jablonka.czprosek.czf

websvn

Subversion Repositories:
[/] [include/] [auth.php] - Blame information for rev 3

 

Line No. Rev Author Line
11simandl<?php
2// WebSVN - Subversion repository viewing via the web using PHP
3// Copyright (C) 2004-2006 Tim Armes
4//
5// This program is free software; you can redistribute it and/or modify
6// it under the terms of the GNU General Public License as published by
7// the Free Software Foundation; either version 2 of the License, or
8// (at your option) any later version.
9//
10// This program is distributed in the hope that it will be useful,
11// but WITHOUT ANY WARRANTY; without even the implied warranty of
12// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13// GNU General Public License for more details.
14//
15// You should have received a copy of the GNU General Public License
16// along with this program; if not, write to the Free Software
17// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18//
19// --
20//
21// auth.php
22//
23// Handle reading and interpretation of an SVN auth file
24 
25require_once("include/accessfile.php");
26 
27define("UNDEFINED", 0);
28define("ALLOW", 1);
29define("DENY", 2);
30 
31class Authentication {
32 var $rights;
33 var $user;
34 var $usersGroups = array();
35 
36 // {{{ __construct
37 
38 function Authentication($accessfile) {
39 $this->rights = new IniFile();
40 $this->rights->readIniFile($accessfile);
41 $this->setUsername();
42 $this->identifyGroups();
43 }
44 
45 // }}}
46 
47 // {{{ setUsername()
48 //
49 // Set the username from the current http session
50 
51 function setUsername() {
52 if (isset($_SERVER["REMOTE_USER"])) {
53 $this->user = $_SERVER["REMOTE_USER"];
54 } else if (isset($_SERVER["REDIRECT_REMOTE_USER"])) {
55 $this->user = $_SERVER["REDIRECT_REMOTE_USER"];
563simandl } else if (isset($_SERVER["PHP_AUTH_USER"])) {
57 $this->user = $_SERVER["PHP_AUTH_USER"];
581simandl }
59 }
60 
61 // }}}
62 
63 // {{{ identifyGroups()
64 //
653simandl // Checks to see which groups and aliases the user belongs to
661simandl 
67 function identifyGroups() {
683simandl $this->usersGroups[] = '*';
691simandl 
703simandl $aliases = $this->rights->getValues('aliases');
71 if (is_array($aliases)) {
72 foreach ($aliases as $alias => $user) {
73 if ($user == strtolower($this->user)) {
74 $this->usersGroups[] = '&'.$alias;
75 }
76 }
77 }
78 
79 $groups = $this->rights->getValues('groups');
80 if (is_array($groups)) {
81 foreach ($groups as $group => $names) {
821simandl if (in_array(strtolower($this->user), preg_split('/\s*,\s*/', $names))) {
833simandl $this->usersGroups[] = '@'.$group;
841simandl }
85 
86 foreach ($this->usersGroups as $users_group) {
87 if (in_array($users_group, preg_split('/\s*,\s*/', $names))) {
883simandl $this->usersGroups[] = '@'.$group;
891simandl }
90 }
91 }
92 }
93 }
94 
95 // }}}
96 
97 // {{{ inList
98 //
99 // Check if the user is in the given list and return their read status
100 // if they are (UNDEFINED, ALLOW or DENY)
101 
102 function inList($accessors, $user) {
103 $output = UNDEFINED;
104 foreach ($accessors As $key => $rights) {
105 if (in_array($key, $this->usersGroups) || !strcmp($key, strtolower($user))) {
106 if (strpos($rights, "r") !== false) {
107 return ALLOW;
108 } else {
109 $output = DENY;
110 }
111 }
112 }
113 
114 return $output;
115 }
116 
117 // }}}
118 
119 // {{{ hasReadAccess
120 //
121 // Returns true if the user has read access to the given path
122 
123 function hasReadAccess($repos, $path, $checkSubFolders = false) {
124 $access = UNDEFINED;
125 $repos = strtolower($repos); // .ini parser converts groups to lower-case
126 $path = strtolower($path);
127 if ($path == '' || $path{0} != "/") {
128 $path = "/$path";
129 }
130 
131 // If were told to, we should check sub folders of the path to see if there's
132 // a read access below this level. This is used to display the folders needed
133 // to get to the folder to which read access is granted.
134 
135 if ($checkSubFolders) {
136 $sections = $this->rights->getSections();
137 
138 foreach ($sections As $section => $accessers) {
139 $qualified = $repos.":".$path;
140 $len = strlen($qualified);
141 if ($len < strlen($section) && strncmp($section, $qualified, $len) == 0) {
142 $access = $this->inList($accessers, $this->user);
143 }
144 
145 if ($access != ALLOW) {
146 $len = strlen($path);
147 if ($len < strlen($section) && strncmp($section, $path, $len) == 0) {
148 $access = $this->inList($accessers, $this->user);
149 }
150 }
151 
152 if ($access == ALLOW) {
153 break;
154 }
155 }
156 }
157 
158 // If we still don't have access, check each subpath of the path until we find an
159 // access level...
160 
161 if ($access != ALLOW) {
162 $access = UNDEFINED;
163 
164 do {
165 $accessers = $this->rights->getValues($repos.":".$path);
166 if (!empty($accessers)) {
167 $access = $this->inList($accessers, $this->user);
168 }
169 
170 if ($access == UNDEFINED) {
171 $accessers = $this->rights->getValues($path);
172 if (!empty($accessers)) {
173 $access = $this->inList($accessers, $this->user);
174 }
175 }
176 
177 // If we've not got a match, remove the sub directory and start again
178 if ($access == UNDEFINED) {
179 if ($path == "/") {
180 break;
181 }
182 $path = substr($path, 0, strrpos(substr($path, 0, -1), "/") + 1);
183 }
184 
185 } while ($access == UNDEFINED && $path != "");
186 }
187 
188 return $access == ALLOW;
189 }
190 
191 // }}}
192 
193 // {{{ hasUnrestrictedReadAccess
194 //
195 // Returns true if the user has read access to the given path and too
196 // all subfolders
197 
198 function hasUnrestrictedReadAccess($repos, $path) {
199 // First make sure that we have full read access at this level
200 
201 if (!$this->hasReadAccess($repos, $path, false)) {
202 return false;
203 }
204 
205 // Now check to see if there is a sub folder that's protected
206 $repos = strtolower($repos); // .ini parser converts groups to lower-case
207 $path = strtolower($path);
208 
209 $sections = $this->rights->getSections();
210 
211 foreach ($sections As $section => $accessers) {
212 $qualified = $repos.":".$path;
213 $len = strlen($qualified);
214 $access = UNDEFINED;
215 
216 if ($len <= strlen($section) && strncmp($section, $qualified, $len) == 0) {
217 $access = $this->inList($accessers, $this->user);
218 }
219 
220 if ($access != DENY) {
221 $len = strlen($path);
222 if ($len <= strlen($section) && strncmp($section, $path, $len) == 0) {
223 $access = $this->inList($accessers, $this->user);
224 }
225 }
226 
227 if ($access == DENY) {
228 return false;
229 }
230 }
231 
232 return true;
233 }
234 
235 // }}}
236 
237}

Powered by WebSVN 2.2.1