From b78bf706e2ab1d34498beea00b7ecfda11944eee Mon Sep 17 00:00:00 2001
From: romain <romain.coltel@gmail.com>
Date: Mon, 30 Jan 2012 19:58:55 +0100
Subject: [PATCH] Added support for the %GROUP% wildcard.
%GROUP% is the same as %USER% except it's done on each group a user is
in.
%USER% and %GROUP% cannot be mixed on an ACL line.
---
conf/dokuwiki.php | 2 ++
inc/auth.php | 12 +++++++++++-
lib/plugins/acl/admin.php | 4 ++--
lib/plugins/config/lang/en/lang.php | 2 ++
lib/plugins/config/lang/fr/lang.php | 2 ++
lib/plugins/config/settings/config.metadata.php | 2 ++
6 files changed, 21 insertions(+), 3 deletions(-)
mode change 100644 => 100755 conf/dokuwiki.php
diff --git a/conf/dokuwiki.php b/conf/dokuwiki.php
old mode 100644
new mode 100755
index 7a7e4bf1a..2beb65600
--- a/conf/dokuwiki.php
+++ b/conf/dokuwiki.php
@@ -69,6 +69,8 @@ $conf['iexssprotect']= 1; // check for JavaScript and HTML in up
/* Authentication Options - read http://www.splitbrain.org/dokuwiki/wiki:acl */
$conf['useacl'] = 0; //Use Access Control Lists to restrict access?
+$conf['usewildcards'] = 1; //Use ACL wildcards
+$conf['groupwildcards'] = 1; //More specifically, use %GROUP% wildcard
$conf['autopasswd'] = 1; //autogenerate passwords and email them to user
$conf['authtype'] = 'plain'; //which authentication backend should be used
$conf['passcrypt'] = 'smd5'; //Used crypt method (smd5,md5,sha1,ssha,crypt,mysql,my411)
diff --git a/inc/auth.php b/inc/auth.php
index e0f58e5f2..88d2caf1b 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -120,17 +120,26 @@ function auth_setup(){
*/
function auth_loadACL(){
global $config_cascade;
+ global $conf;
+ global $USERINFO;
if(!is_readable($config_cascade['acl']['default'])) return array();
$acl = file($config_cascade['acl']['default']);
//support user wildcard
- if(isset($_SERVER['REMOTE_USER'])){
+ if(isset($_SERVER['REMOTE_USER']) && $conf['use_wildcards']){
$len = count($acl);
for($i=0; $i<$len; $i++){
if($acl[$i]{0} == '#') continue;
list($id,$rest) = preg_split('/\s+/',$acl[$i],2);
+ if($conf['groups_wilcards'] && (strstr($id, '%GROUP%') || strstr($rest, '%GROUP%'))){
+ foreach($USERINFO['grps'] as $grp){
+ $nid = str_replace('%GROUP%',cleanID($grp),$id);
+ $nrest = str_replace('%GROUP%',auth_nameencode($grp),$rest);
+ $acl[] = "$nid\t$nrest";
+ }
+ }
$id = str_replace('%USER%',cleanID($_SERVER['REMOTE_USER']),$id);
$rest = str_replace('%USER%',auth_nameencode($_SERVER['REMOTE_USER']),$rest);
$acl[$i] = "$id\t$rest";
@@ -607,6 +616,7 @@ function auth_nameencode($name,$skip_group=false){
// never encode wildcard FS#1955
if($name == '%USER%') return $name;
+ if($name == '%GROUP%') return $name;
if (!isset($cache[$name][$skip_group])) {
if($skip_group && $name{0} =='@'){
diff --git a/lib/plugins/acl/admin.php b/lib/plugins/acl/admin.php
index a6b0624bc..4d2be8dd0 100644
--- a/lib/plugins/acl/admin.php
+++ b/lib/plugins/acl/admin.php
@@ -84,7 +84,7 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin {
$this->who = '@'.ltrim($auth->cleanGroup($who),'@');
}elseif($_REQUEST['acl_t'] == '__u__' && $who){
$this->who = ltrim($who,'@');
- if($this->who != '%USER%'){ #keep wildcard as is
+ if($this->who != '%USER%' && $this->who != '%GROUP%'){ #keep wildcard as is
$this->who = $auth->cleanUser($this->who);
}
}elseif($_REQUEST['acl_t'] &&
@@ -140,7 +140,7 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin {
if ($who!='@ALL') {
$who = '@'.ltrim($auth->cleanGroup($who),'@');
}
- } elseif ($who != '%USER%'){ #keep wildcard as is
+ } elseif ($who != '%USER%' && $who != '%GROUP%'){ #keep wildcard as is
$who = $auth->cleanUser($who);
}
$who = auth_nameencode($who,true);
diff --git a/lib/plugins/config/lang/en/lang.php b/lib/plugins/config/lang/en/lang.php
index 74ec56345..3d3a6d426 100644
--- a/lib/plugins/config/lang/en/lang.php
+++ b/lib/plugins/config/lang/en/lang.php
@@ -95,6 +95,8 @@ $lang['showuseras'] = 'What to display when showing the user that last edited a
/* Authentication Options */
$lang['useacl'] = 'Use access control lists';
+$lang['usewildcards'] = 'Use the wildcard %USER% for ACL';
+$lang['groupwildcards'] = 'Use the wildcard %GROUP% for ACL';
$lang['autopasswd'] = 'Autogenerate passwords';
$lang['authtype'] = 'Authentication backend';
$lang['passcrypt'] = 'Password encryption method';
diff --git a/lib/plugins/config/lang/fr/lang.php b/lib/plugins/config/lang/fr/lang.php
index 8dcd21032..efa5b8f67 100644
--- a/lib/plugins/config/lang/fr/lang.php
+++ b/lib/plugins/config/lang/fr/lang.php
@@ -83,6 +83,8 @@ $lang['mailguard'] = 'Brouiller les adresses de courriel';
$lang['iexssprotect'] = 'Vérifier la présence de code JavaScript ou HTML malveillant dans les fichiers envoyés';
$lang['showuseras'] = 'Qu\'afficher en montrant les utilisateurs qui ont récemment modifié la page';
$lang['useacl'] = 'Utiliser les listes de contrôle d\'accès (ACL)';
+$lang['usewildcards'] = 'Utiliser le joker %USER% dans les ACL';
+$lang['groupwildcards'] = 'Utiliser le joker %GROUP% dans les ACL';
$lang['autopasswd'] = 'Auto-générer les mots de passe';
$lang['authtype'] = 'Mécanisme d\'authentification';
$lang['passcrypt'] = 'Méthode de chiffrement des mots de passe';
diff --git a/lib/plugins/config/settings/config.metadata.php b/lib/plugins/config/settings/config.metadata.php
index 96451e857..bb034f2db 100644
--- a/lib/plugins/config/settings/config.metadata.php
+++ b/lib/plugins/config/settings/config.metadata.php
@@ -123,6 +123,8 @@ $meta['refshow'] = array('numeric');
$meta['_authentication'] = array('fieldset');
$meta['useacl'] = array('onoff');
+$meta['usewildcards'] = array('onoff');
+$meta['groupwildcards'] = array('onoff');
$meta['autopasswd'] = array('onoff');
$meta['authtype'] = array('authtype');
$meta['passcrypt'] = array('multichoice','_choices' => array('smd5','md5','apr1','sha1','ssha','crypt','mysql','my411','kmd5','pmd5','hmd5'));
--
GitLab