Mercurial Hosting > nabble

comparison src/nabble/view/naml/permissions.naml @ 0:7ecd1a4ef557

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
add content
author Franklin Schmidt <fschmidt@gmail.com>
date Thu, 21 Mar 2019 19:15:52 -0600
parents
children 18cf4872fd7f
comparison
equal deleted inserted replaced
-1:000000000000 0:7ecd1a4ef557
1 <macro name="current_permission_version">
2 standard-6
3 </macro>
4
5 <macro name="update_default_permissions">
6 <n.set_default_permissions. version="[n.current_permission_version/]" >
7 <n.add_permission permission="[n.view_permission/]" group="[n.anyone_group/]" />
8 <n.add_permission permission="[n.edit_app_permission/]" group="[n.administrators_group/]" />
9 <n.add_permission permission="[n.reply_permission/]" group="[n.anyone_group/]" />
10 <n.add_permission permission="[n.create_topic_permission/]" group="[n.anyone_group/]" />
11 <n.add_permission permission="[n.move_permission/]" group="[n.authors_group/]" />
12 <n.add_permission permission="[n.move_permission/]" group="[n.administrators_group/]" />
13 <n.add_permission permission="[n.create_sub_apps_permission/]" group="[n.administrators_group/]" />
14 <n.add_permission permission="[n.change_post_date_permission/]" group="[n.administrators_group/]" />
15 <n.add_permission permission="[n.manage_subscribers_permission/]" group="[n.administrators_group/]" />
16 <n.add_site_permission permission="[n.manage_banned_users_permission/]" group="[n.administrators_group/]" />
17 <n.add_permission permission="[n.manage_pinned_topics_permission/]" group="[n.administrators_group/]" />
18 <n.add_permission permission="[n.manage_locked_topics_permission/]" group="[n.administrators_group/]" />
19 <n.add_permission permission="[n.show_group_members_permission/]" group="[n.registered_group/]" />
20 <n.add_permission permission="[n.show_group_members_permission/]" group="[n.administrators_group/]" />
21 <n.add_permission permission="[n.show_group_members_permission/]" group="[n.members_group/]" />
22 </n.set_default_permissions.>
23 </macro>
24
25 <macro name="banned_group">
26 Banned
27 </macro>
28
29 <macro name="members_group">
30 Members
31 </macro>
32
33 <macro name="registered_user_groups">
34 <n.anyone_group/>,<n.registered_group/>
35 </macro>
36
37 <macro name="edit_app_permission">
38 Edit_app
39 </macro>
40
41 <macro name="edit_all_permission">
42 Edit_all
43 </macro>
44
45 <macro name="reply_permission">
46 Reply
47 </macro>
48
49 <macro name="create_topic_permission">
50 Create_topic
51 </macro>
52
53 <macro name="move_permission">
54 Move
55 </macro>
56
57 <macro name="manage_subscribers_permission">
58 Manage_Subscribers
59 </macro>
60
61 <macro name="create_sub_apps_permission">
62 Create_sub_apps
63 </macro>
64
65 <macro name="change_post_date_permission">
66 Change_post_date
67 </macro>
68
69 <macro name="show_group_members_permission">
70 Show_group_members
71 </macro>
72
73 <macro name="manage_banned_users_permission">
74 Manage_banned_users
75 </macro>
76
77 <macro name="manage_pinned_topics_permission">
78 Manage_pinned_topics
79 </macro>
80
81 <macro name="manage_locked_topics_permission">
82 Manage_locked_topics
83 </macro>
84
85 <macro name="unrestricted_posting_permission">
86 Unrestricted_posting
87 </macro>
88
89 <macro name="is_site_owner" requires="user">
90 <n.owns.root_node />
91 </macro>
92
93 <macro name="is_site_admin" requires="user">
94 <n.either>
95 <condition1.either>
96 <condition1.is_site_owner />
97 <condition2.is_sysadmin />
98 </condition1.either>
99 <condition2.is_in_group group="[n.administrators_group/]" />
100 </n.either>
101 </macro>
102
103
104 <macro name="can_delete" requires="user" dot_parameter="node_attr">
105 <n.both condition1="[n.not.is_banned/]" condition2="[n.owns.node_attr/]"/>
106 </macro>
107
108 <macro name="can_delete_recursively" requires="user" dot_parameter="node">
109 <n.is_site_admin/>
110 </macro>
111
112 <macro name="can_edit" requires="user" dot_parameter="node_attr">
113 <n.set_local_user.this_user />
114 <n.set_local_node.node_attr />
115 <n.block.>
116 <n.both>
117 <condition1.not.local_user.is_banned/>
118 <condition2.either>
119 <condition1.local_user.owns.local_node />
120 <condition2.either>
121 <condition1.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.edit_all_permission/]" />
122 <condition2.both>
123 <condition1.local_node.is_app/>
124 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.edit_app_permission/]" />
125 </condition2.both>
126 </condition2.either>
127 </condition2.either>
128 </n.both>
129 </n.block.>
130 </macro>
131
132 <macro name="app_or_root" requires="node" dot_parameter="do">
133 <n.if.is_in_app>
134 <then.get_app_node.do/>
135 <else.root_node.do/>
136 </n.if.is_in_app>
137 </macro>
138
139 <macro name="topic_or_app" requires="node" dot_parameter="do">
140 <n.set_local_node.this_node/>
141 <n.block.>
142 <n.if.local_node.is_post>
143 <then.local_node.topic_node.do/>
144 <else.local_node.do/>
145 </n.if.local_node.is_post>
146 </n.block.>
147 </macro>
148
149 <macro name="can_change_post_date_of" requires="user" dot_parameter="node_attr">
150 <n.set_local_user.this_user />
151 <n.set_local_node.node_attr/>
152 <n.block.>
153 <n.both>
154 <condition1.not.local_user.is_banned/>
155 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.change_post_date_permission/]" />
156 </n.both>
157 </n.block.>
158 </macro>
159
160 <macro name="can_move" requires="user" dot_parameter="node_attr">
161 <n.set_local_user.this_user />
162 <n.set_local_node.node_attr/>
163 <n.block.>
164 <n.both>
165 <condition1.not.local_user.is_banned/>
166 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.move_permission/]" />
167 </n.both>
168 </n.block.>
169 </macro>
170
171 <macro name="can_manage_subscribers_of" requires="user" dot_parameter="node_attr">
172 <n.set_local_user.this_user />
173 <n.set_local_node.node_attr/>
174 <n.block.>
175 <n.both>
176 <condition1.not.local_user.is_banned/>
177 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.manage_subscribers_permission/]" />
178 </n.both>
179 </n.block.>
180 </macro>
181
182 <macro name="can_create_topic_in" requires="user" dot_parameter="node_attr">
183 <n.set_local_user.this_user />
184 <n.set_local_node.node_attr/>
185 <n.block.>
186 <n.both>
187 <condition1.not.local_user.is_banned/>
188 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node/]" permission="[n.create_topic_permission/]" />
189 </n.both>
190 </n.block.>
191 </macro>
192
193 <macro name="can_reply_to" requires="user" dot_parameter="node_attr">
194 <n.set_local_user.this_user />
195 <n.set_local_node.node_attr/>
196 <n.block.>
197 <n.both>
198 <condition1.not.local_user.is_banned/>
199 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.topic_or_app/]" permission="[n.reply_permission/]" />
200 </n.both>
201 </n.block.>
202 </macro>
203
204 <macro name="can_post_under" requires="user" dot_parameter="node_attr">
205 <n.set_local_user.this_user />
206 <n.set_local_node.node_attr/>
207 <n.block.>
208 <n.if.local_node.is_app>
209 <then.local_user.can_create_topic_in.local_node/>
210 <else.local_user.can_reply_to.local_node/>
211 </n.if.local_node.is_app>
212 </n.block.>
213 </macro>
214
215 <macro name="check_posting_under" requires="user" dot_parameter="node_attr">
216 <n.set_local_user.this_user />
217 <n.set_local_node.node_attr/>
218 <n.block.>
219 <n.if.local_user.is_banned>
220 <then.throw_template_exception name="banned"/>
221 </n.if.local_user.is_banned>
222 <n.if.both condition1="[n.local_node.is_associated_with_mailing_list_archive/]" condition2="[n.not.local_user.is_authenticated/]">
223 <then.throw_template_exception name="no_anonymous"/>
224 </n.if.both>
225 <n.if.local_node.is_app>
226 <then.if.not.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node/]" permission="[n.create_topic_permission/]" >
227 <then.if.local_user.is_anonymous>
228 <then.throw_template_exception name="no_anonymous"/>
229 <else.throw_template_exception name="no_create_topic_permission"/>
230 </then.if.local_user.is_anonymous>
231 </then.if.not.local_user.has_permission>
232 <else.if.not.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.topic_or_app/]" permission="[n.reply_permission/]" >
233 <then.if.local_user.is_anonymous>
234 <then.throw_template_exception name="no_anonymous"/>
235 <else.throw_template_exception name="no_reply_permission"/>
236 </then.if.local_user.is_anonymous>
237 </else.if.not.local_user.has_permission>
238 </n.if.local_node.is_app>
239 </n.block.>
240 </macro>
241
242 <macro name="any_registered_user_can_create_topics" requires="node">
243 <n.groups_have_permission groups="[n.registered_user_groups/]" permission="[n.create_topic_permission/]" />
244 </macro>
245
