Merge branch 'master' of git://github.com/Aorimn/dokuwiki into pull-request-76

* 'master' of git://github.com/Aorimn/dokuwiki: Change default groupwildcards option to 0 not to change behavior of Added support for the %GROUP% wildcard. Conflicts: inc/auth.php
author: Andreas Gohr <andi@splitbrain.org> 2012-06-29 14:55:35 +0200
committer: Andreas Gohr <andi@splitbrain.org> 2012-06-29 14:55:35 +0200
commit: bca545e60204a29018cc5002a1280a01b64594d9 (patch)
tree: a75a9d1529581c265cb2f428df01e9fa24504b98
parent: 5d0aaf958325f500ce69cfb79e69eb0d8f83fdeb (diff)
parent: 8f50749b133eb2da6dc2d69adc4fb163ed9d41c2 (diff)
download: rpg-bca545e60204a29018cc5002a1280a01b64594d9.tar.gz
rpg-bca545e60204a29018cc5002a1280a01b64594d9.tar.bz2
6 files changed, 24 insertions, 6 deletions
diff --git a/conf/dokuwiki.php b/conf/dokuwiki.php
index cbd42115d..1eb6f5c5d 100644..100755
--- a/conf/dokuwiki.php
+++ b/conf/dokuwiki.php
@@ -53,6 +53,8 @@ $conf['hidepages']   = '';                //Regexp for pages to be skipped from
 
 /* Authentication Settings */
 $conf['useacl']      = 0;                //Use Access Control Lists to restrict access?
+$conf['usewildcards']   = 1;             //Use ACL wildcard %USER%
+$conf['groupwildcards'] = 0;             //More specifically, use %GROUP% wildcard
 $conf['autopasswd']  = 1;                //autogenerate passwords and email them to user
 $conf['authtype']    = 'plain';          //which authentication backend should be used
 $conf['passcrypt']   = 'smd5';           //Used crypt method (smd5,md5,sha1,ssha,crypt,mysql,my411)
diff --git a/inc/auth.php b/inc/auth.php
index d0f21c825..58c796f2e 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -123,19 +123,28 @@ function auth_setup() {
  */
 function auth_loadACL() {
     global $config_cascade;
+    global $conf;
+    global $USERINFO;
 
     if(!is_readable($config_cascade['acl']['default'])) return array();
 
     $acl = file($config_cascade['acl']['default']);
 
     //support user wildcard
-    if(isset($_SERVER['REMOTE_USER'])) {
+    if(isset($_SERVER['REMOTE_USER']) && $conf['use_wildcards']){
         $len = count($acl);
         for($i = 0; $i < $len; $i++) {
             if($acl[$i]{0} == '#') continue;
-            list($id, $rest) = preg_split('/\s+/', $acl[$i], 2);
-            $id      = str_replace('%USER%', cleanID($_SERVER['REMOTE_USER']), $id);
-            $rest    = str_replace('%USER%', auth_nameencode($_SERVER['REMOTE_USER']), $rest);
+            list($id,$rest) = preg_split('/\s+/',$acl[$i],2);
+            if($conf['groups_wilcards'] && (strstr($id, '%GROUP%') || strstr($rest, '%GROUP%'))){
+                    foreach($USERINFO['grps'] as $grp){
+                            $nid   = str_replace('%GROUP%',cleanID($grp),$id);
+                            $nrest = str_replace('%GROUP%',auth_nameencode($grp),$rest);
+                            $acl[] = "$nid\t$nrest";
+                    }
+            }
+            $id   = str_replace('%USER%',cleanID($_SERVER['REMOTE_USER']),$id);
+            $rest = str_replace('%USER%',auth_nameencode($_SERVER['REMOTE_USER']),$rest);
             $acl[$i] = "$id\t$rest";
         }
     }
@@ -632,6 +641,7 @@ function auth_nameencode($name, $skip_group = false) {
 
