1 |
#!/usr/bin/perl |
2 |
use strict; |
3 |
|
4 |
use lib qw[/home/httpd/html/www/markup/html/whatpm |
5 |
/home/wakaba/work/manakai2/lib]; |
6 |
|
7 |
use CGI::Carp qw[fatalsToBrowser]; |
8 |
require Message::CGI::Carp; |
9 |
|
10 |
require 'users.pl'; |
11 |
require 'texts.pl'; |
12 |
|
13 |
require Message::CGI::HTTP; |
14 |
require Encode; |
15 |
my $cgi = Message::CGI::HTTP->new; |
16 |
$cgi->{decoder}->{'#default'} = sub { |
17 |
return Encode::decode ('utf-8', $_[1]); |
18 |
}; |
19 |
|
20 |
our $Lang = 'ja' |
21 |
if $cgi->get_meta_variable ('HTTP_ACCEPT_LANGUAGE') =~ /\bja\b/; ## TODO: ... |
22 |
|
23 |
require Message::DOM::DOMImplementation; |
24 |
my $dom = Message::DOM::DOMImplementation->new; |
25 |
|
26 |
my $path = $cgi->path_info; |
27 |
$path = '' unless defined $path; |
28 |
|
29 |
my @path = split m#/#, percent_decode ($path), -1; |
30 |
shift @path; |
31 |
|
32 |
if (@path == 3 and |
33 |
$path[0] eq 'users' and |
34 |
$path[1] =~ /\A[0-9a-z-]+\z/) { |
35 |
my $user_id = $path[1]; |
36 |
my $ac = check_access_right (allowed_users => {$user_id => 1}, |
37 |
allowed_groups => {'admin-users' => 1}); |
38 |
|
39 |
if ($path[2] eq '') { |
40 |
my $user_prop = get_user_prop ($user_id); |
41 |
if ($user_prop) { |
42 |
binmode STDOUT, ':encoding(utf-8)'; |
43 |
|
44 |
my $e_user_id = htescape ($user_id); |
45 |
|
46 |
print q[Content-Type: text/html; charset=utf-8 |
47 |
|
48 |
<!DOCTYPE HTML> |
49 |
<html lang=en> |
50 |
<title>]; |
51 |
print_text ('User %s', sub { print $e_user_id }); |
52 |
print q[</title> |
53 |
<link rel=stylesheet href="/www/style/html/xhtml"> |
54 |
<h1>]; |
55 |
print_text ('User %s', sub { print $e_user_id }); |
56 |
print q[</h1>]; |
57 |
|
58 |
my @joined; |
59 |
my @requested; |
60 |
my @invited; |
61 |
my @can_join; |
62 |
my @can_request; |
63 |
for my $group_id (get_all_groups ()) { |
64 |
my $gs = $user_prop->{'group.' . $group_id}; |
65 |
if ($gs->{member}) { |
66 |
push @joined, $group_id; |
67 |
} elsif ($gs->{no_approval}) { |
68 |
push @requested, $group_id; |
69 |
} elsif ($gs->{invited}) { |
70 |
push @invited, $group_id; |
71 |
} else { |
72 |
my $group_prop = get_group_prop ($group_id); |
73 |
if ($group_prop->{join_condition}->{invitation}) { |
74 |
# |
75 |
} elsif ($group_prop->{join_condition}->{approval}) { |
76 |
push @can_request, $group_id; |
77 |
} else { |
78 |
push @can_join, $group_id; |
79 |
} |
80 |
} |
81 |
} |
82 |
|
83 |
print q[<section id=groups><h2>]; |
84 |
print_text ('Groups'); |
85 |
print q[</h2>]; |
86 |
|
87 |
if (@joined) { |
88 |
print_list_section |
89 |
(id => 'groups-joined', |
90 |
title => 'Groups you have joined', |
91 |
items => \@joined, |
92 |
print_item => sub { |
93 |
my $group_id = shift; |
94 |
print q[<form action="group.] . htescape ($group_id); |
95 |
print q[" accept-charset=utf-8 method=post>]; |
96 |
print q[<a href="../../groups/].htescape ($group_id) . '/'; |
97 |
print q[">] . htescape ($group_id), q[</a> ]; |
98 |
print q[<input type=hidden name=action value=leave>]; |
99 |
print q[<input type=submit value="]; |
100 |
print_text ('Leave this group'); |
101 |
print q["></form>]; |
102 |
}); |
103 |
} |
104 |
|
105 |
if (@requested) { |
106 |
print_list_section |
107 |
(id => 'groups-requested', |
108 |
title => 'Groups you have requested to join but not approved yet', |
109 |
items => \@requested, |
110 |
print_item => sub { |
111 |
my $group_id = shift; |
112 |
print q[<form action="group.] . htescape ($group_id); |
113 |
print q[" accept-charset=utf-8 method=post>]; |
114 |
print q[<a href="../../groups/].htescape ($group_id) . '/'; |
115 |
print q[">] . htescape ($group_id), q[</a> ]; |
116 |
print q[<input type=hidden name=action value=leave>]; |
117 |
print q[<input type=submit value="]; |
118 |
