diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2013-08-03 08:44:03 -0700 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2013-08-03 08:44:03 -0700 |
| commit | 2ab4be2bed1b819f88d02a2ff2e352432bb13fd7 (patch) | |
| tree | 9929d38da3311570fb9a0787e2961ff4f9d6e75d /inc/auth.php | |
| parent | 0a57f27ea5c1a6d54627f6af15c516f18f44b229 (diff) | |
| parent | 041a602de97e0bb0e06b7a5a92564e6aadbfa81a (diff) | |
| download | rpg-2ab4be2bed1b819f88d02a2ff2e352432bb13fd7.tar.gz rpg-2ab4be2bed1b819f88d02a2ff2e352432bb13fd7.tar.bz2 | |
Merge pull request #261 from splitbrain/acl_tokensubstitution_fixes
Acl tokensubstitution fixes
Diffstat (limited to 'inc/auth.php')
| -rw-r--r-- | inc/auth.php | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/inc/auth.php b/inc/auth.php index be6b7ebbe..1c0bf5b4f 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -136,22 +136,30 @@ function auth_loadACL() { $acl = file($config_cascade['acl']['default']); - //support user wildcard $out = array(); foreach($acl as $line) { $line = trim($line); if($line{0} == '#') continue; list($id,$rest) = preg_split('/\s+/',$line,2); + // substitue user wildcard first (its 1:1) + if(strstr($line, '%USER%')){ + // if user is not logged in, this ACL line is meaningless - skip it + if (!isset($_SERVER['REMOTE_USER'])) continue; + + $id = str_replace('%USER%',cleanID($_SERVER['REMOTE_USER']),$id); + $rest = str_replace('%USER%',auth_nameencode($_SERVER['REMOTE_USER']),$rest); + } + + // substitute group wildcard (its 1:m) if(strstr($line, '%GROUP%')){ + // if user is not logged in, grps is empty, no output will be added (i.e. skipped) foreach((array) $USERINFO['grps'] as $grp){ $nid = str_replace('%GROUP%',cleanID($grp),$id); $nrest = str_replace('%GROUP%','@'.auth_nameencode($grp),$rest); $out[] = "$nid\t$nrest"; } } else { - $id = str_replace('%USER%',cleanID($_SERVER['REMOTE_USER']),$id); - $rest = str_replace('%USER%',auth_nameencode($_SERVER['REMOTE_USER']),$rest); $out[] = "$id\t$rest"; } } |