Advertisement
Guest User

MediaWiki 1.20.2 extension AccessControl fix

a guest
Jan 3rd, 2013
395
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 12.28 KB | None | 0 0
  1. <?php
  2.  
  3. /* MediaWiki extension that enables group access restriction on a page-by-page
  4.  * basis contributed by Martin Mueller (http://blog.pagansoft.de) based into
  5.  * version 1.3 on accesscontrol.php by Josh Greenberg.
  6.  * Version 2.0 for MediaWiki >= 1.18 rewrited completly by Aleš Kapica.
  7.  * @package MediaWiki
  8.  * @subpackage Extensions
  9.  * @author Aleš Kapica
  10.  * @copyright 2008-2012 Aleš Kapica
  11.  * @licence GNU General Public Licence
  12.  */
  13.  
  14. if( !defined( 'MEDIAWIKI' ) ) {
  15.     echo ( "This file is an extension to the MediaWiki software and cannot be used standalone.\n" );
  16.     die();
  17. }
  18.  
  19. // sysop users can read all restricted pages
  20. $wgAdminCanReadAll = true;
  21.  
  22. $wgExtensionCredits['specialpage']['AccessControl'] = array(
  23.     'name'                  => 'AccessControlExtension',
  24.     'author'                => array( 'Aleš Kapica' ),
  25.     'url'                   => 'http://www.mediawiki.org/wiki/Extension:AccessControl',
  26.     'version'               => '2.1',
  27.     'description'           => 'Access control based on users lists. Administrator rights need not be for it.',
  28.     'descriptionmsg'        => 'accesscontrol-desc',
  29. );
  30.  
  31. $wgHooks['ParserFirstCallInit'][] = 'wfAccessControlExtension' ;
  32.  
  33. $dir = dirname( __FILE__ ) . '/';
  34. $wgExtensionMessagesFiles['AccessControl'] = $dir . 'AccessControl.i18n.php';
  35.  
  36.  
  37. //Hook the userCan function for bypassing the cache
  38. $wgHooks['userCan'][] = 'hookUserCan';
  39.  
  40. function wfAccessControlExtension( Parser $parser ) {
  41.     /* This the hook function adds the tag <accesscontrol> to the wiki parser */
  42.     $parser->setHook( "accesscontrol", "doControlUserAccess" );
  43.     return true;
  44. }
  45.  
  46. function doControlUserAccess( $input, array $args, Parser $parser, PPFrame $frame ) {
  47.     /* Funcion called by wfAccessControlExtension */
  48.     return displayGroups();
  49. }
  50.  
  51. function accessControl( $obsahtagu ){
  52.     $accessgroup = Array( Array(), Array() );
  53.     $listaccesslist = explode( ",", $obsahtagu );
  54.     foreach ( $listaccesslist as $accesslist ) {
  55.         if ( strpos( $accesslist, "(ro)" ) !== false ) {
  56.             $accesslist = trim( str_replace( "(ro)", "", $accesslist ) );
  57.             $group = makeGroupArray( $accesslist );
  58.             $accessgroup[1] = array_merge( $accessgroup[1], $group[0] );
  59.             $accessgroup[1] = array_merge( $accessgroup[1], $group[1] );
  60.             /* add group to array */
  61.             $accessgroup[1] = array_merge( $accessgroup[0], array($accesslist) );
  62.         } else {
  63.             $accesslist = trim( $accesslist );
  64.             $group = makeGroupArray ($accesslist );
  65.             $accessgroup[0] = array_merge( $accessgroup[0], $group[0] );
  66.             $accessgroup[1] = array_merge( $accessgroup[1], $group[1] );
  67.             /* add group to array */
  68.             $accessgroup[0] = array_merge( $accessgroup[0], array($accesslist) );
  69.         }
  70.     }
  71.     return $accessgroup;
  72. }
  73.  
  74. function makeGroupArray( $accesslist ) {
  75.     /* Function returns array with two lists.
  76.         First is list full access users.
  77.         Second is list readonly users. */
  78.     $userswrite = Array();
  79.     $usersreadonly = Array();
  80.     $users = getUsersFromPages( $accesslist );
  81.     foreach ( array_keys( $users ) as $user ) {
  82.         switch ( $users[$user] ) {
  83.             case 'read':
  84.                 $usersreadonly[] = $user;
  85.                 break;
  86.             case 'edit':
  87.                 $userswrite[] = $user;
  88.                 break;
  89.         }
  90.     }
  91.     return array( $userswrite , $usersreadonly );
  92. }
  93.  
  94. function displayGroups() {
  95.     /* Function replace the tag <accesscontrol> and his content, behind info about a protection this the page */
  96.     $style = "<p id=\"accesscontrol\" style=\"text-align:center;color:#BA0000;font-size:8pt\">";
  97.     $text = wfMsg( 'accesscontrol-info' );
  98.     $style_end = "</p>";
  99.     $wgAllowInfo = $style . $text . $style_end;
  100.     return $wgAllowInfo;
  101. }
  102.  
  103. function getContentPage( $title ) {
  104.     /* Function get content the page identified by title object from database */
  105.     $Title = new Title();
  106.     $gt = $Title->makeTitle( 0, $title );
  107.     // create Article and get the content
  108.     $contentPage = new Article( $gt, 0 );
  109.     return $contentPage->fetchContent( 0 );
  110.     }
  111.  
  112. function getTemplatePage( $template ) {
  113.     /* Function get content the template page identified by title object from database */
  114.     $Title = new Title();
  115.     $gt = $Title->makeTitle( 10, $template );
  116.     //echo '<!--';
  117.     //print_r($gt);
  118.     //echo '-->';
  119.     // create Article and get the content
  120.     $contentPage = new Article( $gt, 0 );
  121.     return $contentPage->fetchContent( 0 );
  122.     }
  123.  
  124. function getUsersFromPages( $skupina ) {
  125.     /* Extracts the allowed users from the userspace access list */
  126.     $allowedAccess = Array();
  127.     $allow = Array();
  128.     $Title = new Title();
  129.     $gt = $Title->makeTitle( 0, $skupina );
  130.     // create Article and get the content
  131.     $groupPage = new Article( $gt, 0 );
  132.     $allowedUsers = $groupPage->fetchContent( 0 );
  133.     $groupPage = NULL;
  134.     $usersAccess = explode( "\n", $allowedUsers );
  135.     foreach  ($usersAccess as $userEntry ) {
  136.         $userItem = trim( $userEntry );
  137.         if ( substr( $userItem, 0, 1 ) == "*" ) {
  138.             if ( strpos( $userItem, "(ro)" ) === false ) {
  139.                 $user = trim( str_replace( "*", "", $userItem ) );
  140.                 $allow[$user] = 'edit';
  141.             } else {
  142.                 $user = trim( str_replace( "*", "", $userItem ) );
  143.                 $user = trim( str_replace( "(ro)", "", $user ) );
  144.                 $allow[$user] = 'read';
  145.             }
  146.         }
  147.     }
  148.     if ( is_array( $allow ) ) {
  149.         $allowedAccess = $allow;
  150.         unset( $allow );
  151.     }
  152.     return $allowedAccess;
  153. }
  154.  
  155. function doRedirect( $info ) {
  156.     /* make redirection for non authorized users */
  157.     global $wgScript, $wgSitename, $wgOut;
  158.  
  159.     if ( ! $info ) {
  160.         $info = "No_access";
  161.         }
  162.     if ( $info == "Only_sysop" ) {
  163.         $target = wfMsg( 'accesscontrol-info-user' );
  164.     } elseif ( $info == "No_anonymous" ) {
  165.         $target = wfMsg( 'accesscontrol-info-anonymous' );
  166.     } elseif ( $info == "Deny_anonymous") {
  167.         $target = wfMsg( 'accesscontrol-edit-anonymous' );
  168.     } elseif ( $info == "Deny_edit_list" ) {
  169.         $target = wfMsg( 'accesscontrol-edit-users' );
  170.     } else {
  171.         $target = wfMsg( 'accesscontrol-info-deny' );
  172.     }
  173.     if ( isset( $_SESSION['redirect'] ) ) {
  174.         // removing info about redirect from session after move..
  175.         unset( $_SESSION['redirect'] );
  176.     }
  177.     header( "Location: " . $wgScript . "/" . $wgSitename . ":" . $target );
  178. }
  179.  
