diff options
| -rwxr-xr-x[-rw-r--r--] | conf/dokuwiki.php | 2 | ||||
| -rw-r--r-- | inc/auth.php | 12 | ||||
| -rw-r--r-- | lib/plugins/acl/admin.php | 4 | ||||
| -rw-r--r-- | lib/plugins/config/lang/en/lang.php | 2 | ||||
| -rw-r--r-- | lib/plugins/config/lang/fr/lang.php | 2 | ||||
| -rw-r--r-- | lib/plugins/config/settings/config.metadata.php | 2 |
6 files changed, 21 insertions, 3 deletions
diff --git a/conf/dokuwiki.php b/conf/dokuwiki.php index 7a7e4bf1a..2beb65600 100644..100755 --- a/conf/dokuwiki.php +++ b/conf/dokuwiki.php @@ -69,6 +69,8 @@ $conf['iexssprotect']= 1; // check for JavaScript and HTML in up /* Authentication Options - read http://www.splitbrain.org/dokuwiki/wiki:acl */ $conf['useacl'] = 0; //Use Access Control Lists to restrict access? +$conf['usewildcards'] = 1; //Use ACL wildcards +$conf['groupwildcards'] = 1; //More specifically, use %GROUP% wildcard $conf['autopasswd'] = 1; //autogenerate passwords and email them to user $conf['authtype'] = 'plain'; //which authentication backend should be used $conf['passcrypt'] = 'smd5'; //Used crypt method (smd5,md5,sha1,ssha,crypt,mysql,my411) diff --git a/inc/auth.php b/inc/auth.php index e0f58e5f2..88d2caf1b 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -120,17 +120,26 @@ function auth_setup(){ */ function auth_loadACL(){ global $config_cascade; + global $conf; + global $USERINFO; if(!is_readable($config_cascade['acl']['default'])) return array(); $acl = file($config_cascade['acl']['default']); //support user wildcard - if(isset($_SERVER['REMOTE_USER'])){ + if(isset($_SERVER['REMOTE_USER']) && $conf['use_wildcards']){ $len = count($acl); for($i=0; $i<$len; $i++){ if($acl[$i]{0} == '#') continue; list($id,$rest) = preg_split('/\s+/',$acl[$i],2); + if($conf['groups_wilcards'] && (strstr($id, '%GROUP%') || strstr($rest, '%GROUP%'))){ + foreach($USERINFO['grps'] as $grp){ + $nid = str_replace('%GROUP%',cleanID($grp),$id); + $nrest = str_replace('%GROUP%',auth_nameencode($grp),$rest); + $acl[] = "$nid\t$nrest"; + } + } $id = str_replace('%USER%',cleanID($_SERVER['REMOTE_USER']),$id); $rest = str_replace('%USER%',auth_nameencode($_SERVER['REMOTE_USER']),$rest); $acl[$i] = "$id\t$rest"; @@ -607,6 +616,7 @@ function auth_nameencode($name,$skip_group=false){ // never encode wildcard FS#1955 if($name == '%USER%') return $name; + if($name == '%GROUP%') return $name; if (!isset($cache[$name][$skip_group])) { if($skip_group && $name{0} =='@'){ diff --git a/lib/plugins/acl/admin.php b/lib/plugins/acl/admin.php index a6b0624bc..4d2be8dd0 100644 --- a/lib/plugins/acl/admin.php +++ b/lib/plugins/acl/admin.php @@ -84,7 +84,7 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin { $this->who = '@'.ltrim($auth->cleanGroup($who),'@'); }elseif($_REQUEST['acl_t'] == '__u__' && $who){ $this->who = ltrim($who,'@'); - if($this->who != '%USER%'){ #keep wildcard as is + if($this->who != '%USER%' && $this->who != '%GROUP%'){ #keep wildcard as is $this->who = $auth->cleanUser($this->who); } }elseif($_REQUEST['acl_t'] && @@ -140,7 +140,7 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin { if ($who!='@ALL') { $who = '@'.ltrim($auth->cleanGroup($who),'@'); } - } elseif ($who != '%USER%'){ #keep wildcard as is + } elseif ($who != '%USER%' && $who != '%GROUP%'){ #keep wildcard as is $who = $auth->cleanUser($who); } $who = auth_nameencode($who,true); diff --git a/lib/plugins/config/lang/en/lang.php b/lib/plugins/config/lang/en/lang.php index 74ec56345..3d3a6d426 100644 --- a/lib/plugins/config/lang/en/lang.php +++ b/lib/plugins/config/lang/en/lang.php @@ -95,6 +95,8 @@ $lang['showuseras'] = 'What to display when showing the user that last edited a /* Authentication Options */ $lang['useacl'] = 'Use access control lists'; +$lang['usewildcards'] = 'Use the wildcard %USER% for ACL'; +$lang['groupwildcards'] = 'Use the wildcard %GROUP% for ACL'; $lang['autopasswd'] = 'Autogenerate passwords'; $lang['authtype'] = 'Authentication backend'; $lang['passcrypt'] = 'Password encryption method'; diff --git a/lib/plugins/config/lang/fr/lang.php b/lib/plugins/config/lang/fr/lang.php index 8dcd21032..efa5b8f67 100644 --- a/lib/plugins/config/lang/fr/lang.php +++ b/lib/plugins/config/lang/fr/lang.php @@ -83,6 +83,8 @@ $lang['mailguard'] = 'Brouiller les adresses de courriel'; $lang['iexssprotect'] = 'Vérifier la présence de code JavaScript ou HTML malveillant dans les fichiers envoyés'; $lang['showuseras'] = 'Qu\'afficher en montrant les utilisateurs qui ont récemment modifié la page'; $lang['useacl'] = 'Utiliser les listes de contrôle d\'accès (ACL)'; +$lang['usewildcards'] = 'Utiliser le joker %USER% dans les ACL'; +$lang['groupwildcards'] = 'Utiliser le joker %GROUP% dans les ACL'; $lang['autopasswd'] = 'Auto-générer les mots de passe'; $lang['authtype'] = 'Mécanisme d\'authentification'; $lang['passcrypt'] = 'Méthode de chiffrement des mots de passe'; diff --git a/lib/plugins/config/settings/config.metadata.php b/lib/plugins/config/settings/config.metadata.php index 96451e857..bb034f2db 100644 --- a/lib/plugins/config/settings/config.metadata.php +++ b/lib/plugins/config/settings/config.metadata.php @@ -123,6 +123,8 @@ $meta['refshow'] = array('numeric'); $meta['_authentication'] = array('fieldset'); $meta['useacl'] = array('onoff'); +$meta['usewildcards'] = array('onoff'); +$meta['groupwildcards'] = array('onoff'); $meta['autopasswd'] = array('onoff'); $meta['authtype'] = array('authtype'); $meta['passcrypt'] = array('multichoice','_choices' => array('smd5','md5','apr1','sha1','ssha','crypt','mysql','my411','kmd5','pmd5','hmd5')); |