Revision [4106]
This is an old revision of ACLsWithUserGroups made by JavaWoman on 2005-01-06 20:55:55.
Managing User Groups through ACLs
There is already a proposal for this at GroupManagement. However this code doesn't seem to work anymore.
My solution
I though about a simpler way to deal with User Groups - my concept is: Give the power to the users and Keep it simple.- The idea is that anyuser could define a new group by creating a dedicated WikiPage: something like MyProjectGroup.
- Then he would write in this page all the user logins he wants to be part of the group (embeded inside plus signs to avoid confusions: +UserLogin1+UserLogin2+).
- He would decide through the ACLs of this page who can manage the group list.
- Then he may use this page name in the ACLs of any page in order to manage the access authorizations.
- The only code needed should be that HasAccess function has to be modified in order to search if the user is part of the group or not.
Dependancy
None that I can figure out. I have it working with 1.1.5.3 version.The code
In wikka.php add the CheckGroupMember function (after TrimACLs function for example): // returns true if $who is member of $group
function CheckGroupMember($who, $group)
{
$thegroup=$this->LoadPage($group);
if ($thegroup) {
$search = "+".$who."+"; // In the GroupListPages, the participants logins have to be embbeded inside '+' signs
return substr_count($thegroup["body"], $search);
}
else return false;
}
function CheckGroupMember($who, $group)
{
$thegroup=$this->LoadPage($group);
if ($thegroup) {
$search = "+".$who."+"; // In the GroupListPages, the participants logins have to be embbeded inside '+' signs
return substr_count($thegroup["body"], $search);
}
else return false;
}
Two suggestions here:
- Call it "isGroupMember" rather than CheckGroupMember: that conveys better that you'll get a TRUE/FALSE answer;
- Make sure the function always returns a boolean (easy by casting the substr_count() to boolen) instead of sometimes a boolean and sometimes a number.
Apart from that I think this is a brilliant idea! --JavaWoman
Then change HasAccess function:
from:
// aha! a user entry.
default:
if ($line == $user)
{
return !$negate;
}
default:
if ($line == $user)
{
return !$negate;
}
to:
// aha! a user entry.
default:
if ($line == $user)
{
return !$negate;
}
// this may be a UserGroup so we check if $user is part of the group
else if (($this->CheckGroupMember($user, $line)))
{
return !$negate;
}
default:
if ($line == $user)
{
return !$negate;
}
// this may be a UserGroup so we check if $user is part of the group
else if (($this->CheckGroupMember($user, $line)))
{
return !$negate;
}
How to use it?
Create a WikiPage to manage a particular user group: a name like UserGroupWikkaCrew makes sense (it exists ;-) ), it could be nice to link to a CategoryUserGroup.Write in all the user login that have to be part of this group inside "+" signs: +UserLogin1+UserLogin2+ is valid as would be:
- +UserLogin2+.
Use the UserGroupPage in any ACLs, they can be can be negated using the "!" character as usual.
To Do
My code needs probably to be reviewed by expert coder as I am not at all a developper (I just rely on the above user group).Any ideas and comments than welcome.
This does not allow to manage Groups of Groups (don't think about using the {{include}} action!)
CategoryDevelopment