Mercurial Hosting > nabble
comparison src/nabble/view/naml/permissions.naml @ 0:7ecd1a4ef557
add content
author | Franklin Schmidt <fschmidt@gmail.com> |
---|---|
date | Thu, 21 Mar 2019 19:15:52 -0600 |
parents | |
children | 18cf4872fd7f |
comparison
equal
deleted
inserted
replaced
-1:000000000000 | 0:7ecd1a4ef557 |
---|---|
1 <macro name="current_permission_version"> | |
2 standard-6 | |
3 </macro> | |
4 | |
5 <macro name="update_default_permissions"> | |
6 <n.set_default_permissions. version="[n.current_permission_version/]" > | |
7 <n.add_permission permission="[n.view_permission/]" group="[n.anyone_group/]" /> | |
8 <n.add_permission permission="[n.edit_app_permission/]" group="[n.administrators_group/]" /> | |
9 <n.add_permission permission="[n.reply_permission/]" group="[n.anyone_group/]" /> | |
10 <n.add_permission permission="[n.create_topic_permission/]" group="[n.anyone_group/]" /> | |
11 <n.add_permission permission="[n.move_permission/]" group="[n.authors_group/]" /> | |
12 <n.add_permission permission="[n.move_permission/]" group="[n.administrators_group/]" /> | |
13 <n.add_permission permission="[n.create_sub_apps_permission/]" group="[n.administrators_group/]" /> | |
14 <n.add_permission permission="[n.change_post_date_permission/]" group="[n.administrators_group/]" /> | |
15 <n.add_permission permission="[n.manage_subscribers_permission/]" group="[n.administrators_group/]" /> | |
16 <n.add_site_permission permission="[n.manage_banned_users_permission/]" group="[n.administrators_group/]" /> | |
17 <n.add_permission permission="[n.manage_pinned_topics_permission/]" group="[n.administrators_group/]" /> | |
18 <n.add_permission permission="[n.manage_locked_topics_permission/]" group="[n.administrators_group/]" /> | |
19 <n.add_permission permission="[n.show_group_members_permission/]" group="[n.registered_group/]" /> | |
20 <n.add_permission permission="[n.show_group_members_permission/]" group="[n.administrators_group/]" /> | |
21 <n.add_permission permission="[n.show_group_members_permission/]" group="[n.members_group/]" /> | |
22 </n.set_default_permissions.> | |
23 </macro> | |
24 | |
25 <macro name="banned_group"> | |
26 Banned | |
27 </macro> | |
28 | |
29 <macro name="members_group"> | |
30 Members | |
31 </macro> | |
32 | |
33 <macro name="registered_user_groups"> | |
34 <n.anyone_group/>,<n.registered_group/> | |
35 </macro> | |
36 | |
37 <macro name="edit_app_permission"> | |
38 Edit_app | |
39 </macro> | |
40 | |
41 <macro name="edit_all_permission"> | |
42 Edit_all | |
43 </macro> | |
44 | |
45 <macro name="reply_permission"> | |
46 Reply | |
47 </macro> | |
48 | |
49 <macro name="create_topic_permission"> | |
50 Create_topic | |
51 </macro> | |
52 | |
53 <macro name="move_permission"> | |
54 Move | |
55 </macro> | |
56 | |
57 <macro name="manage_subscribers_permission"> | |
58 Manage_Subscribers | |
59 </macro> | |
60 | |
61 <macro name="create_sub_apps_permission"> | |
62 Create_sub_apps | |
63 </macro> | |
64 | |
65 <macro name="change_post_date_permission"> | |
66 Change_post_date | |
67 </macro> | |
68 | |
69 <macro name="show_group_members_permission"> | |
70 Show_group_members | |
71 </macro> | |
72 | |
73 <macro name="manage_banned_users_permission"> | |
74 Manage_banned_users | |
75 </macro> | |
76 | |
77 <macro name="manage_pinned_topics_permission"> | |
78 Manage_pinned_topics | |
79 </macro> | |
80 | |
81 <macro name="manage_locked_topics_permission"> | |
82 Manage_locked_topics | |
83 </macro> | |
84 | |
85 <macro name="unrestricted_posting_permission"> | |
86 Unrestricted_posting | |
87 </macro> | |
88 | |
89 <macro name="is_site_owner" requires="user"> | |
