[UPDATE] ACL Management

* [ADDED] Smarty acl_check function * [ADDED] Optional default return value for getValue calls * [UPDATE] ACL Checks in page controllers * [UPDATE] Navigation template to use check_acl from Smarty * [ADDED] New ACL options where needed * [REMOVED] Disable pages from System Settings Tab * [ADDED] Above removed pages into ACL Settings Tab This will make usage of ACLs a bit easier and transparent. Also fixes #1731 once merged.
omagian · Feb 14, 2014 · d7f2e6e · d7f2e6e
1 parent f43a521
commit d7f2e6e
Show file tree

Hide file tree

Showing 17 changed files with 179 additions and 131 deletions.
diff --git a/public/include/classes/setting.class.php b/public/include/classes/setting.class.php
@@ -9,14 +9,18 @@ class Setting extends Base {
    * @param name string Setting name
    * @return value string Value
    **/
-  public function getValue($name) {
+  public function getValue($name, $default="") {
     $stmt = $this->mysqli->prepare("SELECT value FROM $this->table WHERE name = ? LIMIT 1");
-    if ($this->checkStmt($stmt) && $stmt->bind_param('s', $name) && $stmt->execute() && $result = $stmt->get_result())
-      if ($result->num_rows > 0)
+    if ($this->checkStmt($stmt) && $stmt->bind_param('s', $name) && $stmt->execute() && $result = $stmt->get_result()) {
+      if ($result->num_rows > 0) {
         return $result->fetch_object()->value;
+      } else {
+        return $default;
+      }
+    }
     // Log error but return empty string
     $this->sqlError();
-    return "";
+    return $default;
   }
 
