From 0243f370ae2e2188ea9bec4d859b5ee8f0c17817 Mon Sep 17 00:00:00 2001
From: Mischa POSLAWSKY <perl@shiar.org>
Date: Thu, 24 Oct 2019 05:31:40 +0200
Subject: [PATCH] auth: admin edit permissions for page (sub)directories

Allow edit parameters to match parent directories; for example "edit doc"
to maintain all but only documents.
---
 auth.inc.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/auth.inc.php b/auth.inc.php
index 7ece635..aceb2de 100644
--- a/auth.inc.php
+++ b/auth.inc.php
@@ -43,9 +43,11 @@ class User
 			if (!$this->admin) {
 				return FALSE;  # empty results
 			}
-			@list ($rootlevel, $sublevel) = explode(' ', $permission);
-			if ($sublevel and isset($this->admin[$rootlevel])) {
-				return TRUE;  # root match
+			preg_match_all('{[ /]}', $permission, $parts, PREG_OFFSET_CAPTURE);
+			foreach ($parts[0] as $part) {
+				if (isset($this->admin[substr($permission, 0, $part[1])])) {
+					return TRUE;  # partial match
+				}
 			}
 			return isset($this->admin[$permission]);  # check level
 		}
-- 
2.30.0