Improve system/user types for extensions

- system extensions can only be managed by an administrator
- system extensions are loaded for all users (even if not logged)
- user extensions are loaded for logged users only
- system extensions loading is saved in global config.php file

See https://github.com/FreshRSS/FreshRSS/issues/252

4 files changed, 54 insertions, 19 deletions

diff --git a/app/Controllers/extensionController.php b/app/Controllers/extensionController.php
index 415f489a6..e348d9f31 100644
--- a/app/Controllers/extensionController.php
+++ b/app/Controllers/extensionController.php
@@ -52,16 +52,23 @@ class FreshRSS_extension_Controller extends Minz_ActionController {
 				Minz_Request::bad('feedback.extension.already_enabled', $url_redirect);
 			}
 
-			if ($ext->getType() === 'system' && !FreshRSS_Auth::hasAccess('admin')) {
-				Minz_Request::bad('feedback.extension.no_access', $url_redirect);
-			}
+			if ($ext->getType() === 'system' && FreshRSS_Auth::hasAccess('admin')) {
+				$ext->install();
+
+				Minz_Configuration::addExtension($ext_name);
+				Minz_Configuration::writeFile();
 
-			$ext->install();
+				Minz_Request::good('feedback.extension.enabled', $url_redirect);
+			} elseif ($ext->getType() === 'user') {
+				$ext->install();
 
-			FreshRSS_Context::$conf->addExtension($ext_name);
-			FreshRSS_Context::$conf->save();
+				FreshRSS_Context::$conf->addExtension($ext_name);
+				FreshRSS_Context::$conf->save();
 
-			Minz_Request::good('feedback.extension.enabled', $url_redirect);
+				Minz_Request::good('feedback.extension.enabled', $url_redirect);
+			} else {
+				Minz_Request::bad('feedback.extension.no_access', $url_redirect);
+			}
 		}
 
 		Minz_Request::forward($url_redirect, true);
@@ -90,16 +97,23 @@ class FreshRSS_extension_Controller extends Minz_ActionController {
 				Minz_Request::bad('feedback.extension.not_enabled', $url_redirect);
 			}
 
-			if ($ext->getType() === 'system' && !FreshRSS_Auth::hasAccess('admin')) {
-				Minz_Request::bad('feedback.extension.no_access', $url_redirect);
-			}
+			if ($ext->getType() === 'system' && FreshRSS_Auth::hasAccess('admin')) {
+				$ext->uninstall();
+
+				Minz_Configuration::removeExtension($ext_name);
+				Minz_Configuration::writeFile();
 
-			$ext->uninstall();
+				Minz_Request::good('feedback.extension.disabled', $url_redirect);
+			} elseif ($ext->getType() === 'user') {
+				$ext->uninstall();
 
-			FreshRSS_Context::$conf->removeExtension($ext_name);
-			FreshRSS_Context::$conf->save();
+				FreshRSS_Context::$conf->removeExtension($ext_name);
+				FreshRSS_Context::$conf->save();
 
-			Minz_Request::good('feedback.extension.disabled', $url_redirect);
+				Minz_Request::good('feedback.extension.disabled', $url_redirect);
+			} else {
+				Minz_Request::bad('feedback.extension.no_access', $url_redirect);
+			}
 		}
 
 		Minz_Request::forward($url_redirect, true);
diff --git a/app/FreshRSS.php b/app/FreshRSS.php
index dc7d0b375..b91dfcc46 100644
--- a/app/FreshRSS.php
+++ b/app/FreshRSS.php
@@ -29,9 +29,11 @@ class FreshRSS extends Minz_FrontController {
 		// Load context and configuration.
 		FreshRSS_Context::init();
 
-		// Enable extensions for the current user.
-		$ext_list = FreshRSS_Context::$conf->extensions_enabled;
-		Minz_ExtensionManager::enable_by_list($ext_list);
+		// Enable extensions for the current (logged) user.
+		if (FreshRSS_Auth::hasAccess()) {
+			$ext_list = FreshRSS_Context::$conf->extensions_enabled;
+			Minz_ExtensionManager::enable_by_list($ext_list);
+		}
 
 		// Init i18n.
 		Minz_Session::_param('language', FreshRSS_Context::$conf->language);
diff --git a/app/views/extension/index.phtml b/app/views/extension/index.phtml
index c6b7c84a1..0be03d7b5 100644
--- a/app/views/extension/index.phtml
+++ b/app/views/extension/index.phtml
@@ -10,6 +10,7 @@
 	<?php foreach ($this->extension_list as $ext) { ?>
 	<ul class="horizontal-list">
 		<li class="item">
+			<?php if ($ext->getType() === 'user' || FreshRSS_Auth::hasAccess('admin')) { ?>
 			<?php $name_encoded = urlencode($ext->getName()); ?>
 			<div class="stick">
 				<a class="btn open-slider" href="<?php echo _url('extension', 'configure', 'e', $name_encoded); ?>"><?php echo _i('configure'); ?> <?php echo _t('admin.extensions.manage'); ?></a>
@@ -22,6 +23,9 @@
 				<button class="btn btn-attention confirm" form="form-extension" formaction="<?php echo _url('extension', 'remove', 'e', $name_encoded); ?>"><?php echo _t('admin.extensions.remove'); ?></button>
 				<?php } ?>
 			</div>
+			<?php } else { ?>
+			<?php echo _t('admin.extensions.system'); ?>
+			<?php } ?>
 		</li>
 		<li class="item"><?php echo $ext->getName(); ?></li>
 	</ul>
diff --git a/lib/Minz/Configuration.php b/lib/Minz/Configuration.php
index 4d3ab0964..4a3221ef5 100644
--- a/lib/Minz/Configuration.php
+++ b/lib/Minz/Configuration.php
@@ -165,6 +165,19 @@ class Minz_Configuration {
 		self::$unsafe_autologin_enabled = (bool)$value;
 	}
 
+	public function removeExtension($ext_name) {
+		self::$extensions_enabled = array_diff(
+			self::$extensions_enabled,
+			array($ext_name)
+		);
+	}
+	public function addExtension($ext_name) {
+		$found = array_search($ext_name, self::$extensions_enabled) !== false;
+		if (!$found) {
+			self::$extensions_enabled[] = $ext_name;
+		}
+	}
+
 	/**
 	 * Initialise les variables de configuration
 	 * @exception Minz_FileNotExistException si le CONF_PATH_NAME n'existe pas
@@ -197,6 +210,7 @@ class Minz_Configuration {
 			),
 			'limits' => self::$limits,
 			'db' => self::$db,
+			'extensions_enabled' => self::$extensions_enabled,
 		);
 		@rename(DATA_PATH . self::CONF_PATH_NAME, DATA_PATH . self::CONF_PATH_NAME . '.bak.php');
 		$result = file_put_contents(DATA_PATH . self::CONF_PATH_NAME, "<?php\n return " . var_export($ini_array, true) . ';');
@@ -344,8 +358,9 @@ class Minz_Configuration {
 		}
 
 		// Extensions
-		if (isset($ini_array['extensions']) && is_array($ini_array['extensions'])) {
-			self::$extensions_enabled = $ini_array['extensions'];
+		if (isset($ini_array['extensions_enabled']) &&
+				is_array($ini_array['extensions_enabled'])) {
+			self::$extensions_enabled = $ini_array['extensions_enabled'];
 		}
 
 		// Base de données