From c69b352f7a56f4893d30b1c0f99dd061c1363430 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Paul=20H=C3=A4nsch?= Date: Fri, 1 Mar 2024 01:59:29 +0100 Subject: [PATCH] support for user groups --- acl.sh | 66 ++++++++++++++++++++++++++++++------------------- auth/default.sh | 15 +++++++++++ 2 files changed, 55 insertions(+), 26 deletions(-) diff --git a/acl.sh b/acl.sh index 93cbf64..9e1da4c 100755 --- a/acl.sh +++ b/acl.sh @@ -66,7 +66,7 @@ acl_collect(){ acl_read(){ local page="${1:-${PATH_INFO}}" - local acl + local acl group if [ "$acl_cachepath" != "$page" ]; then acl_cachepath="$page" @@ -79,21 +79,28 @@ acl_read(){ acl="${acl%%:*}:read";; *) acl="${acl%%:*}:";; esac + [ "$USER_NAME" ] && case ${acl%:*} in + \&*|+\&*|-\&*) + group="${acl%%:*}" group="${group#[+-]}" + printf '%s\n' "$USER_GROUPS" |grep -qxF "$group" \ + || continue + ;; + esac [ "$USER_NAME" ] && case $acl in - "Known:read") return 0;; - "Known:") return 1;; - "+Known:read") return 0;; - "-Known:read") return 1;; - "@${USER_NAME}:read") return 0;; - "@${USER_NAME}:") return 1;; - "+@{$USER_NAME}:read") return 0;; - "-@{$USER_NAME}:read") return 1;; + "@${USER_NAME}:"|"Known:"|"@@:"|"&"*":") + return 1;; + "@${USER_NAME}:read"|"Known:read"|"@@:read"|"&"*":read") + return 0;; + "-@{$USER_NAME}:read"|"-Known:read"|"-@@:read"|"-&"*":read") + return 1;; + "+@{$USER_NAME}:read"|"+Known:read"|"+@@:read"|"+&"*":read") + return 0;; esac case $acl in - "All:read") return 0;; - "All:") return 1;; - "+All:read") return 0;; - "-All:read") return 1;; + "All:"|"*:") return 1;; + "All:read"|"*:read") return 0;; + "-All:read"|"-*:read") return 1;; + "+All:read"|"+*:read") return 0;; esac done <<-EOF ${acl_collection} @@ -103,7 +110,7 @@ acl_read(){ acl_write(){ local page="${1:-${PATH_INFO}}" - local acl + local acl group if [ "$acl_cachepath" != "$page" ]; then acl_cachepath="$page" @@ -116,21 +123,28 @@ acl_write(){ acl="${acl%%:*}:write";; *) acl="${acl%%:*}:";; esac + [ "$USER_NAME" ] && case ${acl%:*} in + \&*|+\&*|-\&*) + group="${acl%%:*}" group="${group#[+-]}" + printf '%s\n' "$USER_GROUPS" |grep -qxF "$group" \ + || continue + ;; + esac [ "$USER_NAME" ] && case ${acl} in - "Known:write") return 0;; - "Known:") return 1;; - "+Known:write") return 0;; - "-Known:write") return 1;; - "@${USER_NAME}:write") return 0;; - "@${USER_NAME}:") return 1;; - "+@{$USER_NAME}:write") return 0;; - "-@{$USER_NAME}:write") return 1;; + "@${USER_NAME}:"|"Known:"|"@@:"|"&"*":") + return 1;; + "@${USER_NAME}:write"|"Known:write"|"@@:write"|"&"*":write") + return 0;; + "-@{$USER_NAME}:write"|"-Known:write"|"-@@:write"|"-&"*":write") + return 1;; + "+@{$USER_NAME}:write"|"+Known:write"|"+@@:write"|"+&"*":write") + return 0;; esac case $acl in - "All:write") return 0;; - "All:") return 1;; - "+All:write") return 0;; - "-All:write") return 1;; + "All:"|"*:") return 1;; + "All:write"|"*:write") return 0;; + "-All:write"|"-*:write") return 1;; + "+All:write"|"+*:write") return 0;; esac done <<-EOF ${acl_collection} diff --git a/auth/default.sh b/auth/default.sh index 816ad70..02778db 100644 --- a/auth/default.sh +++ b/auth/default.sh @@ -1,3 +1,18 @@ #!/bin/sh . "$_EXEC/cgilite/users.sh" + +GROUP_BASE="${GROUP_BASE:-/[wiki]/}" + +rgx_uname="$(printf '%s' "$USER_NAME" |sed 's;[.*+?^${}()|[\]\\];\\&;g')" + +USER_GROUPS="$( + grep -lE '^[\t ]*[-+*][\t ]+'"${rgx_uname}${CR}"'?$' "$_DATA/pages${GROUP_BASE%/}/&"*"/#page.md" \ + | while read group; do + group="${group#"$_DATA/pages${GROUP_BASE%/}/"}" + group="${group%"/#page.md"}" + printf '%s\n' "$group" + done +)" 2>&- + +export USER_GROUPS -- 2.39.2