git.plutz.net Git - shellwiki/blob - acl.sh

   1 #!/bin/sh
   2
   3 [ "$include_acl" ] && return 0
   4 include_acl="$0"
   5
   6 # ACL_OVERRIDE="${ACL_OVERRIDE:-Admin:read,write}"
   7 ACL_DEFAULT="${ACL_DEFAULT:-Known:read,write${BR}All:read}"
   8
   9 acl_cachepath=''
  10 acl_collection=''
  11
  12 acl_collect(){
  13   local path="${1:-${PATH_INFO}}"
  14   # Get directory part of PATH_INFO
  15   local path="${path%/*}/./"
  16   local pagefile head acl
  17
  18   if [ "$acl_cachepath" = "$path" ]; then
  19     printf '%s\n' "$ACL_OVERRIDE" "$acl_collection" "$ACL_DEFAULT"
  20     return 0
  21   else
  22     acl_cachepath="$path"
  23     acl_collection=''
  24   fi
  25
  26   printf '%s\n' "$ACL_OVERRIDE"
  27
  28   while :; do
  29     [ "$path" = / ] && break
  30     path="${path%/*/}/"
  31
  32     if   [ -f "$_DATA/pages/$path/#page.md" ]; then
  33       pagefile="$_DATA/pages/$path/#page.md"
  34     elif [ -f "$_EXEC/pages/$path/#page.md" ]; then
  35       pagefile="$_EXEC/pages/$path/#page.md"
  36     else
  37       continue
  38     fi
  39
  40     acl="$(sed -En '
  41       s;\r$;;;
  42       /^%acl([\t ]+.*)?$/bACL;
  43       20q;
  44       b;
  45
  46       :ACL
  47       s;(%(acl)?)?[\t ]*;;
  48       p; n; s;\r$;;;
  49       /^(%[ \t]+|%acl[ \t]+|[ \t]+)[^ \t\r]+$/bACL;
  50       /^(%[ \t]*|%acl[ \t]*)$/bACL;
  51     ' <"$pagefile")"
  52
  53     printf %s\\n "${acl}"
  54     acl_collection="${acl_collection}${acl}${BR}"
  55   done
  56
  57   printf '%s\n' "$ACL_DEFAULT"
  58 }
  59
  60 acl_read(){
  61   local page="${1:-${PATH_INFO}}"
  62   local acl
  63
  64   while read -r acl; do
  65     case ${acl##*:} in
  66       read|*,read,*|read,*|*,read)
  67          acl="${acl%%:*}:read";;
  68       *) acl="${acl%%:*}:";;
  69     esac
  70     [ "$USER_NAME" ] && case $acl in
  71        "Known:read") return 0;;
  72        "Known:")     return 1;;
  73       "+Known:read") return 0;;
  74       "-Known:read") return 1;;
  75        "@${USER_NAME}:read") return 0;;
  76        "@${USER_NAME}:")      return 1;;
  77       "+@{$USER_NAME}:read") return 0;;
  78       "-@{$USER_NAME}:read") return 1;;
  79     esac
  80     case $acl in
  81        "All:read") return 0;;
  82        "All:")     return 1;;
  83       "+All:read") return 0;;
  84       "-All:read") return 1;;
  85     esac
  86   done <<-EOF
  87         $(acl_collect "$page")
  88         EOF
  89   return 1
  90 }
  91
  92 acl_write(){
  93   local page="${1:-${PATH_INFO}}"
  94   local acl
  95
  96   while read -r acl; do
  97     case ${acl##*:} in
  98       write|*,write,*|write,*|*,write)
  99          acl="${acl%%:*}:write";;
 100       *) acl="${acl%%:*}:";;
 101     esac
 102     [ "$USER_NAME" ] && case ${acl} in
 103        "Known:write") return 0;;
 104        "Known:")      return 1;;
 105       "+Known:write") return 0;;
 106       "-Known:write") return 1;;
 107        "@${USER_NAME}:write") return 0;;
 108        "@${USER_NAME}:")      return 1;;
 109       "+@{$USER_NAME}:write") return 0;;
 110       "-@{$USER_NAME}:write") return 1;;
 111     esac
 112     case $acl in
 113        "All:write") return 0;;
 114        "All:")      return 1;;
 115       "+All:write") return 0;;
 116       "-All:write") return 1;;
 117     esac
 118   done <<-EOF
 119         $(acl_collect "$page")
 120         EOF
 121   return 1
 122 }