b2evolution PHP Cross Reference Blogging Systems

Source: /inc/users/views/_group.form.php - 282 lines - 10712 bytes - Summary - Text - Print

Description: This file implements the UI view for the user group properties. Called by {@link b2users.php}

   1  <?php
   2  /**
   3   * This file implements the UI view for the user group properties.
   4   *
   5   * Called by {@link b2users.php}
   6   *
   7   * This file is part of the evoCore framework - {@link http://evocore.net/}
   8   * See also {@link http://sourceforge.net/projects/evocms/}.
   9   *
  10   * @copyright (c)2003-2014 by Francois Planque - {@link http://fplanque.com/}
  11   * Parts of this file are copyright (c)2004-2006 by Daniel HAHLER - {@link http://thequod.de/contact}.
  12   *
  13   * {@internal License choice
  14   * - If you have received this file as part of a package, please find the license.txt file in
  15   *   the same folder or the closest folder above for complete license terms.
  16   * - If you have received this file individually (e-g: from http://evocms.cvs.sourceforge.net/)
  17   *   then you must choose one of the following licenses before using the file:
  18   *   - GNU General Public License 2 (GPL) - http://www.opensource.org/licenses/gpl-license.php
  19   *   - Mozilla Public License 1.1 (MPL) - http://www.opensource.org/licenses/mozilla1.1.php
  20   * }}
  21   *
  22   * {@internal Open Source relicensing agreement:
  23   * Daniel HAHLER grants Francois PLANQUE the right to license
  24   * Daniel HAHLER's contributions to this file and the b2evolution project
  25   * under any OSI approved OSS license (http://www.opensource.org/licenses/).
  26   * }}
  27   *
  28   * @package admin
  29   *
  30   * {@internal Below is a list of authors who have contributed to design/coding of this file: }}
  31   * @author fplanque: Francois PLANQUE
  32   * @author blueyed: Daniel HAHLER
  33   *
  34   * @version $Id: _group.form.php 6136 2014-03-08 07:59:48Z manuel $
  35   */
  36  if( !defined('EVO_MAIN_INIT') ) die( 'Please, do not access this page directly.' );
  37  
  38  
  39  /**
  40   * @var Group
  41   */
  42  global $edited_Group;
  43  
  44  global $action;
  45  
  46  // asimo> this may belong to the pluggable permissions display
  47  // javascript to handle shared root permissions, when file permission was changed
  48  ?>
  49  <script type="text/javascript">
  50  	function file_perm_changed()
  51      {
  52          var file_perm = jQuery( '[name="edited_grp_perm_files"]:checked' ).val();
  53          if( file_perm == null )
  54          { // there is file perms radio
  55              return;
  56          }
  57  
  58          switch( file_perm )
  59          {
  60          case "none":
  61              jQuery('#edited_grp_perm_shared_root_radio_2').attr('disabled', 'disabled');
  62              jQuery('#edited_grp_perm_shared_root_radio_3').attr('disabled', 'disabled');
  63              jQuery('#edited_grp_perm_shared_root_radio_4').attr('disabled', 'disabled');
  64              break;
  65          case "view":
  66              jQuery('#edited_grp_perm_shared_root_radio_2').removeAttr('disabled');
  67              jQuery('#edited_grp_perm_shared_root_radio_3').attr('disabled', 'disabled');
  68              jQuery('#edited_grp_perm_shared_root_radio_4').attr('disabled', 'disabled');
  69              break;
  70          case "add":
  71              jQuery('#edited_grp_perm_shared_root_radio_2').removeAttr('disabled');
  72              jQuery('#edited_grp_perm_shared_root_radio_3').removeAttr('disabled');
  73              jQuery('#edited_grp_perm_shared_root_radio_4').attr('disabled', 'disabled');
  74              break;
  75          default:
  76              jQuery('#edited_grp_perm_shared_root_radio_2').removeAttr('disabled');
  77              jQuery('#edited_grp_perm_shared_root_radio_3').removeAttr('disabled');
  78              jQuery('#edited_grp_perm_shared_root_radio_4').removeAttr('disabled');
  79          }
  80      }
  81  </script>
  82  <?php
  83  
  84  /**
  85   * Display pluggable permissions
  86   *
  87   * @param string perm block name  'additional'|'system'
  88   */
  89  function display_pluggable_permissions( &$Form, $perm_block )
  90  {
  91      global $edited_Group;
  92  
  93      $GroupSettings = & $edited_Group->get_GroupSettings();
  94      foreach( $GroupSettings->permission_modules as $perm_name => $module_name )
  95      {
  96          $Module = & $GLOBALS[$module_name.'_Module'];
  97          if( method_exists( $Module, 'get_available_group_permissions' ) )
  98          {
  99              $permissions = $Module->get_available_group_permissions( $edited_Group->ID );
 100              if( array_key_exists( $perm_name, $permissions ) )
