permissions.naml
<macro name="current_permission_version">
standard-7
</macro>
<macro name="update_default_permissions">
<n.set_default_permissions. version="[n.current_permission_version/]" >
<n.add_permission permission="[n.view_permission/]" group="[n.anyone_group/]" />
<n.add_permission permission="[n.edit_app_permission/]" group="[n.administrators_group/]" />
<n.add_permission permission="[n.reply_permission/]" group="[n.anyone_group/]" />
<n.add_permission permission="[n.create_topic_permission/]" group="[n.anyone_group/]" />
<n.add_permission permission="[n.move_permission/]" group="[n.authors_group/]" />
<n.add_permission permission="[n.move_permission/]" group="[n.administrators_group/]" />
<n.add_permission permission="[n.create_sub_apps_permission/]" group="[n.administrators_group/]" />
<n.add_permission permission="[n.change_post_date_permission/]" group="[n.administrators_group/]" />
<n.add_permission permission="[n.manage_subscribers_permission/]" group="[n.administrators_group/]" />
<n.add_site_permission permission="[n.manage_banned_users_permission/]" group="[n.administrators_group/]" />
<n.add_permission permission="[n.manage_pinned_topics_permission/]" group="[n.administrators_group/]" />
<n.add_permission permission="[n.manage_locked_topics_permission/]" group="[n.administrators_group/]" />
<n.add_permission permission="[n.show_group_members_permission/]" group="[n.anyone_group/]" />
<n.add_permission permission="[n.show_group_members_permission/]" group="[n.administrators_group/]" />
<n.add_permission permission="[n.show_group_members_permission/]" group="[n.members_group/]" />
</n.set_default_permissions.>
</macro>
<macro name="banned_group">
Banned
</macro>
<macro name="members_group">
Members
</macro>
<macro name="edit_app_permission">
Edit_app
</macro>
<macro name="edit_all_permission">
Edit_all
</macro>
<macro name="reply_permission">
Reply
</macro>
<macro name="create_topic_permission">
Create_topic
</macro>
<macro name="move_permission">
Move
</macro>
<macro name="manage_subscribers_permission">
Manage_Subscribers
</macro>
<macro name="create_sub_apps_permission">
Create_sub_apps
</macro>
<macro name="change_post_date_permission">
Change_post_date
</macro>
<macro name="show_group_members_permission">
Show_group_members
</macro>
<macro name="manage_banned_users_permission">
Manage_banned_users
</macro>
<macro name="manage_pinned_topics_permission">
Manage_pinned_topics
</macro>
<macro name="manage_locked_topics_permission">
Manage_locked_topics
</macro>
<macro name="unrestricted_posting_permission">
Unrestricted_posting
</macro>
<macro name="is_site_owner" requires="user">
<n.owns.root_node />
</macro>
<macro name="is_site_admin" requires="user">
<n.either>
<condition1.either>
<condition1.is_site_owner />
<condition2.is_sysadmin />
</condition1.either>
<condition2.is_in_group group="[n.administrators_group/]" />
</n.either>
</macro>
<macro name="can_delete" requires="user" dot_parameter="node_attr">
<n.both condition1="[n.not.is_banned/]" condition2="[n.owns.node_attr/]"/>
</macro>
<macro name="can_delete_recursively" requires="user" dot_parameter="node">
<n.is_site_admin/>
</macro>
<macro name="can_edit" requires="user" dot_parameter="node_attr">
<n.set_local_user.this_user />
<n.set_local_node.node_attr />
<n.block.>
<n.both>
<condition1.not.local_user.is_banned/>
<condition2.either>
<condition1.local_user.owns.local_node />
<condition2.either>
<condition1.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.edit_all_permission/]" />
<condition2.both>
<condition1.local_node.is_app/>
<condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.edit_app_permission/]" />
</condition2.both>
</condition2.either>
</condition2.either>
</n.both>
</n.block.>
