Revision [1008]
This is an old revision of GroupManagement made by DreckFehler on 2004-08-16 00:03:29.
anyway, thanks for the kind permission given by victor manuel varela, who achieved the basic concept.
the following changes have been made:
- the original is split into two functions. the assembling of the groups array only needs to be done once and not every time hasaccess() is called.
- since groups can contain other groups, again circular statements have to be blocked.
- items are now comma delimited. it's far more readable in the wikka.config.php and the new line (which was the delimiter before) didn't even give any advantage in coding.
the following functions are new to the wakka class:
<?
// aliases stuff, written by http://www.nivel0.net/VictorManuelVarela/
function BuildAliasesArray () {
if (! is_array($this->config['aliases'])) $this->config['aliases'] = array ('+' => $this->config['aliases']);
// check for aliases in Wakka pages
if (isset($this->config['aliases']['+'])) {
$aliasPages = explode(",", $this->config['aliases']['+']);
for ($i = count($aliasPages)-1; $i >= 0; $i--) { // any idea why the last page should be included first?
$aliasPage = $this->LoadPage($aliasPages[$i]);
foreach (explode("\n", $aliasPage['body']) as $line) {
$atmp = explode(':',$line);
$aliases[trim($atmp[0])] = trim($atmp[1]);
}
}
$this->config['aliases'] = array_merge($this->config['aliases'], $aliases);
unset($this->config['aliases']['+']);
unset($this->config['aliases']['']);
}
}
function ReplaceAliases ($acl) {
if (! $aliases = $this->config['aliases']) return $acl;
do {
$list = array();
$replaced = false;
foreach (explode("\n", $acl) as $line) {
$line = trim($line);
// check for inversion character "!"
if (preg_match("/^[!](.*)$/", $line, $matches)) {
$negate = "!";
$line = $matches[1];
} else $negate = "";
if (isset($aliases[$line])) {
if ($aliases[$line]) foreach (explode(",", $aliases[$line]) as $item) $list[] = $negate.trim($item);
$replaced = true;
$aliases[$line] = ""; // include a group only once!
} else $list[] = $line;
}
$acl = join("\n", $list);
} while ($replaced);
return $acl;
}
function IsMember($group, $user = "") {
if (!$user) $user = $this->GetUserName();
$memberarray = explode(",", $this->config["aliases"][$group]);
foreach ($memberarray as $member) if (trim($member) == $user) return true;
}
?>
// aliases stuff, written by http://www.nivel0.net/VictorManuelVarela/
function BuildAliasesArray () {
if (! is_array($this->config['aliases'])) $this->config['aliases'] = array ('+' => $this->config['aliases']);
// check for aliases in Wakka pages
if (isset($this->config['aliases']['+'])) {
$aliasPages = explode(",", $this->config['aliases']['+']);
for ($i = count($aliasPages)-1; $i >= 0; $i--) { // any idea why the last page should be included first?
$aliasPage = $this->LoadPage($aliasPages[$i]);
foreach (explode("\n", $aliasPage['body']) as $line) {
$atmp = explode(':',$line);
$aliases[trim($atmp[0])] = trim($atmp[1]);
}
}
$this->config['aliases'] = array_merge($this->config['aliases'], $aliases);
unset($this->config['aliases']['+']);
unset($this->config['aliases']['']);
}
}
function ReplaceAliases ($acl) {
if (! $aliases = $this->config['aliases']) return $acl;
do {
$list = array();
$replaced = false;
foreach (explode("\n", $acl) as $line) {
$line = trim($line);
// check for inversion character "!"
if (preg_match("/^[!](.*)$/", $line, $matches)) {
$negate = "!";
$line = $matches[1];
} else $negate = "";
if (isset($aliases[$line])) {
if ($aliases[$line]) foreach (explode(",", $aliases[$line]) as $item) $list[] = $negate.trim($item);
$replaced = true;
$aliases[$line] = ""; // include a group only once!
} else $list[] = $line;
}
$acl = join("\n", $list);
} while ($replaced);
return $acl;
}
function IsMember($group, $user = "") {
if (!$user) $user = $this->GetUserName();
$memberarray = explode(",", $this->config["aliases"][$group]);
foreach ($memberarray as $member) if (trim($member) == $user) return true;
}
?>
the first function will be called in the run() routine (see diff for changes, codebase is wikka 1.1.3.8)
<?
function Run($tag, $method = "")
{
// do our stuff!
if (!$this->method = trim($method)) $this->method = "show";
if (!$this->tag = trim($tag)) $this->Redirect($this->href("", $this->config["root_page"]));
if ((!$this->GetUser() && isset($_COOKIE["name"])) && ($user = $this->LoadUser($_COOKIE["name"], $_COOKIE["password"]))) $this->SetUser($user);
$this->SetPage($this->LoadPage($tag, (isset($_REQUEST["time"]) ? $_REQUEST["time"] :'')));
$this->LogReferrer();
$this->ACLs = $this->LoadAllACLs($this->tag);
$this->ReadInterWikiConfig();
if(!($this->GetMicroTime()%3)) $this->Maintenance();
if (preg_match('/\.xml$/', $this->method))
{
print($this->Method($this->method));
}
elseif (preg_match('/\.(gif|jpg|png)$/', $this->method))
{
header('Location: images/' . $this->method);
}
elseif (preg_match('/\.css$/', $this->method))
{
header('Location: css/' . $this->method);
}
else
{
print($this->Header().$this->Method($this->method).$this->Footer());
}
}
?>
function Run($tag, $method = "")
{
// do our stuff!
if (!$this->method = trim($method)) $this->method = "show";
if (!$this->tag = trim($tag)) $this->Redirect($this->href("", $this->config["root_page"]));
if ((!$this->GetUser() && isset($_COOKIE["name"])) && ($user = $this->LoadUser($_COOKIE["name"], $_COOKIE["password"]))) $this->SetUser($user);
$this->SetPage($this->LoadPage($tag, (isset($_REQUEST["time"]) ? $_REQUEST["time"] :'')));
$this->LogReferrer();
$this->ACLs = $this->LoadAllACLs($this->tag);
$this->ReadInterWikiConfig();
if(!($this->GetMicroTime()%3)) $this->Maintenance();
if (preg_match('/\.xml$/', $this->method))
{
print($this->Method($this->method));
}
elseif (preg_match('/\.(gif|jpg|png)$/', $this->method))
{
header('Location: images/' . $this->method);
}
elseif (preg_match('/\.css$/', $this->method))
{
header('Location: css/' . $this->method);
}
else
{
print($this->Header().$this->Method($this->method).$this->Footer());
}
}
?>
the second one every time, the hasaccess() function needs an acl list
<?
function HasAccess($privilege, $tag = "", $user = "")
{
// set defaults
if (!$tag) $tag = $this->GetPageTag();
if (!$user) $user = $this->GetUserName();
// if current user is owner, return true. owner can do anything!
if ($this->UserIsOwner($tag)) return true;
// see whether user is registered and logged in
if ($this->GetUser()) $registered = true;
// load acl
if ($tag == $this->GetPageTag())
{
$acl = $this->ACLs[$privilege."_acl"];
}
else
{
$tag_ACLs = $this->LoadAllACLs($tag);
$acl = $tag_ACLs[$privilege."_acl"];
}
// fine fine... now go through acl
foreach (explode("\n", $acl) as $line)
{
// check for inversion character "!"
if (preg_match("/^[!](.*)$/", $line, $matches))
{
$negate = 1;
$line = $matches[1];
}
else
{
$negate = 0;
}
// if there's still anything left... lines with just a "!" don't count!
if ($line)
{
switch ($line[0])
{
// comments
case "#":
break;
// everyone
case "*":
return !$negate;
// only registered users
case "+":
// return ($registered) ? !$negate : false;
return ($registered) ? !$negate : $negate;
// aha! a user entry.
default:
if ($line == $user)
{
return !$negate;
}
}
}
}
// tough luck.
return false;
}
?>
function HasAccess($privilege, $tag = "", $user = "")
{
// set defaults
if (!$tag) $tag = $this->GetPageTag();
if (!$user) $user = $this->GetUserName();
// if current user is owner, return true. owner can do anything!
if ($this->UserIsOwner($tag)) return true;
// see whether user is registered and logged in
if ($this->GetUser()) $registered = true;
// load acl
if ($tag == $this->GetPageTag())
{
$acl = $this->ACLs[$privilege."_acl"];
}
else
{
$tag_ACLs = $this->LoadAllACLs($tag);
$acl = $tag_ACLs[$privilege."_acl"];
}
// fine fine... now go through acl
foreach (explode("\n", $acl) as $line)
{
// check for inversion character "!"
if (preg_match("/^[!](.*)$/", $line, $matches))
{
$negate = 1;
$line = $matches[1];
}
else
{
$negate = 0;
}
// if there's still anything left... lines with just a "!" don't count!
if ($line)
{
switch ($line[0])
{
// comments
case "#":
break;
// everyone
case "*":
return !$negate;
// only registered users
case "+":
// return ($registered) ? !$negate : false;
return ($registered) ? !$negate : $negate;
// aha! a user entry.
default:
if ($line == $user)
{
return !$negate;
}
}
}
}
// tough luck.
return false;
}
?>
now we can hook in the isAdmin() function (caution: wikka then expects a group in $wakka->config["admins"]!):
<?
function IsAdmin() { return $this->IsMember($this->config["admins"]); }
?>
function IsAdmin() { return $this->IsMember($this->config["admins"]); }
?>
and the wikka.config.php yet needs to be adjusted
<?
'aliases' => array
('Administrators' => 'BillGates,JoseMariaAznar,GeorgeBush',
'DangerousPeople' => 'Administrators,DreckFehler',
'+' => 'WikkaGroups,MoreWikkaGroups'),
'admins' => 'Administrators',
?>
'aliases' => array
('Administrators' => 'BillGates,JoseMariaAznar,GeorgeBush',
'DangerousPeople' => 'Administrators,DreckFehler',
'+' => 'WikkaGroups,MoreWikkaGroups'),
'admins' => 'Administrators',
?>
if the variable $wakka->config['aliases'] contains a string instead of an array, it is treated as a list of wikipages which maintain the group handling. in that case one of the pages should contain a group named "Administrators" (or whatever is defined in the config['admins'] variable). but to my understanding it's better for security reasons to leave the admin group in the config file (if not, make sure to restrict at least write access to the page that defines the admin group ;))
<? 'aliases' => 'WikkaSystemGroups,WikkaGroups', ?>
a definition in a wikipage looks like this (whoever those spanish guys may be):
Superusers: ManoloCortes,PedroTriguero,JoseVera Webmasters: JordiDan,LaraGarrido