X-Git-Url: https://git.plutz.net/?a=blobdiff_plain;f=acl.sh;h=9e1da4c28f69aecdd61c3dae8bf67106fab54190;hb=HEAD;hp=93cbf6471007428d68ae96ba7f443930ef278527;hpb=f8bec3740e1d99684a5c33680e48d1f523c09983;p=shellwiki

diff --git a/acl.sh b/acl.sh
index 93cbf64..9e1da4c 100755
--- a/acl.sh
+++ b/acl.sh
@@ -66,7 +66,7 @@ acl_collect(){
 
 acl_read(){
   local page="${1:-${PATH_INFO}}"
-  local acl
+  local acl group
 
   if [ "$acl_cachepath" != "$page" ]; then
     acl_cachepath="$page"
@@ -79,21 +79,28 @@ acl_read(){
          acl="${acl%%:*}:read";;
       *) acl="${acl%%:*}:";;
     esac
+    [ "$USER_NAME" ] && case ${acl%:*} in
+      \&*|+\&*|-\&*)
+        group="${acl%%:*}" group="${group#[+-]}"
+        printf '%s\n' "$USER_GROUPS" |grep -qxF "$group" \
+        || continue
+        ;;
+    esac
     [ "$USER_NAME" ] && case $acl in
-       "Known:read") return 0;;
-       "Known:")     return 1;;
-      "+Known:read") return 0;;
-      "-Known:read") return 1;;
-       "@${USER_NAME}:read") return 0;;
-       "@${USER_NAME}:")      return 1;;
-      "+@{$USER_NAME}:read") return 0;;
-      "-@{$USER_NAME}:read") return 1;;
+       "@${USER_NAME}:"|"Known:"|"@@:"|"&"*":")
+        return 1;;
+       "@${USER_NAME}:read"|"Known:read"|"@@:read"|"&"*":read")
+        return 0;;
+      "-@{$USER_NAME}:read"|"-Known:read"|"-@@:read"|"-&"*":read")
+        return 1;;
+      "+@{$USER_NAME}:read"|"+Known:read"|"+@@:read"|"+&"*":read")
+        return 0;;
     esac
     case $acl in
-       "All:read") return 0;;
-       "All:")     return 1;;
-      "+All:read") return 0;;
-      "-All:read") return 1;;
+       "All:"|"*:")          return 1;;
+       "All:read"|"*:read")  return 0;;
+      "-All:read"|"-*:read") return 1;;
+      "+All:read"|"+*:read") return 0;;
     esac
    done <<-EOF
 	${acl_collection}
@@ -103,7 +110,7 @@ acl_read(){
 
 acl_write(){
   local page="${1:-${PATH_INFO}}"
-  local acl
+  local acl group
 
   if [ "$acl_cachepath" != "$page" ]; then
     acl_cachepath="$page"
@@ -116,21 +123,28 @@ acl_write(){
          acl="${acl%%:*}:write";;
       *) acl="${acl%%:*}:";;
     esac
+    [ "$USER_NAME" ] && case ${acl%:*} in
+      \&*|+\&*|-\&*)
+        group="${acl%%:*}" group="${group#[+-]}"
+        printf '%s\n' "$USER_GROUPS" |grep -qxF "$group" \
+        || continue
+        ;;
+    esac
     [ "$USER_NAME" ] && case ${acl} in
-       "Known:write") return 0;;
-       "Known:")      return 1;;
-      "+Known:write") return 0;;
-      "-Known:write") return 1;;
-       "@${USER_NAME}:write") return 0;;
-       "@${USER_NAME}:")      return 1;;
-      "+@{$USER_NAME}:write") return 0;;
-      "-@{$USER_NAME}:write") return 1;;
+       "@${USER_NAME}:"|"Known:"|"@@:"|"&"*":")
+        return 1;;
+       "@${USER_NAME}:write"|"Known:write"|"@@:write"|"&"*":write")
+        return 0;;
+      "-@{$USER_NAME}:write"|"-Known:write"|"-@@:write"|"-&"*":write")
+        return 1;;
+      "+@{$USER_NAME}:write"|"+Known:write"|"+@@:write"|"+&"*":write")
+        return 0;;
     esac
     case $acl in
-       "All:write") return 0;;
-       "All:")      return 1;;
-      "+All:write") return 0;;
-      "-All:write") return 1;;
+       "All:"|"*:")             return 1;;
+       "All:write"|"*:write")   return 0;;
+      "-All:write"|"-*:write")  return 1;;
+      "+All:write"|"+*:write")  return 0;;
     esac
   done <<-EOF
 	${acl_collection}