     // never encode wildcard FS#1955
     if($name == '%USER%') return $name;
+    if($name == '%GROUP%') return $name;
 
     if(!isset($cache[$name][$skip_group])) {
         if($skip_group && $name{0} == '@') {
diff --git a/lib/plugins/acl/admin.php b/lib/plugins/acl/admin.php
index c3461b78b..1f88c6ff9 100644
--- a/lib/plugins/acl/admin.php
+++ b/lib/plugins/acl/admin.php
@@ -84,7 +84,7 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin {
             $this->who = '@'.ltrim($auth->cleanGroup($who),'@');
         }elseif($_REQUEST['acl_t'] == '__u__' && $who){
             $this->who = ltrim($who,'@');
-            if($this->who != '%USER%'){ #keep wildcard as is
+            if($this->who != '%USER%' && $this->who != '%GROUP%'){ #keep wildcard as is
                 $this->who = $auth->cleanUser($this->who);
             }
         }elseif($_REQUEST['acl_t'] &&
@@ -140,7 +140,7 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin {
                             if ($who!='@ALL') {
                                 $who = '@'.ltrim($auth->cleanGroup($who),'@');
                             }
-                        } elseif ($who != '%USER%'){ #keep wildcard as is
+                        } elseif ($who != '%USER%' && $who != '%GROUP%'){ #keep wildcard as is
                             $who = $auth->cleanUser($who);
                         }
                         $who = auth_nameencode($who,true);
diff --git a/lib/plugins/config/lang/en/lang.php b/lib/plugins/config/lang/en/lang.php
index 83c843b3a..abc069eab 100644
--- a/lib/plugins/config/lang/en/lang.php
+++ b/lib/plugins/config/lang/en/lang.php
@@ -92,6 +92,8 @@ $lang['hidepages']   = 'Hide pages matching this regular expressions from search
 
 /* Authentication Settings */
 $lang['useacl']      = 'Use access control lists';
+$lang['usewildcards']   = 'Use the wildcard %USER% for ACL';
+$lang['groupwildcards'] = 'Use the wildcard %GROUP% for ACL';
 $lang['autopasswd']  = 'Autogenerate passwords';
 $lang['authtype']    = 'Authentication backend';
 $lang['passcrypt']   = 'Password encryption method';
diff --git a/lib/plugins/config/lang/fr/lang.php b/lib/plugins/config/lang/fr/lang.php
index 591e9f2fb..5fdcd474c 100644
--- a/lib/plugins/config/lang/fr/lang.php
+++ b/lib/plugins/config/lang/fr/lang.php
@@ -79,6 +79,8 @@ $lang['useheading']            = 'Utiliser le titre de premier niveau';
 $lang['sneaky_index']          = 'Par défaut, DokuWiki affichera toutes les catégories dans la vue par index. Activer cette option permet de cacher celles pour lesquelles l\'utilisateur n\'a pas la permission de lecture. Il peut en résulter le masquage de sous-catégories accessibles. Ceci peut rendre l\'index inutilisable avec certaines ACL.';
 $lang['hidepages']             = 'Cacher les pages correspondant à (expression régulière)';
 $lang['useacl']                = 'Utiliser les listes de contrôle d\'accès (ACL)';
+$lang['usewildcards']          = 'Utiliser le joker %USER% dans les ACL';
+$lang['groupwildcards']        = 'Utiliser le joker %GROUP% dans les ACL';
 $lang['autopasswd']            = 'Auto-générer les mots de passe';
 $lang['authtype']              = 'Mécanisme d\'authentification';
 $lang['passcrypt']             = 'Méthode de chiffrement des mots de passe';
diff --git a/lib/plugins/config/settings/config.metadata.php b/lib/plugins/config/settings/config.metadata.php
index 3607f56c6..675dca6cc 100644
--- a/lib/plugins/config/settings/config.metadata.php
+++ b/lib/plugins/config/settings/config.metadata.php
@@ -124,6 +124,8 @@ $meta['hidepages']   = array('string');
 
 $meta['_authentication'] = array('fieldset');
 $meta['useacl']      = array('onoff');
+$meta['usewildcards']    = array('onoff');
+$meta['groupwildcards']  = array('onoff');
 $meta['autopasswd']  = array('onoff');
 $meta['authtype']    = array('authtype');
 $meta['passcrypt']   = array('multichoice','_choices' => array('smd5','md5','apr1','sha1','ssha','lsmd5','crypt','mysql','my411','kmd5','pmd5','hmd5','bcrypt'));
author	Andreas Gohr <andi@splitbrain.org>	2012-06-29 14:55:35 +0200
committer	Andreas Gohr <andi@splitbrain.org>	2012-06-29 14:55:35 +0200
commit	bca545e60204a29018cc5002a1280a01b64594d9 (patch)
tree	a75a9d1529581c265cb2f428df01e9fa24504b98
parent	5d0aaf958325f500ce69cfb79e69eb0d8f83fdeb (diff)
parent	8f50749b133eb2da6dc2d69adc4fb163ed9d41c2 (diff)
download	rpg-bca545e60204a29018cc5002a1280a01b64594d9.tar.gz rpg-bca545e60204a29018cc5002a1280a01b64594d9.tar.bz2