.php?msg=44');
+ } else {
+ $display .= COM_refresh($_CONF['site_admin_url']
+ . '/plugins.php?msg=72');
+ }
} else {
- $display .= COM_refresh($_CONF['site_admin_url']
- . '/plugins.php?msg=72');
+ $display = COM_refresh($_CONF['site_admin_url'] . '/plugins.php');
}
-} elseif (isset($_FILES['plugin']) && SEC_checkToken()) {
+} elseif (isset($_FILES['plugin']) && SEC_checkToken() &&
+ SEC_hasRights('plugin.install,plugin.upload')) {
$display .= plugin_upload();
} else { // 'cancel' or no mode at all
diff -r 952553d86ad1 -r 51b1f7bf224c public_html/docs/history
--- a/public_html/docs/history Sun Jan 25 11:10:01 2009 +0100
+++ b/public_html/docs/history Sun Jan 25 17:28:17 2009 +0100
@@ -1,6 +1,6 @@
Geeklog History/Changes:
-??? ??, 2009 (1.6.0)
+Mar ??, 2009 (1.6.0)
------------
Geeklog 1.6.0 incorporates the following projects implemented during
@@ -11,10 +11,14 @@
+ (TBD) Comment moderation and editable comments, by Jared Wenerd
Other changes:
+- Add new permissions plugin.install and plugin.upload for more fine-grained
+ control to the plugin admin panel (bug #0000637) [Dirk]
+- Introduced new plugin API function PLG_itemDeleted [Dirk]
+- Changed API for PLG_itemSaved to make it simpler and easier to use [Dirk]
- Updated FCKeditor to version 2.6.4 [Blaine]
- Usersettings.php - can not change password when custom membership is enabled.
- Modified CUSTOM_userCheck to return both a error message string and Error code.
- Updated users.php and usersettings,php (bug #0000776) [Blaine]
+ Modified CUSTOM_userCheck to return both a error message string and Error
+ code. Updated users.php and usersettings,php (bug #0000776) [Blaine]
- Implemented extended API for PLG_getItemInfo [mystral-kk, Dirk]
- Fixed inconsistencies and various small mistakes when displaying "Access
denied" messages on the admin pages [Dirk]
@@ -32,12 +36,12 @@
Calendar plugin
---------------
- Added auto installation support [Dirk]
-- Added support for PLG_getItemInfo [Dirk]
-
-Links plugin
-------------
-- Added auto installation support [Dirk]
-- Added support for PLG_getItemInfo [Dirk]
+- Added support for PLG_getItemInfo, PLG_itemSaved, PLG_itemDeleted [Dirk]
+
+Links plugin
+------------
+- Added auto installation support [Dirk]
+- Added support for PLG_getItemInfo, PLG_itemSaved, PLG_itemDeleted [Dirk]
- Introduced function LINKS_getCategorySQL and fixed visibility of link
categories in the Top 10 Links list and site statistics [Dirk]
- Added an option to allow opening external links in a new window (feature
@@ -47,7 +51,7 @@
Polls plugin
------------
- Added auto installation support [Dirk]
-- Added support for PLG_getItemInfo [Dirk]
+- Added support for PLG_getItemInfo, PLG_itemSaved, PLG_itemDeleted [Dirk]
- Extended length of poll IDs to 40 characters (feature request #0000754) [Dirk]
Spam-X
@@ -57,7 +61,7 @@
Static Pages plugin
-------------------
- Added auto installation support [Dirk]
-- Added support for PLG_getItemInfo [Dirk]
+- Added support for PLG_getItemInfo, PLG_itemSaved, PLG_itemDeleted [Dirk]
- The printable.thtml template file uses the HTML Strict doctype and print.css
now [Dirk]
- Display "successfully saved" and "successfully deleted" messages, just like
diff -r 952553d86ad1 -r 51b1f7bf224c sql/mssql_tableanddata.php
--- a/sql/mssql_tableanddata.php Sun Jan 25 11:10:01 2009 +0100
+++ b/sql/mssql_tableanddata.php Sun Jan 25 17:28:17 2009 +0100
@@ -1178,6 +1178,8 @@
$_SQL[] = "INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES (14,11)";
$_SQL[] = "INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES (15,11)";
$_SQL[] = "INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES (16,4)";
+$_SQL[] = "INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES (17,10)";
+$_SQL[] = "INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES (18,10)";
$_SQL[] = "
set identity_insert {$_TABLES['blocks']} on;
@@ -1254,10 +1256,12 @@
INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (9,'webservices.atompub', 'May use Atompub Webservices (if restricted)', 1)
INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (10,'block.edit','Access to block editor',1)
INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (11,'topic.edit','Access to topic editor',1)
-INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (13,'plugin.edit','Access to plugin editor',1)
+INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (13,'plugin.edit','Can change plugin status',1)
INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (14,'group.edit','Ability to edit groups',1)
INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (15,'group.delete','Ability to delete groups',1)
INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (16,'block.delete','Ability to delete a block',1)
+INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (17,'plugin.install','Can install/uninstall plugins',1)
+INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (18,'plugin.upload','Can upload new plugins',1)
set identity_insert {$_TABLES['features']} off
";
diff -r 952553d86ad1 -r 51b1f7bf224c sql/mysql_tableanddata.php
--- a/sql/mysql_tableanddata.php Sun Jan 25 11:10:01 2009 +0100
+++ b/sql/mysql_tableanddata.php Sun Jan 25 17:28:17 2009 +0100
@@ -506,6 +506,8 @@
$_DATA[] = "INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES (14,11) ";
$_DATA[] = "INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES (15,11) ";
$_DATA[] = "INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES (16,4) ";
+$_DATA[] = "INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES (17,10) ";
+$_DATA[] = "INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES (18,10) ";
$_DATA[] = "INSERT INTO {$_TABLES['blocks']} (bid, is_enabled, name, type, title, tid, blockorder, content, rdfurl, rdfupdated, onleft, phpblockfn, group_id, owner_id, perm_owner, perm_group, perm_members, perm_anon) VALUES (1,1,'user_block','gldefault','User Functions','all',2,'','','0000-00-00 00:00:00',1,'',4,2,3,3,2,2) ";
$_DATA[] = "INSERT INTO {$_TABLES['blocks']} (bid, is_enabled, name, type, title, tid, blockorder, content, rdfurl, rdfupdated, onleft, phpblockfn, group_id, owner_id, perm_owner, perm_group, perm_members, perm_anon) VALUES (2,1,'admin_block','gldefault','Admins Only','all',1,'','','0000-00-00 00:00:00',1,'',4,2,3,3,2,2) ";
@@ -566,10 +568,12 @@
$_DATA[] = "INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (9,'webservices.atompub', 'May use Atompub Webservices (if restricted)', 1) ";
$_DATA[] = "INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (10,'block.edit','Access to block editor',1) ";
$_DATA[] = "INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (11,'topic.edit','Access to topic editor',1) ";
-$_DATA[] = "INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (13,'plugin.edit','Access to plugin editor',1) ";
+$_DATA[] = "INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (13,'plugin.edit','Can change plugin status',1) ";
$_DATA[] = "INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (14,'group.edit','Ability to edit groups',1) ";
$_DATA[] = "INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (15,'group.delete','Ability to delete groups',1) ";
$_DATA[] = "INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (16,'block.delete','Ability to delete a block',1) ";
+$_DATA[] = "INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (17,'plugin.install','Can install/uninstall plugins',1) ";
+$_DATA[] = "INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (18,'plugin.upload','Can upload new plugins',1) ";
$_DATA[] = "INSERT INTO {$_TABLES['frontpagecodes']} (code, name) VALUES (0,'Show Only in Topic') ";
$_DATA[] = "INSERT INTO {$_TABLES['frontpagecodes']} (code, name) VALUES (1,'Show on Front Page') ";
diff -r 952553d86ad1 -r 51b1f7bf224c sql/updates/mssql_1.5.2_to_1.6.0.php
--- a/sql/updates/mssql_1.5.2_to_1.6.0.php Sun Jan 25 11:10:01 2009 +0100
+++ b/sql/updates/mssql_1.5.2_to_1.6.0.php Sun Jan 25 17:28:17 2009 +0100
@@ -1,7 +1,17 @@
<?php
+// in_transit column is no longer used
$_SQL[] = "ALTER TABLE {$_TABLES['stories']} DROP COLUMN in_transit";
+// new plugin permissions
+$_SQL[] = "INSERT INTO {$_TABLES['features']} (ft_name, ft_descr, ft_gl_core) VALUES ('plugin.install','Can install/uninstall plugins',1)";
+$_SQL[] = "INSERT INTO {$_TABLES['features']} (ft_name, ft_descr, ft_gl_core) VALUES ('plugin.upload','Can upload new plugins',1)";
+$_SQL[] = "UPDATE {$_TABLES['features']} SET ft_descr = 'Can change plugin status' WHERE ft_name = 'plugin.edit'";
+
+/**
+ * Add new config options
+ *
+ */
function update_ConfValues()
{
global $_CONF;
@@ -16,4 +26,25 @@
return true;
}
+/**
+ * Add new plugin-related permissions to Plugin Admin group
+ *
+ */
+function upgrade_addPluginPermissions()
+{
+ global $_TABLES;
+
+ $install_id = DB_getItem($_TABLES['features'], 'ft_id',
+ "ft_name = 'plugin.install'");
+ $upload_id = DB_getItem($_TABLES['features'], 'ft_id',
+ "ft_name = 'plugin.upload'");
More information about the geeklog-cvs
mailing list