1 |
#!/usr/bin/perl |
2 |
use strict; |
3 |
|
4 |
use lib qw[/home/httpd/html/www/markup/html/whatpm |
5 |
/home/wakaba/work/manakai2/lib]; |
6 |
|
7 |
use CGI::Carp qw[fatalsToBrowser]; |
8 |
require Message::CGI::Carp; |
9 |
|
10 |
require 'users.pl'; |
11 |
|
12 |
require Message::CGI::HTTP; |
13 |
require Encode; |
14 |
my $cgi = Message::CGI::HTTP->new; |
15 |
$cgi->{decoder}->{'#default'} = sub { |
16 |
return Encode::decode ('utf-8', $_[1]); |
17 |
}; |
18 |
|
19 |
require Message::DOM::DOMImplementation; |
20 |
my $dom = Message::DOM::DOMImplementation->new; |
21 |
|
22 |
my $path = $cgi->path_info; |
23 |
$path = '' unless defined $path; |
24 |
|
25 |
my @path = split m#/#, percent_decode ($path), -1; |
26 |
shift @path; |
27 |
|
28 |
if (@path == 3 and |
29 |
$path[0] eq 'users' and |
30 |
$path[1] =~ /\A[0-9a-z-]+\z/) { |
31 |
my $user_id = $path[1]; |
32 |
check_access_right (allowed_users => {$user_id => 1}, |
33 |
allowed_groups => {'admin-users' => 1}); |
34 |
|
35 |
if ($path[2] eq '') { |
36 |
my $user_prop = get_user_prop ($user_id); |
37 |
if ($user_prop) { |
38 |
binmode STDOUT, ':encoding(utf-8)'; |
39 |
|
40 |
my $e_user_id = htescape ($user_id); |
41 |
|
42 |
print qq[Content-Type: text/html; charset=utf-8 |
43 |
|
44 |
<!DOCTYPE HTML> |
45 |
<html lang=en> |
46 |
<title>User $e_user_id</title> |
47 |
<link rel=stylesheet href="/www/style/html/xhtml"> |
48 |
<h1>User $e_user_id</h1> |
49 |
]; |
50 |
|
51 |
my @joined; |
52 |
my @requested; |
53 |
my @invited; |
54 |
my @can_join; |
55 |
my @can_request; |
56 |
for my $group_id (get_all_groups ()) { |
57 |
my $gs = $user_prop->{'group.' . $group_id}; |
58 |
if ($gs->{member}) { |
59 |
push @joined, $group_id; |
60 |
} elsif ($gs->{no_approval}) { |
61 |
push @requested, $group_id; |
62 |
} elsif ($gs->{invited}) { |
63 |
push @invited, $group_id; |
64 |
} else { |
65 |
my $group_prop = get_group_prop ($group_id); |
66 |
if ($group_prop->{join_condition}->{invitation}) { |
67 |
# |
68 |
} elsif ($group_prop->{join_condition}->{approval}) { |
69 |
push @can_request, $group_id; |
70 |
} else { |
71 |
push @can_join, $group_id; |
72 |
} |
73 |
} |
74 |
} |
75 |
|
76 |
print qq[<section id=groups><h2>Groups</h2>]; |
77 |
|
78 |
if (@joined) { |
79 |
print_list_section |
80 |
(id => 'groups-joined', |
81 |
title => 'Groups you have joined', |
82 |
items => \@joined, |
83 |
print_item => sub { |
84 |
my $group_id = shift; |
85 |
print q[<form action="group.] . htescape ($group_id); |
86 |
print q[" accept-charset=utf-8 method=post>]; |
87 |
print q[<a href="../../groups/].htescape ($group_id) . '/'; |
88 |
print q[">] . htescape ($group_id), q[</a> ]; |
89 |
print q[<input type=hidden name=action value=leave>]; |
90 |
print q[<input type=submit value="Leave this group"></form>]; |
91 |
}); |
92 |
} |
93 |
|
94 |
if (@requested) { |
95 |
print_list_section |
96 |
(id => 'groups-requested', |
97 |
title => 'Groups you have requested to join but not approved yet', |
98 |
items => \@requested, |
99 |
print_item => sub { |
100 |
my $group_id = shift; |
101 |
print q[<form action="group.] . htescape ($group_id); |
102 |
print q[" accept-charset=utf-8 method=post>]; |
103 |
print q[<a href="../../groups/].htescape ($group_id) . '/'; |
104 |
print q[">] . htescape ($group_id), q[</a> ]; |