   /**

diff --git a/public/include/config/admin_settings.inc.php b/public/include/config/admin_settings.inc.php
@@ -189,39 +189,60 @@
 );
 $aSettings['acl'][] = array(
   'display' => 'Pool Statistics', 'type' => 'select',
-  'options' => array( 0 => 'Private', 1 => 'Public'),
+  'options' => array( 0 => 'Private', 1 => 'Public', 2 => 'Disabled' ),
   'default' => 1,
   'name' => 'acl_pool_statistics', 'value' => $setting->getValue('acl_pool_statistics'),
   'tooltip' => 'Make the pool statistics page private (users only) or public.'
 );
 $aSettings['acl'][] = array(
   'display' => 'Block Statistics', 'type' => 'select',
-  'options' => array( 0 => 'Private', 1 => 'Public'),
+  'options' => array( 0 => 'Private', 1 => 'Public', 2 => 'Disabled' ),
   'default' => 1,
   'name' => 'acl_block_statistics', 'value' => $setting->getValue('acl_block_statistics'),
   'tooltip' => 'Make the block statistics page private (users only) or public.'
 );
 $aSettings['acl'][] = array(
   'display' => 'Round Statistics', 'type' => 'select',
-  'options' => array( 0 => 'Private', 1 => 'Public'),
+  'options' => array( 0 => 'Private', 1 => 'Public', 2 => 'Disabled' ),
   'default' => 1,
   'name' => 'acl_round_statistics', 'value' => $setting->getValue('acl_round_statistics'),
   'tooltip' => 'Make the round statistics page private (users only) or public.'
 );
 $aSettings['acl'][] = array(
   'display' => 'Block Finder Statistics', 'type' => 'select',
-  'options' => array( 0 => 'Private', 1 => 'Public'),
+  'options' => array( 0 => 'Private', 1 => 'Public', 2 => 'Disabled' ),
   'default' => 1,
   'name' => 'acl_blockfinder_statistics', 'value' => $setting->getValue('acl_blockfinder_statistics'),
   'tooltip' => 'Make the Block Finder Statistics page private (users only) or public.'
 );
 $aSettings['acl'][] = array(
   'display' => 'Uptime Statistics', 'type' => 'select',
-  'options' => array( 0 => 'Private', 1 => 'Public'),
+  'options' => array( 0 => 'Private', 1 => 'Public', 2 => 'Disabled' ),
   'default' => 1,
   'name' => 'acl_uptime_statistics', 'value' => $setting->getValue('acl_uptime_statistics'),
   'tooltip' => 'Make the uptime statistics page private (users only) or public.'
 );
+$aSettings['acl'][] = array(
+  'display' => 'Donors Page', 'type' => 'select',
+  'options' => array( 0 => 'Private', 1 => 'Public', 2 => 'Disabled' ),
+  'default' => 1,
+  'name' => 'acl_donors_page', 'value' => $setting->getValue('acl_donors_page'),
+  'tooltip' => 'Make the donors page private (users only) or public.'
+);
+$aSettings['acl'][] = array(
+  'display' => 'About Page', 'type' => 'select',
+  'options' => array( 0 => 'Private', 1 => 'Public', 2 => 'Disabled' ),
+  'default' => 1,
+  'name' => 'acl_about_page', 'value' => $setting->getValue('acl_about_page'),
+  'tooltip' => 'Make the about page private (users only) or public.'
+);
+$aSettings['acl'][] = array(
+  'display' => 'Contactform', 'type' => 'select',
+  'options' => array( 0 => 'Private', 1 => 'Public', 2 => 'Disabled' ),
+  'default' => 1,
+  'name' => 'acl_contactform', 'value' => $setting->getValue('acl_contactform'),
+  'tooltip' => 'Make the contactform private (users only) or public.'
+);
 $aSettings['system'][] = array(
   'display' => 'E-mail address for system error notifications', 'type' => 'text',
   'size' => 25,
@@ -278,34 +299,6 @@
   'name' => 'disable_api', 'value' => $setting->getValue('disable_api'),
   'tooltip' => 'Enable or Disable the pool wide API functions. See API reference on Github for details.'
 );
-$aSettings['system'][] = array(
-  'display' => 'Disable Contactform', 'type' => 'select',
-  'options' => array( 0 => 'No', 1 => 'Yes' ),
-  'default' => 0,
-  'name' => 'disable_contactform', 'value' => $setting->getValue('disable_contactform'),
-  'tooltip' => 'Enable or Disable Contactform. Users will not be able to use the contact form.'
-);
-$aSettings['system'][] = array(
-  'display' => 'Disable Contactform for Guests', 'type' => 'select',
-  'options' => array( 0 => 'No', 1 => 'Yes' ),
-  'default' => 0,
-  'name' => 'disable_contactform_guest', 'value' => $setting->getValue('disable_contactform_guest'),
-  'tooltip' => 'Enable or Disable Contactform for guests. Guests will not be able to use the contact form.'
-);
-$aSettings['system'][] = array(
-  'display' => 'Disable Donors Page', 'type' => 'select',
-  'options' => array( 0 => 'No', 1 => 'Yes'),
-  'default' => 1,
-  'name' => 'disable_donors', 'value' => $setting->getValue('disable_donors'),
-  'tooltip' => 'Showing Donors page in Navigation.'
-);
-$aSettings['system'][] = array(
-  'display' => 'Disable About Page', 'type' => 'select',
-  'options' => array( 0 => 'No', 1 => 'Yes'),
-  'default' => 1,
-  'name' => 'disable_about', 'value' => $setting->getValue('disable_about'),
-  'tooltip' => 'Showing About page in Navigation.'
-);
 $aSettings['system'][] = array(
   'display' => 'Disable Live Dashboard', 'type' => 'select',
   'options' => array( 0 => 'No', 1 => 'Yes'),

diff --git a/public/include/lib/smarty_plugins/function.acl.php b/public/include/lib/smarty_plugins/function.acl.php
@@ -0,0 +1,29 @@
+<?php
+$smarty->registerPlugin("function","acl_check", "check_acl_access");
+
+function check_acl_access($params, $smarty)
+{
+  $isAuthenticated = isset($_SESSION['AUTHENTICATED']) ? true : false;
+  $iAclSetting = $params['acl'];
+  $sUrl = '<li class="'.$params['icon'].'"><a href="'.$_SERVER['SCRIPT_NAME'].'?page='.$params['page'].'&action='.$params['action'].'">'.$params['name'].'</a></li>';
+  if (isset($params['fallback']))
+    $sFallbackUrl = '<li class="'.$params['icon'].'"><a href="'.$_SERVER['SCRIPT_NAME'].'?page='.$params['page'].'">'.$params['name'].'</a></li>';
+  switch($iAclSetting) {
+  case '0':
+    if ($isAuthenticated) {
+      echo $sUrl;
+    } else if (isset($params['fallback']) && !$isAuthenticated) {
+      echo $sFallbackUrl;
+    }
+    break;
+  case '1':
+      echo $sUrl;
+    break;
+  case '2':
+    break;
+  default:
+    echo $sUrl;
+    break;
+  }
+}
+?>
diff --git a/public/include/pages/about/donors.inc.php b/public/include/pages/about/donors.inc.php
@@ -1,15 +1,22 @@
 <?php
 $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
-if ($setting->getValue('disable_donors')) {
-  $_SESSION['POPUP'][] = array('CONTENT' => 'Donors are currently disabled. Please try again later.', 'TYPE' => 'errormsg');
-  $smarty->assign("CONTENT", "disabled.tpl");
-} else {
+// ACL check
+switch($setting->getValue('acl_donors_page', 1)) {
+case '0':
+  if ($user->isAuthenticated()) {
+    $aDonors = $transaction->getDonations();
+    $smarty->assign("DONORS", $aDonors);
+    $smarty->assign("CONTENT", "default.tpl");
+  }
+  break;
+case '1':
   $aDonors = $transaction->getDonations();
-
-  // Tempalte specifics
   $smarty->assign("DONORS", $aDonors);
   $smarty->assign("CONTENT", "default.tpl");
+  break;
+case '2':
+  $_SESSION['POPUP'][] = array('CONTENT' => 'Page currently disabled. Please try again later.', 'TYPE' => 'errormsg');
+  $smarty->assign("CONTENT", "disabled.tpl");
+  break;
 }
-
-?>
diff --git a/public/include/pages/about/pool.inc.php b/public/include/pages/about/pool.inc.php
@@ -1,12 +1,18 @@
 <?php
 $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
-if ($setting->getValue('disable_about')) {
-  $_SESSION['POPUP'][] = array('CONTENT' => 'Donors are currently disabled. Please try again later.', 'TYPE' => 'errormsg');
-  $smarty->assign("CONTENT", "disabled.tpl");
-} else {
-  // Tempalte specifics
+// ACL check
+switch($setting->getValue('acl_about_page', 1)) {
+case '0':
+  if ($user->isAuthenticated()) {
+    $smarty->assign("CONTENT", "default.tpl");
+  }
+  break;
+case '1':
   $smarty->assign("CONTENT", "default.tpl");
+  break;
+case '2':
+  $_SESSION['POPUP'][] = array('CONTENT' => 'Page currently disabled. Please try again later.', 'TYPE' => 'errormsg');
+  $smarty->assign("CONTENT", "disabled.tpl");
+  break;
 }
-
-?>
diff --git a/public/include/pages/contactform.inc.php b/public/include/pages/contactform.inc.php
@@ -1,10 +1,10 @@
 <?php
 $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
-if ($setting->getValue('disable_contactform')) {
+if ($setting->getValue('acl_contactform') == 2) {
   $_SESSION['POPUP'][] = array('CONTENT' => 'Contactform is currently disabled. Please try again later.', 'TYPE' => 'errormsg');
   $smarty->assign("CONTENT", "empty");
-} else if ($setting->getValue('disable_contactform_guest') && !$user->isAuthenticated(false)) {
+} else if ($setting->getValue('acl_contactform') == 0 && !$user->isAuthenticated(false)) {
   $_SESSION['POPUP'][] = array('CONTENT' => 'Contactform is disabled for guests.', 'TYPE' => 'errormsg');
   $smarty->assign("CONTENT", "disabled.tpl");
 } else {

diff --git a/public/include/pages/contactform/contactform.inc.php b/public/include/pages/contactform/contactform.inc.php
@@ -2,7 +2,7 @@
 $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // ReCaptcha handling if enabled
-if ($setting->getValue('recaptcha_enabled') && $setting->getValue('recaptcha_enabled_contactform')) {
+if ($setting->getValue('recaptcha_enabled') && $setting->getValue('acl_contactform') != 2) {
   require_once(INCLUDE_DIR . '/lib/recaptchalib.php');
   // Load re-captcha specific data
   $rsp = recaptcha_check_answer (
@@ -15,9 +15,9 @@
   if (!$rsp->is_valid) $_SESSION['POPUP'][] = array('CONTENT' => 'Invalid Captcha, please try again.', 'TYPE' => 'errormsg');
 }
 
