Mercurial Hosting > nabble
diff src/nabble/view/naml/permissions.naml @ 0:7ecd1a4ef557
add content
author | Franklin Schmidt <fschmidt@gmail.com> |
---|---|
date | Thu, 21 Mar 2019 19:15:52 -0600 |
parents | |
children | 18cf4872fd7f |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/nabble/view/naml/permissions.naml Thu Mar 21 19:15:52 2019 -0600 @@ -0,0 +1,382 @@ +<macro name="current_permission_version"> + standard-6 +</macro> + +<macro name="update_default_permissions"> + <n.set_default_permissions. version="[n.current_permission_version/]" > + <n.add_permission permission="[n.view_permission/]" group="[n.anyone_group/]" /> + <n.add_permission permission="[n.edit_app_permission/]" group="[n.administrators_group/]" /> + <n.add_permission permission="[n.reply_permission/]" group="[n.anyone_group/]" /> + <n.add_permission permission="[n.create_topic_permission/]" group="[n.anyone_group/]" /> + <n.add_permission permission="[n.move_permission/]" group="[n.authors_group/]" /> + <n.add_permission permission="[n.move_permission/]" group="[n.administrators_group/]" /> + <n.add_permission permission="[n.create_sub_apps_permission/]" group="[n.administrators_group/]" /> + <n.add_permission permission="[n.change_post_date_permission/]" group="[n.administrators_group/]" /> + <n.add_permission permission="[n.manage_subscribers_permission/]" group="[n.administrators_group/]" /> + <n.add_site_permission permission="[n.manage_banned_users_permission/]" group="[n.administrators_group/]" /> + <n.add_permission permission="[n.manage_pinned_topics_permission/]" group="[n.administrators_group/]" /> + <n.add_permission permission="[n.manage_locked_topics_permission/]" group="[n.administrators_group/]" /> + <n.add_permission permission="[n.show_group_members_permission/]" group="[n.registered_group/]" /> + <n.add_permission permission="[n.show_group_members_permission/]" group="[n.administrators_group/]" /> + <n.add_permission permission="[n.show_group_members_permission/]" group="[n.members_group/]" /> + </n.set_default_permissions.> +</macro> + +<macro name="banned_group"> + Banned +</macro> + +<macro name="members_group"> + Members +</macro> + +<macro name="registered_user_groups"> + <n.anyone_group/>,<n.registered_group/> +</macro> + +<macro name="edit_app_permission"> + Edit_app +</macro> + +<macro name="edit_all_permission"> + Edit_all +</macro> + +<macro name="reply_permission"> + Reply +</macro> + +<macro name="create_topic_permission"> + Create_topic +</macro> + +<macro name="move_permission"> + Move +</macro> + +<macro name="manage_subscribers_permission"> + Manage_Subscribers +</macro> + +<macro name="create_sub_apps_permission"> + Create_sub_apps +</macro> + +<macro name="change_post_date_permission"> + Change_post_date +</macro> + +<macro name="show_group_members_permission"> + Show_group_members +</macro> + +<macro name="manage_banned_users_permission"> + Manage_banned_users +</macro> + +<macro name="manage_pinned_topics_permission"> + Manage_pinned_topics +</macro> + +<macro name="manage_locked_topics_permission"> + Manage_locked_topics +</macro> + +<macro name="unrestricted_posting_permission"> + Unrestricted_posting +</macro> + +<macro name="is_site_owner" requires="user"> + <n.owns.root_node /> +</macro> + +<macro name="is_site_admin" requires="user"> + <n.either> + <condition1.either> + <condition1.is_site_owner /> + <condition2.is_sysadmin /> + </condition1.either> + <condition2.is_in_group group="[n.administrators_group/]" /> + </n.either> +</macro> + + +<macro name="can_delete" requires="user" dot_parameter="node_attr"> + <n.both condition1="[n.not.is_banned/]" condition2="[n.owns.node_attr/]"/> +</macro> + +<macro name="can_delete_recursively" requires="user" dot_parameter="node"> + <n.is_site_admin/> +</macro> + +<macro name="can_edit" requires="user" dot_parameter="node_attr"> + <n.set_local_user.this_user /> + <n.set_local_node.node_attr /> + <n.block.> + <n.both> + <condition1.not.local_user.is_banned/> + <condition2.either> + <condition1.local_user.owns.local_node /> + <condition2.either> + <condition1.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.edit_all_permission/]" /> + <condition2.both> + <condition1.local_node.is_app/> + <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.edit_app_permission/]" /> + </condition2.both> + </condition2.either> + </condition2.either> + </n.both> + </n.block.> +</macro> + +<macro name="app_or_root" requires="node" dot_parameter="do"> + <n.if.is_in_app> + <then.get_app_node.do/> + <else.root_node.do/> + </n.if.is_in_app> +</macro> + +<macro name="topic_or_app" requires="node" dot_parameter="do"> + <n.set_local_node.this_node/> + <n.block.> + <n.if.local_node.is_post> + <then.local_node.topic_node.do/> + <else.local_node.do/> + </n.if.local_node.is_post> + </n.block.> +</macro> + +<macro name="can_change_post_date_of" requires="user" dot_parameter="node_attr"> + <n.set_local_user.this_user /> + <n.set_local_node.node_attr/> + <n.block.> + <n.both> + <condition1.not.local_user.is_banned/> + <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.change_post_date_permission/]" /> + </n.both> + </n.block.> +</macro> + +<macro name="can_move" requires="user" dot_parameter="node_attr"> + <n.set_local_user.this_user /> + <n.set_local_node.node_attr/> + <n.block.> + <n.both> + <condition1.not.local_user.is_banned/> + <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.move_permission/]" /> + </n.both> + </n.block.> +</macro> + +<macro name="can_manage_subscribers_of" requires="user" dot_parameter="node_attr"> + <n.set_local_user.this_user /> + <n.set_local_node.node_attr/> + <n.block.> + <n.both> + <condition1.not.local_user.is_banned/> + <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.manage_subscribers_permission/]" /> + </n.both> + </n.block.> +</macro> + +<macro name="can_create_topic_in" requires="user" dot_parameter="node_attr"> + <n.set_local_user.this_user /> + <n.set_local_node.node_attr/> + <n.block.> + <n.both> + <condition1.not.local_user.is_banned/> + <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node/]" permission="[n.create_topic_permission/]" /> + </n.both> + </n.block.> +</macro> + +<macro name="can_reply_to" requires="user" dot_parameter="node_attr"> + <n.set_local_user.this_user /> + <n.set_local_node.node_attr/> + <n.block.> + <n.both> + <condition1.not.local_user.is_banned/> + <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.topic_or_app/]" permission="[n.reply_permission/]" /> + </n.both> + </n.block.> +</macro> + +<macro name="can_post_under" requires="user" dot_parameter="node_attr"> + <n.set_local_user.this_user /> + <n.set_local_node.node_attr/> + <n.block.> + <n.if.local_node.is_app> + <then.local_user.can_create_topic_in.local_node/> + <else.local_user.can_reply_to.local_node/> + </n.if.local_node.is_app> + </n.block.> +</macro> + +<macro name="check_posting_under" requires="user" dot_parameter="node_attr"> + <n.set_local_user.this_user /> + <n.set_local_node.node_attr/> + <n.block.> + <n.if.local_user.is_banned> + <then.throw_template_exception name="banned"/> + </n.if.local_user.is_banned> + <n.if.both condition1="[n.local_node.is_associated_with_mailing_list_archive/]" condition2="[n.not.local_user.is_authenticated/]"> + <then.throw_template_exception name="no_anonymous"/> + </n.if.both> + <n.if.local_node.is_app> + <then.if.not.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node/]" permission="[n.create_topic_permission/]" > + <then.if.local_user.is_anonymous> + <then.throw_template_exception name="no_anonymous"/> + <else.throw_template_exception name="no_create_topic_permission"/> + </then.if.local_user.is_anonymous> + </then.if.not.local_user.has_permission> + <else.if.not.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.topic_or_app/]" permission="[n.reply_permission/]" > + <then.if.local_user.is_anonymous> + <then.throw_template_exception name="no_anonymous"/> + <else.throw_template_exception name="no_reply_permission"/> + </then.if.local_user.is_anonymous> + </else.if.not.local_user.has_permission> + </n.if.local_node.is_app> + </n.block.> +</macro> + +<macro name="any_registered_user_can_create_topics" requires="node"> + <n.groups_have_permission groups="[n.registered_user_groups/]" permission="[n.create_topic_permission/]" /> +</macro> + +<macro name="only_members_can_create_topics" requires="node"> + <n.not.any_registered_user_can_create_topics/> +</macro> + +<macro name="can_view" requires="user" dot_parameter="node_attr"> + <n.set_local_user.this_user /> + <n.set_local_node.node_attr/> + <n.block.> + <n.either> + <condition1.local_user.owns.local_node/> + <condition2.either> + <condition1.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.view_permission/]" /> + <condition2.local_user.is_site_admin /> + </condition2.either> + </n.either> + </n.block.> +</macro> + +<macro name="can_manage_users_and_groups" requires="user"> + <n.is_site_admin/> +</macro> + +<macro name="can_manage_banned_users" requires="user"> + <n.has_site_permission permission="[n.manage_banned_users_permission/]" /> +</macro> + +<macro name="can_change_permissions_of" requires="user" dot_parameter="node_attr"> + <n.is_site_admin/> +</macro> + +<macro name="can_create_sub_apps_under" requires="user" dot_parameter="node_attr"> + <n.set_local_user.this_user /> + <n.set_local_node.node_attr/> + <n.block.> + <n.both> + <condition1.not.local_user.is_banned/> + <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node/]" permission="[n.create_sub_apps_permission/]" /> + </n.both> + </n.block.> +</macro> + +<macro name="can_manage_pinned_topics_in" requires="user" dot_parameter="node_attr"> + <n.set_local_user.this_user /> + <n.set_local_node.node_attr/> + <n.block.> + <n.both> + <condition1.not.local_user.is_banned/> + <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.manage_pinned_topics_permission/]" /> + </n.both> + </n.block.> +</macro> + +<macro name="can_manage_locked_topics_in" requires="user" dot_parameter="node_attr"> + <n.set_local_user.this_user /> + <n.set_local_node.node_attr/> + <n.block.> + <n.both> + <condition1.not.local_user.is_banned/> + <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.manage_locked_topics_permission/]" /> + </n.both> + </n.block.> +</macro> + +<macro name="has_unrestricted_posting" requires="node"> + <n.set_local_node.this_node/> + <n.local_node.owner.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.unrestricted_posting_permission/]" /> +</macro> + +<macro name="allows_showing_members_of" requires="node" dot_parameter="group"> + <n.has_permission permission="[n.show_group_members_permission/]" group="[n.group/]" /> +</macro> + +<macro name="has_people_page" requires="node"> + <n.has_groups_with_permission.show_group_members_permission/> +</macro> + +<macro name="can_be_displayed_in" requires="user" dot_parameter="node_attr"> + <n.set_local_user.this_user /> + <n.set_local_node.node_attr/> + <n.block.> + <n.both> + <condition1.not.local_user.is_banned/> + <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.show_group_members_permission/]" /> + </n.both> + </n.block.> +</macro> + + + +<macro name="get read authorization key" requires="http_request"> + <n.if.not.has_parameter name="node"> + <then.exit/> + </n.if.not.has_parameter> + <n.get_node_from_parameter.> + <n.if.equal value1="[n.get_parameter name='macro'/]" value2="unauthorized"> + <then.exit/> + </n.if.equal> + <n.if.not.is_private> + <then.exit/> + </n.if.not.is_private> + <n.get_private_node.id /> + </n.get_node_from_parameter.> +</macro> + +<macro name="authorization_node" dot_parameter="do" requires="read_authorization"> + <n.get_node_from_id node_id="[n.authorization_key/]" do="[n.do/]" /> +</macro> + +<macro name="authorize for read" requires="read_authorization,servlet"> + <n.if.visitor.is_anonymous> + <then> + <n.redirect_to.> + <n.login_path> + <message> + <t>You must login to view <t.subject.authorization_node.subject/>.</t> + </message> + <nextUrl> + <n.current_path/> + </nextUrl> + </n.login_path> + </n.redirect_to.> + <n.false /> + <n.exit /> + </then> + </n.if.visitor.is_anonymous> + <n.if> + <condition.either> + <condition1.visitor.can_view.authorization_node /> + <condition2.visitor.owns.get_node_from_parameter /> + </condition.either> + <then.true /> + <else> + <n.redirect_to.authorization_node.unauthorized_path /> + <n.false /> + </else> + </n.if> +</macro>