Most recent edit on 2008-06-04 04:02:22 by MasinAlDujaili [working versions]
Additions:
Working for 1.1.5.3 (according to author) to 1.1.6.4 (latest)
There is already a proposal for this at GroupManagement. However this code doesn't seem to work anymore.
Deletions:
There is already a proposal for this at GroupManagement. However this code doesn't seem to work anymore.
Edited on 2008-05-05 06:01:02 by MarcElser
Additions:
-
-
- Could not get it working with master groups as described by MovieLady, so I changed the IsGroupMember function to recursivly go through all sub groups:
// returns true if $who is member of $group
function isGroupMember
($who,
$group)
{
$thegroup=
$this->
LoadPage($group);
if ($thegroup) {
preg_match_all("/\+(.*?)\+/",
$thegroup["body"],
$group_members);
foreach ($group_members[1] as $group_member) {
if ($who ==
$group_member) { return true;
}
if ($this->
isGroupMember($who,
$group_member)) { return true;
}
}
}
else return false;
}
- Does anybody have an idea why the setup described by MovieLady should work? I my setup members of the Group UGMetro or UGSports did not have access to pages where the read/write acl's were set to UGNewsroom
Edited on 2008-01-28 00:15:45 by JavaWoman [Modified links pointing to docs server]
No differences.
Edited on 2007-12-12 09:53:12 by JavaWoman [prevent function references looking as page links]
Additions:
- The only code needed should be that HasAccess() function has to be modified in order to search if the user is part of the group or not.
In wikka.php add the isGroupMember() function (after TrimACLs() function for example):
Then change HasAccess() function:
A hacker may be able to get unauthorized access if they create a new user account with the same name as a groupname. For example, in the above scenario, the hacker may gain unauthorized access if (s)he creates a user with "UserGroupWikkaCrew" as the login name. The easiest way to prevent this from happening is to disallow new users to pick a name which is equal to an existing page.
Deletions:
- The only code needed should be that HasAccess function has to be modified in order to search if the user is part of the group or not.
In wikka.php add the isGroupMember function (after TrimACLs function for example):
Then change HasAccess function:
A hacker may be able to get unauthorized access if they create a new user account with the same name as a groupname. For example, in the above scenario, the hacker may gain unauthorized access if (s)he creates a user with "UserGroupWikkaCrew" as the login name. The easiest way to prevent this from happening is to disallow new users to pick a new which is equal to an existing page.
Edited on 2007-05-31 23:26:34 by WazoO [Reverted]
Additions:
- Then he would write in this page all the user logins he wants to be part of the group (embeded inside plus signs to avoid confusions: +UserLogin1+UserLogin2+).
$search = "+".$who."+";
In the GroupListPages, the participants logins have to be embbeded inside '+' signs
Write in all the user login that have to be part of this group inside "+" signs: +UserLogin1+UserLogin2+ is valid as would be:
- This doesn't really make sense, because u can add it as a subgroupe using his page/groupname, no ?
- Correct. I'm using this to control access on my intranet and I've got multiple layers of groups (many that cross over) that allow me to manage groups of groups. Here's how I'm using it:
- Group 1 (UGMetro) has several names: +Reporter1+ +Reporter2+ +Reporter3+ +MetroEditors+
- Group 2 (UGSports) has others: +Reporter4+ +Reporter5+ +Reporter6+ +SportsEditors+
- And the master group (UGNewsroom) looks like this: +UGMetro+ +UGSports+
- Works just fine for me. :) --MovieLady
Security Risks
A hacker may be able to get unauthorized access if they create a new user account with the same name as a groupname. For example, in the above scenario, the hacker may gain unauthorized access if (s)he creates a user with "UserGroupWikkaCrew" as the login name. The easiest way to prevent this from happening is to disallow new users to pick a new which is equal to an existing page.