-if ($setting->getValue('disable_contactform')) {
+if ($setting->getValue('acl_contactform') == 2) {
   $_SESSION['POPUP'][] = array('CONTENT' => 'Contactform is currently disabled. Please try again later.', 'TYPE' => 'errormsg');
-} else if ($setting->getValue('disable_contactform') && !$user->isAuthenticated(false)) {
+} else if ($setting->getValue('acl_contactform') == 0 && !$user->isAuthenticated(false)) {
   $_SESSION['POPUP'][] = array('CONTENT' => 'Contactform is disabled for guests.', 'TYPE' => 'errormsg');
 } else {
   // Check if recaptcha is enabled, process form data if valid

diff --git a/public/include/pages/statistics/blockfinder.inc.php b/public/include/pages/statistics/blockfinder.inc.php
@@ -6,22 +6,26 @@
   $debug->append('No cached version available, fetching from backend', 3);
   $getBlocksSolvedbyAccount = $statistics->getBlocksSolvedbyAccount();
   $smarty->assign("BLOCKSSOLVEDBYACCOUNT", $getBlocksSolvedbyAccount);
-  
+
   if(isset($_SESSION['USERDATA']['id'])){
     $getBlocksSolvedbyWorker = $statistics->getBlocksSolvedbyWorker($_SESSION['USERDATA']['id']);
     $smarty->assign("BLOCKSSOLVEDBYWORKER", $getBlocksSolvedbyWorker);
   }
-
 } else {
   $debug->append('Using cached page', 3);
 }
 
-// Public / private page detection
-if ($setting->getValue('acl_blockfinder_statistics')) {
-  $smarty->assign("CONTENT", "finder.tpl");
-} else if ($user->isAuthenticated()) {
-  $smarty->assign("CONTENT", "finder.tpl");
-} else {
+switch($setting->getValue('acl_blockfinder_statistics', 1)) {
+case '0':
+  if ($user->isAuthenticated()) {
+    $smarty->assign("CONTENT", "default.tpl");
+  }
+  break;
+case '1':
   $smarty->assign("CONTENT", "default.tpl");
+  break;
+case '2':
+  $_SESSION['POPUP'][] = array('CONTENT' => 'Page currently disabled. Please try again later.', 'TYPE' => 'errormsg');
+  $smarty->assign("CONTENT", "");
+  break;
 }
-?>
diff --git a/public/include/pages/statistics/blocks.inc.php b/public/include/pages/statistics/blocks.inc.php
@@ -88,9 +88,17 @@
   $debug->append('Using cached page', 3);
 }
 
-if ($setting->getValue('acl_block_statistics')) {
-  $smarty->assign("CONTENT", "default.tpl");
-} else if ($user->isAuthenticated()) {
+switch($setting->getValue('acl_block_statistics', 1)) {
+case '0':
+  if ($user->isAuthenticated()) {
+    $smarty->assign("CONTENT", "default.tpl");
+  }
+  break;
+case '1':
   $smarty->assign("CONTENT", "default.tpl");
+  break;
+case '2':
+  $_SESSION['POPUP'][] = array('CONTENT' => 'Page currently disabled. Please try again later.', 'TYPE' => 'errormsg');
+  $smarty->assign("CONTENT", "");
+  break;
 }
-?>
diff --git a/public/include/pages/statistics/pool.inc.php b/public/include/pages/statistics/pool.inc.php
@@ -81,12 +81,17 @@
   $debug->append('Using cached page', 3);
 }
 
