users:phptard:disableactionsbygroup
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
users:phptard:disableactionsbygroup [2007/02/21 12:12] – 69.233.103.142 | users:phptard:disableactionsbygroup [2007/12/13 02:58] (current) – 97.15.107.35 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Disable Actions by Group ====== | ||
+ | This plugin allows you to disable a given list of actions based on user groups. It has been tested to work with the latest release of DokuWiki (2006-11-06). There are two configuration settings: | ||
+ | |||
+ | * group_list: List of groups (separated by `;`) | ||
+ | * action_list: | ||
+ | |||
+ | |||
+ | ===== Download/ | ||
+ | |||
+ | To install the plugin either use the plugin manager or extract this zip file into your plugins directory: | ||
+ | |||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | * OLD: [[http:// | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ===== Example ===== | ||
+ | |||
+ | {{http:// | ||
+ | FIXME updated screenshot with new ignore_admin setting | ||
+ | In this example (note: uses the patch to allow restricting ALL published below), the following groups have been prohibited the following actions: | ||
+ | * ALL (anonymous) : ' | ||
+ | * user (normal user): ' | ||
+ | * friends (custom groups): " | ||
+ | |||
+ | ===== List of valid actions ===== | ||
+ | |||
+ | By default, these actions come with dokuwiki. More can be added through the use of plugins: | ||
+ | |||
+ | * ' | ||
+ | * ' | ||
+ | * ' | ||
+ | * ' | ||
+ | * ' | ||
+ | * ' | ||
+ | * ' | ||
+ | * ' | ||
+ | * ' | ||
+ | * ' | ||
+ | * ' | ||
+ | * ' | ||
+ | * ' | ||
+ | * ' | ||
+ | * ' | ||
+ | * ' | ||
+ | * ' | ||
+ | * ' | ||
+ | * ' | ||
+ | * ' | ||
+ | * ' | ||
+ | * ' | ||
+ | * ' | ||
+ | * ' | ||
+ | * ' | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ===== Discussion ===== | ||
+ | |||
+ | Little patch to allow removing rights from the ALL (anonymous users) group as well as making ADMIN ignore the plugin (needed if you want to restrict a right from ' | ||
+ | |||
+ | lines 38++ | ||
+ | <code php> | ||
+ | function _hookaction() { | ||
+ | global $INFO, $ACT; | ||
+ | |||
+ | $info = $INFO[' | ||
+ | //if not logged in, don't do anything | ||
+ | if(!is_array($info)){ | ||
+ | $info = array(" | ||
+ | // | ||
+ | } | ||
+ | else /* comment this out if you don't want admin to ignore all settings by the plugin */ | ||
+ | { | ||
+ | if ($INFO[' | ||
+ | { | ||
+ | return; | ||
+ | } | ||
+ | } | ||
+ | ///... | ||
+ | </ | ||
+ | |||
+ | and lines 73++ | ||
+ | |||
+ | <code php> | ||
+ | //first check to see if this user has actions disabled | ||
+ | $disabled = array(); | ||
+ | $intersect = array_intersect($groups, | ||
+ | |||
+ | </ | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | makes it more useful, e.g. to allow logged in users but not guests to see recent changes. --- // | ||
+ | |||
+ | |||
+ | FIXME When disabling an action in admin interface in a common way, the corresponding button disappears from the page. It's not the case with this plugin. Isn't it better to do the same thing rather than allow guests hitting buttons that don't do anything? Best regards! | ||
+ | |||
+ | ---- | ||
+ | Would this (slightly modified) end of the file work? Seems to work for me, on a quick try. | ||
+ | |||
+ | <code php> | ||
+ | /* | ||
+ | * Register its handlers with the dokuwiki' | ||
+ | */ | ||
+ | function register(& | ||
+ | $controller-> | ||
+ | $controller-> | ||
+ | } | ||
+ | |||
+ | /* Temporary store for disabled actions in case login privileges change */ | ||
+ | private $olddisableactions; | ||
+ | |||
+ | /* | ||
