[177a560] | 1 | <?php |
---|
| 2 | |
---|
| 3 | /** |
---|
| 4 | * @file |
---|
| 5 | * Contains administrative screens for the access control plugins. |
---|
| 6 | * |
---|
| 7 | * Access control can be implemented by creating a list of 0 or more access |
---|
| 8 | * plugins, each with settings. This list can be ANDed together or ORed |
---|
| 9 | * together. When testing access, each plugin is tested until success |
---|
| 10 | * or failure can be determined. We use short circuiting techniques to |
---|
| 11 | * ensure we are as efficient as possible. |
---|
| 12 | * |
---|
| 13 | * Access plugins are part of the context system, and as such can require |
---|
| 14 | * contexts to work. That allows the use of access based upon visibility |
---|
| 15 | * of an object, or even more esoteric things such as node type, node language |
---|
| 16 | * etc. Since a lot of access depends on the logged in user, the logged in |
---|
| 17 | * user should always be provided as a context. |
---|
| 18 | * |
---|
| 19 | * In the UI, the user is presented with a table and a 'add access method' select. |
---|
| 20 | * When added, the user will be presented with the config wizard and, when |
---|
| 21 | * confirmed, table will be refreshed via AJAX to show the new access method. |
---|
| 22 | * Each item in the table will have controls to change the settings or remove |
---|
| 23 | * the item. Changing the settings will invoke the modal for update. |
---|
| 24 | * |
---|
| 25 | * Currently the modal is not degradable, but it could be with only a small |
---|
| 26 | * amount of work. |
---|
| 27 | * |
---|
| 28 | * A simple radio |
---|
| 29 | * control is used to let the user pick the and/or logic. |
---|
| 30 | * |
---|
| 31 | * Access control is stored in an array: |
---|
| 32 | * @code |
---|
| 33 | * array( |
---|
| 34 | * 'plugins' => array( |
---|
| 35 | * 0 => array( |
---|
| 36 | * 'name' => 'name of access plugin', |
---|
| 37 | * 'settings' => array(), // These will be set by the form |
---|
| 38 | * ), |
---|
| 39 | * // ... as many as needed |
---|
| 40 | * ), |
---|
| 41 | * 'logic' => 'AND', // or 'OR', |
---|
| 42 | * ), |
---|
| 43 | * @endcode |
---|
| 44 | * |
---|
| 45 | * To add this widget to your UI, you need to do a little bit of setup. |
---|
| 46 | * |
---|
| 47 | * The form will utilize two callbacks, one to get the cached version |
---|
| 48 | * of the access settings, and one to store the cached version of the |
---|
| 49 | * access settings. These will be used from AJAX forms, so they will |
---|
| 50 | * be completely out of the context of this page load and will not have |
---|
| 51 | * knowledge of anything sent to this form (the 'module' and 'argument' |
---|
| 52 | * will be preserved through the URL only). |
---|
| 53 | * |
---|
| 54 | * The 'module' is used to determine the location of the callback. It |
---|
| 55 | * does not strictly need to be a module, so that if your module defines |
---|
| 56 | * multiple systems that use this callback, it can use anything within the |
---|
| 57 | * module's namespace it likes. |
---|
| 58 | * |
---|
| 59 | * When retrieving the cache, the cache may not have already been set up; |
---|
| 60 | * In order to efficiently use cache space, we want to cache the stored |
---|
| 61 | * settings *only* when they have changed. Therefore, the get access cache |
---|
| 62 | * callback should first look for cache, and if it finds nothing, return |
---|
| 63 | * the original settings. |
---|
| 64 | * |
---|
| 65 | * The callbacks: |
---|
| 66 | * - $module . _ctools_access_get($argument) -- get the 'access' settings |
---|
| 67 | * from cache. Must return array($access, $contexts); This callback can |
---|
| 68 | * perform access checking to make sure this URL is not being gamed. |
---|
| 69 | * - $module . _ctools_access_set($argument, $access) -- set the 'access' |
---|
| 70 | * settings in cache. |
---|
| 71 | * - $module . _ctools_access_clear($argument) -- clear the cache. |
---|
| 72 | * |
---|
| 73 | * The ctools_object_cache is recommended for this purpose, but you can use |
---|
| 74 | * any caching mechanism you like. An example: |
---|
| 75 | * |
---|
| 76 | * @code{ |
---|
| 77 | * ctools_include('object-cache'); |
---|
| 78 | * ctools_object_cache_set("$module:argument", $access); |
---|
| 79 | * } |
---|
| 80 | * |
---|
| 81 | * To utilize this form: |
---|
| 82 | * @code |
---|
| 83 | * ctools_include('context-access-admin'); |
---|
| 84 | * ctools_include('form'), |
---|
| 85 | * $form_state = array( |
---|
| 86 | * 'access' => $access, |
---|
| 87 | * 'module' => 'module name', |
---|
| 88 | * 'callback argument' => 'some string', |
---|
| 89 | * 'contexts' => $contexts, // an array of contexts. Optional if no contexts. |
---|
| 90 | * // 'logged-in-user' will be added if not present as the access system |
---|
| 91 | * // requires this context. |
---|
| 92 | * ), |
---|
| 93 | * $output = ctools_build_form('ctools_access_admin_form', $form_state); |
---|
| 94 | * if (!empty($form_state['executed'])) { |
---|
| 95 | * // save $form_state['access'] however you like. |
---|
| 96 | * } |
---|
| 97 | * @endcode |
---|
| 98 | * |
---|
| 99 | * Additionally, you may add 'no buttons' => TRUE if you wish to embed this |
---|
| 100 | * form into your own, and instead call |
---|
| 101 | * |
---|
| 102 | * @code{ |
---|
| 103 | * $form = array_merge($form, ctools_access_admin_form($form_state)); |
---|
| 104 | * } |
---|
| 105 | * |
---|
| 106 | * You'll be responsible for adding a submit button. |
---|
| 107 | * |
---|
| 108 | * You may use ctools_access($access, $contexts) which will return |
---|
| 109 | * TRUE if access is passed or FALSE if access is not passed. |
---|
| 110 | */ |
---|
| 111 | |
---|
| 112 | /** |
---|
| 113 | * Administrative form for access control. |
---|
| 114 | */ |
---|
| 115 | function ctools_access_admin_form(&$form_state) { |
---|
| 116 | ctools_include('context'); |
---|
| 117 | $argument = isset($form_state['callback argument']) ? $form_state['callback argument'] : ''; |
---|
| 118 | $fragment = $form_state['module']; |
---|
| 119 | if ($argument) { |
---|
| 120 | $fragment .= '-' . $argument; |
---|
| 121 | } |
---|
| 122 | |
---|
| 123 | $contexts = isset($form_state['contexts']) ? $form_state['contexts'] : array(); |
---|
| 124 | |
---|
| 125 | $form['access_table'] = array( |
---|
| 126 | '#value' => ctools_access_admin_render_table($form_state['access'], $fragment, $contexts), |
---|
| 127 | ); |
---|
| 128 | |
---|
| 129 | $form['add-button'] = array( |
---|
| 130 | '#theme' => 'ctools_access_admin_add', |
---|
| 131 | ); |
---|
| 132 | // This sets up the URL for the add access modal. |
---|
| 133 | $form['add-button']['add-url'] = array( |
---|
| 134 | '#attributes' => array('class' => "ctools-access-add-url"), |
---|
| 135 | '#type' => 'hidden', |
---|
| 136 | '#value' => url("ctools/context/ajax/access/add/$fragment", array('absolute' => TRUE)), |
---|
| 137 | ); |
---|
| 138 | |
---|
| 139 | $plugins = ctools_get_relevant_access_plugins($contexts); |
---|
| 140 | $options = array(); |
---|
