tips:clean_acl
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
wiki:tips:clean_acl [2008-08-05 12:51] – created gbirke | tips:clean_acl [2012-05-07 15:48] (current) – 82.185.100.94 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Clean up Access Control Lists ====== | ||
+ | When pages, namespaces and users are deleted, the permission settings for them are left in the access control list (ACL). This can create a potential security risk when pages or users are created again. The following script (to be placed in the '' | ||
+ | |||
+ | <code php> | ||
+ | # | ||
+ | <?php | ||
+ | # | ||
+ | if(!defined(' | ||
+ | if(!defined(' | ||
+ | require_once DOKU_INC.' | ||
+ | require_once DOKU_INC.' | ||
+ | require_once DOKU_INC.' | ||
+ | |||
+ | // handle options | ||
+ | $short_opts = ' | ||
+ | $long_opts | ||
+ | $OPTS = Doku_Cli_Opts:: | ||
+ | if ( $OPTS-> | ||
+ | fwrite( STDERR, $OPTS-> | ||
+ | _usage(); | ||
+ | exit(1); | ||
+ | } | ||
+ | |||
+ | $QUIET = false; | ||
+ | foreach ($OPTS-> | ||
+ | switch ($key) { | ||
+ | case ' | ||
+ | case ' | ||
+ | _usage(); | ||
+ | exit; | ||
+ | case ' | ||
+ | case ' | ||
+ | $QUIET = true; | ||
+ | break; | ||
+ | } | ||
+ | } | ||
+ | |||
+ | # | ||
+ | |||
+ | function _usage() { | ||
+ | print " | ||
+ | | ||
+ | Removes entries from acl.auth.php referencing page ids that | ||
+ | don't exist anymore. | ||
+ | | ||
+ | OPTIONS | ||
+ | -h, --help | ||
+ | -q, --quiet | ||
+ | "; | ||
+ | } | ||
+ | |||
+ | # | ||
+ | function clean_acl() | ||
+ | { | ||
+ | $acls_name = DOKU_CONF.'/ | ||
+ | $acls = file($acls_name); | ||
+ | $new_acls = fopen(DOKU_CONF.'/ | ||
+ | $msg = " | ||
+ | $was_changed = false; | ||
+ | foreach($acls as $line) | ||
+ | { | ||
+ | if(trim($line) && !preg_match('/ | ||
+ | { | ||
+ | if(id_exists($line)) | ||
+ | { | ||
+ | if(user_exists($line)) | ||
+ | { | ||
+ | fwrite($new_acls, | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | _quietecho(sprintf($msg, | ||
+ | $was_changed = true; | ||
+ | } | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | _quietecho(sprintf($msg, | ||
+ | | ||
+ | } | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | fwrite($new_acls, | ||
+ | } | ||
+ | } | ||
+ | fclose($new_acls); | ||
+ | //die(); | ||
+ | if($was_changed) | ||
+ | { | ||
+ | $ok = @rename(DOKU_CONF.'/ | ||
+ | if($ok) | ||
+ | $ok = @rename(DOKU_CONF.'/ | ||
+ | else | ||
+ | _quietecho(' | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | @unlink(DOKU_CONF.'/ | ||
+ | } | ||
+ | | ||
+ | } | ||
+ | |||
+ | # | ||
+ | function id_exists($acl_line) | ||
+ | { | ||
+ | $access = preg_split("/ | ||
+ | // " | ||
+ | if($access[0]==" | ||
+ | { | ||
+ | return true; | ||
+ | } | ||
+ | // Namespace | ||
+ | elseif(preg_match('/ | ||
+ | { | ||
+ | $fn = str_replace(" | ||
+ | } | ||
+ | // Page | ||
+ | else | ||
+ | { | ||
+ | $fn = wikiFN($access[0]); | ||
+ | } | ||
+ | return file_exists($fn); | ||
+ | } | ||
+ | |||
+ | function user_exists($line) | ||
+ | { | ||
+ | static $usernames = null; | ||
+ | if(is_null($usernames)) | ||
+ | { | ||
+ | $usernames = array(); | ||
+ | foreach(file(DOKU_CONF.'/ | ||
+ | { | ||
+ | if($userline[0] == '#' | ||
+ | continue; | ||
+ | $line_arr = explode(':', | ||
+ | if(trim($line_arr[0])) | ||
+ | $usernames[] = trim($line_arr[0]); | ||
+ | } | ||
+ | } | ||
+ | list(, | ||
+ | if($user[0] == ' | ||
+ | return true; | ||
+ | return in_array(rawurldecode($user), | ||
+ | } | ||
+ | |||
+ | function _quietecho($msg) | ||
+ | { | ||
+ | global $QUIET; | ||
+ | if(!$QUIET) | ||
+ | echo $msg; | ||
+ | } | ||
+ | |||
+ | clean_acl(); | ||
+ | ?> | ||
+ | </ | ||
+ | |||
+ | ====== Manage folder tree in ACL management page ====== | ||
+ | In the ACL management page you see the folder tree you should use to manage ACL on directories. | ||
+ | \\ | ||
+ | This tree is created by Dokuwiki, respectively, | ||
+ | \\ | ||
+ | So the reason you see a different tree from what you see in '' |