====== IfAuth Plugin ====== ---- plugin ---- description: Set portion of page to be displayed/hidden for authorized group author : Otto Vainio email : otto@valjakko.net type : Syntax lastupdate : 2005-09-23 compatible : Frusterick Manners, 2009-12-25c, Anteater, Rincewind, Binky, Ponder Stibbons, Hrun, Greebo, !Hogfather depends : conflicts : similar : showif, condition, isauth, nodisp, ifauthex tags : acl, groups, hide, if, users downloadurl: http://koti.mbnet.fi/oiv/pubtest/ifauth.zip ---- ^ :!: There is a new plugin [[plugin:ifauthex|ifauthex]] which is actively updated. You may want to use it instead :!:\\ --- [[user>oiv|oiv]] //2019-01-11 23:22// ^ ===== Description ===== With this plugin you can set portion of page to be displayed/hidden for authorized user or group. The text is still on the page, but not displayed. For true hiding, you would have to use the nodisp or include plugin and set the appropriate ACLs. **Please note! The page is always set as not cached! So it will impact performance!** ==== Syntax ==== **Basic Syntax** * Just wrap the text, where the access authorization shall be checked with XML Style Tag \\ Text displayed if authorized * userName: the user listed is __allowed__ to see the text * @groupName: members of the group listed, are __allowed__ to see the text * !userName: everyone //except// the user listed with **!** is __allowed__ to see the text (This is //not// the same as saying the user listed is __NOT allowed__ to see the text. This condition does not restrict visibility to users authorized by previous rules. Every additional rule widens the number of users who can see the text.) * Any number of rules can be added to the list, but make sure there is no white space between a comma and an exclamation mark! The rules are OR'ed, so each additional rule expands the set of authorized viewers. **More Examples** ^ condition ^ text is visible ... ^ | **OK** | if oiv is in group @admin, to everybody;\\ otherwise to everyone in group @admin if oiv is not in it | | **OK** | same as above | | **OK** | only to user oiv | | **OK** | everybody who is //not// in group @admin | | **OK** | everybody who is //not// in group @admin,\\ and also to user oiv (whether he is in @admin or not) | | **OK** | everybody who //is// in group @admin,\\ and also to user oiv (whether he is in @admin or not) | | **OK** | everybody who is in group @admin, //and// everybody who is in group @other, //and// to user oiv | ==== Changes, Notes ==== > Added feature to add a list of users. The list works as OR. So that is any of the options are true, then the text is shown. > Now the plugin does not insert paragraph (

and

) marks around the text. >> Ok the removal of paragraph marks was broken. No should have better checks. >> --- //[[otto@valjakko.net|Otto Vainio]] 2005-09-26 08:46// >>> Removal of

tags is broken with latest version. Fix: >>> // Remove '\n

\n' from start and '\n

\n' from the end. if (stristr(substr($r,0,5),"\n

\n")) { $r = substr($r,5); } if (stristr(substr($r,-7),"\n\n

\n")) { $r = substr($r,0,strlen($r)-7); } $renderer->doc .= $r; --- SherriW 2009-02-04 >>> I have a fixed version if anyone needs it. >>> --- //[[mail@lukehowson.com|Luke Howson]] 2007-05-03// > And what about hide text from not authorized group? Like: //**OK**// > It will be useful... > Removal of

