From 5446fe2341da04d7aaca01bbee6ef5f96236d612 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Tue, 11 Jul 2023 12:57:55 +0200
Subject: [PATCH] allow disabling the user validation

---
 helper.php | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/helper.php b/helper.php
index 0fa53c2..fcec561 100644
--- a/helper.php
+++ b/helper.php
@@ -15,6 +15,7 @@ class helper_plugin_attribute extends DokuWiki_Plugin
     public $success = false;
     protected $storepath = null;
     protected $cache = null;
+    protected $secure = true;
 
     /**
      * Constructor
@@ -35,6 +36,19 @@ public function __construct()
         $this->cache = array();
     }
 
+    /**
+     * Allows overriding the secure setting
+     *
+     * When set to false, no user validation checks are made.
+     *
+     * @param bool $secure
+     * @return void
+     */
+    public function setSecure($secure)
+    {
+        $this->secure = $secure;
+    }
+
     /**
      * Return info about supported methods in this Helper Plugin
      *
@@ -120,12 +134,16 @@ public function getMethods()
      * Otherwise the name of the logged in user is supplied. If no user is
      * logged in, null is returned.
      *
+     * This check can be disabled with the setSecure() method.
+     *
      * @param string $user
      *
      * @return null|string
      */
     private function validateUser($user)
     {
+        if(!$this->secure) return $user;
+
         // We need a special circumstance.  If a user is not logged in, but we
         // are performing a login, enable access to the attributes of the user
         // being logged in IF DIRECTLY SPECIFIED.