--- D:\devel\src\TWikiBeijingRelease\bin\view Thu Jan 30 15:21:26 2003 +++ bin/view Sun Jul 13 23:26:30 2003 @@ -32,18 +32,48 @@ &main(); # Uncomment the body of either routine to enable debugging + +# ========================= sub writeDebug { my( $text ) = @_; # TWiki::writeDebug( $text ); } +# ========================= sub writeDebugTimes { my( $text ) = @_; # TWiki::writeDebugTimes( $text ); } +# ========================= +sub tryEnterAuthMode +{ + my ( $theQuery, $theWeb, $theTopic ) = @_; + + my $myViewauthFile = $ENV{'SCRIPT_FILENAME'}; + my $substdone = ( $myViewauthFile =~ + s|/view\Q$TWiki::scriptSuffix\E$|/viewauth$TWiki::scriptSuffix| ); + my $remoteuser = $theQuery->remote_user(); + if( $substdone && ( ! $remoteuser ) && (-e $myViewauthFile ) ) { + # try again with authenticated viewauth script + # instead of non authenticated view script + my $url = $ENV{"REQUEST_URI"}; + if( $url ) { + # $url i.e. is "/twiki/bin/view.cgi/Web/Topic + $url =~ s|\Q$TWiki::scriptUrlPath\E/view|$TWiki::scriptUrlPath/viewauth|; + $url = "$TWiki::urlHost$url"; + } else { + $url = "$TWiki::urlHost$TWiki::scriptUrlPath/$myViewauthFile/$theWeb/$theTopic"; + } + TWiki::redirect( $theQuery, $url ); + return 1; + } + + return 0; +} + sub main { my $query= new CGI; @@ -113,11 +143,30 @@ # code simpler and performance impact should be minimal my $topicExists = &TWiki::Store::topicExists( $webName, $topic ); if( $topicExists ) { + # Topic is read in "internal" mode (no access check), since permissions + # are checked right here, and topic text must be unaltered for this. if( $viewRaw ) { - $text = &TWiki::Store::readTopicRaw( $webName, $topic ); + $text = &TWiki::Store::readTopicRaw( $webName, $topic, "", 1 ); } else { - ( $meta, $text ) = &TWiki::Store::readTopic( $webName, $topic ); + ( $meta, $text ) = &TWiki::Store::readTopic( $webName, $topic, 1 ); } + + # topic access check + if( ! &TWiki::Access::checkAccessPermission( + "view", $wikiUserName, $text, $topic, $webName ) ) { + # topic read access denied, maybe the user is still not authenticated? + if( tryEnterAuthMode( $query, $webName, $topic ) ) { + # redirect done + return; + } else { + # no chance to authenticate, so report "access denied" + my $url = &TWiki::getOopsUrl( $webName, $topic, "oopsaccessview" ); + TWiki::redirect( $query, $url ); + return; + } + } + writeDebugTimes( "view - checked topic access permissions" ); + ( $revdate, $revuser, $maxrev ) = &TWiki::Store::getRevisionInfoFromMeta( $webName, $topic, $meta, "isoFormat" ); writeDebug( "maxrev = $maxrev" ); @@ -264,35 +313,17 @@ $tmpl =~ s/%CURRREV%/1.$rev/go; $tmpl =~ s|( ?) *\n?|$1|gois; # remove tags (PTh 06 Nov 2000) - # check access permission - my $viewAccessOK = &TWiki::Access::checkAccessPermission( "view", $wikiUserName, $text, $topic, $webName ); + # included topics access check if( $TWiki::readTopicPermissionFailed ) { - # Can't read requested topic and/or included (or other accessed topics - # user could not be authenticated, may be not logged in yet? - my $viewauthFile = $ENV{'SCRIPT_FILENAME'}; - $viewauthFile =~ s|/view|/viewauth|o; - if( ( ! $theRemoteUser ) && (-e $viewauthFile ) ) { - # try again with authenticated viewauth script - # instead of non authenticated view script - my $url = $ENV{"REQUEST_URI"}; - if( $url ) { - # $url i.e. is "twiki/bin/view.cgi/Web/Topic?cms1=val1&cmd2=val2" - $url =~ s|/view|/viewauth|o; - $url = "$TWiki::urlHost$url"; - } else { - $url = "$TWiki::urlHost$scriptUrlPath/$viewauthFile/$webName/$topic"; - } - TWiki::redirect( $query, $url ); + # can't some accessed topic, maybe the user is still not authenticated? + if( tryEnterAuthMode( $query, $webName, $topic ) ) { + # redirect done return; } - } - if( ! $viewAccessOK ) { - my $url = &TWiki::getOopsUrl( $webName, $topic, "oopsaccessview" ); - TWiki::redirect( $query, $url ); - return; - } - writeDebugTimes( "view - checked access permissions" ); + # no chance to authenticate, so continue with those unreadable topics + } + writeDebugTimes( "view - checked includes' access permissions" ); # Write header based on "contenttype" parameter, used to produce # MIME types like text/plain or text/xml, e.g. for RSS feeds.