Revision [4037]

This is an old revision of GroupManagement made by ChristianBarthelemy on 2005-01-05 23:05:11.

 

Group-Management

thanks for the kind permission given by victor manuel varela, who achieved the basic concept.

the following changes have been made to the wakkaaliases:


the following functions are new to the wakka class:

<?
// aliases stuff, written by http://www.nivel0.net/VictorManuelVarela/
function BuildAliasesArray () {
    if (! is_array($this->config['aliases'])) $this->config['aliases'] = array ('+' => $this->config['aliases']);

    // check for aliases in Wakka pages
    if (isset($this->config['aliases']['+'])) {
        $aliasPages = explode(",", $this->config['aliases']['+']);
        for ($i = count($aliasPages)-1; $i >= 0; $i--) { // any idea why the last page should be included first?
            $aliasPage = $this->LoadPage($aliasPages[$i]);
            foreach (explode("\n", $aliasPage['body']) as $line) {
                // stripping comments
                if (preg_match("/^(.*)?#/", $line, $matches) $line = $matches[1];

                $atmp = explode(':',$line);
                $aliases[trim($atmp[0])] = trim($atmp[1]);
            }
        }
        $this->config['aliases'] = array_merge($this->config['aliases'], $aliases);
        unset($this->config['aliases']['+']);
        unset($this->config['aliases']['']);
    }
}

function ReplaceAliases ($acl) {
    if (!$this->config['aliases']) return $acl;

    $list = array();
    $new_acl = "";
    foreach (explode("\n", $acl) as $line) {
        $line = trim($line);
        // check for inversion character "!"
        if (preg_match("/^[!](.*)$/", $line, $matches)) {
            $negate = "!";
            $line = trim($matches[1]);
        } else $negate = "";

        if ($this->config["aliases"][$line]) $list = $this->GetMembers($line); else $list[] = $line;
        $new_acl .= $negate.join("\n".$negate, $list)."\n";
    }
    return $new_acl;
}

function GetMembers($group) {
    $result = array();
    if ($group && $groups = $this->config['aliases']) {
        $result = array(trim($group));
        do {
            $replaced = false; $list = array();
            foreach ($result as $line) {
                if (isset($groups[$line])) {
                    foreach (explode (',', $current) as $item) $list[] = trim($item);
                    $replaced = true;
                    $groups[$line] = ''; // include a group only once!
                } else $list[] = trim($line);
            }
            $result = $list;
        } while ($replaced);
    }
    return array_unique($result);
}

function IsMember($group, $user = "") {
    if (!$user) $user = $this->GetUserName();
    if (in_array($user, $this->GetMembers($group))) return true;
}
?>


the first function will be called in the run() routine (see diff for changes, codebase is wikka 1.1.3.8)

<?
    function Run($tag, $method = "")
    {
        // do our stuff!
        if (!$this->method = trim($method)) $this->method = "show";
        if (!$this->tag = trim($tag)) $this->Redirect($this->href("", $this->config["root_page"]));
        $this->BuildGroupsArray();
        if ((!$this->GetUser() && isset($_COOKIE["name"])) && ($user = $this->LoadUser($_COOKIE["name"], $_COOKIE["password"]))) $this->SetUser($user);
        $this->SetPage($this->LoadPage($tag, (isset($_REQUEST["time"]) ? $_REQUEST["time"] :'')));

        $this->LogReferrer();
        $this->ACLs = $this->LoadAllACLs($this->tag);
        $this->ReadInterWikiConfig();
        if(!($this->GetMicroTime()%3)) $this->Maintenance();

        if (preg_match('/\.(xml|cgi|php)$/', $this->method)) // this tweak is not related to the group management, but quite handy ;)
        {
            print($this->Method($this->method));
        }
        elseif (preg_match('/\.(gif|jpg|png)$/', $this->method))
        {
            header('Location: images/' . $this->method);
        }
        elseif (preg_match('/\.css$/', $this->method))
        {
            header('Location: css/' . $this->method);
        }
        else
        {
            header('Last-Modified: '.gmdate("r", strtotime($this->page["time"]))); // just another little fix
            print($this->Header().$this->Method($this->method).$this->Footer());
        }
    }
?>


the second one every time, the hasaccess() function needs an acl list

<?
    function HasAccess($privilege, $tag = "", $user = "")
    {
        // set defaults
        if (!$tag) $tag = $this->GetPageTag();
        if (!$user) $user = $this->GetUserName();