</macro>
<macro name="app_or_root" requires="node" dot_parameter="do">
<n.if.is_in_app>
<then.get_app_node.do/>
<else.root_node.do/>
</n.if.is_in_app>
</macro>
<macro name="topic_or_app" requires="node" dot_parameter="do">
<n.set_local_node.this_node/>
<n.block.>
<n.if.local_node.is_post>
<then.local_node.topic_node.do/>
<else.local_node.do/>
</n.if.local_node.is_post>
</n.block.>
</macro>
<macro name="can_change_post_date_of" requires="user" dot_parameter="node_attr">
<n.set_local_user.this_user />
<n.set_local_node.node_attr/>
<n.block.>
<n.both>
<condition1.not.local_user.is_banned/>
<condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.change_post_date_permission/]" />
</n.both>
</n.block.>
</macro>
<macro name="can_move" requires="user" dot_parameter="node_attr">
<n.set_local_user.this_user />
<n.set_local_node.node_attr/>
<n.block.>
<n.both>
<condition1.not.local_user.is_banned/>
<condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.move_permission/]" />
</n.both>
</n.block.>
</macro>
<macro name="can_manage_subscribers_of" requires="user" dot_parameter="node_attr">
<n.set_local_user.this_user />
<n.set_local_node.node_attr/>
<n.block.>
<n.both>
<condition1.not.local_user.is_banned/>
<condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.manage_subscribers_permission/]" />
</n.both>
</n.block.>
</macro>
<macro name="can_create_topic_in" requires="user" dot_parameter="node_attr">
<n.set_local_user.this_user />
<n.set_local_node.node_attr/>
<n.block.>
<n.both>
<condition1.not.local_user.is_banned/>
<condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node/]" permission="[n.create_topic_permission/]" />
</n.both>
</n.block.>
</macro>
<macro name="can_reply_to" requires="user" dot_parameter="node_attr">
<n.set_local_user.this_user />
<n.set_local_node.node_attr/>
<n.block.>
<n.both>
<condition1.not.local_user.is_banned/>
<condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.topic_or_app/]" permission="[n.reply_permission/]" />
</n.both>
</n.block.>
</macro>
<macro name="can_post_under" requires="user" dot_parameter="node_attr">
<n.set_local_user.this_user />
<n.set_local_node.node_attr/>
<n.block.>
<n.if.local_node.is_app>
<then.local_user.can_create_topic_in.local_node/>
<else.local_user.can_reply_to.local_node/>
</n.if.local_node.is_app>
</n.block.>
</macro>
<macro name="check_posting_under" requires="user" dot_parameter="node_attr">
<n.set_local_user.this_user />
<n.set_local_node.node_attr/>
<n.block.>
<n.if.local_user.is_banned>
<then.throw_template_exception name="banned"/>
</n.if.local_user.is_banned>
<n.if.local_node.is_app>
<then.if.not.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node/]" permission="[n.create_topic_permission/]" >
<then.if.local_user.is_anonymous>
<then.throw_template_exception name="no_anonymous"/>
<else.throw_template_exception name="no_create_topic_permission"/>
</then.if.local_user.is_anonymous>
</then.if.not.local_user.has_permission>
<else.if.not.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.topic_or_app/]" permission="[n.reply_permission/]" >
<then.if.local_user.is_anonymous>
<then.throw_template_exception name="no_anonymous"/>
<else.throw_template_exception name="no_reply_permission"/>
</then.if.local_user.is_anonymous>
</else.if.not.local_user.has_permission>
</n.if.local_node.is_app>
</n.block.>
</macro>
<macro name="any_registered_user_can_create_topics" requires="node">
<n.groups_have_permission groups="[n.anyone_group/]" permission="[n.create_topic_permission/]" />
</macro>
<macro name="only_members_can_create_topics" requires="node">
<n.not.any_registered_user_can_create_topics/>
</macro>
<macro name="can_view" requires="user" dot_parameter="node_attr">
<n.set_local_user.this_user />
<n.set_local_node.node_attr/>
<n.block.>
<n.either>
<condition1.local_user.owns.local_node/>
<condition2.either>
<condition1.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.view_permission/]" />
<condition2.local_user.is_site_admin />
</condition2.either>
</n.either>
</n.block.>
</macro>
<macro name="can_manage_users_and_groups" requires="user">
<n.is_site_admin/>
</macro>
<macro name="can_manage_banned_users" requires="user">
<n.has_site_permission permission="[n.manage_banned_users_permission/]" />
</macro>
<macro name="can_change_permissions_of" requires="user" dot_parameter="node_attr">
<n.is_site_admin/>
</macro>
<macro name="can_create_sub_apps_under" requires="user" dot_parameter="node_attr">
<n.set_local_user.this_user />
<n.set_local_node.node_attr/>
<n.block.>
<n.both>
<condition1.not.local_user.is_banned/>
<condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node/]" permission="[n.create_sub_apps_permission/]" />
</n.both>
</n.block.>
</macro>
<macro name="can_manage_pinned_topics_in" requires="user" dot_parameter="node_attr">
<n.set_local_user.this_user />
<n.set_local_node.node_attr/>
<n.block.>
<n.both>
<condition1.not.local_user.is_banned/>
<condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.manage_pinned_topics_permission/]" />
</n.both>
</n.block.>
</macro>
<macro name="can_manage_locked_topics_in" requires="user" dot_parameter="node_attr">
<n.set_local_user.this_user />
<n.set_local_node.node_attr/>
<n.block.>
<n.both>
<condition1.not.local_user.is_banned/>
<condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.manage_locked_topics_permission/]" />
</n.both>
</n.block.>
</macro>
<macro name="has_unrestricted_posting" requires="node">
<n.set_local_node.this_node/>
<n.local_node.owner.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.unrestricted_posting_permission/]" />
</macro>
<macro name="allows_showing_members_of" requires="node" dot_parameter="group">
<n.has_permission permission="[n.show_group_members_permission/]" group="[n.group/]" />
</macro>
<macro name="has_people_page" requires="node">
<n.has_groups_with_permission.show_group_members_permission/>
</macro>
<macro name="can_be_displayed_in" requires="user" dot_parameter="node_attr">
<n.set_local_user.this_user />
<n.set_local_node.node_attr/>
<n.block.>
<n.both>
<condition1.not.local_user.is_banned/>
<condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.show_group_members_permission/]" />
</n.both>
</n.block.>
</macro>
<macro name="is_semiprivate">
<n.false />
</macro>
<macro name="get read authorization key" requires="http_request">
<n.if.not.has_parameter name="node">
<then.exit/>
</n.if.not.has_parameter>
<n.get_node_from_parameter.>
<n.if.equal value1="[n.get_parameter name='macro'/]" value2="unauthorized">
<then.exit/>
</n.if.equal>
<n.if.is_private>
<then.get_private_node.id />
<else.if.is_semiprivate>
<then.id />
</else.if.is_semiprivate>
</n.if.is_private>
</n.get_node_from_parameter.>
</macro>
<macro name="authorization_node" dot_parameter="do" requires="read_authorization">
<n.get_node_from_id node_id="[n.authorization_key/]" do="[n.do/]" />
</macro>
<macro name="authorize for read" requires="read_authorization,servlet">
<n.if.visitor.is_anonymous>
<then>
<n.redirect_to.>
<n.login_path>
<message>
<t>You must login to view <t.subject.authorization_node.subject/>.</t>
</message>
<nextUrl>
<n.current_path/>
</nextUrl>
</n.login_path>
</n.redirect_to.>
<n.false />
<n.exit />
</then>
</n.if.visitor.is_anonymous>
<n.if>
<condition.either>
<condition1.visitor.can_view.authorization_node />
<condition2.visitor.owns.get_node_from_parameter />
</condition.either>
<then.true />
<else>
<n.redirect_to.authorization_node.unauthorized_path />
<n.false />
</else>
</n.if>
</macro>