Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add option to restrict users/groups that can autocomplete usernames #695

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Add option to restrict users/groups that can autocomplete usernames #695

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
624b85e
Add option to restrict users/groups that can autocomplete usernames
cmacmackin Dec 2, 2023
2571beb
Removed todo that has been addressed
cmacmackin Dec 2, 2023
dc17240
Code formatting
cmacmackin Dec 2, 2023
d2ce449
More code formatting
cmacmackin Dec 2, 2023
78f02c8
Avoid accessing the $conf global directly
cmacmackin Dec 11, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 28 additions & 1 deletion _test/types/UserTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,19 @@ public function test_validate_success()

public function test_ajax()
{
global $INPUT;
global $INFO, $INPUT, $USERINFO;
include(__DIR__ . '/../../conf/default.php');
$default_allow_autocomplete = $conf['allow_username_autocomplete'];
unset($conf);

global $conf;
$conf['plugin']['struct']['allow_username_autocomplete'] = $default_allow_autocomplete;
$_SERVER['REMOTE_USER'] = 'john';
$USERINFO['name'] = 'John Smith';
$USERINFO['mail'] = '[email protected]';
$USERINFO['grps'] = ['user', 'test'];
//update info array
$INFO['userinfo'] = $USERINFO;

$user = new User(
[
Expand All @@ -56,6 +68,21 @@ public function test_ajax()
$INPUT->set('search', 'd'); // under mininput
$this->assertEquals([], $user->handleAjax());

// Check restrictions on who can access username data are respected
$conf['plugin']['struct']['allow_username_autocomplete'] = 'john';
$INPUT->set('search', 'dent');
$this->assertEquals([['label' => 'Arthur Dent [testuser]', 'value' => 'testuser']], $user->handleAjax());

$conf['plugin']['struct']['allow_username_autocomplete'] = '@user';
$INPUT->set('search', 'dent');
$this->assertEquals([['label' => 'Arthur Dent [testuser]', 'value' => 'testuser']], $user->handleAjax());

$conf['plugin']['struct']['allow_username_autocomplete'] = '@not_in_group,not_this_user';
$INPUT->set('search', 'dent');
$this->assertEquals([], $user->handleAjax());

$conf['plugin']['struct']['allow_username_autocomplete'] = $default_allow_autocomplete;

$user = new User(
[
'autocomplete' => [
Expand Down
1 change: 1 addition & 0 deletions conf/default.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,4 @@
$conf['topoutput'] = 0;
$conf['disableDeleteSerial'] = 0;
$conf['show_not_found'] = 1;
$conf['allow_username_autocomplete'] = '@ALL';
1 change: 1 addition & 0 deletions conf/metadata.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,4 @@
$meta['topoutput'] = ['onoff'];
$meta['disableDeleteSerial'] = ['onoff'];
$meta['show_not_found'] = ['onoff'];
$meta['allow_username_autocomplete'] = ['string'];
1 change: 1 addition & 0 deletions lang/en/settings.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,4 @@
$lang['topoutput'] = 'Display data at the top of the page';
$lang['disableDeleteSerial'] = 'Disable delete button for serial data';
$lang['show_not_found'] = 'Show the default text when no results are returned for struct value syntax';
$lang['allow_username_autocomplete'] = 'Group, user or comma separated list user1,@group1,user2 to offer autocomplete suggestions for username data';
12 changes: 12 additions & 0 deletions types/AbstractBaseType.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -545,6 +545,18 @@ public function getLang($string)
return $this->hlp->getLang($string);
}

/**
* Convenience method to access plugin configurations
*
* @param string $string
* @return string
*/
public function getConf($string)
{
if (is_null($this->hlp)) $this->hlp = plugin_load('helper', 'struct');
return $this->hlp->getConf($string);
}

/**
* With what comparator should dynamic filters filter this type?
*
Expand Down
13 changes: 12 additions & 1 deletion types/User.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,18 +60,29 @@ public function renderValue($value, \Doku_Renderer $R, $mode)
* Autocompletion for user names
*
* @return array
* @todo should we have any security mechanism? Currently everybody can look up users
*/
public function handleAjax()
{
/** @var AuthPlugin $auth */
global $auth;
global $INPUT;
global $_SERVER;
global $USERINFO;

if (!$auth->canDo('getUsers')) {
return [];
}

if (
!auth_isMember(
$this->getConf('allow_username_autocomplete'),
$_SERVER['REMOTE_USER'],
(array) $USERINFO['grps']
)
) {
return [];
}

// check minimum length
$lookup = trim($INPUT->str('search'));
if (PhpString::strlen($lookup) < $this->config['autocomplete']['mininput']) return [];
Expand Down
Loading