+ | * Check to see if they are just loggin in and redirect to start page, or if page doesn' | ||
+ | */ | ||
+ | function _hookaction() { | ||
+ | global $INFO, $ACT, $conf; | ||
+ | |||
+ | $this-> | ||
+ | |||
+ | $info = $INFO[' | ||
+ | //if not logged in, don't do anything | ||
+ | if(!is_array($info)) | ||
+ | $info = array(" | ||
+ | elseif($this-> | ||
+ | return; | ||
+ | |||
+ | //if no groups defined, do nothing | ||
+ | if($this-> | ||
+ | return; | ||
+ | |||
+ | $groups = explode(';', | ||
+ | if($this-> | ||
+ | else $actions = explode(';', | ||
+ | |||
+ | // | ||
+ | if(sizeof($actions) != sizeof($groups)) { | ||
+ | if(sizeof($groups) < sizeof($actions)) | ||
+ | $groups = array_splice($groups, | ||
+ | else | ||
+ | $actions = array_pad($actions, | ||
+ | |||
+ | trigger_error(" | ||
+ | } | ||
+ | |||
+ | //first check to see if this user has actions disabled | ||
+ | $disabled = explode(',', | ||
+ | $intersect = array_intersect($groups, | ||
+ | foreach($intersect as $k => $v) { | ||
+ | if($actions[$k] != '' | ||
+ | $disabled = array_merge($disabled, | ||
+ | } | ||
+ | $disabled = array_unique($disabled); | ||
+ | if(!sizeof($disabled)) | ||
+ | return; | ||
+ | if(sizeof($disabled) == 1) | ||
+ | if($disabled[0] == '' | ||
+ | return; | ||
+ | |||
+ | $conf[' | ||
+ | } | ||
+ | |||
+ | /* | ||
+ | * If login privileges have changed, reconstruct disabled actions | ||
+ | */ | ||
+ | function _hookaction_login() { | ||
+ | global $ACT, $conf; | ||
+ | |||
+ | //login stuff | ||
+ | if(in_array($ACT, | ||
+ | $conf[' | ||
+ | $this-> | ||
+ | } | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | FIXME To make this work properly on logout (show correct buttons without reloading), function actionOK must be modified in inc/ | ||
+ | |||
+ | <code php> | ||
+ | function actionOK($action){ | ||
+ | global $conf; | ||
+ | static $olddisableactions = null; | ||
+ | static $disabled = null; | ||
+ | |||
+ | if($olddisableactions !== $conf[' | ||
+ | // prepare disabled actions array and handle legacy options | ||
+ | $disabled = explode(',', | ||
+ | $disabled = array_map(' | ||
+ | if(isset($conf[' | ||
+ | if(isset($conf[' | ||
+ | $disabled = array_unique($disabled); | ||
+ | $olddisableactions = $conf[' | ||
+ | } | ||
+ | |||
+ | return !in_array($action, | ||
+ | } | ||
+ | </ | ||
+ | --- // | ||
+ | |||
+ | I had a couple of issues with the plugin as it exists from source on this page. | ||
+ | |||
+ | - The last modification re: the ALL group is a bit problematic because the definition of ALL (anyonymous users) from Georg' | ||
+ | - I am not sure that I agree with the implementation of the ignore_admin option since I can't think of any reason why the admin of the site should ever be denied access to anything. | ||
+ | - In my opinion, if you have a user X who is in groups A and B, and the admin has disabled action Z for group A, then user X should not be disallowed access to action Z because user X is in group B where no actions have been disabled. | ||
+ | |||
+ | I have created the patch below which does the following: | ||
+ | |||
+ | - fix the definition of ALL (users are ALWAYS in the ALL group) | ||
+ | - get rid of ignore_admin | ||
+ | - fix group checking as per 3 above (note: if you remove access to ALL for say, " | ||
+ | |||
+ | Finally, while I agree that it would be nice if this plugin disabled the actions from being displayed through templates, I'm not overly fond of the idea of modifying the actual DokuWiki code to fix the problem because these types of patches need to be reapplied to every DokuWiki version. On the other hand, if this plugin implemented a check function that a template could call when printing the buttons (kind of like actionOK), this might not be a bad idea because the templates don't always change with DokuWiki versions. | ||
