permissions.naml

<macro name="current_permission_version">
	standard-6
</macro>

<macro name="update_default_permissions">
	<n.set_default_permissions. version="[n.current_permission_version/]" >
		<n.add_permission permission="[n.view_permission/]" group="[n.anyone_group/]" />
		<n.add_permission permission="[n.edit_app_permission/]" group="[n.administrators_group/]" />
		<n.add_permission permission="[n.reply_permission/]" group="[n.anyone_group/]" />
		<n.add_permission permission="[n.create_topic_permission/]" group="[n.anyone_group/]" />
		<n.add_permission permission="[n.move_permission/]" group="[n.authors_group/]" />
		<n.add_permission permission="[n.move_permission/]" group="[n.administrators_group/]" />
		<n.add_permission permission="[n.create_sub_apps_permission/]" group="[n.administrators_group/]" />
		<n.add_permission permission="[n.change_post_date_permission/]" group="[n.administrators_group/]" />
		<n.add_permission permission="[n.manage_subscribers_permission/]" group="[n.administrators_group/]" />
		<n.add_site_permission permission="[n.manage_banned_users_permission/]" group="[n.administrators_group/]" />
		<n.add_permission permission="[n.manage_pinned_topics_permission/]" group="[n.administrators_group/]" />
		<n.add_permission permission="[n.manage_locked_topics_permission/]" group="[n.administrators_group/]" />
		<n.add_permission permission="[n.show_group_members_permission/]" group="[n.registered_group/]" />
		<n.add_permission permission="[n.show_group_members_permission/]" group="[n.administrators_group/]" />
		<n.add_permission permission="[n.show_group_members_permission/]" group="[n.members_group/]" />
	</n.set_default_permissions.>
</macro>

<macro name="banned_group">
	Banned
</macro>

<macro name="members_group">
	Members
</macro>

<macro name="registered_user_groups">
	<n.anyone_group/>,<n.registered_group/>
</macro>

<macro name="edit_app_permission">
	Edit_app
</macro>

<macro name="edit_all_permission">
	Edit_all
</macro>

<macro name="reply_permission">
	Reply
</macro>

<macro name="create_topic_permission">
	Create_topic
</macro>

<macro name="move_permission">
	Move
</macro>

<macro name="manage_subscribers_permission">
	Manage_Subscribers
</macro>

<macro name="create_sub_apps_permission">
	Create_sub_apps
</macro>

<macro name="change_post_date_permission">
	Change_post_date
</macro>

<macro name="show_group_members_permission">
	Show_group_members
</macro>

<macro name="manage_banned_users_permission">
	Manage_banned_users
</macro>

<macro name="manage_pinned_topics_permission">
	Manage_pinned_topics
</macro>

<macro name="manage_locked_topics_permission">
	Manage_locked_topics
</macro>

<macro name="unrestricted_posting_permission">
	Unrestricted_posting
</macro>

<macro name="is_site_owner" requires="user">
	<n.owns.root_node />
</macro>

<macro name="is_site_admin" requires="user">
	<n.either>
		<condition1.either>
			<condition1.is_site_owner />
			<condition2.is_sysadmin />
		</condition1.either>
		<condition2.is_in_group group="[n.administrators_group/]" />
	</n.either>
</macro>


<macro name="can_delete" requires="user" dot_parameter="node_attr">
	<n.both condition1="[n.not.is_banned/]" condition2="[n.owns.node_attr/]"/>
</macro>

<macro name="can_delete_recursively" requires="user" dot_parameter="node">
	<n.is_site_admin/>
</macro>

<macro name="can_edit" requires="user" dot_parameter="node_attr">
	<n.set_local_user.this_user />
	<n.set_local_node.node_attr />
	<n.block.>
		<n.both>
			<condition1.not.local_user.is_banned/>
			<condition2.either>
				<condition1.local_user.owns.local_node />
				<condition2.either>
					<condition1.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.edit_all_permission/]" />
					<condition2.both>
						<condition1.local_node.is_app/>
						<condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.edit_app_permission/]" />
					</condition2.both>
				</condition2.either>
			</condition2.either>
		</n.both>
	</n.block.>
</macro>

<macro name="app_or_root" requires="node" dot_parameter="do">
	<n.if.is_in_app>
		<then.get_app_node.do/>
		<else.root_node.do/>
	</n.if.is_in_app>
</macro>

