Mercurial Hosting > nabble
annotate src/nabble/view/naml/permissions.naml @ 21:aba8ed4c8a06
semiprivate
author | Franklin Schmidt <fschmidt@gmail.com> |
---|---|
date | Sat, 13 Jun 2020 22:30:48 -0600 |
parents | 18cf4872fd7f |
children | b0e75dfe1853 |
rev | line source |
---|---|
0 | 1 <macro name="current_permission_version"> |
19
18cf4872fd7f
remove anonymous posting
Franklin Schmidt <fschmidt@gmail.com>
parents:
0
diff
changeset
|
2 standard-7 |
0 | 3 </macro> |
4 | |
5 <macro name="update_default_permissions"> | |
6 <n.set_default_permissions. version="[n.current_permission_version/]" > | |
7 <n.add_permission permission="[n.view_permission/]" group="[n.anyone_group/]" /> | |
8 <n.add_permission permission="[n.edit_app_permission/]" group="[n.administrators_group/]" /> | |
9 <n.add_permission permission="[n.reply_permission/]" group="[n.anyone_group/]" /> | |
10 <n.add_permission permission="[n.create_topic_permission/]" group="[n.anyone_group/]" /> | |
11 <n.add_permission permission="[n.move_permission/]" group="[n.authors_group/]" /> | |
12 <n.add_permission permission="[n.move_permission/]" group="[n.administrators_group/]" /> | |
13 <n.add_permission permission="[n.create_sub_apps_permission/]" group="[n.administrators_group/]" /> | |
14 <n.add_permission permission="[n.change_post_date_permission/]" group="[n.administrators_group/]" /> | |
15 <n.add_permission permission="[n.manage_subscribers_permission/]" group="[n.administrators_group/]" /> | |
16 <n.add_site_permission permission="[n.manage_banned_users_permission/]" group="[n.administrators_group/]" /> | |
17 <n.add_permission permission="[n.manage_pinned_topics_permission/]" group="[n.administrators_group/]" /> | |
18 <n.add_permission permission="[n.manage_locked_topics_permission/]" group="[n.administrators_group/]" /> | |
19
18cf4872fd7f
remove anonymous posting
Franklin Schmidt <fschmidt@gmail.com>
parents:
0
diff
changeset
|
19 <n.add_permission permission="[n.show_group_members_permission/]" group="[n.anyone_group/]" /> |
0 | 20 <n.add_permission permission="[n.show_group_members_permission/]" group="[n.administrators_group/]" /> |
21 <n.add_permission permission="[n.show_group_members_permission/]" group="[n.members_group/]" /> | |
22 </n.set_default_permissions.> | |
23 </macro> | |
24 | |
25 <macro name="banned_group"> | |
26 Banned | |
27 </macro> | |
28 | |
29 <macro name="members_group"> | |
30 Members | |
31 </macro> | |
32 | |
33 <macro name="edit_app_permission"> | |
34 Edit_app | |
35 </macro> | |
36 | |
37 <macro name="edit_all_permission"> | |
38 Edit_all | |
39 </macro> | |
40 | |
41 <macro name="reply_permission"> | |
42 Reply | |
43 </macro> | |
44 | |
45 <macro name="create_topic_permission"> | |
46 Create_topic | |
47 </macro> | |
48 | |
49 <macro name="move_permission"> | |
50 Move | |
51 </macro> | |
52 | |
53 <macro name="manage_subscribers_permission"> | |
54 Manage_Subscribers | |
55 </macro> | |
56 | |
57 <macro name="create_sub_apps_permission"> | |
58 Create_sub_apps | |
59 </macro> | |
60 | |
61 <macro name="change_post_date_permission"> | |
62 Change_post_date | |
63 </macro> | |
64 | |
65 <macro name="show_group_members_permission"> | |
66 Show_group_members | |
67 </macro> | |
68 | |
69 <macro name="manage_banned_users_permission"> | |
70 Manage_banned_users | |
71 </macro> | |
72 | |
73 <macro name="manage_pinned_topics_permission"> | |
74 Manage_pinned_topics | |
75 </macro> | |
76 | |
77 <macro name="manage_locked_topics_permission"> | |
78 Manage_locked_topics | |
79 </macro> | |
80 | |
81 <macro name="unrestricted_posting_permission"> | |
82 Unrestricted_posting | |
83 </macro> | |
84 | |
85 <macro name="is_site_owner" requires="user"> | |
86 <n.owns.root_node /> | |
87 </macro> | |
88 | |
89 <macro name="is_site_admin" requires="user"> | |
90 <n.either> | |
91 <condition1.either> | |
92 <condition1.is_site_owner /> | |
93 <condition2.is_sysadmin /> | |
94 </condition1.either> | |
95 <condition2.is_in_group group="[n.administrators_group/]" /> | |
96 </n.either> | |
97 </macro> | |
98 | |
99 | |
100 <macro name="can_delete" requires="user" dot_parameter="node_attr"> | |
101 <n.both condition1="[n.not.is_banned/]" condition2="[n.owns.node_attr/]"/> | |
102 </macro> | |
103 | |
104 <macro name="can_delete_recursively" requires="user" dot_parameter="node"> | |
105 <n.is_site_admin/> | |
106 </macro> | |
107 | |
108 <macro name="can_edit" requires="user" dot_parameter="node_attr"> | |
109 <n.set_local_user.this_user /> | |
110 <n.set_local_node.node_attr /> | |
111 <n.block.> | |
112 <n.both> | |
113 <condition1.not.local_user.is_banned/> | |
114 <condition2.either> | |
115 <condition1.local_user.owns.local_node /> | |
116 <condition2.either> | |
117 <condition1.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.edit_all_permission/]" /> | |
118 <condition2.both> | |
119 <condition1.local_node.is_app/> | |
120 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.edit_app_permission/]" /> | |
121 </condition2.both> | |
122 </condition2.either> | |
123 </condition2.either> | |
124 </n.both> | |
125 </n.block.> | |
126 </macro> | |
127 | |
128 <macro name="app_or_root" requires="node" dot_parameter="do"> | |
129 <n.if.is_in_app> | |
130 <then.get_app_node.do/> | |
131 <else.root_node.do/> | |
132 </n.if.is_in_app> | |
133 </macro> | |
134 | |
135 <macro name="topic_or_app" requires="node" dot_parameter="do"> | |
136 <n.set_local_node.this_node/> | |
137 <n.block.> | |
138 <n.if.local_node.is_post> | |
139 <then.local_node.topic_node.do/> | |
140 <else.local_node.do/> | |
141 </n.if.local_node.is_post> | |
142 </n.block.> | |
143 </macro> | |
144 | |
145 <macro name="can_change_post_date_of" requires="user" dot_parameter="node_attr"> | |
146 <n.set_local_user.this_user /> | |
147 <n.set_local_node.node_attr/> | |
148 <n.block.> | |
149 <n.both> | |
150 <condition1.not.local_user.is_banned/> | |
151 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.change_post_date_permission/]" /> | |
152 </n.both> | |
153 </n.block.> | |
154 </macro> | |
155 | |
156 <macro name="can_move" requires="user" dot_parameter="node_attr"> | |
157 <n.set_local_user.this_user /> | |
158 <n.set_local_node.node_attr/> | |
159 <n.block.> | |
160 <n.both> | |
161 <condition1.not.local_user.is_banned/> | |
162 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.move_permission/]" /> | |
163 </n.both> | |
164 </n.block.> | |
165 </macro> | |
166 | |
167 <macro name="can_manage_subscribers_of" requires="user" dot_parameter="node_attr"> | |
168 <n.set_local_user.this_user /> | |
169 <n.set_local_node.node_attr/> | |
170 <n.block.> | |
171 <n.both> | |
172 <condition1.not.local_user.is_banned/> | |
173 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.manage_subscribers_permission/]" /> | |
174 </n.both> | |
175 </n.block.> | |
176 </macro> | |
177 | |
178 <macro name="can_create_topic_in" requires="user" dot_parameter="node_attr"> | |
179 <n.set_local_user.this_user /> | |
180 <n.set_local_node.node_attr/> | |
181 <n.block.> | |
182 <n.both> | |
183 <condition1.not.local_user.is_banned/> | |
184 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node/]" permission="[n.create_topic_permission/]" /> | |
185 </n.both> | |
186 </n.block.> | |
187 </macro> | |
188 | |
189 <macro name="can_reply_to" requires="user" dot_parameter="node_attr"> | |
190 <n.set_local_user.this_user /> | |
191 <n.set_local_node.node_attr/> | |
192 <n.block.> | |
193 <n.both> | |
194 <condition1.not.local_user.is_banned/> | |
195 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.topic_or_app/]" permission="[n.reply_permission/]" /> | |
196 </n.both> | |
197 </n.block.> | |
198 </macro> | |
199 | |
200 <macro name="can_post_under" requires="user" dot_parameter="node_attr"> | |
201 <n.set_local_user.this_user /> | |
202 <n.set_local_node.node_attr/> | |
203 <n.block.> | |
204 <n.if.local_node.is_app> | |
205 <then.local_user.can_create_topic_in.local_node/> | |
206 <else.local_user.can_reply_to.local_node/> | |
207 </n.if.local_node.is_app> | |
208 </n.block.> | |
209 </macro> | |
210 | |
211 <macro name="check_posting_under" requires="user" dot_parameter="node_attr"> | |
212 <n.set_local_user.this_user /> | |
213 <n.set_local_node.node_attr/> | |
214 <n.block.> | |
215 <n.if.local_user.is_banned> | |
216 <then.throw_template_exception name="banned"/> | |
217 </n.if.local_user.is_banned> | |
218 <n.if.local_node.is_app> | |
219 <then.if.not.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node/]" permission="[n.create_topic_permission/]" > | |
220 <then.if.local_user.is_anonymous> | |
221 <then.throw_template_exception name="no_anonymous"/> | |
222 <else.throw_template_exception name="no_create_topic_permission"/> | |
223 </then.if.local_user.is_anonymous> | |
224 </then.if.not.local_user.has_permission> | |
225 <else.if.not.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.topic_or_app/]" permission="[n.reply_permission/]" > | |
226 <then.if.local_user.is_anonymous> | |
227 <then.throw_template_exception name="no_anonymous"/> | |
228 <else.throw_template_exception name="no_reply_permission"/> | |
229 </then.if.local_user.is_anonymous> | |
230 </else.if.not.local_user.has_permission> | |
231 </n.if.local_node.is_app> | |
232 </n.block.> | |
233 </macro> | |
234 | |
235 <macro name="any_registered_user_can_create_topics" requires="node"> | |
19
18cf4872fd7f
remove anonymous posting
Franklin Schmidt <fschmidt@gmail.com>
parents:
0
diff
changeset
|
236 <n.groups_have_permission groups="[n.anyone_group/]" permission="[n.create_topic_permission/]" /> |
0 | 237 </macro> |
238 | |
239 <macro name="only_members_can_create_topics" requires="node"> | |
240 <n.not.any_registered_user_can_create_topics/> | |
241 </macro> | |
242 | |
243 <macro name="can_view" requires="user" dot_parameter="node_attr"> | |
244 <n.set_local_user.this_user /> | |
245 <n.set_local_node.node_attr/> | |
246 <n.block.> | |
247 <n.either> | |
248 <condition1.local_user.owns.local_node/> | |
249 <condition2.either> | |
250 <condition1.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.view_permission/]" /> | |
251 <condition2.local_user.is_site_admin /> | |
252 </condition2.either> | |
253 </n.either> | |
254 </n.block.> | |
255 </macro> | |
256 | |
257 <macro name="can_manage_users_and_groups" requires="user"> | |
258 <n.is_site_admin/> | |
259 </macro> | |
260 | |
261 <macro name="can_manage_banned_users" requires="user"> | |
262 <n.has_site_permission permission="[n.manage_banned_users_permission/]" /> | |
263 </macro> | |
264 | |
265 <macro name="can_change_permissions_of" requires="user" dot_parameter="node_attr"> | |
266 <n.is_site_admin/> | |
267 </macro> | |
268 | |
269 <macro name="can_create_sub_apps_under" requires="user" dot_parameter="node_attr"> | |
270 <n.set_local_user.this_user /> | |
271 <n.set_local_node.node_attr/> | |
272 <n.block.> | |
273 <n.both> | |
274 <condition1.not.local_user.is_banned/> | |
275 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node/]" permission="[n.create_sub_apps_permission/]" /> | |
276 </n.both> | |
277 </n.block.> | |
278 </macro> | |
279 | |
280 <macro name="can_manage_pinned_topics_in" requires="user" dot_parameter="node_attr"> | |
281 <n.set_local_user.this_user /> | |
282 <n.set_local_node.node_attr/> | |
283 <n.block.> | |
284 <n.both> | |
285 <condition1.not.local_user.is_banned/> | |
286 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.manage_pinned_topics_permission/]" /> | |
287 </n.both> | |
288 </n.block.> | |
289 </macro> | |
290 | |
291 <macro name="can_manage_locked_topics_in" requires="user" dot_parameter="node_attr"> | |
292 <n.set_local_user.this_user /> | |
293 <n.set_local_node.node_attr/> | |
294 <n.block.> | |
295 <n.both> | |
296 <condition1.not.local_user.is_banned/> | |
297 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.manage_locked_topics_permission/]" /> | |
298 </n.both> | |
299 </n.block.> | |
300 </macro> | |
301 | |
302 <macro name="has_unrestricted_posting" requires="node"> | |
303 <n.set_local_node.this_node/> | |
304 <n.local_node.owner.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.unrestricted_posting_permission/]" /> | |
305 </macro> | |
306 | |
307 <macro name="allows_showing_members_of" requires="node" dot_parameter="group"> | |
308 <n.has_permission permission="[n.show_group_members_permission/]" group="[n.group/]" /> | |
309 </macro> | |
310 | |
311 <macro name="has_people_page" requires="node"> | |
312 <n.has_groups_with_permission.show_group_members_permission/> | |
313 </macro> | |
314 | |
315 <macro name="can_be_displayed_in" requires="user" dot_parameter="node_attr"> | |
316 <n.set_local_user.this_user /> | |
317 <n.set_local_node.node_attr/> | |
318 <n.block.> | |
319 <n.both> | |
320 <condition1.not.local_user.is_banned/> | |
321 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.show_group_members_permission/]" /> | |
322 </n.both> | |
323 </n.block.> | |
324 </macro> | |
325 | |
326 | |
327 | |
328 <macro name="get read authorization key" requires="http_request"> | |
329 <n.if.not.has_parameter name="node"> | |
330 <then.exit/> | |
331 </n.if.not.has_parameter> | |
332 <n.get_node_from_parameter.> | |
333 <n.if.equal value1="[n.get_parameter name='macro'/]" value2="unauthorized"> | |
334 <then.exit/> | |
335 </n.if.equal> | |
21 | 336 <n.if.is_private> |
337 <then.get_private_node.id /> | |
338 <else.if.is_semiprivate> | |
339 <then.id /> | |
340 </else.if.is_semiprivate> | |
341 </n.if.is_private> | |
0 | 342 </n.get_node_from_parameter.> |
343 </macro> | |
344 | |
345 <macro name="authorization_node" dot_parameter="do" requires="read_authorization"> | |
346 <n.get_node_from_id node_id="[n.authorization_key/]" do="[n.do/]" /> | |
347 </macro> | |
348 | |
349 <macro name="authorize for read" requires="read_authorization,servlet"> | |
350 <n.if.visitor.is_anonymous> | |
351 <then> | |
352 <n.redirect_to.> | |
353 <n.login_path> | |
354 <message> | |
355 <t>You must login to view <t.subject.authorization_node.subject/>.</t> | |
356 </message> | |
357 <nextUrl> | |
358 <n.current_path/> | |
359 </nextUrl> | |
360 </n.login_path> | |
361 </n.redirect_to.> | |
362 <n.false /> | |
363 <n.exit /> | |
364 </then> | |
365 </n.if.visitor.is_anonymous> | |
366 <n.if> | |
367 <condition.either> | |
368 <condition1.visitor.can_view.authorization_node /> | |
369 <condition2.visitor.owns.get_node_from_parameter /> | |
370 </condition.either> | |
371 <then.true /> | |
372 <else> | |
373 <n.redirect_to.authorization_node.unauthorized_path /> | |
374 <n.false /> | |
375 </else> | |
376 </n.if> | |
377 </macro> |