Mercurial Hosting > nabble

diff src/nabble/view/naml/permissions.naml @ 0:7ecd1a4ef557

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
add content
author Franklin Schmidt <fschmidt@gmail.com>
date Thu, 21 Mar 2019 19:15:52 -0600
parents
children 18cf4872fd7f
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/nabble/view/naml/permissions.naml	Thu Mar 21 19:15:52 2019 -0600
@@ -0,0 +1,382 @@
+<macro name="current_permission_version">
+	standard-6
+</macro>
+
+<macro name="update_default_permissions">
+	<n.set_default_permissions. version="[n.current_permission_version/]" >
+		<n.add_permission permission="[n.view_permission/]" group="[n.anyone_group/]" />
+		<n.add_permission permission="[n.edit_app_permission/]" group="[n.administrators_group/]" />
+		<n.add_permission permission="[n.reply_permission/]" group="[n.anyone_group/]" />
+		<n.add_permission permission="[n.create_topic_permission/]" group="[n.anyone_group/]" />
+		<n.add_permission permission="[n.move_permission/]" group="[n.authors_group/]" />
+		<n.add_permission permission="[n.move_permission/]" group="[n.administrators_group/]" />
+		<n.add_permission permission="[n.create_sub_apps_permission/]" group="[n.administrators_group/]" />
+		<n.add_permission permission="[n.change_post_date_permission/]" group="[n.administrators_group/]" />
+		<n.add_permission permission="[n.manage_subscribers_permission/]" group="[n.administrators_group/]" />
+		<n.add_site_permission permission="[n.manage_banned_users_permission/]" group="[n.administrators_group/]" />
+		<n.add_permission permission="[n.manage_pinned_topics_permission/]" group="[n.administrators_group/]" />
+		<n.add_permission permission="[n.manage_locked_topics_permission/]" group="[n.administrators_group/]" />
+		<n.add_permission permission="[n.show_group_members_permission/]" group="[n.registered_group/]" />
+		<n.add_permission permission="[n.show_group_members_permission/]" group="[n.administrators_group/]" />
+		<n.add_permission permission="[n.show_group_members_permission/]" group="[n.members_group/]" />
+	</n.set_default_permissions.>
+</macro>
+
+<macro name="banned_group">
+	Banned
+</macro>
+
+<macro name="members_group">
+	Members
+</macro>
+
+<macro name="registered_user_groups">
+	<n.anyone_group/>,<n.registered_group/>
+</macro>
+
+<macro name="edit_app_permission">
+	Edit_app
+</macro>
+
+<macro name="edit_all_permission">
+	Edit_all
+</macro>
+
+<macro name="reply_permission">
+	Reply
+</macro>
+
+<macro name="create_topic_permission">
+	Create_topic
+</macro>
+
+<macro name="move_permission">
+	Move
+</macro>
+
+<macro name="manage_subscribers_permission">
+	Manage_Subscribers
+</macro>
+
+<macro name="create_sub_apps_permission">
+	Create_sub_apps
+</macro>
+
+<macro name="change_post_date_permission">
+	Change_post_date
+</macro>
+
+<macro name="show_group_members_permission">
+	Show_group_members
+</macro>
+
+<macro name="manage_banned_users_permission">
+	Manage_banned_users
+</macro>
+
+<macro name="manage_pinned_topics_permission">
+	Manage_pinned_topics
+</macro>
+
+<macro name="manage_locked_topics_permission">
+	Manage_locked_topics
+</macro>
+
+<macro name="unrestricted_posting_permission">
+	Unrestricted_posting
+</macro>
+
+<macro name="is_site_owner" requires="user">
+	<n.owns.root_node />
+</macro>
+
+<macro name="is_site_admin" requires="user">
+	<n.either>
+		<condition1.either>
+			<condition1.is_site_owner />
+			<condition2.is_sysadmin />
+		</condition1.either>
+		<condition2.is_in_group group="[n.administrators_group/]" />
+	</n.either>
+</macro>
+
+
+<macro name="can_delete" requires="user" dot_parameter="node_attr">
+	<n.both condition1="[n.not.is_banned/]" condition2="[n.owns.node_attr/]"/>
+</macro>
+
+<macro name="can_delete_recursively" requires="user" dot_parameter="node">
+	<n.is_site_admin/>
+</macro>
+
+<macro name="can_edit" requires="user" dot_parameter="node_attr">
+	<n.set_local_user.this_user />
+	<n.set_local_node.node_attr />
+	<n.block.>
+		<n.both>
+			<condition1.not.local_user.is_banned/>
+			<condition2.either>
+				<condition1.local_user.owns.local_node />
+				<condition2.either>
+					<condition1.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.edit_all_permission/]" />