+ | |||
+ | > Regarding the above actionOK replacement: | ||
+ | > --- // | ||
+ | |||
+ | Here's my patch in patch format: | ||
+ | |||
+ | < | ||
+ | diff -Naur disableactionsbygroup.orig/ | ||
+ | --- disableactionsbygroup.orig/ | ||
+ | +++ disableactionsbygroup/ | ||
+ | @@ -33,34 +33,37 @@ | ||
+ | } | ||
+ | |||
+ | |||
+ | |||
+ | /* | ||
+ | |||
+ | - * Check to see if they are just loggin in and redirect to start page, or if page doesn' | ||
+ | - */ | ||
+ | - function _hookaction() { | ||
+ | - global $INFO, $ACT; | ||
+ | - | ||
+ | - $info = $INFO[' | ||
+ | - //if not logged in, don't do anything | ||
+ | - if(!is_array($info)) { | ||
+ | - $info = array(" | ||
+ | - } | ||
+ | - elseif($this-> | ||
+ | - return; | ||
+ | - } | ||
+ | - | ||
+ | - //if no action, do nothing | ||
+ | - if(!$ACT) { | ||
+ | - return; | ||
+ | - } | ||
+ | - | ||
+ | + * Check to see if they are just loggin in and redirect to start page, or if page doesn' | ||
+ | |||
+ | + */ | ||
+ | |||
+ | + function _hookaction() { | ||
+ | |||
+ | + global $INFO, $ACT; | ||
+ | |||
+ | + | ||
+ | |||
+ | + $info = $INFO[' | ||
+ | |||
+ | + //if user not in any explicit groups, they are in ALL group | ||
+ | |||
+ | + if(!is_array($info)) { | ||
+ | |||
+ | + $info = array(" | ||
+ | |||
+ | + } else { | ||
+ | |||
+ | + // add ALL group to user | ||
+ | |||
+ | + $info[] = " | ||
+ | |||
+ | + // admin is not denied access to anything | ||
+ | |||
+ | + if($INFO[' | ||
+ | |||
+ | + return; | ||
+ | |||
+ | + } | ||
+ | |||
+ | + | ||
+ | |||
+ | + //if no action, do nothing | ||
+ | |||
+ | + if(!$ACT) { | ||
+ | |||
+ | + return; | ||
+ | |||
+ | + } | ||
+ | |||
+ | + | ||
+ | |||
+ | | ||
+ | |||
+ | | ||
+ | |||
+ | | ||
+ | |||
+ | } | ||
+ | |||
+ | - | ||
+ | |||
+ | + | ||
+ | |||
+ | | ||
+ | |||
+ | | ||
+ | |||
+ | | ||
+ | |||
+ | - | ||
+ | |||
+ | + | ||
+ | |||
+ | | ||
+ | |||
+ | | ||
+ | |||
+ | | ||
+ | |||
+ | @@ -71,15 +74,30 @@ | ||
+ | | ||
+ | |||
+ | } | ||
+ | |||
+ | |||
+ | |||
+ | - //first check to see if this user has actions disabled | ||
+ | |||
+ | | ||
+ | |||
+ | + | ||
+ | |||
+ | + // if user is in at least 1 group that does not have any | ||
+ | |||
+ | + // restrictions, | ||
+ | |||
+ | + if (count(array_diff($info, | ||
+ | |||
+ | + return; | ||
+ | |||
+ | + | ||
+ | |||
+ | + // create a list of actions that are disabled for this user | ||
+ | |||
+ | | ||
+ | |||
+ | | ||
+ | |||
+ | - if($actions[$k] != '' | ||
+ | |||
+ | - $disabled = array_merge($disabled, | ||
+ | |||
+ | - } | ||
+ | |||
+ | + // if action list is empty for any denied group | ||
+ | |||
+ | + // that the user is in, its the same thing as if | ||
+ | |||
+ | + // there are no restrictions on the group, and hence | ||
+ | |||
+ | + // access is permitted | ||
+ | |||
+ | + | ||
+ | |||
+ | + return; | ||
+ | |||
+ | + // otherwise, an action is only disabled for a user | ||
+ | |||
+ | + // if it is disabled in all groups that the user is | ||
+ | |||
+ | + // in | ||
+ | |||
+ | + if (empty($disabled)) | ||
+ | |||
+ | + $disabled = split(',', | ||
+ | |||
+ | + else | ||
+ | |||
+ | + $disabled = array_intersect($disabled, | ||
+ | |||
+ | } | ||
+ | |||
+ | - $disabled = array_unique($disabled); | ||
+ | |||
+ | | ||
+ | |||
+ | | ||
+ | |||
+ | | ||
+ | |||
+ | @@ -91,7 +109,7 @@ | ||
+ | | ||
+ | |||
+ | |||
+ | |||
+ | | ||
+ | |||
+ | - msg(' | ||
+ | |||
+ | + msg(' | ||
+ | |||
+ | | ||
+ | |||
+ | } | ||
+ | |||
+ | } | ||
+ | |||
+ | </ | ||
+ | |||
+ | (Note: you must also remove the " | ||
+ | |||
+ | --- // |