- This check is already in place as of version 1.1.6.0. --JavaWoman
CategoryUserContributions
Deletions:
- Then he would write in this page all the user logins he wants to be part of the group (embeded inside plus signs to avoid confusions: UserLogin1 UserLogin2 ).
$search = " ".$who." ";
In the GroupListPages, the participants logins have to be embbeded inside ' ' signs
Write in all the user login that have to be part of this group inside " " signs: UserLogin1 UserLogin2 is valid as would be:
Edited on 2007-05-31 10:29:26 by MqaP1b
Additions:
- Then he would write in this page all the user logins he wants to be part of the group (embeded inside plus signs to avoid confusions: UserLogin1 UserLogin2 ).
$search = " ".$who." ";
In the GroupListPages, the participants logins have to be embbeded inside ' ' signs
Write in all the user login that have to be part of this group inside " " signs: UserLogin1 UserLogin2 is valid as would be:
Deletions:
- Then he would write in this page all the user logins he wants to be part of the group (embeded inside plus signs to avoid confusions: +UserLogin1+UserLogin2+).
$search = "+".$who."+";
In the GroupListPages, the participants logins have to be embbeded inside '+' signs
Write in all the user login that have to be part of this group inside "+" signs: +UserLogin1+UserLogin2+ is valid as would be:
- This doesn't really make sense, because u can add it as a subgroupe using his page/groupname, no ?
- Correct. I'm using this to control access on my intranet and I've got multiple layers of groups (many that cross over) that allow me to manage groups of groups. Here's how I'm using it:
- Group 1 (UGMetro) has several names: +Reporter1+ +Reporter2+ +Reporter3+ +MetroEditors+
- Group 2 (UGSports) has others: +Reporter4+ +Reporter5+ +Reporter6+ +SportsEditors+
- And the master group (UGNewsroom) looks like this: +UGMetro+ +UGSports+
- Works just fine for me. :) --MovieLady
Security Risks
A hacker may be able to get unauthorized access if they create a new user account with the same name as a groupname. For example, in the above scenario, the hacker may gain unauthorized access if (s)he creates a user with "UserGroupWikkaCrew" as the login name. The easiest way to prevent this from happening is to disallow new users to pick a new which is equal to an existing page.
- This check is already in place as of version 1.1.6.0. --JavaWoman
CategoryUserContributions
Edited on 2006-06-14 03:26:47 by WazoO [dropped the Beta, final 1.1.6.2 is out, mod works]
Additions:
(for version 1.1.6.2, the required file has beem moved and renamed to ...../libs/Wakka.class.php )
Deletions:
(for version 1.1.6.2-Beta, the required file has beem moved and renamed to ...../libs/Wakka.class.php )
Edited on 2006-06-09 00:10:29 by WazoO [updated file location for 1.1.6.2-Beta]
Additions:
(for version 1.1.6.2-Beta, the required file has beem moved and renamed to ...../libs/Wakka.class.php )
Deletions:
(for version 1.1.6.2-Beta, this file has beem moved and renamed to ...../libs/Wakka.class.php )
Edited on 2006-06-09 00:08:59 by WazoO [updated file location for 1.1.6.2-Beta]
Additions:
(for version 1.1.6.2-Beta, this file has beem moved and renamed to ...../libs/Wakka.class.php )
Edited on 2006-06-06 20:37:05 by MovieLady [example on use for multi-level groups]
Additions:
My code needs probably to be reviewed by expert coder as I am not at all a developer (I just rely on the above user group).
-
- Correct. I'm using this to control access on my intranet and I've got multiple layers of groups (many that cross over) that allow me to manage groups of groups. Here's how I'm using it:
- Group 1 (UGMetro) has several names: +Reporter1+ +Reporter2+ +Reporter3+ +MetroEditors+
- Group 2 (UGSports) has others: +Reporter4+ +Reporter5+ +Reporter6+ +SportsEditors+
- And the master group (UGNewsroom) looks like this: +UGMetro+ +UGSports+
- Works just fine for me. :) --MovieLady
Deletions:
My code needs probably to be reviewed by expert coder as I am not at all a developper (I just rely on the above user group).
Edited on 2005-12-16 09:05:35 by EltharielHdh
Additions:
- This doesn't really make sense, because u can add it as a subgroupe using his page/groupname, no ?
Edited on 2005-12-16 09:02:58 by EltharielHdh [some cleaning]
Additions:
aha! a user entry.
aha! a user entry.
Deletions:
- Two suggestions here:
- Call it "isGroupMember" rather than CheckGroupMember: that conveys better that you'll get a TRUE/FALSE answer;
- Make sure the function always returns a boolean (easy by casting the substr_count() to boolen) instead of sometimes a boolean and sometimes a number.
- Apart from that I think this is a brilliant idea! --JavaWoman
aha! a user entry.
aha! a user entry.
Edited on 2005-03-07 15:52:22 by JavaWoman [reply re: security risks]
Additions:
- This check is already in place as of version 1.1.6.0. --JavaWoman
Edited on 2005-03-07 13:46:18 by FreekDijkstra [Added security risk note]
Additions:
Managing User Groups through ACLs
There is already a proposal for this at GroupManagement. However this code doesn't seem to work anymore.
My solution
I though about a simpler way to deal with User Groups - my concept is: Give the power to the users and Keep it simple.
- The idea is that anyuser could define a new group by creating a dedicated WikiPage: something like MyProjectGroup.
- Then he would write in this page all the user logins he wants to be part of the group (embeded inside plus signs to avoid confusions: +UserLogin1+UserLogin2+).
- He would decide through the ACLs of this page who can manage the group list.
- Then he may use this page name in the ACLs of any page in order to manage the access authorizations.
- The only code needed should be that HasAccess function has to be modified in order to search if the user is part of the group or not.
Dependancy
None that I can figure out. I have it working with 1.1.5.3 version.
The code
In wikka.php add the isGroupMember function (after TrimACLs function for example):
// returns true if $who is member of $group
function isGroupMember
($who,
$group)
{
$thegroup=
$this->
LoadPage($group);
if ($thegroup) {
$search =
"+".
$who.
"+";
// In the GroupListPages, the participants logins have to be embbeded inside '+' signs
return (boolean
)(substr_count($thegroup["body"],
$search));
}
else return false;
}
- Two suggestions here:
- Call it "isGroupMember" rather than CheckGroupMember: that conveys better that you'll get a TRUE/FALSE answer;
- Make sure the function always returns a boolean (easy by casting the substr_count() to boolen) instead of sometimes a boolean and sometimes a number.
- Apart from that I think this is a brilliant idea! --JavaWoman
Then change HasAccess function:
from:
// aha! a user entry.
default:
if ($line == $user)
{
return !$negate;
}
to:
// aha! a user entry.
default:
if ($line == $user)
{
return !$negate;
}
// this may be a UserGroup so we check if $user is part of the group
else if (($this->isGroupMember($user, $line)))
{
return !$negate;
}
How to use it?
Create a WikiPage to manage a particular user group: a name like UserGroupWikkaCrew makes sense (it exists ;-) ), it could be nice to link to a CategoryUserGroup.
Write in all the user login that have to be part of this group inside "+" signs: +UserLogin1+UserLogin2+ is valid as would be:
Modify the ACLs of this UserGroupPage to reflect who is allowed to manage the group.
Use the UserGroupPage in any ACLs, they can be can be negated using the "!" character as usual.
To Do
My code needs probably to be reviewed by expert coder as I am not at all a developper (I just rely on the above user group).
Any ideas and comments than welcome.
This does not allow to manage Groups of Groups (don't think about using the {{include}} action!)
Security Risks
A hacker may be able to get unauthorized access if they create a new user account with the same name as a groupname. For example, in the above scenario, the hacker may gain unauthorized access if (s)he creates a user with "UserGroupWikkaCrew" as the login name. The easiest way to prevent this from happening is to disallow new users to pick a new which is equal to an existing page.
