22/**
33 * @license GPL 2 (http://www.gnu.org/licenses/gpl.html)
44 * @author Andreas Gohr <[email protected] > 5+ * @author Frieder Schrempf <[email protected] > 56 */
67// must be run within Dokuwiki
78if (!defined ('DOKU_INC ' )) die ();
@@ -58,6 +59,8 @@ function handle($match, $state, $pos, Doku_Handler $handler){
5859 */
5960 function render ($ formatDoku_Renderer $ R$ data
6061 global $ INFO
62+ global $ AUTH_ACL
63+
6164 if ($ format'xhtml ' ) return false ;
6265
6366 if (!$ data0 ]) {
@@ -66,71 +69,53 @@ function render($format, Doku_Renderer $R, $data) {
6669 $ page$ data0 ];
6770 }
6871
69- $ perms$ this _aclcheck ($ page
72+ $ subjectsarray ();
73+
74+ /*
75+ * Get the permissions for @ALL in the beginning, we will use it
76+ * to compare and filter other permissions that are lower.
77+ */
78+ $ allpermauth_aclcheck ($ page'' , array ('ALL ' ));
79+
7080 $ Rlistu_open ();
71- foreach ((array )$ permsas $ who$ p
81+
82+ /*
83+ * Go through each entry of the ACL rules.
84+ */
85+ foreach ($ AUTH_ACL as $ rule
86+ $ rulepreg_replace ('/#.*$/ ' , '' , $ rule// Ignore comments
87+ $ subjectpreg_split ('/[ \t]+/ ' , $ rule1 ];
88+ $ subjecturldecode ($ subject
89+ $ groupsarray ();
90+ $ user'' ;
91+
92+ // Skip if we already checked this user/group
93+ if (in_array ($ subject$ subjects
94+ continue ;
95+
96+ $ subjects$ subject
97+
98+ // Check if this entry is about a user or a group (starting with '@')
99+ if (substr ($ subject0 , 1 ) === '@ ' )
100+ $ groupssubstr ($ subject1 );
101+ else
102+ $ user$ subject
103+
104+ $ permauth_aclcheck ($ page$ user$ groups
105+
106+ // Skip permissions of 0 or if lower than @ALL
107+ if ($ permAUTH_NONE || ($ subject'@ALL ' && $ perm$ allperm
108+ continue ;
109+
72110 $ Rlistitem_open (1 );
73111 $ Rlistcontent_open ();
74- $ Rcdata (sprintf ($ this getLang ('perm ' .$ p urldecode ( $ who ) ));
112+ $ Rcdata (sprintf ($ this getLang ('perm ' .$ perm $ subject
75113 $ Rlistcontent_close ();
76114 $ Rlistitem_close ();
77115 }
78116 $ Rlistu_close ();
79117 return true ;
80118 }
81-
82- function _aclcheck ($ id
83- global $ conf
84- global $ AUTH_ACL
85-
86- $ idcleanID ($ id
87- $ nsgetNS ($ id
88- $ permsarray ();
89-
90- //check exact match first
91- $ matchespreg_grep ('/^ ' .preg_quote ($ id'/ ' ).'\s+/ ' ,$ AUTH_ACL
92- if (count ($ matches
93- foreach ($ matchesas $ match
94- $ matchpreg_replace ('/#.*$/ ' ,'' ,$ match//ignore comments
95- $ aclpreg_split ('/\s+/ ' ,$ match
96- if ($ acl2 ] > AUTH_DELETE ) $ acl2 ] = AUTH_DELETE ; //no admins in the ACL!
97- if (!isset ($ perms$ acl1 ]])) $ perms$ acl1 ]] = $ acl2 ];
98- }
99- }
100-
101- //still here? do the namespace checks
102- if ($ ns
103- $ path$ ns':\* ' ;
104- }else {
105- $ path'\* ' ; //root document
106- }
107-
108- do {
109- $ matchespreg_grep ('/^ ' .$ path'\s+/ ' ,$ AUTH_ACL
110- if (count ($ matches
111- foreach ($ matchesas $ match
112- $ matchpreg_replace ('/#.*$/ ' ,'' ,$ match//ignore comments
113- $ aclpreg_split ('/\s+/ ' ,$ match
114- if ($ acl2 ] > AUTH_DELETE ) $ acl2 ] = AUTH_DELETE ; //no admins in the ACL!
115- if (!isset ($ perms$ acl1 ]])) $ perms$ acl1 ]] = $ acl2 ];
116- }
117- }
118-
119- //get next higher namespace
120- $ nsgetNS ($ ns
121-
122- if ($ path'\* ' ){
123- $ path$ ns':\* ' ;
124- if ($ path':\* ' ) $ path'\* ' ;
125- }else {
126- //we did this already
127- //break here
128- break ;
129- }
130- }while (1 ); //this should never loop endless
131-
132- return $ perms
133- }
134119}
135120
136121//Setup VIM: ex: et ts=4 enc=utf-8 :
0 commit comments