diff --git a/conf/dokuwiki.php b/conf/dokuwiki.php
old mode 100644
new mode 100755
index cbd42115df3a1f19377d3f207488526f61a3da29..1eb6f5c5d9edc266fefaae97226497f13e6dd920
--- a/conf/dokuwiki.php
+++ b/conf/dokuwiki.php
@@ -53,6 +53,8 @@ $conf['hidepages'] = ''; //Regexp for pages to be skipped from
/* Authentication Settings */
$conf['useacl'] = 0; //Use Access Control Lists to restrict access?
+$conf['usewildcards'] = 1; //Use ACL wildcard %USER%
+$conf['groupwildcards'] = 0; //More specifically, use %GROUP% wildcard
$conf['autopasswd'] = 1; //autogenerate passwords and email them to user
$conf['authtype'] = 'plain'; //which authentication backend should be used
$conf['passcrypt'] = 'smd5'; //Used crypt method (smd5,md5,sha1,ssha,crypt,mysql,my411)
diff --git a/inc/auth.php b/inc/auth.php
index d0f21c825e348880febb27008d899a615285036a..58c796f2ee912c99fb2ef1ccffe347e7203c5a56 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -123,19 +123,28 @@ function auth_setup() {
*/
function auth_loadACL() {
global $config_cascade;
+ global $conf;
+ global $USERINFO;
if(!is_readable($config_cascade['acl']['default'])) return array();
$acl = file($config_cascade['acl']['default']);
//support user wildcard
- if(isset($_SERVER['REMOTE_USER'])) {
+ if(isset($_SERVER['REMOTE_USER']) && $conf['use_wildcards']){
$len = count($acl);
for($i = 0; $i < $len; $i++) {
if($acl[$i]{0} == '#') continue;
- list($id, $rest) = preg_split('/\s+/', $acl[$i], 2);
- $id = str_replace('%USER%', cleanID($_SERVER['REMOTE_USER']), $id);
- $rest = str_replace('%USER%', auth_nameencode($_SERVER['REMOTE_USER']), $rest);
+ list($id,$rest) = preg_split('/\s+/',$acl[$i],2);
+ if($conf['groups_wilcards'] && (strstr($id, '%GROUP%') || strstr($rest, '%GROUP%'))){
+ foreach($USERINFO['grps'] as $grp){
+ $nid = str_replace('%GROUP%',cleanID($grp),$id);
+ $nrest = str_replace('%GROUP%',auth_nameencode($grp),$rest);
+ $acl[] = "$nid\t$nrest";
+ }
+ }
+ $id = str_replace('%USER%',cleanID($_SERVER['REMOTE_USER']),$id);
+ $rest = str_replace('%USER%',auth_nameencode($_SERVER['REMOTE_USER']),$rest);
$acl[$i] = "$id\t$rest";
}
}
@@ -632,6 +641,7 @@ function auth_nameencode($name, $skip_group = false) {
// never encode wildcard FS#1955
if($name == '%USER%') return $name;
+ if($name == '%GROUP%') return $name;
if(!isset($cache[$name][$skip_group])) {
if($skip_group && $name{0} == '@') {
diff --git a/lib/plugins/acl/admin.php b/lib/plugins/acl/admin.php
index c3461b78b2d494808e1b6239409d045694f79c19..1f88c6ff9cb9a6872542572550320a4075c41aed 100644
--- a/lib/plugins/acl/admin.php
+++ b/lib/plugins/acl/admin.php
@@ -84,7 +84,7 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin {
$this->who = '@'.ltrim($auth->cleanGroup($who),'@');
}elseif($_REQUEST['acl_t'] == '__u__' && $who){
$this->who = ltrim($who,'@');
- if($this->who != '%USER%'){ #keep wildcard as is
+ if($this->who != '%USER%' && $this->who != '%GROUP%'){ #keep wildcard as is
$this->who = $auth->cleanUser($this->who);
}
}elseif($_REQUEST['acl_t'] &&
@@ -140,7 +140,7 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin {
if ($who!='@ALL') {
$who = '@'.ltrim($auth->cleanGroup($who),'@');
}
- } elseif ($who != '%USER%'){ #keep wildcard as is
+ } elseif ($who != '%USER%' && $who != '%GROUP%'){ #keep wildcard as is
$who = $auth->cleanUser($who);
}
$who = auth_nameencode($who,true);
diff --git a/lib/plugins/config/lang/en/lang.php b/lib/plugins/config/lang/en/lang.php
index 83c843b3a497e68a396676c3345773af6390eabf..abc069eab3ad4ad8943c06d7f171a1a5080d07d0 100644
--- a/lib/plugins/config/lang/en/lang.php
+++ b/lib/plugins/config/lang/en/lang.php
@@ -92,6 +92,8 @@ $lang['hidepages'] = 'Hide pages matching this regular expressions from search
/* Authentication Settings */
$lang['useacl'] = 'Use access control lists';
+$lang['usewildcards'] = 'Use the wildcard %USER% for ACL';
+$lang['groupwildcards'] = 'Use the wildcard %GROUP% for ACL';
$lang['autopasswd'] = 'Autogenerate passwords';
$lang['authtype'] = 'Authentication backend';
$lang['passcrypt'] = 'Password encryption method';
diff --git a/lib/plugins/config/lang/fr/lang.php b/lib/plugins/config/lang/fr/lang.php
index 591e9f2fba3440be4b709ed585153b52e75b4067..5fdcd474ced09aaba5b5890e9fad463cfecb9cd6 100644
--- a/lib/plugins/config/lang/fr/lang.php
+++ b/lib/plugins/config/lang/fr/lang.php
@@ -79,6 +79,8 @@ $lang['useheading'] = 'Utiliser le titre de premier niveau';
$lang['sneaky_index'] = 'Par défaut, DokuWiki affichera toutes les catégories dans la vue par index. Activer cette option permet de cacher celles pour lesquelles l\'utilisateur n\'a pas la permission de lecture. Il peut en résulter le masquage de sous-catégories accessibles. Ceci peut rendre l\'index inutilisable avec certaines ACL.';
$lang['hidepages'] = 'Cacher les pages correspondant à (expression régulière)';
$lang['useacl'] = 'Utiliser les listes de contrôle d\'accès (ACL)';
+$lang['usewildcards'] = 'Utiliser le joker %USER% dans les ACL';
+$lang['groupwildcards'] = 'Utiliser le joker %GROUP% dans les ACL';
$lang['autopasswd'] = 'Auto-générer les mots de passe';
$lang['authtype'] = 'Mécanisme d\'authentification';
$lang['passcrypt'] = 'Méthode de chiffrement des mots de passe';
diff --git a/lib/plugins/config/settings/config.metadata.php b/lib/plugins/config/settings/config.metadata.php
index 3607f56c6509500ffa24ac00504ed276249d7e0c..675dca6ccf5d7052743e0a7d0cc99798f1047cf1 100644
--- a/lib/plugins/config/settings/config.metadata.php
+++ b/lib/plugins/config/settings/config.metadata.php
@@ -124,6 +124,8 @@ $meta['hidepages'] = array('string');
$meta['_authentication'] = array('fieldset');
$meta['useacl'] = array('onoff');
+$meta['usewildcards'] = array('onoff');
+$meta['groupwildcards'] = array('onoff');
$meta['autopasswd'] = array('onoff');
$meta['authtype'] = array('authtype');
$meta['passcrypt'] = array('multichoice','_choices' => array('smd5','md5','apr1','sha1','ssha','lsmd5','crypt','mysql','my411','kmd5','pmd5','hmd5','bcrypt'));