Mercurial Hosting > nabble
view src/nabble/view/naml/permissions.naml @ 19:18cf4872fd7f
remove anonymous posting
author | Franklin Schmidt <fschmidt@gmail.com> |
---|---|
date | Fri, 29 May 2020 22:58:25 -0600 |
parents | 7ecd1a4ef557 |
children | aba8ed4c8a06 |
line wrap: on
line source
<macro name="current_permission_version"> standard-7 </macro> <macro name="update_default_permissions"> <n.set_default_permissions. version="[n.current_permission_version/]" > <n.add_permission permission="[n.view_permission/]" group="[n.anyone_group/]" /> <n.add_permission permission="[n.edit_app_permission/]" group="[n.administrators_group/]" /> <n.add_permission permission="[n.reply_permission/]" group="[n.anyone_group/]" /> <n.add_permission permission="[n.create_topic_permission/]" group="[n.anyone_group/]" /> <n.add_permission permission="[n.move_permission/]" group="[n.authors_group/]" /> <n.add_permission permission="[n.move_permission/]" group="[n.administrators_group/]" /> <n.add_permission permission="[n.create_sub_apps_permission/]" group="[n.administrators_group/]" /> <n.add_permission permission="[n.change_post_date_permission/]" group="[n.administrators_group/]" /> <n.add_permission permission="[n.manage_subscribers_permission/]" group="[n.administrators_group/]" /> <n.add_site_permission permission="[n.manage_banned_users_permission/]" group="[n.administrators_group/]" /> <n.add_permission permission="[n.manage_pinned_topics_permission/]" group="[n.administrators_group/]" /> <n.add_permission permission="[n.manage_locked_topics_permission/]" group="[n.administrators_group/]" /> <n.add_permission permission="[n.show_group_members_permission/]" group="[n.anyone_group/]" /> <n.add_permission permission="[n.show_group_members_permission/]" group="[n.administrators_group/]" /> <n.add_permission permission="[n.show_group_members_permission/]" group="[n.members_group/]" /> </n.set_default_permissions.> </macro> <macro name="banned_group"> Banned </macro> <macro name="members_group"> Members </macro> <macro name="edit_app_permission"> Edit_app </macro> <macro name="edit_all_permission"> Edit_all </macro> <macro name="reply_permission"> Reply </macro> <macro name="create_topic_permission"> Create_topic </macro> <macro name="move_permission"> Move </macro> <macro name="manage_subscribers_permission"> Manage_Subscribers </macro> <macro name="create_sub_apps_permission"> Create_sub_apps </macro> <macro name="change_post_date_permission"> Change_post_date </macro> <macro name="show_group_members_permission"> Show_group_members </macro> <macro name="manage_banned_users_permission"> Manage_banned_users </macro> <macro name="manage_pinned_topics_permission"> Manage_pinned_topics </macro> <macro name="manage_locked_topics_permission"> Manage_locked_topics </macro> <macro name="unrestricted_posting_permission"> Unrestricted_posting </macro> <macro name="is_site_owner" requires="user"> <n.owns.root_node /> </macro> <macro name="is_site_admin" requires="user"> <n.either> <condition1.either> <condition1.is_site_owner /> <condition2.is_sysadmin /> </condition1.either> <condition2.is_in_group group="[n.administrators_group/]" /> </n.either> </macro> <macro name="can_delete" requires="user" dot_parameter="node_attr"> <n.both condition1="[n.not.is_banned/]" condition2="[n.owns.node_attr/]"/> </macro> <macro name="can_delete_recursively" requires="user" dot_parameter="node"> <n.is_site_admin/> </macro> <macro name="can_edit" requires="user" dot_parameter="node_attr"> <n.set_local_user.this_user /> <n.set_local_node.node_attr /> <n.block.> <n.both> <condition1.not.local_user.is_banned/> <condition2.either> <condition1.local_user.owns.local_node /> <condition2.either> <condition1.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.edit_all_permission/]" /> <condition2.both> <condition1.local_node.is_app/> <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.edit_app_permission/]" /> </condition2.both> </condition2.either> </condition2.either> </n.both> </n.block.> </macro> <macro name="app_or_root" requires="node" dot_parameter="do"> <n.if.is_in_app> <then.get_app_node.do/> <else.root_node.do/> </n.if.is_in_app> </macro> <macro name="topic_or_app" requires="node" dot_parameter="do"> <n.set_local_node.this_node/> <n.block.> <n.if.local_node.is_post> <then.local_node.topic_node.do/> <else.local_node.do/> </n.if.local_node.is_post> </n.block.> </macro> <macro name="can_change_post_date_of" requires="user" dot_parameter="node_attr"> <n.set_local_user.this_user /> <n.set_local_node.node_attr/> <n.block.> <n.both> <condition1.not.local_user.is_banned/> <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.change_post_date_permission/]" /> </n.both> </n.block.> </macro> <macro name="can_move" requires="user" dot_parameter="node_attr"> <n.set_local_user.this_user /> <n.set_local_node.node_attr/> <n.block.> <n.both> <condition1.not.local_user.is_banned/> <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.move_permission/]" /> </n.both> </n.block.> </macro> <macro name="can_manage_subscribers_of" requires="user" dot_parameter="node_attr"> <n.set_local_user.this_user /> <n.set_local_node.node_attr/> <n.block.> <n.both> <condition1.not.local_user.is_banned/> <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.manage_subscribers_permission/]" /> </n.both> </n.block.> </macro> <macro name="can_create_topic_in" requires="user" dot_parameter="node_attr"> <n.set_local_user.this_user /> <n.set_local_node.node_attr/> <n.block.> <n.both> <condition1.not.local_user.is_banned/> <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node/]" permission="[n.create_topic_permission/]" /> </n.both> </n.block.> </macro> <macro name="can_reply_to" requires="user" dot_parameter="node_attr"> <n.set_local_user.this_user /> <n.set_local_node.node_attr/> <n.block.> <n.both> <condition1.not.local_user.is_banned/> <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.topic_or_app/]" permission="[n.reply_permission/]" /> </n.both> </n.block.> </macro> <macro name="can_post_under" requires="user" dot_parameter="node_attr"> <n.set_local_user.this_user /> <n.set_local_node.node_attr/> <n.block.> <n.if.local_node.is_app> <then.local_user.can_create_topic_in.local_node/> <else.local_user.can_reply_to.local_node/> </n.if.local_node.is_app> </n.block.> </macro> <macro name="check_posting_under" requires="user" dot_parameter="node_attr"> <n.set_local_user.this_user /> <n.set_local_node.node_attr/> <n.block.> <n.if.local_user.is_banned> <then.throw_template_exception name="banned"/> </n.if.local_user.is_banned> <n.if.local_node.is_app> <then.if.not.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node/]" permission="[n.create_topic_permission/]" > <then.if.local_user.is_anonymous> <then.throw_template_exception name="no_anonymous"/> <else.throw_template_exception name="no_create_topic_permission"/> </then.if.local_user.is_anonymous> </then.if.not.local_user.has_permission> <else.if.not.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.topic_or_app/]" permission="[n.reply_permission/]" > <then.if.local_user.is_anonymous> <then.throw_template_exception name="no_anonymous"/> <else.throw_template_exception name="no_reply_permission"/> </then.if.local_user.is_anonymous> </else.if.not.local_user.has_permission> </n.if.local_node.is_app> </n.block.> </macro> <macro name="any_registered_user_can_create_topics" requires="node"> <n.groups_have_permission groups="[n.anyone_group/]" permission="[n.create_topic_permission/]" /> </macro> <macro name="only_members_can_create_topics" requires="node"> <n.not.any_registered_user_can_create_topics/> </macro> <macro name="can_view" requires="user" dot_parameter="node_attr"> <n.set_local_user.this_user /> <n.set_local_node.node_attr/> <n.block.> <n.either> <condition1.local_user.owns.local_node/> <condition2.either> <condition1.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.view_permission/]" /> <condition2.local_user.is_site_admin /> </condition2.either> </n.either> </n.block.> </macro> <macro name="can_manage_users_and_groups" requires="user"> <n.is_site_admin/> </macro> <macro name="can_manage_banned_users" requires="user"> <n.has_site_permission permission="[n.manage_banned_users_permission/]" /> </macro> <macro name="can_change_permissions_of" requires="user" dot_parameter="node_attr"> <n.is_site_admin/> </macro> <macro name="can_create_sub_apps_under" requires="user" dot_parameter="node_attr"> <n.set_local_user.this_user /> <n.set_local_node.node_attr/> <n.block.> <n.both> <condition1.not.local_user.is_banned/> <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node/]" permission="[n.create_sub_apps_permission/]" /> </n.both> </n.block.> </macro> <macro name="can_manage_pinned_topics_in" requires="user" dot_parameter="node_attr"> <n.set_local_user.this_user /> <n.set_local_node.node_attr/> <n.block.> <n.both> <condition1.not.local_user.is_banned/> <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.manage_pinned_topics_permission/]" /> </n.both> </n.block.> </macro> <macro name="can_manage_locked_topics_in" requires="user" dot_parameter="node_attr"> <n.set_local_user.this_user /> <n.set_local_node.node_attr/> <n.block.> <n.both> <condition1.not.local_user.is_banned/> <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.manage_locked_topics_permission/]" /> </n.both> </n.block.> </macro> <macro name="has_unrestricted_posting" requires="node"> <n.set_local_node.this_node/> <n.local_node.owner.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.unrestricted_posting_permission/]" /> </macro> <macro name="allows_showing_members_of" requires="node" dot_parameter="group"> <n.has_permission permission="[n.show_group_members_permission/]" group="[n.group/]" /> </macro> <macro name="has_people_page" requires="node"> <n.has_groups_with_permission.show_group_members_permission/> </macro> <macro name="can_be_displayed_in" requires="user" dot_parameter="node_attr"> <n.set_local_user.this_user /> <n.set_local_node.node_attr/> <n.block.> <n.both> <condition1.not.local_user.is_banned/> <condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.show_group_members_permission/]" /> </n.both> </n.block.> </macro> <macro name="get read authorization key" requires="http_request"> <n.if.not.has_parameter name="node"> <then.exit/> </n.if.not.has_parameter> <n.get_node_from_parameter.> <n.if.equal value1="[n.get_parameter name='macro'/]" value2="unauthorized"> <then.exit/> </n.if.equal> <n.if.not.is_private> <then.exit/> </n.if.not.is_private> <n.get_private_node.id /> </n.get_node_from_parameter.> </macro> <macro name="authorization_node" dot_parameter="do" requires="read_authorization"> <n.get_node_from_id node_id="[n.authorization_key/]" do="[n.do/]" /> </macro> <macro name="authorize for read" requires="read_authorization,servlet"> <n.if.visitor.is_anonymous> <then> <n.redirect_to.> <n.login_path> <message> <t>You must login to view <t.subject.authorization_node.subject/>.</t> </message> <nextUrl> <n.current_path/> </nextUrl> </n.login_path> </n.redirect_to.> <n.false /> <n.exit /> </then> </n.if.visitor.is_anonymous> <n.if> <condition.either> <condition1.visitor.can_view.authorization_node /> <condition2.visitor.owns.get_node_from_parameter /> </condition.either> <then.true /> <else> <n.redirect_to.authorization_node.unauthorized_path /> <n.false /> </else> </n.if> </macro>