tags Needs to be fixed. Fix: > // Remove '\n

\n' from start and '\n

\n' from the end. if (stristr(substr($r,0,5),"\n

\n")) { $r = substr($r,5); } if (stristr(substr($r,-7),"\n\n

\n")) { $r = substr($r,0,-7); } if (stristr(substr($r,-6),"\n

\n")) { $r = substr($r,0,-6); $renderer->doc .= $r; --- Chris 2017-08-19 ===== Installation ===== Search and install the plugin using the [[plugin:extension|Extension Manager]]. Refer to [[:Plugins]] on how to install plugins manually. ==== Manually install ==== Create a new folder ''lib/plugin/ifauth/'' and place the following file in it: ''syntax.php''. ''lib/plugin/ifauth/syntax.php'': */ if(!defined('DOKU_INC')) define('DOKU_INC',realpath(dirname(__FILE__).'/../../').'/'); if(!defined('DOKU_PLUGIN')) define('DOKU_PLUGIN',DOKU_INC.'lib/plugins/'); require_once(DOKU_PLUGIN.'syntax.php'); /** * All DokuWiki plugins to extend the parser/rendering mechanism * need to inherit from this class */ class syntax_plugin_ifauth extends DokuWiki_Syntax_Plugin { /** * return some info */ function getInfo(){ return array( 'author' => 'Otto Vainio', 'email' => 'oiv-ifauth@valjakko.net', 'date' => '2005-09-23', 'name' => 'ifauth plugin', 'desc' => 'Show content at this time', 'url' => 'http://wiki.splitbrain.org/wiki:plugins', ); } /** * What kind of syntax are we? */ function getType(){ return 'substition'; } /** * Paragraph Type * * Defines how this syntax is handled regarding paragraphs. This is important * for correct XHTML nesting. Should return one of the following: * * 'normal' - The plugin can be used inside paragraphs * 'block' - Open paragraphs need to be closed before plugin output * 'stack' - Special case. Plugin wraps other paragraphs. * * @see Doku_Handler_Block */ function getPType() { return 'normal'; } function getSort(){ return 360; } function connectTo($mode) { $this->Lexer->addEntryPattern('(?=.*?\x3C/ifauth\x3E)',$mode,'plugin_ifauth'); } function postConnect() { $this->Lexer->addExitPattern('','plugin_ifauth'); } /** * Handle the match */ function handle($match, $state, $pos, Doku_Handler $handler){ switch ($state) { case DOKU_LEXER_ENTER : // remove $auth = trim(substr($match, 8, -1)); // explode wanted auths $aauth = explode(",",$auth); return array($state, $aauth); case DOKU_LEXER_UNMATCHED : return array($state, $match); case DOKU_LEXER_EXIT : return array($state, ''); } return array(); } /** * Create output */ function render($mode, Doku_Renderer $renderer, $data) { // ifauth stoes wanted user/group array global $ifauth; // grps hold curren user groups and userid global $grps; global $INFO; if($mode == 'xhtml'){ list($state, $match) = $data; switch ($state) { case DOKU_LEXER_ENTER : // Store wanted groups/userid $ifauth=$match; // Store current user info. Add '@' to the group names $grps=array(); if (is_array($INFO['userinfo'])) { foreach($INFO['userinfo']['grps'] as $val) { $grps[]="@" . $val; } } $grps[]=$_SERVER['REMOTE_USER']; break; case DOKU_LEXER_UNMATCHED : $rend=0; // Loop through each wanted user / group foreach($ifauth as $val) { $not=0; // Check negation if (substr($val,0,1)=="!") { $not=1; $val=substr($val,1); } // FIXME More complicated rules may be wanted. Currently any rule that matches for render overrides others. // If current user/group found in wanted groups/userid, then render. if ($not==0 && in_array($val,$grps)) { $rend=1; } // If user set as not wanted (!) or not found from current user/group then render. if ($not==1 && !in_array($val,$grps)) { $rend=1; } } if ($rend>0) { $r = p_render('xhtml',p_get_instructions($match),$info); // Remove '\n\n' from start and '\n\n' from the end. if (stristr(substr($r,0,5),"\n

