Managing User Groups through ACLs

Working for 1.1.5.3 (according to author) to 1.3.6(latest)
There is already a proposal for this at GroupManagement. However this code doesn't seem to work anymore.

My solution

I though about a simpler way to deal with User Groups - my concept is: Give the power to the users and Keep it simple.


Dependency

None that I can figure out. I have it working with 1.1.5.3 version.

The code

In wikka.php add the isGroupMember() function (after TrimACLs() function for example):

(for version 1.1.6.2, the required file has beem moved and renamed to ...../libs/Wakka.class.php )

    // returns true if $who is member of $group
    function isGroupMember($who, $group)
    {
        $thegroup=$this->LoadPage($group);
        if ($thegroup) {
            $search = "+".$who."+"; // In the GroupListPages, the participants logins have to be embbeded inside '+' signs
            return (boolean)(substr_count($thegroup["body"], $search));
        }
        else return false;
    }


Then change HasAccess() function:

from:

                                                   // aha! a user entry.
                default:
                    if ($line == $user)
                    {
                        return !$negate;
                    }


to:

                                                   // aha! a user entry.
                default:
                    if ($line == $user)
                    {
                        return !$negate;
                    }
                    // this may be a UserGroup so we check if $user is part of the group
                    else if (($this->isGroupMember($user, $line)))
                    {
                        return !$negate;
                    }


How to use it?

Create a WikiPage to manage a particular user group: a name like UserGroupWikkaCrew makes sense (it exists ;-) ), it could be nice to link to a CategoryUserGroup.
Write in all the user login that have to be part of this group inside "+" signs: +UserLogin1+UserLogin2+ is valid as would be:
Modify the ACLs of this UserGroupPage to reflect who is allowed to manage the group.
Use the UserGroupPage in any ACLs, they can be can be negated using the "!" character as usual.

To Do

My code needs probably to be reviewed by expert coder as I am not at all a developer (I just rely on the above user group).
Any ideas and comments than welcome.
This does not allow to manage Groups of Groups (don't think about using the {{include}} action!)



Security Risks


A hacker may be able to get unauthorized access if they create a new user account with the same name as a groupname. For example, in the above scenario, the hacker may gain unauthorized access if (s)he creates a user with "UserGroupWikkaCrew" as the login name. The easiest way to prevent this from happening is to disallow new users to pick a name which is equal to an existing page.


CategoryUserContributions
There are 20 comments on this page. [Show comments]
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki