Not logged in. · Lost password · Register
Forum: General Help and Support Templates and Layout RSS
Sidebar not being protected by ACL (bootstrap3 template)
Avatar
brentn #1
Member since Feb 2018 · 3 posts
Group memberships: Members
Show profile · Link to this post
Subject: Sidebar not being protected by ACL (bootstrap3 template)
I currently have a wiki setup with the Vector template which supports "Closed Wiki." The benefit to that is the links I have in the sidebar that point to pages that are protected with ACLs don't even show up in the sidebar until someone logs in.

I'm trying to recreate something similar with the sidebar and the bootstrap3 template and it appears that the sidebar isn't being checked against ACLs. My goal is to only show the sidebar when someone is logged in. For the purpose of showing my issue I have kept it very simple.

Config:
config»sidebar = :internal:sidebar
tpl»bootstrap3»sidebarPosition = left

ACL:
Namespace *. @ALL. Permission: Read. This allows users that aren't logged in to see everything in the root namespace.
Namespace internal:*. @ALL. Permission: None. This should lock everyone out of anything in the internal namespace, which is where my sidebar is configured at.

Expected behavior: If I browse to the site and I'm not logged in I should see the main page but no sidebar.

Actual behavior: Browsing to the main page allows me to see the sidebar even though I'm not logged in. Browsing manually to http://mywiki.com/internal/sidebar does give me permission denied, so the ACL itself is working.

I have never done anything with dokuwiki's underlying code or plugin/template creation but I know PHP. I did a quick dig through the bootstrap3 template source and found tpl_functions.php and the following switch case:

case 'showSidebar':
      if ($ACT !== 'show') return false;
      if (bootstrap3_conf('showLandingPage')) return false;
      return page_findnearest($conf['sidebar'], bootstrap3_conf('useACL'));

That seems to indicate that it is loading the sidebar with ACL rules, but I could be looking in the completely wrong place since I haven't looked in to any of the development docs. This seems like a security issue/bug, but I wanted to post and see if anyone has any ideas. Thanks.

Brent
Avatar
turnermm (Moderator) #2
Member since Oct 2009 · 4688 posts · Location: Canada
Group memberships: Global Moderators, Members, Super Mods
Show profile · Link to this post
Perhaps you are aware of this:  the template page shows that there is a config option to turn acl on/off for sidebars.  It defaults to off.
Myron Turner
github: https://github.com/turnermm
plugins, templates: http://www.mturner.org/devel
Avatar
brentn #3
Member since Feb 2018 · 3 posts
Group memberships: Members
Show profile · Link to this post
Quote by turnermm:
Perhaps you are aware of this:  the template page shows that there is a config option to turn acl on/off for sidebars.  It defaults to off.

I... was not aware. Haha. I'm not sure how I missed that in all my searching for the words "acl" or "sidebar." Thank you! That solved it.

tpl»bootstrap3»useACL.
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Go to forum
Imprint
This board is powered by the Unclassified NewsBoard software, 20150713-dev, © 2003-2015 by Yves Goergen
Current time: 2019-08-21, 07:05:41 (UTC +02:00)