diff --git a/inc/auth.php b/inc/auth.php
index be6b7ebbe4a21191937ef4423ea6f19d0cd15c3e..1c0bf5b4fef7bfe43d8cf6e63bef80780566e6a1 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -136,22 +136,30 @@ function auth_loadACL() {
$acl = file($config_cascade['acl']['default']);
- //support user wildcard
$out = array();
foreach($acl as $line) {
$line = trim($line);
if($line{0} == '#') continue;
list($id,$rest) = preg_split('/\s+/',$line,2);
+ // substitue user wildcard first (its 1:1)
+ if(strstr($line, '%USER%')){
+ // if user is not logged in, this ACL line is meaningless - skip it
+ if (!isset($_SERVER['REMOTE_USER'])) continue;
+
+ $id = str_replace('%USER%',cleanID($_SERVER['REMOTE_USER']),$id);
+ $rest = str_replace('%USER%',auth_nameencode($_SERVER['REMOTE_USER']),$rest);
+ }
+
+ // substitute group wildcard (its 1:m)
if(strstr($line, '%GROUP%')){
+ // if user is not logged in, grps is empty, no output will be added (i.e. skipped)
foreach((array) $USERINFO['grps'] as $grp){
$nid = str_replace('%GROUP%',cleanID($grp),$id);
$nrest = str_replace('%GROUP%','@'.auth_nameencode($grp),$rest);
$out[] = "$nid\t$nrest";
}
} else {
- $id = str_replace('%USER%',cleanID($_SERVER['REMOTE_USER']),$id);
- $rest = str_replace('%USER%',auth_nameencode($_SERVER['REMOTE_USER']),$rest);
$out[] = "$id\t$rest";
}
}
diff --git a/lib/plugins/acl/admin.php b/lib/plugins/acl/admin.php
index 0d9cd742a872e9e08e046b9e9fd03d3c36e4f94b..50377da816e5b23e7c25ffcd4603cb0819cbbe58 100644
--- a/lib/plugins/acl/admin.php
+++ b/lib/plugins/acl/admin.php
@@ -724,7 +724,7 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin {
static $label = 0; //number labels
$ret = '';
- if($ispage && $setperm > AUTH_EDIT) $perm = AUTH_EDIT;
+ if($ispage && $setperm > AUTH_EDIT) $setperm = AUTH_EDIT;
foreach(array(AUTH_NONE,AUTH_READ,AUTH_EDIT,AUTH_CREATE,AUTH_UPLOAD,AUTH_DELETE) as $perm){
$label += 1;