| 141 | foreach ($plugins as $id => $plugin) { |
---|
| 142 | $options[$id] = $plugin['title']; |
---|
| 143 | } |
---|
| 144 | |
---|
| 145 | asort($options); |
---|
| 146 | |
---|
| 147 | $form['add-button']['type'] = array( |
---|
| 148 | // This ensures that the form item is added to the URL. |
---|
| 149 | '#attributes' => array('class' => "ctools-access-add-url"), |
---|
| 150 | '#type' => 'select', |
---|
| 151 | '#options' => $options, |
---|
| 152 | ); |
---|
| 153 | |
---|
| 154 | $form['add-button']['add'] = array( |
---|
| 155 | '#type' => 'submit', |
---|
| 156 | '#attributes' => array('class' => 'ctools-use-modal'), |
---|
| 157 | '#id' => "ctools-access-add", |
---|
| 158 | '#value' => t('Add'), |
---|
| 159 | ); |
---|
| 160 | |
---|
| 161 | $form['logic'] = array( |
---|
| 162 | '#type' => 'radios', |
---|
| 163 | '#options' => array( |
---|
| 164 | 'and' => t('All criteria must pass.'), |
---|
| 165 | 'or' => t('Only one criteria must pass.'), |
---|
| 166 | ), |
---|
| 167 | '#default_value' => isset($form_state['access']['logic']) ? $form_state['access']['logic'] : 'and', |
---|
| 168 | ); |
---|
| 169 | |
---|
| 170 | if (empty($form_state['no buttons'])) { |
---|
| 171 | $form['buttons']['save'] = array( |
---|
| 172 | '#type' => 'submit', |
---|
| 173 | '#value' => t('Save'), |
---|
| 174 | '#submit' => array('ctools_access_admin_form_submit'), |
---|
| 175 | ); |
---|
| 176 | } |
---|
| 177 | |
---|
| 178 | return $form; |
---|
| 179 | } |
---|
| 180 | |
---|
| 181 | /** |
---|
| 182 | * Render the table. This is used both to render it initially and to rerender |
---|
| 183 | * it upon ajax response. |
---|
| 184 | */ |
---|
| 185 | function ctools_access_admin_render_table($access, $fragment, $contexts) { |
---|
| 186 | ctools_include('ajax'); |
---|
| 187 | ctools_include('modal'); |
---|
| 188 | $rows = array(); |
---|
| 189 | |
---|
| 190 | if (empty($access['plugins'])) { |
---|
| 191 | $access['plugins'] = array(); |
---|
| 192 | } |
---|
| 193 | |
---|
| 194 | foreach ($access['plugins'] as $id => $test) { |
---|
| 195 | $row = array(); |
---|
| 196 | $plugin = ctools_get_access_plugin($test['name']); |
---|
| 197 | $title = isset($plugin['title']) ? $plugin['title'] : t('Broken/missing access plugin %plugin', array('%plugin' => $test['name'])); |
---|
| 198 | |
---|
| 199 | $row[] = array('data' => $title, 'class' => 'ctools-access-title'); |
---|
| 200 | |
---|
| 201 | $description = ctools_access_summary($plugin, $contexts, $test); |
---|
| 202 | $row[] = array('data' => $description, 'class' => 'ctools-access-description'); |
---|
| 203 | |
---|
| 204 | $operations = ctools_modal_image_button(ctools_image_path('icon-configure.png'), "ctools/context/ajax/access/configure/$fragment/$id", t('Configure settings for this item.')); |
---|
| 205 | $operations .= ctools_ajax_image_button(ctools_image_path('icon-delete.png'), "ctools/context/ajax/access/delete/$fragment/$id", t('Remove this item.')); |
---|
| 206 | |
---|
| 207 | $row[] = array('data' => $operations, 'class' => 'ctools-access-operations', 'align' => 'right'); |
---|
| 208 | |
---|
| 209 | $rows[] = $row; |
---|
| 210 | } |
---|
| 211 | |
---|
| 212 | $header = array( |
---|
| 213 | array('data' => t('Title'), 'class' => 'ctools-access-title'), |
---|
| 214 | array('data' => t('Description'), 'class' => 'ctools-access-description'), |
---|
| 215 | array('data' => '', 'class' => 'ctools-access-operations', 'align' => 'right'), |
---|
| 216 | ); |
---|
| 217 | |
---|
| 218 | if (empty($rows)) { |
---|
| 219 | $rows[] = array(array('data' => t('No criteria selected, this test will pass.'), 'colspan' => count($header))); |
---|
| 220 | } |
---|
| 221 | |
---|
| 222 | ctools_modal_add_js(); |
---|
| 223 | return theme('table', $header, $rows, array('id' => 'ctools-access-table')); |
---|
| 224 | } |
---|
| 225 | |
---|
| 226 | /** |
---|
| 227 | * Theme the 'add' portion of the access form into a table. |
---|
| 228 | */ |
---|
| 229 | function theme_ctools_access_admin_add($form) { |
---|
| 230 | $rows = array(array(drupal_render($form))); |
---|
| 231 | $output = '<div class="container-inline">'; |
---|
| 232 | $output .= theme('table', array(), $rows); |
---|
| 233 | $output .= '</div>'; |
---|
| 234 | return $output; |
---|
| 235 | } |
---|
| 236 | |
---|
| 237 | function ctools_access_admin_form_submit($form, &$form_state) { |
---|
| 238 | $form_state['access']['logic'] = $form_state['values']['logic']; |
---|
| 239 | |
---|
| 240 | $function = $form_state['module'] . '_ctools_access_clear'; |
---|
| 241 | if (function_exists($function)) { |
---|
| 242 | $function($form_state['argument']); |
---|
| 243 | } |
---|
| 244 | } |
---|
| 245 | |
---|
| 246 | // -------------------------------------------------------------------------- |
---|
| 247 | // AJAX menu entry points. |
---|
| 248 | |
---|
| 249 | /** |
---|
| 250 | * AJAX callback to add a new access test to the list. |
---|
| 251 | */ |
---|
| 252 | function ctools_access_ajax_add($fragment = NULL, $name = NULL) { |
---|
| 253 | ctools_include('ajax'); |
---|
| 254 | ctools_include('modal'); |
---|
| 255 | ctools_include('context'); |
---|
| 256 | |
---|
| 257 | if (empty($fragment) || empty($name)) { |
---|
| 258 | ctools_ajax_render_error(); |
---|
| 259 | } |
---|
| 260 | |
---|
| 261 | $plugin = ctools_get_access_plugin($name); |
---|
| 262 | if (empty($plugin)) { |
---|
| 263 | ctools_ajax_render_error(); |
---|
| 264 | } |
---|
| 265 | |
---|
| 266 | // Separate the fragment into 'module' and 'argument' |
---|
| 267 | if (strpos($fragment, '-') === FALSE) { |
---|
| 268 | $module = $fragment; |
---|
| 269 | $argument = NULL; |
---|
| 270 | } |
---|
| 271 | else { |
---|
| 272 | list($module, $argument) = explode('-', $fragment, 2); |
---|
| 273 | } |
---|
| 274 | |
---|
| 275 | $function = $module . '_ctools_access_get'; |
---|
| 276 | if (!function_exists($function)) { |
---|
| 277 | ctools_ajax_render_error(t('Missing callback hooks.')); |
---|
| 278 | } |
---|
| 279 | |
---|
| 280 | list($access, $contexts) = $function($argument); |
---|
| 281 | |
---|
| 282 | // Make sure we have the logged in user context |
---|
| 283 | if (!isset($contexts['logged-in-user'])) { |
---|
| 284 | $contexts['logged-in-user'] = ctools_access_get_loggedin_context(); |
---|
| 285 | } |
---|
| 286 | |
---|
| 287 | if (empty($access['plugins'])) { |
---|
| 288 | $access['plugins'] = array(); |
---|
| 289 | } |
---|
| 290 | |
---|
| 291 | $test = ctools_access_new_test($plugin); |
---|
| 292 | |
---|
| 293 | $id = $access['plugins'] ? max(array_keys($access['plugins'])) + 1 : 0; |
---|
| 294 | $access['plugins'][$id] = $test; |
---|
| 295 | |
---|
| 296 | $form_state = array( |
---|
| 297 | 'plugin' => $plugin, |
---|
| 298 | 'id' => $id, |
---|
| 299 | 'test' => &$access['plugins'][$id], |
---|
| 300 | 'access' => &$access, |
---|
| 301 | 'contexts' => $contexts, |
---|
| 302 | 'title' => t('Add criteria'), |
---|
| 303 | 'ajax' => TRUE, |
---|
| 304 | ); |
---|
| 305 | |
---|
| 306 | $output = ctools_modal_form_wrapper('ctools_access_ajax_edit_item', $form_state); |
---|
| 307 | if (empty($output)) { |
---|
| 308 | $function = $module . '_ctools_access_set'; |
---|
| 309 | if (function_exists($function)) { |
---|
| 310 | $function($argument, $access); |
---|
| 311 | } |
---|
| 312 | |
---|
| 313 | $table = ctools_access_admin_render_table($access, $fragment, $contexts); |
---|
| 314 | $output = array(); |
---|
| 315 | $output[] = ctools_ajax_command_replace('table#ctools-access-table', $table); |
---|
| 316 | $output[] = ctools_modal_command_dismiss(); |
---|
| 317 | } |
---|
| 318 | |
---|
| 319 | ctools_ajax_render($output); |
---|
| 320 | } |
---|
| 321 | |
---|
| 322 | /** |
---|
| 323 | * AJAX callback to edit an access test in the list. |
---|
| 324 | */ |
---|
| 325 | function ctools_access_ajax_edit($fragment = NULL, $id = NULL) { |
---|
| 326 | ctools_include('ajax'); |
---|
| 327 | ctools_include('modal'); |
---|
| 328 | ctools_include('context'); |
---|
| 329 | |
---|
| 330 | if (empty($fragment) || !isset($id)) { |
---|
| 331 | ctools_ajax_render_error(); |
---|
| 332 | } |
---|
| 333 | |
---|
| 334 | // Separate the fragment into 'module' and 'argument' |
---|
| 335 | if (strpos($fragment, '-') === FALSE) { |
---|
| 336 | $module = $fragment; |
---|
| 337 | $argument = NULL; |
---|
| 338 | } |
---|
| 339 | else { |
---|
| 340 | list($module, $argument) = explode('-', $fragment, 2); |
---|
| 341 | } |
---|
| 342 | |
---|
| 343 | $function = $module . '_ctools_access_get'; |
---|
| 344 | if (!function_exists($function)) { |
---|
| 345 | ctools_ajax_render_error(t('Missing callback hooks.')); |
---|
| 346 | } |
---|
| 347 | |
---|
| 348 | list($access, $contexts) = $function($argument); |
---|
| 349 | |
---|
| 350 | if (empty($access['plugins'][$id])) { |
---|
| 351 | ctools_ajax_render_error(); |
---|
| 352 | } |
---|
| 353 | |
---|
| 354 | // Make sure we have the logged in user context |
---|
| 355 | if (!isset($contexts['logged-in-user'])) { |
---|
| 356 | $contexts['logged-in-user'] = ctools_access_get_loggedin_context(); |
---|
| 357 | } |
---|
| 358 | |
---|
| 359 | $plugin = ctools_get_access_plugin($access['plugins'][$id]['name']); |
---|
| 360 | $form_state = array( |
---|
| 361 | 'plugin' => $plugin, |
---|
| 362 | 'id' => $id, |
---|
| 363 | 'test' => &$access['plugins'][$id], |
---|
| 364 | 'access' => &$access, |
---|
| 365 | 'contexts' => $contexts, |
---|
| 366 | 'title' => t('Edit criteria'), |
---|
| 367 | 'ajax' => TRUE, |
---|
| 368 | ); |
---|
| 369 | |
---|
| 370 | $output = ctools_modal_form_wrapper('ctools_access_ajax_edit_item', $form_state); |
---|
| 371 | if (empty($output)) { |
---|
| 372 | $function = $module . '_ctools_access_set'; |
---|
| 373 | if (function_exists($function)) { |
---|
| 374 | $function($argument, $access); |
---|
| 375 | } |
---|
| 376 | |
---|
| 377 | $table = ctools_access_admin_render_table($access, $fragment, $contexts); |
---|
| 378 | $output = array(); |
---|
| 379 | $output[] = ctools_ajax_command_replace('table#ctools-access-table', $table); |
---|
| 380 | $output[] = ctools_modal_command_dismiss(); |
---|
| 381 | } |
---|
| 382 | |
---|
| 383 | ctools_ajax_render($output); |
---|
| 384 | } |
---|
| 385 | |
---|
| 386 | /** |
---|
| 387 | * Form to edit the settings of an access test. |
---|
| 388 | */ |
---|
| 389 | function ctools_access_ajax_edit_item(&$form_state) { |
---|
| 390 | $test = &$form_state['test']; |
---|
| 391 | $plugin = &$form_state['plugin']; |
---|
| 392 | |
---|
| 393 | if (isset($plugin['required context'])) { |
---|
| 394 | $form['context'] = ctools_context_selector($form_state['contexts'], $plugin['required context'], $test['context']); |
---|
| 395 | } |
---|
| 396 | $form['settings'] = array('#tree' => TRUE); |
---|
| 397 | if ($function = ctools_plugin_get_function($plugin, 'settings form')) { |
---|
| 398 | $function($form, $form_state, $test['settings']); |
---|
| 399 | } |
---|
| 400 | |
---|
| 401 | $form['not'] = array( |
---|
| 402 | '#type' => 'checkbox', |
---|
| 403 | '#title' => t('Reverse (NOT)'), |
---|
| 404 | '#default_value' => !empty($test['not']), |
---|
| 405 | ); |
---|
| 406 | |
---|
| 407 | $form['save'] = array( |
---|
| 408 | '#type' => 'submit', |
---|
| 409 | '#value' => t('Save'), |
---|
| 410 | ); |
---|
| 411 | |
---|
| 412 | return $form; |
---|
| 413 | } |
---|
| 414 | |
---|
| 415 | /** |
---|
| 416 | * Validate handler for argument settings. |
---|
| 417 | */ |
---|
| 418 | function ctools_access_ajax_edit_item_validate(&$form, &$form_state) { |
---|
| 419 | if ($function = ctools_plugin_get_function($form_state['plugin'], 'settings form validate')) { |
---|
| 420 | $function($form, $form_state); |
---|
| 421 | } |
---|
| 422 | } |
---|
| 423 | |
---|
| 424 | /** |
---|
| 425 | * Submit handler for argument settings. |
---|
| 426 | */ |
---|
| 427 | function ctools_access_ajax_edit_item_submit(&$form, &$form_state) { |
---|
| 428 | if ($function = ctools_plugin_get_function($form_state['plugin'], 'settings form submit')) { |
---|
| 429 | $function($form, $form_state); |
---|
| 430 | } |
---|
| 431 | |
---|
| 432 | $form_state['test']['settings'] = $form_state['values']['settings']; |
---|
| 433 | if (isset($form_state['values']['context'])) { |
---|
| 434 | $form_state['test']['context'] = $form_state['values']['context']; |
---|
| 435 | } |
---|
| 436 | $form_state['test']['not'] = !empty($form_state['values']['not']); |
---|
| 437 | } |
---|
| 438 | |
---|
| 439 | /** |
---|
| 440 | * AJAX command to remove an access control item. |
---|
| 441 | */ |
---|
| 442 | function ctools_access_ajax_delete($fragment = NULL, $id = NULL) { |
---|
| 443 | ctools_include('ajax'); |
---|
| 444 | ctools_include('modal'); |
---|
| 445 | ctools_include('context'); |
---|
| 446 | |
---|
| 447 | if (empty($fragment) || !isset($id)) { |
---|
| 448 | ctools_ajax_render_error(); |
---|
| 449 | } |
---|
| 450 | |
---|
| 451 | // Separate the fragment into 'module' and 'argument' |
---|
| 452 | if (strpos($fragment, '-') === FALSE) { |
---|
| 453 | $module = $fragment; |
---|
| 454 | $argument = NULL; |
---|
| 455 | } |
---|
| 456 | else { |
---|
| 457 | list($module, $argument) = explode('-', $fragment, 2); |
---|
| 458 | } |
---|
| 459 | |
---|
| 460 | $function = $module . '_ctools_access_get'; |
---|
| 461 | if (!function_exists($function)) { |
---|
| 462 | ctools_ajax_render_error(t('Missing callback hooks.')); |
---|
| 463 | } |
---|
| 464 | |
---|
| 465 | list($access, $contexts) = $function($argument); |
---|
| 466 | |
---|
| 467 | if (isset($access['plugins'][$id])) { |
---|
| 468 | unset($access['plugins'][$id]); |
---|
| 469 | } |
---|
| 470 | |
---|
| 471 | // re-cache |
---|
| 472 | $function = $module . '_ctools_access_set'; |
---|
| 473 | if (function_exists($function)) { |
---|
| 474 | $function($argument, $access); |
---|
| 475 | } |
---|
| 476 | |
---|
| 477 | $table = ctools_access_admin_render_table($access, $fragment, $contexts); |
---|
| 478 | $output = array(); |
---|
| 479 | $output[] = ctools_ajax_command_replace('table#ctools-access-table', $table); |
---|
| 480 | |
---|
| 481 | ctools_ajax_render($output); |
---|
| 482 | } |
---|