#!/bin/sh
+[ "$include_acl" ] && return 0
+include_acl="$0"
+
+# Copyright 2022 - 2023 Paul Hänsch
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
+# IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
# ACL_OVERRIDE="${ACL_OVERRIDE:-Admin:read,write}"
-ACL_DEFAULT="${ACL_DEFAULT:-All:read${BR}Known:read,write}"
+ACL_DEFAULT="${ACL_DEFAULT:-Known:read,write${BR}All:read}"
acl_cachepath=''
acl_collection=''
acl_collect(){
- local path="${1:-${PATH_INFO}}"
+ local path="$1"
# Get directory part of PATH_INFO
local path="${path%/*}/./"
local pagefile head acl
- if [ "$acl_cachepath" = "$path" ]; then
- printf '%s\n' "$ACL_OVERRIDE" "$acl_collection" "$ACL_DEFAULT"
- return 0
- else
- acl_cachepath="$path"
- acl_collection=''
- fi
-
printf '%s\n' "$ACL_OVERRIDE"
while :; do
[ "$path" = / ] && break
path="${path%/*/}/"
+ # Do not use `mdfile` function here because of specialties
+ # in translation handler (`handlers/10_translations.sh`)
if [ -f "$_DATA/pages/$path/#page.md" ]; then
pagefile="$_DATA/pages/$path/#page.md"
elif [ -f "$_EXEC/pages/$path/#page.md" ]; then
continue
fi
- n=20; while read -r head acl; do
- if [ "$head" = "%acl" ]; then
- acl_collection="${acl%${CR}}${BR}"
- printf "%s\n" "${acl%${CR}}"
- n=$((n+1))
- fi
+ acl="$(sed -En '
+ s;\r$;;;
+ /^%acl([\t ]+.*)?$/bACL;
+ 20q;
+ b;
+
+ :ACL
+ s;(%(acl)?)?[\t ]*;;
+ p; n; s;\r$;;;
+ /^(%[ \t]+|%acl[ \t]+|[ \t]+)[^ \t\r]+$/bACL;
+ /^(%[ \t]*|%acl[ \t]*)$/bACL;
+ ' <"$pagefile")"
- n="$((n - 1))"
- [ "$n" -eq 0 ] && break
- done <"$pagefile"
+ printf %s\\n "${acl}"
done
printf '%s\n' "$ACL_DEFAULT"
acl_read(){
local page="${1:-${PATH_INFO}}"
- local acl
+ local acl group
+
+ if [ "$acl_cachepath" != "$page" ]; then
+ acl_cachepath="$page"
+ acl_collection="$(acl_collect "$page")"
+ fi
while read -r acl; do
case ${acl##*:} in
acl="${acl%%:*}:read";;
*) acl="${acl%%:*}:";;
esac
+ [ "$USER_NAME" ] && case ${acl%:*} in
+ \&*|+\&*|-\&*)
+ group="${acl%%:*}" group="${group#[+-]}"
+ printf '%s\n' "$USER_GROUPS" |grep -qxF "$group" \
+ || continue
+ ;;
+ esac
[ "$USER_NAME" ] && case $acl in
- "Known:read") return 0;;
- "Known:") return 1;;
- "+Known:read") return 0;;
- "-Known:read") return 1;;
- "@${USER_NAME}:read") return 0;;
- "@${USER_NAME}:") return 1;;
- "+@{$USER_NAME}:read") return 0;;
- "-@{$USER_NAME}:read") return 1;;
+ "@${USER_NAME}:"|"Known:"|"@@:"|"&"*":")
+ return 1;;
+ "@${USER_NAME}:read"|"Known:read"|"@@:read"|"&"*":read")
+ return 0;;
+ "-@{$USER_NAME}:read"|"-Known:read"|"-@@:read"|"-&"*":read")
+ return 1;;
+ "+@{$USER_NAME}:read"|"+Known:read"|"+@@:read"|"+&"*":read")
+ return 0;;
esac
case $acl in
- "All:read") return 0;;
- "All:") return 1;;
- "+All:read") return 0;;
- "-All:read") return 1;;
+ "All:"|"*:") return 1;;
+ "All:read"|"*:read") return 0;;
+ "-All:read"|"-*:read") return 1;;
+ "+All:read"|"+*:read") return 0;;
esac
- done <<-EOF
- $(acl_collect "$page")
+ done <<-EOF
+ ${acl_collection}
EOF
return 1
}
acl_write(){
local page="${1:-${PATH_INFO}}"
- local acl
+ local acl group
+
+ if [ "$acl_cachepath" != "$page" ]; then
+ acl_cachepath="$page"
+ acl_collection="$(acl_collect "$page")"
+ fi
while read -r acl; do
case ${acl##*:} in
acl="${acl%%:*}:write";;
*) acl="${acl%%:*}:";;
esac
+ [ "$USER_NAME" ] && case ${acl%:*} in
+ \&*|+\&*|-\&*)
+ group="${acl%%:*}" group="${group#[+-]}"
+ printf '%s\n' "$USER_GROUPS" |grep -qxF "$group" \
+ || continue
+ ;;
+ esac
[ "$USER_NAME" ] && case ${acl} in
- "Known:write") return 0;;
- "Known:") return 1;;
- "+Known:write") return 0;;
- "-Known:write") return 1;;
- "@${USER_NAME}:write") return 0;;
- "@${USER_NAME}:") return 1;;
- "+@{$USER_NAME}:write") return 0;;
- "-@{$USER_NAME}:write") return 1;;
+ "@${USER_NAME}:"|"Known:"|"@@:"|"&"*":")
+ return 1;;
+ "@${USER_NAME}:write"|"Known:write"|"@@:write"|"&"*":write")
+ return 0;;
+ "-@{$USER_NAME}:write"|"-Known:write"|"-@@:write"|"-&"*":write")
+ return 1;;
+ "+@{$USER_NAME}:write"|"+Known:write"|"+@@:write"|"+&"*":write")
+ return 0;;
esac
case $acl in
- "All:write") return 0;;
- "All:") return 1;;
- "+All:write") return 0;;
- "-All:write") return 1;;
+ "All:"|"*:") return 1;;
+ "All:write"|"*:write") return 0;;
+ "-All:write"|"-*:write") return 1;;
+ "+All:write"|"+*:write") return 0;;
esac
done <<-EOF
- $(acl_collect "$page")
+ ${acl_collection}
EOF
return 1
}