90 <n.owns.root_node /> | |
91 </macro> | |
92 | |
93 <macro name="is_site_admin" requires="user"> | |
94 <n.either> | |
95 <condition1.either> | |
96 <condition1.is_site_owner /> | |
97 <condition2.is_sysadmin /> | |
98 </condition1.either> | |
99 <condition2.is_in_group group="[n.administrators_group/]" /> | |
100 </n.either> | |
101 </macro> | |
102 | |
103 | |
104 <macro name="can_delete" requires="user" dot_parameter="node_attr"> | |
105 <n.both condition1="[n.not.is_banned/]" condition2="[n.owns.node_attr/]"/> | |
106 </macro> | |
107 | |
108 <macro name="can_delete_recursively" requires="user" dot_parameter="node"> | |
109 <n.is_site_admin/> | |
110 </macro> | |
111 | |
112 <macro name="can_edit" requires="user" dot_parameter="node_attr"> | |
113 <n.set_local_user.this_user /> | |
114 <n.set_local_node.node_attr /> | |
115 <n.block.> | |
116 <n.both> | |
117 <condition1.not.local_user.is_banned/> | |
118 <condition2.either> | |
119 <condition1.local_user.owns.local_node /> | |
120 <condition2.either> | |
121 <condition1.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.edit_all_permission/]" /> | |
122 <condition2.both> | |
123 <condition1.local_node.is_app/> | |
124 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.edit_app_permission/]" /> | |
125 </condition2.both> | |
126 </condition2.either> | |
127 </condition2.either> | |
128 </n.both> | |
129 </n.block.> | |
130 </macro> | |
131 | |
132 <macro name="app_or_root" requires="node" dot_parameter="do"> | |
133 <n.if.is_in_app> | |
134 <then.get_app_node.do/> | |
135 <else.root_node.do/> | |
136 </n.if.is_in_app> | |
137 </macro> | |
138 | |
139 <macro name="topic_or_app" requires="node" dot_parameter="do"> | |
140 <n.set_local_node.this_node/> | |
141 <n.block.> | |
142 <n.if.local_node.is_post> | |
143 <then.local_node.topic_node.do/> | |
144 <else.local_node.do/> | |
145 </n.if.local_node.is_post> | |
146 </n.block.> | |
147 </macro> | |
148 | |
149 <macro name="can_change_post_date_of" requires="user" dot_parameter="node_attr"> | |
150 <n.set_local_user.this_user /> | |
151 <n.set_local_node.node_attr/> | |
152 <n.block.> | |
153 <n.both> | |
154 <condition1.not.local_user.is_banned/> | |
155 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.change_post_date_permission/]" /> | |
156 </n.both> | |
157 </n.block.> | |
158 </macro> | |
159 | |
160 <macro name="can_move" requires="user" dot_parameter="node_attr"> | |
161 <n.set_local_user.this_user /> | |
162 <n.set_local_node.node_attr/> | |
163 <n.block.> | |
164 <n.both> | |
165 <condition1.not.local_user.is_banned/> | |
166 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.move_permission/]" /> | |
167 </n.both> | |
168 </n.block.> | |
169 </macro> | |
170 | |
171 <macro name="can_manage_subscribers_of" requires="user" dot_parameter="node_attr"> | |
172 <n.set_local_user.this_user /> | |
173 <n.set_local_node.node_attr/> | |
174 <n.block.> | |
175 <n.both> | |
176 <condition1.not.local_user.is_banned/> | |
177 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.manage_subscribers_permission/]" /> | |
178 </n.both> | |
179 </n.block.> | |
180 </macro> | |
181 | |
182 <macro name="can_create_topic_in" requires="user" dot_parameter="node_attr"> | |
183 <n.set_local_user.this_user /> | |
184 <n.set_local_node.node_attr/> | |
185 <n.block.> | |
186 <n.both> | |
187 <condition1.not.local_user.is_banned/> | |
188 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node/]" permission="[n.create_topic_permission/]" /> | |
189 </n.both> | |
190 </n.block.> | |
191 </macro> | |
192 | |
193 <macro name="can_reply_to" requires="user" dot_parameter="node_attr"> | |
194 <n.set_local_user.this_user /> | |
195 <n.set_local_node.node_attr/> | |
196 <n.block.> | |
197 <n.both> | |
198 <condition1.not.local_user.is_banned/> | |
199 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.topic_or_app/]" permission="[n.reply_permission/]" /> | |
200 </n.both> | |
201 </n.block.> | |
202 </macro> | |
203 | |
204 <macro name="can_post_under" requires="user" dot_parameter="node_attr"> | |
205 <n.set_local_user.this_user /> | |
206 <n.set_local_node.node_attr/> | |
207 <n.block.> | |
208 <n.if.local_node.is_app> | |
209 <then.local_user.can_create_topic_in.local_node/> | |
210 <else.local_user.can_reply_to.local_node/> | |
211 </n.if.local_node.is_app> | |
212 </n.block.> | |
213 </macro> | |
214 | |
215 <macro name="check_posting_under" requires="user" dot_parameter="node_attr"> | |
216 <n.set_local_user.this_user /> | |
217 <n.set_local_node.node_attr/> | |
218 <n.block.> | |
219 <n.if.local_user.is_banned> | |
220 <then.throw_template_exception name="banned"/> | |
221 </n.if.local_user.is_banned> | |
222 <n.if.both condition1="[n.local_node.is_associated_with_mailing_list_archive/]" condition2="[n.not.local_user.is_authenticated/]"> | |
223 <then.throw_template_exception name="no_anonymous"/> | |
224 </n.if.both> | |
225 <n.if.local_node.is_app> | |
226 <then.if.not.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node/]" permission="[n.create_topic_permission/]" > | |
227 <then.if.local_user.is_anonymous> | |
228 <then.throw_template_exception name="no_anonymous"/> | |
229 <else.throw_template_exception name="no_create_topic_permission"/> | |
230 </then.if.local_user.is_anonymous> | |
231 </then.if.not.local_user.has_permission> | |
232 <else.if.not.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.topic_or_app/]" permission="[n.reply_permission/]" > | |
233 <then.if.local_user.is_anonymous> | |
234 <then.throw_template_exception name="no_anonymous"/> | |
235 <else.throw_template_exception name="no_reply_permission"/> | |
236 </then.if.local_user.is_anonymous> | |
237 </else.if.not.local_user.has_permission> | |
238 </n.if.local_node.is_app> | |
239 </n.block.> | |
240 </macro> | |
241 | |
242 <macro name="any_registered_user_can_create_topics" requires="node"> | |
243 <n.groups_have_permission groups="[n.registered_user_groups/]" permission="[n.create_topic_permission/]" /> | |
244 </macro> | |
245 | |
246 <macro name="only_members_can_create_topics" requires="node"> | |
247 <n.not.any_registered_user_can_create_topics/> | |
248 </macro> | |
249 | |
250 <macro name="can_view" requires="user" dot_parameter="node_attr"> | |
251 <n.set_local_user.this_user /> | |
252 <n.set_local_node.node_attr/> | |
253 <n.block.> | |
254 <n.either> | |
255 <condition1.local_user.owns.local_node/> | |
256 <condition2.either> | |
257 <condition1.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.view_permission/]" /> | |
258 <condition2.local_user.is_site_admin /> | |
259 </condition2.either> | |
260 </n.either> | |
261 </n.block.> | |
262 </macro> | |
263 | |
264 <macro name="can_manage_users_and_groups" requires="user"> | |
265 <n.is_site_admin/> | |
266 </macro> | |
267 | |
268 <macro name="can_manage_banned_users" requires="user"> | |
269 <n.has_site_permission permission="[n.manage_banned_users_permission/]" /> | |
270 </macro> | |
271 | |
272 <macro name="can_change_permissions_of" requires="user" dot_parameter="node_attr"> | |
273 <n.is_site_admin/> | |
274 </macro> | |
275 | |
276 <macro name="can_create_sub_apps_under" requires="user" dot_parameter="node_attr"> | |
277 <n.set_local_user.this_user /> | |
278 <n.set_local_node.node_attr/> | |
279 <n.block.> | |
280 <n.both> | |