print_text ('Cancel the request'); |
119 |
print q["></form>]; |
120 |
}); |
121 |
} |
122 |
|
123 |
if (@invited) { |
124 |
print_list_section |
125 |
(id => 'groups-invited', |
126 |
title => 'Groups you have been invited but not joined yet, or you have left', |
127 |
items => \@invited, |
128 |
print_item => sub { |
129 |
my $group_id = shift; |
130 |
print q[<form action="group.] . htescape ($group_id); |
131 |
print q[" accept-charset=utf-8 method=post>]; |
132 |
print q[<a href="../../groups/].htescape ($group_id) . '/'; |
133 |
print q[">] . htescape ($group_id), q[</a> ]; |
134 |
print q[<input type=hidden name=action value=join>]; |
135 |
print q[<input type=submit value="]; |
136 |
print_text ('Join this group'); |
137 |
print q["></form>]; |
138 |
}); |
139 |
} |
140 |
|
141 |
if (@can_join) { |
142 |
print_list_section |
143 |
(id => 'groups-can-join', |
144 |
title => 'Groups you can join now (without approval)', |
145 |
items => \@can_join, |
146 |
print_item => sub { |
147 |
my $group_id = shift; |
148 |
print q[<form action="group.] . htescape ($group_id); |
149 |
print q[" accept-charset=utf-8 method=post>]; |
150 |
print q[<a href="../../groups/].htescape ($group_id) . '/'; |
151 |
print q[">] . htescape ($group_id), q[</a>]; |
152 |
print q[<input type=hidden name=action value=join> ]; |
153 |
print q[<input type=submit value="]; |
154 |
print_text ('Join this group'); |
155 |
print q["></form>]; |
156 |
}); |
157 |
} |
158 |
|
159 |
if (@can_request) { |
160 |
print_list_section |
161 |
(id => 'groups-can-request', |
162 |
title => 'Groups you can request to join (approval required to join)', |
163 |
items => \@can_request, |
164 |
print_item => sub { |
165 |
my $group_id = shift; |
166 |
print q[<form action="group.] . htescape ($group_id); |
167 |
print q[" accept-charset=utf-8 method=post>]; |
168 |
print q[<a href="../../groups/].htescape ($group_id) . '/'; |
169 |
print q[">] . htescape ($group_id), q[</a> ]; |
170 |
print q[<input type=hidden name=action value=join>]; |
171 |
print q[<input type=submit value="]; |
172 |
print_text ('Join this group'); |
173 |
print q["></form>]; |
174 |
}); |
175 |
} |
176 |
|
177 |
print q[</section><section id=props><h2>]; |
178 |
print_text ('Properties'); |
179 |
print q[</h2><p><em>]; |
180 |
print_text (q[Don't expose any confidential data.]); |
181 |
print q[</em>]; |
182 |
|
183 |
print_prop_list ($ac, $user_prop, |
184 |
{ |
185 |
name => 'full_name', |
186 |
label => 'Full name', |
187 |
field_type => 'text', |
188 |
}, |
189 |
{ |
190 |
name => 'mail_addr', |
191 |
label => 'Mail address', |
192 |
field_type => 'email', |
193 |
}, |
194 |
{ |
195 |
name => 'home_url', |
196 |
label => 'Web site URL', |
197 |
field_type => 'url', |
198 |
}, |
199 |
); |
200 |
|
201 |
print qq[</section><section id=password><h2>]; |
202 |
print_text ('Password'); |
203 |
print q[</h2> |
204 |
|
205 |
<form action=password method=post accept-charset=utf-8> |
206 |
|
207 |
<p>]; |
208 |
print_text ('You can change the password.'); |
209 |
|
210 |
print q[<p><strong>]; |
211 |
print_text ('New password'); |
212 |
print q[</strong>: <input type=password name=user-pass |
213 |
size=10 required pattern=".{4,}"> (]; |
214 |
print_text ('Type 4 characters at minimum'); |
215 |
print q[) <p><strong>]; |
216 |
print_text ('New password'); |
217 |
print q[</strong> (]; |
218 |
print_text ('type again'); |
219 |
print q[): <input type=password |
220 |
name=user-pass2 size=10 required pattern=".{4,}"> |
221 |
|
222 |
<p><input type=submit value="]; |
223 |
print_text ('Change'); |
224 |
print q["> |
225 |
|
226 |
</form> |
227 |
</section> |
228 |
|
229 |
<section id=disable-account><h2>]; |
230 |
print_text ('Disable account'); |
231 |
print q[</h2> |
232 |
|
233 |
<form action=disabled method=post accept-charset=utf-8> |
234 |
|
235 |
<p><label><input type=checkbox name=action value=enable ]; |
236 |
print 'checked' unless $user_prop->{disabled}; |
237 |
print q[> ]; |
238 |
print_text ('Enable this account'); |
239 |
print q[</label> |
240 |
|
241 |
<p><strong>]; |
242 |
print_text ('Caution!'); |
243 |
print q[</strong> ]; |
244 |
print_text ('Once you disable your own account, you cannot enable your account by yourself.'); |
245 |
|
246 |
print q[<p><input type=submit value="]; |
247 |
print_text ('Change'); |
248 |
|
249 |
print q["></form></section>]; |
250 |
|
251 |
exit; |
252 |
} |
253 |
} elsif ($path[2] =~ /\Agroup\.([0-9a-z-]+)\z/) { |
254 |
my $group_id = $1; |
255 |
if ($cgi->request_method eq 'POST') { |
256 |
lock_start (); |
257 |
binmode STDOUT, ':encoding(utf-8)'; |
258 |
|
259 |
my $user_prop = get_user_prop ($user_id); |
260 |
my $group_prop = get_group_prop ($group_id); |
261 |
|
262 |
if ($user_prop and $group_prop) { |
263 |
my $gs = ($user_prop->{'group.' . $group_id} ||= {}); |
264 |
|
265 |
my $action = $cgi->get_parameter ('action'); |
266 |
my $status; |
267 |
if ($action eq 'join') { |
268 |
if (scalar $cgi->get_parameter ('agreed')) { |
269 |
if ($gs->{member}) { |
270 |
$status = q[You are a member]; |
271 |
# |
272 |
} elsif ($gs->{no_approval}) { |
273 |
$status = q[You are waiting for an approval]; |
274 |
# |
275 |
} elsif ($gs->{invited}) { |
276 |
$gs->{member} = 1; |
277 |
$status = q[Registered]; |
278 |
# |
279 |
} else { |
280 |
if ($group_prop->{join_condition}->{invitation}) { |
281 |
print_error (403, 'You are not invited to this group'); |
282 |
exit; |
283 |
} elsif ($group_prop->{join_condition}->{approval}) { |
284 |
$gs->{no_approval} = 1; |
285 |
$status = q[Request submitted]; |
286 |
# |
287 |
} else { |
288 |
$gs->{member} = 1; |
289 |
$status = q[Registered]; |
290 |
# |
291 |
} |
292 |
} |
293 |
} else { |
294 |
my $e_group_id = htescape ($group_id); |
295 |
print q[Content-Type: text/html; charset=utf-8 |
296 |
|
297 |
<!DOCTYPE HTML> |
298 |
<html lang=en> |
299 |
<title>]; |
300 |
print_text ('Joining the group %s', sub { print $e_group_id }); |
301 |
print q[</title> |
302 |
<link rel=stylesheet href="/www/style/html/xhtml"> |
303 |
<h1>]; |
304 |
print_text ('Joining the group %s', sub { print $e_group_id }); |
305 |
print q[</h1> |
306 |
|
307 |
<dl> |
308 |
<dt>]; |
309 |
print_text ('Description'); |
310 |
print qq[<dd>@{[$group_prop->{desc}]} |
311 |
</dl> |
312 |
|
313 |
<form action="@{[htescape ($cgi->request_uri)]}" accept-charset=utf-8 method=post> |
314 |
<input type=hidden name=action value=join> |
315 |
|
316 |
<p>]; |
317 |
print_text ('Do you really want to join this group?'); |
318 |
print q[ <input type=submit name=agreed value="]; |
319 |
print_text ('Yes'); |
320 |
print q["> <input type=button value="]; |
321 |
print_text ('No'); |
322 |
print q[" onclick="history.back ()"></form>]; |
323 |
exit; |
324 |
} |
325 |
} elsif ($action eq 'leave') { |
326 |
if ($gs->{member}) { |
327 |
delete $gs->{member}; |
328 |
$gs->{invited} = 1; |
329 |
$status = 'Unregistered'; |
330 |
# |
331 |
} elsif ($gs->{no_approval}) { |
332 |
delete $gs->{no_approval}; |
333 |
delete $gs->{invited}; |
334 |
$status = 'Request canceled'; |
335 |
# |
336 |
} else { |
337 |
$status = 'You are not a member'; |
338 |
# |
339 |
} |
340 |
} else { |
341 |
print_error (400, 'Bad action parameter'); |
342 |
exit; |
343 |
} |
344 |
|
345 |
set_user_prop ($user_id, $user_prop); |
346 |
regenerate_htpasswd_and_htgroup (); |
347 |
commit (); |
348 |
|
349 |
redirect (303, $status, './#groups'); |
350 |
exit; |
351 |
} |
352 |
} |
353 |
} elsif ($path[2] eq 'password') { |
354 |
if ($cgi->request_method eq 'POST') { |
355 |
