diff --git a/_test/tests/inc/pageutils_findnearest.test.php b/_test/tests/inc/pageutils_findnearest.test.php
index e129b5e585e2581846d3ff28ba0f16d6170ec640..d62d3dd78d07dc60196f1946356587f605d5fe8b 100644
--- a/_test/tests/inc/pageutils_findnearest.test.php
+++ b/_test/tests/inc/pageutils_findnearest.test.php
@@ -1,6 +1,33 @@
<?php
class pageutils_findnearest_test extends DokuWikiTest {
+
+ var $oldAuthAcl;
+
+ function setUp() {
+ parent::setUp();
+ global $AUTH_ACL;
+ global $auth;
+ global $conf;
+ $conf['superuser'] = 'john';
+ $conf['useacl'] = 1;
+
+ $this->oldAuthAcl = $AUTH_ACL;
+ $auth = new DokuWiki_Auth_Plugin();
+
+ $AUTH_ACL = array(
+ '* @ALL 1',
+ 'internal:* @ALL 0',
+ 'internal:* max 1',
+ '* @user 8',
+ );
+ }
+
+ function tearDown() {
+ global $AUTH_ACL;
+ $AUTH_ACL = $this->oldAuthAcl;
+ }
+
function testNoSidebar() {
global $ID;
@@ -37,4 +64,26 @@ class pageutils_findnearest_test extends DokuWikiTest {
$this->assertEquals('sidebar', $sidebar);
}
+ function testACLWithSidebar() {
+ global $ID;
+ global $INPUT;
+
+ $INPUT->server->set('REMOTE_USER', 'foo');
+
+ saveWikiText('sidebar', 'top sidebar', '');
+ saveWikiText('internal:sidebar', 'internal sidebar', '');
+
+ $ID = 'internal:foo:bar';
+
+ $sidebar = page_findnearest('sidebar');
+ $this->assertEquals('sidebar', $sidebar);
+
+ $sidebar = page_findnearest('sidebar', false);
+ $this->assertEquals('internal:sidebar', $sidebar);
+
+ $INPUT->server->set('REMOTE_USER', 'max');
+
+ $sidebar = page_findnearest('sidebar');
+ $this->assertEquals('internal:sidebar', $sidebar);
+ }
}
diff --git a/inc/pageutils.php b/inc/pageutils.php
index 0226185ccd126e9a25b420bad2f699fb93be71f2..a101e0aec6a821afab2d2e8dc6bb4e3da8700cb9 100644
--- a/inc/pageutils.php
+++ b/inc/pageutils.php
@@ -738,24 +738,26 @@ function utf8_decodeFN($file){
/**
* Find a page in the current namespace (determined from $ID) or any
- * higher namespace
+ * higher namespace that can be accessed by the current user,
+ * this condition can be overriden by an optional parameter.
*
* Used for sidebars, but can be used other stuff as well
*
* @todo add event hook
*
* @param string $page the pagename you're looking for
- * @return string|false the full page id of the found page, false if any
+ * @param bool $useacl only return pages readable by the current user, false to ignore ACLs
+ * @return false|string the full page id of the found page, false if any
*/
-function page_findnearest($page){
+function page_findnearest($page, $useacl = true){
if (!$page) return false;
global $ID;
$ns = $ID;
do {
$ns = getNS($ns);
- $pageid = ltrim("$ns:$page",':');
- if(page_exists($pageid)){
+ $pageid = cleanID("$ns:$page");
+ if(page_exists($pageid) && (!$useacl || auth_quickaclcheck($pageid) >= AUTH_READ)){
return $pageid;
}
} while($ns);
diff --git a/inc/template.php b/inc/template.php
index ec99742116e9fd90006b8fd36a9ba6e6e2b26e0f..335b0dd27b303979db1643ea892c0657e0c3786c 100644
--- a/inc/template.php
+++ b/inc/template.php
@@ -1712,22 +1712,26 @@ function tpl_license($img = 'badge', $imgonly = false, $return = false, $wrap =
* This function is useful to populate sidebars or similar features in a
* template
*
- * @param string $pageid
- * @param bool $print
- * @param bool $propagate
+ * @param string $pageid The page name you want to include
+ * @param bool $print Should the content be printed or returned only
+ * @param bool $propagate Search higher namespaces, too?
+ * @param bool $useacl Include the page only if the ACLs check out?
* @return bool|null|string
*/
-function tpl_include_page($pageid, $print = true, $propagate = false) {
- if (!$pageid) return false;
- if ($propagate) $pageid = page_findnearest($pageid);
+function tpl_include_page($pageid, $print = true, $propagate = false, $useacl = true) {
+ if($propagate) {
+ $pageid = page_findnearest($pageid, $useacl);
+ } elseif($useacl && auth_quickaclcheck($pageid) == AUTH_NONE) {
+ return false;
+ }
+ if(!$pageid) return false;
global $TOC;
$oldtoc = $TOC;
$html = p_wiki_xhtml($pageid, '', false);
$TOC = $oldtoc;
- if(!$print) return $html;
- echo $html;
+ if($print) echo $html;
return $html;
}