====== IfAuth Plugin ======
---- plugin ----
description: Set portion of page to be displayed/hidden for authorized group
author : Otto Vainio
email : otto@valjakko.net
type : Syntax
lastupdate : 2005-09-23
compatible : Frusterick Manners, 2009-12-25c, Anteater, Rincewind, Binky, Ponder Stibbons, Hrun, Greebo, !Hogfather
depends :
conflicts :
similar : showif, condition, isauth, nodisp, ifauthex
tags : acl, groups, hide, if, users
downloadurl: http://koti.mbnet.fi/oiv/pubtest/ifauth.zip
----
^ :!: There is a new plugin [[plugin:ifauthex|ifauthex]] which is actively updated. You may want to use it instead :!:\\ --- [[user>oiv|oiv]] //2019-01-11 23:22// ^
===== Description =====
With this plugin you can set portion of page to be displayed/hidden for authorized user or group.
The text is still on the page, but not displayed. For true hiding, you would have to use the nodisp or include plugin and set the appropriate ACLs.
**Please note! The page is always set as not cached! So it will impact performance!**
==== Syntax ====
**Basic Syntax**
* Just wrap the text, where the access authorization shall be checked with XML Style Tag \\
* userName: the user listed is __allowed__ to see the text
* @groupName: members of the group listed, are __allowed__ to see the text
* !userName: everyone //except// the user listed with **!** is __allowed__ to see the text (This is //not// the same as saying the user listed is __NOT allowed__ to see the text. This condition does not restrict visibility to users authorized by previous rules. Every additional rule widens the number of users who can see the text.)
* Any number of rules can be added to the list, but make sure there is no white space between a comma and an exclamation mark! The rules are OR'ed, so each additional rule expands the set of authorized viewers.
**More Examples**
^ condition ^ text is visible ... ^
|
and
) marks around the text. >> Ok the removal of paragraph marks was broken. No should have better checks. >> --- //[[otto@valjakko.net|Otto Vainio]] 2005-09-26 08:46// >>> Removal of tags is broken with latest version. Fix:
>>> \n' from start and '\n \n")) {
$r = substr($r,5);
}
if (stristr(substr($r,-7),"\n\n
// Remove '\n
--- SherriW 2009-02-04
>>> I have a fixed version if anyone needs it.
>>> --- //[[mail@lukehowson.com|Luke Howson]] 2007-05-03//
> And what about hide text from not authorized group? Like: //
tags Needs to be fixed. Fix:
> \n' from start and '\n \n")) {
$r = substr($r,5);
}
if (stristr(substr($r,-7),"\n\n
// Remove '\n
*/
if(!defined('DOKU_INC')) define('DOKU_INC',realpath(dirname(__FILE__).'/../../').'/');
if(!defined('DOKU_PLUGIN')) define('DOKU_PLUGIN',DOKU_INC.'lib/plugins/');
require_once(DOKU_PLUGIN.'syntax.php');
/**
* All DokuWiki plugins to extend the parser/rendering mechanism
* need to inherit from this class
*/
class syntax_plugin_ifauth extends DokuWiki_Syntax_Plugin {
/**
* return some info
*/
function getInfo(){
return array(
'author' => 'Otto Vainio',
'email' => 'oiv-ifauth@valjakko.net',
'date' => '2005-09-23',
'name' => 'ifauth plugin',
'desc' => 'Show content at this time',
'url' => 'http://wiki.splitbrain.org/wiki:plugins',
);
}
/**
* What kind of syntax are we?
*/
function getType(){
return 'substition';
}
/**
* Paragraph Type
*
* Defines how this syntax is handled regarding paragraphs. This is important
* for correct XHTML nesting. Should return one of the following:
*
* 'normal' - The plugin can be used inside paragraphs
* 'block' - Open paragraphs need to be closed before plugin output
* 'stack' - Special case. Plugin wraps other paragraphs.