lock_start (); |
356 |
binmode STDOUT, ':encoding(utf-8)'; |
357 |
|
358 |
my $user_prop = get_user_prop ($user_id); |
359 |
|
360 |
if ($user_prop) { |
361 |
$user_prop->{pass_crypted} = check_password ($cgi); |
362 |
|
363 |
set_user_prop ($user_id, $user_prop); |
364 |
regenerate_htpasswd_and_htgroup (); |
365 |
commit (); |
366 |
|
367 |
## Browsers do not support 205. |
368 |
#print qq[Status: 205 Password changed\n\n]; |
369 |
print qq[Status: 204 Password changed\n\n]; |
370 |
exit; |
371 |
} |
372 |
} |
373 |
} elsif ($path[2] eq 'disabled') { |
374 |
if ($cgi->request_method eq 'POST') { |
375 |
lock_start (); |
376 |
binmode STDOUT, ':encoding(utf-8)'; |
377 |
|
378 |
my $user_prop = get_user_prop ($user_id); |
379 |
|
380 |
if ($user_prop) { |
381 |
my $action = $cgi->get_parameter ('action'); |
382 |
if (defined $action and $action eq 'enable') { |
383 |
delete $user_prop->{disabled}; |
384 |
} else { |
385 |
$user_prop->{disabled} = 1; |
386 |
} |
387 |
|
388 |
set_user_prop ($user_id, $user_prop); |
389 |
regenerate_htpasswd_and_htgroup (); |
390 |
commit (); |
391 |
|
392 |
print "Status: 204 Property updated\n\n"; |
393 |
exit; |
394 |
} |
395 |
} |
396 |
} elsif ($path[2] eq 'prop') { |
397 |
if ($cgi->request_method eq 'POST') { |
398 |
lock_start (); |
399 |
my $user_prop = get_user_prop ($user_id); |
400 |
if ($user_prop) { |
401 |
binmode STDOUT, ':encoding(utf-8)'; |
402 |
|
403 |
my $prop_name = $cgi->get_parameter ('name'); |
404 |
if (defined $prop_name and |
405 |
{ |
406 |
full_name => 1, |
407 |
mail_addr => 1, |
408 |
home_url => 1, |
409 |
}->{$prop_name}) { |
410 |
$user_prop->{$prop_name} = $cgi->get_parameter ('value'); |
411 |
|
412 |
set_user_prop ($user_id, $user_prop); |
413 |
commit (); |
414 |
|
415 |
print "Status: 204 Property updated\n\n"; |
416 |
exit; |
417 |
} else { |
418 |
print_error (400, 'Bad property'); |
419 |
exit; |
420 |
} |
421 |
} |
422 |
} |
423 |
} |
424 |
} elsif (@path == 3 and |
425 |
$path[0] eq 'groups' and |
426 |
$path[1] =~ /\A[0-9a-z-]+\z/) { |
427 |
my $group_id = $path[1]; |
428 |
my $ac = check_access_right (allowed_groups => {'admin-groups' => 1}, |
429 |
group_context => $group_id); |
430 |
|
431 |
if ($path[2] eq '') { |
432 |
my $group_prop = get_group_prop ($group_id); |
433 |
if ($group_prop) { |
434 |
binmode STDOUT, ':encoding(utf-8)'; |
435 |
|
436 |
my $e_group_id = htescape ($group_id); |
437 |
|
438 |
print q[Content-Type: text/html; charset=utf-8 |
439 |
|
440 |
<!DOCTYPE HTML> |
441 |
<html lang=en> |
442 |
<title>]; |
443 |
print_text ('Group %s', sub { print $e_group_id }); |
444 |
print q[</title> |
445 |
<link rel=stylesheet href="/www/style/html/xhtml"> |
446 |
<h1>]; |
447 |
print_text ('Group %s', sub { print $e_group_id }); |
448 |
print q[</h1>]; |
449 |
|
450 |
print q[<section id=props><h2>]; |
451 |
print_text ('Properties'); |
452 |
print q[</h2>]; |
453 |
|
454 |
print_prop_list ($ac, $group_prop, |
455 |
{ |
456 |
name => 'desc', |
457 |
label => 'Description', |
458 |
field_type => 'textarea', |
459 |
public => 1, |
460 |
}, |
461 |
{ |
462 |
name => 'admin_group', |
463 |
label => 'Administrative group', |
464 |
field_type => 'text', |
465 |
}, |
466 |
); |
467 |
|
468 |
print q[</section><section id=members><h2>]; |
469 |
print_text ('Members'); |
470 |
print q[</h2>]; |
471 |
|
472 |
if ($ac->{read_group_member_list}) { |
473 |
my @members; |
474 |
my @apps; |
475 |
my @invited; |
476 |
for my $user_id (get_all_users ()) { |
477 |
my $user_prop = get_user_prop ($user_id); |
478 |
my $gs = $user_prop->{'group.' . $group_id}; |
479 |
if ($gs->{member}) { |
480 |
push @members, $user_id; |
481 |
} elsif ($gs->{no_approval}) { |
482 |
push @apps, $user_id; |
483 |
} elsif ($gs->{invited}) { |
484 |
push @invited, $user_id; |
