Deny View Problem

Deny View in combination with ADFS groups is now working.

Installing

Copy ADFSUserMapping.pm in /twiki/lib/TWiki/Users/
Alter Access.pm to read out variables:

new Access.pm module

steps: creating global variables for topic text and webprefs text to use in isInList.
Code has changed in
Line 00001
Line 00006
Line 00073

    1our ($text2, $text3);             # new global variable
    2
    3sub checkAccessPermission {
    4    my( $this, $mode, $user, $text, $meta, $topic, $web ) = @_;
    5
    6   $text2 = $text;                            # new global variable
    7
    8    undef $this->{failure};
    9
   10    print STDERR "Check $mode access $user to ". ($web||'undef'). '.'. ($topic||'undef')."\n" if MONITOR;
   11    #TWiki::Func::writeDebug("Check $mode access $user to ". ($web||'undef'). '.'. ($topic||'undef')."\n") if $debug;
   12    # super admin is always allowed
   13    if( $this->{session}->{users}->isAdmin( $user ) ) {
   14        print STDERR "$user - ADMIN\n" if MONITOR;
   15        return 1;
   16    }
   17
   18    $mode = uc( $mode );  # upper case
   19	
   20    my $prefs = $this->{session}->{prefs};
   21 	 
   22    my $allowText;
   23    my $denyText;
   24	
   25    # extract the * Set (ALLOWTOPIC|DENYTOPIC)$mode
   26    if( defined $text ) {
   27        # override topic permissions.
   28        $allowText = $prefs->getTextPreferencesValue(
   29            'ALLOWTOPIC'.$mode, $text, $meta, $web, $topic );
   30        $denyText = $prefs->getTextPreferencesValue(
   31            'DENYTOPIC'.$mode, $text, $meta, $web, $topic );
   32
   33	} elsif( $topic ) {
   34        $allowText = $prefs->getTopicPreferencesValue( 'ALLOWTOPIC'.$mode,
   35                                                       $web, $topic );
   36        $denyText = $prefs->getTopicPreferencesValue( 'DENYTOPIC'.$mode,
   37                                                      $web, $topic );
   38    }
   39      
   40	
   41    # Check DENYTOPIC
   42    if( defined( $denyText ) ) {
   43        if( $denyText =~ /\S$/ ) {
   44            if( ($this->{session}->{users}->isInList( $user, $denyText) )) {
   45                $this->{failure} = $this->{session}->i18n->maketext('access denied on topic');
   46                print STDERR $this->{failure}." ($denyText)\n" if MONITOR;
   47		return 0;
   48            }
   49        } else {
   50            # If DENYTOPIC is empty, don't deny _anyone_
   51            print STDERR "DENYTOPIC is empty\n" if MONITOR;
   52            return 1;
   53        }
   54    }
   55
   56    # Check ALLOWTOPIC. If this is defined the user _must_ be in it
   57    if( defined( $allowText ) && $allowText =~ /\S/ ) {
   58        if( $this->{session}->{users}->isInList( $user, $allowText )) {
   59            print STDERR "in ALLOWTOPIC\n" if MONITOR;
   60            return 1;
   61        }
   62        $this->{failure} = $this->{session}->i18n->maketext('access not allowed on topic');
   63        print STDERR $this->{failure}." ($allowText)\n" if MONITOR;
   64        return 0;
   65    }
   66
   67    # Check DENYWEB, but only if DENYTOPIC is not set (even if it
   68    # is empty - empty means "don't deny anybody")
   69    unless( defined( $denyText )) {
   70        $denyText =
   71          $prefs->getWebPreferencesValue( 'DENYWEB'.$mode, $web );
   72
   73$text3 = $denyText;	                              # new global variable
   74
   75        if( defined( $denyText ) &&
   76              $this->{session}->{users}->isInList( $user, $denyText )) {
   77            $this->{failure} = $this->{session}->i18n->maketext('access denied on web');
   78            print STDERR $this->{failure}."\n" if MONITOR;
   79            return 0;
   80        }
   81    }
   82
   83    # Check ALLOWWEB. If this is defined and not overridden by
   84    # ALLOWTOPIC, the user _must_ be in it.
   85    $allowText = $prefs->getWebPreferencesValue( 'ALLOWWEB'.$mode, $web );
   86
   87    if( defined( $allowText ) && $allowText =~ /\S/ ) {
   88        unless( $this->{session}->{users}->isInList( $user, $allowText )) {
   89            $this->{failure} = $this->{session}->i18n->maketext('access not allowed on web');
   90            print STDERR $this->{failure}."\n" if MONITOR;
   91            return 0;
   92        }
   93    }
   94
   95    # Check DENYROOT and ALLOWROOT, but only if web is not defined
   96    unless( $web ) {
   97        $denyText =
   98          $prefs->getPreferencesValue( 'DENYROOT'.$mode, $web );
   99        if( defined( $denyText ) &&
  100              $this->{session}->{users}->isInList( $user, $denyText )) {
  101            $this->{failure} = $this->{session}->i18n->maketext('access denied on root');
  102            print STDERR $this->{failure}."\n" if MONITOR;
  103            return 0;
  104        }
  105
  106        $allowText = $prefs->getPreferencesValue( 'ALLOWROOT'.$mode, $web );
  107
  108        if( defined( $allowText ) && $allowText =~ /\S/ ) {
  109            unless( $this->{session}->{users}->isInList( $user, $allowText )) {
  110                $this->{failure} = $this->{session}->i18n->maketext('access not allowed on root');
  111                print STDERR $this->{failure}."\n" if MONITOR;
  112                return 0;
  113            }
  114        }
  115    }
  116
  117    if( MONITOR ) {
  118        print STDERR "OK, permitted\n";
  119        print STDERR "ALLOW: $allowText\n" if defined $allowText;
  120        print STDERR "DENY: $denyText\n" if defined $denyText;
  121    }
  122    return 1;
  123}

-- AlexanderBernegger - 19-Apr-2010

Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r2 - 2010-04-21 - unknown
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    Main All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback