X-Git-Url: https://git.plutz.net/?a=blobdiff_plain;f=acl.sh;h=9e1da4c28f69aecdd61c3dae8bf67106fab54190;hb=HEAD;hp=1017c6e7188018dd50d864052785f627670d8bce;hpb=6e51b7fee5e99d8ce3f5a2be9ac8ccb8ca2befea;p=shellwiki diff --git a/acl.sh b/acl.sh index 1017c6e..9e1da4c 100755 --- a/acl.sh +++ b/acl.sh @@ -3,6 +3,20 @@ [ "$include_acl" ] && return 0 include_acl="$0" +# Copyright 2022 - 2023 Paul Hänsch +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +# IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + # ACL_OVERRIDE="${ACL_OVERRIDE:-Admin:read,write}" ACL_DEFAULT="${ACL_DEFAULT:-Known:read,write${BR}All:read}" @@ -52,7 +66,7 @@ acl_collect(){ acl_read(){ local page="${1:-${PATH_INFO}}" - local acl + local acl group if [ "$acl_cachepath" != "$page" ]; then acl_cachepath="$page" @@ -65,21 +79,28 @@ acl_read(){ acl="${acl%%:*}:read";; *) acl="${acl%%:*}:";; esac + [ "$USER_NAME" ] && case ${acl%:*} in + \&*|+\&*|-\&*) + group="${acl%%:*}" group="${group#[+-]}" + printf '%s\n' "$USER_GROUPS" |grep -qxF "$group" \ + || continue + ;; + esac [ "$USER_NAME" ] && case $acl in - "Known:read") return 0;; - "Known:") return 1;; - "+Known:read") return 0;; - "-Known:read") return 1;; - "@${USER_NAME}:read") return 0;; - "@${USER_NAME}:") return 1;; - "+@{$USER_NAME}:read") return 0;; - "-@{$USER_NAME}:read") return 1;; + "@${USER_NAME}:"|"Known:"|"@@:"|"&"*":") + return 1;; + "@${USER_NAME}:read"|"Known:read"|"@@:read"|"&"*":read") + return 0;; + "-@{$USER_NAME}:read"|"-Known:read"|"-@@:read"|"-&"*":read") + return 1;; + "+@{$USER_NAME}:read"|"+Known:read"|"+@@:read"|"+&"*":read") + return 0;; esac case $acl in - "All:read") return 0;; - "All:") return 1;; - "+All:read") return 0;; - "-All:read") return 1;; + "All:"|"*:") return 1;; + "All:read"|"*:read") return 0;; + "-All:read"|"-*:read") return 1;; + "+All:read"|"+*:read") return 0;; esac done <<-EOF ${acl_collection} @@ -89,7 +110,7 @@ acl_read(){ acl_write(){ local page="${1:-${PATH_INFO}}" - local acl + local acl group if [ "$acl_cachepath" != "$page" ]; then acl_cachepath="$page" @@ -102,21 +123,28 @@ acl_write(){ acl="${acl%%:*}:write";; *) acl="${acl%%:*}:";; esac + [ "$USER_NAME" ] && case ${acl%:*} in + \&*|+\&*|-\&*) + group="${acl%%:*}" group="${group#[+-]}" + printf '%s\n' "$USER_GROUPS" |grep -qxF "$group" \ + || continue + ;; + esac [ "$USER_NAME" ] && case ${acl} in - "Known:write") return 0;; - "Known:") return 1;; - "+Known:write") return 0;; - "-Known:write") return 1;; - "@${USER_NAME}:write") return 0;; - "@${USER_NAME}:") return 1;; - "+@{$USER_NAME}:write") return 0;; - "-@{$USER_NAME}:write") return 1;; + "@${USER_NAME}:"|"Known:"|"@@:"|"&"*":") + return 1;; + "@${USER_NAME}:write"|"Known:write"|"@@:write"|"&"*":write") + return 0;; + "-@{$USER_NAME}:write"|"-Known:write"|"-@@:write"|"-&"*":write") + return 1;; + "+@{$USER_NAME}:write"|"+Known:write"|"+@@:write"|"+&"*":write") + return 0;; esac case $acl in - "All:write") return 0;; - "All:") return 1;; - "+All:write") return 0;; - "-All:write") return 1;; + "All:"|"*:") return 1;; + "All:write"|"*:write") return 0;; + "-All:write"|"-*:write") return 1;; + "+All:write"|"+*:write") return 0;; esac done <<-EOF ${acl_collection}