485 |
} |
486 |
} |
487 |
|
488 |
if (@members) { |
489 |
print_list_section |
490 |
(id => 'formal-members', |
491 |
title => 'Formal members', |
492 |
items => \@members, |
493 |
print_item => sub { |
494 |
my $user_id = shift; |
495 |
print q[<form action="user.] . htescape ($user_id); |
496 |
print q[" accept-charset=utf-8 method=post>]; |
497 |
print qq[<a href="../../users/@{[htescape ($user_id)]}/">]; |
498 |
print '' . htescape ($user_id) . q[</a> ]; |
499 |
print q[<input type=hidden name=action value=unapprove>]; |
500 |
print q[<input type=submit value="]; |
501 |
print_text ('Kick'); |
502 |
print q["></form>]; |
503 |
}); |
504 |
} |
505 |
|
506 |
if (@apps) { |
507 |
print_list_section |
508 |
(id => 'non-approved-users', |
509 |
title => 'Users who are waiting for the approval to join', |
510 |
items => \@apps, |
511 |
print_item => sub { |
512 |
my $user_id = shift; |
513 |
print q[<form action="user.] . htescape ($user_id); |
514 |
print q[" accept-charset=utf-8 method=post>]; |
515 |
print qq[<a href="../../users/@{[htescape ($user_id)]}/">]; |
516 |
print '' . htescape ($user_id) . q[</a> ]; |
517 |
print q[<input type=hidden name=action value=approve>]; |
518 |
print q[<input type=submit value="]; |
519 |
print_text ('Approve'); |
520 |
print q["></form>]; |
521 |
}); |
522 |
} |
523 |
|
524 |
if (@invited) { |
525 |
print_list_section |
526 |
(id => 'invited-users', |
527 |
title => 'Users who are invited but not joined or are leaved', |
528 |
items => \@invited, |
529 |
print_item => sub { |
530 |
my $user_id = shift; |
531 |
print q[<form action="user.] . htescape ($user_id); |
532 |
print q[" accept-charset=utf-8 method=post>]; |
533 |
print qq[<a href="../../users/@{[htescape ($user_id)]}/">]; |
534 |
print '' . htescape ($user_id), q[</a> ]; |
535 |
print q[<input type=hidden name=action value=unapprove>]; |
536 |
print q[<input type=submit value="]; |
537 |
print_text ('Cancel invitation'); |
538 |
print q["></form>]; |
539 |
}); |
540 |
} |
541 |
} |
542 |
|
543 |
my $join_condition = $group_prop->{join_condition}; |
544 |
my $disabled = $ac->{write} ? '' : 'disabled'; |
545 |
print qq[<section id=member-approval><h3>]; |
546 |
print_text ('Member approval policy'); |
547 |
print qq[</h3> |
548 |
|
549 |
<form action=join-condition method=post accept-charset=utf-8> |
550 |
|
551 |
<p><label><input type=radio name=condition value=invitation $disabled |
552 |
@{[$join_condition->{invitation} ? 'checked' : '']}> ]; |
553 |
print_text ('A user who is invited by an administrator of the group can join the group.'); |
554 |
print qq[</label> |
555 |
|
556 |
<p><label><input type=radio name=condition value=approval $disabled |
557 |
@{[(not $join_condition->{invitation} and $join_condition->{approval}) |
558 |
? 'checked' : '']}> ]; |
559 |
print_text ('A user who is invited or approved by an administrator of the group can join the group.'); |
560 |
print qq[</label> |
561 |
|
562 |
<p><label><input type=radio name=condition value=anyone $disabled |
563 |
@{[(not $join_condition->{invitation} and not |
564 |
$join_condition->{approval}) ? 'checked' : '']}> ]; |
565 |
print_text ('Any user can join the group.'); |
566 |
print q[</label>]; |
567 |
unless ($disabled) { |
568 |
print q[<p><input type=submit value="]; |
569 |
print_text ('Change'); |
570 |
print q[">]; |
571 |
} |
572 |
print q[</form></section>]; |
573 |
|
574 |
if ($ac->{write}) { |
575 |
print q[<section id=member-invitation><h3>]; |
576 |
print_text ('Invite a user'); |
577 |
print q[</h3> |
578 |
|
579 |
<form action=invite-user accept-charset=utf-8 method=post> |
580 |
|
581 |
<p><strong>]; |
582 |
print_text ('User id'); |
583 |
print q[</strong>: <input type=text name=user-id |
584 |