105 |
print q[<input type=hidden name=action value=leave>]; |
106 |
print q[<input type=submit value="Cancel the request"></form>]; |
107 |
}); |
108 |
} |
109 |
|
110 |
if (@invited) { |
111 |
print_list_section |
112 |
(id => 'groups-invited', |
113 |
title => 'Groups you have been invited but not joined yet, or you have left', |
114 |
items => \@invited, |
115 |
print_item => sub { |
116 |
my $group_id = shift; |
117 |
print q[<form action="group.] . htescape ($group_id); |
118 |
print q[" accept-charset=utf-8 method=post>]; |
119 |
print q[<a href="../../groups/].htescape ($group_id) . '/'; |
120 |
print q[">] . htescape ($group_id), q[</a> ]; |
121 |
print q[<input type=hidden name=action value=join>]; |
122 |
print q[<input type=submit value="Join this group"></form>]; |
123 |
}); |
124 |
} |
125 |
|
126 |
if (@can_join) { |
127 |
print_list_section |
128 |
(id => 'groups-can-join', |
129 |
title => 'Groups you can join now (without approval)', |
130 |
items => \@can_join, |
131 |
print_item => sub { |
132 |
my $group_id = shift; |
133 |
print q[<form action="group.] . htescape ($group_id); |
134 |
print q[" accept-charset=utf-8 method=post>]; |
135 |
print q[<a href="../../groups/].htescape ($group_id) . '/'; |
136 |
print q[">] . htescape ($group_id), q[</a>]; |
137 |
print q[<input type=hidden name=action value=join>]; |
138 |
print q[<input type=submit value="Join this group"></form>]; |
139 |
}); |
140 |
} |
141 |
|
142 |
if (@can_request) { |
143 |
print_list_section |
144 |
(id => 'groups-can-request', |
145 |
title => 'Groups you can request to join (approval required to join)', |
146 |
items => \@can_request, |
147 |
print_item => sub { |
148 |
my $group_id = shift; |
149 |
print q[<form action="group.] . htescape ($group_id); |
150 |
print q[" accept-charset=utf-8 method=post>]; |
151 |
print q[<a href="../../groups/].htescape ($group_id) . '/'; |
152 |
print q[">] . htescape ($group_id), q[</a> ]; |
153 |
print q[<input type=hidden name=action value=join>]; |
154 |
print q[<input type=submit value="Join this group"></form>]; |
155 |
}); |
156 |
} |
157 |
|
158 |
print q[</section>]; |
159 |
|
160 |
print qq[<section id=password> |
161 |
<h2>Password</h2> |
162 |
|
163 |
<form action=password method=post accept-charset=utf-8> |
164 |
|
165 |
<p>You can change the password. |
166 |
|
167 |
<p><strong>New password</strong>: <input type=password name=user-pass |
168 |
size=10 required pattern=".{4,}" title="Type 4 characters at minimum"> |
169 |
|
170 |
<p><strong>New password</strong> (type again): <input type=password |
171 |
name=user-pass2 size=10 required pattern=".{4,}"> |
172 |
|
173 |
<p><input type=submit value=Change> |
174 |
|
175 |
</form> |
176 |
</section> |
177 |
|
178 |
<section id=disable-account><h2>Disable account</h2> |
179 |
|
180 |
<form action=disabled method=post accept-charset=utf-8> |
181 |
|
182 |
<p><label><input type=checkbox name=action value=enable |
183 |
@{[$user_prop->{disabled} ? '' : 'checked']}> Enable this |
184 |
account.</label> |
185 |
|
186 |
<p><strong>Caution!</strong> Once you disable your own account, you |
187 |
cannot enable your account by yourself. |
188 |
|
189 |
<p><input type=submit value=Change> |
190 |
|
191 |
</form> |
192 |
|
193 |
</section>]; |
194 |
|
195 |
exit; |
196 |
} |
197 |
} elsif ($path[2] =~ /\Agroup\.([0-9a-z-]+)\z/) { |
198 |
my $group_id = $1; |
199 |
if ($cgi->request_method eq 'POST') { |
200 |
lock_start (); |
201 |
binmode STDOUT, ':encoding(utf-8)'; |
202 |
|
203 |
my $user_prop = get_user_prop ($user_id); |
204 |
my $group_prop = get_group_prop ($group_id); |
205 |
|
206 |
if ($user_prop and $group_prop) { |
207 |
my $gs = ($user_prop->{'group.' . $group_id} ||= {}); |
208 |
|
209 |
my $action = $cgi->get_parameter ('action'); |
210 |
my $status; |
211 |
if ($action eq 'join') { |
212 |
if ($gs->{member}) { |
213 |
$status = q[You are a member]; |
214 |
# |
215 |
} elsif ($gs->{no_approval}) { |
216 |
$status = q[You are waiting for an approval]; |
217 |
# |
218 |
} elsif ($gs->{invited}) { |
219 |
$gs->{member} = 1; |
220 |
$status = q[Registered]; |
221 |
# |
222 |
} else { |
223 |
if ($group_prop->{join_condition}->{invitation}) { |
224 |
print_error (403, 'You are not invited to this group'); |
225 |
exit; |
226 |
} elsif ($group_prop->{join_condition}->{approval}) { |
227 |
$gs->{no_approval} = 1; |
228 |
$status = q[Request submitted]; |
229 |
# |
230 |
} else { |
231 |
$gs->{member} = 1; |
232 |
$status = q[Registered]; |
233 |
# |
234 |
} |
235 |
} |
236 |
} elsif ($action eq 'leave') { |
237 |
if ($gs->{member}) { |
238 |
delete $gs->{member}; |
239 |
$gs->{invited} = 1; |
240 |
$status = 'Unregistered'; |
241 |
# |
242 |
} elsif ($gs->{no_approval}) { |
243 |
delete $gs->{no_approval}; |
244 |
delete $gs->{invited}; |
245 |
$status = 'Request canceled'; |
246 |
# |
247 |
} else { |
248 |
$status = 'You are not a member'; |
249 |
# |
250 |
} |
251 |
} else { |
252 |
print_error (400, 'Bad action parameter'); |
253 |
exit; |
254 |
} |
255 |
|
256 |
set_user_prop ($user_id, $user_prop); |
257 |
regenerate_htpasswd_and_htgroup (); |
258 |
commit (); |
259 |
|
260 |
print qq[Status: 204 $status\n\n]; |
261 |
exit; |
262 |
} |
263 |
} |
264 |
} elsif ($path[2] eq 'password') { |
265 |
if ($cgi->request_method eq 'POST') { |
266 |
lock_start (); |
267 |
binmode STDOUT, ':encoding(utf-8)'; |
268 |
|
269 |
my $user_prop = get_user_prop ($user_id); |
270 |
|
271 |
if ($user_prop) { |
272 |
$user_prop->{pass_crypted} = check_password ($cgi); |
273 |
|
274 |
set_user_prop ($user_id, $user_prop); |
275 |
regenerate_htpasswd_and_htgroup (); |
276 |
commit (); |
277 |
|
278 |
## Browsers do not support 205. |
279 |
#print qq[Status: 205 Password changed\n\n]; |
280 |
print qq[Status: 204 Password changed\n\n]; |
281 |
exit; |
282 |
} |
283 |
} |
284 |
} elsif ($path[2] eq 'disabled') { |
285 |
if ($cgi->request_method eq 'POST') { |
286 |
lock_start (); |
287 |
binmode STDOUT, ':encoding(utf-8)'; |
288 |
|
289 |
my $user_prop = get_user_prop ($user_id); |
290 |
|
291 |
if ($user_prop) { |
292 |
my $action = $cgi->get_parameter ('action'); |
293 |
if (defined $action and $action eq 'enable') { |
294 |
delete $user_prop->{disabled}; |
295 |
} else { |
296 |
$user_prop->{disabled} = 1; |
297 |
} |
298 |
|
299 |
set_user_prop ($user_id, $user_prop); |
300 |
regenerate_htpasswd_and_htgroup (); |
301 |
commit (); |
302 |
|
303 |
print "Status: 204 Property updated\n\n"; |
304 |
exit; |
305 |
} |
306 |
} |
307 |
} |
308 |
} elsif (@path == 3 and |
