Modify ACL to allow child pages to use parent's ACL

[gklaus@…]

Setup the ACL system to allow child pages to either check parent's ACL or, when creating a new page, to copy the parent's ACL to itself, thereby enforcing a protected environment.

Currently, you must implicitly set the ACL on each new page. We have some documents on an intranet site that should only be accesible by administrators. If a user creates a new page and forgets to set the ACL, any valid user can read that page, thereby by-passing our security.

This ticket is also referenced by #217

Additional clarification: This ticket actually refers to a couple of different, but related, concepts:
1. The cloning of ACLs from a source page (addressed in #217).
2. Using the ACL settings of an existing page for the ACLs of a different page.
3. ACL "template" pages that could be used to specify the ACLs for another page.

[dartar]

The problem is that there is no such thing as a parent-child relationship between pages in Wikka. The wiki has a flat structure, hence I don't quite see how you would implement this feature.

[NilsLindenberg]

The only thing I can thing about is to change the newpage-action and the clone handler so that it is possible to set the acls while creating/cloning a page.

[BrianKoontz]

Here's a patch that will optionally copy the ACLs from the source page to the new page when cloning a page. I believe the discussion of whether a wiki is flat or hierarchical is a moot point: It's a more a matter of convenience and of ensuring a "safe" set of ACLs in the case of new users who might not remember to set ACLs correctly on newly formed pages.

--- clone.php	2006/03/11 05:26:01	1.1
+++ clone.php	2006/03/11 06:03:04
@@ -29,6 +29,8 @@
  * 
  * @input             boolean $editoption optional: if true, the new page will be opened for edition on creation
  *                            default is false (to allow multiple cloning of the same source)
+ * @input             boolean $cloneaclsoption optional: if true, ACLs will be copied from the source page to the new page
+ *                            default is false
  *
  * @todo              Use central library for valid pagenames.
  *        
@@ -39,6 +41,7 @@
 $to = $this->tag;
 $note = 'Cloned from '.$from; #i18n
 $editoption = ''; 
+$cloneaclsoption = '';
 $box = 'Please fill in a valid target ""PageName"" and an (optional) edit note.'; #i18n
 
 // print header
@@ -65,6 +68,8 @@
 			$to = ($_POST['to'])? $_POST['to'] : $to;
 			$note = ($_POST['note'])? $_POST['note'] : $note;
 			$editoption = (isset($_POST['editoption']))? 'checked="checked"' : '';
+			$cloneaclsoption = (isset($_POST['cloneaclsoption']))? 'checked="checked"' : '';
+
 		
 			// 3. check target pagename validity
 			if (!preg_match("/^[A-Zƒ÷‹]+[a-zfl‰ˆ¸]+[A-Z0-9ƒ÷‹][A-Za-z0-9ƒ÷‹fl‰ˆ¸]*$/s", $to)) 
@@ -90,6 +95,17 @@
 						$thepage=$this->LoadPage($from); # load the source page
 						if ($thepage) $pagecontent = $thepage['body']; # get its content
 						$this->SavePage($to, $pagecontent, $note); #create target page
+                        // Clone ACLs if requested
+                        if($cloneaclsoption == 'checked="checked"')
+                        {
+                            $read_acl = $this->LoadACL($from, "read", 0);
+                            $write_acl = $this->LoadACL($from, "write", 0);
+                            $comment_acl = $this->LoadACL($from, "comment", 0);
+                            $this->SaveACL($to, "read", $this->TrimACLs($read_acl["read_acl"]));
+                            $this->SaveACL($to, "write", $this->TrimACLs($write_acl["write_acl"]));
+                            $this->SaveACL($to, "comment", $this->TrimACLs($comment_acl["comment_acl"]));
+                        }
+                        // Open editor if requested
 						if ($editoption == 'checked="checked"')
 						{
 							// quick edit
@@ -118,6 +134,11 @@
 			'<td></td>'.
 			'<td>'.
 			'<input type="checkbox" name="editoption" '.$editoption.' /> Edit after creation '.
+            '<input type="checkbox" name="cloneaclsoption" '.$cloneaclsoption.' /> Clone ACLs '.
+            '</tr>'.
+            '<tr>'.
+            '<td></td>'.
+            '<td>'.
 			'<input type="submit" name="create" value="Clone" />'.
 			'</td>'.
 			'</tr>'.

[BrianKoontz]

I'm wondering whether the original reporter was referring to the clone process when the submitter talks about "creating a new page." If security is an issue upon page creation, than a secure set of default ACLs should be set in the wikka.config.php #189 addresses the case where the user clones a page and wishes to duplicate the ACLs of the "donor" page. Am I missing any other cases?

[BrianKoontz]

No longer an issue, since #189 permits the cloning of ACLs when creating new pages.

[MasinAlDujaili]

Well, I'm really looking forward to see #139 implemented - ACL cloning during page cloning is nice, but what my users and I really need is inheriting the ACL of the page the new page is created from. I don't want any structure in the wiki, just copying the ACL of one page to the newly created page. And I don't see #189 address this problem ...

It can't be that hard to check during creation what the ACL of the referring page is and apply those to the new page ...

[DarTar]

I see your point, maybe (and apart from your suggestion) it would be useful to allow an extra magic keyword for default ACL like (owner), this would allow for instance to automatically make newly created pages viewable, editable or commentable by the initial creator of the page?

[MasinAlDujaili]

Furthermore, I'd suggest a mechanism for putting configurations in template and other pages, e.g.

{{child_acl read="%owner%,EditorsGroup" write="%owner%", comment="%owner%,EditorsGroup" owner="%current_user%" onclone="yes" onlink="yes"}}

which will be applied to pages cloned from this page or created through edit links from this page (hope, you get the point). I assume, the edit page handler should somehow be modified to allow passing of ACL settings -- I currently work on this.

[MasinAlDujaili]

The initial problem is now solved. The solution is optimizable but works. See  http://wikkawiki.org/InheritACL

The handler/page/edit.php now allows passing of additional arguments. It accepts via GET the argument 'page', which must be a valid page in the Wiki. The ACLs from this page are retrieved and displayed in the edit screen for review and furher modification. These ACLs will now be POSTed through the process as arguments 'read_acl', 'write_acl' and 'comment_acl'. I guess, it might be possible to directly post those values, e.g. via newpage action.

[BrianKoontz]

Bumped to milestone 1.1.7.1.