01201: Excluding members from AuthUser groups doesn't work
Description: The AuthUser documentation states the following:
Group password memberships are maintained by editing the SiteAdmin.AuthUser page. To specify a password group that allows access to anyone who is authenticated, you can specify:
@wholeoffice: *
If you need to keep "Fred" out of this password group :
@wholeoffice: *,-Fred
The first form works, but the second one does nothing: Fred is not excluded from the @wholeoffice
group.
To fix this, the following patch is required:
Index: authuser.php =================================================================== --- authuser.php (revision 2560) +++ authuser.php (working copy) @@ -79,12 +79,12 @@ $authlist[$g] = 1; foreach(preg_grep('/^@/', (array)@$auth['*']) as $g) $authlist[$g] = 1; - foreach(preg_grep('/^@/', array_keys($auth)) as $g) - if (in_array($authid, $auth[$g])) $authlist[$g] = 1; if ($auth['htgroup']) { foreach(AuthUserHtGroup($pagename, $id, $pw, $auth['htgroup']) as $g) $authlist["@$g"] = 1; } + foreach(preg_grep('/^@/', (array)@$auth["-$authid"]) as $g) + unset($authlist[$g]); SessionAuth($pagename, array('authid' => $authid, 'authlist' => $authlist)); }
The loop foreach(preg_grep('/^@/', array_keys($auth)) as $g)
may be removed as it's useless: $auth
cannot have keys starting with '@'
.
The current bug will be fixed for 2.2.20. The feature request about adding user subgroups was moved to PITS:01232 (AuthUser: groups included in other groups). --Petko November 10, 2010, at 05:46 PM