*
* @see Doku_Handler_Block
*/
function getPType() {
return 'normal';
}
function getSort(){
return 360;
}
function connectTo($mode) {
$this->Lexer->addEntryPattern('(?=.*?\x3C/ifauth\x3E)',$mode,'plugin_ifauth');
}
function postConnect() {
$this->Lexer->addExitPattern('','plugin_ifauth');
}
/**
* Handle the match
*/
function handle($match, $state, $pos, Doku_Handler $handler){
switch ($state) {
case DOKU_LEXER_ENTER :
// remove
$auth = trim(substr($match, 8, -1));
// explode wanted auths
$aauth = explode(",",$auth);
return array($state, $aauth);
case DOKU_LEXER_UNMATCHED : return array($state, $match);
case DOKU_LEXER_EXIT : return array($state, '');
}
return array();
}
/**
* Create output
*/
function render($mode, Doku_Renderer $renderer, $data) {
// ifauth stoes wanted user/group array
global $ifauth;
// grps hold curren user groups and userid
global $grps;
global $INFO;
if($mode == 'xhtml'){
list($state, $match) = $data;
switch ($state) {
case DOKU_LEXER_ENTER :
// Store wanted groups/userid
$ifauth=$match;
// Store current user info. Add '@' to the group names
$grps=array();
if (is_array($INFO['userinfo'])) {
foreach($INFO['userinfo']['grps'] as $val) {
$grps[]="@" . $val;
}
}
$grps[]=$_SERVER['REMOTE_USER'];
break;
case DOKU_LEXER_UNMATCHED :
$rend=0;
// Loop through each wanted user / group
foreach($ifauth as $val) {
$not=0;
// Check negation
if (substr($val,0,1)=="!") {
$not=1;
$val=substr($val,1);
}
// FIXME More complicated rules may be wanted. Currently any rule that matches for render overrides others.
// If current user/group found in wanted groups/userid, then render.
if ($not==0 && in_array($val,$grps)) {
$rend=1;
}
// If user set as not wanted (!) or not found from current user/group then render.
if ($not==1 && !in_array($val,$grps)) {
$rend=1;
}
}
if ($rend>0) {
$r = p_render('xhtml',p_get_instructions($match),$info);
// Remove '\n\n' from start and '\n\n' from the end.
if (stristr(substr($r,0,5),"\n\n")) {
$r = substr($r,5);
}
if (stristr(substr($r,-7)," \n
\n")) {
$r = substr($r,0,-7);
}
$renderer->doc .= $r;
}
$renderer->nocache();
break;
case DOKU_LEXER_EXIT :
break;
}
return true;
}
return false;
}
}
?>
--- [[user>Juergen_aus_Zuendorf|Juergen_aus_Zuendorf]] //2018-02-06 17:44//\\
-> Changes for compatibility to PHP7:\\
"&$handler" and "&$renderer" to "Doku_Handler $handler" and "Doku_Renderer $renderer"
===== Discussion =====
>This plugin messes up the Header levels causing them to nest/indent improperly. I've also come across situations where it caused the section edit buttons to be located improperly, and function improperly. Anyone know how to fix that? EDIT: the [[plugin:outdent]] plugin can help with the indenting problem (but not the section edit button problem). I suspect the plugin needs to be written to run BEFORE the rest of the syntax on the page is parsed.
>>To avoid this I use the [[include]] plugin as workaround:
>>The part of the wiki page that should be hided has to be moved to another page and then be included by %%{{page>...}}%%. Then the section edit function can be used in the included page.
>> --- [[user>Juergen_aus_Zuendorf|Juergen_aus_Zuendorf]] //2018-10-30 13:13//
>What's happen if someone show source of page ? do they see the hidden text ?
>> Yes they do. I should document that here.
