modified to use acl engine

svn path=/trunk/; revision=19

diff --git a/Error.page b/Error.page
index 61af555b1a72397ebd7b41dc67e08c85b16dbac0..519dfbb1b26a9e6a5bbcfba1c0ca305e79f45a43 100644 (file)
--- a/Error.page
+++ b/Error.page
@@ -28,6 +28,8 @@ case "${reason}" in
     ;;
   input) echo 'Invalid set of input data.'
     ;;
+  noaccess) echo '... because you were probably trying to do something nasty.'
+    ;;
   *) echo 'Unknown generic fuckup :-('
     ;;
 esac

diff --git a/Home.page b/Home.page
index 8f9d9dcb2a59d31d73a26926f680d20b5f39a451..6f67a195469eb5887266d4312dd16722f4cad0ee 100644 (file)
--- a/Home.page
+++ b/Home.page
@@ -38,7 +38,7 @@ cat <<HomeEND
 HomeEND
 $ACL_EDITINTRO && cat <<HomeEND
       <div id="introedit" style="display: none;">
-        <form action="/write/introedit.cgi?i=intro" method="post" accept-charset="UTF-8">
+        <form action="/write/$($LOGIN && echo user_)introedit.cgi?i=intro" method="post" accept-charset="UTF-8">
           <textarea name="text" rows="10">$([ -r "Home/intro" ] && cat Home/intro)</textarea><br>
           <input type="submit">
           <a class="function" href="#" onclick="javascript:hide_screen('introedit');show_screen('introtext');">Cancel</a>
@@ -71,7 +71,7 @@ stat -c '' Home/<0000000000-9999999999>_<000-999>.news && for each in $(ls -c Ho
 HomeEND
   $ACL_EDITNEWS && cat <<HomeEND
       <div id="edit_$info" style="display: none;">
-        <form action="/write/introedit.cgi?i=$info" method="post" accept-charset="UTF-8">
+        <form action="/write/$($LOGIN && echo user_)introedit.cgi?i=$info" method="post" accept-charset="UTF-8">
           <textarea name="text" rows="10">$([ -r "$each" ] && cat $each)</textarea><br>
           <input type="submit">
           <a class="function" href="#news_$info" onclick="javascript:hide_screen('edit_$info');show_screen('news_$info');">Cancel</a>

diff --git a/Tasks.page b/Tasks.page
index 333efe43a0fe3ef8b3b739d055fc5132784b1f85..5c4486e6638eb53c2b7f61430ead98f6efcfee7d 100644 (file)
--- a/Tasks.page
+++ b/Tasks.page
@@ -61,7 +61,7 @@ fi
 
 #create task main dialog
 [ -z "$info" -a -n "$new" ] && cat <<TaskEnd
-<form class="Task" style="height:20em;" method="post" action="write/taskmeta.cgi" accept-charset="UTF-8">
+<form class="Task" style="height:20em;" method="post" action="write/$($LOGIN && echo user_)taskmeta.cgi" accept-charset="UTF-8">
   <h1>$new</h1>
   <input type="hidden" name="headline" value="$new">
   <input type="hidden" name="status" value="new">

diff --git a/Wiki.page b/Wiki.page
index 9e135ad1ae1bee697e693724458aa593f667aa2e..8df11d605ff55eab5b5379139bef3214cdf41c62 100755 (executable)
--- a/Wiki.page
+++ b/Wiki.page
@@ -6,6 +6,8 @@ rev="$(egrep -o '(^|&)(r=)[0-9]{10}(&|$)' <<<"${QUERY_STRING}" |tr -d '&r=')"
 search="$(egrep -o '(^|&)(s=).+(&|$)' <<<"${QUERY_STRING}" |sed -r 's:^&?s=::;s:\+: :g;s:%:\\x:g')"
 search="$(echo -e "${search}" |sed 's:\t: :g;s:\r::g;s:\\:\\\\:g' |head -n1)"
 
