From b78bf706e2ab1d34498beea00b7ecfda11944eee Mon Sep 17 00:00:00 2001 From: romain Date: Mon, 30 Jan 2012 19:58:55 +0100 Subject: Added support for the %GROUP% wildcard. %GROUP% is the same as %USER% except it's done on each group a user is in. %USER% and %GROUP% cannot be mixed on an ACL line. --- conf/dokuwiki.php | 2 ++ inc/auth.php | 12 +++++++++++- lib/plugins/acl/admin.php | 4 ++-- lib/plugins/config/lang/en/lang.php | 2 ++ lib/plugins/config/lang/fr/lang.php | 2 ++ lib/plugins/config/settings/config.metadata.php | 2 ++ 6 files changed, 21 insertions(+), 3 deletions(-) mode change 100644 => 100755 conf/dokuwiki.php diff --git a/conf/dokuwiki.php b/conf/dokuwiki.php old mode 100644 new mode 100755 index 7a7e4bf1a..2beb65600 --- a/conf/dokuwiki.php +++ b/conf/dokuwiki.php @@ -69,6 +69,8 @@ $conf['iexssprotect']= 1; // check for JavaScript and HTML in up /* Authentication Options - read http://www.splitbrain.org/dokuwiki/wiki:acl */ $conf['useacl'] = 0; //Use Access Control Lists to restrict access? +$conf['usewildcards'] = 1; //Use ACL wildcards +$conf['groupwildcards'] = 1; //More specifically, use %GROUP% wildcard $conf['autopasswd'] = 1; //autogenerate passwords and email them to user $conf['authtype'] = 'plain'; //which authentication backend should be used $conf['passcrypt'] = 'smd5'; //Used crypt method (smd5,md5,sha1,ssha,crypt,mysql,my411) diff --git a/inc/auth.php b/inc/auth.php index e0f58e5f2..88d2caf1b 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -120,17 +120,26 @@ function auth_setup(){ */ function auth_loadACL(){ global $config_cascade; + global $conf; + global $USERINFO; if(!is_readable($config_cascade['acl']['default'])) return array(); $acl = file($config_cascade['acl']['default']); //support user wildcard - if(isset($_SERVER['REMOTE_USER'])){ + if(isset($_SERVER['REMOTE_USER']) && $conf['use_wildcards']){ $len = count($acl); for($i=0; $i<$len; $i++){ if($acl[$i]{0} == '#') continue; list($id,$rest) = preg_split('/\s+/',$acl[$i],2); + if($conf['groups_wilcards'] && (strstr($id, '%GROUP%') || strstr($rest, '%GROUP%'))){ + foreach($USERINFO['grps'] as $grp){ + $nid = str_replace('%GROUP%',cleanID($grp),$id); + $nrest = str_replace('%GROUP%',auth_nameencode($grp),$rest); + $acl[] = "$nid\t$nrest"; + } + } $id = str_replace('%USER%',cleanID($_SERVER['REMOTE_USER']),$id); $rest = str_replace('%USER%',auth_nameencode($_SERVER['REMOTE_USER']),$rest); $acl[$i] = "$id\t$rest"; @@ -607,6 +616,7 @@ function auth_nameencode($name,$skip_group=false){ // never encode wildcard FS#1955 if($name == '%USER%') return $name; + if($name == '%GROUP%') return $name; if (!isset($cache[$name][$skip_group])) { if($skip_group && $name{0} =='@'){ diff --git a/lib/plugins/acl/admin.php b/lib/plugins/acl/admin.php index a6b0624bc..4d2be8dd0 100644 --- a/lib/plugins/acl/admin.php +++ b/lib/plugins/acl/admin.php @@ -84,7 +84,7 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin { $this->who = '@'.ltrim($auth->cleanGroup($who),'@'); }elseif($_REQUEST['acl_t'] == '__u__' && $who){ $this->who = ltrim($who,'@'); - if($this->who != '%USER%'){ #keep wildcard as is + if($this->who != '%USER%' && $this->who != '%GROUP%'){ #keep wildcard as is $this->who = $auth->cleanUser($this->who); } }elseif($_REQUEST['acl_t'] && @@ -140,7 +140,7 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin { if ($who!='@ALL') { $who = '@'.ltrim($auth->cleanGroup($who),'@'); } - } elseif ($who != '%USER%'){ #keep wildcard as is + } elseif ($who != '%USER%' && $who != '%GROUP%'){ #keep wildcard as is $who = $auth->cleanUser($who); } $who = auth_nameencode($who,true); diff --git a/lib/plugins/config/lang/en/lang.php b/lib/plugins/config/lang/en/lang.php index 74ec56345..3d3a6d426 100644 --- a/lib/plugins/config/lang/en/lang.php +++ b/lib/plugins/config/lang/en/lang.php @@ -95,6 +95,8 @@ $lang['showuseras'] = 'What to display when showing the user that last edited a /* Authentication Options */ $lang['useacl'] = 'Use access control lists'; +$lang['usewildcards'] = 'Use the wildcard %USER% for ACL'; +$lang['groupwildcards'] = 'Use the wildcard %GROUP% for ACL'; $lang['autopasswd'] = 'Autogenerate passwords'; $lang['authtype'] = 'Authentication backend'; $lang['passcrypt'] = 'Password encryption method'; diff --git a/lib/plugins/config/lang/fr/lang.php b/lib/plugins/config/lang/fr/lang.php index 8dcd21032..efa5b8f67 100644 --- a/lib/plugins/config/lang/fr/lang.php +++ b/lib/plugins/config/lang/fr/lang.php @@ -83,6 +83,8 @@ $lang['mailguard'] = 'Brouiller les adresses de courriel'; $lang['iexssprotect'] = 'Vérifier la présence de code JavaScript ou HTML malveillant dans les fichiers envoyés'; $lang['showuseras'] = 'Qu\'afficher en montrant les utilisateurs qui ont récemment modifié la page'; $lang['useacl'] = 'Utiliser les listes de contrôle d\'accès (ACL)'; +$lang['usewildcards'] = 'Utiliser le joker %USER% dans les ACL'; +$lang['groupwildcards'] = 'Utiliser le joker %GROUP% dans les ACL'; $lang['autopasswd'] = 'Auto-générer les mots de passe'; $lang['authtype'] = 'Mécanisme d\'authentification'; $lang['passcrypt'] = 'Méthode de chiffrement des mots de passe'; diff --git a/lib/plugins/config/settings/config.metadata.php b/lib/plugins/config/settings/config.metadata.php index 96451e857..bb034f2db 100644 --- a/lib/plugins/config/settings/config.metadata.php +++ b/lib/plugins/config/settings/config.metadata.php @@ -123,6 +123,8 @@ $meta['refshow'] = array('numeric'); $meta['_authentication'] = array('fieldset'); $meta['useacl'] = array('onoff'); +$meta['usewildcards'] = array('onoff'); +$meta['groupwildcards'] = array('onoff'); $meta['autopasswd'] = array('onoff'); $meta['authtype'] = array('authtype'); $meta['passcrypt'] = array('multichoice','_choices' => array('smd5','md5','apr1','sha1','ssha','crypt','mysql','my411','kmd5','pmd5','hmd5')); -- cgit v1.2.3 From 8f50749b133eb2da6dc2d69adc4fb163ed9d41c2 Mon Sep 17 00:00:00 2001 From: Aorimn Date: Mon, 30 Jan 2012 20:08:23 +0100 Subject: Change default groupwildcards option to 0 not to change behavior of already installed wikis --- conf/dokuwiki.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/conf/dokuwiki.php b/conf/dokuwiki.php index 2beb65600..2d6c1ce68 100755 --- a/conf/dokuwiki.php +++ b/conf/dokuwiki.php @@ -69,8 +69,8 @@ $conf['iexssprotect']= 1; // check for JavaScript and HTML in up /* Authentication Options - read http://www.splitbrain.org/dokuwiki/wiki:acl */ $conf['useacl'] = 0; //Use Access Control Lists to restrict access? -$conf['usewildcards'] = 1; //Use ACL wildcards -$conf['groupwildcards'] = 1; //More specifically, use %GROUP% wildcard +$conf['usewildcards'] = 1; //Use ACL wildcard %USER% +$conf['groupwildcards'] = 0; //More specifically, use %GROUP% wildcard $conf['autopasswd'] = 1; //autogenerate passwords and email them to user $conf['authtype'] = 'plain'; //which authentication backend should be used $conf['passcrypt'] = 'smd5'; //Used crypt method (smd5,md5,sha1,ssha,crypt,mysql,my411) -- cgit v1.2.3 From d0f8d50b16073494dc8ccc16905d445467e648cd Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Fri, 29 Jun 2012 15:01:48 +0200 Subject: simplified %GROUP% wildcard support --- conf/dokuwiki.php | 2 -- inc/auth.php | 12 ++++++------ lib/plugins/config/lang/en/lang.php | 2 -- lib/plugins/config/lang/fr/lang.php | 2 -- lib/plugins/config/settings/config.metadata.php | 2 -- 5 files changed, 6 insertions(+), 14 deletions(-) mode change 100755 => 100644 conf/dokuwiki.php diff --git a/conf/dokuwiki.php b/conf/dokuwiki.php old mode 100755 new mode 100644 index 1eb6f5c5d..cbd42115d --- a/conf/dokuwiki.php +++ b/conf/dokuwiki.php @@ -53,8 +53,6 @@ $conf['hidepages'] = ''; //Regexp for pages to be skipped from /* Authentication Settings */ $conf['useacl'] = 0; //Use Access Control Lists to restrict access? -$conf['usewildcards'] = 1; //Use ACL wildcard %USER% -$conf['groupwildcards'] = 0; //More specifically, use %GROUP% wildcard $conf['autopasswd'] = 1; //autogenerate passwords and email them to user $conf['authtype'] = 'plain'; //which authentication backend should be used $conf['passcrypt'] = 'smd5'; //Used crypt method (smd5,md5,sha1,ssha,crypt,mysql,my411) diff --git a/inc/auth.php b/inc/auth.php index 58c796f2e..1263f7aec 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -136,12 +136,12 @@ function auth_loadACL() { for($i = 0; $i < $len; $i++) { if($acl[$i]{0} == '#') continue; list($id,$rest) = preg_split('/\s+/',$acl[$i],2); - if($conf['groups_wilcards'] && (strstr($id, '%GROUP%') || strstr($rest, '%GROUP%'))){ - foreach($USERINFO['grps'] as $grp){ - $nid = str_replace('%GROUP%',cleanID($grp),$id); - $nrest = str_replace('%GROUP%',auth_nameencode($grp),$rest); - $acl[] = "$nid\t$nrest"; - } + if(strstr($acl[$i], '%GROUP%')){ + foreach($USERINFO['grps'] as $grp){ + $nid = str_replace('%GROUP%',cleanID($grp),$id); + $nrest = str_replace('%GROUP%',auth_nameencode($grp),$rest); + $acl[] = "$nid\t$nrest"; + } } $id = str_replace('%USER%',cleanID($_SERVER['REMOTE_USER']),$id); $rest = str_replace('%USER%',auth_nameencode($_SERVER['REMOTE_USER']),$rest); diff --git a/lib/plugins/config/lang/en/lang.php b/lib/plugins/config/lang/en/lang.php index abc069eab..83c843b3a 100644 --- a/lib/plugins/config/lang/en/lang.php +++ b/lib/plugins/config/lang/en/lang.php @@ -92,8 +92,6 @@ $lang['hidepages'] = 'Hide pages matching this regular expressions from search /* Authentication Settings */ $lang['useacl'] = 'Use access control lists'; -$lang['usewildcards'] = 'Use the wildcard %USER% for ACL'; -$lang['groupwildcards'] = 'Use the wildcard %GROUP% for ACL'; $lang['autopasswd'] = 'Autogenerate passwords'; $lang['authtype'] = 'Authentication backend'; $lang['passcrypt'] = 'Password encryption method'; diff --git a/lib/plugins/config/lang/fr/lang.php b/lib/plugins/config/lang/fr/lang.php index 5fdcd474c..591e9f2fb 100644 --- a/lib/plugins/config/lang/fr/lang.php +++ b/lib/plugins/config/lang/fr/lang.php @@ -79,8 +79,6 @@ $lang['useheading'] = 'Utiliser le titre de premier niveau'; $lang['sneaky_index'] = 'Par défaut, DokuWiki affichera toutes les catégories dans la vue par index. Activer cette option permet de cacher celles pour lesquelles l\'utilisateur n\'a pas la permission de lecture. Il peut en résulter le masquage de sous-catégories accessibles. Ceci peut rendre l\'index inutilisable avec certaines ACL.'; $lang['hidepages'] = 'Cacher les pages correspondant à (expression régulière)'; $lang['useacl'] = 'Utiliser les listes de contrôle d\'accès (ACL)'; -$lang['usewildcards'] = 'Utiliser le joker %USER% dans les ACL'; -$lang['groupwildcards'] = 'Utiliser le joker %GROUP% dans les ACL'; $lang['autopasswd'] = 'Auto-générer les mots de passe'; $lang['authtype'] = 'Mécanisme d\'authentification'; $lang['passcrypt'] = 'Méthode de chiffrement des mots de passe'; diff --git a/lib/plugins/config/settings/config.metadata.php b/lib/plugins/config/settings/config.metadata.php index 675dca6cc..3607f56c6 100644 --- a/lib/plugins/config/settings/config.metadata.php +++ b/lib/plugins/config/settings/config.metadata.php @@ -124,8 +124,6 @@ $meta['hidepages'] = array('string'); $meta['_authentication'] = array('fieldset'); $meta['useacl'] = array('onoff'); -$meta['usewildcards'] = array('onoff'); -$meta['groupwildcards'] = array('onoff'); $meta['autopasswd'] = array('onoff'); $meta['authtype'] = array('authtype'); $meta['passcrypt'] = array('multichoice','_choices' => array('smd5','md5','apr1','sha1','ssha','lsmd5','crypt','mysql','my411','kmd5','pmd5','hmd5','bcrypt')); -- cgit v1.2.3 From 11f03531585cccac387161ba88f54a28bad5624b Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Fri, 29 Jun 2012 15:20:20 +0200 Subject: removed another occurance of the obsolete config option --- inc/auth.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/inc/auth.php b/inc/auth.php index 1263f7aec..fbdb2b439 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -123,7 +123,6 @@ function auth_setup() { */ function auth_loadACL() { global $config_cascade; - global $conf; global $USERINFO; if(!is_readable($config_cascade['acl']['default'])) return array(); @@ -131,7 +130,7 @@ function auth_loadACL() { $acl = file($config_cascade['acl']['default']); //support user wildcard - if(isset($_SERVER['REMOTE_USER']) && $conf['use_wildcards']){ + if(isset($_SERVER['REMOTE_USER'])){ $len = count($acl); for($i = 0; $i < $len; $i++) { if($acl[$i]{0} == '#') continue; -- cgit v1.2.3