====== IP Group Plugin ======
---- plugin ----
description: Allows administrators to map (anonymous) users from specified networks to a single group.
author : Forschungsgemeinschaft elektronische Medien e.V. (Sascha Bendix, Marcel Pennewiß, Peter Große, Jonas Licht)
email : webserver@fem.tu-ilmenau.de
type : admin, action
lastupdate : 2021-04-18
compatible : Hogfather
depends :
conflicts :
similar : iptrust
tags : acl, groups, ip
downloadurl: https://gitlab.fem-net.de/technik/dokuwiki-ipgroup/-/archive/master/dokuwiki-ipgroup-master.zip
sourcerepo : https://gitlab.fem-net.de/technik/dokuwiki-ipgroup
----
This plugin allows administrators to map (anonymous) users to a group. Users accessing the wiki from the specified network will be added to the given virtual group.
===== Download =====
Search and install the plugin using the [[plugin:extension|Extension Manager]]. Refer to [[:Plugins]] on how to install plugins manually.
===== Changes =====
* use plugin for RSS-Feeds (2011/04/07) \\ (purge of feedcache is recommend: find data/cache/ -name *.feed | xargs rm)
* use plugin for AJAX-based search (2011/05/22)
* use plugin for Media-Manager (2011/10/19)
* use plugin for Media-Details (2011/11/09)
* fixed errormessage with empty config file (2011/11/14, thx to Marc Theilhaber)
* add compatibility with newer DokuWiki versions (2021/04/18)
===== Known Issues =====
==== Media Access ====
The plugin did not work for media/file access (depends on [[http://bugs.dokuwiki.org/index.php?do=details&task_id=2103|Bug #2103]]) and media details. (This bug has gone un-included for years. please bug the devs if you find this useful!)
> In the release 2014-05-05 "Ponder Stibbons" this feature is implemented. --- [[user>Klap-in|Klap-in]] //2014/02/27//
>> Seems not working to me... Still had to patch manually - dan
>> same for me... even in 2014-05-05a its not working for me... Is someone outside where its working?- mrlight 2014/07/05
=== Solution/Patches ===
* Download from [[http://subversion.fem.tu-ilmenau.de/websvn/wsvn/dokuwiki/patches/|Subversion-Repository]]
* **PROBLEM**: Webpage request Authentication, no use to public. --- [[user>einhirn|Christian Marg]] //2012/04/03 10:38//
* **SOLVED**: use http instead of https. Thx! --- [[user>mape2k|Marcel Pennewiß]] //2012/08/08 12:16//
== fetch.php.patch ==
--- lib/exe/fetch.php.old 2011-01-16 19:04:09.000000000 +0100
+++ lib/exe/fetch.php 2011-06-20 21:04:34.993547069 +0200
@@ -27,6 +27,10 @@
$DL = true;
}
+ $evt = new Doku_Event('MEDIA_SENDFILE_PREPROCESS', $data);
+ if (!$evt->advise_before())
+ exit;
+
// check for permissions, preconditions and cache external files
list($STATUS, $STATUSMESSAGE) = checkFileStatus($MEDIA, $FILE);
== detail.php.patch ==
--- lib/exe/detail.php.orig 2011-11-09 20:57:56.845166714 +0100
+++ lib/exe/detail.php 2011-10-20 12:29:14.442462847 +0200
@@ -5,6 +5,10 @@
//close session
session_write_close();
+$evt = new Doku_Event('MEDIA_DETAIL_PREPROCESS', $data);
+if (!$evt->advise_before())
+ exit;
+
$IMG = getID('media');
$ID = cleanID($_REQUEST['id']);
== ipgroup-action.php.patch ==
--- lib/plugins/ipgroup/action.php.orig 2011-11-09 20:52:43.280744547 +0100
+++ lib/plugins/ipgroup/action.php 2011-11-09 20:55:05.626565921 +0100
@@ -36,6 +36,8 @@
$controller->register_hook('FEED_OPTS_POSTPROCESS', 'BEFORE', $this, 'start');
$controller->register_hook('SEARCH_QUERY_PAGELOOKUP', 'BEFORE', $this, 'start');
$controller->register_hook('MEDIAMANAGER_STARTED', 'BEFORE', $this, 'start');
+ $controller->register_hook('MEDIA_SENDFILE_PREPROCESS', 'BEFORE', $this, 'start');
+ $controller->register_hook('MEDIA_DETAIL_PREPROCESS', 'BEFORE', $this, 'start');
}
function start(&$event, $param) {
==== Ignored user-specific rights ====
User-specific rights are ignored if the plugin is used.
=== Solution/Patches ===
--- action.php.old 2013-06-04 13:53:47.564281400 +0200
+++ action.php 2013-06-04 13:54:20.582312301 +0200
@@ -83,7 +83,7 @@
// Overwrite Permissions
$GLOBALS['USERINFO']['grps'] = $grps;
- $GLOBALS['INFO']['perm'] = auth_aclcheck($GLOBALS['ID'],'', $grps);
+ $GLOBALS['INFO']['perm'] = auth_aclcheck($GLOBALS['ID'],$_SERVER['REMOTE_USER'], $grps);
// Overwrite writable/editable-flags (as done in lib/common.php/pageinfo():137 before)
if($GLOBALS['INFO']['exists']){
===== How to use =====
As an example we will create a separate group that has read access everywhere based upon an IP address.
Make sure you are an administrator and install the package with the Extension Manager on the Admin page (you can find the Admin screen by clicking on 'Admin' at the top, just right of your name).
After installation, on the Admin screen , an additional entry ''IPGroup Manager'' appears.
First we create a group with the name ''lan'' and read rights to all data in the wiki : Open the Amdin panel and go to the "Access Control List Management" screen. In the left panel select [root] as we want to apply this group to everything. At the right, in the empty case right of the Group pull down selector, you can enter the name of a new group you want to create. Enter ''lan'' and press ''Select''. You should use lower case for the group name as the system seems to convert upper case to lower case. Then a radio button list appears, where you can select 'None / Read / Edit ...' for this new group. Select 'Read' and press 'Save'. \\
A new group with the name @lan and read access to root (and everything below) is created, and you can see the group listed at the bottom of the screen.
Now we must tell the system that everybody with a certain IP address is member of this group. Go again to the Admin screen and click ''IPGroup Manager''. Here you can enter a group name and an IP range. For the group name, enter ''lan'' (lower case, do not add the ''@'' sign), and the IP range (eg 10.100.0.0/16 for everybody in the 10.100.0.0 .. 10.100.255.255 range) and click save.