/modules/mod_acl_adminonly/mod_acl_adminonly.erl
https://code.google.com/p/zotonic/ · Erlang · 97 lines · 61 code · 12 blank · 24 comment · 2 complexity · e7873ae0f91073bfb151bf50950ef305 MD5 · raw file
- %% @author Marc Worrell <marc@worrell.nl>
- %% @copyright 2010 Marc Worrell
- %% Date: 2010-05-03
- %% @doc Simple ACL module. Any user gets full admin privileges. Useful for a simple site or blog.
- %% Copyright 2010 Marc Worrell
- %%
- %% Licensed under the Apache License, Version 2.0 (the "License");
- %% you may not use this file except in compliance with the License.
- %% You may obtain a copy of the License at
- %%
- %% http://www.apache.org/licenses/LICENSE-2.0
- %%
- %% Unless required by applicable law or agreed to in writing, software
- %% distributed under the License is distributed on an "AS IS" BASIS,
- %% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- %% See the License for the specific language governing permissions and
- %% limitations under the License.
- -module(mod_acl_adminonly).
- -author("Marc Worrell <marc@worrell.nl>").
- -mod_title("ACL Admins Only").
- -mod_description("Simple access control module, all users are site administrators. Use this for a simple site.").
- -mod_prio(500).
- %% interface functions
- -export([
- observe_acl_is_allowed/2,
- observe_acl_can_see/2,
- observe_acl_logon/2,
- observe_acl_logoff/2,
- observe_acl_rsc_update_check/3
- ]).
- -include("zotonic.hrl").
- %% @doc Check if the user is allowed to perform Action on Object
- observe_acl_is_allowed({acl_is_allowed, view, Id}, #context{user_id=undefined} = Context) when is_integer(Id) ->
- Acl = m_rsc:get_acl_props(Id, Context),
- case Acl#acl_props.is_published of
- false ->
- false;
- true ->
- case Acl#acl_props.visible_for == 0 of
- false ->
- false;
- true ->
- Date = calendar:local_time(),
- Acl#acl_props.publication_start =< Date andalso Acl#acl_props.publication_end >= Date
- end
- end;
- observe_acl_is_allowed({acl_is_allowed, _Action, _Object}, #context{user_id=undefined}) ->
- false;
- observe_acl_is_allowed({acl_is_allowed, update, Id}, Context) when is_integer(Id) ->
- case m_rsc:p(Id, is_authoritative, Context) of
- true -> true;
- _ -> undefined
- end;
- observe_acl_is_allowed({acl_is_allowed, _Action, _Object}, _Context) ->
- true.
- %% @doc Return the max visible_for an user can see, used for pruning during searches
- observe_acl_can_see({acl_can_see, _Action, _Object}, #context{user_id=undefined}) ->
- ?ACL_VIS_PUBLIC;
- observe_acl_can_see({acl_can_see}, _Context) ->
- ?ACL_VIS_USER.
-
- %% @doc Let the user log on, this is the moment to start caching information.
- observe_acl_logon({acl_logon, UserId}, Context) ->
- Context#context{acl=?MODULE, user_id=UserId}.
- %% @doc Let the user log off, clean up any cached information.
- observe_acl_logoff({acl_logoff}, Context) ->
- Context#context{acl=undefined, user_id=undefined}.
- %% @doc Filter the properties before an update. Return filtered/updated resource proplist or
- %% the tuple {error, Reason}
- observe_acl_rsc_update_check({acl_rsc_update_check, _Id}, {error, Reason}, _Context) ->
- {error, Reason};
- observe_acl_rsc_update_check({acl_rsc_update_check, insert_rsc}, Props, _Context) ->
- PropsPubl = case proplists:get_value(is_published, Props) of
- undefined -> z_utils:prop_replace(is_published, false, Props);
- _ -> Props
- end,
- PropsVis = case proplists:get_value(visible_for, PropsPubl) of
- undefined -> z_utils:prop_replace(visible_for, ?ACL_VIS_PUBLIC, PropsPubl);
- _ -> PropsPubl
- end,
- case proplists:get_value(is_authoritative, PropsVis) of
- undefined -> z_utils:prop_replace(is_authoritative, true, PropsVis);
- _ -> PropsVis
- end;
- observe_acl_rsc_update_check({acl_rsc_update_check, _id}, Props, _Context) ->
- Props.