Mercurial Hosting > nabble
annotate src/nabble/view/naml/permissions.naml @ 21:aba8ed4c8a06
semiprivate
| author | Franklin Schmidt <fschmidt@gmail.com> |
|---|---|
| date | Sat, 13 Jun 2020 22:30:48 -0600 |
| parents | 18cf4872fd7f |
| children | b0e75dfe1853 |
| rev | line source |
|---|---|
| 0 | 1 <macro name="current_permission_version"> |
|
19
18cf4872fd7f
remove anonymous posting
Franklin Schmidt <fschmidt@gmail.com>
parents:
0
diff
changeset
|
2 standard-7 |
| 0 | 3 </macro> |
| 4 | |
| 5 <macro name="update_default_permissions"> | |
| 6 <n.set_default_permissions. version="[n.current_permission_version/]" > | |
| 7 <n.add_permission permission="[n.view_permission/]" group="[n.anyone_group/]" /> | |
| 8 <n.add_permission permission="[n.edit_app_permission/]" group="[n.administrators_group/]" /> | |
| 9 <n.add_permission permission="[n.reply_permission/]" group="[n.anyone_group/]" /> | |
| 10 <n.add_permission permission="[n.create_topic_permission/]" group="[n.anyone_group/]" /> | |
| 11 <n.add_permission permission="[n.move_permission/]" group="[n.authors_group/]" /> | |
| 12 <n.add_permission permission="[n.move_permission/]" group="[n.administrators_group/]" /> | |
| 13 <n.add_permission permission="[n.create_sub_apps_permission/]" group="[n.administrators_group/]" /> | |
| 14 <n.add_permission permission="[n.change_post_date_permission/]" group="[n.administrators_group/]" /> | |
| 15 <n.add_permission permission="[n.manage_subscribers_permission/]" group="[n.administrators_group/]" /> | |
| 16 <n.add_site_permission permission="[n.manage_banned_users_permission/]" group="[n.administrators_group/]" /> | |
| 17 <n.add_permission permission="[n.manage_pinned_topics_permission/]" group="[n.administrators_group/]" /> | |
| 18 <n.add_permission permission="[n.manage_locked_topics_permission/]" group="[n.administrators_group/]" /> | |
|
19
18cf4872fd7f
remove anonymous posting
Franklin Schmidt <fschmidt@gmail.com>
parents:
0
diff
changeset
|
19 <n.add_permission permission="[n.show_group_members_permission/]" group="[n.anyone_group/]" /> |
| 0 | 20 <n.add_permission permission="[n.show_group_members_permission/]" group="[n.administrators_group/]" /> |
| 21 <n.add_permission permission="[n.show_group_members_permission/]" group="[n.members_group/]" /> | |
| 22 </n.set_default_permissions.> | |
| 23 </macro> | |
| 24 | |
| 25 <macro name="banned_group"> | |
| 26 Banned | |
| 27 </macro> | |
| 28 | |
| 29 <macro name="members_group"> | |
| 30 Members | |
| 31 </macro> | |
| 32 | |
| 33 <macro name="edit_app_permission"> | |
| 34 Edit_app | |
| 35 </macro> | |
| 36 | |
| 37 <macro name="edit_all_permission"> | |
| 38 Edit_all | |
| 39 </macro> | |
| 40 | |
| 41 <macro name="reply_permission"> | |
| 42 Reply | |
| 43 </macro> | |
| 44 | |
| 45 <macro name="create_topic_permission"> | |
| 46 Create_topic | |
| 47 </macro> | |
| 48 | |
| 49 <macro name="move_permission"> | |
| 50 Move | |
| 51 </macro> | |
| 52 | |
| 53 <macro name="manage_subscribers_permission"> | |
| 54 Manage_Subscribers | |
| 55 </macro> | |
| 56 | |
| 57 <macro name="create_sub_apps_permission"> | |
| 58 Create_sub_apps | |
| 59 </macro> | |
| 60 | |
| 61 <macro name="change_post_date_permission"> | |
| 62 Change_post_date | |
| 63 </macro> | |
| 64 | |
| 65 <macro name="show_group_members_permission"> | |
| 66 Show_group_members | |
| 67 </macro> | |
| 68 | |
| 69 <macro name="manage_banned_users_permission"> | |
| 70 Manage_banned_users | |
| 71 </macro> | |
| 72 | |
| 73 <macro name="manage_pinned_topics_permission"> | |
| 74 Manage_pinned_topics | |
| 75 </macro> | |
| 76 | |
| 77 <macro name="manage_locked_topics_permission"> | |
| 78 Manage_locked_topics | |
| 79 </macro> | |
| 80 | |
| 81 <macro name="unrestricted_posting_permission"> | |
| 82 Unrestricted_posting | |
| 83 </macro> | |
| 84 | |
| 85 <macro name="is_site_owner" requires="user"> | |
| 86 <n.owns.root_node /> | |
| 87 </macro> | |
| 88 | |
| 89 <macro name="is_site_admin" requires="user"> | |
| 90 <n.either> | |
| 91 <condition1.either> | |
| 92 <condition1.is_site_owner /> | |
| 93 <condition2.is_sysadmin /> | |
| 94 </condition1.either> | |
| 95 <condition2.is_in_group group="[n.administrators_group/]" /> | |
| 96 </n.either> | |
| 97 </macro> | |
| 98 | |
| 99 | |
| 100 <macro name="can_delete" requires="user" dot_parameter="node_attr"> | |
| 101 <n.both condition1="[n.not.is_banned/]" condition2="[n.owns.node_attr/]"/> | |
| 102 </macro> | |
| 103 | |
| 104 <macro name="can_delete_recursively" requires="user" dot_parameter="node"> | |
| 105 <n.is_site_admin/> | |
| 106 </macro> | |
| 107 | |
| 108 <macro name="can_edit" requires="user" dot_parameter="node_attr"> | |
| 109 <n.set_local_user.this_user /> | |
| 110 <n.set_local_node.node_attr /> | |
| 111 <n.block.> | |
| 112 <n.both> | |
| 113 <condition1.not.local_user.is_banned/> | |
| 114 <condition2.either> | |
| 115 <condition1.local_user.owns.local_node /> | |
| 116 <condition2.either> | |
| 117 <condition1.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.edit_all_permission/]" /> | |
| 118 <condition2.both> | |
| 119 <condition1.local_node.is_app/> | |
| 120 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.edit_app_permission/]" /> | |
| 121 </condition2.both> | |
| 122 </condition2.either> | |
| 123 </condition2.either> | |
| 124 </n.both> | |
| 125 </n.block.> | |
| 126 </macro> | |
| 127 | |
| 128 <macro name="app_or_root" requires="node" dot_parameter="do"> | |
| 129 <n.if.is_in_app> | |
| 130 <then.get_app_node.do/> | |
| 131 <else.root_node.do/> | |
| 132 </n.if.is_in_app> | |
| 133 </macro> | |
| 134 | |
| 135 <macro name="topic_or_app" requires="node" dot_parameter="do"> | |
| 136 <n.set_local_node.this_node/> | |
| 137 <n.block.> | |
| 138 <n.if.local_node.is_post> | |
| 139 <then.local_node.topic_node.do/> | |
| 140 <else.local_node.do/> | |
| 141 </n.if.local_node.is_post> | |
| 142 </n.block.> | |
| 143 </macro> | |
| 144 | |
| 145 <macro name="can_change_post_date_of" requires="user" dot_parameter="node_attr"> | |
| 146 <n.set_local_user.this_user /> | |
| 147 <n.set_local_node.node_attr/> | |
| 148 <n.block.> | |
| 149 <n.both> | |
| 150 <condition1.not.local_user.is_banned/> | |
| 151 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.change_post_date_permission/]" /> | |
| 152 </n.both> | |
| 153 </n.block.> | |
| 154 </macro> | |
| 155 | |
| 156 <macro name="can_move" requires="user" dot_parameter="node_attr"> | |
| 157 <n.set_local_user.this_user /> | |
| 158 <n.set_local_node.node_attr/> | |
| 159 <n.block.> | |
| 160 <n.both> | |
| 161 <condition1.not.local_user.is_banned/> | |
| 162 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.move_permission/]" /> | |
| 163 </n.both> | |
| 164 </n.block.> | |
| 165 </macro> | |
| 166 | |
| 167 <macro name="can_manage_subscribers_of" requires="user" dot_parameter="node_attr"> | |
| 168 <n.set_local_user.this_user /> | |
| 169 <n.set_local_node.node_attr/> | |
| 170 <n.block.> | |
| 171 <n.both> | |
| 172 <condition1.not.local_user.is_banned/> | |
| 173 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.manage_subscribers_permission/]" /> | |
| 174 </n.both> | |
| 175 </n.block.> | |
| 176 </macro> | |
| 177 | |
| 178 <macro name="can_create_topic_in" requires="user" dot_parameter="node_attr"> | |
| 179 <n.set_local_user.this_user /> | |
| 180 <n.set_local_node.node_attr/> | |
| 181 <n.block.> | |
| 182 <n.both> | |
| 183 <condition1.not.local_user.is_banned/> | |
| 184 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node/]" permission="[n.create_topic_permission/]" /> | |
| 185 </n.both> | |
| 186 </n.block.> | |
| 187 </macro> | |
| 188 | |
