Learn about DokuWiki
Learn about DokuWiki
Compatible with DokuWiki
This plugin selectively renders portion of the wiki page for certain users or groups (or combination of these conditions). The content is not truly hidden, it is just not rendered (it is still visibile on the source).
<ifauth @user> Visible only to logged in users </ifauth>
<ifauth @admin> Visible only to admins </ifauth>
<ifauth testuser> Visible only to the user ''testuser'' </ifauth>
<ifauth @user && !@admin> Visible only to logged in users who are not admins </ifauth>
<ifauth !eviluser> Hidden to ''eviluser'' </ifauth>
<ifauth @経営企画本部 && !@企画部> Visible to the corporate planning division but not the planning department. This requires the ''mbstring'' extension to be loaded. </ifauth>
<ifauth !@user> Hidden to logged in users </ifauth>
<ifauth !@user || testuser> Visible only to ''testuser'' and when you are not logged in </ifauth>
<ifauth @staff && @admin> Visible only to members of the staff who are admin too </ifauth>
In the examples above
<ifauth EXPR>Content to selectively display</ifauth>
The content will be rendered only if the access condition described by
EXPR is satisfied.
EXPR is built using the standard PHP logical operators NOT
|| and the parentheses
(SUBEXPR). The access conditions are described using the following literals:
@grouptrue if and only if the viewing user is a member of
user(not preceded by
@): true exclusively if
useris the viewer of the page
You can form arbitrary expressions such as the ones in the examples above, or more sophisticated such as
(usr1 || @grp1 || usr2) && (@grp2 || !@grp3 && @grp4).
In user names and group names, you can use letters, numbers, dots
-, and underscores
_. In fact, you can use anything matched by the regular expression
[\w.-]+, including UTF-8 multibyte characters (although that requires the
mbstring extension to be active).
If you need to use any other character, you must wrap the user name in double quotes, e.g.
"user name with space", see below.
,instead of the OR operator
mbstringto be loaded.
If you have user or group names which contains characters other than those mentioned above (
[\w.-]+), you can still specify them, but you have to quote them. The rules are as follows:
"user or group name".
"A quote \" in the name"identifies
A quote " in the name.
Quotes go around the user name and group name; logical operators (e.g.
!) and the in-group operator
@ remain outside, as in
@"DOMAIN\\Admins" && !"DOMAIN\\EvilAdmin".
~~NOCACHE~~, it's done automatically.
<p>tags around its content,
<ifauth OUTER> Content </ifauth> <ifauth OUTER && INNER> More restricted content </ifauth> <ifauth OUTER> Again content </ifauth>
<ifauth @users && !@addmin> This content will be accidentally visible to admins. </ifauth>
<ifauth me && someoneelse &&> This will never render, did you forget something? </ifauth>
This plugin intends to replace the ifauth Plugin, but it's an independent reboot. By design, it features exactly the same syntax, plus the extra logical operators, borrowed from PHP. You can just deactivate ifauth, and activate ifauthex.
The case for writing a different plugin is because ifauth can only “or” the
conditions that are specified. We had the need of specifying precisely the
@users && !@admin, and this simple expression already cannot
be specified in ifauth. So we generalized the syntax to arbitrary Boolean
expression (in for a penny…).
Goes without saying, this plugin does not use
The plugin contains internally a relatively simple tokenizer and lexer/parser, which generates an abstract syntax tree and can evaluate it depending on the operations defined. It is not super efficient or the most flexible, but it does the job and it's reconfigurable. It is implemented in
ifauthex/lib/, in the files
The grammar for this specific application is independently defined in
ifauthex/lib/grammar.php, so tokenizer, lexer and parsers could be reused for other plugins.