Index: openacs-4/packages/acs-subsite/acs-subsite.info =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/acs-subsite.info,v diff -u -r1.131.2.32 -r1.131.2.33 --- openacs-4/packages/acs-subsite/acs-subsite.info 24 Oct 2022 09:42:07 -0000 1.131.2.32 +++ openacs-4/packages/acs-subsite/acs-subsite.info 26 Oct 2022 14:20:35 -0000 1.131.2.33 @@ -9,7 +9,7 @@ <implements-subsite-p>t</implements-subsite-p> <inherit-templates-p>t</inherit-templates-p> - <version name="5.10.1d8" url="http://openacs.org/repository/download/apm/acs-subsite-5.10.1d8.apm"> + <version name="5.10.1d9" url="http://openacs.org/repository/download/apm/acs-subsite-5.10.1d9.apm"> <owner url="http://openacs.org">OpenACS</owner> <summary>Subsite</summary> <release-date>2021-09-15</release-date> @@ -18,7 +18,7 @@ <license>GPL</license> <maturity>3</maturity> - <provides url="acs-subsite" version="5.10.1d8"/> + <provides url="acs-subsite" version="5.10.1d9"/> <requires url="acs-authentication" version="5.10.0"/> <requires url="acs-content-repository" version="5.10.0"/> <requires url="acs-kernel" version="5.10.0"/> Index: openacs-4/packages/acs-subsite/catalog/acs-subsite.de_DE.ISO-8859-1.xml =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/catalog/acs-subsite.de_DE.ISO-8859-1.xml,v diff -u -r1.31.2.11 -r1.31.2.12 --- openacs-4/packages/acs-subsite/catalog/acs-subsite.de_DE.ISO-8859-1.xml 30 Aug 2022 15:40:28 -0000 1.31.2.11 +++ openacs-4/packages/acs-subsite/catalog/acs-subsite.de_DE.ISO-8859-1.xml 26 Oct 2022 14:20:35 -0000 1.31.2.12 @@ -212,13 +212,17 @@ <msg key="Go_back">Zur�ck</msg> <msg key="go_upload_the_users_por">Profilbild hochladen</msg> <msg key="go_upload_your_portrait">ein Profilbild hochladen.</msg> + <msg key="Confirm_Permissions">Best�tige Berechtigungen</msg> + <msg key="Filter_username_and_email">Suche nach Benutzername und E-Mail-Adresse</msg> <msg key="Grant">Erteilen</msg> <msg key="Grant_Permission">Berechtigungen erteilen</msg> + <msg key="Grant_Permissions_to_Users">Berechtigungen f�r Benutzer hinzuf�gen</msg> + <msg key="Grant_Permissions_to_Users-helptext">W�hlen Sie Benutzer aus, die berechigt werden sollen</msg> + <msg key="Group_Types">Gruppentypen</msg> <msg key="Group_administration">Gruppenadministration</msg> <msg key="Group_members">Mitglieder der Gruppe: %group_name%</msg> <msg key="Group_type">Gruppentyp</msg> <msg key="Group_type_administration">Administration Gruppentyp</msg> - <msg key="Group_Types">Gruppentypen</msg> <msg key="Groups">Gruppen</msg> <msg key="Groups_of_this_type">Gruppen dieses Typs</msg> <msg key="Have_group_mail">Eine Gruppe mit dieser E-Mail-Adresse existiert bereits.</msg> @@ -230,10 +234,11 @@ <msg key="Host_Node_Map">Host-Node Map</msg> <msg key="Hostname">Hostname</msg> <msg key="Hostname_must_be_unique">Hostname muss eindeutig sein</msg> - <msg key="icon_of_envelope">Briefumschlag-Symbol </msg> <msg key="If_you_were_to">Wenn Sie sich anmelden </msg> <msg key="Information_Updated">Die Information wurde aktualisiert.</msg> + <msg key="Inherited_Permission-helptext">Diese Berechtigung ist vererebt, um sie zu l�schen, klicke auf "Nicht vererben ..."</msg> <msg key="Install_locales">Sprachen installieren</msg> + <msg key="icon_of_envelope">Briefumschlag-Symbol </msg> <msg key="Invite">Einladen</msg> <msg key="Invite_a_user">Benutzer einladen</msg> <msg key="ISO_Code">ISO-Code</msg> @@ -396,10 +401,11 @@ <msg key="Password_changed_subject">Passwort ge�ndert</msg> <msg key="Password_regular_change_now">Ihr Passwort muss regelm�ssig ge�ndert werden. Bitte �ndern Sie jetzt ihr Passwort.</msg> <msg key="Passwords_dont_match">Passw�rter stimmen nicht �berein</msg> - <msg key="perm_cannot_be_removed">Die Erlaubnis kann nicht wieder zur�ckgenommen werden.</msg> <msg key="Permissions">Berechtigungen</msg> - <msg key="permissions">Berechtigungen</msg> + <msg key="Permissions_Updated">Die Berechtigungen wurden aktualisiert.</msg> <msg key="Permissions_for_name">Zugriffsberechtigungen f�r %name%</msg> + <msg key="perm_cannot_be_removed">Diese Berechtigung kann nicht entzogen werden.