=====Group-Management===== thanks for the kind permission given by [[VictorManuelVarela | victor manuel varela]], who achieved the [[http://web.archive.org/web/20040408041122/http://www.wakkawiki.com/WakkaAliases | basic concept]]. the following changes have been made to the ""WakkaAliases"": - the original is split into two functions. the assembling of the groups array only needs to be done once and not every time hasaccess() is called. - since groups can contain other groups, again circular statements have to be blocked. - items are now comma delimited. it's far more readable in the wikka.config.php and the new line (which was the delimiter before) didn't even give any advantage in coding. the following functions are new to the wakka class: %%(php)config['aliases'])) $this->config['aliases'] = array ('+' => $this->config['aliases']); // check for aliases in Wakka pages if (isset($this->config['aliases']['+'])) { $aliasPages = explode(",", $this->config['aliases']['+']); for ($i = count($aliasPages)-1; $i >= 0; $i--) { // any idea why the last page should be included first? $aliasPage = $this->LoadPage($aliasPages[$i]); foreach (explode("\n", $aliasPage['body']) as $line) { // stripping comments if (preg_match("/^(.*)?#/", $line, $matches)) $line = $matches[1]; $atmp = explode(':',$line); $aliases[trim($atmp[0])] = trim($atmp[1]); } } $this->config['aliases'] = array_merge($this->config['aliases'], $aliases); unset($this->config['aliases']['+']); unset($this->config['aliases']['']); } } function ReplaceAliases ($acl) { if (!$this->config['aliases']) return $acl; $list = array(); $new_acl = ""; foreach (explode("\n", $acl) as $line) { $line = trim($line); // check for inversion character "!" if (preg_match("/^[!](.*)$/", $line, $matches)) { $negate = "!"; $line = trim($matches[1]); } else $negate = ""; if ($this->config["aliases"][$line]) $list = $this->GetMembers($line); else $list[] = $line; $new_acl .= $negate.join("\n".$negate, $list)."\n"; } return $new_acl; } function GetMembers($group) { $result = array(); if ($group && $groups = $this->config['aliases']) { $result = array(trim($group)); do { $replaced = false; $list = array(); foreach ($result as $line) { if (isset($groups[$line])) { // old: foreach (explode (',', $current) as $item) $list[] = trim($item); foreach (explode (',', $groups[$line]) as $item) $list[] = trim($item); $replaced = true; $groups[$line] = ''; // include a group only once! } else $list[] = trim($line); } $result = $list; } while ($replaced); } return array_unique($result); } function IsMember($group, $user = "") { if (!$user) $user = $this->GetUserName(); if (in_array($user, $this->GetMembers($group))) return true; } ?>%% ~&Changed the GetMembers function because it didn't work for me. I think $current is not correct here. --DudeliDumidi the first function will be called in the run() routine ([[http://wikka.jsnx.com/GroupManagement/diff?a=1009&b=1008 | see diff for changes]], codebase is wikka 1.1.3.8) %%(php)method = trim($method)) $this->method = "show"; if (!$this->tag = trim($tag)) $this->Redirect($this->href("", $this->config["root_page"])); $this->BuildAliasesArray(); if ((!$this->GetUser() && isset($_COOKIE["name"])) && ($user = $this->LoadUser($_COOKIE["name"], $_COOKIE["password"]))) $this->SetUser($user); $this->SetPage($this->LoadPage($tag, (isset($_REQUEST["time"]) ? $_REQUEST["time"] :''))); $this->LogReferrer(); $this->ACLs = $this->LoadAllACLs($this->tag); $this->ReadInterWikiConfig(); if(!($this->GetMicroTime()%3)) $this->Maintenance(); if (preg_match('/\.(xml|cgi|php)$/', $this->method)) // this tweak is not related to the group management, but quite handy ;) { print($this->Method($this->method)); } elseif (preg_match('/\.(gif|jpg|png)$/', $this->method)) { header('Location: images/' . $this->method); } elseif (preg_match('/\.css$/', $this->method)) { header('Location: css/' . $this->method); } else { header('Last-Modified: '.gmdate("r", strtotime($this->page["time"]))); // just another little fix print($this->Header().$this->Method($this->method).$this->Footer()); } } ?>%% the second one every time, the hasaccess() function needs an acl list %%(php)GetPageTag(); if (!$user) $user = $this->GetUserName(); // if current user is owner, return true. owner can do anything! if ($this->UserIsOwner($tag)) return true; // see whether user is registered and logged in if ($this->GetUser()) $registered = true; // load acl if ($tag == $this->GetPageTag()) { $acl = $this->ACLs[$privilege."_acl"]; } else { $tag_ACLs = $this->LoadAllACLs($tag); $acl = $tag_ACLs[$privilege."_acl"]; } // replace group names with the respective member list $acl = $this->ReplaceAliases($acl); // fine fine... now go through acl foreach (explode("\n", $acl) as $line) { // check for inversion character "!" if (preg_match("/^[!](.*)$/", $line, $matches)) { $negate = 1; $line = $matches[1]; } else { $negate = 0; } // cut off comment (allows comments in one line after an acl item) if (preg_match("/^(.*)[#].*$/", $line, $matches)) $line = trim($matches[1]); // if there's still anything left... lines with just a "!" don't count! if ($line) { switch ($line[0]) { // everyone case "*": return !$negate; // only registered users case "+": // return ($registered) ? !$negate : false; return ($registered) ? !$negate : $negate; // aha! a user entry. default: if ($line == $user) { return !$negate; } } } } // tough luck. return false; } ?>%% now we can hook in the isAdmin() function (**caution:** wikka then expects a group in $wakka->config["admins"]!): %%(php)IsMember($this->config["admins"]); } ?>%% and the wikka.config.php yet needs to be adjusted %%(php) array ('Administrators' => 'BillGates,JoseMariaAznar,GeorgeBush', 'DangerousPeople' => 'Administrators,DreckFehler', '+' => 'WikkaGroups,MoreWikkaGroups'), 'admins' => 'Administrators', ?>%% if the variable $wakka->config['aliases'] contains a **string** instead of an array, it is treated as a list of wikipages which maintain the group handling. in that case one of the pages should contain a group named "Administrators" (or whatever is defined in the config['admins'] variable). but to my understanding it's better for security reasons to leave the admin group in the config file (if not, make sure to restrict at least write access to the page that defines the admin group ;)) %%(php) 'WikkaSystemGroups,WikkaGroups', ?>%% a definition in a wikipage looks like this (whoever those spanish guys may be): %%Superusers: ManoloCortes,PedroTriguero,JoseVera Webmasters: JordiDan,LaraGarrido loopOne: PingUser,loopTwo # these two groups loopTwo: PongUser,loopOne # will not mess up the group handling%% ====Another approach==== I though about a simple way to deal with GroupManagement - my concept may be different: Give the power to the users and Keep it simple. - The idea is that anyuser could define a new group by creating a dedicated WikiPage: something like ""MyProjectGroup"". - Then he would write in this page all the user logins he wants to be part of the group (embeded inside plus signs to avoid confusions: +UserLogin1+UserLogin2+). - He would decide through the ACLs of this page who can manage the group list. - Then he may use this page name in the ACLs of any page in order to manage the access authorizations. - The only code needed should be that ""HasAccess"" function has to be modified in order to search if the user is part of the group or not. Check it at ACLsWithUserGroups --ChristianBarthelemy ---- CategoryUserContributions