X-Git-Url: https://git.plutz.net/?a=blobdiff_plain;f=acl.sh;h=9e1da4c28f69aecdd61c3dae8bf67106fab54190;hb=HEAD;hp=0ba66631d40c6709e1b59ee2e41f6dfde4167cc0;hpb=32a46b9aa404d760772578be04d100ae1c9a55f7;p=shellwiki

diff --git a/acl.sh b/acl.sh
index 0ba6663..9e1da4c 100755
--- a/acl.sh
+++ b/acl.sh
@@ -3,6 +3,20 @@
 [ "$include_acl" ] && return 0
 include_acl="$0"
 
+# Copyright 2022 - 2023 Paul HÃ¤nsch
+# 
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+# 
+# THE SOFTWARE IS PROVIDED âAS ISâ AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
+# IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
 # ACL_OVERRIDE="${ACL_OVERRIDE:-Admin:read,write}"
 ACL_DEFAULT="${ACL_DEFAULT:-Known:read,write${BR}All:read}"
 
@@ -10,25 +24,19 @@ acl_cachepath=''
 acl_collection=''
 
 acl_collect(){
-  local path="${1:-${PATH_INFO}}"
+  local path="$1"
   # Get directory part of PATH_INFO
   local path="${path%/*}/./"
   local pagefile head acl
 
-  if [ "$acl_cachepath" = "$path" ]; then
-    printf '%s\n' "$ACL_OVERRIDE" "$acl_collection" "$ACL_DEFAULT"
-    return 0
-  else
-    acl_cachepath="$path"
-    acl_collection=''
-  fi
-
   printf '%s\n' "$ACL_OVERRIDE"
 
   while :; do
     [ "$path" = / ] && break
     path="${path%/*/}/"
 
+    # Do not use `mdfile` function here because of specialties
+    # in translation handler (`handlers/10_translations.sh`)
     if   [ -f "$_DATA/pages/$path/#page.md" ]; then
       pagefile="$_DATA/pages/$path/#page.md"
     elif [ -f "$_EXEC/pages/$path/#page.md" ]; then
@@ -51,7 +59,6 @@ acl_collect(){
     ' <"$pagefile")"
 
     printf %s\\n "${acl}"
-    acl_collection="${acl_collection}${acl}${BR}"
   done
 
   printf '%s\n' "$ACL_DEFAULT"
@@ -59,7 +66,12 @@ acl_collect(){
 
 acl_read(){
   local page="${1:-${PATH_INFO}}"
-  local acl
+  local acl group
+
+  if [ "$acl_cachepath" != "$page" ]; then
+    acl_cachepath="$page"
+    acl_collection="$(acl_collect "$page")"
+  fi
 
   while read -r acl; do
     case ${acl##*:} in
@@ -67,31 +79,43 @@ acl_read(){
          acl="${acl%%:*}:read";;
       *) acl="${acl%%:*}:";;
     esac
+    [ "$USER_NAME" ] && case ${acl%:*} in
+      \&*|+\&*|-\&*)
+        group="${acl%%:*}" group="${group#[+-]}"
+        printf '%s\n' "$USER_GROUPS" |grep -qxF "$group" \
+        || continue
+        ;;
+    esac
     [ "$USER_NAME" ] && case $acl in
-       "Known:read") return 0;;
-       "Known:")     return 1;;
-      "+Known:read") return 0;;
-      "-Known:read") return 1;;
-       "@${USER_NAME}:read") return 0;;
-       "@${USER_NAME}:")      return 1;;
-      "+@{$USER_NAME}:read") return 0;;
-      "-@{$USER_NAME}:read") return 1;;
+       "@${USER_NAME}:"|"Known:"|"@@:"|"&"*":")
+        return 1;;
+       "@${USER_NAME}:read"|"Known:read"|"@@:read"|"&"*":read")
+        return 0;;
+      "-@{$USER_NAME}:read"|"-Known:read"|"-@@:read"|"-&"*":read")
+        return 1;;
+      "+@{$USER_NAME}:read"|"+Known:read"|"+@@:read"|"+&"*":read")
+        return 0;;
     esac
     case $acl in
-       "All:read") return 0;;
-       "All:")     return 1;;
-      "+All:read") return 0;;
-      "-All:read") return 1;;
+       "All:"|"*:")          return 1;;
+       "All:read"|"*:read")  return 0;;
+      "-All:read"|"-*:read") return 1;;
+      "+All:read"|"+*:read") return 0;;
     esac
-  done <<-EOF
-	$(acl_collect "$page")
+   done <<-EOF
+	${acl_collection}
 	EOF
   return 1
 }
 
 acl_write(){
   local page="${1:-${PATH_INFO}}"
-  local acl
+  local acl group
+
+  if [ "$acl_cachepath" != "$page" ]; then
+    acl_cachepath="$page"
+    acl_collection="$(acl_collect "$page")"
+  fi
 
   while read -r acl; do
     case ${acl##*:} in
@@ -99,24 +123,31 @@ acl_write(){
          acl="${acl%%:*}:write";;
       *) acl="${acl%%:*}:";;
     esac
+    [ "$USER_NAME" ] && case ${acl%:*} in
+      \&*|+\&*|-\&*)
+        group="${acl%%:*}" group="${group#[+-]}"
+        printf '%s\n' "$USER_GROUPS" |grep -qxF "$group" \
+        || continue
+        ;;
+    esac
     [ "$USER_NAME" ] && case ${acl} in
-       "Known:write") return 0;;
-       "Known:")      return 1;;
-      "+Known:write") return 0;;
-      "-Known:write") return 1;;
-       "@${USER_NAME}:write") return 0;;
-       "@${USER_NAME}:")      return 1;;
-      "+@{$USER_NAME}:write") return 0;;
-      "-@{$USER_NAME}:write") return 1;;
+       "@${USER_NAME}:"|"Known:"|"@@:"|"&"*":")
+        return 1;;
+       "@${USER_NAME}:write"|"Known:write"|"@@:write"|"&"*":write")
+        return 0;;
+      "-@{$USER_NAME}:write"|"-Known:write"|"-@@:write"|"-&"*":write")
+        return 1;;
+      "+@{$USER_NAME}:write"|"+Known:write"|"+@@:write"|"+&"*":write")
+        return 0;;
     esac
     case $acl in
-       "All:write") return 0;;
-       "All:")      return 1;;
-      "+All:write") return 0;;
-      "-All:write") return 1;;
+       "All:"|"*:")             return 1;;
+       "All:write"|"*:write")   return 0;;
+      "-All:write"|"-*:write")  return 1;;
+      "+All:write"|"+*:write")  return 0;;
     esac
   done <<-EOF
-	$(acl_collect "$page")
+	${acl_collection}
 	EOF
   return 1
 }