Deletions:
Managing User Groups through ACLs
There is already a proposal for this at GroupManagement. However this code doesn't seem to work anymore.
My solution
I though about a simpler way to deal with User Groups - my concept is: Give the power to the users and Keep it simple.
- The idea is that anyuser could define a new group by creating a dedicated WikiPage: something like MyProjectGroup.
- Then he would write in this page all the user logins he wants to be part of the group (embeded inside plus signs to avoid confusions: +UserLogin1+UserLogin2+).
- He would decide through the ACLs of this page who can manage the group list.
- Then he may use this page name in the ACLs of any page in order to manage the access authorizations.
- The only code needed should be that HasAccess function has to be modified in order to search if the user is part of the group or not.
Dependancy
None that I can figure out. I have it working with 1.1.5.3 version.
The code
In wikka.php add the isGroupMember function (after TrimACLs function for example):
// returns true if $who is member of $group
function isGroupMember
($who,
$group)
{
$thegroup=
$this->
LoadPage($group);
if ($thegroup) {
$search =
"+".
$who.
"+";
// In the GroupListPages, the participants logins have to be embbeded inside '+' signs
return (boolean
)(substr_count($thegroup["body"],
$search));
}
else return false;
}
- Two suggestions here:
- Call it "isGroupMember" rather than CheckGroupMember: that conveys better that you'll get a TRUE/FALSE answer;
- Make sure the function always returns a boolean (easy by casting the substr_count() to boolen) instead of sometimes a boolean and sometimes a number.
- Apart from that I think this is a brilliant idea! --JavaWoman
Then change HasAccess function:
from:
// aha! a user entry.
default:
if ($line == $user)
{
return !$negate;
}
to:
// aha! a user entry.
default:
if ($line == $user)
{
return !$negate;
}
// this may be a UserGroup so we check if $user is part of the group
else if (($this->isGroupMember($user, $line)))
{
return !$negate;
}
How to use it?
Create a WikiPage to manage a particular user group: a name like UserGroupWikkaCrew makes sense (it exists ;-) ), it could be nice to link to a CategoryUserGroup.
Write in all the user login that have to be part of this group inside "+" signs: +UserLogin1+UserLogin2+ is valid as would be:
Modify the ACLs of this UserGroupPage to reflect who is allowed to manage the group.
Use the UserGroupPage in any ACLs, they can be can be negated using the "!" character as usual.
To Do
My code needs probably to be reviewed by expert coder as I am not at all a developper (I just rely on the above user group).
Any ideas and comments than welcome.
This does not allow to manage Groups of Groups (don't think about using the {{include}} action!)
Edited on 2005-01-17 15:02:30 by NilsLindenberg [cat. added]
Additions:
CategoryUserContributions
Deletions:
CategoryDevelopment
Edited on 2005-01-12 07:41:10 by JavaWoman [restoring list within comment (takes som fiddling...)]
Additions:
-
- Call it "isGroupMember" rather than CheckGroupMember: that conveys better that you'll get a TRUE/FALSE answer;
- Make sure the function always returns a boolean (easy by casting the substr_count() to boolen) instead of sometimes a boolean and sometimes a number.
- Apart from that I think this is a brilliant idea! --JavaWoman
Deletions:
-
- 1) Call it "isGroupMember" rather than CheckGroupMember: that conveys better that you'll get a TRUE/FALSE answer;
- 1) Make sure the function always returns a boolean (easy by casting the substr_count() to boolen) instead of sometimes a boolean and sometimes a number.
Apart from that I think this is a brilliant idea! --JavaWoman
Edited on 2005-01-11 18:37:10 by NilsLindenberg [comments (layout)]
Additions:
- Two suggestions here:
- 1) Call it "isGroupMember" rather than CheckGroupMember: that conveys better that you'll get a TRUE/FALSE answer;
- 1) Make sure the function always returns a boolean (easy by casting the substr_count() to boolen) instead of sometimes a boolean and sometimes a number.
Apart from that I think this is a brilliant idea! --JavaWoman
Deletions:
Two suggestions here:
- Call it "isGroupMember" rather than CheckGroupMember: that conveys better that you'll get a TRUE/FALSE answer;
- Make sure the function always returns a boolean (easy by casting the substr_count() to boolen) instead of sometimes a boolean and sometimes a number.
Apart from that I think this is a brilliant idea! --JavaWoman
Edited on 2005-01-06 21:31:45 by ChristianBarthelemy [JavaWoman's recommendations applied]
Additions:
In wikka.php add the isGroupMember function (after TrimACLs function for example):
function isGroupMember($who, $group)
return (boolean)(substr_count($thegroup["body"], $search));
Done as recommended - thanks --
ChristianBarthelemy
else if (($this->isGroupMember($user, $line)))
function
CheckGroupMember($who, $group)
return substr_count($thegroup["body"], $search);
Edited on 2005-01-06 20:55:55 by JavaWoman [comment]
Additions:
Two suggestions here:
- Call it "isGroupMember" rather than CheckGroupMember: that conveys better that you'll get a TRUE/FALSE answer;
- Make sure the function always returns a boolean (easy by casting the substr_count() to boolen) instead of sometimes a boolean and sometimes a number.
Apart from that I think this is a brilliant idea! --JavaWoman
Oldest known version of this page was edited on 2005-01-06 19:56:44 by ChristianBarthelemy [Another way for GroupManagement]
Page view:
Managing User Groups through ACLs
There is already a proposal for this at
GroupManagement. However this code doesn't seem to work anymore.
My solution
I though about a simpler way to deal with User Groups - my concept is: Give the power to the users and Keep it simple.
- The idea is that anyuser could define a new group by creating a dedicated WikiPage: something like MyProjectGroup.
- Then he would write in this page all the user logins he wants to be part of the group (embeded inside plus signs to avoid confusions: +UserLogin1+UserLogin2+).
- He would decide through the ACLs of this page who can manage the group list.
- Then he may use this page name in the ACLs of any page in order to manage the access authorizations.
- The only code needed should be that HasAccess function has to be modified in order to search if the user is part of the group or not.
Dependancy
None that I can figure out. I have it working with 1.1.5.3 version.
The code
In wikka.php add the
CheckGroupMember function (after
TrimACLs function for example):
// returns true if $who is member of $group
function CheckGroupMember
($who,
$group)
{
$thegroup=
$this->
LoadPage($group);
if ($thegroup) {
$search =
"+".
$who.
"+";
// In the GroupListPages, the participants logins have to be embbeded inside '+' signs
return substr_count($thegroup["body"],
$search);
}
else return false;
}
Then change
HasAccess function:
from:
// aha! a user entry.
default:
if ($line == $user)
{
return !$negate;
}
to:
// aha! a user entry.
default:
if ($line == $user)
{
return !$negate;
}
// this may be a UserGroup so we check if $user is part of the group
else if (($this->CheckGroupMember($user, $line)))
{
return !$negate;
}
How to use it?
Create a
WikiPage to manage a particular user group: a name like
UserGroupWikkaCrew makes sense (it exists ;-) ), it could be nice to link to a
CategoryUserGroup.
Write in all the user login that have to be part of this group inside "+" signs: +
UserLogin1+
UserLogin2+ is valid as would be:
Modify the ACLs of this UserGroupPage to reflect who is allowed to manage the group.
Use the UserGroupPage in any ACLs, they can be can be negated using the "!" character as usual.
To Do
My code needs probably to be reviewed by expert coder as I am not at all a developper (I just rely on the above user group).
Any ideas and comments than welcome.
This does not allow to manage Groups of Groups (don't think about using the {{include}} action!)
CategoryDevelopment