1197 lines
40 KiB
Text
1197 lines
40 KiB
Text
<?php namespace ProcessWire;
|
||
|
||
/**
|
||
* ProcessWire Page Permissions Module
|
||
*
|
||
* Adds convenience methods to all Page objects for checking permissions, i.e.
|
||
*
|
||
* if($page->editable()) { do something }
|
||
* if(!$page->viewable()) { echo "sorry you can't view this"; }
|
||
* ...and so on...
|
||
*
|
||
* ProcessWire 3.x, Copyright 2023 by Ryan Cramer
|
||
* https://processwire.com
|
||
*
|
||
* Optional special permissions that are optional (by default, not installed):
|
||
*
|
||
* 1. page-publish: when installed, editable() returns false, when it would otherwise return true,
|
||
* on published pages, if user doesn't have page-publish permission in their roles.
|
||
*
|
||
* 2. page-edit-created: when installed, editable() returns false, when it would otherwise
|
||
* return true, if user's role has this permission and they are not the $page->createdUser.
|
||
* This is a permission that reduces access rather than increasing it. Note that
|
||
* page-edit-created does nothing if the user doesn't have page-edit permission.
|
||
*
|
||
* 3. page-rename: when installed, user must have this permission in their role before they
|
||
* can change the name of a published page. They can still change the name of an unpublished
|
||
* page. When not installed, this permission falls back to page-edit.
|
||
*
|
||
* 4. page-edit-lang-default: when installed on a multi-language site, user must have this
|
||
* permission in order edit multi-language fields in "default" language. This permission
|
||
* is also required to create or delete pages (if user already has other permissions that enable
|
||
* them to create or delete pages).
|
||
*
|
||
* 5. page-edit-lang-[language_name]: when installed on a multi-language site, user must have
|
||
* this permission to edit multi-language fields in the [language_name] language.
|
||
*
|
||
* 6. page-edit-lang-none: when installed on a multi-language site, user must have this
|
||
* permission to edit non-multi-language fields. They must also have it to create or delete
|
||
* pages (if user already has other permissions that enable that).
|
||
*
|
||
* 7. user-admin-all: when installed, a user must have this permission in order to edit other
|
||
* users of all roles (except superuser of course). When installed, the regular user-admin
|
||
* permission only acts as a pre-requisite for editing users, and enables only listing users,
|
||
* and editing users that have only the 'guest' role. The user-admin-all essentially grants
|
||
* the same thing as user-admin permission does on a system that has no user-admin-all
|
||
* permission installed. That's what it does, but why is it here? The entire purpose is to
|
||
* support user-admin-[role] permissions, as described in the next item below:
|
||
*
|
||
* 8. user-admin-[role_name]: when installed on a site that also has user-admin-all permission
|
||
* installed, a user must have this permission (along with user-admin permission) in order
|
||
* to edit users in role [role_name], or to grant that role to other guest users, or to
|
||
* revoke it from them. Think of this permission as granting a user administrative privileges
|
||
* to just a specific group of users. Note that there would be no reason to combine this
|
||
* permission with the user-admin-all permission, as user-admin-all permission grants admin
|
||
* privileges to all roles.
|
||
*
|
||
*/
|
||
|
||
class PagePermissions extends WireData implements Module {
|
||
|
||
public static function getModuleInfo() {
|
||
return array(
|
||
'title' => 'Page Permissions',
|
||
'version' => 105,
|
||
'summary' => 'Adds various permission methods to Page objects that are used by Process modules.',
|
||
'permanent' => true,
|
||
'singular' => true,
|
||
'autoload' => true,
|
||
);
|
||
}
|
||
|
||
/**
|
||
* Do we have page-publish permission in the system?
|
||
*
|
||
* @var null|bool Null=unset state
|
||
*
|
||
*/
|
||
protected $hasPagePublish = null;
|
||
|
||
/**
|
||
* Do we have page-edit-created permission in the system?
|
||
*
|
||
* @var null|bool Null=unset state
|
||
*
|
||
*/
|
||
protected $hasPageEditCreated = null;
|
||
|
||
/**
|
||
* Array of optional permission name => boolean of whether the system has it
|
||
*
|
||
* @var array
|
||
*
|
||
*/
|
||
protected $hasOptionalPermissions = array();
|
||
|
||
/**
|
||
* Establish permission hooks
|
||
*
|
||
*/
|
||
public function init() {
|
||
$this->addHook('Page::editable', $this, 'editable');
|
||
$this->addHook('Page::publishable', $this, 'publishable');
|
||
$this->addHook('Page::viewable', $this, 'viewable');
|
||
$this->addHook('Page::listable', $this, 'listable');
|
||
$this->addHook('Page::deleteable', $this, 'deleteable');
|
||
$this->addHook('Page::deletable', $this, 'deleteable');
|
||
$this->addHook('Page::trashable', $this, 'trashable');
|
||
$this->addHook('Page::restorable', $this, 'restorable');
|
||
$this->addHook('Page::addable', $this, 'addable');
|
||
$this->addHook('Page::moveable', $this, 'moveable');
|
||
$this->addHook('Page::sortable', $this, 'sortable');
|
||
// $this->addHook('Page::fieldViewable', $this, 'hookFieldViewable');
|
||
// $this->addHook('Page::fieldEditable', $this, 'hookFieldEditable');
|
||
// $this->addHook('Template::createable', $this, 'createable');
|
||
}
|
||
|
||
/**
|
||
* Hook that adds a Page::editable([$field]) method to determine if $page is editable by current user
|
||
*
|
||
* A field name may optionally be specified as the first argument, in which case the field on that
|
||
* page will also be checked for access.
|
||
*
|
||
* When using field, specify boolean false for second argument to bypass PageEditable check, as an
|
||
* optimization, if you have already determined that the page is editable.
|
||
*
|
||
* @param HookEvent $event
|
||
*
|
||
*/
|
||
public function editable($event) {
|
||
|
||
/** @var Page $page */
|
||
$page = $event->object;
|
||
$field = $event->arguments(0);
|
||
$checkPageEditable = true;
|
||
if($field && $event->arguments(1) === false) $checkPageEditable = false;
|
||
|
||
if($checkPageEditable && !$this->pageEditable($page)) {
|
||
$event->return = false;
|
||
|
||
} else if($field) {
|
||
$event->return = $this->fieldEditable($page, $field, false);
|
||
|
||
} else {
|
||
$event->return = true;
|
||
}
|
||
|
||
}
|
||
|
||
/**
|
||
* Is the given page editable?
|
||
*
|
||
* @param Page $page
|
||
* @return bool
|
||
*
|
||
*/
|
||
public function pageEditable(Page $page) {
|
||
if($this->wire()->hooks->isHooked('PagePermissions::pageEditable()')) {
|
||
return $this->__call('pageEditable', array($page));
|
||
} else {
|
||
return $this->___pageEditable($page);
|
||
}
|
||
}
|
||
|
||
|
||
/**
|
||
* Hookable implmentation for: Is the given page editable?
|
||
*
|
||
* @param Page $page
|
||
* @return bool
|
||
*
|
||
*/
|
||
protected function ___pageEditable(Page $page) {
|
||
|
||
$user = $this->wire()->user;
|
||
|
||
// superuser can always do whatever they want
|
||
if($user->isSuperuser()) return true;
|
||
|
||
// note there is an exception in the case of system pages, which require superuser to edit
|
||
if(($page->status & Page::statusSystem) && $page->template != 'language') return false;
|
||
|
||
// If page is locked and user doesn't have permission to unlock, don't let them edit
|
||
if($page->status & Page::statusLocked) {
|
||
if(!$user->hasPermission("page-lock", $page)) return false;
|
||
}
|
||
|
||
// special conditions apply if the page is a Language
|
||
if($page->template == 'language' && $user->hasPermission('page-edit') && $user->hasPermission('lang-edit')) {
|
||
return $this->hasLangPermission("page-edit-lang-$page->name", $user);
|
||
}
|
||
|
||
// special conditions apply if the page is a User
|
||
if($page instanceof User || in_array($page->template->id, $this->wire()->config->userTemplateIDs)) {
|
||
return $this->userEditable($page);
|
||
}
|
||
|
||
// if the user doesn't have page-edit permission, don't let them go further
|
||
if(!$user->hasPermission("page-edit", $page)) return false;
|
||
|
||
// check if the system has a page-edit-created permission installed
|
||
if($this->hasPageEditCreated === null) {
|
||
$this->hasPageEditCreated = $this->wire()->permissions->has('page-edit-created');
|
||
}
|
||
|
||
if($this->hasPageEditCreated && $user->hasPermission('page-edit-created', $page)) {
|
||
// page-edit-created permission is installed, so we have to account for it
|
||
// if user is not the one that created this page, don't allow them to edit it
|
||
if($page->created_users_id != $user->id) return false;
|
||
}
|
||
|
||
// now check if there is a page-publish permission in the system, and use it if so
|
||
if($this->hasPagePublish === null) {
|
||
$this->hasPagePublish = $this->wire()->permissions->get('page-publish')->id > 0;
|
||
}
|
||
|
||
if($this->hasPagePublish) {
|
||
|
||
// if user has the page-publish permission here, then we're good
|
||
if($user->hasPermission('page-publish', $page)) return true;
|
||
|
||
// if the page is unpublished then we're fine too
|
||
if($page->hasStatus(Page::statusUnpublished)) return true;
|
||
|
||
// otherwise user cannot edit this page
|
||
return false;
|
||
}
|
||
|
||
return true;
|
||
}
|
||
|
||
/**
|
||
* Returns whether the given user ($page) is editable by the current user
|
||
*
|
||
* @param User|Page $page
|
||
* @param array $options
|
||
* - `viewable` (bool): Specify true if only a viewable check is needed (default=false)
|
||
* @return bool
|
||
*
|
||
*/
|
||
public function userEditable(Page $page, array $options = array()) {
|
||
|
||
/** @var Process|ProcessProfile|ProcessPageView|ProcessUser|ProcessPageList|ProcessPageLister $process */
|
||
|
||
$user = $this->wire()->user;
|
||
$process = $this->wire()->process;
|
||
$processName = (string) $process;
|
||
$config = $this->wire()->config;
|
||
$guestRoleID = (int) $config->guestUserRolePageID;
|
||
$permissions = $this->wire()->permissions;
|
||
|
||
$defaults = array(
|
||
'viewable' => false, // specify true if method is being used to determine viewable state
|
||
);
|
||
|
||
$options = count($options) ? array_merge($defaults, $options) : $defaults;
|
||
|
||
if(!$page->id) return false;
|
||
|
||
if(!$page instanceof User) {
|
||
$template = $this->wire()->templates->get('user');
|
||
if($page->className() !== $template->getPageClass(false)) {
|
||
$page = $this->wire()->users->get($page->id);
|
||
}
|
||
}
|
||
|
||
if(!$page || $page instanceof NullPage) return false;
|
||
|
||
if($user->id === $page->id && $user->isLoggedin()) {
|
||
// user is the same as the page being edited or viewed
|
||
$wirePage = $this->wire()->page;
|
||
$wireProcessName = $wirePage ? "$wirePage->process" : '';
|
||
|
||
if(($processName === 'ProcessProfile' || $wireProcessName === 'ProcessProfile') && $user->hasPermission('profile-edit')) {
|
||
// user editing themself in ProcessProfile
|
||
return true;
|
||
}
|
||
if($options['viewable'] && $user->hasPermission('user-view-self')) {
|
||
// user requests to view themselves
|
||
return true;
|
||
}
|
||
}
|
||
|
||
if($options['viewable']) {
|
||
// perform viewable checks rather than editable checks
|
||
if($page->template->useRoles && $user->hasPermission('page-view', $page)) {
|
||
// access permission provided by page-view permission configured directly (not inherited) on user template
|
||
if($user->isLoggedin()) return true;
|
||
}
|
||
if($user->hasPermission('user-view-all')) {
|
||
// user-view-all permission is similar to page-view on the user template but can also be assigned to guest role
|
||
return true;
|
||
}
|
||
if($page->isSuperuser()) {
|
||
// if superuser role is present then view permission cannot be provided by any other user-view-[role]
|
||
return $user->isSuperuser() || $user->hasPermission('user-view-superuser');
|
||
}
|
||
// check for match between user-view-[role] permission and roles of user being requested
|
||
$userViewable = false;
|
||
foreach($page->roles as $role) {
|
||
// check for "user-view-[roleName]" permissions
|
||
if($role->id == $guestRoleID) continue;
|
||
if($user->hasPermission("user-view-$role->name")) $userViewable = true;
|
||
if($userViewable) break;
|
||
}
|
||
if($userViewable) return true;
|
||
|
||
} else {
|
||
// if the current process is something other than ProcessUser (or a Process module that can be
|
||
// used within ProcessUser) they don't have permission
|
||
$processNames = array(
|
||
'ProcessUser',
|
||
'ProcessPageList',
|
||
'ProcessPageLister',
|
||
'ProcessPageEditImageSelect'
|
||
);
|
||
if(!wireInstanceOf($process, $processNames)) return false;
|
||
}
|
||
|
||
// if user doesn't have user-admin permission, they have no edit access
|
||
if(!$user->hasPermission('user-admin')) return false;
|
||
|
||
// if the user page being edited has a superuser role, and the current user doesn't,
|
||
// never let them edit regardless of any other permissions
|
||
$superuserRole = $this->wire()->roles->get($config->superUserRolePageID);
|
||
if($page->roles->has($superuserRole) && !$user->roles->has($superuserRole)) return false;
|
||
|
||
// if we reach this point then check if there are more granular user-admin permissions available
|
||
// special permissions: user-admin-all, and user-admin-[role]
|
||
$userAdminPerms = $permissions->getPermissionNameIds('user-admin-');
|
||
|
||
// if there are no special permissions, then let them through
|
||
if(isset($userAdminPerms['user-admin-all'])) {
|
||
// if user has 'user-admin-all' permission, they are good to edit
|
||
if($user->hasPermission('user-admin-all')) return true;
|
||
// if there are no other user-admin perms then not editable
|
||
if(count($userAdminPerms) === 1) return false;
|
||
|
||
} else if(empty($userAdminPerms)) {
|
||
// no 'user-admin-[role]' permissions means permission delegated to just 'user-admin'
|
||
return true;
|
||
}
|
||
|
||
// there are role-specific permissions in the system, and user must have appropriate one to edit
|
||
$userEditable = false;
|
||
$pageRoles = $page->roles;
|
||
$n = 0;
|
||
|
||
foreach($pageRoles as $role) {
|
||
$n++;
|
||
if($role->id == $guestRoleID) continue;
|
||
$permName = "user-admin-$role->name";
|
||
if(!isset($userAdminPerms[$permName])) continue; // does not exist
|
||
if($user->hasPermission($permName)) {
|
||
// found a matching permission for role, so it is editable
|
||
$userEditable = true;
|
||
break;
|
||
} else {
|
||
// user does not have
|
||
}
|
||
}
|
||
|
||
if($userEditable) return true;
|
||
|
||
// if there is only 1 role (guest), then no role-specific permission needed for that
|
||
if($n == 0 || ($n == 1 && $pageRoles->first()->id == $guestRoleID)) return true;
|
||
|
||
return false;
|
||
}
|
||
|
||
/**
|
||
* Returns whether the given user ($page) is viewable by the current user
|
||
*
|
||
* @param User|Page $page
|
||
* @param array $options
|
||
* @return bool
|
||
* @throws WireException
|
||
*
|
||
*/
|
||
public function userViewable(Page $page, array $options = array()) {
|
||
$user = $this->wire()->user;
|
||
// user viewing themself
|
||
if($user->id === $page->id && $user->hasPermission('page-view', $page)) return true;
|
||
$options['viewable'] = true;
|
||
return $this->userEditable($page, $options);
|
||
}
|
||
|
||
/**
|
||
* Can the current user add/remove the given role from other users?
|
||
*
|
||
* @param string|Role|int $role
|
||
* @return bool
|
||
*
|
||
*/
|
||
public function userCanAssignRole($role) {
|
||
|
||
$user = $this->wire()->user;
|
||
|
||
// superuser can assign any role
|
||
if($user->isSuperuser()) return true;
|
||
|
||
// user-admin permission is a pre-requisite for any kind of role assignment
|
||
if(!$user->hasPermission('user-admin')) return false;
|
||
|
||
// make sure we have a Role object
|
||
if(!$role instanceof Role) $role = $this->wire()->roles->get($role);
|
||
if(!$role->id) return false;
|
||
|
||
$config = $this->wire()->config;
|
||
|
||
// cannot assign superuser role
|
||
if($role->id == $config->superUserRolePageID) return false;
|
||
|
||
// user with user-admin can always assign guest role
|
||
if($role->id == $config->guestUserRolePageID) return true;
|
||
|
||
// check for user-admin-all permission
|
||
$userAdminAll = $this->wire()->permissions->get('user-admin-all');
|
||
if(!$userAdminAll->id) {
|
||
// if there is no user-admin-all permission, then user-admin permission is
|
||
// all that is necessary to edit other users of any roles except superuser
|
||
return true;
|
||
}
|
||
|
||
if($user->hasPermission($userAdminAll)) {
|
||
// if user has user-admin-all permission, then they can assign any roles except superuser
|
||
return true;
|
||
}
|
||
|
||
// return whether user has permission specific to role
|
||
return $user->hasPermission("user-admin-$role->name");
|
||
}
|
||
|
||
/**
|
||
* Is the given Field or field name viewable?
|
||
*
|
||
* This provides the implementation for the Page::fieldViewable($field) method.
|
||
*
|
||
* @param Page $page
|
||
* @param string|Field $name Field name
|
||
* @param bool $checkPageViewable Check if the page is viewable? Default=true.
|
||
* Specify false here as an optimization if you've already confirmed $page is viewable.
|
||
* @return bool
|
||
*
|
||
*/
|
||
public function fieldViewable(Page $page, $name, $checkPageViewable = true) {
|
||
if(empty($name)) return false;
|
||
if($checkPageViewable && !$page->viewable(false)) {
|
||
return false;
|
||
}
|
||
if(is_object($name)) {
|
||
if($name instanceof Field) {
|
||
// Field object
|
||
$field = $name;
|
||
$name = $field->name;
|
||
} else {
|
||
// objects that aren't fields aren't viewable
|
||
return false;
|
||
}
|
||
} else {
|
||
$_name = $this->wire()->sanitizer->fieldName($name);
|
||
// if field name doesn't follow known format, return false
|
||
if($_name !== $name) return false;
|
||
$field = $this->wire()->fields->get($name);
|
||
}
|
||
if($field instanceof Field) {
|
||
// delegate to Field::viewable method
|
||
return $field->useRoles ? $field->viewable($page) : true;
|
||
} else if($this->wire($name)) {
|
||
// API vars are not viewable
|
||
return false;
|
||
}
|
||
|
||
// something else that we don't consider access for
|
||
return true;
|
||
}
|
||
|
||
/**
|
||
* Is the given field name editable?
|
||
*
|
||
* This provides the implementation for the Page::fieldEditable($field) method.
|
||
*
|
||
* @param Page $page
|
||
* @param string|Field $name Field name
|
||
* @param bool $checkPageEditable Check if the page is editable? Default=true.
|
||
* Specify false here as an optimization if you've already confirmed $page is editable.
|
||
* @return bool
|
||
*
|
||
*/
|
||
public function fieldEditable(Page $page, $name, $checkPageEditable = true) {
|
||
|
||
if(empty($name)) return false;
|
||
if($checkPageEditable && !$this->pageEditable($page)) return false;
|
||
if($name instanceof Field) $name = $name->name;
|
||
if(!is_string($name)) return false;
|
||
if(!strlen($name)) return true;
|
||
|
||
if($name === 'id' && ($page->status & Page::statusSystemID)) return false;
|
||
|
||
$user = $this->wire()->user;
|
||
|
||
if($page->status & Page::statusSystem) {
|
||
if(in_array($name, array('id', 'name', 'template', 'templates_id', 'parent', 'parent_id'))) {
|
||
return false;
|
||
}
|
||
}
|
||
|
||
if($name === 'template' || $name === 'templates_id') {
|
||
if($page->template->noChangeTemplate) return false;
|
||
if(!$user->hasPermission('page-template', $page)) return false;
|
||
}
|
||
|
||
if($name === 'name') {
|
||
// if page has no name (and not homepage), then it needs one, so it is allowed
|
||
if($page->id > 1 && !strlen($page->name)) return true;
|
||
// if page is not yet published, user with page-edit can still change name
|
||
if($page->isUnpublished()) return true;
|
||
// otherwise verify page-rename permission
|
||
return $user->hasPermission('page-rename', $page);
|
||
}
|
||
|
||
if($name === 'parent' || $name === 'parent_id') {
|
||
if($page->template->noMove) return false;
|
||
if(!$user->hasPermission('page-move', $page)) return false;
|
||
}
|
||
|
||
if($name === 'sortfield') {
|
||
if(!$user->hasPermission('page-sort', $page)) return false;
|
||
}
|
||
|
||
if($name === 'roles') {
|
||
if(!$user->hasPermission('user-admin')) return false;
|
||
}
|
||
|
||
if($user->id === $page->id && !$user->isSuperuser() && !$user->hasPermission('user-admin')) {
|
||
return $this->userFieldEditable($name, $user);
|
||
}
|
||
|
||
// check per-field edit access
|
||
$field = $this->wire()->fields->get($name);
|
||
if($field && $field->useRoles) {
|
||
return $field->editable($page);
|
||
}
|
||
|
||
return true;
|
||
}
|
||
|
||
/**
|
||
* Is given file viewable?
|
||
*
|
||
* It is assumed that you have already determined the Page is viewable.
|
||
*
|
||
* @param Page $page
|
||
* @param Pagefile|string $pagefile
|
||
* @return bool|null Returns bool, or null if not known
|
||
* @since 3.0.166
|
||
*
|
||
*/
|
||
protected function fileViewable(Page $page, $pagefile) {
|
||
if($this->wire()->user->isSuperuser()) return true;
|
||
if(!$pagefile instanceof Pagefile) {
|
||
$pagefile = $page->hasFile(basename($pagefile), array('getPagefile' => true));
|
||
if(!$pagefile) return null;
|
||
}
|
||
$field = $pagefile->field;
|
||
if(!$field) return null;
|
||
return $this->fieldViewable($page, $field, false);
|
||
}
|
||
|
||
/**
|
||
* Is the given field editable by the current user in their user profile?
|
||
*
|
||
* @param Field|string $name Field or Field name
|
||
* @param User|null User to check (default=current user)
|
||
* @return bool
|
||
*
|
||
*/
|
||
public function userFieldEditable($name, User $user = null) {
|
||
if($name instanceof Field) $name = $name->name;
|
||
if(empty($name) || !is_string($name)) return false;
|
||
if($user === null) $user = $this->wire()->user;
|
||
if(!$user->isLoggedin()) return false;
|
||
if(!$user->hasPermission('profile-edit')) return false;
|
||
$data = $this->wire()->modules->getConfig('ProcessProfile');
|
||
$profileFields = isset($data['profileFields']) ? $data['profileFields'] : array();
|
||
if(in_array($name, $profileFields)) return true;
|
||
return false;
|
||
}
|
||
|
||
/**
|
||
* Hook for Page::viewable() or Page::viewable($user) method
|
||
*
|
||
* Is the page viewable by the current user? (or specified user)
|
||
*
|
||
* - Optionally specify User object to hook as first argument to check for a specific User.
|
||
* - Optionally specify a field name (or Field object) as first argument to check for specific field.
|
||
* - Optionally specify Language object or language name as first argument to check if viewable
|
||
* in that language (requires LanguageSupportPageNames module).
|
||
* - Optionally specify boolean false as first or second argument to bypass template filename check.
|
||
* - Optionally specify a Pagefile object or file basename to check if file is viewable. (3.0.166+)
|
||
*
|
||
* Returns boolean true or false. If given a Pagefile or file basename, it can also return null if
|
||
* the Page itself is viewable but the file did not map to something we recognize as access controlled,
|
||
* like a file basename that isn’t present in any file fields on the page.
|
||
*
|
||
* @param HookEvent $event
|
||
*
|
||
*/
|
||
public function viewable($event) {
|
||
|
||
/** @var Page $page */
|
||
$page = $event->object;
|
||
$viewable = true;
|
||
$user = $this->wire()->user;
|
||
$arg0 = $event->arguments(0);
|
||
$arg1 = $event->arguments(1);
|
||
$field = null; // field name or Field object, if specified as arg0
|
||
$checkTemplateFile = true; // return false if template filename doesn't exist
|
||
$pagefile = null;
|
||
$status = $page->status;
|
||
|
||
// allow specifying User instance as argument 0
|
||
// this gives you a "viewable to user" capability
|
||
if($arg0) {
|
||
if($arg0 instanceof User) {
|
||
// user specified
|
||
$user = $arg0;
|
||
} else if($arg0 instanceof Pagefile || (is_string($arg0) && strpos($arg0, '.'))) {
|
||
// Pagefile or file basename
|
||
$pagefile = $arg0;
|
||
$checkTemplateFile = false;
|
||
} else if($arg0 instanceof Field || is_string($arg0)) {
|
||
// field name, Field object or language name specified
|
||
// @todo: prevent possible collision of field name and language name
|
||
$field = $arg0;
|
||
$checkTemplateFile = false;
|
||
}
|
||
}
|
||
|
||
if($arg0 === false || $arg1 === false) {
|
||
// bypass template filename check
|
||
$checkTemplateFile = false;
|
||
}
|
||
|
||
// if page has corrupted status, this need not affect viewable access
|
||
if($status & Page::statusCorrupted) $status = $status & ~Page::statusCorrupted;
|
||
|
||
// perform several viewable checks, in order
|
||
if($status >= Page::statusUnpublished) {
|
||
// unpublished pages are not viewable, but see override below this if/else statement
|
||
$viewable = false;
|
||
} else if(!$page->template || ($checkTemplateFile && !$page->template->filenameExists())) {
|
||
// template file does not exist
|
||
$viewable = false;
|
||
} else if($user->isSuperuser()) {
|
||
// superuser always allowed
|
||
// $viewable = true;
|
||
} else if($page->hasField('process') && $page->get('process')) {
|
||
// delegate access to permissions defined with Process module
|
||
$viewable = $this->processViewable($page);
|
||
} else if($page instanceof User) { // && !$user->isGuest() && ($user->hasPermission('user-admin') || $page->id === $user->id)) {
|
||
// user administrator or user viewing themself
|
||
$viewable = $this->userViewable($page);
|
||
} else if(!$user->hasPermission("page-view", $page)) {
|
||
// user lacks basic view permission to page
|
||
$viewable = false;
|
||
} else if($page->isTrash()) {
|
||
// pages in trash are not viewable, except to superuser
|
||
$viewable = false;
|
||
}
|
||
|
||
// if the page is editable by the current user, force it to be viewable (if not viewable due to being unpublished)
|
||
if(!$viewable && !$user->isGuest() && ($status & Page::statusUnpublished)) {
|
||
if($page->editable() && (!$checkTemplateFile || $page->template->filenameExists())) $viewable = true;
|
||
}
|
||
|
||
if($field && $viewable) {
|
||
$viewable = $this->fieldViewable($page, $field, false);
|
||
} else if($pagefile) {
|
||
if(!$viewable && wireInstanceOf($page, 'RepeaterPage')) {
|
||
/** @var RepeaterPage $page */
|
||
$viewable = $page->getForPageRoot()->viewable($checkTemplateFile);
|
||
}
|
||
if($viewable) {
|
||
$viewable = $this->fileViewable($page, $pagefile);
|
||
}
|
||
}
|
||
|
||
$event->return = $viewable;
|
||
}
|
||
|
||
/**
|
||
* Does the user have explicit permission to access the given process?
|
||
*
|
||
* Access to the process takes over 'page-view' access to the page so that the administrator
|
||
* doesn't need to setup a separate role just for 'view' access in the admin. Instead, they just
|
||
* give the existing roles access to the admin process and then 'view' access is assumed for that page.
|
||
*
|
||
* @param Page $page
|
||
* @return bool
|
||
*
|
||
*/
|
||
protected function processViewable(Page $page) {
|
||
|
||
$user = $this->wire()->user;
|
||
$process = $page->process;
|
||
|
||
if($user->isGuest()) return false;
|
||
if($user->isSuperuser()) return true;
|
||
|
||
return $this->wire()->modules->hasPermission($process, $user, $page, true);
|
||
}
|
||
|
||
/**
|
||
* Is the page listable by the current user?
|
||
*
|
||
* A listable page may appear in a listing, but doesn't mean that the user can actually
|
||
* view the page or that the page is renderable.