 101              {
 102                  $perm = $permissions[$perm_name];
 103                  if( $perm['perm_block'] == $perm_block )
 104                  {
 105                      if( ! isset( $perm['perm_type'] ) )
 106                      {
 107                          $perm['perm_type'] = 'radiobox';
 108                      }
 109  
 110                      switch( $perm['perm_type'] )
 111                      {
 112                          case 'checkbox':
 113                              $Form->checkbox_input( 'edited_grp_'.$perm_name, $GroupSettings->permission_values[$perm_name] == 'allowed', $perm['label'], array( 'input_suffix' => ' '.$perm['note'], 'value' => 'allowed' ) );
 114                          break;
 115  
 116                          case 'radiobox':
 117                              if( ! isset( $perm['field_lines'] ) )
 118                              {
 119                                  $perm['field_lines'] = true;
 120                              }
 121                              if( ! isset( $perm['field_note'] ) )
 122                              {
 123                                  $perm['field_note'] = '';
 124                              }
 125                              $Form->radio( 'edited_grp_'.$perm_name, $GroupSettings->permission_values[$perm_name], $perm['options'], $perm['label'], $perm['field_lines'], $perm['field_note'] );
 126                          break;
 127  
 128                          case 'info':
 129                              $Form->info( $perm['label'], $perm['info'] );
 130                          break;
 131  
 132                          case 'text_input':
 133                              $Form->text_input( 'edited_grp_'.$perm_name, $GroupSettings->permission_values[$perm_name], 5, $perm['label'], $perm['note'], array( 'maxlength' => $perm['maxlength'] ) );
 134                          break;
 135                      }
 136                  }
 137              }
 138          }
 139      }
 140  }
 141  
 142  $Form = new Form( NULL, 'group_checkchanges' );
 143  
 144  $Form->global_icon( T_('Cancel editing!'), 'close', regenerate_url( 'ctrl,grp_ID,action', 'ctrl=groups' ) );
 145  
 146  if( $edited_Group->ID == 0 )
 147  {
 148      $Form->begin_form( 'fform', T_('Creating new group') );
 149  }
 150  else
 151  {
 152      $title = ( $action == 'edit' ? T_('Editing group:') : T_('Viewing group:') )
 153                          .' '.
 154                          ( isset($edited_grp_oldname) ? $edited_grp_oldname : $edited_Group->dget('name') )
 155                          .' ('.T_('ID').' '.$edited_Group->ID.')';
 156      $Form->begin_form( 'fform', $title );
 157  }
 158  
 159      $Form->add_crumb( 'group' );
 160      $Form->hidden_ctrl();
 161      $Form->hidden( 'action', 'update' );
 162      $Form->hidden( 'grp_ID', $edited_Group->ID );
 163  
 164  $perm_none_option = array( 'none', T_('No Access') );
 165  $perm_view_option = array( 'view', T_('View details') );
 166  $perm_edit_option = array( 'edit', T_('Edit/delete all') );
 167  
 168  
 169  $Form->begin_fieldset( T_('General').get_manual_link('group_properties_general') );
 170  
 171      $Form->text( 'edited_grp_name', $edited_Group->name, 50, T_('Name'), '', 50, 'large' );
 172  
 173      display_pluggable_permissions( $Form, 'core_general' );
 174  
 175  $Form->end_fieldset();
 176  
 177  $Form->begin_fieldset( T_('Blogging permissions').get_manual_link('group_properties_blogging') );
 178  
 179      $Form->radio( 'edited_grp_perm_blogs', $edited_Group->get('perm_blogs'),
 180              array(  array( 'user', T_('Depending on each blog\'s permissions') ),
 181                              array( 'viewall', T_('View all blogs') ),
 182                              array( 'editall', T_('Full Access') )
 183                          ), T_('Blogs'), false );
 184  
 185      $Form->radio( 'perm_xhtmlvalidation', $edited_Group->get('perm_xhtmlvalidation'),
 186              array(  array( 'always', T_('Force valid XHTML + strong security'),
 187                                              T_('The security filters below will be strongly enforced.') ),
 188                              array( 'never', T_('Basic security checking'),
 189                                              T_('Security filters below will still be enforced but with potential lesser accuracy.') )
 190                          ), T_('XHTML validation'), true );
 191  
 192      $Form->radio( 'perm_xhtmlvalidation_xmlrpc', $edited_Group->get('perm_xhtmlvalidation_xmlrpc'),
 193              array(  array( 'always', T_('Force valid XHTML + strong security'),
 194                                              T_('The security filters below will be strongly enforced.') ),