>> There was [[http://ktyp.com/dev/doku/dokuwiki/hacks/hidephp|this patch]] for older version of DokuWiki to not show PHP code if user was not logged in. Would be a nice feature to register your plugin so that you cannot see the source between your tags. --- //[[otto@valjakko.net|Otto Vainio]] 2005-09-23 14:50//
>>> Sure wish email subscriptions were active for this page... --- //[[caylan@aero.und.edu|Caylan Larson]] 2005-10-05 17:13//
> I was hoping to use this plugin to hide rows in a table (so users would see a filtered selection of rows relevant to them). However the table gets broken at the point that the tags are inserted. Is there any way round this. I can see that the problem might be in the table code rather than anything you can tackle! I can of course hide the text inside each cell in the table that that will look pretty odd :-D --- //[[gjw@iqx.co.uk|Justin Willey]] 2006-06-10 21:00//
>> That __could__ be fixed by setting the sort number for the plugin lower than what table has. I cannot check this now. Will try next week. Or you can try it self also :-) --- //[[otto@valjakko.net|Otto Vainio]] 2006-06-10 13:19//
>>> Hi - Thanks for the suggestion, I tried that but it still seems to cause the table to be broken at that point, presumably something in the table rendering gets upset. --- //[[gjw@iqx.co.uk|Justin Willey]] 2006-06-27 12:12//
>>>>It does work if you hide the text in each cell separately, rather than the row as a whole. The table then suppresses the effectively blank row automatically. e.g.:
|1.1.2 |stuff, more stuff |
>it would be a nice feature if the ifauth could be a coloured advertisement for groups(e.g. red) --- prom 2007-01-16
Recently made patch to add access check by user's IP ($_SERVER['REMOTE_ADDR']). Syntax:
Hello, dear user of our LAN!
--- syntax.php.orig 2005-09-26 09:42:06.000000000 +0300
+++ syntax.php 2007-10-10 15:38:56.000000000 +0300
@@ -15,6 +15,50 @@
* need to inherit from this class
*/
class syntax_plugin_ifauth extends DokuWiki_Syntax_Plugin {
+
+/**
+ * Function check`s if an ip address is inside the CIDR range specified
+ *
+ * Support`s CIDRs in format:
+ * 72.14.207.99/255.255.0.0
+ * 72.14.0.0/16
+ *
+ * @author chin [Yura Bogdanov] 2007
+ *
+ * @param string $addr
+ * @param string|array $cidrs
+ * @return bool
+ */
+ function matchCIDR($addr,$cidrs)
+ {
+ // If CIDR is not an array
+ if(!is_array($cidrs)) {
+ $cidrs = array($cidrs);
+ }
+
+ // Go through CIDRs list
+ foreach($cidrs as $cidr) {
+
+ list($ip,$mask) = explode("/",$cidr);
+
+ // If mask like 255.255.0.0
+ if(strpos(".",$mask)) {
+ $mask = 0xffffffff & ip2long($mask);
+ }
+ // Understand mask as decimal value (16)
+ else {
+ $mask = 0xffffffff << (int)$mask;
+ }
+
+ // Apply mask to both addresses and get the comparison result
+ if((ip2long($addr) & $mask) == (ip2long($ip) & $mask)) {
+ return TRUE;
+ }
+ }
+
+ // Match cdir not found
+ return FALSE;
+ }
/**
* return some info
@@ -124,6 +168,17 @@
}
// FIXME More complicated rules may be wanted. Currently any rule that matches for render overrides others.
+// Check by IP
+ if (substr($val,0,1)=="#") {
+ $val=substr($val,1);
+ if ($not==1 && !$this->matchCIDR($_SERVER['REMOTE_ADDR'],$val)) {
+ $rend=1;
+ }
+ if ($not==0 && $this->matchCIDR($_SERVER['REMOTE_ADDR'],$val)) {
+ $rend=1;
+ }
+ }
+
// If current user/group found in wanted groups/userid, then render.
if ($not==0 && in_array($val,$grps)) {
$rend=1;
--- //[[viperet@gmail.com|Vitaly Peretiatko]]//
This plugin doesn't work properly with newer versions. Please update. (If you go to my page, I'm trying to use it to hide the ad code for registered users and admins.) --- //[[http://ksd5.techaos.com/personal/wiki/user/ksd5|Siddharth Patil]]//
>Seems to work with **Anteater**. Great Plugin !!! --- Tested by Münchener 2011-10-13
==== Watch out for spaces! ====
I was baffled trying to figure out exactly how this works with multiple conditions, and rightly so. I tried using ''