</msg> + <msg key="permissions">Berechtigungen</msg> <msg key="Place_of_birth">Geburtsort</msg> <msg key="Place_of_residence">Aufenthaltsort</msg> <msg key="Please_return_to_home">Bitte gehen Sie zur�ck zu %home_link%.</msg> Index: openacs-4/packages/acs-subsite/catalog/acs-subsite.en_US.ISO-8859-1.xml =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/catalog/acs-subsite.en_US.ISO-8859-1.xml,v diff -u -r1.97.2.4 -r1.97.2.5 --- openacs-4/packages/acs-subsite/catalog/acs-subsite.en_US.ISO-8859-1.xml 30 Aug 2022 11:13:50 -0000 1.97.2.4 +++ openacs-4/packages/acs-subsite/catalog/acs-subsite.en_US.ISO-8859-1.xml 26 Oct 2022 14:20:35 -0000 1.97.2.5 @@ -230,18 +230,20 @@ <msg key="First_select_the_supertype">First, select the supertype for the new relationship type</msg> <msg key="Forgot_your_password">Forgot your password?</msg> <msg key="forum_moderate">Forum moderate</msg> + <msg key="Confirm_Permissions">Confirm Permissions</msg> + <msg key="Filter_username_and_email">Filter for username and email</msg> <msg key="Frequency">Frequency</msg> <msg key="Gender">Gender</msg> <msg key="Go_back">Go back</msg> - <msg key="go_upload_the_users_por">go upload the user's portrait</msg> - <msg key="go_upload_your_portrait">go upload your portrait</msg> <msg key="Grant">Grant</msg> <msg key="Grant_Permission">Grant Permission</msg> + <msg key="Grant_Permissions_to_Users">Grant Permissions to Users</msg> + <msg key="Grant_Permissions_to_Users-helptext">Select users to grant these permissions</msg> + <msg key="Group_Types">Group Types</msg> <msg key="Group_administration">Group administration</msg> <msg key="Group_members">Members of Group: %group_name%</msg> <msg key="Group_type">Group type</msg> <msg key="Group_type_administration">Group type administration</msg> - <msg key="Group_Types">Group Types</msg> <msg key="Groups">Groups</msg> <msg key="Groups_of_this_type">Groups of this type</msg> <msg key="Have_group_mail">We already have a group with this email</msg> @@ -253,11 +255,14 @@ <msg key="Host_Node_Map">Host-Node Map</msg> <msg key="Hostname">Hostname</msg> <msg key="Hostname_must_be_unique">Hostname must be unique</msg> - <msg key="icon_of_envelope">Icon of envelope</msg> <msg key="If_you_were_to">If you were to</msg> - <msg key="Information_Updated">Information Updated</msg> + <msg key="Information_Updated">Information updated</msg> + <msg key="Inherited_Permission-helptext">This permission is inherited, to remove, click the "Do not inherit ..." button above.</msg> <msg key="Install_locales">Install Locales</msg> <msg key="Invite">Invite</msg> + <msg key="go_upload_the_users_por">go upload the user's portrait</msg> + <msg key="go_upload_your_portrait">go upload your portrait</msg> + <msg key="icon_of_envelope">Icon of envelope</msg> <msg key="Invite_a_user">Invite a user</msg> <msg key="ISO_Code">ISO Code</msg> <msg key="ISO_Code_List">ISO Code List</msg> @@ -469,10 +474,11 @@ <msg key="Password_regular_change_now">Your password must be changed regularly. Please change your password now.</msg> <msg key="Passwords_dont_match">Passwords don't match</msg> - <msg key="perm_cannot_be_removed">This permission cannot be removed.</msg> <msg key="Permissions">Permissions</msg> - <msg key="permissions">permissions</msg> + <msg key="Permissions_Updated">Permissions updated.</msg> <msg key="Permissions_for_name">Permissions for %name%</msg> + <msg key="perm_cannot_be_removed">This permission cannot be removed.</msg> + <msg key="permissions">permissions</msg> <msg key="Place_of_birth">Place of birth</msg> <msg key="Place_of_residence">Place of residence</msg> <msg key="Please_return_to_home">Please return to %home_link%.</msg> Index: openacs-4/packages/acs-subsite/tcl/application-group-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/tcl/application-group-procs.tcl,v diff -u -r1.23.2.2 -r1.23.2.3 --- openacs-4/packages/acs-subsite/tcl/application-group-procs.tcl 12 Sep 2022 14:31:53 -0000 1.23.2.2 +++ openacs-4/packages/acs-subsite/tcl/application-group-procs.tcl 26 Oct 2022 14:20:35 -0000 1.23.2.3 @@ -365,7 +365,7 @@ -node_id:required {-package_key ""} } { - DEPRECATED: as of 2022-09-12 this api is not used in upstream + DEPRECATED: as of 2022-09-12 this API is not used in upstream codebase, and was still undocumented. } { set group_list [list] Index: openacs-4/packages/acs-subsite/www/admin/object-types/alphabetical-index.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/www/admin/object-types/alphabetical-index.tcl,v diff -u -r1.7 -r1.7.2.1 --- openacs-4/packages/acs-subsite/www/admin/object-types/alphabetical-index.tcl 7 Aug 2017 23:47:58 -0000 1.7 +++ openacs-4/packages/acs-subsite/www/admin/object-types/alphabetical-index.tcl 26 Oct 2022 14:20:35 -0000 1.7.2.1 @@ -1,6 +1,6 @@ ad_page_contract { - Index of all object types (alphabetical, not hierarchichal) + Index of all object types (alphabetical, not hierarchical) @author Yonatan Feldman (yon@arsdigita.com) @creation-date August 15, 2000 Index: openacs-4/packages/acs-subsite/www/admin/site-map/index.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/www/admin/site-map/index.tcl,v diff -u -r1.34 -r1.34.2.1 --- openacs-4/packages/acs-subsite/www/admin/site-map/index.tcl 21 Oct 2018 17:36:23 -0000 1.34 +++ openacs-4/packages/acs-subsite/www/admin/site-map/index.tcl 26 Oct 2022 14:20:35 -0000 1.34.2.1 @@ -246,7 +246,7 @@ # Values for expand_mode: # 0: no children # 1: has children, node is not open - # 2: has chilren, node is open + # 2: has children, node is open # set expand_mode 0 if {!$root_p && $n_children > 0} { Index: openacs-4/packages/acs-subsite/www/members/user-new.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/www/members/user-new.tcl,v diff -u -r1.14 -r1.14.2.1 --- openacs-4/packages/acs-subsite/www/members/user-new.tcl 28 Sep 2018 18:43:09 -0000 1.14 +++ openacs-4/packages/acs-subsite/www/members/user-new.tcl 26 Oct 2022 14:20:35 -0000 1.14.2.1 @@ -70,7 +70,7 @@ # # TODO: Move this to the form, by moving the form to an include template # - ad_return_complaint 1 "<li>User has an acccount on the system, but has been removed from the main site. Only a site-wide administrator can re-add the user." + ad_return_complaint 1 "<li>User has an account on the system, but has been removed from the main site. Only a site-wide administrator can re-add the user." ad_script_abort } } Index: openacs-4/packages/acs-subsite/www/permissions/one-oracle.xql =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/www/permissions/one-oracle.xql,v diff -u -r1.8 -r1.8.2.1 --- openacs-4/packages/acs-subsite/www/permissions/one-oracle.xql 20 Jun 2018 09:56:19 -0000 1.8 +++ openacs-4/packages/acs-subsite/www/permissions/one-oracle.xql 26 Oct 2022 14:20:35 -0000 1.8.2.1 @@ -22,6 +22,25 @@ </querytext> </fullquery> +<fullquery name="nr_inherited_permissions"> + <querytext> +select count(*) from ( + select grantee_id, grantee_name, privilege + from (select grantee_id, acs_object.name(grantee_id) as grantee_name, + privilege, 1 as counter + from acs_permissions_all + where object_id = :object_id + union all + select grantee_id, acs_object.name(grantee_id) as grantee_name, + privilege, -1 as counter + from acs_permissions + where object_id = :object_id ) + group by grantee_id, grantee_name, privilege + having sum(counter) > 0 +) as counts + </querytext> +</fullquery> + <fullquery name="children"> <querytext> Index: openacs-4/packages/acs-subsite/www/permissions/one-postgresql.xql =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/www/permissions/one-postgresql.xql,v diff -u -r1.9 -r1.9.2.1 --- openacs-4/packages/acs-subsite/www/permissions/one-postgresql.xql 20 Jun 2018 09:56:19 -0000 1.9 +++ openacs-4/packages/acs-subsite/www/permissions/one-postgresql.xql 26 Oct 2022 14:20:35 -0000 1.9.2.1 @@ -20,6 +20,24 @@ </querytext> </fullquery> +<fullquery name="nr_inherited_permissions"> + <querytext> +select count(*) from ( + select grantee_id, grantee_name, privilege + from ( + select grantee_id, acs_object__name(grantee_id) as grantee_name, privilege, 1 as counter + from acs_permission.permissions_all(:object_id) + union all + select grantee_id, acs_object__name(grantee_id) as grantee_name, privilege, -1 as counter + from acs_permissions + where object_id = :object_id ) dummy + group by grantee_id, grantee_name, privilege + having sum(counter) > 0 +) as counts + </querytext> +</fullquery> + + <fullquery name="children"> <querytext> Index: openacs-4/packages/acs-subsite/www/permissions/one.adp =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/www/permissions/one.adp,v diff -u -r1.15 -r1.15.2.1 --- openacs-4/packages/acs-subsite/www/permissions/one.adp 17 Jul 2018 18:30:29 -0000 1.15 +++ openacs-4/packages/acs-subsite/www/permissions/one.adp 26 Oct 2022 14:20:35 -0000 1.15.2.1 @@ -2,40 +2,57 @@ <property name="doc(title)">#acs-subsite.Permissions_for_name#</property> <property name="context">@context;literal@</property> - <h3>#acs-subsite.lt_Inherited_Permissions#</h3> - <if @inherited:rowcount;literal@ gt 0> - <ul> - <multiple name="inherited"> - <li>@inherited.grantee_name@, @inherited.privilege@</li> - </multiple> - </ul> - </if> - <else> - <p><em>#acs-subsite.none#</em></p> - </else> + <p>[ <a href="@toggle_view_href@">@toggle_view_label@</a> ]</p> <h3>#acs-subsite.Direct_Permissions#</h3> - <if @acl:rowcount;literal@ gt 0> - <form method="get" action="revoke"> - @export_form_vars;noquote@ - <multiple name="acl"> - <if @mainsite_p@ true and @acl.grantee_id@ eq "-1"> - <div>@acl.grantee_name@, @acl.privilege@ <strong>#acs-subsite.perm_cannot_be_removed#</strong></div> - </if> - <else> - <input type="checkbox" name="revoke_list" value="@acl.grantee_id@ @acl.privilege@" - id="check_@acl.grantee_id@_@acl.privilege@"> + + <if @detail_p;literal@ true> + <if @acl:rowcount;literal@ gt 0> + <form method="get" action="revoke"> + @export_form_vars;noquote@ + <multiple name="acl"> + <if @mainsite_p@ true and @acl.grantee_id@ eq "-1"> + <div>@acl.grantee_name@, @acl.privilege@ <strong>#acs-subsite.perm_cannot_be_removed#</strong></div> + </if> + <else> + <input type="checkbox" name="revoke_list" value="@acl.grantee_id@ @acl.privilege@" + id="check_@acl.grantee_id@_@acl.privilege@"> <label for="check_@acl.grantee_id@_@acl.privilege@">@acl.grantee_name@, @acl.privilege@</label><br> - </else> - </multiple> + </else> + </multiple> + </if> + <else> + <p><em>#acs-subsite.none#</em></p> + </else> + <if @acl:rowcount;literal@ gt 0> + <div><input type="submit" value="#acs-subsite.Revoke_Checked#"></div> + </form> + </if> + @controls;noquote@ + </if><else> + <include src="/packages/acs-subsite/www/permissions/perm-include" &="object_id" &="return_url" &="privs"> + </else> + + <h3>#acs-subsite.lt_Inherited_Permissions#</h3> + + <if @inherited_permissions_p;literal@ false> + <p>@nr_inherited_permissions@ #acs-subsite.lt_Inherited_Permissions# + [<a href="@show_inherited_permissions_href@">#acs-subsite.Show#</a>] </if> <else> - <p><em>#acs-subsite.none#</em></p> + <p>@nr_inherited_permissions@ #acs-subsite.lt_Inherited_Permissions# + [<a href="@hide_inherited_permissions_href@">#acs-subsite.Hide#</a>] + <if @inherited:rowcount;literal@ gt 0> + <ul> + <multiple name="inherited"> + <li>@inherited.grantee_name@, @inherited.privilege@</li> + </multiple> + </ul> + </if> + <else> + <p><em>#acs-subsite.none#</em></p> + </else> </else> - <if @acl:rowcount;literal@ gt 0> - <div><input type="submit" value="#acs-subsite.Revoke_Checked#"></div> - </form> - </if> - @controls;noquote@ + <h3>#acs-subsite.Children#</h3> <if @children_p;literal@ true> Index: openacs-4/packages/acs-subsite/www/permissions/one.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/www/permissions/one.tcl,v diff -u -r1.21.2.1 -r1.21.2.2 --- openacs-4/packages/acs-subsite/www/permissions/one.tcl 3 Sep 2019 07:45:04 -0000 1.21.2.1 +++ openacs-4/packages/acs-subsite/www/permissions/one.tcl 26 Oct 2022 14:20:35 -0000 1.21.2.2 @@ -6,35 +6,53 @@ @author rhs@mit.edu @creation-date 2000-08-20 - @cvs-id $Id$ } { object_id:integer,notnull {children_p:boolean "f"} + {detail_p:boolean "f"} + {privs:nohtml ""} + {inherited_permissions_p:boolean "f"} {application_url ""} } set user_id [auth::require_login] permission::require_permission -object_id $object_id -privilege admin -# RBM: Check if this is the Main Site and prevent the user from being -# able to remove Read permission on "The Public" and locking -# him/herself out. -if {$object_id eq [subsite::main_site_id]} { - set mainsite_p 1 -} else { - set mainsite_p 0 -} +set show_inherited_permissions_href [export_vars -base one {object_id children_p {inherited_permissions_p t}}] +set hide_inherited_permissions_href [export_vars -base one {object_id children_p {inherited_permissions_p f}}] +# Check if this is the Main Site and prevent the user from being +# able to remove Read permission on "The Public" and locking +# everybody (including him/herself) out. -acs_object::get -object_id $object_id -array obj -set name $obj(object_name) -set context_id $obj(context_id) -set security_inherit_p $obj(security_inherit_p) +set mainsite_p [expr {$object_id eq [subsite::main_site_id]}] +set object_info [acs_object::get -object_id $object_id] +set name [dict get $object_info object_name] +set security_inherit_p [dict get $object_info security_inherit_p] +set context_id [dict get $object_info context_id] +if {$context_id == -3} { + # + # Legacy installations have #acs-kernel.Default_Context# set in + # cases, where newer instances have a NULL value. + # + set context_id "" +} + set context [list [list "./" [_ acs-subsite.Permissions]] [_ acs-subsite.Permissions_for_name]] +set toggle_view_vars {object_id privs children_p inherited_permissions_p} +if {$detail_p} { + lappend toggle_view_vars {detail_p 0} + set toggle_view_label "Show permissions as table" +} else { + lappend toggle_view_vars {detail_p 1} + set toggle_view_label "Show permissions as list" +} +set toggle_view_href [export_vars -base one $toggle_view_vars] -db_multirow inherited inherited_permissions {} {} +set nr_inherited_permissions [db_string nr_inherited_permissions {}] +db_multirow inherited inherited_permissions {} {} db_multirow -extend {grantee_name} acl acl { select grantee_id, privilege from acs_permissions @@ -47,13 +65,15 @@ set controlsUrl [export_vars -base grant {application_url object_id}] lappend controls "<a href=\"[ns_quotehtml $controlsUrl]\">[ns_quotehtml [_ acs-subsite.Grant_Permission]]</a>" -set context_name [lang::util::localize [acs_object_name $context_id]] -set toggleUrl [export_vars -base toggle-inherit {application_url object_id}] -if { $security_inherit_p == "t" && $context_id ne "" } { - lappend controls "<a href=\"[ns_quotehtml $toggleUrl]\">Don't Inherit Permissions from [ns_quotehtml $context_name]</a>" -} else { - lappend controls "<a href=\"[ns_quotehtml $toggleUrl]\">Inherit Permissions from [ns_quotehtml $context_name]</a>" +if {$context_id ne ""} { + set context_name [lang::util::localize [acs_object_name $context_id]] + set toggleUrl [export_vars -base toggle-inherit {application_url object_id}] + if { $security_inherit_p == "t" && $context_id ne "" } { + lappend controls "<a href='[ns_quotehtml $toggleUrl]'>Don't Inherit Permissions from [ns_quotehtml $context_name]</a>" + } else { + lappend controls "<a href='[ns_quotehtml $toggleUrl]'>Inherit Permissions from [ns_quotehtml $context_name]</a>" + } } set controls "\[ [join $controls { | }] \]" @@ -64,8 +84,7 @@ set hide_children_url [export_vars -base one {object_id application_url {children_p f}}] if {$children_p == "t"} { - db_multirow children children {} { - } + db_multirow children children {} {} } else { db_1row children_count {} } Index: openacs-4/packages/acs-subsite/www/permissions/perm-include.adp =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/www/permissions/perm-include.adp,v diff -u -r1.5 -r1.5.14.1 --- openacs-4/packages/acs-subsite/www/permissions/perm-include.adp 3 Jan 2008 19:05:23 -0000 1.5 +++ openacs-4/packages/acs-subsite/www/permissions/perm-include.adp 26 Oct 2022 14:20:35 -0000 1.5.14.1 @@ -2,7 +2,7 @@ @perm_form_export_vars;noquote@ <listtemplate name="permissions"></listtemplate> <p> - <input type="submit" value="#acs-subsite.Confirm#"> + <input type="submit" value="#acs-subsite.Confirm_Permissions#" class="btn btn-outline-secondary text-decoration-none"> </p> </form> Index: openacs-4/packages/acs-subsite/www/permissions/perm-include.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/www/permissions/perm-include.tcl,v diff -u -r1.20.2.1 -r1.20.2.2 --- openacs-4/packages/acs-subsite/www/permissions/perm-include.tcl 24 Oct 2022 19:18:19 -0000 1.20.2.1 +++ openacs-4/packages/acs-subsite/www/permissions/perm-include.tcl 26 Oct 2022 14:20:35 -0000 1.20.2.2 @@ -9,21 +9,40 @@ {object_id:integer} {return_url:localurl ""} {privs { read create write delete admin }} + {detailed_permissions_p:boolean f} {user_add_url:localurl ""} } set user_id [ad_conn user_id] set admin_p [permission::permission_p -object_id $object_id -privilege admin] +set ad_return_url [ad_return_url] if { $return_url eq "" } { - set return_url [ad_return_url] + set return_url $ad_return_url } -acs_object::get -object_id $object_id -array obj -set object_name $obj(object_name) -set context_id $obj(context_id) -set parent_object_name [acs_object_name $obj(context_id)] +# +# When "privs" are passed in from the <include...> as empty, take the +# defaults. This way, it is still backward compatible and it does not +# require that the caller needs to know the default privileges. +# +if {$privs eq ""} { + set privs { read create write delete admin } +} + +set object_info [acs_object::get -object_id $object_id] +set name [dict get $object_info object_name] +set security_inherit_p [dict get $object_info security_inherit_p] +set context_id [dict get $object_info context_id] +if {$context_id == -3} { + # + # Legacy installations have #acs-kernel.Default_Context# set in + # cases, where newer instances have a NULL value. + # + set context_id "" +} + set elements [list] lappend elements grantee_name { label "[_ acs-subsite.Name]" @@ -38,6 +57,8 @@ } } +set mainsite_p [expr {$object_id eq [subsite::main_site_id]}] + foreach priv $privs { lappend select_clauses \ "sum(ptab.${priv}_p) as ${priv}_p" \ @@ -51,12 +72,17 @@ html { align center } \ label [string totitle [string map {_ { }} [_ acs-subsite.$priv]]] \ display_template [subst { + <if @permissions.grantee_id@ eq -1 and $mainsite_p eq 1> + <if @permissions.${priv}_p@ eq 1> + <adp:icon name="checkbox-checked" title="#acs-subsite.perm_cannot_be_removed#"> + </if> + </if><else> <if @permissions.${priv}_p@ ge 2> - <adp:icon name="checkbox-checked" title="This permission is inherited, to remove, click the 'Do not inherit ...' button above."> + <adp:icon name="checkbox-checked" title="#acs-subsite.Inherited_Permission-helptext#"> </if> <else> <input type="checkbox" name="perm" value="@permissions.grantee_id@,${priv}" @permissions.${priv}_checked@> - </else> + </else></else> }] \ ] } @@ -65,7 +91,12 @@ lappend elements remove_all { html { align center } label "[_ acs-subsite.Remove_All]" - display_template {<input type="checkbox" name="perm" value="@permissions.grantee_id@,remove">} + display_template { + <if @permissions.grantee_id@ eq -1 and $mainsite_p true> + </if><else> + <input type="checkbox" name="perm" value="@permissions.grantee_id@,remove"> + </else> + } } #lappend elements grantee_id @@ -77,29 +108,44 @@ set user_add_url "${perm_url}perm-user-add" } set user_add_url [export_vars -base $user_add_url { - object_id expanded {return_url "[ad_return_url]"} + object_id expanded {return_url $ad_return_url} }] -set actions [list \ - [_ acs-subsite.Grant_Permission] \ - [export_vars -base "${perm_url}grant" {return_url application_url object_id}] \ - [_ acs-subsite.Grant_Permission] \ - [_ acs-subsite.Search_For_Exist_User] \ - $user_add_url \ - [_ acs-subsite.Search_For_Exist_User]] +set actions {} +if {$detailed_permissions_p} { + lappend actions \ + [_ acs-subsite.Grant_Permission] \ + [export_vars -base "${perm_url}grant" {return_url application_url object_id}] \ + [_ acs-subsite.Grant_Permission] +} +lappend actions \ + [_ acs-subsite.Grant_Permissions_to_Users] \ + $user_add_url \ + [_ acs-subsite.Grant_Permissions_to_Users-helptext] +# +# When there is no context_id given, do not offer to turn +# security_inherit_p on or off. +# if { $context_id ne "" } { - set inherit_p [permission::inherit_p -object_id $object_id] + # + # The variable "parent_object_name" is used the the following + # message keys: + # + # lt_Do_not_inherit_from_p, lt_Inherit_from_parent_o, + # lt_Inherit_permissions_f, lt_Stop_inheriting_permi + # + set parent_object_name [acs_object_name $context_id] - if { $inherit_p } { + if { $security_inherit_p } { lappend actions \ [_ acs-subsite.lt_Do_not_inherit_from_p] \ - [export_vars -base "${perm_url}toggle-inherit" {object_id {return_url [ad_return_url]}}] \ + [export_vars -base "${perm_url}toggle-inherit" {object_id {return_url $ad_return_url}}] \ [_ acs-subsite.lt_Stop_inheriting_permi] } else { lappend actions \ [_ acs-subsite.lt_Inherit_from_parent_o] \ - [export_vars -base "${perm_url}toggle-inherit" {object_id {return_url [ad_return_url]}}] \ + [export_vars -base "${perm_url}toggle-inherit" {object_id {return_url $ad_return_url}}] \ [_ acs-subsite.lt_Inherit_permissions_f] } } Index: openacs-4/packages/acs-subsite/www/permissions/perm-modify.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/www/permissions/perm-modify.tcl,v diff -u -r1.8 -r1.8.2.1 --- openacs-4/packages/acs-subsite/www/permissions/perm-modify.tcl 23 Apr 2018 21:32:46 -0000 1.8 +++ openacs-4/packages/acs-subsite/www/permissions/perm-modify.tcl 26 Oct 2022 14:20:35 -0000 1.8.2.1 @@ -8,23 +8,28 @@ permission::require_permission -object_id $object_id -privilege admin -# entried in 'perm' have the form "${party_id}_${privilege}" +set mainsite_p [expr {$object_id eq [subsite::main_site_id]}] +# +# Entries in 'perm' have the form "${party_id}_${privilege}" +# foreach elm $perm { - set elmv [split $elm ","] - lassign $elmv party_id priv + lassign [split $elm ","] party_id priv if { $priv ne "remove" } { set perm_array($elm) add - } + } } foreach elm $perm { - set elmv [split $elm ","] - lassign $elmv party_id priv + lassign [split $elm ","] party_id priv if {$priv eq "remove"} { - foreach priv $privs { + foreach priv $privs { if { [info exists perm_array(${party_id},${priv})] } { - unset perm_array(${party_id},${priv}) + if {$mainsite_p && $party_id == "-1"} { + util_user_message "#acs-kernel.The_Public# $priv: #acs-subsite.perm_cannot_be_removed#" + } else { + unset perm_array(${party_id},${priv}) + } } } } @@ -53,8 +58,7 @@ # nothing: Do nothing # add: Add the privilege foreach elm [array names perm_array] { - set elmv [split $elm ","] - lassign $elmv party_id privilege + lassign [split $elm ","] party_id privilege switch -- $perm_array($elm) { remove { @@ -72,7 +76,7 @@ ad_script_abort } -set message [expr {$changes_p ? [_ acs-subsite.Information_Updated] : ""}] +set message [expr {$changes_p ? [_ acs-subsite.Permissions_Updated] : ""}] ad_returnredirect -message $message $return_url ad_script_abort Index: openacs-4/packages/acs-subsite/www/permissions/perm-user-add-include-oracle.xql =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/www/permissions/perm-user-add-include-oracle.xql,v diff -u -r1.4 -r1.4.2.1 --- openacs-4/packages/acs-subsite/www/permissions/perm-user-add-include-oracle.xql 7 Aug 2017 23:47:59 -0000 1.4 +++ openacs-4/packages/acs-subsite/www/permissions/perm-user-add-include-oracle.xql 26 Oct 2022 14:20:35 -0000 1.4.2.1 @@ -10,6 +10,7 @@ u.first_names || ' ' || u.last_name from cc_users u where u.user_id not in (select grantee_id from acs_permissions_all where object_id = :object_id) + and [template::list::filter_where_clauses -name users] order by upper(first_names), upper(last_name) </querytext> Index: openacs-4/packages/acs-subsite/www/permissions/perm-user-add-include-postgresql.xql =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/www/permissions/perm-user-add-include-postgresql.xql,v diff -u -r1.4 -r1.4.2.1 --- openacs-4/packages/acs-subsite/www/permissions/perm-user-add-include-postgresql.xql 7 Aug 2017 23:47:59 -0000 1.4 +++ openacs-4/packages/acs-subsite/www/permissions/perm-user-add-include-postgresql.xql 26 Oct 2022 14:20:35 -0000 1.4.2.1 @@ -11,7 +11,8 @@ from cc_users u where u.user_id not in ( select grantee_id from acs_permission.permissions_all(:object_id) - ) + ) + and [template::list::filter_where_clauses -name users] order by upper(first_names), upper(last_name) </querytext> Index: openacs-4/packages/acs-subsite/www/permissions/perm-user-add-include.adp =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/www/permissions/perm-user-add-include.adp,v diff -u -r1.5 -r1.5.2.1 --- openacs-4/packages/acs-subsite/www/permissions/perm-user-add-include.adp 7 Aug 2017 23:47:59 -0000 1.5 +++ openacs-4/packages/acs-subsite/www/permissions/perm-user-add-include.adp 26 Oct 2022 14:20:35 -0000 1.5.2.1 @@ -1,6 +1,11 @@ -<p><listtemplate name="users"></listtemplate></p> - +<div class="w-50"> + <div class="small fw-light">#acs-subsite.Filter_username_and_email# + <formtemplate id="filter" style="filter"></formtemplate> + </div> +</div> +<listtemplate name="users"></listtemplate> <p> - <strong>»</strong> <a href="@return_url@">#acs-subsite.lGo_back_without_adding#</a> -</p> +<ul class="action-links"> + <li><a href="@return_url@">#acs-subsite.lGo_back_without_adding#</a></li> +</ul> Index: openacs-4/packages/acs-subsite/www/permissions/perm-user-add-include.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/www/permissions/perm-user-add-include.tcl,v diff -u -r1.10.2.1 -r1.10.2.2 --- openacs-4/packages/acs-subsite/www/permissions/perm-user-add-include.tcl 16 May 2019 09:54:29 -0000 1.10.2.1 +++ openacs-4/packages/acs-subsite/www/permissions/perm-user-add-include.tcl 26 Oct 2022 14:20:35 -0000 1.10.2.2 @@ -3,10 +3,12 @@ object_id:naturalnum,notnull return_url:localurl page:naturalnum,optional + {search ""} } -# check they have read permission on this file - +# +# Check if the current user has read permission on this object_id. +# permission::require_permission -object_id $object_id -privilege admin # TODO: @@ -18,11 +20,25 @@ set perm_url "[lindex [site_node::get_url_from_object_id -object_id [site_node::closest_ancestor_package -include_self -package_key [subsite::package_keys]]] 0]permissions/" +ad_form \ + -name filter \ + -edit_buttons [list [list "Go" go]] \ + -has_submit 1 \ + -html { class foo } \ + -export {return_url object_id page} \ + -form { + {search:text,optional + {label ""} + {html {length 30 placeholder "[_ acs-kernel.common_Search]"} } + {value $search} + } + } -on_submit {} + list::create \ -name users \ -multirow users \ -key user_id \ - -page_size 20 \ + -page_size 10 \ -page_query_name users_who_dont_have_any_permissions_paginator \ -no_data "[_ acs-subsite.lt_There_are_no_users_wh]" \ -bulk_action_export_vars { return_url object_id } \ @@ -41,11 +57,20 @@ label "[_ acs-subsite.Add]" link_url_col add_url link_html { title "[_ acs-subsite.Add_this_user]" } - display_template "[_ acs-subsite.Add]" + display_template "<adp:icon name='add-new-item' title='[_ acs-subsite.Add_this_user]'>" } } -filters { object_id {} return_url {} + search { + hide_p 1 + where_clause { + (:search is null + or u.first_names || ' ' || u.last_name ilike '%' || :search || '%' + or u.email ilike '%' || :search || '%' + ) + } + } } db_multirow -extend { add_url } users users_who_dont_have_any_permissions {} { Index: openacs-4/packages/acs-subsite/www/permissions/perm-user-add-include.xql =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/www/permissions/perm-user-add-include.xql,v diff -u -r1.4 -r1.4.2.1 --- openacs-4/packages/acs-subsite/www/permissions/perm-user-add-include.xql 7 Aug 2017 23:47:59 -0000 1.4 +++ openacs-4/packages/acs-subsite/www/permissions/perm-user-add-include.xql 26 Oct 2022 14:20:35 -0000 1.4.2.1 @@ -10,6 +10,7 @@ u.email from cc_users u where [template::list::page_where_clause -name users] + and [template::list::filter_where_clauses -name users] order by upper(first_names), upper(last_name) </querytext> Index: openacs-4/packages/acs-subsite/www/register/index.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/www/register/index.tcl,v diff -u -r1.15.2.2 -r1.15.2.3 --- openacs-4/packages/acs-subsite/www/register/index.tcl 20 Jun 2019 14:21:03 -0000 1.15.2.2 +++ openacs-4/packages/acs-subsite/www/register/index.tcl 26 Oct 2022 14:20:35 -0000 1.15.2.3 @@ -17,7 +17,7 @@ # # Avoid page caching, across all browsers, no matter how the other -# site wide caching parameters are set. For discussion and deatils, +# site wide caching parameters are set. For discussion and details, # see: # # https://stackoverflow.com/questions/49547/how-to-control-web-page-caching-across-all-browsers