309 |
$path[0] eq 'groups' and |
310 |
$path[1] =~ /\A[0-9a-z-]+\z/) { |
311 |
my $group_id = $path[1]; |
312 |
my $ac = check_access_right (allowed_groups => {'admin-groups' => 1}, |
313 |
group_context => $group_id); |
314 |
|
315 |
if ($path[2] eq '') { |
316 |
my $group_prop = get_group_prop ($group_id); |
317 |
if ($group_prop) { |
318 |
binmode STDOUT, ':encoding(utf-8)'; |
319 |
|
320 |
my $e_group_id = htescape ($group_id); |
321 |
|
322 |
print qq[Content-Type: text/html; charset=utf-8 |
323 |
|
324 |
<!DOCTYPE HTML> |
325 |
<html lang=en> |
326 |
<title>Group $e_group_id</title> |
327 |
<link rel=stylesheet href="/www/style/html/xhtml"> |
328 |
<h1>Group $e_group_id</h1> |
329 |
|
330 |
<section id=members><h2>Members</h2>]; |
331 |
|
332 |
if ($ac->{read_group_member_list}) { |
333 |
my @members; |
334 |
my @apps; |
335 |
my @invited; |
336 |
for my $user_id (get_all_users ()) { |
337 |
my $user_prop = get_user_prop ($user_id); |
338 |
my $gs = $user_prop->{'group.' . $group_id}; |
339 |
if ($gs->{member}) { |
340 |
push @members, $user_id; |
341 |
} elsif ($gs->{no_approval}) { |
342 |
push @apps, $user_id; |
343 |
} elsif ($gs->{invited}) { |
344 |
push @invited, $user_id; |
345 |
} |
346 |
} |
347 |
|
348 |
if (@members) { |
349 |
print_list_section |
350 |
(id => 'formal-members', |
351 |
title => 'Formal members', |
352 |
items => \@members, |
353 |
print_item => sub { |
354 |
my $user_id = shift; |
355 |
print q[<form action="user.] . htescape ($user_id); |
356 |
print q[" accept-charset=utf-8 method=post>]; |
357 |
print qq[<a href="../../users/@{[htescape ($user_id)]}/">]; |
358 |
print '' . htescape ($user_id) . q[</a> ]; |
359 |
print q[<input type=hidden name=action value=unapprove>]; |
360 |
print q[<input type=submit value="Kick"></form>]; |
361 |
}); |
362 |
} |
363 |
|
364 |
if (@apps) { |
365 |
print_list_section |
366 |
(id => 'non-approved-users', |
367 |
title => 'Users who are waiting for the approval to join', |
368 |
items => \@apps, |
369 |
print_item => sub { |
370 |
my $user_id = shift; |
371 |
print q[<form action="user.] . htescape ($user_id); |
372 |
print q[" accept-charset=utf-8 method=post>]; |
373 |
print qq[<a href="../../users/@{[htescape ($user_id)]}/">]; |
374 |
print '' . htescape ($user_id) . q[</a> ]; |
375 |
print q[<input type=hidden name=action value=approve>]; |
376 |
print q[<input type=submit value=Approve></form>]; |
377 |
}); |
378 |
} |
379 |
|
380 |
if (@invited) { |
381 |
print_list_section |
382 |
(id => 'invited-users', |
383 |
title => 'Users who are invited but not joined or are leaved', |
384 |
items => \@invited, |
385 |
print_item => sub { |
386 |
my $user_id = shift; |
387 |
print q[<form action="user.] . htescape ($user_id); |
388 |
print q[" accept-charset=utf-8 method=post>]; |
389 |
print qq[<a href="../../users/@{[htescape ($user_id)]}/">]; |
390 |
print '' . htescape ($user_id), q[</a> ]; |
391 |
print q[<input type=hidden name=action value=unapprove>]; |
392 |
print q[<input type=submit value="Cancel invitation"></form>]; |
393 |
}); |
394 |
} |
395 |
} |
396 |
|
397 |
my $join_condition = $group_prop->{join_condition}; |
398 |
my $disabled = $ac->{write} ? '' : 'disabled'; |
399 |
print qq[<section id=member-approval> |
400 |
<h3>Member approval policy</h3> |
401 |
|
402 |
<form action=join-condition method=post accept-charset=utf-8> |
403 |
|
404 |
<p><label><input type=radio name=condition value=invitation $disabled |
405 |
@{[$join_condition->{invitation} ? 'checked' : '']}> A user who is |
406 |
invited by an administrator of the group can join the group.</label> |
407 |
|
408 |
<p><label><input type=radio name=condition value=approval $disabled |
409 |
@{[(not $join_condition->{invitation} and $join_condition->{approval}) |
410 |
? 'checked' : '']}> A user who is invited or approved by an |
411 |
administrator of the group can join the group.</label> |
412 |
|
413 |
<p><label><input type=radio name=condition value=anyone $disabled |
414 |
@{[(not $join_condition->{invitation} and not |
415 |
$join_condition->{approval}) ? 'checked' : '']}> Any user can join |
416 |
the group.</label> |
417 |
|
418 |
@{[$disabled ? '' : '<p><input type=submit value=Change>']} |
419 |
|
420 |
</form> |
421 |
|
422 |
</section>]; |
423 |
|
424 |
if ($ac->{write}) { |
425 |
print q[<section id=member-invitation> |
426 |
<h3>Invite a user</h3> |
427 |
|
428 |
<form action=invite-user accept-charset=utf-8 method=post> |
429 |
|
430 |
<p><strong>User id</strong>: <input type=text name=user-id |
431 |
maxlength=20 size=10 required pattern="[0-9a-z-]{4,20}"> |
432 |
|
433 |
<p><input type=submit value=Invite> |
434 |
|
435 |
</form> |
436 |
|
437 |
</section>]; |
438 |
} |
439 |
|
440 |
print q[</section>]; |
441 |
|
442 |
exit; |
443 |
} |
444 |
} elsif ($path[2] eq 'join-condition') { |
445 |
forbidden () unless $ac->{write}; |
446 |
|
447 |
if ($cgi->request_method eq 'POST') { |
448 |
lock_start (); |
449 |
my $group_prop = get_group_prop ($group_id); |
450 |
if ($group_prop) { |
451 |
binmode STDOUT, ':encoding(utf-8)'; |
452 |
|
453 |
my $new_condition = $cgi->get_parameter ('condition'); |
454 |
if ($new_condition eq 'invitation') { |
455 |
$group_prop->{join_condition}->{invitation} = 1; |
456 |
$group_prop->{join_condition}->{approval} = 1; |
457 |
} elsif ($new_condition eq 'approval') { |
458 |
$group_prop->{join_condition}->{approval} = 1; |
459 |
delete $group_prop->{join_condition}->{invitation}; |
460 |
} else { |
461 |
delete $group_prop->{join_condition}->{invitation}; |
462 |
delete $group_prop->{join_condition}->{approval}; |
463 |
} |
464 |
|
465 |
set_group_prop ($group_id, $group_prop); |
466 |
commit (); |
467 |
|
468 |
print "Status: 204 join-condition property updated\n\n"; |
469 |
exit; |
470 |
} |
471 |
} |
472 |
} elsif ($path[2] =~ /\Auser\.([0-9a-z-]+)\z/ or |
473 |
$path[2] eq 'invite-user') { |
474 |
my $user_id = $1 // $cgi->get_parameter ('user-id') // ''; |
475 |
if ($user_id =~ /\A[0-9a-z-]+\z/ and |
476 |
$cgi->request_method eq 'POST') { |
477 |
forbidden () unless $ac->{write}; |
478 |
|
479 |
lock_start (); |
480 |
my $group_prop = get_group_prop ($group_id); |
481 |
my $user_prop = get_user_prop ($user_id); |
482 |
if ($group_prop and $user_prop) { |
483 |
binmode STDOUT, ':encoding(utf-8)'; |
484 |
|
485 |
my $gs = ($user_prop->{'group.' . $group_id} ||= {}); |
486 |
|
487 |
my $action = $cgi->get_parameter ('action'); |
488 |
$action = 'approve' if $path[2] eq 'invite-user'; |
489 |
my $status; |
490 |
if ($action eq 'approve') { |
491 |