+					<condition2.both>
+						<condition1.local_node.is_app/>
+						<condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.edit_app_permission/]" />
+					</condition2.both>
+				</condition2.either>
+			</condition2.either>
+		</n.both>
+	</n.block.>
+</macro>
+
+<macro name="app_or_root" requires="node" dot_parameter="do">
+	<n.if.is_in_app>
+		<then.get_app_node.do/>
+		<else.root_node.do/>
+	</n.if.is_in_app>
+</macro>
+
+<macro name="topic_or_app" requires="node" dot_parameter="do">
+	<n.set_local_node.this_node/>
+	<n.block.>
+		<n.if.local_node.is_post>
+			<then.local_node.topic_node.do/>
+			<else.local_node.do/>
+		</n.if.local_node.is_post>
+	</n.block.>
+</macro>
+
+<macro name="can_change_post_date_of" requires="user" dot_parameter="node_attr">
+	<n.set_local_user.this_user />
+	<n.set_local_node.node_attr/>
+	<n.block.>
+		<n.both>
+			<condition1.not.local_user.is_banned/>
+			<condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.change_post_date_permission/]" />
+		</n.both>
+	</n.block.>
+</macro>
+
+<macro name="can_move" requires="user" dot_parameter="node_attr">
+	<n.set_local_user.this_user />
+	<n.set_local_node.node_attr/>
+	<n.block.>
+		<n.both>
+			<condition1.not.local_user.is_banned/>
+			<condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.move_permission/]" />
+		</n.both>
+	</n.block.>
+</macro>
+
+<macro name="can_manage_subscribers_of" requires="user" dot_parameter="node_attr">
+	<n.set_local_user.this_user />
+	<n.set_local_node.node_attr/>
+	<n.block.>
+		<n.both>
+			<condition1.not.local_user.is_banned/>
+			<condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.manage_subscribers_permission/]" />
+		</n.both>
+	</n.block.>
+</macro>
+
+<macro name="can_create_topic_in" requires="user" dot_parameter="node_attr">
+	<n.set_local_user.this_user />
+	<n.set_local_node.node_attr/>
+	<n.block.>
+		<n.both>
+			<condition1.not.local_user.is_banned/>
+			<condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node/]" permission="[n.create_topic_permission/]" />
+		</n.both>
+	</n.block.>
+</macro>
+
+<macro name="can_reply_to" requires="user" dot_parameter="node_attr">
+	<n.set_local_user.this_user />
+	<n.set_local_node.node_attr/>
+	<n.block.>
+		<n.both>
+			<condition1.not.local_user.is_banned/>
+			<condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.topic_or_app/]" permission="[n.reply_permission/]" />
+		</n.both>
+	</n.block.>
+</macro>
+
+<macro name="can_post_under" requires="user" dot_parameter="node_attr">
+	<n.set_local_user.this_user />
+	<n.set_local_node.node_attr/>
+	<n.block.>
+		<n.if.local_node.is_app>
+			<then.local_user.can_create_topic_in.local_node/>
+			<else.local_user.can_reply_to.local_node/>
+		</n.if.local_node.is_app>
+	</n.block.>
+</macro>
+
+<macro name="check_posting_under" requires="user" dot_parameter="node_attr">
+	<n.set_local_user.this_user />
+	<n.set_local_node.node_attr/>
+	<n.block.>
+		<n.if.local_user.is_banned>
+			<then.throw_template_exception name="banned"/>
+		</n.if.local_user.is_banned>
+		<n.if.both condition1="[n.local_node.is_associated_with_mailing_list_archive/]" condition2="[n.not.local_user.is_authenticated/]">
+			<then.throw_template_exception name="no_anonymous"/>
+		</n.if.both>
+		<n.if.local_node.is_app>
+			<then.if.not.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node/]" permission="[n.create_topic_permission/]" >
+				<then.if.local_user.is_anonymous>
+					<then.throw_template_exception name="no_anonymous"/>
+					<else.throw_template_exception name="no_create_topic_permission"/>
+				</then.if.local_user.is_anonymous>
+			</then.if.not.local_user.has_permission>
+			<else.if.not.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.topic_or_app/]" permission="[n.reply_permission/]" >
+				<then.if.local_user.is_anonymous>
+					<then.throw_template_exception name="no_anonymous"/>
+					<else.throw_template_exception name="no_reply_permission"/>
+				</then.if.local_user.is_anonymous>
+			</else.if.not.local_user.has_permission>
+		</n.if.local_node.is_app>
+	</n.block.>
+</macro>
+
+<macro name="any_registered_user_can_create_topics" requires="node">
+	<n.groups_have_permission groups="[n.registered_user_groups/]" permission="[n.create_topic_permission/]" />
