DokuWiki

It's better when it's simple

User Tools

Site Tools


plugin:aclplusregex

This is an old revision of the document!


aclplusregex Plugin

Compatible with DokuWiki

  • 2020-07-29 "Hogfather" unknown
  • 2018-04-22 "Greebo" yes
  • 2017-02-19 "Frusterick Manners" unknown
  • 2016-06-26 "Elenor Of Tsort" unknown

plugin Dynamically extend DokuWiki ACLs based on regex rules

Last updated on
2020-05-04
Provides
Action
Repository
Source

Tagged with acl

A CosmoCode Plugin

This plugin allows you to set up additional Access Control Lists (ACL)s based on user's names or groups. This is especially useful where users come from external sources (like Active Directory) and follow a certain naming scheme.

Installation

Install the plugin using the Plugin Manager and the download URL above, which points to latest version of the plugin. Refer to Plugins on how to install plugins manually.

Configuration

ACLs for this plugin have to be created manually in a config file named aclplusregex.conf located in your wiki's conf directory.

The syntax of that file follows the regular ACL configuration with the three whitespace separated fields for the page/namespace, user/group regexp, ACL level1).

Unlike in the normal ACL configuration, the user/group part expects a regular expression. If it matches against the current user's login or groups the line will be treated as an additional ACL configuration.

The special thing about this plugin is is that you may use any matched pattern groups from the regexp in the page/namespace part. In addition, placeholders may be used: a * to match a single namespace or pagename and to match an arbitrary number of namespaces. The file can also be edited through the Confmanager Plugin. :!: Important: Be sure you are familiar with DokuWiki's ACL system and with writing regular expressions. If you mess up the configuration, you may give unintentional access In addition to the configuration file, there is an additional config setting that can be changed via the Configuration Manager. The plugin can either run AFTER or BEFORE DokuWiki's default ACL handling. In AFTER mode, the plugin will check the ACLs defined by this plugin and will only apply a result if it is higher than the one that DokuWiki found in it's own ACL setup. This is probably what most users want. In the BEFORE mode all plugin defined rules are checked before DokuWiki does it's own checks and if there are any rules that apply to the current user, these rules are applied and no further checking by DokuWiki is done. This may be the mode you want if you have a large amount of dynamic rules as this may be faster. ==== Examples ==== Imagine you have customer logins following the following naming scheme: customer_<customerid>_<user>. You now want to give those customers read access to their own area in your wiki under docs:customer:<customerid>:. Here's how to do it: <code> docs:customer:$1:* ^customer_(\d+)_.* 1 </code> For a user with the username customer_0815_joe the following ACL rule would be applied: <code> docs:customer:0815:* customer_0815_joe 1 </code> Please note that above example use the * placeholder. The rule would match docs:customer:0815:foo but not docs:customer:0815:foo:bar. Use the placeholder to match all namespaces bolow.

A similar setup could be done where you have two groups for each customer: customer_<customerid>_write and customer_<customerid>_read. You could use this to give different access levels to the customer namespace:

docs:customer:$1:*    ^@customer_(\d+)_read$     1
docs:customer:$1:*    ^@customer_(\d+)_write$    4

Please note that groups are prefixed with an @. Assuming user joe is in both groups, the result would look like this:

docs:customer:0815:*     joe   1
docs:customer:0815:*     joe   4

Changleog

Releases

1)
Refer to Background Infos on ACL for the different levels
plugin/aclplusregex.1588589962.txt.gz · Last modified: 2020-05-04 12:59 by andi