#!/usr/bin/env ruby
############################################################################
# Copyright 2009 Benjamin Kellermann #
# #
# This file is part of dudle. #
# #
# Dudle is free software: you can redistribute it and/or modify it under #
# the terms of the GNU Affero General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# Dudle is distributed in the hope that it will be useful, but WITHOUT ANY #
# WARRANTY; without even the implied warranty of MERCHANTABILITY or #
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public #
# License for more details. #
# #
# You should have received a copy of the GNU Affero General Public License #
# along with dudle. If not, see . #
############################################################################
require "cgi"
if __FILE__ == $0
$cgi = CGI.new
olddir = File.expand_path(".")
Dir.chdir("..")
load "html.rb"
load "config.rb"
Dir.chdir(olddir)
POLL = File.basename(File.expand_path("."))
$html = HTML.new("dudle - #{POLL} - Access Control Settings")
$html.header["Cache-Control"] = "no-cache"
acusers = {}
File.open(".htdigest","r").each_line{|l|
user,realm = l.scan(/^(.*):(.*):.*$/).flatten
acusers[user] = realm
}
def write_htaccess(acusers)
File.open(".htaccess","w"){|htaccess|
if acusers.values.include?("config")
htaccess << <
AuthType digest
AuthName "config"
AuthUserFile "#{File.expand_path(".").gsub('"','\\\\"')}/.htdigest"
Require valid-user
HTACCESS
end
if acusers.values.include?("vote")
htaccess << <
Username:
#{userarray[0]}
FORM
2.times{|i|
ret += <
PASS
if newuser
ret += ""
else
ret += PASSWORDSTAR*14
end
ret += "
"
}
ret += <
FORM
ret
end
if $cgi.include?("ac_user")
user = $cgi["ac_user"]
type = $cgi["ac_type"]
if !(user =~ /^[\w]*$/)
# add user
usercreatenotice = "
Only uppercase, lowercase, digits are allowed in the username.
"
else
if $cgi.include?("ac_create")
case type
when "config"
add_to_htdigest(user, type, $cgi["ac_password0"])
add_to_htdigest(user, "vote", $cgi["ac_password0"])
acusers[user] = type
write_htaccess(acusers)
when "vote"
add_to_htdigest(user, type, $cgi["ac_password0"])
acusers[user] = type
write_htaccess(acusers)
end
end
# delete user
deleteuser = ""
acusers.each{|user,action|
if $cgi.include?("ac_delete_#{user}")
deleteuser = user
end
}
acusers.delete(deleteuser)
htdigest = []
File.open(".htdigest","r"){|file|
htdigest = file.readlines
}
File.open(".htdigest","w"){|f|
htdigest.each{|line|
f << line unless line =~ /^#{deleteuser}:/
}
}
write_htaccess(acusers)
end
end
unless $html.header["status"] == "REDIRECT"
load "../charset.rb"
$html.add_css("../dudle.css")
$html << ""
$html << Dudle::tabs("Access Control")
$html << <
#{POLL}
Change Access Control Settings
HEAD
if acusers.empty? && $cgi["ac_activate"] != "Activate"
acstatus = ["red","not activated"]
acswitchbutton = ""
else
if acusers.empty?
acstatus = ["blue","will be activated when at least an admin user is configured"]
else
acstatus = ["green", "activated"]
end
acswitchbutton = ""
admincreatenotice = usercreatenotice || "You will be asked for the password you entered here after pressing save!"
user = ["admin","config",
"The user ‘admin’ has access to the vote as well as the configuration interface."]
adminexists = acusers.include?(user[0])
createform = createform(user,usercreatenotice,acusers,!adminexists)
if adminexists
participantcreatenotice = usercreatenotice || ""
user = ["participant","vote",
"The user ‘participant’ has only access to the vote interface."]
participantexists = acusers.include?(user[0])
createform += createform(user,participantcreatenotice,acusers,!participantexists)
end
end
$html << <
Access control:
#{acstatus[1]}
#{acswitchbutton}
#{createform}
AC
$html << ""
end
$html.out($cgi)
end