        // if current user is owner, return true. owner can do anything!
        if ($this->UserIsOwner($tag)) return true;

        // see whether user is registered and logged in
        if ($this->GetUser()) $registered = true;

        // load acl
        if ($tag == $this->GetPageTag())
        {  
            $acl = $this->ACLs[$privilege."_acl"];
        }
        else
        {
            $tag_ACLs = $this->LoadAllACLs($tag);
            $acl = $tag_ACLs[$privilege."_acl"];
        }
        // replace group names with the respective member list
        $acl["list"] = $this->ReplaceGroups($acl["list"]);

        // fine fine... now go through acl
        foreach (explode("\n", $acl) as $line)
        {
            // check for inversion character "!"
            if (preg_match("/^[!](.*)$/", $line, $matches))
            {
                $negate = 1;
                $line = $matches[1];
            }
            else
            {
                $negate = 0;
            }

            // cut off comment (allows comments in one line after an acl item)
            if (preg_match("/^(.*)[#].*$/", $line, $matches)) $line = trim($matches[1]);

            // if there's still anything left... lines with just a "!" don't count!
            if ($line)
            {
                switch ($line[0])
                {
                // everyone
                case "*":
                    return !$negate;
                // only registered users
                case "+":
                    // return ($registered) ? !$negate : false;
                    return ($registered) ? !$negate : $negate;
                // aha! a user entry.
                default:
                    if ($line == $user)
                    {
                        return !$negate;
                    }
                }
            }
        }

        // tough luck.
        return false;
    }
?>


now we can hook in the isAdmin() function (caution: wikka then expects a group in $wakka->config["admins"]!):

<?
function IsAdmin() { return $this->IsMember($this->config["admins"]); }
?>


and the wikka.config.php yet needs to be adjusted

<?
'aliases' => array
    ('Administrators' => 'BillGates,JoseMariaAznar,GeorgeBush',
    'DangerousPeople' => 'Administrators,DreckFehler',
    '+' => 'WikkaGroups,MoreWikkaGroups'),
'admins' => 'Administrators',
?>


if the variable $wakka->config['aliases'] contains a string instead of an array, it is treated as a list of wikipages which maintain the group handling. in that case one of the pages should contain a group named "Administrators" (or whatever is defined in the config['admins'] variable). but to my understanding it's better for security reasons to leave the admin group in the config file (if not, make sure to restrict at least write access to the page that defines the admin group ;))

<? 'aliases' => 'WikkaSystemGroups,WikkaGroups', ?>


a definition in a wikipage looks like this (whoever those spanish guys may be):

Superusers: ManoloCortes,PedroTriguero,JoseVera
Webmasters: JordiDan,LaraGarrido
loopOne: PingUser,loopTwo # these two groups 
loopTwo: PongUser,loopOne # will not mess up the group handling


Another approach


I though about a simple way to deal with GroupManagement - my concept may be different: Give the power to the users and Keep it simple.


So in wikka.php add the CheckGroupMember function (after TrimACLs function for example):

php
	// returns true if $who is member of $group
	function CheckGroupMember($who, $group)
	{
		$thegroup=$this->LoadPage($group);
		if ($thegroup) {
			$search = "+".$who."+"; // In the GroupListPages, the participants logins have to be embbeded inside '+' signs
			echo substr_count($thegroup["body"], $search); 
			return substr_count($thegroup["body"], $search);
		}
		else return false;
	}


Then change HasAccess function:

from:

php
	                                               // aha! a user entry.
				default:
					if ($line == $user)
					{
						return !$negate;
					}


to:

php
	                                               // aha! a user entry.
				default:
					if ($line == $user)
					{
						return !$negate;
					}
					// this may be a UserGroup so we check if $user is part of the group
					else if (($this->CheckGroupMember($user, $line)))
					{
						return !$negate;
					}



CategoryDevelopment
There are 5 comments on this page. [Show comments]
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki