acl_read(){
local page="${1:-${PATH_INFO}}"
- local acl
+ local acl group
if [ "$acl_cachepath" != "$page" ]; then
acl_cachepath="$page"
acl="${acl%%:*}:read";;
*) acl="${acl%%:*}:";;
esac
+ [ "$USER_NAME" ] && case ${acl%:*} in
+ \&*|+\&*|-\&*)
+ group="${acl%%:*}" group="${group#[+-]}"
+ printf '%s\n' "$USER_GROUPS" |grep -qxF "$group" \
+ || continue
+ ;;
+ esac
[ "$USER_NAME" ] && case $acl in
- "Known:read") return 0;;
- "Known:") return 1;;
- "+Known:read") return 0;;
- "-Known:read") return 1;;
- "@${USER_NAME}:read") return 0;;
- "@${USER_NAME}:") return 1;;
- "+@{$USER_NAME}:read") return 0;;
- "-@{$USER_NAME}:read") return 1;;
+ "@${USER_NAME}:"|"Known:"|"@@:"|"&"*":")
+ return 1;;
+ "@${USER_NAME}:read"|"Known:read"|"@@:read"|"&"*":read")
+ return 0;;
+ "-@{$USER_NAME}:read"|"-Known:read"|"-@@:read"|"-&"*":read")
+ return 1;;
+ "+@{$USER_NAME}:read"|"+Known:read"|"+@@:read"|"+&"*":read")
+ return 0;;
esac
case $acl in
- "All:read") return 0;;
- "All:") return 1;;
- "+All:read") return 0;;
- "-All:read") return 1;;
+ "All:"|"*:") return 1;;
+ "All:read"|"*:read") return 0;;
+ "-All:read"|"-*:read") return 1;;
+ "+All:read"|"+*:read") return 0;;
esac
done <<-EOF
${acl_collection}
acl_write(){
local page="${1:-${PATH_INFO}}"
- local acl
+ local acl group
if [ "$acl_cachepath" != "$page" ]; then
acl_cachepath="$page"
acl="${acl%%:*}:write";;
*) acl="${acl%%:*}:";;
esac
+ [ "$USER_NAME" ] && case ${acl%:*} in
+ \&*|+\&*|-\&*)
+ group="${acl%%:*}" group="${group#[+-]}"
+ printf '%s\n' "$USER_GROUPS" |grep -qxF "$group" \
+ || continue
+ ;;
+ esac
[ "$USER_NAME" ] && case ${acl} in
- "Known:write") return 0;;
- "Known:") return 1;;
- "+Known:write") return 0;;
- "-Known:write") return 1;;
- "@${USER_NAME}:write") return 0;;
- "@${USER_NAME}:") return 1;;
- "+@{$USER_NAME}:write") return 0;;
- "-@{$USER_NAME}:write") return 1;;
+ "@${USER_NAME}:"|"Known:"|"@@:"|"&"*":")
+ return 1;;
+ "@${USER_NAME}:write"|"Known:write"|"@@:write"|"&"*":write")
+ return 0;;
+ "-@{$USER_NAME}:write"|"-Known:write"|"-@@:write"|"-&"*":write")
+ return 1;;
+ "+@{$USER_NAME}:write"|"+Known:write"|"+@@:write"|"+&"*":write")
+ return 0;;
esac
case $acl in
- "All:write") return 0;;
- "All:") return 1;;
- "+All:write") return 0;;
- "-All:write") return 1;;
+ "All:"|"*:") return 1;;
+ "All:write"|"*:write") return 0;;
+ "-All:write"|"-*:write") return 1;;
+ "+All:write"|"+*:write") return 0;;
esac
done <<-EOF
${acl_collection}