/modules/mod_acl_adminonly/mod_acl_adminonly.erl
Erlang | 97 lines | 61 code | 12 blank | 24 comment | 2 complexity | e7873ae0f91073bfb151bf50950ef305 MD5 | raw file
1%% @author Marc Worrell <marc@worrell.nl> 2%% @copyright 2010 Marc Worrell 3%% Date: 2010-05-03 4%% @doc Simple ACL module. Any user gets full admin privileges. Useful for a simple site or blog. 5 6%% Copyright 2010 Marc Worrell 7%% 8%% Licensed under the Apache License, Version 2.0 (the "License"); 9%% you may not use this file except in compliance with the License. 10%% You may obtain a copy of the License at 11%% 12%% http://www.apache.org/licenses/LICENSE-2.0 13%% 14%% Unless required by applicable law or agreed to in writing, software 15%% distributed under the License is distributed on an "AS IS" BASIS, 16%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17%% See the License for the specific language governing permissions and 18%% limitations under the License. 19 20-module(mod_acl_adminonly). 21-author("Marc Worrell <marc@worrell.nl>"). 22 23-mod_title("ACL Admins Only"). 24-mod_description("Simple access control module, all users are site administrators. Use this for a simple site."). 25-mod_prio(500). 26 27%% interface functions 28-export([ 29 observe_acl_is_allowed/2, 30 observe_acl_can_see/2, 31 observe_acl_logon/2, 32 observe_acl_logoff/2, 33 observe_acl_rsc_update_check/3 34]). 35 36-include("zotonic.hrl"). 37 38%% @doc Check if the user is allowed to perform Action on Object 39observe_acl_is_allowed({acl_is_allowed, view, Id}, #context{user_id=undefined} = Context) when is_integer(Id) -> 40 Acl = m_rsc:get_acl_props(Id, Context), 41 case Acl#acl_props.is_published of 42 false -> 43 false; 44 true -> 45 case Acl#acl_props.visible_for == 0 of 46 false -> 47 false; 48 true -> 49 Date = calendar:local_time(), 50 Acl#acl_props.publication_start =< Date andalso Acl#acl_props.publication_end >= Date 51 end 52 end; 53observe_acl_is_allowed({acl_is_allowed, _Action, _Object}, #context{user_id=undefined}) -> 54 false; 55observe_acl_is_allowed({acl_is_allowed, update, Id}, Context) when is_integer(Id) -> 56 case m_rsc:p(Id, is_authoritative, Context) of 57 true -> true; 58 _ -> undefined 59 end; 60observe_acl_is_allowed({acl_is_allowed, _Action, _Object}, _Context) -> 61 true. 62 63%% @doc Return the max visible_for an user can see, used for pruning during searches 64observe_acl_can_see({acl_can_see, _Action, _Object}, #context{user_id=undefined}) -> 65 ?ACL_VIS_PUBLIC; 66observe_acl_can_see({acl_can_see}, _Context) -> 67 ?ACL_VIS_USER. 68 69%% @doc Let the user log on, this is the moment to start caching information. 70observe_acl_logon({acl_logon, UserId}, Context) -> 71 Context#context{acl=?MODULE, user_id=UserId}. 72 73%% @doc Let the user log off, clean up any cached information. 74observe_acl_logoff({acl_logoff}, Context) -> 75 Context#context{acl=undefined, user_id=undefined}. 76 77%% @doc Filter the properties before an update. Return filtered/updated resource proplist or 78%% the tuple {error, Reason} 79observe_acl_rsc_update_check({acl_rsc_update_check, _Id}, {error, Reason}, _Context) -> 80 {error, Reason}; 81observe_acl_rsc_update_check({acl_rsc_update_check, insert_rsc}, Props, _Context) -> 82 PropsPubl = case proplists:get_value(is_published, Props) of 83 undefined -> z_utils:prop_replace(is_published, false, Props); 84 _ -> Props 85 end, 86 PropsVis = case proplists:get_value(visible_for, PropsPubl) of 87 undefined -> z_utils:prop_replace(visible_for, ?ACL_VIS_PUBLIC, PropsPubl); 88 _ -> PropsPubl 89 end, 90 case proplists:get_value(is_authoritative, PropsVis) of 91 undefined -> z_utils:prop_replace(is_authoritative, true, PropsVis); 92 _ -> PropsVis 93 end; 94observe_acl_rsc_update_check({acl_rsc_update_check, _id}, Props, _Context) -> 95 Props. 96 97