| 189 <macro name="can_reply_to" requires="user" dot_parameter="node_attr"> | |
| 190 <n.set_local_user.this_user /> | |
| 191 <n.set_local_node.node_attr/> | |
| 192 <n.block.> | |
| 193 <n.both> | |
| 194 <condition1.not.local_user.is_banned/> | |
| 195 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.topic_or_app/]" permission="[n.reply_permission/]" /> | |
| 196 </n.both> | |
| 197 </n.block.> | |
| 198 </macro> | |
| 199 | |
| 200 <macro name="can_post_under" requires="user" dot_parameter="node_attr"> | |
| 201 <n.set_local_user.this_user /> | |
| 202 <n.set_local_node.node_attr/> | |
| 203 <n.block.> | |
| 204 <n.if.local_node.is_app> | |
| 205 <then.local_user.can_create_topic_in.local_node/> | |
| 206 <else.local_user.can_reply_to.local_node/> | |
| 207 </n.if.local_node.is_app> | |
| 208 </n.block.> | |
| 209 </macro> | |
| 210 | |
| 211 <macro name="check_posting_under" requires="user" dot_parameter="node_attr"> | |
| 212 <n.set_local_user.this_user /> | |
| 213 <n.set_local_node.node_attr/> | |
| 214 <n.block.> | |
| 215 <n.if.local_user.is_banned> | |
| 216 <then.throw_template_exception name="banned"/> | |
| 217 </n.if.local_user.is_banned> | |
| 218 <n.if.local_node.is_app> | |
| 219 <then.if.not.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node/]" permission="[n.create_topic_permission/]" > | |
| 220 <then.if.local_user.is_anonymous> | |
| 221 <then.throw_template_exception name="no_anonymous"/> | |
| 222 <else.throw_template_exception name="no_create_topic_permission"/> | |
| 223 </then.if.local_user.is_anonymous> | |
| 224 </then.if.not.local_user.has_permission> | |
| 225 <else.if.not.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.topic_or_app/]" permission="[n.reply_permission/]" > | |
| 226 <then.if.local_user.is_anonymous> | |
| 227 <then.throw_template_exception name="no_anonymous"/> | |
| 228 <else.throw_template_exception name="no_reply_permission"/> | |
| 229 </then.if.local_user.is_anonymous> | |
| 230 </else.if.not.local_user.has_permission> | |
| 231 </n.if.local_node.is_app> | |
| 232 </n.block.> | |
| 233 </macro> | |
| 234 | |
| 235 <macro name="any_registered_user_can_create_topics" requires="node"> | |
|
19
18cf4872fd7f
remove anonymous posting
Franklin Schmidt <fschmidt@gmail.com>
parents:
0
diff
changeset
|
236 <n.groups_have_permission groups="[n.anyone_group/]" permission="[n.create_topic_permission/]" /> |
| 0 | 237 </macro> |
| 238 | |
| 239 <macro name="only_members_can_create_topics" requires="node"> | |
| 240 <n.not.any_registered_user_can_create_topics/> | |
| 241 </macro> | |
| 242 | |
| 243 <macro name="can_view" requires="user" dot_parameter="node_attr"> | |
| 244 <n.set_local_user.this_user /> | |
| 245 <n.set_local_node.node_attr/> | |
| 246 <n.block.> | |
| 247 <n.either> | |
| 248 <condition1.local_user.owns.local_node/> | |
| 249 <condition2.either> | |
| 250 <condition1.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.view_permission/]" /> | |
| 251 <condition2.local_user.is_site_admin /> | |
| 252 </condition2.either> | |
| 253 </n.either> | |
| 254 </n.block.> | |
| 255 </macro> | |
| 256 | |
| 257 <macro name="can_manage_users_and_groups" requires="user"> | |
| 258 <n.is_site_admin/> | |
| 259 </macro> | |
| 260 | |
| 261 <macro name="can_manage_banned_users" requires="user"> | |
| 262 <n.has_site_permission permission="[n.manage_banned_users_permission/]" /> | |
| 263 </macro> | |
| 264 | |
| 265 <macro name="can_change_permissions_of" requires="user" dot_parameter="node_attr"> | |
| 266 <n.is_site_admin/> | |
| 267 </macro> | |
| 268 | |
| 269 <macro name="can_create_sub_apps_under" requires="user" dot_parameter="node_attr"> | |
| 270 <n.set_local_user.this_user /> | |
| 271 <n.set_local_node.node_attr/> | |
| 272 <n.block.> | |
| 273 <n.both> | |
| 274 <condition1.not.local_user.is_banned/> | |
| 275 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node/]" permission="[n.create_sub_apps_permission/]" /> | |
| 276 </n.both> | |
| 277 </n.block.> | |
| 278 </macro> | |
| 279 | |
| 280 <macro name="can_manage_pinned_topics_in" requires="user" dot_parameter="node_attr"> | |
| 281 <n.set_local_user.this_user /> | |
| 282 <n.set_local_node.node_attr/> | |
| 283 <n.block.> | |
| 284 <n.both> | |
| 285 <condition1.not.local_user.is_banned/> | |
| 286 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.manage_pinned_topics_permission/]" /> | |
| 287 </n.both> | |
| 288 </n.block.> | |
| 289 </macro> | |
| 290 | |
| 291 <macro name="can_manage_locked_topics_in" requires="user" dot_parameter="node_attr"> | |
| 292 <n.set_local_user.this_user /> | |
| 293 <n.set_local_node.node_attr/> | |
| 294 <n.block.> | |
| 295 <n.both> | |
| 296 <condition1.not.local_user.is_banned/> | |
| 297 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.manage_locked_topics_permission/]" /> | |
| 298 </n.both> | |
| 299 </n.block.> | |
| 300 </macro> | |
| 301 | |
| 302 <macro name="has_unrestricted_posting" requires="node"> | |
| 303 <n.set_local_node.this_node/> | |
| 304 <n.local_node.owner.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.unrestricted_posting_permission/]" /> | |
| 305 </macro> | |
| 306 | |
| 307 <macro name="allows_showing_members_of" requires="node" dot_parameter="group"> | |
| 308 <n.has_permission permission="[n.show_group_members_permission/]" group="[n.group/]" /> | |
| 309 </macro> | |
| 310 | |
| 311 <macro name="has_people_page" requires="node"> | |
| 312 <n.has_groups_with_permission.show_group_members_permission/> | |
| 313 </macro> | |
| 314 | |
| 315 <macro name="can_be_displayed_in" requires="user" dot_parameter="node_attr"> | |
| 316 <n.set_local_user.this_user /> | |
| 317 <n.set_local_node.node_attr/> | |
| 318 <n.block.> | |
| 319 <n.both> | |
| 320 <condition1.not.local_user.is_banned/> | |
| 321 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.show_group_members_permission/]" /> | |
| 322 </n.both> | |
| 323 </n.block.> | |
| 324 </macro> | |
| 325 | |
| 326 | |
| 327 | |
| 328 <macro name="get read authorization key" requires="http_request"> | |
| 329 <n.if.not.has_parameter name="node"> | |
| 330 <then.exit/> | |
| 331 </n.if.not.has_parameter> | |
| 332 <n.get_node_from_parameter.> | |
| 333 <n.if.equal value1="[n.get_parameter name='macro'/]" value2="unauthorized"> | |
| 334 <then.exit/> | |
| 335 </n.if.equal> | |
| 21 | 336 <n.if.is_private> |
| 337 <then.get_private_node.id /> | |
| 338 <else.if.is_semiprivate> | |
| 339 <then.id /> | |
| 340 </else.if.is_semiprivate> | |
| 341 </n.if.is_private> | |
| 0 | 342 </n.get_node_from_parameter.> |
| 343 </macro> | |
| 344 | |
| 345 <macro name="authorization_node" dot_parameter="do" requires="read_authorization"> | |
| 346 <n.get_node_from_id node_id="[n.authorization_key/]" do="[n.do/]" /> | |
| 347 </macro> | |
| 348 | |
| 349 <macro name="authorize for read" requires="read_authorization,servlet"> | |
| 350 <n.if.visitor.is_anonymous> | |
| 351 <then> | |
| 352 <n.redirect_to.> | |
| 353 <n.login_path> | |
| 354 <message> | |
| 355 <t>You must login to view <t.subject.authorization_node.subject/>.</t> | |
| 356 </message> | |
| 357 <nextUrl> | |
| 358 <n.current_path/> | |
| 359 </nextUrl> | |
| 360 </n.login_path> | |
| 361 </n.redirect_to.> | |
| 362 <n.false /> | |
| 363 <n.exit /> | |
| 364 </then> | |
| 365 </n.if.visitor.is_anonymous> | |
| 366 <n.if> | |
| 367 <condition.either> | |
| 368 <condition1.visitor.can_view.authorization_node /> | |
| 369 <condition2.visitor.owns.get_node_from_parameter /> | |
| 370 </condition.either> | |
| 371 <then.true /> | |
| 372 <else> | |
| 373 <n.redirect_to.authorization_node.unauthorized_path /> | |
| 374 <n.false /> | |
| 375 </else> | |
| 376 </n.if> | |
| 377 </macro> |