\n")) { $r = substr($r,5); } if (stristr(substr($r,-7)," \n

\n")) { $r = substr($r,0,-7); } $renderer->doc .= $r; } $renderer->nocache(); break; case DOKU_LEXER_EXIT : break; } return true; } return false; } } ?> --- [[user>Juergen_aus_Zuendorf|Juergen_aus_Zuendorf]] //2018-02-06 17:44//\\ -> Changes for compatibility to PHP7:\\ "&$handler" and "&$renderer" to "Doku_Handler $handler" and "Doku_Renderer $renderer" ===== Discussion ===== >This plugin messes up the Header levels causing them to nest/indent improperly. I've also come across situations where it caused the section edit buttons to be located improperly, and function improperly. Anyone know how to fix that? EDIT: the [[plugin:outdent]] plugin can help with the indenting problem (but not the section edit button problem). I suspect the plugin needs to be written to run BEFORE the rest of the syntax on the page is parsed. >>To avoid this I use the [[include]] plugin as workaround: >>The part of the wiki page that should be hided has to be moved to another page and then be included by %%{{page>...}}%%. Then the section edit function can be used in the included page. >> --- [[user>Juergen_aus_Zuendorf|Juergen_aus_Zuendorf]] //2018-10-30 13:13// >What's happen if someone show source of page ? do they see the hidden text ? >> Yes they do. I should document that here. >> There was [[http://ktyp.com/dev/doku/dokuwiki/hacks/hidephp|this patch]] for older version of DokuWiki to not show PHP code if user was not logged in. Would be a nice feature to register your plugin so that you cannot see the source between your tags. --- //[[otto@valjakko.net|Otto Vainio]] 2005-09-23 14:50// >>> Sure wish email subscriptions were active for this page... --- //[[caylan@aero.und.edu|Caylan Larson]] 2005-10-05 17:13// > I was hoping to use this plugin to hide rows in a table (so users would see a filtered selection of rows relevant to them). However the table gets broken at the point that the tags are inserted. Is there any way round this. I can see that the problem might be in the table code rather than anything you can tackle! I can of course hide the text inside each cell in the table that that will look pretty odd :-D --- //[[gjw@iqx.co.uk|Justin Willey]] 2006-06-10 21:00// >> That __could__ be fixed by setting the sort number for the plugin lower than what table has. I cannot check this now. Will try next week. Or you can try it self also :-) --- //[[otto@valjakko.net|Otto Vainio]] 2006-06-10 13:19// >>> Hi - Thanks for the suggestion, I tried that but it still seems to cause the table to be broken at that point, presumably something in the table rendering gets upset. --- //[[gjw@iqx.co.uk|Justin Willey]] 2006-06-27 12:12// >>>>It does work if you hide the text in each cell separately, rather than the row as a whole. The table then suppresses the effectively blank row automatically. e.g.: |1.1.2|stuff, more stuff| >it would be a nice feature if the ifauth could be a coloured advertisement for groups(e.g. red) --- prom 2007-01-16 Recently made patch to add access check by user's IP ($_SERVER['REMOTE_ADDR']). Syntax: Hello, dear user of our LAN! --- syntax.php.orig 2005-09-26 09:42:06.000000000 +0300 +++ syntax.php 2007-10-10 15:38:56.000000000 +0300 @@ -15,6 +15,50 @@ * need to inherit from this class */ class syntax_plugin_ifauth extends DokuWiki_Syntax_Plugin { + +/** + * Function check`s if an ip address is inside the CIDR range specified + * + * Support`s CIDRs in format: + * 72.14.207.99/255.255.0.0 + * 72.14.0.0/16 + * + * @author chin [Yura Bogdanov] 2007 + * + * @param string $addr + * @param string|array $cidrs + * @return bool + */ + function matchCIDR($addr,$cidrs) + { + // If CIDR is not an array + if(!is_array($cidrs)) { + $cidrs = array($cidrs); + } + + // Go through CIDRs list + foreach($cidrs as $cidr) { + + list($ip,$mask) = explode("/",$cidr); + + // If mask like 255.255.0.0 + if(strpos(".",$mask)) { + $mask = 0xffffffff & ip2long($mask); + } + // Understand mask as decimal value (16) + else { + $mask = 0xffffffff << (int)$mask; + } + + // Apply mask to both addresses and get the comparison result + if((ip2long($addr) & $mask) == (ip2long($ip) & $mask)) { + return TRUE; + } + } + + // Match cdir not found + return FALSE; + } /** * return some info @@ -124,6 +168,17 @@ } // FIXME More complicated rules may be wanted. Currently any rule that matches for render overrides others. +// Check by IP + if (substr($val,0,1)=="#") { + $val=substr($val,1); + if ($not==1 && !$this->matchCIDR($_SERVER['REMOTE_ADDR'],$val)) { + $rend=1; + } + if ($not==0 && $this->matchCIDR($_SERVER['REMOTE_ADDR'],$val)) { + $rend=1; + } + } + // If current user/group found in wanted groups/userid, then render. if ($not==0 && in_array($val,$grps)) { $rend=1; --- //[[viperet@gmail.com|Vitaly Peretiatko]]// This plugin doesn't work properly with newer versions. Please update. (If you go to my page, I'm trying to use it to hide the ad code for registered users and admins.) --- //[[http://ksd5.techaos.com/personal/wiki/user/ksd5|Siddharth Patil]]// >Seems to work with **Anteater**. Great Plugin !!! --- Tested by Münchener 2011-10-13 ==== Watch out for spaces! ==== I was baffled trying to figure out exactly how this works with multiple conditions, and rightly so. I tried using ''''. Since I figured every user either belongs to the group @internal or does not, the text should always display. In fact, it remained invisible for users who were not in the group. It turned out that the problem was the space after the comma. When I changed the condition to '''', the text was displayed for all users. If this plugin is being maintained by anyone, the parser should be changed to ignore leading whitespace after the string is split on commas. --- Art Carlson, Max Planck Institute of Biochemistry, Germany, 2014-10-24