|
||
*
|
||
* @param HookEvent $event
|
||
*
|
||
*/
|
||
public function listable($event) {
|
||
|
||
/** @var Page $page */
|
||
$page = $event->object;
|
||
$user = $this->wire()->user;
|
||
$listable = true;
|
||
|
||
if($page instanceof NullPage) {
|
||
$listable = false;
|
||
} else if($user->isSuperuser()) {
|
||
// true
|
||
} else if($page instanceof User && $user->hasPermission('user-admin')) {
|
||
// true
|
||
} else if($page->hasStatus(Page::statusUnpublished) && !$page->editable()) {
|
||
$listable = false;
|
||
} else if($page->process && !$this->processViewable($page)) {
|
||
$listable = false;
|
||
} else if($page->isTrash()) {
|
||
$listable = $this->trashListable($page);
|
||
} else if(($accessTemplate = $page->getAccessTemplate()) && $accessTemplate->guestSearchable) {
|
||
// true
|
||
} else if(!$user->hasPermission("page-view", $page)) {
|
||
$listable = false;
|
||
}
|
||
|
||
$event->return = $listable;
|
||
}
|
||
|
||
/**
|
||
* Return whether or not given page in Trash is listable
|
||
*
|
||
* @param Page|null $page Page, or specify null for a general "trash is listable" request
|
||
* @return bool
|
||
*
|
||
*/
|
||
public function trashListable($page = null) {
|
||
|
||
$user = $this->wire()->user;
|
||
|
||
// trash and anything in it always visible to superuser
|
||
if($user->isSuperuser()) return true;
|
||
|
||
// determine if system has page-edit-trash-created permission installed
|
||
$petc = 'page-edit-trash-created';
|
||
|
||
if(!$this->wire()->permissions->has($petc)) $petc = false;
|
||
|
||
if($user->hasPermission('page-delete')) {
|
||
// has page-delete globally
|
||
} else if($petc && $user->hasPermission($petc)) {
|
||
// has page-edit-trash-created globally
|
||
} else if($user->hasPermission('page-delete', true)) {
|
||
// has page-delete added specifically at a template
|
||
} else if($petc && $user->hasPermission($petc, true)) {
|
||
// has page-edit-trash-created added specifically at a template
|
||
} else {
|
||
// user does not have any of the permissions above, so trash is not listable
|
||
return false;
|
||
}
|
||
|
||
// if request not asking about specific page, return general "trash is listable?" request
|
||
if($page === null || !$page->id) return true;
|
||
|
||
// if request is for the actual Trash page, consider this to be a general request
|
||
if($page->id == $this->wire()->config->trashPageID) return true;
|
||
|
||
// page is listable in the trash only if it is also editable
|
||
return $this->pageEditable($page);
|
||
}
|
||
|
||
/**
|
||
* Is the page deleteable by the current user?
|
||
*
|
||
* @param HookEvent $event
|
||
*
|
||
*/
|
||
public function deleteable($event) {
|
||
/** @var Page $page */
|
||
$page = $event->object;
|
||
$user = $this->wire()->user;
|
||
|
||
if($page->isLocked()) {
|
||
$deleteable = false;
|
||
} else if($page instanceof User && $user->hasPermission('user-admin')) {
|
||
/** @var User $page */
|
||
$deleteable = true;
|
||
if($page->id == $user->id) $deleteable = false; // can't delete self
|
||
if($page->hasRole('superuser') && !$user->hasRole('superuser')) $deleteable = false; // non-superuser can't delete superuser
|
||
} else {
|
||
$deleteable = $this->pages->isDeleteable($page);
|
||
if($deleteable && !$user->isSuperuser()) {
|
||
// make sure the page is editable and user has page-delete permission, if not dealing with superuser
|
||
$deleteable = $page->editable() && $user->hasPermission("page-delete", $page);
|
||
}
|
||
if($deleteable && $this->wire()->languages) {
|
||
// in multi-language environment, if user can't edit default language or can't edit non-multi-language fields,
|
||
// then deny access to delete the page
|
||
if(!$this->hasPageEditLangDefault($user, $page) || !$this->hasPageEditLangNone($user, $page)) {
|
||
$deleteable = false;
|
||
}
|
||
}
|
||
}
|
||
|
||
$event->return = $deleteable;
|
||
}
|
||
|
||
/**
|
||
* Is the page trashable by the current user?
|
||
*
|
||
* Optionally specify boolean true for first argument to make this method behave as: "Is page deleteable OR trashable?"
|
||
*
|
||
* @param HookEvent $event
|
||
*
|
||
*/
|
||
public function trashable($event) {
|
||
/** @var Page $page */
|
||
$page = $event->object;
|
||
$event->return = false;
|
||
|
||
if($event->arguments(0) !== true) {
|
||
if($page->hasStatus(Page::statusTrash) || $page->template->noTrash) {
|
||
// if page is already in trash, or template doesn't allow placement in trash, we return false
|
||
return;
|
||
}
|
||
}
|
||
|
||
if(!$page->isLocked()) {
|
||
$this->deleteable($event);
|
||
if(!$event->return && $this->wire()->permissions->has('page-edit-trash-created') && $page->editable()) {
|
||
// page can be trashable if user created it
|
||
$user = $this->wire()->user;
|
||
$trashable = ($page->created_users_id === $user->id && $user->hasPermission('page-edit-trash-created', $page));
|
||
$event->return = $trashable;
|
||
}
|
||
}
|
||
}
|
||
|
||
/**
|
||
* Is page restorable from trash?
|
||
*
|
||
* @param HookEvent $event
|
||
*
|
||
*/
|
||
public function restorable($event) {
|
||
/** @var Page $page */
|
||
$page = $event->object;
|
||
$user = $this->wire()->user;
|
||
|
||
$event->return = false;
|
||
|
||
if($page->isLocked()) return;
|
||
if(!$page->isTrash() && !$page->rootParent()->isTrash()) return;
|
||
if(!$user->isSuperuser() && !$page->editable()) return;
|
||
|
||
$info = $this->wire()->pages->trasher()->getRestoreInfo($page);
|
||
if(!$info['restorable']) return;
|
||
|
||
/** @var Page $parent */
|
||
$parent = $info['parent'];
|
||
|
||
// check if parent does not allow this user to add pages here
|
||
if(!$parent->id || !$parent->addable($page)) return;
|
||
|
||
$event->return = true;
|
||
}
|
||
|
||
/**
|
||
* Can the current user add child pages to this page?
|
||
*
|
||
* Optionally specify the page to be added as the first argument for additional access checking.
|
||
* i.e. if($page->addable($somePage))
|
||
*
|
||
* @param HookEvent $event
|
||
*
|
||
*/
|
||
public function addable($event) {
|
||
|
||
/** @var Page $page */
|
||
$page = $event->object;
|
||
$user = $this->wire()->user;
|
||
|
||
$addable = false;
|
||
$addPage = null;
|
||
$_ADDABLE = false; // if we really mean it (as in, do not perform secondary checks)
|
||
$superuser = $user->isSuperuser();
|
||
|
||
if($page->template && $page->template->noChildren) {
|
||
// addable=false
|
||
|
||
} else if($superuser) {
|
||
$addable = true;
|
||
$_ADDABLE = true;
|
||
|
||
} else if(in_array($page->id, $this->wire()->config->usersPageIDs) && $user->hasPermission('user-admin')) {
|
||
// users with user-admin access adding a page to users: add access is assumed
|
||
// rather than us having a separate 'users' template where access is defined
|
||
$addable = true;
|
||
$_ADDABLE = true;
|
||
|
||
} else if($user->hasPermission('page-add', $page)) {
|
||
// user has page-add permission, now we need to check that they have access
|
||
// on the templates in this context
|
||
$addable = $this->addableTemplate($page, $user);
|
||
}
|
||
|
||
// check if a $page is provided as the first argument for additional access checking
|
||
if($addable) {
|
||
$addPage = $event->arguments(0);
|
||
if(!$addPage instanceof Page || !$addPage->id) $addPage = null;
|
||
if($addPage && $addPage->template && $page->template) {
|
||
if(count($page->template->childTemplates) && !in_array($addPage->template->id, $page->template->childTemplates)) {
|
||
$addable = false;
|
||
}
|
||
}
|
||
}
|
||
|
||
// check additional permissions if in multi-language environment
|
||
if($addable && !$_ADDABLE && $addPage && $this->wire()->languages) {
|
||
if(!$this->hasPageEditLangDefault($user, $addPage) || !$this->hasPageEditLangNone($user, $addPage)) {
|
||
// if user can't edit default language, or can't edit non-multi-language fields, then deny add access
|
||
$addable = false;
|
||
}
|
||
}
|
||
|
||
$event->return = $addable;
|
||
}
|
||
|
||
/**
|
||
* Checks that a parent is addable within the context of its template (i.e. has page-create for the template)
|
||
*
|
||
* When this function is called, it has already been determined that the user has page-add permission.
|
||
* So this is just narrowing down to make sure they have access on a template.
|
||
*
|
||
* @param Page $page
|
||
* @param User $user
|
||
* @return bool
|
||
*
|
||
*/
|
||
protected function addableTemplate(Page $page, User $user) {
|
||
|
||
$has = false;
|
||
|
||
if(count($page->template->childTemplates)) {
|
||
|
||
// page's template defines specific templates for children
|
||
// see if the user has access to one of them
|
||
|
||
foreach($page->template->childTemplates as $id) {
|
||
$template = $this->wire()->templates->get($id);
|
||
if(!$template->useRoles) $template = $page->getAccessTemplate('edit');
|
||
if($template && $user->hasPermission('page-create', $template)) $has = true;
|
||
if($has) break;
|
||
}
|
||
|
||
} else if(in_array($page->id, $this->wire()->config->usersPageIDs) && $user->hasPermission('user-admin')) {
|
||
// user-admin permission implies create access to the 'user' template
|
||
$has = true;
|
||
|
||
} else {
|
||
// page's template does not specify templates for children
|
||
// so check to see if they have edit access to ANY template that can be used
|
||
|
||
foreach($this->wire()->templates as $template) {
|
||
// if($template->noParents) continue;
|
||
if($template->parentTemplates && !in_array($page->template->id, $template->parentTemplates)) continue;
|
||
// if($template->flags & Template::flagSystem) continue;
|
||
//$has = $user->hasPermission('page-edit', $template);
|
||
$has = $user->hasPermission('page-create', $template);
|
||
if($has) break;
|
||
}
|
||
}
|
||
|
||
return $has;
|
||
}
|
||
|
||
/**
|
||
* Is the given page moveable (i.e. change parent)?
|
||
*
|
||
* Without arguments, it just checks that the user is allowed to move the page (not where they are allowed to)
|
||
* Optionally specify a $parent page as the first argument to check if they are allowed to move to that parent.
|
||
*
|
||
* @param HookEvent $event
|
||
*
|
||
*/
|
||
public function moveable($event) {
|
||
/** @var Page $page */
|
||
$page = $event->object;
|
||
|
||
/** @var Page|null $parent */
|
||
$parent = $event->arguments(0);
|
||
if(!$parent instanceof Page || !$parent->id) $parent = null;
|
||
|
||
if($page->id == 1) {
|
||
$moveable = false;
|
||
} else {
|
||
$moveable = $page->editable('parent');
|
||
}
|
||
|
||
if($moveable && $parent) {
|
||
$moveable = $parent->addable($page);
|
||
} else if($parent && $parent->isTrash() && $parent->id == $this->wire()->config->trashPageID) {
|
||
$moveable = $page->deletable();
|
||
}
|
||
|
||
$event->return = $moveable;
|
||
}
|
||
|
||
/**
|
||
* Is the given page sortable by the current user?
