#!/usr/bin/env ruby
# coding: utf-8
############################################################################
# Copyright 2009,2010 Benjamin Kellermann #
# #
# This file is part of dudle. #
# #
# Dudle is free software: you can redistribute it and/or modify it under #
# the terms of the GNU Affero General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# Dudle is distributed in the hope that it will be useful, but WITHOUT ANY #
# WARRANTY; without even the implied warranty of MERCHANTABILITY or #
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public #
# License for more details. #
# #
# You should have received a copy of the GNU Affero General Public License #
# along with dudle. If not, see . #
############################################################################
if __FILE__ == $0
load "../dudle.rb"
require "digest"
$d = Dudle.new
acusers = {}
File.open(".htdigest","r").each_line{|l|
user,realm = l.scan(/^(.*):(.*):.*$/).flatten
acusers[user] = realm
}
def write_htaccess(acusers)
File.open(".htaccess","w"){|htaccess|
if acusers.include?("admin")
htaccess << <
AuthType digest
AuthName "dudle-#{$d.urlsuffix.gsub('"', '\\\\"')}"
AuthUserFile "#{File.expand_path(".").gsub('"','\\\\"')}/.htdigest"
Require user admin
ErrorDocument 401 #{$cgi.script_name.gsub(/[^\/]*\/[^\/]*$/,"")}authorization_required.cgi?user=admin&poll=#{CGI.escape($d.urlsuffix)}
HTACCESS
end
if acusers.include?("participant")
htaccess << <
#{usernamestr}
#{userarray[0]}
FORM
passwdstr = _("Password")
repeatstr = _("repeat")
2.times{|i|
ret += <
PASS
if acusers.include?(userarray[0])
ret += PASSWORDSTAR*14
else
ret += ""
end
ret += "
"
}
ret += <
FORM
ret
end
if $cgi.include?("ac_user")
user = $cgi["ac_user"]
if !(user =~ /^[\w]*$/)
# add user
usercreatenotice = "
" + _("Only letters and digits are allowed in the username.") + "
"
else
if $cgi.include?("ac_create")
add_to_htdigest(user,$cgi["ac_password0"])
acusers[user] = true
write_htaccess(acusers)
end
# delete user
deleteuser = ""
acusers.each{|user,action|
if $cgi.include?("ac_delete_#{user}")
deleteuser = user
end
}
acusers.delete(deleteuser)
htdigest = []
File.open(".htdigest","r"){|file|
htdigest = file.readlines
}
File.open(".htdigest","w"){|f|
htdigest.each{|line|
f << line unless line =~ /^#{deleteuser}:/
}
}
write_htaccess(acusers)
end
end
$d.wizzard_redirect
if $d.html.header["status"] != "REDIRECT"
$d.html << "
" + _("Change Access Control Settings") + "
"
if acusers.empty? && $cgi["ac_activate"] != "Activate"
acstatus = ["red",_("not activated")]
acswitchbutton = ""
acswitchbutton += ""
else
if acusers.empty?
acstatus = ["blue",_("will be activated when at least an admin user is configured")]
acswitchbutton = ""
acswitchbutton += ""
else
acstatus = ["green", _("activated")]
acswitchbutton = "
" + _("You have to remove all users before you can deactivate the access control settings.") + "
"
end
admincreatenotice = usercreatenotice || _("You will be asked for the password you entered here after pressing save!")
user = ["admin",
_("The user ‘admin’ has access to the vote as well as the configuration interface.")]
createform = createform(user,admincreatenotice,acusers)
if acusers.include?("admin")
participantcreatenotice = usercreatenotice || ""
user = ["participant",
_("The user ‘participant’ has only access to the vote interface.")]
createform += createform(user,participantcreatenotice,acusers)
end
end
acstr = _("Access control:")
$d.html << <