diff options
| -rwxr-xr-x[-rw-r--r--] | conf/dokuwiki.php | 2 | ||||
| -rw-r--r-- | inc/auth.php | 18 | ||||
| -rw-r--r-- | lib/plugins/acl/admin.php | 4 | ||||
| -rw-r--r-- | lib/plugins/config/lang/en/lang.php | 2 | ||||
| -rw-r--r-- | lib/plugins/config/lang/fr/lang.php | 2 | ||||
| -rw-r--r-- | lib/plugins/config/settings/config.metadata.php | 2 |
6 files changed, 24 insertions, 6 deletions
diff --git a/conf/dokuwiki.php b/conf/dokuwiki.php index cbd42115d..1eb6f5c5d 100644..100755 --- a/conf/dokuwiki.php +++ b/conf/dokuwiki.php @@ -53,6 +53,8 @@ $conf['hidepages'] = ''; //Regexp for pages to be skipped from /* Authentication Settings */ $conf['useacl'] = 0; //Use Access Control Lists to restrict access? +$conf['usewildcards'] = 1; //Use ACL wildcard %USER% +$conf['groupwildcards'] = 0; //More specifically, use %GROUP% wildcard $conf['autopasswd'] = 1; //autogenerate passwords and email them to user $conf['authtype'] = 'plain'; //which authentication backend should be used $conf['passcrypt'] = 'smd5'; //Used crypt method (smd5,md5,sha1,ssha,crypt,mysql,my411) diff --git a/inc/auth.php b/inc/auth.php index d0f21c825..58c796f2e 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -123,19 +123,28 @@ function auth_setup() { */ function auth_loadACL() { global $config_cascade; + global $conf; + global $USERINFO; if(!is_readable($config_cascade['acl']['default'])) return array(); $acl = file($config_cascade['acl']['default']); //support user wildcard - if(isset($_SERVER['REMOTE_USER'])) { + if(isset($_SERVER['REMOTE_USER']) && $conf['use_wildcards']){ $len = count($acl); for($i = 0; $i < $len; $i++) { if($acl[$i]{0} == '#') continue; - list($id, $rest) = preg_split('/\s+/', $acl[$i], 2); - $id = str_replace('%USER%', cleanID($_SERVER['REMOTE_USER']), $id); - $rest = str_replace('%USER%', auth_nameencode($_SERVER['REMOTE_USER']), $rest); + list($id,$rest) = preg_split('/\s+/',$acl[$i],2); + if($conf['groups_wilcards'] && (strstr($id, '%GROUP%') || strstr($rest, '%GROUP%'))){ + foreach($USERINFO['grps'] as $grp){ + $nid = str_replace('%GROUP%',cleanID($grp),$id); + $nrest = str_replace('%GROUP%',auth_nameencode($grp),$rest); + $acl[] = "$nid\t$nrest"; + } + } + $id = str_replace('%USER%',cleanID($_SERVER['REMOTE_USER']),$id); + $rest = str_replace('%USER%',auth_nameencode($_SERVER['REMOTE_USER']),$rest); $acl[$i] = "$id\t$rest"; } } @@ -632,6 +641,7 @@ function auth_nameencode($name, $skip_group = false) { // never encode wildcard FS#1955 if($name == '%USER%') return $name; + if($name == '%GROUP%') return $name; if(!isset($cache[$name][$skip_group])) { if($skip_group && $name{0} == '@') { diff --git a/lib/plugins/acl/admin.php b/lib/plugins/acl/admin.php index c3461b78b..1f88c6ff9 100644 --- a/lib/plugins/acl/admin.php +++ b/lib/plugins/acl/admin.php @@ -84,7 +84,7 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin { $this->who = '@'.ltrim($auth->cleanGroup($who),'@'); }elseif($_REQUEST['acl_t'] == '__u__' && $who){ $this->who = ltrim($who,'@'); - if($this->who != '%USER%'){ #keep wildcard as is + if($this->who != '%USER%' && $this->who != '%GROUP%'){ #keep wildcard as is $this->who = $auth->cleanUser($this->who); } }elseif($_REQUEST['acl_t'] && @@ -140,7 +140,7 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin { if ($who!='@ALL') { $who = '@'.ltrim($auth->cleanGroup($who),'@'); } - } elseif ($who != '%USER%'){ #keep wildcard as is + } elseif ($who != '%USER%' && $who != '%GROUP%'){ #keep wildcard as is $who = $auth->cleanUser($who); } $who = auth_nameencode($who,true); diff --git a/lib/plugins/config/lang/en/lang.php b/lib/plugins/config/lang/en/lang.php index 83c843b3a..abc069eab 100644 --- a/lib/plugins/config/lang/en/lang.php +++ b/lib/plugins/config/lang/en/lang.php @@ -92,6 +92,8 @@ $lang['hidepages'] = 'Hide pages matching this regular expressions from search /* Authentication Settings */ $lang['useacl'] = 'Use access control lists'; +$lang['usewildcards'] = 'Use the wildcard %USER% for ACL'; +$lang['groupwildcards'] = 'Use the wildcard %GROUP% for ACL'; $lang['autopasswd'] = 'Autogenerate passwords'; $lang['authtype'] = 'Authentication backend'; $lang['passcrypt'] = 'Password encryption method'; diff --git a/lib/plugins/config/lang/fr/lang.php b/lib/plugins/config/lang/fr/lang.php index 591e9f2fb..5fdcd474c 100644 --- a/lib/plugins/config/lang/fr/lang.php +++ b/lib/plugins/config/lang/fr/lang.php @@ -79,6 +79,8 @@ $lang['useheading'] = 'Utiliser le titre de premier niveau'; $lang['sneaky_index'] = 'Par défaut, DokuWiki affichera toutes les catégories dans la vue par index. Activer cette option permet de cacher celles pour lesquelles l\'utilisateur n\'a pas la permission de lecture. Il peut en résulter le masquage de sous-catégories accessibles. Ceci peut rendre l\'index inutilisable avec certaines ACL.'; $lang['hidepages'] = 'Cacher les pages correspondant à (expression régulière)'; $lang['useacl'] = 'Utiliser les listes de contrôle d\'accès (ACL)'; +$lang['usewildcards'] = 'Utiliser le joker %USER% dans les ACL'; +$lang['groupwildcards'] = 'Utiliser le joker %GROUP% dans les ACL'; $lang['autopasswd'] = 'Auto-générer les mots de passe'; $lang['authtype'] = 'Mécanisme d\'authentification'; $lang['passcrypt'] = 'Méthode de chiffrement des mots de passe'; diff --git a/lib/plugins/config/settings/config.metadata.php b/lib/plugins/config/settings/config.metadata.php index 3607f56c6..675dca6cc 100644 --- a/lib/plugins/config/settings/config.metadata.php +++ b/lib/plugins/config/settings/config.metadata.php @@ -124,6 +124,8 @@ $meta['hidepages'] = array('string'); $meta['_authentication'] = array('fieldset'); $meta['useacl'] = array('onoff'); +$meta['usewildcards'] = array('onoff'); +$meta['groupwildcards'] = array('onoff'); $meta['autopasswd'] = array('onoff'); $meta['authtype'] = array('authtype'); $meta['passcrypt'] = array('multichoice','_choices' => array('smd5','md5','apr1','sha1','ssha','lsmd5','crypt','mysql','my411','kmd5','pmd5','hmd5','bcrypt')); |