[TWiki-Dev] [SVN] HideyoImazu r30292 - in twiki/trunk/core: data/TWiki lib/TWiki

[<de...@de...>]

Author: HideyoImazu
Date: 2017-01-10 05:37:18 +0000 (Tue, 10 Jan 2017)
New Revision: 30292
Trac url: http://develop.twiki.org/trac/changeset/30292

Modified:
   twiki/trunk/core/data/TWiki/TWikiAccessControl.txt
   twiki/trunk/core/lib/TWiki/Access.pm
Log:
Item7766: Allow or deny access to topic in addition to allowed or denied at the web level

Modified: twiki/trunk/core/data/TWiki/TWikiAccessControl.txt
===================================================================
--- twiki/trunk/core/data/TWiki/TWikiAccessControl.txt	2017-01-10 04:18:06 UTC (rev 30291)
+++ twiki/trunk/core/data/TWiki/TWikiAccessControl.txt	2017-01-10 05:37:18 UTC (rev 30292)
@@ -1,4 +1,4 @@
-%META:TOPICINFO{author="TWikiContributor" date="1427699188" format="1.1" version="$Rev$"}%
+%META:TOPICINFO{author="TWikiContributor" date="1484026158" format="1.1" version="$Rev$"}%
 ---+ TWiki Access Control
 
 %VAR{"TWIKI_ACCESS_CONTROL_TOP" default="<nop>" ignorenull="on"}%
@@ -136,6 +136,10 @@
 For example, set this to restrict a topic to be viewable only by the !MarketingExecGroup:
    * ==Set <nop>ALLOWTOPICVIEW = <nop>%USERSWEB%.MarketingExecGroup==
 
+You may want to allow or deny access to a topic in addition to the ALLOWEB* or DENYWEB* specifies. In that case having + as the first non-space character of ALLOWTOPIC* or DENYTOPIC* has that effect.
+For example, the following setting allows view by !MarketingExecGroup in addition to the people ALLOWWEBVIEW allows.
+   * ==Set <nop>ALLOWTOPICVIEW = + <nop>%USERSWEB%.MarketingExecGroup==
+
 See "How TWiki evaluates ALLOW/DENY settings" below for more on how ALLOW and DENY interacts.
 
 %X% If the same setting is defined multiple times the last one overrides the previous. They are not OR'ed together.

Modified: twiki/trunk/core/lib/TWiki/Access.pm
===================================================================
--- twiki/trunk/core/lib/TWiki/Access.pm	2017-01-10 04:18:06 UTC (rev 30291)
+++ twiki/trunk/core/lib/TWiki/Access.pm	2017-01-10 05:37:18 UTC (rev 30292)
@@ -413,6 +413,8 @@
 
     my $allowText;
     my $denyText;
+    my $denyWeb = $prefs->getWebPreferencesValue( 'DENYWEB'.$mode, $web );
+    my $allowWeb = $prefs->getWebPreferencesValue( 'ALLOWWEB'.$mode, $web );
 
     # retrieve $TWiki::cfg{Access}{Topic}{TOPIC}
     my $cfgAccessTopic;
@@ -464,6 +466,7 @@
                 'DENYTOPIC'.$mode, $web, $topic );
         }
         if( defined( $denyText ) && $denyText =~ /\S/ ) {
+            $denyText =~ s/^\s*\+/$denyWeb, /;
             my $foreignWebDenyDynamic = 0;
             if( $isDynamic && $denyText =~ /%/ ) {
                 if( $session->{webName} ne $web ) {
@@ -504,6 +507,7 @@
     }
     if( defined( $allowText ) && $allowText =~ /\S/ ) {
         my $foreignWebAllowDynamic = 0;
+        $allowText =~ s/^\s*\+/$allowWeb, /;
         if ( $isDynamic && $allowText =~ /%/ ) {
             if ( $session->{webName} ne $web ) {
                 $foreignWebAllowDynamic = 1;
@@ -540,7 +544,7 @@
     # or is null, and DENYTOPIC is not set or is null
     my $cacheWebLevel = 1;
     unless( defined( $denyText ) && $denyText =~ /\S/ ) {
-        $denyText = $prefs->getWebPreferencesValue( 'DENYWEB'.$mode, $web );
+        $denyText = $denyWeb;
         if( defined( $denyText ) ) {
             my $foreignWebDenyDynamic = 0;
             if ( $isDynamic && $denyText =~ /%/ ) {
@@ -572,7 +576,7 @@
 
     # Check ALLOWWEB. If this is defined and not overridden by
     # ALLOWTOPIC, the user _must_ be in it.
-    $allowText = $prefs->getWebPreferencesValue( 'ALLOWWEB'.$mode, $web );
+    $allowText = $allowWeb;
 
     if( defined( $allowText ) && $allowText =~ /\S/ ) {
         my $foreignWebAllowDynamic = 0;