PITS /

01201: Excluding members from AuthUser groups doesn't work

Summary: Excluding members from AuthUser groups doesn't work

Created: 2010-06-07 09:55

Status: Closed - fixed for 2.2.20

Category: Bug

From: Eemeli Aro

Assigned:

Priority: 5

Version: 2.2.x

Description: The AuthUser documentation states the following:

Group password memberships are maintained by editing the SiteAdmin.AuthUser page. To specify a password group that allows access to anyone who is authenticated, you can specify:

    @wholeoffice: *

If you need to keep "Fred" out of this password group :

    @wholeoffice: *,-Fred

The first form works, but the second one does nothing: Fred is not excluded from the @wholeoffice group.

To fix this, the following patch is required:

Index: authuser.php
===================================================================
--- authuser.php	(revision 2560)
+++ authuser.php	(working copy)
@@ -79,12 +79,12 @@
     $authlist[$g] = 1;
   foreach(preg_grep('/^@/', (array)@$auth['*']) as $g) 
     $authlist[$g] = 1;
-  foreach(preg_grep('/^@/', array_keys($auth)) as $g) 
-    if (in_array($authid, $auth[$g])) $authlist[$g] = 1;
   if ($auth['htgroup']) {
     foreach(AuthUserHtGroup($pagename, $id, $pw, $auth['htgroup']) as $g)
       $authlist["@$g"] = 1;
   }
+  foreach(preg_grep('/^@/', (array)@$auth["-$authid"]) as $g) 
+    unset($authlist[$g]);
   SessionAuth($pagename, array('authid' => $authid, 'authlist' => $authlist));
 }

The loop foreach(preg_grep('/^@/', array_keys($auth)) as $g) may be removed as it's useless: $auth cannot have keys starting with '@'.

The current bug will be fixed for 2.2.20. The feature request about adding user subgroups was moved to PITS:01232 (AuthUser: groups included in other groups). --Petko November 10, 2010, at 05:46 PM

Array ( [post_max_size] => 64M [$_POST keys] => [$_REQUEST keys] => n [$_SERVER] => Array ( [CONTEXT_DOCUMENT_ROOT] => /home/pmwiki/public_html [CONTEXT_PREFIX] => [DOCUMENT_ROOT] => /home/pmwiki/public_html [GATEWAY_INTERFACE] => CGI/1.1 [HTTPS] => on [HTTP_ACCEPT] => */* [HTTP_ACCEPT_ENCODING] => gzip, br, zstd, deflate [HTTP_COOKIE] => PHPSESSID=0i454asrr0ulefslg02bc18943; imstime=1777531646 [HTTP_HOST] => www.pmwiki.org [HTTP_REFERER] => https://www.pmwiki.org/PITS/01201 [HTTP_USER_AGENT] => Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) [HTTP_X_HTTPS] => 1 [PATH] => /bin:/usr/bin [PHP_INI_SCAN_DIR] => /opt/cpanel/ea-php70/root/etc:/opt/cpanel/ea-php70/root/etc/php.d:. [QUERY_STRING] => n=PITS%2f01201 [REDIRECT_HTTPS] => on [REDIRECT_QUERY_STRING] => n=PITS%2f01201 [REDIRECT_SCRIPT_URI] => https://www.pmwiki.org/wiki/PITS/01201 [REDIRECT_SCRIPT_URL] => /wiki/PITS/01201 [REDIRECT_SSL_TLS_SNI] => www.pmwiki.org [REDIRECT_STATUS] => 200 [REDIRECT_UNIQUE_ID] => afL7Egl-fWHRS2IE0-I1KgAAARE [REDIRECT_URL] => /wiki/PITS/01201 [REMOTE_ADDR] => 216.73.216.25 [REMOTE_PORT] => 34279 [REQUEST_METHOD] => GET [REQUEST_SCHEME] => https [REQUEST_URI] => /wiki/PITS/01201 [SCRIPT_FILENAME] => /home/pmwiki/public_html/index.php [SCRIPT_NAME] => /index.php [SCRIPT_URI] => https://www.pmwiki.org/wiki/PITS/01201 [SCRIPT_URL] => /wiki/PITS/01201 [SERVER_ADDR] => 23.254.203.248 [SERVER_ADMIN] => webmaster@pmwiki.org [SERVER_NAME] => www.pmwiki.org [SERVER_PORT] => 443 [SERVER_PROTOCOL] => HTTP/1.1 [SERVER_SIGNATURE] => [SERVER_SOFTWARE] => Apache [SSL_TLS_SNI] => www.pmwiki.org [TZ] => America/Los_Angeles [UNIQUE_ID] => afL7Egl-fWHRS2IE0-I1KgAAARE [PHP_SELF] => /index.php [REQUEST_TIME_FLOAT] => 1777531666.7527 [REQUEST_TIME] => 1777531666 [argv] => Array ( [0] => n=PITS%2f01201 ) [argc] => 1 ) )