2
2
/**
3
3
* @license GPL 2 (http://www.gnu.org/licenses/gpl.html)
4
4
* @author Andreas Gohr <[email protected] >
5
+ * @author Frieder Schrempf <[email protected] >
5
6
*/
6
7
// must be run within Dokuwiki
7
8
if (!defined ('DOKU_INC ' )) die ();
@@ -58,6 +59,8 @@ function handle($match, $state, $pos, Doku_Handler $handler){
58
59
*/
59
60
function render ($ format , Doku_Renderer $ R , $ data ) {
60
61
global $ INFO ;
62
+ global $ AUTH_ACL ;
63
+
61
64
if ($ format != 'xhtml ' ) return false ;
62
65
63
66
if (!$ data [0 ]) {
@@ -66,71 +69,53 @@ function render($format, Doku_Renderer $R, $data) {
66
69
$ page = $ data [0 ];
67
70
}
68
71
69
- $ perms = $ this ->_aclcheck ($ page );
72
+ $ subjects = array ();
73
+
74
+ /*
75
+ * Get the permissions for @ALL in the beginning, we will use it
76
+ * to compare and filter other permissions that are lower.
77
+ */
78
+ $ allperm = auth_aclcheck ($ page , '' , array ('ALL ' ));
79
+
70
80
$ R ->listu_open ();
71
- foreach ((array )$ perms as $ who => $ p ){
81
+
82
+ /*
83
+ * Go through each entry of the ACL rules.
84
+ */
85
+ foreach ($ AUTH_ACL as $ rule ){
86
+ $ rule = preg_replace ('/#.*$/ ' , '' , $ rule ); // Ignore comments
87
+ $ subject = preg_split ('/[ \t]+/ ' , $ rule )[1 ];
88
+ $ subject = urldecode ($ subject );
89
+ $ groups = array ();
90
+ $ user = '' ;
91
+
92
+ // Skip if we already checked this user/group
93
+ if (in_array ($ subject , $ subjects ))
94
+ continue ;
95
+
96
+ $ subjects [] = $ subject ;
97
+
98
+ // Check if this entry is about a user or a group (starting with '@')
99
+ if (substr ($ subject , 0 , 1 ) === '@ ' )
100
+ $ groups [] = substr ($ subject , 1 );
101
+ else
102
+ $ user = $ subject ;
103
+
104
+ $ perm = auth_aclcheck ($ page , $ user , $ groups );
105
+
106
+ // Skip permissions of 0 or if lower than @ALL
107
+ if ($ perm == AUTH_NONE || ($ subject != '@ALL ' && $ perm <= $ allperm ))
108
+ continue ;
109
+
72
110
$ R ->listitem_open (1 );
73
111
$ R ->listcontent_open ();
74
- $ R ->cdata (sprintf ($ this ->getLang ('perm ' .$ p ), urldecode ( $ who ) ));
112
+ $ R ->cdata (sprintf ($ this ->getLang ('perm ' .$ perm ), $ subject ));
75
113
$ R ->listcontent_close ();
76
114
$ R ->listitem_close ();
77
115
}
78
116
$ R ->listu_close ();
79
117
return true ;
80
118
}
81
-
82
- function _aclcheck ($ id ){
83
- global $ conf ;
84
- global $ AUTH_ACL ;
85
-
86
- $ id = cleanID ($ id );
87
- $ ns = getNS ($ id );
88
- $ perms = array ();
89
-
90
- //check exact match first
91
- $ matches = preg_grep ('/^ ' .preg_quote ($ id ,'/ ' ).'\s+/ ' ,$ AUTH_ACL );
92
- if (count ($ matches )){
93
- foreach ($ matches as $ match ){
94
- $ match = preg_replace ('/#.*$/ ' ,'' ,$ match ); //ignore comments
95
- $ acl = preg_split ('/\s+/ ' ,$ match );
96
- if ($ acl [2 ] > AUTH_DELETE ) $ acl [2 ] = AUTH_DELETE ; //no admins in the ACL!
97
- if (!isset ($ perms [$ acl [1 ]])) $ perms [$ acl [1 ]] = $ acl [2 ];
98
- }
99
- }
100
-
101
- //still here? do the namespace checks
102
- if ($ ns ){
103
- $ path = $ ns .':\* ' ;
104
- }else {
105
- $ path = '\* ' ; //root document
106
- }
107
-
108
- do {
109
- $ matches = preg_grep ('/^ ' .$ path .'\s+/ ' ,$ AUTH_ACL );
110
- if (count ($ matches )){
111
- foreach ($ matches as $ match ){
112
- $ match = preg_replace ('/#.*$/ ' ,'' ,$ match ); //ignore comments
113
- $ acl = preg_split ('/\s+/ ' ,$ match );
114
- if ($ acl [2 ] > AUTH_DELETE ) $ acl [2 ] = AUTH_DELETE ; //no admins in the ACL!
115
- if (!isset ($ perms [$ acl [1 ]])) $ perms [$ acl [1 ]] = $ acl [2 ];
116
- }
117
- }
118
-
119
- //get next higher namespace
120
- $ ns = getNS ($ ns );
121
-
122
- if ($ path != '\* ' ){
123
- $ path = $ ns .':\* ' ;
124
- if ($ path == ':\* ' ) $ path = '\* ' ;
125
- }else {
126
- //we did this already
127
- //break here
128
- break ;
129
- }
130
- }while (1 ); //this should never loop endless
131
-
132
- return $ perms ;
133
- }
134
119
}
135
120
136
121
//Setup VIM: ex: et ts=4 enc=utf-8 :
0 commit comments