  180. function fromTemplates( $string ) {
  181.     global $wgUser, $wgAdminCanReadAll;
  182.     // Vytažení šablon
  183.     if ( strpos( $string, '{{' ) ) {
  184.         if ( substr( $string, strpos ( $string, '{{' ), 3 ) === '{{{' ) {
  185.             $start = strpos( $string, '{{{' );
  186.             $end = strlen( $string );
  187.             $skok = $start + 3;
  188.             fromTemplates( substr( $string, $skok, $end - $skok ) );
  189.         } else {
  190.             $start = strpos( $string, '{{' );
  191.             $end = strpos( $string, '}}' );
  192.             $skok = $start + 2;
  193.             $templatepage = substr( $string, $skok, $end - $skok );
  194.             if ( strpos( $templatepage, '|' ) > 0) {
  195.                 $templatename = substr( $templatepage, 0, strpos( $templatepage, '|' ) );
  196.             } else {
  197.                 $templatename = $templatepage ;
  198.             }
  199.             if ( substr( $templatename, 0, 1 ) === ':') {
  200.                 // vložena stránka
  201.                 $rights = allRightTags( getContentPage( substr( $templatename, 1 ) ) );
  202.             } else {
  203.                 // vložena šablona
  204.                 $rights = allRightTags( getTemplatePage( $templatename ) );
  205.             }
  206.             if ( is_array( $rights ) ) {
  207.             if ( $wgUser->mId === 0 ) {
  208.                 /* Redirection unknown users */
  209.                 $wgActions['view'] = false;
  210.                 doRedirect('accesscontrol-info-anonymous');
  211.                 } else {
  212.                 if ( in_array( 'sysop', $wgUser->mGroups, true ) ) {
  213.                     if ( isset( $wgAdminCanReadAll ) ) {
  214.                         if ( $wgAdminCanReadAll ) {
  215.                             return true;
  216.                             }
  217.                         }
  218.                     }
  219.                 $users = accessControl( $rights['groups'] );
  220.                 foreach ( $users[0] as $group ) {
  221.                     if ( in_array( $group, $wgUser->mGroups, true ) ) {
  222.                         return true;
  223.                     }
  224.                 }
  225.                 if ( ! in_array( $wgUser->mName, $users[0], true ) ) {
  226.                     $wgActions['edit']           = false;
  227.                     $wgActions['history']        = false;
  228.                     $wgActions['submit']         = false;
  229.                     $wgActions['info']           = false;
  230.                     $wgActions['raw']            = false;
  231.                     $wgActions['delete']         = false;
  232.                     $wgActions['revert']         = false;
  233.                     $wgActions['revisiondelete'] = false;
  234.                     $wgActions['rollback']       = false;
  235.                     $wgActions['markpatrolled']  = false;
  236.                     foreach ( $users[1] as $group ) {
  237.                         if ( in_array( $group, $wgUser->mGroups, true ) ) {
  238.                             return true;
  239.                         }
  240.                     }
  241.                     if ( ! in_array( $wgUser->mName, $users[1], true ) ) {
  242.                         $wgActions['view']   = false;
  243.                         return doRedirect( 'accesscontrol-info-anonymous' );
  244.                         }
  245.                     }
  246.                 }
  247.             }
  248.             fromTemplates( substr( $string, $end + 2 ) );
  249.         }
  250.         }
  251.     }
  252.  
  253.  
  254. function allRightTags( $string ) {
  255.     /* Function for extraction content tag accesscontrol from raw source the page */
  256.     $contenttag  = Array();
  257.     $starttag    = "<accesscontrol>";
  258.     $endtag      = "</accesscontrol>";
  259.     $redirecttag = "redirect";
  260.  
  261.     if ( ( mb_substr( trim( $string ), 0, 1 ) == "#" )
  262.         && ( stripos( mb_substr( trim( $string ), 1, 9 ), $redirecttag ) == "0" )
  263.         ) {
  264.         /* Treatment redirects - content variable $string must be replaced over content the target page */
  265.         $sourceredirecttag = mb_substr( $string, 0, strpos( $string, ']]' ) );
  266.         $redirecttarget = trim( substr( $sourceredirecttag, strpos( $sourceredirecttag, '[[' ) + 2 ) );
  267.         if ( strpos( $redirecttarget, '|' ) ) {
  268.             $redirecttarget = trim( substr( $redirecttarget, 0, strpos( $redirecttarget, '|' ) ) );
  269.         }
  270.         $Title = new Title();
  271.         $gt = $Title->makeTitle( 0, $redirecttarget );
  272.         return allRightTags( getContentPage( $gt ) );
  273.     }
  274.  
  275.     // Kontrola accesscontrol ve vložených šablonách a stránkách
  276.     fromTemplates($string);
  277.  
  278.     $start = strpos( $string, $starttag );
  279.     if ( $start !== false ) {
  280.         $start += strlen( $starttag );
  281.         $end = strpos( $string, $endtag );
  282.         if ( $end !== false ) {
  283.             $groupsString = substr( $string, $start, $end-$start );
  284.             if ( strlen( $groupsString ) == 0 ) {
  285.                 $contenttag['end'] = strlen( $starttag ) + strlen( $endtag );
  286.             } else {
  287.                 $contenttag['groups'] = $groupsString;
  288.                 $contenttag['end'] = $end + strlen( $endtag );
  289.             }
  290.  
  291.             if( isset( $_SESSION['redirect'] ) ) {
  292.                 $_SESSION['redirect'] = $contenttag;
  293.             } else {
  294.                 return $contenttag;
  295.             }
  296.         }
  297.     } else {
  298.         if( isset( $_SESSION['redirect'] ) ) {
  299.             return $_SESSION['redirect'];
  300.         } else {
  301.             return false;
  302.         }
  303.     }
  304. }
  305.  
  306. function hookUserCan( &$title, &$wgUser, $action, &$result ) {
  307.     /* Main function control access for all users */
  308.     global $wgActions, $wgAdminCanReadAll;
  309.     if ( $wgUser->mId === 0 ) {
  310.         /* Deny actions for all anonymous */
  311.         $wgActions['edit']           = false;
  312.         $wgActions['history']        = false;
  313.         $wgActions['submit']         = false;
  314.         $wgActions['info']           = false;
  315.         $wgActions['raw']            = false;
  316.         $wgActions['delete']         = false;
  317.         $wgActions['revert']         = false;
  318.         $wgActions['revisiondelete'] = false;
  319.         $wgActions['rollback']       = false;
  320.         $wgActions['markpatrolled']  = false;
  321.         }
  322.  
  323.     $rights = allRightTags( getContentPage( $title->mDbkeyform ) );
  324.     if ( is_array( $rights ) ) {
  325.         if ( $wgUser->mId === 0 ) {
  326.             /* Redirection unknown users */
  327.             $wgActions['view'] = false;
  328.             doRedirect( 'accesscontrol-info-anonymous' );
  329.         } else {
  330.             if ( in_array( 'sysop', $wgUser->mGroups, true ) ) {
  331.                 if ( isset( $wgAdminCanReadAll ) ) {
  332.                     if ( $wgAdminCanReadAll ) {
  333.                         return true;
  334.                     }
  335.                 }
  336.             }              
  337.             $users = accessControl( $rights['groups'] );
  338.             foreach ( $users[0] as $group ) {
  339.                 if ( in_array( $group, $wgUser->mGroups, true ) ) {
  340.                     return true;
  341.                 }
  342.             }
  343.             if ( in_array( $wgUser->mName, $users[0], true ) ) {
  344.                 return true;
  345.             } else {
  346.                 $wgActions['edit']           = false;
  347.                 $wgActions['history']        = false;
  348.                 $wgActions['submit']         = false;
  349.                 $wgActions['info']           = false;
  350.                 $wgActions['raw']            = false;
  351.                 $wgActions['delete']         = false;
  352.                 $wgActions['revert']         = false;
  353.                 $wgActions['revisiondelete'] = false;
  354.                 $wgActions['rollback']       = false;
  355.                 $wgActions['markpatrolled']  = false;
  356.                 foreach ( $users[1] as $group ) {
  357.                     if ( in_array( $group, $wgUser->mGroups, true ) ) {
  358.                         return true;
  359.                     }
  360.                 }
  361.                 if ( in_array( $wgUser->mName, $users[1], true ) ) {
  362.                     return true;
  363.                 } else {
  364.                     if($action == 'read') {
  365.                         return false;
  366.                     } else {
  367.                         $wgActions['view']   = false;
  368.                         return doRedirect( 'accesscontrol-info-anonymous' );
  369.                     }
  370.                 }
  371.             }
  372.         }
  373.     } else {
  374.         return true;
  375.     }
  376. }
  377.  
  378. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement