1 # ===================================================================== 2 # editUser: W-TW user account editor. 3 # 4 # Copyright (c) 2009 Carlo Strozzi 5 # 6 # This program is free software; you can redistribute it and/or modify 7 # it under the terms of the GNU General Public License as published by 8 # the Free Software Foundation; version 2 dated June, 1991. 9 # 10 # This program is distributed in the hope that it will be useful, 11 # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 # GNU General Public License for more details. 14 # 15 # You should have received a copy of the GNU General Public License 16 # along with this program; if not, write to the Free Software 17 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 18 # 19 # ===================================================================== 20 21 # ===================================================================== 22 # Local variables and functions 23 # ===================================================================== 24 25 cgi.group = () 26 cgi.group.literal = () 27 cgi.auth.user = () 28 cgi.grep.user = () 29 30 tmp1 = /dev/null 31 tpl.var.checksum = () 32 not_own = () 33 34 # ===================================================================== 35 # Main program 36 # ===================================================================== 37 38 csaGetArgs GET 39 40 #~ $REMOTE_ADDR 192.168.1.2 && csaExit.env 41 42 . $CSA_ROOT/lib/group-stuff.rc 43 44 # Check other required vars. 45 ~ $'cgi.auth.user' () && csaExit.fault 0025 46 ~ $'cgi.grep.user' () && csaExit.fault 0066 # should not occur. 47 48 # Policy checks should always come after the inclusion of group 49 # (and possibly also page) meta-data. 50 51 csaTrue $CSA_AUTH_OK || csaExit.needauth 52 53 # Only *authenticated* global editors may edit other people's accounts, 54 # and even then, they can only enable/disable those accounts and assign 55 # them to different authorization groups, as well as granting/revoking 56 # the group-level editor status to them. 57 58 # This must be checked *before* a user is granted group-level editor 59 # privileges! 60 61 if (!~ $'cgi.auth.user' $CSA_AUTH_USER) { 62 ~ ,$TNS_AUTH_GRP, *,editor,* || csaExit.needauth 63 not_own = true 64 } 65 66 # This must also be assessed *before* granting local privileges. 67 if (~ ,$TNS_AUTH_GRP, *,editor,*) { 68 tpl.if.tw.local.4 = '(::DEL:)' 69 tpl.fi.tw.local.4 = '(:DEL::)' 70 } 71 72 . $CSA_ROOT/lib/group-editor.rc 73 74 #~ $REMOTE_ADDR 192.168.1.2 && csaExit.env 75 76 if (csaIsFullPath --exists --quiet $CSA_TPL_ROOT/tw-edit-user.txt) { 77 # custom page-editing template. 78 tpl.include.html.body = $CSA_TPL_ROOT/tw-edit-user.txt 79 } else { 80 # default page-editing template. 81 tpl.include.html.body = $tw_dstem/tw-edit-user.txt 82 } 83 84 . $CSA_ROOT/lib/tpl-stuff.rc 85 86 # Fetch the requested auth record. 87 csa-tbl2rc --input $TNS_USER_TABLE \ 88 --key $'cgi.auth.user' --prefix tbl_auth. > $tmp1 || 89 csaExit.fault 0003 csa-tbl2rc 90 91 . $tmp1 92 93 csaSum --file $tmp1 94 tpl.var.checksum = $CSA_RESULT 95 96 if (~ $'tbl_auth.u_email' ()) { 97 csaExit.fault --back 1048 $'cgi.auth.user' 98 } 99 100 # Set account-related template vars. 101 tpl.var.tw.auth.user = $'tbl_auth.k_user' 102 tpl.var.tw.auth.group = $'tbl_auth.u_group' 103 tpl.var.tw.auth.name = $'tbl_auth.u_name' 104 tpl.var.tw.auth.sname = $'tbl_auth.u_sname' 105 tpl.var.tw.auth.email = $'tbl_auth.u_email' 106 tpl.var.tw.auth.gui = $'tbl_auth.u_gui' 107 tpl.var.tw.auth.other = $'tbl_auth.u_other' 108 109 makeFullName --sreg $'tbl_auth.u_name' $'tbl_auth.u_sname' 110 tpl.var.tw.auth.fullname = $CSA_RESULT 111 112 if (csaTrue $not_own) { 113 tpl.if.tw.local.3 = '(::DEL:)' 114 tpl.fi.tw.local.3 = '(:DEL::)' 115 } else { 116 tpl.var.tw.auth.passwd = $'tbl_auth.u_passwd' 117 tpl.if.tw.local.2 = '(::DEL:)' 118 tpl.fi.tw.local.2 = '(:DEL::)' 119 } 120 121 # Display target user's gravatar. This must be in MD5 format so I 122 # cannot rely on CSA_CMD_MD, because this could be anything. 123 * = `{echo -n $'tbl_auth.u_email' | md5sum} 124 ~ $1 () && csaExit.fault 0003 md5sum # just in case. 125 tpl.var.tw.auth.email.md5 = $1 126 127 # If target is global editor then set just "editor" in the displayed 128 # list of groups. If group-level editor then prepend "editor" to the 129 # displayed list of groups. 130 131 if (~ ,$'tbl_auth.u_group', *,editor,*) { 132 tpl.var.tw.auth.group = editor 133 } else { 134 if (!~ ,$'tpl.var.tw.auth.group', *,editor,* && 135 ~ ,$'tbl_group.g_editor', *,$'cgi.auth.user',*) { 136 tpl.var.tw.auth.group = editor,$'tpl.var.tw.auth.group' 137 } 138 } 139 140 #~ $REMOTE_ADDR 192.168.1.2 && csaExit.env 141 142 # Don't forget the associated OpenId URL, if any. 143 if (csaIsFullPath --exists --quiet $CSA_ROOT/var/pages/openid+dat) { 144 * = ``($tab$nl){grep -e $tab$'cgi.grep.user'^'$' \ 145 $CSA_ROOT/var/pages/openid+dat} 146 if (~ $1 http://* https://*) { 147 tpl.var.tw.auth.openid = $1 148 } else tpl.var.tw.auth.openid = () 149 } 150 151 #~ $REMOTE_ADDR 192.168.1.2 && csaExit.env 152 153 tpl.if.tw.ispage = '(::DEL:)' 154 tpl.fi.tw.ispage = '(:DEL::)' 155 tpl.if.tw.isview = () 156 tpl.fi.tw.isview = () 157 158 csaExit.ok $tpl_file 159 160 # End of program.