Merge branch 'master' of git://github.com/Aorimn/dokuwiki into pull-request-76

* 'master' of git://github.com/Aorimn/dokuwiki:
  Change default groupwildcards option to 0 not to change behavior of
  Added support for the %GROUP% wildcard.

Conflicts:
	inc/auth.php

conf/dokuwiki.php

@@ -53,6 +53,8 @@ $conf['hidepages']   = '';                //Regexp for pages to be skipped from
 
 /* Authentication Settings */
 $conf['useacl']      = 0;                //Use Access Control Lists to restrict access?
+$conf['usewildcards']   = 1;             //Use ACL wildcard %USER%
+$conf['groupwildcards'] = 0;             //More specifically, use %GROUP% wildcard
 $conf['autopasswd']  = 1;                //autogenerate passwords and email them to user
 $conf['authtype']    = 'plain';          //which authentication backend should be used
 $conf['passcrypt']   = 'smd5';           //Used crypt method (smd5,md5,sha1,ssha,crypt,mysql,my411)

inc/auth.php

@@ -123,19 +123,28 @@ function auth_setup() {
  */
 function auth_loadACL() {
     global $config_cascade;
+    global $conf;
+    global $USERINFO;
 
     if(!is_readable($config_cascade['acl']['default'])) return array();
 
     $acl = file($config_cascade['acl']['default']);
 
     //support user wildcard
-    if(isset($_SERVER['REMOTE_USER'])) {
+    if(isset($_SERVER['REMOTE_USER']) && $conf['use_wildcards']){
         $len = count($acl);
         for($i = 0; $i < $len; $i++) {
             if($acl[$i]{0} == '#') continue;
-            list($id, $rest) = preg_split('/\s+/', $acl[$i], 2);
-            $id      = str_replace('%USER%', cleanID($_SERVER['REMOTE_USER']), $id);
-            $rest    = str_replace('%USER%', auth_nameencode($_SERVER['REMOTE_USER']), $rest);
+            list($id,$rest) = preg_split('/\s+/',$acl[$i],2);
+            if($conf['groups_wilcards'] && (strstr($id, '%GROUP%') || strstr($rest, '%GROUP%'))){
+                    foreach($USERINFO['grps'] as $grp){
+                            $nid   = str_replace('%GROUP%',cleanID($grp),$id);
+                            $nrest = str_replace('%GROUP%',auth_nameencode($grp),$rest);
+                            $acl[] = "$nid\t$nrest";
+                    }
+            }
+            $id   = str_replace('%USER%',cleanID($_SERVER['REMOTE_USER']),$id);
+            $rest = str_replace('%USER%',auth_nameencode($_SERVER['REMOTE_USER']),$rest);
             $acl[$i] = "$id\t$rest";
         }
     }
@@ -632,6 +641,7 @@ function auth_nameencode($name, $skip_group = false) {
 
     // never encode wildcard FS#1955
     if($name == '%USER%') return $name;
+    if($name == '%GROUP%') return $name;
 
     if(!isset($cache[$name][$skip_group])) {
         if($skip_group && $name{0} == '@') {

lib/plugins/acl/admin.php

@@ -84,7 +84,7 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin {
             $this->who = '@'.ltrim($auth->cleanGroup($who),'@');
         }elseif($_REQUEST['acl_t'] == '__u__' && $who){
             $this->who = ltrim($who,'@');
-            if($this->who != '%USER%'){ #keep wildcard as is
+            if($this->who != '%USER%' && $this->who != '%GROUP%'){ #keep wildcard as is
                 $this->who = $auth->cleanUser($this->who);
             }
         }elseif($_REQUEST['acl_t'] &&
@@ -140,7 +140,7 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin {
                             if ($who!='@ALL') {
                                 $who = '@'.ltrim($auth->cleanGroup($who),'@');
                             }
-                        } elseif ($who != '%USER%'){ #keep wildcard as is
+                        } elseif ($who != '%USER%' && $who != '%GROUP%'){ #keep wildcard as is
                             $who = $auth->cleanUser($who);
                         }
                         $who = auth_nameencode($who,true);

lib/plugins/config/lang/en/lang.php

@@ -92,6 +92,8 @@ $lang['hidepages']   = 'Hide pages matching this regular expressions from search
 
 /* Authentication Settings */
 $lang['useacl']      = 'Use access control lists';
+$lang['usewildcards']   = 'Use the wildcard %USER% for ACL';
+$lang['groupwildcards'] = 'Use the wildcard %GROUP% for ACL';
 $lang['autopasswd']  = 'Autogenerate passwords';
 $lang['authtype']    = 'Authentication backend';
 $lang['passcrypt']   = 'Password encryption method';

lib/plugins/config/lang/fr/lang.php

@@ -79,6 +79,8 @@ $lang['useheading']            = 'Utiliser le titre de premier niveau';
 $lang['sneaky_index']          = 'Par défaut, DokuWiki affichera toutes les catégories dans la vue par index. Activer cette option permet de cacher celles pour lesquelles l\'utilisateur n\'a pas la permission de lecture. Il peut en résulter le masquage de sous-catégories accessibles. Ceci peut rendre l\'index inutilisable avec certaines ACL.';
 $lang['hidepages']             = 'Cacher les pages correspondant à (expression régulière)';
 $lang['useacl']                = 'Utiliser les listes de contrôle d\'accès (ACL)';
+$lang['usewildcards']          = 'Utiliser le joker %USER% dans les ACL';
+$lang['groupwildcards']        = 'Utiliser le joker %GROUP% dans les ACL';
 $lang['autopasswd']            = 'Auto-générer les mots de passe';
 $lang['authtype']              = 'Mécanisme d\'authentification';
 $lang['passcrypt']             = 'Méthode de chiffrement des mots de passe';

lib/plugins/config/settings/config.metadata.php

@@ -124,6 +124,8 @@ $meta['hidepages']   = array('string');
 
 $meta['_authentication'] = array('fieldset');
 $meta['useacl']      = array('onoff');
+$meta['usewildcards']    = array('onoff');
+$meta['groupwildcards']  = array('onoff');
 $meta['autopasswd']  = array('onoff');
 $meta['authtype']    = array('authtype');
 $meta['passcrypt']   = array('multichoice','_choices' => array('smd5','md5','apr1','sha1','ssha','lsmd5','crypt','mysql','my411','kmd5','pmd5','hmd5','bcrypt'));