+[ -z "$ACL_WIKIEDIT" ] && ACL_WIKIEDIT=false
+
 [ -n "$rev" ] && rev=".$rev"
 if [ -n "$search" ]; then
   info=''
@@ -163,12 +165,12 @@ WikiEND
         <a name="$info" href="/?p=Wiki&amp;i=$info"><h1>$title</h1></a>
         $description<br><br>
         <a class="function" href="/?p=Wiki&amp;i=$info">View</a> 
-        $($LOGIN && echo "<a class='function' href='#' onclick=\"javascript:show_screen('change_$info');hide_screen('display_$info');\">Change Info</a>")
+        $($ACL_WIKIEDIT && echo "<a class='function' href='#' onclick=\"javascript:show_screen('change_$info');hide_screen('display_$info');\">Change Info</a>")
       </div>
 WikiEND
-    $LOGIN && cat <<WikiEND
+    $ACL_WIKIEDIT && cat <<WikiEND
       <div id="change_$info" style="display: none;">
-        <form action="/write/wikimeta.cgi?i=$info" method="post" accept-charset="UTF-8">
+        <form action="/write/$($LOGIN && echo user_)wikimeta.cgi?i=$info" method="post" accept-charset="UTF-8">
          <b>Title:</b> <input type="text" name="title" value="$title"><br>
          <b>Description:</b><br>
          <textarea name="desc" rows="6" style="width:100%;">$description</textarea><br>

diff --git a/auth/acl.sh b/auth/acl.sh
index 10492dd585835e900b454b741ab0564997a471e9..ba0d44774b3e8e37b1312af092f64677d6cae9a4 100755 (executable)
--- a/auth/acl.sh
+++ b/auth/acl.sh
@@ -2,10 +2,12 @@ ANL_EDITINTRO="paul"
 ANL_ADDNEWS="paul"
 ANL_EDITNEWS="paul"
 ANL_CREATETASK=".*"
+ANL_WIKIEDIT="paul"
 
 [ -n "$REMOTE_USER" ] && USER="$REMOTE_USER" || USER="#NONE#"
-egrep -xq "$ANL_EDITINTRO"  <<<"$USER" && ACL_EDITINTRO=true
-egrep -xq "$ANL_ADDNEWS"    <<<"$USER" && ACL_ADDNEWS=true
-egrep -xq "$ANL_EDITNEWS"   <<<"$USER" && ACL_EDITNEWS=true
-egrep -xq "$ANL_CREATETASK" <<<"$USER" && ACL_CREATETASK=true
+egrep -xq "$ANL_EDITINTRO"  <<<"$USER" && ACL_EDITINTRO=true  || ACL_EDITINTRO=false
+egrep -xq "$ANL_ADDNEWS"    <<<"$USER" && ACL_ADDNEWS=true    || ACL_ADDNEWS=false
+egrep -xq "$ANL_EDITNEWS"   <<<"$USER" && ACL_EDITNEWS=true   || ACL_EDITNEWS=false
+egrep -xq "$ANL_CREATETASK" <<<"$USER" && ACL_CREATETASK=true || ACL_CREATETASK=false
+egrep -xq "$ANL_WIKIEDIT"   <<<"$USER" && ACL_WIKIEDIT=true   || ACL_WIKIEDIT=false
 

diff --git a/write/.htaccess b/write/.htaccess
index 02be1832235e1cda3fc86850b6bf0f0e53c8ad31..df30f7e80b44df3e193bf8324ed77e55246db511 100644 (file)
--- a/write/.htaccess
+++ b/write/.htaccess
@@ -2,11 +2,13 @@ Options +ExecCGI
 AddHandler cgi-script .cgi
 DirectoryIndex index.cgi
 
-RewriteEngine On
-RewriteCond   %{SERVER_PORT}  80
-RewriteRule   ^.*(/write/.*)$     https://%{SERVER_NAME}/$1
+#RewriteEngine On
+#RewriteCond   %{SERVER_PORT}  80
+#RewriteRule   ^.*(/write/.*)$     https://%{SERVER_NAME}/$1
 
