Name

if-mm — check permissions for UI tasks

ATTRIBUTES

Attribute Pos. Req. Default Description
[ function | key ] yes yes function to check permissions for
name yes
table
prefix
interpolate     0 interpolate input?
reparse     1 interpolate output?

DESCRIPTION

This tag performs various checks on behalf of the UI:

logged_in

Checks whether the current user is logged into the UI.

[if-mm !logged_in]
[set ui_error]Not authorized[/set]
[bounce page="admin/error"]
[/if-mm]

tables

Checks for access to database tables.

[if-mm !tables content]
[set ui_error]Not authorized for content editor.[/set]
[bounce page="admin/error"]
[/if-mm]

BEHAVIOR

This tag appears to be affected by, or affects, the following:
Global Variables: MV_PAGE

EXAMPLES

No examples are available at this time. We do consider this a problem and will try to supply some.

NOTES

AVAILABILITY

if-mm is available in Interchange versions:

4.6.0-5.7.0 (git-head)

SOURCE

Interchange 5.7.0:

Source: code/UI_Tag/if_mm.coretag
Lines: 195


# Copyright 2002-2007 Interchange Development Group and others
# 
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.  See the LICENSE file for details.
# 
# $Id: if_mm.coretag,v 1.6 2007-03-30 23:40:54 pajamian Exp $

UserTag if-mm Order      function name
UserTag if-mm addAttr
UserTag if-mm attrAlias  key name
UserTag if-mm hasEndTag
UserTag if-mm Version    $Revision: 1.6 $
UserTag if-mm Routine    <<EOR
sub {
my($func, $field, $opt, $text) = @_;

my $record;
my $status;

my $reverse;
$reverse = $func =~ s/^\s*!\s*//;

my $extended = '';
$extended = $1 if $field =~ s/(=.*)//;

my ($group, @groups);
$text = 1 if ! $text;
CHECKIT: {
if ($group or ! ($record = $Vend::UI_entry) ) {
  $record = ui_acl_enabled($group);
  if ( ! ref $record) {
    $status = $record;
    last CHECKIT;
  }
}
($status = 0, last CHECKIT) if ! UI::Primitive::is_logged();
($status = 1, last CHECKIT) if $record->{super};
$func = lc $func;
($status = 1, last CHECKIT) if $func eq 'logged_in';

my %acl_func = qw/
          fields  fields
          field  fields
          columns  fields
          column  fields
          col     fields
          row    keys
          rows  keys
          key    keys
          keys  keys
          owner_field  owner_field
          owner  owner_field
        /;

my %file_func = qw/
          page  pages
          file  files
          pages  pages
          files  files
        /;

my %bool_func = qw/
          config   1
          reconfig 1
        /;

my %paranoid = qw/
          mml             1
          sql             1
          report          1
          add_delete      1
          add_field       1
          journal_update  1
        /;
my %yesno_func = qw/
          functions  functions
          advanced  functions
          tables  tables
          table   tables
        /;
my %prefix_func = qw/
          filematch  files
          pagematch  pages
        /;

my $table = $CGI::values{mv_data_table} || $::Values->{mv_data_table};

if($yesno_func{$func} eq 'tables') {
  $opt->{table} = $field if ! $opt->{table};
  $opt->{table} =~ s/^=/$table/;
}
elsif($yesno_func{$func} eq 'functions') {
$opt->{table} = $field;
}

$table = $opt->{table} || $table;

my $acl;
my $check;
$status = 0, last CHECKIT if $func eq 'super';
if($check = $file_func{$func}) {
$status = 1, last CHECKIT unless $record->{$check};
my $file = $field || $Global::Variable->{MV_PAGE};
# strip trailing slashes for checks on directories
$file =~ s%/+$%%;                     
#::logDebug("check=$check file=$file record=$record->{$check} prefix=$opt->{prefix}");
my @files =  UI::Primitive::list_glob($record->{$check}, $opt->{prefix});
#::logDebug("check yielded files=" . join(",", @files));
  if(! @files) {
    $status = '';
    last CHECKIT;
  }
  $status = ui_check_acl("$file$extended", join(" ", @files));
#::logDebug("check status=$status");
  last CHECKIT;
}
if($check = $prefix_func{$func}) {
  $status = '', last CHECKIT unless $record->{$check};
  my $file = $field;
  # strip trailing slashes for checks on directories
#::logDebug("check=$check file=$file record=$record->{$check}");
  my @allow =  split /\s+/, $record->{$check};
  $status = '';
  for(@allow) {
#::logDebug("check file=$file against allow=$_");
    if(s/^\!//) {
      if ($file =~ /^$_/) {
#::logDebug("denied based on $_");
        $status = '';
        last CHECKIT;
      }
    }
    else {
      next unless $file =~ /^$_\b/;
      $status = 1; 
    }
  }
#::logDebug("check Yielded status=$status");
  last CHECKIT;
}
if($bool_func{$func} ) {
  $status = $record->{$func};
  last CHECKIT;
}
if($check = $yesno_func{$func} ) {
  my $v;
  if($v = $record->{"yes_$check"}) {
    $status = ui_check_acl("$table$extended", $v);
  }
  else {
    $status = 1;
  }
  if($v = $record->{"no_$check"}) {
    $status &&= ! ui_check_acl("$table$extended", $v);
  }
  last CHECKIT;
}
if(! ($check = $acl_func{$func}) ) {
  my $default = $func =~ /^no_/ ? 0 : 1;
  $status = $default, last CHECKIT unless $record->{$func};
  $status = ui_check_acl("$table$extended", $record->{$func});
  last CHECKIT;
}

# Now it is definitely a job for table_control;
$acl = UI::Primitive::get_ui_table_acl($table);

$status = 1, last CHECKIT unless $acl;
my $val;
if($acl->{owner_field} and $check eq 'keys') {
  $status = ::tag_data($table, $acl->{owner_field}, $field)
        eq $Vend::username;
  last CHECKIT;
}
elsif ($check eq 'owner_field') {
  $status = length $acl->{owner_field};
  last CHECKIT;
}
$status = UI::Primitive::ui_acl_atom($acl, $check, $field);
}
if(! $status and $record and (@groups or $record->{groups}) ) {
  goto CHECKIT if $group = shift @groups;
  (@groups) = grep /\S/, split /[\0,\s]+/, $record->{groups};
  ($group, @groups) = map { s/^/:/; $_ } @groups;
  goto CHECKIT;
}
return $status
  ? (
    Vend::Interpolate::pull_if($text, $reverse)
    )
  : Vend::Interpolate::pull_else($text, $reverse);
}
EOR

AUTHORS

Interchange Development Group

SEE ALSO

mm-value(7ic)

DocBook! Interchange!