# HG changeset patch # User Dan # Date 1227239965 18000 # Node ID ea3045a3bcbde8b3c052e08721d12fe6f05d296b # Parent e39454295bbb5e078f57c13515ee0c274e4e4ef7 Added dependency checking in ACL tracer diff -r e39454295bbb -r ea3045a3bcbd includes/clientside/css/enano-shared.css --- a/includes/clientside/css/enano-shared.css Thu Nov 20 22:59:11 2008 -0500 +++ b/includes/clientside/css/enano-shared.css Thu Nov 20 22:59:25 2008 -0500 @@ -910,3 +910,12 @@ .acl_local_everyone { background-color: #FFD6D6; } .acl_local_group { background-color: #FFC6C6; } .acl_local_user { background-color: #FFB6B6; } + +span.acl_failed_deps { + font-weight: bold; + font-size: smaller; +} + +span.acl_failed_deps span.title { + color: #ff0000; +} diff -r e39454295bbb -r ea3045a3bcbd includes/clientside/static/acl.js --- a/includes/clientside/static/acl.js Thu Nov 20 22:59:11 2008 -0500 +++ b/includes/clientside/static/acl.js Thu Nov 20 22:59:25 2008 -0500 @@ -1385,6 +1385,27 @@ sm.appendChild(editlink); sm.innerHTML += ']'; } + + if ( perm.bad_deps.length > 0 ) + { + var bd = document.createElement('span'); + $(bd).addClass('acl_failed_deps'); + var failed_deps = ''; + for ( var i = 0; i < perm.bad_deps.length; i++ ) + { + if ( i > 0 ) + failed_deps += ', '; + failed_deps += data.perms[perm.bad_deps[i]].perm_name; + } + var title = document.createElement('span'); + $(title).addClass('title'); + title.appendChild(document.createTextNode($lang.get('acl_msg_failed_deps'))); + bd.appendChild(title); + bd.appendChild(document.createTextNode(failed_deps)); + + item.appendChild(document.createElement('br')); + item.appendChild(bd); + } } // var ret = wrapper.cloneNode(true); @@ -1418,8 +1439,6 @@ groupdata[perm['rule_id']]['rules'][i] = perm; } - console.debug('draw by rule - group data: ', groupdata); - for ( var i in groupdata ) { var group = groupdata[i]; @@ -1451,6 +1470,27 @@ b.appendChild(document.createTextNode(rule.perm_value)); rulediv.appendChild(b); grp.appendChild(rulediv); + + if ( rule.bad_deps.length > 0 ) + { + var bd = document.createElement('span'); + $(bd).addClass('acl_failed_deps'); + var failed_deps = ''; + for ( var i = 0; i < rule.bad_deps.length; i++ ) + { + if ( i > 0 ) + failed_deps += ', '; + failed_deps += data.perms[rule.bad_deps[i]].perm_name; + } + var title = document.createElement('span'); + $(title).addClass('title'); + title.appendChild(document.createTextNode($lang.get('acl_msg_failed_deps'))); + bd.appendChild(title); + bd.appendChild(document.createTextNode(failed_deps)); + + rulediv.appendChild(document.createElement('br')); + rulediv.appendChild(bd); + } } wrapper.appendChild(grp); } diff -r e39454295bbb -r ea3045a3bcbd includes/pageutils.php --- a/includes/pageutils.php Thu Nov 20 22:59:11 2008 -0500 +++ b/includes/pageutils.php Thu Nov 20 22:59:25 2008 -0500 @@ -2061,7 +2061,8 @@ 'perm_name' => $perm_name, 'perm_value' => $perm_string, 'perm_src' => $src_l10n, - 'rule_id' => intval($lookup_data['rule_id']) + 'rule_id' => intval($lookup_data['rule_id']), + 'bad_deps' => $perms->acl_check_deps($perm_type, true) ); } diff -r e39454295bbb -r ea3045a3bcbd includes/sessions.php --- a/includes/sessions.php Thu Nov 20 22:59:11 2008 -0500 +++ b/includes/sessions.php Thu Nov 20 22:59:25 2008 -0500 @@ -3094,16 +3094,18 @@ * @return bool */ - function acl_check_deps($type) + function acl_check_deps($type, $debug = false) { - if(!isset($this->acl_deps[$type])) // This will only happen if the permissions table is hacked or improperly accessed + // This will only happen if the permissions table is hacked or improperly accessed + if(!isset($this->acl_deps[$type])) return true; + // Permission has no dependencies? if(sizeof($this->acl_deps[$type]) < 1) return true; + // go through them all and build a flat list of dependencies $deps = $this->acl_deps[$type]; while(true) { - $full_resolved = true; $j = sizeof($deps); for ( $i = 0; $i < $j; $i++ ) { @@ -3116,15 +3118,23 @@ $j = sizeof($deps); } } - //die('
'.print_r($deps, true).''); + $debugdata = array(); foreach($deps as $d) { - if ( !$this->get_permissions($d) ) + // Our dependencies are fully resolved, so tell get_permissions() to not recursively call this function + if ( !$this->get_permissions($d, true) ) { - return false; + if ( $debug ) + { + $debugdata[] = $d; + } + else + { + return false; + } } } - return true; + return $debug ? $debugdata : true; } /** @@ -3934,7 +3944,7 @@ $this->page_id = $page_id; $this->namespace = $namespace; - $pathskey = $paths->nslist[$this->namespace].$this->page_id; + $pathskey = $paths->nslist[$this->namespace].sanitize_page_id($this->page_id); $ppwm = 2; if ( isset($paths->pages[$pathskey]) ) { @@ -3949,7 +3959,7 @@ $this->wiki_mode = false; else if ( $ppwm == 2 ) { - if ( $session->user_logged_in ) + if ( $this->user_id > 1 ) { $this->wiki_mode = ( getConfig('wiki_mode') == '1' ); } @@ -4046,19 +4056,22 @@ /** * Tell us if the dependencies for a given permission are met. * @param string The ACL permission ID + * @param bool If true, does not return a boolean value, but instead returns array of dependencies that fail * @return bool */ - function acl_check_deps($type) + function acl_check_deps($type, $debug = false) { - if(!isset($this->acl_deps[$type])) // This will only happen if the permissions table is hacked or improperly accessed - return true; + // This will only happen if the permissions table is hacked or improperly accessed + if(!isset($this->acl_deps[$type])) + return $debug ? array() : true; + // Permission has no dependencies? if(sizeof($this->acl_deps[$type]) < 1) - return true; + return $debug ? array() : true; + // go through them all and build a flat list of dependencies $deps = $this->acl_deps[$type]; while(true) { - $full_resolved = true; $j = sizeof($deps); for ( $i = 0; $i < $j; $i++ ) { @@ -4071,15 +4084,23 @@ $j = sizeof($deps); } } - //die('
'.print_r($deps, true).''); + $debugdata = array(); foreach($deps as $d) { - if ( !$this->get_permissions($d) ) + // Our dependencies are fully resolved, so tell get_permissions() to not recursively call this function + if ( !$this->get_permissions($d, true) ) { - return false; + if ( $debug ) + { + $debugdata[] = $d; + } + else + { + return false; + } } } - return true; + return $debug ? $debugdata : true; } /** diff -r e39454295bbb -r ea3045a3bcbd language/english/admin.json --- a/language/english/admin.json Thu Nov 20 22:59:11 2008 -0500 +++ b/language/english/admin.json Thu Nov 20 22:59:25 2008 -0500 @@ -172,6 +172,7 @@ msg_debug_main_title: 'View effective permissions', msg_debug_main_body: 'This tool allows you to see what actual permissions are in use. It can be helpful if you are struggling to determine why a certain action is being allowed or denied. There are two views available for this window: you can either view the information sorted by individual actions, or group actions by which rule sets them.', msg_trace_key: 'Color guide', + msg_failed_deps: 'Failed dependencies: ', btn_success_dismiss: 'dismiss', btn_success_close: 'close manager',