281 <condition1.not.local_user.is_banned/> | |
282 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node/]" permission="[n.create_sub_apps_permission/]" /> | |
283 </n.both> | |
284 </n.block.> | |
285 </macro> | |
286 | |
287 <macro name="can_manage_pinned_topics_in" requires="user" dot_parameter="node_attr"> | |
288 <n.set_local_user.this_user /> | |
289 <n.set_local_node.node_attr/> | |
290 <n.block.> | |
291 <n.both> | |
292 <condition1.not.local_user.is_banned/> | |
293 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.manage_pinned_topics_permission/]" /> | |
294 </n.both> | |
295 </n.block.> | |
296 </macro> | |
297 | |
298 <macro name="can_manage_locked_topics_in" requires="user" dot_parameter="node_attr"> | |
299 <n.set_local_user.this_user /> | |
300 <n.set_local_node.node_attr/> | |
301 <n.block.> | |
302 <n.both> | |
303 <condition1.not.local_user.is_banned/> | |
304 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.manage_locked_topics_permission/]" /> | |
305 </n.both> | |
306 </n.block.> | |
307 </macro> | |
308 | |
309 <macro name="has_unrestricted_posting" requires="node"> | |
310 <n.set_local_node.this_node/> | |
311 <n.local_node.owner.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.unrestricted_posting_permission/]" /> | |
312 </macro> | |
313 | |
314 <macro name="allows_showing_members_of" requires="node" dot_parameter="group"> | |
315 <n.has_permission permission="[n.show_group_members_permission/]" group="[n.group/]" /> | |
316 </macro> | |
317 | |
318 <macro name="has_people_page" requires="node"> | |
319 <n.has_groups_with_permission.show_group_members_permission/> | |
320 </macro> | |
321 | |
322 <macro name="can_be_displayed_in" requires="user" dot_parameter="node_attr"> | |
323 <n.set_local_user.this_user /> | |
324 <n.set_local_node.node_attr/> | |
325 <n.block.> | |
326 <n.both> | |
327 <condition1.not.local_user.is_banned/> | |
328 <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.show_group_members_permission/]" /> | |
329 </n.both> | |
330 </n.block.> | |
331 </macro> | |
332 | |
333 | |
334 | |
335 <macro name="get read authorization key" requires="http_request"> | |
336 <n.if.not.has_parameter name="node"> | |
337 <then.exit/> | |
338 </n.if.not.has_parameter> | |
339 <n.get_node_from_parameter.> | |
340 <n.if.equal value1="[n.get_parameter name='macro'/]" value2="unauthorized"> | |
341 <then.exit/> | |
342 </n.if.equal> | |
343 <n.if.not.is_private> | |
344 <then.exit/> | |
345 </n.if.not.is_private> | |
346 <n.get_private_node.id /> | |
347 </n.get_node_from_parameter.> | |
348 </macro> | |
349 | |
350 <macro name="authorization_node" dot_parameter="do" requires="read_authorization"> | |
351 <n.get_node_from_id node_id="[n.authorization_key/]" do="[n.do/]" /> | |
352 </macro> | |
353 | |
354 <macro name="authorize for read" requires="read_authorization,servlet"> | |
355 <n.if.visitor.is_anonymous> | |
356 <then> | |
357 <n.redirect_to.> | |
358 <n.login_path> | |
359 <message> | |
360 <t>You must login to view <t.subject.authorization_node.subject/>.</t> | |
361 </message> | |
362 <nextUrl> | |
363 <n.current_path/> | |
364 </nextUrl> | |
365 </n.login_path> | |
366 </n.redirect_to.> | |
367 <n.false /> | |
368 <n.exit /> | |
369 </then> | |
370 </n.if.visitor.is_anonymous> | |
371 <n.if> | |
372 <condition.either> | |
373 <condition1.visitor.can_view.authorization_node /> | |
374 <condition2.visitor.owns.get_node_from_parameter /> | |
375 </condition.either> | |
376 <then.true /> | |
377 <else> | |
378 <n.redirect_to.authorization_node.unauthorized_path /> | |
379 <n.false /> | |
380 </else> | |
381 </n.if> | |
382 </macro> |