246 <macro name="only_members_can_create_topics" requires="node">
247 <n.not.any_registered_user_can_create_topics/>
248 </macro>
249
250 <macro name="can_view" requires="user" dot_parameter="node_attr">
251 <n.set_local_user.this_user />
252 <n.set_local_node.node_attr/>
253 <n.block.>
254 <n.either>
255 <condition1.local_user.owns.local_node/>
256 <condition2.either>
257 <condition1.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.view_permission/]" />
258 <condition2.local_user.is_site_admin />
259 </condition2.either>
260 </n.either>
261 </n.block.>
262 </macro>
263
264 <macro name="can_manage_users_and_groups" requires="user">
265 <n.is_site_admin/>
266 </macro>
267
268 <macro name="can_manage_banned_users" requires="user">
269 <n.has_site_permission permission="[n.manage_banned_users_permission/]" />
270 </macro>
271
272 <macro name="can_change_permissions_of" requires="user" dot_parameter="node_attr">
273 <n.is_site_admin/>
274 </macro>
275
276 <macro name="can_create_sub_apps_under" requires="user" dot_parameter="node_attr">
277 <n.set_local_user.this_user />
278 <n.set_local_node.node_attr/>
279 <n.block.>
280 <n.both>
281 <condition1.not.local_user.is_banned/>
282 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node/]" permission="[n.create_sub_apps_permission/]" />
283 </n.both>
284 </n.block.>
285 </macro>
286
287 <macro name="can_manage_pinned_topics_in" requires="user" dot_parameter="node_attr">
288 <n.set_local_user.this_user />
289 <n.set_local_node.node_attr/>
290 <n.block.>
291 <n.both>
292 <condition1.not.local_user.is_banned/>
293 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.manage_pinned_topics_permission/]" />
294 </n.both>
295 </n.block.>
296 </macro>
297
298 <macro name="can_manage_locked_topics_in" requires="user" dot_parameter="node_attr">
299 <n.set_local_user.this_user />
300 <n.set_local_node.node_attr/>
301 <n.block.>
302 <n.both>
303 <condition1.not.local_user.is_banned/>
304 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.manage_locked_topics_permission/]" />
305 </n.both>
306 </n.block.>
307 </macro>
308
309 <macro name="has_unrestricted_posting" requires="node">
310 <n.set_local_node.this_node/>
311 <n.local_node.owner.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.unrestricted_posting_permission/]" />
312 </macro>
313
314 <macro name="allows_showing_members_of" requires="node" dot_parameter="group">
315 <n.has_permission permission="[n.show_group_members_permission/]" group="[n.group/]" />
316 </macro>
317
318 <macro name="has_people_page" requires="node">
319 <n.has_groups_with_permission.show_group_members_permission/>
320 </macro>
321
322 <macro name="can_be_displayed_in" requires="user" dot_parameter="node_attr">
323 <n.set_local_user.this_user />
324 <n.set_local_node.node_attr/>
325 <n.block.>
326 <n.both>
327 <condition1.not.local_user.is_banned/>
328 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.show_group_members_permission/]" />
329 </n.both>
330 </n.block.>
331 </macro>
332
333
334
335 <macro name="get read authorization key" requires="http_request">
336 <n.if.not.has_parameter name="node">
337 <then.exit/>
338 </n.if.not.has_parameter>
339 <n.get_node_from_parameter.>
340 <n.if.equal value1="[n.get_parameter name='macro'/]" value2="unauthorized">
341 <then.exit/>
342 </n.if.equal>
343 <n.if.not.is_private>
344 <then.exit/>
345 </n.if.not.is_private>
346 <n.get_private_node.id />
347 </n.get_node_from_parameter.>
348 </macro>
349
350 <macro name="authorization_node" dot_parameter="do" requires="read_authorization">
351 <n.get_node_from_id node_id="[n.authorization_key/]" do="[n.do/]" />
352 </macro>
353
354 <macro name="authorize for read" requires="read_authorization,servlet">
355 <n.if.visitor.is_anonymous>
356 <then>
357 <n.redirect_to.>
358 <n.login_path>
359 <message>
360 <t>You must login to view <t.subject.authorization_node.subject/>.</t>
361 </message>
362 <nextUrl>
363 <n.current_path/>
364 </nextUrl>
365 </n.login_path>
366 </n.redirect_to.>
367 <n.false />
368 <n.exit />
369 </then>
370 </n.if.visitor.is_anonymous>
371 <n.if>
372 <condition.either>
373 <condition1.visitor.can_view.authorization_node />
374 <condition2.visitor.owns.get_node_from_parameter />
375 </condition.either>
376 <then.true />
377 <else>
378 <n.redirect_to.authorization_node.unauthorized_path />
379 <n.false />
380 </else>
381 </n.if>
382 </macro>