diff --git a/_test/conf/acl.auth.php b/_test/conf/acl.auth.php
index 14344d7785b72176f7386973a9142936b236f287..8a1b01f23f1cebb240c74a7751f731a64fa96595 100644
--- a/_test/conf/acl.auth.php
+++ b/_test/conf/acl.auth.php
@@ -19,3 +19,9 @@
# delete 16
* @ALL 8
+
+# for testing wildcards:
+users:* @ALL 1
+users:%USER%:* %USER% 16
+groups:* @ALL 1
+groups:%GROUP%:* %GROUP% 16
diff --git a/_test/tests/inc/auth_aclcheck.test.php b/_test/tests/inc/auth_aclcheck.test.php
index ea48ec6a50643926a7b6dc2f6ec8b3e93de601b3..991f82da77e35eda6e0b586d3e45f5cba787369d 100644
--- a/_test/tests/inc/auth_aclcheck.test.php
+++ b/_test/tests/inc/auth_aclcheck.test.php
@@ -235,6 +235,33 @@ class auth_acl_test extends DokuWikiTest {
$this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','roots')), AUTH_ADMIN);
}
+ function test_wildcards(){
+ global $conf;
+ global $AUTH_ACL;
+ global $USERINFO;
+ $conf['useacl'] = 1;
+
+ $_SERVER['REMOTE_USER'] = 'john';
+ $USERINFO['grps'] = array('test','töst','foo bar');
+ $AUTH_ACL = auth_loadACL(); // default test file
+
+ // default setting
+ $this->assertEquals(AUTH_UPLOAD, auth_aclcheck('page', $_SERVER['REMOTE_USER'], $USERINFO['grps']));
+
+ // user namespace
+ $this->assertEquals(AUTH_DELETE, auth_aclcheck('users:john:foo', $_SERVER['REMOTE_USER'], $USERINFO['grps']));
+ $this->assertEquals(AUTH_READ, auth_aclcheck('users:john:foo', 'schmock', array()));
+
+ // group namespace
+ $this->assertEquals(AUTH_DELETE, auth_aclcheck('groups:test:foo', $_SERVER['REMOTE_USER'], $USERINFO['grps']));
+ $this->assertEquals(AUTH_READ, auth_aclcheck('groups:test:foo', 'schmock', array()));
+ $this->assertEquals(AUTH_DELETE, auth_aclcheck('groups:toest:foo', $_SERVER['REMOTE_USER'], $USERINFO['grps']));
+ $this->assertEquals(AUTH_READ, auth_aclcheck('groups:toest:foo', 'schmock', array()));
+ $this->assertEquals(AUTH_DELETE, auth_aclcheck('groups:foo_bar:foo', $_SERVER['REMOTE_USER'], $USERINFO['grps']));
+ $this->assertEquals(AUTH_READ, auth_aclcheck('groups:foo_bar:foo', 'schmock', array()));
+
+ }
+
}
//Setup VIM: ex: et ts=4 :
diff --git a/inc/auth.php b/inc/auth.php
index fbdb2b439287057c914d5f9753ffe8244e3eda3b..26f4000fd0ee3214a1a92673ad7e09723ffb06f2 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -130,24 +130,28 @@ function auth_loadACL() {
$acl = file($config_cascade['acl']['default']);
//support user wildcard
+ $out = array();
if(isset($_SERVER['REMOTE_USER'])){
$len = count($acl);
for($i = 0; $i < $len; $i++) {
if($acl[$i]{0} == '#') continue;
+ if(!trim($acl[$i])) continue;
list($id,$rest) = preg_split('/\s+/',$acl[$i],2);
+
if(strstr($acl[$i], '%GROUP%')){
foreach($USERINFO['grps'] as $grp){
$nid = str_replace('%GROUP%',cleanID($grp),$id);
- $nrest = str_replace('%GROUP%',auth_nameencode($grp),$rest);
- $acl[] = "$nid\t$nrest";
+ $nrest = str_replace('%GROUP%','@'.auth_nameencode($grp),$rest);
+ $out[] = "$nid\t$nrest";
}
+ } else {
+ $id = str_replace('%USER%',cleanID($_SERVER['REMOTE_USER']),$id);
+ $rest = str_replace('%USER%',auth_nameencode($_SERVER['REMOTE_USER']),$rest);
+ $out[] = "$id\t$rest";
}
- $id = str_replace('%USER%',cleanID($_SERVER['REMOTE_USER']),$id);
- $rest = str_replace('%USER%',auth_nameencode($_SERVER['REMOTE_USER']),$rest);
- $acl[$i] = "$id\t$rest";
}
}
- return $acl;
+ return $out;
}
/**