jablonka.czprosek.czf

websvn

Subversion Repositories:
[/] [include/] [auth.php] - Rev 1 Go to most recent revision

Compare with Previous - Blame - Download


<?php
// WebSVN - Subversion repository viewing via the web using PHP
// Copyright (C) 2004-2006 Tim Armes
//
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; either version 2 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
//
// --
//
// auth.php
//
// Handle reading and interpretation of an SVN auth file

require_once("include/accessfile.php");

define("UNDEFINED", 0);
define("ALLOW", 1);
define("DENY", 2);

class Authentication {
  var $rights;
  var $user;
  var $usersGroups = array();

  // {{{ __construct

  function Authentication($accessfile) {
    $this->rights = new IniFile();
    $this->rights->readIniFile($accessfile);
    $this->setUsername();
    $this->identifyGroups();
  }

  // }}}

  // {{{ setUsername()
  //
  // Set the username from the current http session

  function setUsername() {
    if (isset($_SERVER["REMOTE_USER"])) {
      $this->user = $_SERVER["REMOTE_USER"];
    } else if (isset($_SERVER["REDIRECT_REMOTE_USER"])) {
      $this->user = $_SERVER["REDIRECT_REMOTE_USER"];
    }
  }

  // }}}

  // {{{ identifyGroups()
  //
  // Checks to see which groups the user belongs to

  function identifyGroups() {
    $this->usersGroups[] = "*";

    if (is_array($this->rights->getValues("groups"))) {
      foreach ($this->rights->getValues("groups")as $group => $names) {
        if (in_array(strtolower($this->user), preg_split('/\s*,\s*/', $names))) {
          $this->usersGroups[] = "@".$group;
        }

        foreach ($this->usersGroups as $users_group) {
          if (in_array($users_group, preg_split('/\s*,\s*/', $names))) {
            $this->usersGroups[] = "@".$group;
          }
        }
      }
    }
  }

  // }}}

  // {{{ inList
  //
  // Check if the user is in the given list and return their read status
  // if they are (UNDEFINED, ALLOW or DENY)

  function inList($accessors, $user) {
    $output = UNDEFINED;
    foreach ($accessors As $key => $rights) {
      $keymatch = false;

      if (in_array($key, $this->usersGroups) || !strcmp($key, strtolower($user))) {
        $keymatch = true;
      }

      if ($keymatch) {
        if (strpos($rights, "r") !== false) {
          return ALLOW;
        } else {
          $output = DENY;
        }
      }
    }

    return $output;
  }

  // }}}

  // {{{ hasReadAccess
  //
  // Returns true if the user has read access to the given path

  function hasReadAccess($repos, $path, $checkSubFolders = false) {
    $access = UNDEFINED;
    $repos = strtolower($repos); // .ini parser converts groups to lower-case
    $path = strtolower($path);
    if ($path == '' || $path{0} != "/") {
      $path = "/$path";
    }

    // If were told to, we should check sub folders of the path to see if there's
    // a read access below this level.  This is used to display the folders needed
    // to get to the folder to which read access is granted.

    if ($checkSubFolders) {
      $sections = $this->rights->getSections();

      foreach ($sections As $section => $accessers) {
        $qualified = $repos.":".$path;
        $len = strlen($qualified);
        if ($len < strlen($section) && strncmp($section, $qualified, $len) == 0) {
          $access = $this->inList($accessers, $this->user);
        }

        if ($access != ALLOW) {
          $len = strlen($path);
          if ($len < strlen($section) && strncmp($section, $path, $len) == 0) {
            $access = $this->inList($accessers, $this->user);
          }
        }

        if ($access == ALLOW) {
          break;
        }
      }
    }

    // If we still don't have access, check each subpath of the path until we find an
    // access level...

    if ($access != ALLOW) {
      $access = UNDEFINED;

      do {
        $accessers = $this->rights->getValues($repos.":".$path);
        if (!empty($accessers)) {
          $access = $this->inList($accessers, $this->user);
        }

        if ($access == UNDEFINED) {
          $accessers = $this->rights->getValues($path);
          if (!empty($accessers)) {
            $access = $this->inList($accessers, $this->user);
          }
        }

        // If we've not got a match, remove the sub directory and start again
        if ($access == UNDEFINED) {
          if ($path == "/") {
            break;
          }
          $path = substr($path, 0, strrpos(substr($path, 0, -1), "/") + 1);
        }

      } while ($access == UNDEFINED && $path != "");
    }

    return $access == ALLOW;
  }

  // }}}

  // {{{ hasUnrestrictedReadAccess
  //
  // Returns true if the user has read access to the given path and too
  // all subfolders

  function hasUnrestrictedReadAccess($repos, $path) {
    // First make sure that we have full read access at this level

    if (!$this->hasReadAccess($repos, $path, false)) {
      return false;
    }

    // Now check to see if there is a sub folder that's protected
    $repos = strtolower($repos); // .ini parser converts groups to lower-case
    $path = strtolower($path);

    $sections = $this->rights->getSections();

    foreach ($sections As $section => $accessers) {
      $qualified = $repos.":".$path;
      $len = strlen($qualified);
      $access = UNDEFINED;

      if ($len <= strlen($section) && strncmp($section, $qualified, $len) == 0) {
        $access = $this->inList($accessers, $this->user);
      }

      if ($access != DENY) {
        $len = strlen($path);
        if ($len <= strlen($section) && strncmp($section, $path, $len) == 0) {
          $access = $this->inList($accessers, $this->user);
        }
      }

      if ($access == DENY) {
        return false;
      }
    }

    return true;
  }

  // }}}

}

Powered by WebSVN 2.2.1