git.plutz.net Git - shellwiki/blob - acl.sh

   1 #!/bin/sh
   2
   3 # ACL_OVERRIDE="${ACL_OVERRIDE:-Admin:read,write}"
   4 ACL_DEFAULT="${ACL_DEFAULT:-Known:read,write${BR}All:read}"
   5
   6 acl_cachepath=''
   7 acl_collection=''
   8
   9 acl_collect(){
  10   local path="${1:-${PATH_INFO}}"
  11   # Get directory part of PATH_INFO
  12   local path="${path%/*}/./"
  13   local pagefile head acl
  14
  15   if [ "$acl_cachepath" = "$path" ]; then
  16     printf '%s\n' "$ACL_OVERRIDE" "$acl_collection" "$ACL_DEFAULT"
  17     return 0
  18   else
  19     acl_cachepath="$path"
  20     acl_collection=''
  21   fi
  22
  23   printf '%s\n' "$ACL_OVERRIDE"
  24
  25   while :; do
  26     [ "$path" = / ] && break
  27     path="${path%/*/}/"
  28
  29     if   [ -f "$_DATA/pages/$path/#page.md" ]; then
  30       pagefile="$_DATA/pages/$path/#page.md"
  31     elif [ -f "$_EXEC/pages/$path/#page.md" ]; then
  32       pagefile="$_EXEC/pages/$path/#page.md"
  33     else
  34       continue
  35     fi
  36
  37     acl="$(sed -En '
  38       s;\r$;;;
  39       /^%acl([\t ]+.*)?$/bACL;
  40       20q;
  41       b;
  42
  43       :ACL
  44       s;(%(acl)?)?[\t ]*;;
  45       p; n; s;\r$;;;
  46       /^(%[ \t]+|%acl[ \t]+|[ \t]+)[^ \t\r]+$/bACL;
  47       /^(%[ \t]*|%acl[ \t]*)$/bACL;
  48     ' <"$pagefile")"
  49
  50     printf %s\\n "${acl}"
  51     acl_collection="${acl_collection}${acl}${BR}"
  52   done
  53
  54   printf '%s\n' "$ACL_DEFAULT"
  55 }
  56
  57 acl_read(){
  58   local page="${1:-${PATH_INFO}}"
  59   local acl
  60
  61   while read -r acl; do
  62     case ${acl##*:} in
  63       read|*,read,*|read,*|*,read)
  64          acl="${acl%%:*}:read";;
  65       *) acl="${acl%%:*}:";;
  66     esac
  67     [ "$USER_NAME" ] && case $acl in
  68        "Known:read") return 0;;
  69        "Known:")     return 1;;
  70       "+Known:read") return 0;;
  71       "-Known:read") return 1;;
  72        "@${USER_NAME}:read") return 0;;
  73        "@${USER_NAME}:")      return 1;;
  74       "+@{$USER_NAME}:read") return 0;;
  75       "-@{$USER_NAME}:read") return 1;;
  76     esac
  77     case $acl in
  78        "All:read") return 0;;
  79        "All:")     return 1;;
  80       "+All:read") return 0;;
  81       "-All:read") return 1;;
  82     esac
  83   done <<-EOF
  84         $(acl_collect "$page")
  85         EOF
  86   return 1
  87 }
  88
  89 acl_write(){
  90   local page="${1:-${PATH_INFO}}"
  91   local acl
  92
  93   while read -r acl; do
  94     case ${acl##*:} in
  95       write|*,write,*|write,*|*,write)
  96          acl="${acl%%:*}:write";;
  97       *) acl="${acl%%:*}:";;
  98     esac
  99     [ "$USER_NAME" ] && case ${acl} in
 100        "Known:write") return 0;;
 101        "Known:")      return 1;;
 102       "+Known:write") return 0;;
 103       "-Known:write") return 1;;
 104        "@${USER_NAME}:write") return 0;;
 105        "@${USER_NAME}:")      return 1;;
 106       "+@{$USER_NAME}:write") return 0;;
 107       "-@{$USER_NAME}:write") return 1;;
 108     esac
 109     case $acl in
 110        "All:write") return 0;;
 111        "All:")      return 1;;
 112       "+All:write") return 0;;
 113       "-All:write") return 1;;
 114     esac
 115   done <<-EOF
 116         $(acl_collect "$page")
 117         EOF
 118   return 1
 119 }