+</macro>
+
+<macro name="only_members_can_create_topics" requires="node">
+	<n.not.any_registered_user_can_create_topics/>
+</macro>
+
+<macro name="can_view" requires="user" dot_parameter="node_attr">
+	<n.set_local_user.this_user />
+	<n.set_local_node.node_attr/>
+	<n.block.>
+		<n.either>
+			<condition1.local_user.owns.local_node/>
+			<condition2.either>
+				<condition1.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.view_permission/]" />
+				<condition2.local_user.is_site_admin />
+			</condition2.either>
+		</n.either>
+	</n.block.>
+</macro>
+
+<macro name="can_manage_users_and_groups" requires="user">
+	<n.is_site_admin/>
+</macro>
+
+<macro name="can_manage_banned_users" requires="user">
+	<n.has_site_permission permission="[n.manage_banned_users_permission/]" />
+</macro>
+
+<macro name="can_change_permissions_of" requires="user" dot_parameter="node_attr">
+	<n.is_site_admin/>
+</macro>
+
+<macro name="can_create_sub_apps_under" requires="user" dot_parameter="node_attr">
+	<n.set_local_user.this_user />
+	<n.set_local_node.node_attr/>
+	<n.block.>
+		<n.both>
+			<condition1.not.local_user.is_banned/>
+			<condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node/]" permission="[n.create_sub_apps_permission/]" />
+		</n.both>
+	</n.block.>
+</macro>
+
+<macro name="can_manage_pinned_topics_in" requires="user" dot_parameter="node_attr">
+	<n.set_local_user.this_user />
+	<n.set_local_node.node_attr/>
+	<n.block.>
+		<n.both>
+			<condition1.not.local_user.is_banned/>
+			<condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.manage_pinned_topics_permission/]" />
+		</n.both>
+	</n.block.>
+</macro>
+
+<macro name="can_manage_locked_topics_in" requires="user" dot_parameter="node_attr">
+	<n.set_local_user.this_user />
+	<n.set_local_node.node_attr/>
+	<n.block.>
+		<n.both>
+			<condition1.not.local_user.is_banned/>
+			<condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.manage_locked_topics_permission/]" />
+		</n.both>
+	</n.block.>
+</macro>
+
+<macro name="has_unrestricted_posting" requires="node">
+	<n.set_local_node.this_node/>
+	<n.local_node.owner.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.unrestricted_posting_permission/]" />
+</macro>
+
+<macro name="allows_showing_members_of" requires="node" dot_parameter="group">
+	<n.has_permission permission="[n.show_group_members_permission/]" group="[n.group/]" />
+</macro>
+
+<macro name="has_people_page" requires="node">
+	<n.has_groups_with_permission.show_group_members_permission/>
+</macro>
+
+<macro name="can_be_displayed_in" requires="user" dot_parameter="node_attr">
+	<n.set_local_user.this_user />
+	<n.set_local_node.node_attr/>
+	<n.block.>
+		<n.both>
+			<condition1.not.local_user.is_banned/>
+			<condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.show_group_members_permission/]" />
+		</n.both>
+	</n.block.>
+</macro>
+
+
+
+<macro name="get read authorization key" requires="http_request">
+	<n.if.not.has_parameter name="node">
+		<then.exit/>
+	</n.if.not.has_parameter>
+	<n.get_node_from_parameter.>
+		<n.if.equal value1="[n.get_parameter name='macro'/]" value2="unauthorized">
+			<then.exit/>
+		</n.if.equal>
+		<n.if.not.is_private>
+			<then.exit/>
+		</n.if.not.is_private>
+		<n.get_private_node.id />
+	</n.get_node_from_parameter.>
+</macro>
+
+<macro name="authorization_node" dot_parameter="do" requires="read_authorization">
+	<n.get_node_from_id node_id="[n.authorization_key/]" do="[n.do/]" />
+</macro>
+
+<macro name="authorize for read" requires="read_authorization,servlet">
+	<n.if.visitor.is_anonymous>
+		<then>
+			<n.redirect_to.>
+				<n.login_path>
+					<message>
+						<t>You must login to view <t.subject.authorization_node.subject/>.</t>
+					</message>
+					<nextUrl>
+						<n.current_path/>
+					</nextUrl>
+				</n.login_path>
+			</n.redirect_to.>
+			<n.false />
+			<n.exit />
+		</then>
+	</n.if.visitor.is_anonymous>
+	<n.if>
+		<condition.either>
+			<condition1.visitor.can_view.authorization_node />
+			<condition2.visitor.owns.get_node_from_parameter />
+		</condition.either>
+		<then.true />
+		<else>
+			<n.redirect_to.authorization_node.unauthorized_path />
+			<n.false />
+		</else>
+	</n.if>
+</macro>