<macro name="topic_or_app" requires="node" dot_parameter="do">
	<n.set_local_node.this_node/>
	<n.block.>
		<n.if.local_node.is_post>
			<then.local_node.topic_node.do/>
			<else.local_node.do/>
		</n.if.local_node.is_post>
	</n.block.>
</macro>

<macro name="can_change_post_date_of" requires="user" dot_parameter="node_attr">
	<n.set_local_user.this_user />
	<n.set_local_node.node_attr/>
	<n.block.>
		<n.both>
			<condition1.not.local_user.is_banned/>
			<condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.change_post_date_permission/]" />
		</n.both>
	</n.block.>
</macro>

<macro name="can_move" requires="user" dot_parameter="node_attr">
	<n.set_local_user.this_user />
	<n.set_local_node.node_attr/>
	<n.block.>
		<n.both>
			<condition1.not.local_user.is_banned/>
			<condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.move_permission/]" />
		</n.both>
	</n.block.>
</macro>

<macro name="can_manage_subscribers_of" requires="user" dot_parameter="node_attr">
	<n.set_local_user.this_user />
	<n.set_local_node.node_attr/>
	<n.block.>
		<n.both>
			<condition1.not.local_user.is_banned/>
			<condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.manage_subscribers_permission/]" />
		</n.both>
	</n.block.>
</macro>

<macro name="can_create_topic_in" requires="user" dot_parameter="node_attr">
	<n.set_local_user.this_user />
	<n.set_local_node.node_attr/>
	<n.block.>
		<n.both>
			<condition1.not.local_user.is_banned/>
			<condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node/]" permission="[n.create_topic_permission/]" />
		</n.both>
	</n.block.>
</macro>

<macro name="can_reply_to" requires="user" dot_parameter="node_attr">
	<n.set_local_user.this_user />
	<n.set_local_node.node_attr/>
	<n.block.>
		<n.both>
			<condition1.not.local_user.is_banned/>
			<condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.topic_or_app/]" permission="[n.reply_permission/]" />
		</n.both>
	</n.block.>
</macro>

<macro name="can_post_under" requires="user" dot_parameter="node_attr">
	<n.set_local_user.this_user />
	<n.set_local_node.node_attr/>
	<n.block.>
		<n.if.local_node.is_app>
			<then.local_user.can_create_topic_in.local_node/>
			<else.local_user.can_reply_to.local_node/>
		</n.if.local_node.is_app>
	</n.block.>
</macro>

<macro name="check_posting_under" requires="user" dot_parameter="node_attr">
	<n.set_local_user.this_user />
	<n.set_local_node.node_attr/>
	<n.block.>
		<n.if.local_user.is_banned>
			<then.throw_template_exception name="banned"/>
		</n.if.local_user.is_banned>
		<n.if.both condition1="[n.local_node.is_associated_with_mailing_list_archive/]" condition2="[n.not.local_user.is_authenticated/]">
			<then.throw_template_exception name="no_anonymous"/>
		</n.if.both>
		<n.if.local_node.is_app>
			<then.if.not.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node/]" permission="[n.create_topic_permission/]" >
				<then.if.local_user.is_anonymous>
					<then.throw_template_exception name="no_anonymous"/>
					<else.throw_template_exception name="no_create_topic_permission"/>
				</then.if.local_user.is_anonymous>
			</then.if.not.local_user.has_permission>
			<else.if.not.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.topic_or_app/]" permission="[n.reply_permission/]" >
				<then.if.local_user.is_anonymous>
					<then.throw_template_exception name="no_anonymous"/>
					<else.throw_template_exception name="no_reply_permission"/>
				</then.if.local_user.is_anonymous>
			</else.if.not.local_user.has_permission>
		</n.if.local_node.is_app>
	</n.block.>
</macro>

<macro name="any_registered_user_can_create_topics" requires="node">
	<n.groups_have_permission groups="[n.registered_user_groups/]" permission="[n.create_topic_permission/]" />
</macro>

<macro name="only_members_can_create_topics" requires="node">
	<n.not.any_registered_user_can_create_topics/>
</macro>

<macro name="can_view" requires="user" dot_parameter="node_attr">
	<n.set_local_user.this_user />
	<n.set_local_node.node_attr/>
	<n.block.>
		<n.either>
			<condition1.local_user.owns.local_node/>
			<condition2.either>
				<condition1.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.view_permission/]" />
				<condition2.local_user.is_site_admin />
			</condition2.either>
		</n.either>
	</n.block.>
</macro>

<macro name="can_manage_users_and_groups" requires="user">
	<n.is_site_admin/>
</macro>

<macro name="can_manage_banned_users" requires="user">
	<n.has_site_permission permission="[n.manage_banned_users_permission/]" />
</macro>

<macro name="can_change_permissions_of" requires="user" dot_parameter="node_attr">
	<n.is_site_admin/>
</macro>

<macro name="can_create_sub_apps_under" requires="user" dot_parameter="node_attr">
	<n.set_local_user.this_user />
	<n.set_local_node.node_attr/>
	<n.block.>
		<n.both>
			<condition1.not.local_user.is_banned/>
			<condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node/]" permission="[n.create_sub_apps_permission/]" />
		</n.both>
	</n.block.>
</macro>

<macro name="can_manage_pinned_topics_in" requires="user" dot_parameter="node_attr">
	<n.set_local_user.this_user />
	<n.set_local_node.node_attr/>
	<n.block.>
		<n.both>
			<condition1.not.local_user.is_banned/>
			<condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.manage_pinned_topics_permission/]" />
		</n.both>
	</n.block.>
</macro>

<macro name="can_manage_locked_topics_in" requires="user" dot_parameter="node_attr">
	<n.set_local_user.this_user />
	<n.set_local_node.node_attr/>
	<n.block.>
		<n.both>
			<condition1.not.local_user.is_banned/>
			<condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.manage_locked_topics_permission/]" />
		</n.both>
	</n.block.>
</macro>

<macro name="has_unrestricted_posting" requires="node">
	<n.set_local_node.this_node/>
	<n.local_node.owner.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.unrestricted_posting_permission/]" />
</macro>

<macro name="allows_showing_members_of" requires="node" dot_parameter="group">
	<n.has_permission permission="[n.show_group_members_permission/]" group="[n.group/]" />
</macro>

<macro name="has_people_page" requires="node">
	<n.has_groups_with_permission.show_group_members_permission/>
</macro>

<macro name="can_be_displayed_in" requires="user" dot_parameter="node_attr">
	<n.set_local_user.this_user />
	<n.set_local_node.node_attr/>
	<n.block.>
		<n.both>
			<condition1.not.local_user.is_banned/>
			<condition2.local_user.has_permission node="[n.local_node/]" permission_node="[n.local_node.app_or_root/]" permission="[n.show_group_members_permission/]" />
		</n.both>
	</n.block.>
</macro>



<macro name="get read authorization key" requires="http_request">
	<n.if.not.has_parameter name="node">
		<then.exit/>
	</n.if.not.has_parameter>
	<n.get_node_from_parameter.>
		<n.if.equal value1="[n.get_parameter name='macro'/]" value2="unauthorized">
			<then.exit/>
		</n.if.equal>
		<n.if.not.is_private>
			<then.exit/>
		</n.if.not.is_private>
		<n.get_private_node.id />
	</n.get_node_from_parameter.>
</macro>

<macro name="authorization_node" dot_parameter="do" requires="read_authorization">
	<n.get_node_from_id node_id="[n.authorization_key/]" do="[n.do/]" />
</macro>

<macro name="authorize for read" requires="read_authorization,servlet">
	<n.if.visitor.is_anonymous>
		<then>
			<n.redirect_to.>
				<n.login_path>
					<message>
						<t>You must login to view <t.subject.authorization_node.subject/>.</t>
					</message>
					<nextUrl>
						<n.current_url/>
					</nextUrl>
				</n.login_path>
			</n.redirect_to.>
			<n.false />
			<n.exit />
		</then>
	</n.if.visitor.is_anonymous>
	<n.if>
		<condition.either>
			<condition1.visitor.can_view.authorization_node />
			<condition2.visitor.owns.get_node_from_parameter />
		</condition.either>
		<then.true />
		<else>
			<n.redirect_to.authorization_node.unauthorized_path />
			<n.false />
		</else>
	</n.if>
</macro>