maxlength=20 size=10 required pattern="[0-9a-z-]{4,20}"> |
585 |
|
586 |
<p><input type=submit value="]; |
587 |
print_text ('Invite'); |
588 |
print q["></form></section>]; |
589 |
} |
590 |
|
591 |
print q[</section>]; |
592 |
|
593 |
exit; |
594 |
} |
595 |
} elsif ($path[2] eq 'join-condition') { |
596 |
forbidden () unless $ac->{write}; |
597 |
|
598 |
if ($cgi->request_method eq 'POST') { |
599 |
lock_start (); |
600 |
my $group_prop = get_group_prop ($group_id); |
601 |
if ($group_prop) { |
602 |
binmode STDOUT, ':encoding(utf-8)'; |
603 |
|
604 |
my $new_condition = $cgi->get_parameter ('condition'); |
605 |
if ($new_condition eq 'invitation') { |
606 |
$group_prop->{join_condition}->{invitation} = 1; |
607 |
$group_prop->{join_condition}->{approval} = 1; |
608 |
} elsif ($new_condition eq 'approval') { |
609 |
$group_prop->{join_condition}->{approval} = 1; |
610 |
delete $group_prop->{join_condition}->{invitation}; |
611 |
} else { |
612 |
delete $group_prop->{join_condition}->{invitation}; |
613 |
delete $group_prop->{join_condition}->{approval}; |
614 |
} |
615 |
|
616 |
set_group_prop ($group_id, $group_prop); |
617 |
commit (); |
618 |
|
619 |
print "Status: 204 join-condition property updated\n\n"; |
620 |
exit; |
621 |
} |
622 |
} |
623 |
} elsif ($path[2] eq 'prop') { |
624 |
forbidden () unless $ac->{write}; |
625 |
|
626 |
if ($cgi->request_method eq 'POST') { |
627 |
lock_start (); |
628 |
my $group_prop = get_group_prop ($group_id); |
629 |
if ($group_prop) { |
630 |
binmode STDOUT, ':encoding(utf-8)'; |
631 |
|
632 |
my $prop_name = $cgi->get_parameter ('name'); |
633 |
if (defined $prop_name and |
634 |
{desc => 1, admin_group => 1}->{$prop_name}) { |
635 |
$group_prop->{$prop_name} = $cgi->get_parameter ('value'); |
636 |
|
637 |
set_group_prop ($group_id, $group_prop); |
638 |
commit (); |
639 |
|
640 |
print "Status: 204 Property updated\n\n"; |
641 |
exit; |
642 |
} else { |
643 |
print_error (400, 'Bad property'); |
644 |
exit; |
645 |
} |
646 |
} |
647 |
} |
648 |
} elsif ($path[2] =~ /\Auser\.([0-9a-z-]+)\z/ or |
649 |
$path[2] eq 'invite-user') { |
650 |
my $user_id = $1 // $cgi->get_parameter ('user-id') // ''; |
651 |
if ($user_id =~ /\A[0-9a-z-]+\z/ and |
652 |
$cgi->request_method eq 'POST') { |
653 |
forbidden () unless $ac->{write}; |
654 |
|
655 |
lock_start (); |
656 |
my $group_prop = get_group_prop ($group_id); |
657 |
my $user_prop = get_user_prop ($user_id); |
658 |
if ($group_prop and $user_prop) { |
659 |
binmode STDOUT, ':encoding(utf-8)'; |
660 |
|
661 |
my $gs = ($user_prop->{'group.' . $group_id} ||= {}); |
662 |
|
663 |
my $action = $cgi->get_parameter ('action'); |
664 |
$action = 'approve' if $path[2] eq 'invite-user'; |
665 |
my $status; |
666 |
if ($action eq 'approve') { |
667 |
if ($gs->{member}) { |
668 |
$status = 'He is a member'; |
669 |
# |
670 |
} elsif ($gs->{no_approval}) { |
671 |
$gs->{member} = 1; |
672 |
delete $gs->{no_approval}; |
673 |
$status = 'Registered'; |
674 |
# |
675 |
} elsif ($gs->{invited}) { |
676 |
$status = 'He has been invited'; |
677 |
# |
678 |
} else { |
679 |
$gs->{invited} = 1; |
680 |
$status = 'Invited'; |
681 |
# |
682 |
} |
683 |
} elsif ($action eq 'unapprove') { |
684 |
if ($gs->{member}) { |
685 |
delete $gs->{member}; |
686 |
delete $gs->{invited}; |
687 |
$status = 'Unregistered'; |
688 |
# |
689 |
} elsif ($gs->{invited}) { |
690 |
delete $gs->{invited}; |
691 |
$status = 'Invitation canceled'; |
692 |
# |
693 |
} else { |
694 |
$status = 'Not a member'; |
695 |
# |
696 |
} |
697 |
} else { |
698 |
print_error (400, 'Bad action parameter'); |
699 |
exit; |
700 |
} |
701 |
|
702 |
set_user_prop ($user_id, $user_prop); |
703 |
regenerate_htpasswd_and_htgroup (); |
704 |
commit (); |
705 |
|
706 |
#print "Status: 204 $status\n\n"; |
707 |
redirect (303, $status, './#members'); |
708 |
exit; |
709 |
} |
710 |
} |
711 |
} |
712 |
} elsif (@path == 1 and $path[0] eq 'new-group') { |
713 |
check_access_right (allowed_groups => {'admin-groups' => 1}); |
714 |
|
715 |
if ($cgi->request_method eq 'POST') { |
716 |
lock_start (); |
717 |
binmode STDOUT, ':encoding(utf-8)'; |
718 |
|
719 |
my $group_id = $cgi->get_parameter ('group-id'); |
720 |
|
721 |
if ($group_id !~ /\A[0-9a-z-]{4,20}\z/) { |
722 |
print_error (400, |
723 |
q[Group id %s is invalid; use characters [0-9a-z-]{4,20}], |
724 |
$group_id); |
725 |
exit; |
726 |
} |
727 |
|
728 |
if (get_group_prop ($group_id)) { |
729 |
print_error (400, q[Group id %s is already used], $group_id); |
730 |
exit; |
731 |
} |
732 |
|
733 |
my $group_prop = {id => $group_id}; |
734 |
set_group_prop ($group_id, $group_prop); |
735 |
|
736 |
commit (); |
737 |
|
738 |
my $group_url = get_absolute_url ('groups/' . $group_id . '/'); |
739 |
|
740 |
print qq[Status: 201 Group registered |
741 |
Location: $group_url |
742 |
Content-Type: text/html; charset=utf-8 |
743 |
|
744 |
<!DOCTYPE HTML> |
745 |
<html lang=en> |
746 |
<title>]; |
747 |
print_text ('Group %s registered', sub { print '', htescape ($group_id) }); |
748 |
print q[</title> |
749 |
<link rel=stylesheet href="/www/style/html/xhtml"> |
750 |
<h1>]; |
751 |
print_text ('Group %s registered', sub { print '', htescape ($group_id) }); |
752 |
print q[</h1><p>]; |
753 |
print_text ('The new group is created successfully.'); |
754 |
print q[<p>]; |
755 |
print_text ('See %s.', sub { |
756 |
print qq[<a href="@{[htescape ($group_url)]}">]; |
757 |
print_text ('the group information page'); |
758 |
print qq[</a>]; |
759 |
}); |
760 |
exit; |
761 |
} else { |
762 |
binmode STDOUT, ":encoding(utf-8)"; |
763 |
print q[Content-Type: text/html; charset=utf-8 |
764 |
|
765 |
<!DOCTYPE HTML> |
766 |
<html lang=en> |
767 |
<title>]; |
768 |
print_text ('Create a new group'); |
769 |
print q[</title> |
770 |
<link rel=stylesheet href="/www/style/html/xhtml"> |
771 |
<h1>]; |
772 |
print_text ('Create a new group'); |
773 |
print q[</h1> |
774 |
|
775 |
<form action=new-group accept-charset=utf-8 method=post> |
776 |
|
777 |
<p><strong>]; |
778 |
print_text ('Group id'); |
779 |
print q[</strong>: <input type=text name=group-id |
780 |
maxlength=20 size=10 required pattern="[0-9a-z-]{4,20}"> (]; |
781 |
print_text ('Use [0-9a-z-]{4,20}.'); |
782 |
print q[) <p><input type=submit value="]; |
783 |
print_text ('Create'); |
784 |
print q["></form>]; |
785 |
exit; |
786 |
} |
787 |
} elsif (@path == 1 and $path[0] eq '') { |
788 |
my $user_id = $cgi->remote_user; |
789 |
forbidden () if not defined $user_id or $user_id !~ /\A[0-9a-z-]+\z/; |
790 |
|
791 |
redirect (303, 'See other', 'users/' . $user_id . '/'); |
792 |
exit; |
793 |
} elsif (@path == 0) { |
794 |
redirect (301, 'Moved', 'edit/'); |
795 |
exit; |
796 |
} |
797 |
|
798 |
print_error (404, 'Not found'); |
799 |
exit; |
800 |
|
801 |
sub print_list_section (%) { |
802 |
my %opt = @_; |
803 |
$opt{level} ||= 3; |
804 |
|
805 |
print q[<section id="] . htescape ($opt{id}); |
806 |
print q["><h] . $opt{level} . q[>]; |
807 |
print_text ($opt{title}); |
808 |
print q[</h] . $opt{level} . q[><ul>]; |
809 |
for my $item (sort {$a cmp $b} @{$opt{items}}) { |
810 |
print q[<li>]; |
811 |
$opt{print_item}->($item); |
812 |
} |
813 |
print q[</ul></section>]; |
814 |
} # print_list_section |
815 |
|
816 |
sub print_prop_list ($$@) { |
817 |
my $ac = shift; |
818 |
my $prop_hash = shift; |
819 |
|
820 |
for my $prop (@_) { |
821 |
if ($prop->{public}) { |
822 |
print q[<p><strong>]; |
823 |
print_text ($prop->{label}); |
824 |
print q[</strong>: ]; |
825 |
print $prop_hash->{$prop->{name}}; |
826 |
} |
827 |
|
828 |
if ($ac->{write}) { |
829 |
print q[<form action="prop" accept-charset=utf-8 method=post>]; |
830 |
print q[<input type=hidden name=name value="], htescape ($prop->{name}), q[">]; |
831 |
if ($prop->{field_type} eq 'textarea') { |
832 |
print q[<p><label><strong>]; |
833 |
print_text ($prop->{label}); |
834 |
print q[</strong>: <br><textarea name="value"]; |
835 |
print q[>], htescape ($prop_hash->{$prop->{name}} // ''); |
836 |
print q[</textarea></label>]; |
837 |
print q[<p><input type=submit value="]; |
838 |
print_text ('Save'); |
839 |
print q[">]; |
840 |
} else { |
841 |
print q[<p><label><strong>]; |
842 |
print_text ($prop->{label}); |
843 |
print q[</strong>: <input type="] . $prop->{field_type}; |
844 |
print q[" name="value" ]; |
845 |
print q[value="], htescape ($prop_hash->{$prop->{name}} // ''); |
846 |
print q["></label> ]; |
847 |
print q[<input type=submit value="]; |
848 |
print_text ('Save'); |
849 |
print q[">]; |
850 |
} |
851 |
print q[</form>]; |
852 |
} |
853 |
} |
854 |
} # print_prop_list |
855 |
|
856 |
sub check_access_right (%) { |
857 |
my %opt = @_; |
858 |
|
859 |
my $user_id = $cgi->remote_user; |
860 |
forbidden () if not defined $user_id or $user_id !~ /\A[0-9a-z-]+\z/; |
861 |
|
862 |
my $user_prop = get_user_prop ($user_id); |
863 |
forbidden () unless $user_prop; |
864 |
|
865 |
my $ac = {}; |
866 |
my $return_ac; |
867 |
|
868 |
if ($opt{allowed_users}->{$user_id}) { |
869 |
$ac->{write} = 1; |
870 |
$return_ac = 1; |
871 |
} |
872 |
|
873 |
for my $group_id (keys %{$opt{allowed_groups} or {}}) { |
874 |
my $group_prop = get_group_prop ($group_id); |
875 |
next unless $group_prop; |
876 |
|
877 |
my $gs = $user_prop->{'group.' . $group_id}; |
878 |
if ($gs->{member}) { |
879 |
return {write => 1, read_group_member_list => 1}; |
880 |
} |
881 |
} |
882 |
|
883 |
if (defined $opt{group_context}) { |
884 |
my $group_prop = get_group_prop ($opt{group_context}); |
885 |
if ($group_prop) { |
886 |
if (defined $group_prop->{admin_group}) { |
887 |
my $ag_prop = get_group_prop ($group_prop->{admin_group}); |
888 |
if ($ag_prop and |
889 |
$user_prop->{'group.' . $group_prop->{admin_group}}->{member}) { |
890 |
return {write => 1, read_group_member_list => 1}; |
891 |
} |
892 |
} |
893 |
|
894 |
my $gs = $user_prop->{'group.' . $opt{group_context}}; |
895 |
if ($gs->{member}) { |
896 |
$return_ac = 1; |
897 |
} elsif ($gs->{invited}) { |
898 |
$return_ac = 1; |
899 |
} elsif ($group_prop->{join_condition}->{acception}) { |
900 |
$return_ac = 1; |
901 |
} elsif (not $group_prop->{join_condition}->{invitation}) { |
902 |
$return_ac = 1; |
903 |
} |
904 |
} |
905 |
} |
906 |
|
907 |
return $ac if $return_ac; |
908 |
|
909 |
forbidden (); |
910 |
} # check_access_right |
911 |
|
912 |
sub forbidden () { |
913 |
my $user = $cgi->remote_user; |
914 |
if (defined $user) { |
915 |
print_error (403, q[Forbidden (you've logged in as %s)], $user); |
916 |
} else { |
917 |
print_error (403, 'Forbidden'); |
918 |
} |
919 |
exit; |
920 |
} # forbidden |
921 |
|
922 |
sub redirect ($$$) { |
923 |
my ($code, $status, $url) = @_; |
924 |
|
925 |
my $abs_url = get_absolute_url ($url); |
926 |
|
927 |
print qq[Status: $code $status |
928 |
Location: $abs_url |
929 |
Content-Type: text/html; charset=us-ascii |
930 |
|
931 |
See <a href="@{[htescape ($abs_url)]}">other page</a>.]; |
932 |
} # redirect |
933 |
|
934 |
sub percent_decode ($) { |
935 |
return $dom->create_uri_reference ($_[0]) |
936 |
->get_iri_reference |
937 |
->uri_reference; |
938 |
} # percent_decode |
939 |
|
940 |
sub get_absolute_url ($) { |
941 |
return $dom->create_uri_reference ($_[0]) |
942 |
->get_absolute_reference ($cgi->request_uri) |
943 |
->get_iri_reference |
944 |
->uri_reference; |
945 |
} # get_absolute_url |