|
||
*
|
||
* @param HookEvent $event
|
||
*
|
||
*/
|
||
public function sortable($event) {
|
||
/** @var Page $page */
|
||
$page = $event->object;
|
||
$sortable = false;
|
||
if($page->id > 1 && $page->editable() && $this->user->hasPermission('page-sort', $page->parent)) $sortable = true;
|
||
$event->return = $sortable;
|
||
}
|
||
|
||
/**
|
||
* Is the page publishable by the current user?
|
||
*
|
||
* A field name may optionally be specified as the first argument, in which case the field on that page will also be checked for access.
|
||
*
|
||
* @param HookEvent $event
|
||
*
|
||
*/
|
||
public function publishable($event) {
|
||
|
||
$user = $this->wire()->user;
|
||
$event->return = true;
|
||
|
||
if($user->isSuperuser()) return;
|
||
|
||
/** @var Page $page */
|
||
$page = $event->object;
|
||
|
||
// if page isn't editable, it certainly can't be publishable
|
||
if(!$page->editable()) {
|
||
$event->return = false;
|
||
return;
|
||
}
|
||
|
||
// if there is no page-publish permission, then it's publishable
|
||
$hasPublish = $this->wire()->permissions->has('page-publish');
|
||
if(!$hasPublish) return;
|
||
|
||
// if Page is a user, and user has user-admin permission, they can also publish the user
|
||
if($page instanceof User && $user->hasPermission('user-admin')) return;
|
||
|
||
// check if user has the permission assigned
|
||
if($user->hasPermission('page-publish', $page)) return;
|
||
|
||
// if we made it here, then page is not publishable
|
||
$event->return = false;
|
||
}
|
||
|
||
/**
|
||
* Returns true if given user has the optional language permission, or false if not
|
||
*
|
||
* In a non-multi-language system, this method will always return true.
|
||
* In a multi-language system that doesn't have the permission installed, this always returns true.
|
||
* In a multi-language system that DOES have it installed, methods returns true when user has it via one of their roles.
|
||
* This method assumes the user is already known to have any pre-requisite permissions.
|
||
*
|
||
* @param string $name Permission name i.e. page-edit-lang-none, page-edit-lang-default, etc.
|
||
* @param User $user
|
||
* @param Page|Template $context Optional Page or Template context
|
||
* @return bool
|
||
*
|
||
*/
|
||
protected function hasLangPermission($name, User $user, $context = null) {
|
||
if($user->isSuperuser()) return true;
|
||
if(!array_key_exists($name, $this->hasOptionalPermissions)) {
|
||
if($this->wire()->languages) {
|
||
$this->hasOptionalPermissions[$name] = $this->wire()->permissions->get($name)->id > 0;
|
||
} else {
|
||
// not applicable since multi-language not installed
|
||
$this->hasOptionalPermissions[$name] = false;
|
||
}
|
||
}
|
||
if($this->hasOptionalPermissions[$name]) {
|
||
// now check if the user has this permission
|
||
return $user->hasPermission($name, $context);
|
||
} else {
|
||
// system doesn't need to consider this permission
|
||
return true;
|
||
}
|
||
}
|
||
|
||
/**
|
||
* Returns true if given user is allowed to edit values in default language
|
||
*
|
||
* @param User $user
|
||
* @param Page|Template $context
|
||
* @return bool
|
||
*
|
||
*/
|
||
protected function hasPageEditLangDefault(User $user, $context = null) {
|
||
return $this->hasLangPermission('page-edit-lang-default', $user, $context);
|
||
}
|
||
|
||
/**
|
||
* Returns true if given user is allowed to edit non-multi-language values
|
||
*
|
||
* @param User $user
|
||
* @param Page|Template $context
|
||
* @return bool
|
||
*
|
||
*/
|
||
protected function hasPageEditLangNone(User $user, $context = null) {
|
||
return $this->hasLangPermission('page-edit-lang-none', $user, $context);
|
||
}
|
||
|
||
|
||
/**
|
||
* Can the user create pages from this template?
|
||
*
|
||
* Optional argument 1 may be a parent page for context, i.e. can we create a page with this parent.
|
||
*
|
||
public function createable($event) {
|
||
|
||
$template = $event->object;
|
||
$user = $this->fuel('user');
|
||
$createable = false;
|
||
|
||
if($template->noParents) {
|
||
$createable = false;
|
||
|
||
} else if($user->isSuperuser()) {
|
||
$createable = true;
|
||
|
||
} else if($user->hasPermission('page-create', $template)) {
|
||
$createable = true;
|
||
}
|
||
|
||
// check if a parent $page is provided as the first argument for additional access checking
|
||
if($createable && isset($event->arguments[0]) && $event->arguments[0] instanceof Page) {
|
||
$parent = $event->arguments[0];
|
||
if($parent->template->noChildren || (count($parent->template->childTemplates) && !in_array($template->id, $parent->template->childTemplates))) $createable = false;
|
||
if($createable) $createable = $parent->addable();
|
||
}
|
||
|
||
$event->return = $createable;
|
||
}
|
||
*/
|
||
|
||
/**
|
||
* Hook for Page::fieldViewable($field) method
|
||
*
|
||
* @param HookEvent $event
|
||
* @return bool|null
|
||
*
|
||
public function hookFieldViewable(HookEvent $event) {
|
||
$field = $event->arguments(0);
|
||
$page = $event->object;
|
||
$event->return = $this->fieldViewable($page, $field);
|
||
}
|
||
*/
|
||
|
||
/**
|
||
* Hook for Page::fieldEditable($field) method
|
||
*
|
||
* @param HookEvent $event
|
||
*
|
||
public function hookFieldEditable(HookEvent $event) {
|
||
$field = $event->arguments(0);
|
||
$page = $event->object;
|
||
$event->return = $this->fieldEditable($page, $field);
|
||
}
|
||
*/
|
||
|
||
|
||
}
|