X-Git-Url: https://git.plutz.net/?a=blobdiff_plain;f=acl.sh;h=9e1da4c28f69aecdd61c3dae8bf67106fab54190;hb=HEAD;hp=74fc8dc38419f9c556ff98e3882631ca709f6d8b;hpb=048d632f308bf93536f35fcebbe56d82671e0a14;p=shellwiki diff --git a/acl.sh b/acl.sh index 74fc8dc..9e1da4c 100755 --- a/acl.sh +++ b/acl.sh @@ -1,31 +1,42 @@ #!/bin/sh +[ "$include_acl" ] && return 0 +include_acl="$0" + +# Copyright 2022 - 2023 Paul Hänsch +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +# IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + # ACL_OVERRIDE="${ACL_OVERRIDE:-Admin:read,write}" -ACL_DEFAULT="${ACL_DEFAULT:-All:read${BR}Known:read,write}" +ACL_DEFAULT="${ACL_DEFAULT:-Known:read,write${BR}All:read}" acl_cachepath='' acl_collection='' acl_collect(){ - local path="${1:-${PATH_INFO}}" + local path="$1" # Get directory part of PATH_INFO local path="${path%/*}/./" local pagefile head acl - if [ "$acl_cachepath" = "$path" ]; then - printf '%s\n' "$ACL_OVERRIDE" "$acl_collection" "$ACL_DEFAULT" - return 0 - else - acl_cachepath="$path" - acl_collection='' - fi - printf '%s\n' "$ACL_OVERRIDE" while :; do [ "$path" = / ] && break path="${path%/*/}/" + # Do not use `mdfile` function here because of specialties + # in translation handler (`handlers/10_translations.sh`) if [ -f "$_DATA/pages/$path/#page.md" ]; then pagefile="$_DATA/pages/$path/#page.md" elif [ -f "$_EXEC/pages/$path/#page.md" ]; then @@ -34,16 +45,20 @@ acl_collect(){ continue fi - n=20; while read -r head acl; do - if [ "$head" = "%acl" ]; then - acl_collection="${acl%${CR}}${BR}" - printf "%s\n" "${acl%${CR}}" - n=$((n+1)) - fi + acl="$(sed -En ' + s;\r$;;; + /^%acl([\t ]+.*)?$/bACL; + 20q; + b; + + :ACL + s;(%(acl)?)?[\t ]*;; + p; n; s;\r$;;; + /^(%[ \t]+|%acl[ \t]+|[ \t]+)[^ \t\r]+$/bACL; + /^(%[ \t]*|%acl[ \t]*)$/bACL; + ' <"$pagefile")" - n="$((n - 1))" - [ "$n" -eq 0 ] && break - done <"$pagefile" + printf %s\\n "${acl}" done printf '%s\n' "$ACL_DEFAULT" @@ -51,7 +66,12 @@ acl_collect(){ acl_read(){ local page="${1:-${PATH_INFO}}" - local acl + local acl group + + if [ "$acl_cachepath" != "$page" ]; then + acl_cachepath="$page" + acl_collection="$(acl_collect "$page")" + fi while read -r acl; do case ${acl##*:} in @@ -59,31 +79,43 @@ acl_read(){ acl="${acl%%:*}:read";; *) acl="${acl%%:*}:";; esac + [ "$USER_NAME" ] && case ${acl%:*} in + \&*|+\&*|-\&*) + group="${acl%%:*}" group="${group#[+-]}" + printf '%s\n' "$USER_GROUPS" |grep -qxF "$group" \ + || continue + ;; + esac [ "$USER_NAME" ] && case $acl in - "Known:read") return 0;; - "Known:") return 1;; - "+Known:read") return 0;; - "-Known:read") return 1;; - "@${USER_NAME}:read") return 0;; - "@${USER_NAME}:") return 1;; - "+@{$USER_NAME}:read") return 0;; - "-@{$USER_NAME}:read") return 1;; + "@${USER_NAME}:"|"Known:"|"@@:"|"&"*":") + return 1;; + "@${USER_NAME}:read"|"Known:read"|"@@:read"|"&"*":read") + return 0;; + "-@{$USER_NAME}:read"|"-Known:read"|"-@@:read"|"-&"*":read") + return 1;; + "+@{$USER_NAME}:read"|"+Known:read"|"+@@:read"|"+&"*":read") + return 0;; esac case $acl in - "All:read") return 0;; - "All:") return 1;; - "+All:read") return 0;; - "-All:read") return 1;; + "All:"|"*:") return 1;; + "All:read"|"*:read") return 0;; + "-All:read"|"-*:read") return 1;; + "+All:read"|"+*:read") return 0;; esac - done <<-EOF - $(acl_collect "$page") + done <<-EOF + ${acl_collection} EOF return 1 } acl_write(){ local page="${1:-${PATH_INFO}}" - local acl + local acl group + + if [ "$acl_cachepath" != "$page" ]; then + acl_cachepath="$page" + acl_collection="$(acl_collect "$page")" + fi while read -r acl; do case ${acl##*:} in @@ -91,24 +123,31 @@ acl_write(){ acl="${acl%%:*}:write";; *) acl="${acl%%:*}:";; esac + [ "$USER_NAME" ] && case ${acl%:*} in + \&*|+\&*|-\&*) + group="${acl%%:*}" group="${group#[+-]}" + printf '%s\n' "$USER_GROUPS" |grep -qxF "$group" \ + || continue + ;; + esac [ "$USER_NAME" ] && case ${acl} in - "Known:write") return 0;; - "Known:") return 1;; - "+Known:write") return 0;; - "-Known:write") return 1;; - "@${USER_NAME}:write") return 0;; - "@${USER_NAME}:") return 1;; - "+@{$USER_NAME}:write") return 0;; - "-@{$USER_NAME}:write") return 1;; + "@${USER_NAME}:"|"Known:"|"@@:"|"&"*":") + return 1;; + "@${USER_NAME}:write"|"Known:write"|"@@:write"|"&"*":write") + return 0;; + "-@{$USER_NAME}:write"|"-Known:write"|"-@@:write"|"-&"*":write") + return 1;; + "+@{$USER_NAME}:write"|"+Known:write"|"+@@:write"|"+&"*":write") + return 0;; esac case $acl in - "All:write") return 0;; - "All:") return 1;; - "+All:write") return 0;; - "-All:write") return 1;; + "All:"|"*:") return 1;; + "All:write"|"*:write") return 0;; + "-All:write"|"-*:write") return 1;; + "+All:write"|"+*:write") return 0;; esac done <<-EOF - $(acl_collect "$page") + ${acl_collection} EOF return 1 }