Added support for the %GROUP% wildcard.

%GROUP% is the same as %USER% except it's done on each group a user is
in.
%USER% and %GROUP% cannot be mixed on an ACL line.

1 files changed, 11 insertions, 1 deletions

diff --git a/inc/auth.php b/inc/auth.php
index e0f58e5f2..88d2caf1b 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -120,17 +120,26 @@ function auth_setup(){
  */
 function auth_loadACL(){
     global $config_cascade;
+    global $conf;
+    global $USERINFO;
 
     if(!is_readable($config_cascade['acl']['default'])) return array();
 
     $acl = file($config_cascade['acl']['default']);
 
     //support user wildcard
-    if(isset($_SERVER['REMOTE_USER'])){
+    if(isset($_SERVER['REMOTE_USER']) && $conf['use_wildcards']){
         $len = count($acl);
         for($i=0; $i<$len; $i++){
             if($acl[$i]{0} == '#') continue;
             list($id,$rest) = preg_split('/\s+/',$acl[$i],2);
+            if($conf['groups_wilcards'] && (strstr($id, '%GROUP%') || strstr($rest, '%GROUP%'))){
+                    foreach($USERINFO['grps'] as $grp){
+                            $nid   = str_replace('%GROUP%',cleanID($grp),$id);
+                            $nrest = str_replace('%GROUP%',auth_nameencode($grp),$rest);
+                            $acl[] = "$nid\t$nrest";
+                    }
+            }
             $id   = str_replace('%USER%',cleanID($_SERVER['REMOTE_USER']),$id);
             $rest = str_replace('%USER%',auth_nameencode($_SERVER['REMOTE_USER']),$rest);
             $acl[$i] = "$id\t$rest";
@@ -607,6 +616,7 @@ function auth_nameencode($name,$skip_group=false){
 
     // never encode wildcard FS#1955
     if($name == '%USER%') return $name;
+    if($name == '%GROUP%') return $name;
 
     if (!isset($cache[$name][$skip_group])) {
         if($skip_group && $name{0} =='@'){