-// Public / private page detection
-if ($setting->getValue('acl_pool_statistics')) {
-  $smarty->assign("CONTENT", "default.tpl");
-} else if ($user->isAuthenticated() && ! $setting->getValue('acl_pool_statistics')) {
+switch($setting->getValue('acl_pool_statistics', 1)) {
+case '0':
+  if ($user->isAuthenticated()) {
+    $smarty->assign("CONTENT", "default.tpl");
+  }
+  break;
+case '1':
   $smarty->assign("CONTENT", "default.tpl");
-} else {
-  $smarty->assign("CONTENT", "../default.tpl");
+  break;
+case '2':
+  $_SESSION['POPUP'][] = array('CONTENT' => 'Page currently disabled. Please try again later.', 'TYPE' => 'errormsg');
+  $smarty->assign("CONTENT", "");
+  break;
 }
-?>
diff --git a/public/include/pages/statistics/round.inc.php b/public/include/pages/statistics/round.inc.php
@@ -48,11 +48,17 @@
   $debug->append('Using cached page', 3);
 }
 
-if ($setting->getValue('acl_round_statistics')) {
-  $smarty->assign("CONTENT", "default.tpl");
-} else if ($user->isAuthenticated(false)) {
+switch($setting->getValue('acl_round_statistics', 1)) {
+case '0':
+  if ($user->isAuthenticated()) {
+    $smarty->assign("CONTENT", "default.tpl");
+  }
+  break;
+case '1':
   $smarty->assign("CONTENT", "default.tpl");
-} else {
-  $smarty->assign("CONTENT", "empty");
+  break;
+case '2':
+  $_SESSION['POPUP'][] = array('CONTENT' => 'Page currently disabled. Please try again later.', 'TYPE' => 'errormsg');
+  $smarty->assign("CONTENT", "");
+  break;
 }
-?>
diff --git a/public/include/pages/statistics/uptime.inc.php b/public/include/pages/statistics/uptime.inc.php
@@ -13,13 +13,26 @@
       8 => 'Down',
       9 => 'Down'
     ));
-    $smarty->assign("CONTENT", "default.tpl");
+    $content = 'default.tpl';
   } else {
     $_SESSION['POPUP'][] = array('CONTENT' => 'UptimeRobot API Key not configured.', 'TYPE' => 'info');
-    $smarty->assign("CONTENT", "");
+    $content = '';
   }
 } else {
   $debug->append('Using cached page', 3);
 }
 
-?>
+switch($setting->getValue('acl_uptime_statistics', 1)) {
+case '0':
+  if ($user->isAuthenticated()) {
+    $smarty->assign("CONTENT", $content);
+  }
+  break;
+case '1':
+  $smarty->assign("CONTENT", $content);
+  break;
+case '2':
+  $_SESSION['POPUP'][] = array('CONTENT' => 'Page currently disabled. Please try again later.', 'TYPE' => 'errormsg');
+  $smarty->assign("CONTENT", "");
+  break;
+}
diff --git a/public/include/smarty.inc.php b/public/include/smarty.inc.php
@@ -170,4 +170,7 @@ public function getBasename(Smarty_Template_Source $source) {
   $smarty->escape_html = true;
   $smarty->use_sub_dirs = true;
 }
+
+// Load custom smarty plugins
+require_once(INCLUDE_DIR . '/lib/smarty_plugins/function.acl.php');
 ?>
diff --git a/public/include/smarty_globals.inc.php b/public/include/smarty_globals.inc.php
@@ -120,6 +120,9 @@
 $aGlobal['acl']['round']['statistics'] = $setting->getValue('acl_round_statistics');
 $aGlobal['acl']['blockfinder']['statistics'] = $setting->getValue('acl_blockfinder_statistics');
 $aGlobal['acl']['uptime']['statistics'] = $setting->getValue('acl_uptime_statistics');
+$aGlobal['acl']['donors']['page'] = $setting->getValue('acl_donors_page');
+$aGlobal['acl']['about']['page'] = $setting->getValue('acl_about_page');
+$aGlobal['acl']['contactform'] = $setting->getValue('acl_contactform');
 
 // We don't want these session infos cached
 if (@$_SESSION['USERDATA']['id']) {