 195                              array( 'never', T_('Basic security checking'),
 196                                              T_('Security filters below will still be enforced but with potential lesser accuracy.') )
 197                          ), T_('XHTML validation on XML-RPC calls'), true );
 198  
 199      $Form->checklist( array(
 200                          array( 'prevent_css_tweaks', 1, T_('Prevent CSS tweaks'), ! $edited_Group->get('perm_xhtml_css_tweaks'), false,
 201                                              T_('WARNING: if allowed, users may deface the site, add hidden text, etc.') ),
 202                          array( 'prevent_iframes', 1, T_('Prevent iframes'), ! $edited_Group->get('perm_xhtml_iframes'), false,
 203                                              T_('WARNING: if allowed, users may do XSS hacks, steal passwords from other users, etc.') ),
 204                          array( 'prevent_javascript', 1, T_('Prevent javascript'), ! $edited_Group->get('perm_xhtml_javascript'), false,
 205                                              T_('WARNING: if allowed, users can easily do XSS hacks, steal passwords from other users, etc.') ),
 206                          array( 'prevent_objects', 1, T_('Prevent objects'), ! $edited_Group->get('perm_xhtml_objects'), false,
 207                                              T_('WARNING: if allowed, users can spread viruses and malware through this blog.') ),
 208                      ), 'xhtml_security', T_('Security filters') );
 209  
 210      $Form->checkbox( 'apply_antispam', ! $edited_Group->get('perm_bypass_antispam'), T_('Antispam filtering'),
 211                                          T_('Inputs from these users will be checked against the antispam blacklist.') );
 212  
 213      // Display pluggable permissions:
 214      display_pluggable_permissions( $Form, 'blogging' );
 215  
 216  $Form->end_fieldset();
 217  
 218  $Form->begin_fieldset( T_('Additional permissions').get_manual_link('group_properties_additional_permissions') );
 219  
 220      $Form->radio( 'edited_grp_perm_stats', $edited_Group->get('perm_stats'),
 221              array(  $perm_none_option,
 222                              array( 'user', T_('View stats for specific blogs'), T_('Based on each blog\'s edit permissions') ), // fp> dirty hack, I'll tie this to blog edit perm for now
 223                              array( 'view', T_('View stats for all blogs') ),
 224                              array( 'edit', T_('Full Access'), T_('Includes deleting/reassigning of stats') )
 225                          ), T_('Stats'), true );
 226  
 227      // Display pluggable permissions:
 228      display_pluggable_permissions( $Form, 'additional' );
 229  
 230  $Form->end_fieldset();
 231  
 232  $Form->begin_fieldset( T_('System admin permissions').get_manual_link('group_properties_system_permissions') );
 233  
 234      // Display pluggable permissions:
 235      display_pluggable_permissions( $Form, 'core' );
 236  
 237      // show Settings children permissions only if this user group has at least "View details" rights on global System Settings
 238      echo '<div id="perm_options_children"'.( $edited_Group->check_perm( 'options', 'view' ) ? '' : ' style="display:none"' ).'>';
 239      display_pluggable_permissions( $Form, 'core2' );
 240      display_pluggable_permissions( $Form, 'system' );
 241      echo '</div>';
 242  
 243      display_pluggable_permissions( $Form, 'core3' );
 244  
 245  $Form->end_fieldset();
 246  
 247  $Form->begin_fieldset( T_( 'Notification options') );
 248  
 249      // Display pluggale notification options
 250      display_pluggable_permissions( $Form, 'notifications');
 251  
 252  $Form->end_fieldset();
 253  
 254  if( $action != 'view' )
 255  {
 256      $Form->buttons( array(
 257          array( '', '', T_('Save !'), 'SaveButton' ),
 258          array( 'reset', '', T_('Reset'), 'ResetButton' ) ) );
 259  }
 260  
 261  $Form->end_form();
 262  
 263  // set shared root permission availability, when form was loaded and when file perms was changed
 264  ?>
 265  <script type="text/javascript">
 266  file_perm_changed();
 267  jQuery( '[name="edited_grp_perm_files"]' ).click( function() {
 268      file_perm_changed();
 269  } );
 270  
 271  jQuery( 'input[name=edited_grp_perm_options]' ).click( function()
 272  {    // Show/Hide the children permissions of the Settings permission
 273      if( jQuery( this ).val() == 'none' )
 274      {
 275          jQuery( 'div#perm_options_children' ).hide();
 276      }
 277      else
 278      {
 279          jQuery( 'div#perm_options_children' ).show();
 280      }
 281  } );
 282  </script>

title

Description

title

Description

title

Description

title

title

Body