lib/plugins/acl/remote.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104

<?php

use dokuwiki\Extension\RemotePlugin;
use dokuwiki\Remote\AccessDeniedException;

/**
 * Class remote_plugin_acl
 */
class remote_plugin_acl extends RemotePlugin
{
    /**
     * Returns details about the remote plugin methods
     *
     * @return array Information about all provided methods. {@see dokuwiki\Remote\RemoteAPI}
     */
    public function getMethods()
    {
        return [
            'listAcls' => [
                'args' => [],
                'return' => 'Array of ACLs {scope, user, permission}',
                'name' => 'listAcls',
                'doc' => 'Get the list of all ACLs'
            ],
            'addAcl' => [
                'args' => ['string', 'string', 'int'],
                'return' => 'int',
                'name' => 'addAcl',
                'doc' => 'Adds a new ACL rule.'
            ],
            'delAcl' => [
                'args' => ['string', 'string'],
                'return' => 'int',
                'name' => 'delAcl',
                'doc' => 'Delete an existing ACL rule.'
            ]
        ];
    }

    /**
     * List all ACL config entries
     *
     * @throws AccessDeniedException
     * @return dictionary {Scope: ACL}, where ACL = dictionnary {user/group: permissions_int}
     */
    public function listAcls()
    {
        if (!auth_isadmin()) {
            throw new AccessDeniedException(
                'You are not allowed to access ACLs, superuser permission is required',
                114
            );
        }
        /** @var admin_plugin_acl $apa */
        $apa = plugin_load('admin', 'acl');
        $apa->initAclConfig();
        return $apa->acl;
    }

    /**
     * Add a new entry to ACL config
     *
     * @param string $scope
     * @param string $user
     * @param int    $level see also inc/auth.php
     * @throws AccessDeniedException
     * @return bool
     */
    public function addAcl($scope, $user, $level)
    {
        if (!auth_isadmin()) {
            throw new AccessDeniedException(
                'You are not allowed to access ACLs, superuser permission is required',
                114
            );
        }

        /** @var admin_plugin_acl $apa */
        $apa = plugin_load('admin', 'acl');
        return $apa->addOrUpdateACL($scope, $user, $level);
    }

    /**
     * Remove an entry from ACL config
     *
     * @param string $scope
     * @param string $user
     * @throws AccessDeniedException
     * @return bool
     */
    public function delAcl($scope, $user)
    {
        if (!auth_isadmin()) {
            throw new AccessDeniedException(
                'You are not allowed to access ACLs, superuser permission is required',
                114
            );
        }

        /** @var admin_plugin_acl $apa */
        $apa = plugin_load('admin', 'acl');
        return $apa->deleteACL($scope, $user);
    }
}