if ($gs->{member}) { |
492 |
$status = 'He is a member'; |
493 |
# |
494 |
} elsif ($gs->{no_approval}) { |
495 |
$gs->{member} = 1; |
496 |
delete $gs->{no_approval}; |
497 |
$status = 'Registered'; |
498 |
# |
499 |
} elsif ($gs->{invited}) { |
500 |
$status = 'He has been invited'; |
501 |
# |
502 |
} else { |
503 |
$gs->{invited} = 1; |
504 |
$status = 'Invited'; |
505 |
# |
506 |
} |
507 |
} elsif ($action eq 'unapprove') { |
508 |
if ($gs->{member}) { |
509 |
delete $gs->{member}; |
510 |
delete $gs->{invited}; |
511 |
$status = 'Unregistered'; |
512 |
# |
513 |
} elsif ($gs->{invited}) { |
514 |
delete $gs->{invited}; |
515 |
$status = 'Invitation canceled'; |
516 |
# |
517 |
} else { |
518 |
$status = 'Not a member'; |
519 |
# |
520 |
} |
521 |
} else { |
522 |
print_error (400, 'Bad action parameter'); |
523 |
exit; |
524 |
} |
525 |
|
526 |
set_user_prop ($user_id, $user_prop); |
527 |
regenerate_htpasswd_and_htgroup (); |
528 |
commit (); |
529 |
|
530 |
print "Status: 204 $status\n\n"; |
531 |
exit; |
532 |
} |
533 |
} |
534 |
} |
535 |
} elsif (@path == 1 and $path[0] eq 'new-group') { |
536 |
check_access_right (allowed_groups => {'admin-groups' => 1}); |
537 |
|
538 |
if ($cgi->request_method eq 'POST') { |
539 |
lock_start (); |
540 |
binmode STDOUT, ':encoding(utf-8)'; |
541 |
|
542 |
my $group_id = $cgi->get_parameter ('group-id'); |
543 |
|
544 |
if ($group_id !~ /\A[0-9a-z-]{4,20}\z/) { |
545 |
print_error (400, qq[Group id "$group_id" is invalid; use characters [0-9a-z-]{4,20}]); |
546 |
exit; |
547 |
} |
548 |
|
549 |
if (get_group_prop ($group_id)) { |
550 |
print_error (400, qq[Group id "$group_id" is already used]); |
551 |
exit; |
552 |
} |
553 |
|
554 |
my $group_prop = {id => $group_id}; |
555 |
set_group_prop ($group_id, $group_prop); |
556 |
|
557 |
commit (); |
558 |
|
559 |
my $group_url = get_absolute_url ('groups/' . $group_id . '/'); |
560 |
|
561 |
print qq[Status: 201 Group registered |
562 |
Location: $group_url |
563 |
Content-Type: text/html; charset=utf-8 |
564 |
|
565 |
<!DOCTYPE HTML> |
566 |
<html lang=en> |
567 |
<title>Group "@{[htescape ($group_id)]}" registered</title> |
568 |
<link rel=stylesheet href="/www/style/html/xhtml"> |
569 |
<h1>Group "@{[htescape ($group_id)]}" registered</h1> |
570 |
<p>The new group is created successfully. |
571 |
<p>See <a href="@{[htescape ($group_url)]}">the group information page</a>.]; |
572 |
exit; |
573 |
} else { |
574 |
binmode STDOUT, ":encoding(utf-8)"; |
575 |
print qq[Content-Type: text/html; charset=utf-8 |
576 |
|
577 |
<!DOCTYPE HTML> |
578 |
<html lang=en> |
579 |
<title>Create a new group</title> |
580 |
<link rel=stylesheet href="/www/style/html/xhtml"> |
581 |
<h1>Create a new group</h1> |
582 |
|
583 |
<form action=new-group accept-charset=utf-8 method=post> |
584 |
|
585 |
<p><strong>Group id</strong>: <input type=text name=group-id |
586 |
maxlength=20 size=10 required pattern="[0-9a-z-]{4,20}" |
587 |
title="Use a string of characters 'a'..'z', '0'..'9', and '-' with length 4..10 (inclusive)"> |
588 |
|
589 |
<p><input type=submit value=Create> |
590 |
|
591 |
</form>]; |
592 |
exit; |
593 |
} |
594 |
} elsif (@path == 1 and $path[0] eq '') { |
595 |
my $user_id = $cgi->remote_user; |
596 |
forbidden () if not defined $user_id or $user_id !~ /\A[0-9a-z-]+\z/; |
597 |
|
598 |
my $user_url = get_absolute_url ('users/' . $user_id . '/'); |
599 |
|
600 |
print qq[Status: 303 See Other |
601 |
Location: $user_url |
602 |
Content-Type: text/html; charset=us-ascii |
603 |
|
604 |
See <a href="@{[htescape ($user_url)]}">your user page</a>.]; |
605 |
exit; |
606 |
} elsif (@path == 0) { |
607 |
my $root_url = get_absolute_url ('edit/'); |
608 |
|
609 |
print qq[Status: 301 Moved permanently |
610 |
Location: $root_url |
611 |
Content-Type: text/html; charset=us-ascii |
612 |
|
613 |
See <a href="@{[htescape ($root_url)]}">other page</a>.]; |
614 |
exit; |
615 |
} |
616 |
|
617 |
print_error (404, 'Not found'); |
618 |
exit; |
619 |
|
620 |
sub print_list_section (%) { |
621 |
my %opt = @_; |
622 |
$opt{level} ||= 3; |
623 |
|
624 |
print q[<section id="] . htescape ($opt{id}); |
625 |
print q["><h] . $opt{level} . q[>] . htescape ($opt{title}); |
626 |
print q[</h] . $opt{level} . q[><ul>]; |
627 |
for my $item (sort {$a cmp $b} @{$opt{items}}) { |
628 |
print q[<li>]; |
629 |
$opt{print_item}->($item); |
630 |
} |
631 |
print q[</ul></section>]; |
632 |
} # print_list_section |
633 |
|
634 |
sub check_access_right (%) { |
635 |
my %opt = @_; |
636 |
|
637 |
my $user_id = $cgi->remote_user; |
638 |
forbidden () if not defined $user_id or $user_id !~ /\A[0-9a-z-]+\z/; |
639 |
|
640 |
my $user_prop = get_user_prop ($user_id); |
641 |
forbidden () unless $user_prop; |
642 |
|
643 |
if ($opt{allowed_users}->{$user_id}) { |
644 |
return { |
645 |
write => 1, |
646 |
#read_group_member_list => 0, |
647 |
}; |
648 |
} |
649 |
|
650 |
my $ac = {}; |
651 |
my $return_ac; |
652 |
for my $group_id (keys %{$opt{allowed_groups} or {}}) { |
653 |
my $group_prop = get_group_prop ($group_id); |
654 |
next unless $group_prop; |
655 |
|
656 |
my $gs = $user_prop->{'group.' . $group_id}; |
657 |
if ($gs->{member}) { |
658 |
return {write => 1, read_group_member_list => 1}; |
659 |
} |
660 |
} |
661 |
|
662 |
if (defined $opt{group_context}) { |
663 |
my $group_prop = get_group_prop ($opt{group_context}); |
664 |
if ($group_prop) { |
665 |
my $gs = $user_prop->{'group.' . $opt{group_context}}; |
666 |
if ($gs->{member}) { |
667 |
$return_ac = 1; |
668 |
} elsif ($gs->{invited}) { |
669 |
$return_ac = 1; |
670 |
} elsif ($group_prop->{join_condition}->{acception}) { |
671 |
$return_ac = 1; |
672 |
} elsif (not $group_prop->{join_condition}->{invitation}) { |
673 |
$return_ac = 1; |
674 |
} |
675 |
} |
676 |
} |
677 |
|
678 |
return $ac if $return_ac; |
679 |
|
680 |
forbidden (); |
681 |
} # check_access_right |
682 |
|
683 |
sub forbidden () { |
684 |
my $user = $cgi->remote_user; |
685 |
if (defined $user) { |
686 |
print_error (403, q[Forbidden (you've logged in as ] . $user . ')'); |
687 |
} else { |
688 |
print_error (403, 'Forbidden'); |
689 |
} |
690 |
exit; |
691 |
} # forbidden |
692 |
|
693 |
sub percent_decode ($) { |
694 |
return $dom->create_uri_reference ($_[0]) |
695 |
->get_iri_reference |
696 |
->uri_reference; |
697 |
} # percent_decode |
698 |
|
699 |
sub get_absolute_url ($) { |
700 |
return $dom->create_uri_reference ($_[0]) |
701 |
->get_absolute_reference ($cgi->request_uri) |
702 |
->get_iri_reference |
703 |
->uri_reference; |
704 |
} # get_absolute_url |