+<FilesMatch "^user_">
 AuthType Basic
 AuthName "Kinoserver Login"
 AuthUserFile /sites/kinob.plutz.net/http/.htpasswd
 Require valid-user
+</FilesMatch>

diff --git a/write/introedit.cgi b/write/introedit.cgi
index 5e53faee9c50999ae0636fd5fcfc9c62949f3a93..b02437193e28f860229c780db343e1df6fd44a8b 100755 (executable)
--- a/write/introedit.cgi
+++ b/write/introedit.cgi
@@ -15,9 +15,16 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with Busy.  If not, see <http://www.gnu.org/licenses/>.
 
+[ "$HTTPS" = "on" ] && proto=https || proto=http
+. ../auth/acl.sh
+
 info="$(egrep -o '(^|&)i=([0-9]{10}_[0-9]{3}|intro|news)(&|$)' <<<"${QUERY_STRING}" |sed 's:&::g;s:i=::')"
-[ "$info" = "news" ] && info="$(date +%s)_$(apg -M N -a 1 -n 1 -m 3 -x 3)"
-[ "$info" != "intro" ] && info="${info}.news"
+[ "$info" = "news" ] && $ACL_ADDNEWS && info="$(date +%s)_$(apg -M N -a 1 -n 1 -m 3 -x 3)"
+[ "$info" != "intro" ] && $ACL_EDITNEWS && info="${info}.news"
+[ "$info" = "intro" ] && ($ACL_EDITINTRO || info='')
+
+[ -n "$info" ] || echo "Location: ${proto}://${HTTP_HOST}/?p=Error&i=noaccess\n\n"
+[ -n "$info" ] || exit 0
 
 if [ -n "${CONTENT_LENGTH}" -a "${CONTENT_LENGTH}" -gt 0 ]; then
 (head -c "${CONTENT_LENGTH}"; echo)|sed 's/&/\n/g' |while read line; do
@@ -32,4 +39,4 @@ fi
 
 [ -z "$cancel" ] && grep -qx "${REMOTE_USER}" ../auth/admin.user && echo -e "${text}" >"../Home/$info"
 
-echo -n "Location: http://${HTTP_HOST}/?p=Home\n\n"
+echo -n "Location: ${proto}://${HTTP_HOST}/?p=Home\n\n"

diff --git a/write/lock.cgi b/write/lock.cgi
index 41c095119258bc473be06ef8b7099f7e6de6125b..3c2866db905178beeaf3a6c64ec261832cd9caea 100755 (executable)
--- a/write/lock.cgi
+++ b/write/lock.cgi
@@ -15,18 +15,19 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with Busy.  If not, see <http://www.gnu.org/licenses/>.
 
+[ "$HTTPS" = "on" ] && proto=https || proto=http
+. ../auth/acl.sh
+$ACL_WIKIEDIT || echo "Location: ${proto}://${HTTP_HOST}/?p=Error&i=noaccess\n\n"
+$ACL_WIKIEDIT || exit 0 
+
 page=$(egrep -o '(^|&)p=(QandA|Locations|Wiki)(&|$)' <<<"${QUERY_STRING}" |sed 's,p=,,;s,&,,g')
 edit=$(egrep -o '(^|&)e=[0-9]{10}_[0-9]{3}(_[0-9]{1,4})?(&|$)' <<<"${QUERY_STRING}" |tr -d 'e=&')
 
 case "$page" in
-  QandA)       [ -f "../QandA/${edit}.qstn" ] && echo "${REMOTE_USER}:$(($(date +%s)+600))" >"../QandA/${edit}.lock"
-       ;;
-  Locations)   [ -f "../Locations/${edit}.jpg" ] && echo "${REMOTE_USER}:$(($(date +%s)+600))" >"../Locations/${edit}.lock"
-       ;;
   Wiki)        [ -f "../Wiki/${edit}" ] && echo "${REMOTE_USER}:$(($(date +%s)+600))" >"../Wiki/${edit}.lock"
        ;;
   *)   echo -n "Location: http://$host/?p=Error&r=input&$page\n\n"
        exit 0
        ;;
 esac
-echo -n "Location: http://${HTTP_HOST}/?${QUERY_STRING}\n\n"
+echo -n "Location: ${proto}://${HTTP_HOST}/?${QUERY_STRING}\n\n"

diff --git a/write/taskmeta.cgi b/write/taskmeta.cgi
index 0d8879c6ecb51910e143f2d9d5018e315bc9ba75..a5e2ffc99cdfdc053990439598c1638486f8e878 100755 (executable)
--- a/write/taskmeta.cgi
+++ b/write/taskmeta.cgi
@@ -16,6 +16,12 @@
 # along with Busy.  If not, see <http://www.gnu.org/licenses/>.
 
 #info="$(egrep -o '(^|&)i=[0-9]{10}_[0-9]{3}(&|$)' <<<"${QUERY_STRING}" |tr -d '&i=')"
+[ "$HTTPS" = "on" ] && PROTO=https || proto=http
+
+. ../auth/acl.sh
+$ACL_CREATETASK || echo "Location: ${proto}://${HTTP_HOST}/?p=Error&i=noaccess\n\n"
+$ACL_CREATETASK || exit 0
+
 info="$(sed -r 's:(^|.*&)i=(.*)|.*:\2:;s:&.*::' <<<"${QUERY_STRING}")"
 
 [ -z "$info" ] && info="$(date +%s)_$(apg -M N -a 1 -n 1 -m 3 -x 3)"
@@ -52,14 +58,14 @@ if [ -z "$cancel" -a -n "$comment" ]; then
   touch "../Tasks/$info"
   echo -e "author=${REMOTE_USER}" > "$commfile"
   echo -e "${comment}" >> "$commfile"
-  echo -n "Location: http://${HTTP_HOST}/?p=Tasks&i=$info\n\n"
+  echo -n "Location: ${proto}://${HTTP_HOST}/?p=Tasks&i=$info\n\n"
 elif [ -z "$cancel" -a -n "$description" ]; then
   touch "../Tasks/$info"
   echo -e "headline=${headline}" > "$descfile"
   echo -e "status=${taskstatus}" >> "$descfile"
   echo -e "section=${section}" >> "$descfile"
   echo -e "${description}" >> "../Tasks/$info"
-  echo -n "Location: http://${HTTP_HOST}/?p=Tasks#$anchor\n\n"
+  echo -n "Location: ${proto}://${HTTP_HOST}/?p=Tasks#$anchor\n\n"
 elif [ -n "$cancel" ]; then
-  echo -n "Location: http://${HTTP_HOST}/?p=Tasks#$anchor\n\n"
+  echo -n "Location: ${proto}://${HTTP_HOST}/?p=Tasks#$anchor\n\n"
 fi

diff --git a/write/user_introedit.cgi b/write/user_introedit.cgi
new file mode 120000 (symlink)
index 0000000..a23710b
--- /dev/null
+++ b/write/user_introedit.cgi
@@ -0,0 +1 @@
+introedit.cgi
\ No newline at end of file

diff --git a/write/user_lock.cgi b/write/user_lock.cgi
new file mode 120000 (symlink)
index 0000000..a247558
--- /dev/null
+++ b/write/user_lock.cgi
@@ -0,0 +1 @@
+lock.cgi
\ No newline at end of file

diff --git a/write/user_taskmeta.cgi b/write/user_taskmeta.cgi
new file mode 120000 (symlink)
index 0000000..b6544bf
--- /dev/null
+++ b/write/user_taskmeta.cgi
@@ -0,0 +1 @@
+taskmeta.cgi
\ No newline at end of file

diff --git a/write/user_wikiedit.cgi b/write/user_wikiedit.cgi
new file mode 120000 (symlink)
index 0000000..368a76b
--- /dev/null
+++ b/write/user_wikiedit.cgi
@@ -0,0 +1 @@
+wikiedit.cgi
\ No newline at end of file

diff --git a/write/user_wikimeta.cgi b/write/user_wikimeta.cgi
new file mode 120000 (symlink)
index 0000000..002e11e
--- /dev/null
+++ b/write/user_wikimeta.cgi
@@ -0,0 +1 @@
+wikimeta.cgi
\ No newline at end of file

diff --git a/write/wikiedit.cgi b/write/wikiedit.cgi
index 2ce87e2fc2ad0ebc501cb03d630a7b3a608b01cf..5a3471e6dbd8b01c7c72734149cc00e279d16e36 100755 (executable)
--- a/write/wikiedit.cgi
+++ b/write/wikiedit.cgi
@@ -15,6 +15,11 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with Busy.  If not, see <http://www.gnu.org/licenses/>.
 
+[ "$HTTPS" = "on" ] && proto=https || proto=http
+. ../auth/acl.sh
+$ACL_WIKIEDIT || echo "Location: ${proto}://${HTTP_HOST}/?p=Error&i=noaccess\n\n"
+$ACL_WIKIEDIT || exit 0
+
 info="$(egrep -o '(^|&)i=[0-9]{10}_[0-9]{3}(&|$)' <<<"${QUERY_STRING}" |tr -d '&=i')"
 [ -f "../Wiki/$info.lock" ] && rm "../Wiki/$info.lock"
 
@@ -32,4 +37,4 @@ fi
 [ -z "$cancel" -a -f "../Wiki/$info" ] && mv "../Wiki/$info" "../Wiki/$info.$(date +%s)"
 [ -z "$cancel" ] && echo -e "${page}" >"../Wiki/$info"
 
-echo -n "Location: https://${HTTP_HOST}/?p=Wiki&i=$info\n\n"
+echo -n "Location: ${proto}://${HTTP_HOST}/?p=Wiki&i=$info\n\n"

diff --git a/write/wikimeta.cgi b/write/wikimeta.cgi
index fe234aee772299a229bdde77c35fd2d122a33558..e032d910d28eeff2edfffbab042c0de92a008e49 100755 (executable)
--- a/write/wikimeta.cgi
+++ b/write/wikimeta.cgi
@@ -15,6 +15,12 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with Busy.  If not, see <http://www.gnu.org/licenses/>.
 
+[ "$HTTPS" = "on" ] && proto=https || proto=http
+. ../auth/acl.sh
+env >../debug
+$ACL_WIKIEDIT || echo "Location: ${proto}://${HTTP_HOST}/?p=Error&i=noaccess\n\n"
+$ACL_WIKIEDIT || exit 0 
+
 info="$(egrep -o '(^|&)i=[0-9]{10}_[0-9]{3}(&|$)' <<<"${QUERY_STRING}" |tr -d '&i=')"
 
 [ -z "$info" ] && info="$(date +%s)_$(apg -M N -a 1 -n 1 -m 3 -x 3)"
@@ -45,12 +51,12 @@ if [ -z "$cancel" -a -n "$comment" ]; then
   touch "../Wiki/$info"
   echo -e "author=${REMOTE_USER}" > "$commfile"
   echo -e "${comment}" >> "$commfile"
-  echo -n "Location: https://${HTTP_HOST}/?p=Wiki&i=$info\n\n"
+  echo -n "Location: ${proto}://${HTTP_HOST}/?p=Wiki&i=$info\n\n"
 elif [ -z "$cancel" -a -n "$description" ]; then
   touch "../Wiki/$info"
   echo -e "title=${title}" > "$descfile"
   echo -e "description=${description}" >> "$descfile"
-  echo -n "Location: https://${HTTP_HOST}/?p=Wiki#$anchor\n\n"
+  echo -n "Location: ${proto}://${HTTP_HOST}/?p=Wiki#$anchor\n\n"
 elif [ -n "$cancel" ]; then
-  echo -n "Location: https://${HTTP_HOST}/?p=Wiki#$anchor\n\n"
+  echo -n "Location: ${proto}://${HTTP_HOST}/?p=Wiki#$anchor\n\n"
 fi