Guest User

MediaWiki AccessControl Extension Mod

a guest
Jul 31st, 2012
1,731
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2.  
  3. /* MediaWiki extension that enables group access restriction on a page-by-page
  4.  * basis contributed by Martin Mueller (http://blog.pagansoft.de) based into
  5.  * version 1.3 on accesscontrol.php by Josh Greenberg.
  6.  * Version 2.0 for MediaWiki >= 1.18 rewrited completly by Aleš Kapica.
  7.  * Version 2.0.1 by Paul Wieland to make compatible with NameSpaces
  8.  * @package MediaWiki
  9.  * @subpackage Extensions
  10.  * @author Aleš Kapica
  11.  * @copyright 2008-2012 Aleš Kapica
  12.  * @licence GNU General Public Licence
  13.  */
  14.  
  15. if( !defined( 'MEDIAWIKI' ) ) {
  16.     echo ( "This file is an extension to the MediaWiki software and cannot be used standalone.\n" );
  17.     die();
  18. }
  19.  
  20. // sysop users can read all restricted pages
  21. $wgAdminCanReadAll = true;
  22.  
  23. $wgExtensionCredits['specialpage']['AccessControl'] = array(
  24.     'name'                  => 'AccessControlExtension',
  25.     'author'                => array( 'Aleš Kapica' ),
  26.     'url'                   => 'http://www.mediawiki.org/wiki/Extension:AccessControl',
  27.     'version'               => '2.1',
  28.     'description'           => 'Access control based on users lists. Administrator rights need not be for it.',
  29.     'descriptionmsg'        => 'accesscontrol-desc',
  30. );
  31.  
  32. $wgHooks['ParserFirstCallInit'][] = 'wfAccessControlExtension' ;
  33.  
  34. $dir = dirname( __FILE__ ) . '/';
  35. $wgExtensionMessagesFiles['AccessControl'] = $dir . 'AccessControl.i18n.php';
  36.  
  37.  
  38. //Hook the userCan function for bypassing the cache
  39. $wgHooks['userCan'][] = 'hookUserCan';
  40.  
  41. function wfAccessControlExtension( Parser $parser ) {
  42.     /* This the hook function adds the tag <accesscontrol> to the wiki parser */
  43.     $parser->setHook( "accesscontrol", "doControlUserAccess" );
  44.     return true;
  45. }
  46.  
  47. function doControlUserAccess( $input, array $args, Parser $parser, PPFrame $frame ) {
  48.     /* Funcion called by wfAccessControlExtension */
  49.     return displayGroups();
  50. }
  51.  
  52. function accessControl( $obsahtagu ){
  53.     $accessgroup = Array( Array(), Array() );
  54.     $listaccesslist = explode( ",", $obsahtagu );
  55.     foreach ( $listaccesslist as $accesslist ) {
  56.         if ( strpos( $accesslist, "(ro)" ) !== false ) {
  57.             $accesslist = trim( str_replace( "(ro)", "", $accesslist ) );
  58.             $group = makeGroupArray( $accesslist );
  59.             $accessgroup[1] = array_merge( $accessgroup[1], $group[0] );
  60.             $accessgroup[1] = array_merge( $accessgroup[1], $group[1] );
  61.         } else {
  62.             $accesslist = trim( $accesslist );
  63.             $group = makeGroupArray ($accesslist );
  64.             $accessgroup[0] = array_merge( $accessgroup[0], $group[0] );
  65.             $accessgroup[1] = array_merge( $accessgroup[1], $group[1] );
  66.         }
  67.     }
  68.     return $accessgroup;
  69. }
  70.  
  71. function makeGroupArray( $accesslist ) {
  72.     /* Function returns array with two lists.
  73.         First is list full access users.
  74.         Second is list readonly users. */
  75.     $userswrite = Array();
  76.     $usersreadonly = Array();
  77.     $users = getUsersFromPages( $accesslist );
  78.     foreach ( array_keys( $users ) as $user ) {
  79.         switch ( $users[$user] ) {
  80.             case 'read':
  81.                 $usersreadonly[] = $user;
  82.                 break;
  83.             case 'edit':
  84.                 $userswrite[] = $user;
  85.                 break;
  86.         }
  87.     }
  88.     return array( $userswrite , $usersreadonly );
  89. }
  90.  
  91. function displayGroups() {
  92.     /* Function replace the tag <accesscontrol> and his content, behind info about a protection this the page */
  93.     $style = "<p id=\"accesscontrol\" style=\"text-align:center;color:#BA0000;font-size:8pt\">";
  94.     $text = wfMsg( 'accesscontrol-info' );
  95.     $style_end = "</p>";
  96.     $wgAllowInfo = $style . $text . $style_end;
  97.     return $wgAllowInfo;
  98. }
  99.  
  100. // MOD by Paul Wieland to add $mNamespace so that this extension works with multiple namespaces
  101. function getContentPage( $title , $mNamespace=0) {
  102.     /* Function get content the page identified by title object from database */
  103.     $Title = new Title();
  104.     $gt = $Title->makeTitle( $mNamespace, $title );
  105.     // create Article and get the content
  106.     $contentPage = new Article( $gt, 0 );
  107.     return $contentPage->fetchContent( 0 );
  108.     }
  109.  
  110. function getTemplatePage( $template ) {
  111.     /* Function get content the template page identified by title object from database */
  112.     $Title = new Title();
  113.     $gt = $Title->makeTitle( 10, $template );
  114.     //echo '<!--';
  115.     //print_r($gt);
  116.     //echo '-->';
  117.     // create Article and get the content
  118.     $contentPage = new Article( $gt, 0 );
  119.     return $contentPage->fetchContent( 0 );
  120.     }
  121.  
  122. function getUsersFromPages( $skupina ) {
  123.     // Edits by Paul Wieland to make this thing work with namespaces (before it would only use ns 0)
  124.     $namespace_id = MWNamespace::getCanonicalIndex(strtolower(strstr($skupina, ':', true)));
  125.     $skupina = ltrim(strstr($skupina, ':'),':');
  126.  
  127.     /* Extracts the allowed users from the userspace access list */
  128.     $allowedAccess = Array();
  129.     $allow = Array();
  130.     $Title = new Title();
  131.     $gt = $Title->makeTitle( $namespace_id, $skupina );
  132.     // create Article and get the content
  133.     $groupPage = new Article( $gt, 0 );
  134.     $allowedUsers = $groupPage->fetchContent( 0 );
  135.     $groupPage = NULL;
  136.     $usersAccess = explode( "\n", $allowedUsers );
  137.     foreach  ($usersAccess as $userEntry ) {
  138.         $userItem = strtolower(trim( $userEntry ));
  139.         if ( substr( $userItem, 0, 1 ) == "*" ) {
  140.             if ( strpos( $userItem, "(ro)" ) === false ) {
  141.                 $user = trim( str_replace( "*", "", $userItem ) );
  142.                 $allow[$user] = 'edit';
  143.             } else {
  144.                 $user = trim( str_replace( "*", "", $userItem ) );
  145.                 $user = trim( str_replace( "(ro)", "", $user ) );
  146.                 $allow[$user] = 'read';
  147.             }
  148.         }
  149.     }
  150.     if ( is_array( $allow ) ) {
  151.         $allowedAccess = $allow;
  152.         unset( $allow );
  153.     }
  154.     return $allowedAccess;
  155. }
  156.  
  157. function doRedirect( $info ) {
  158.     /* make redirection for non authorized users */
  159.     global $wgScript, $wgSitename, $wgOut;
  160.  
  161.     if ( ! $info ) {
  162.         $info = "No_access";
  163.         }
  164.     if ( $info == "Only_sysop" ) {
  165.         $target = wfMsg( 'accesscontrol-info-user' );
  166.     } elseif ( $info == "No_anonymous" ) {
  167.         $target = wfMsg( 'accesscontrol-info-anonymous' );
  168.     } elseif ( $info == "Deny_anonymous") {
  169.         $target = wfMsg( 'accesscontrol-edit-anonymous' );
  170.     } elseif ( $info == "Deny_edit_list" ) {
  171.         $target = wfMsg( 'accesscontrol-edit-users' );
  172.     } else {
  173.         $target = wfMsg( 'accesscontrol-info-deny' );
  174.     }
  175.     if ( isset( $_SESSION['redirect'] ) ) {
  176.         // removing info about redirect from session after move..
  177.         unset( $_SESSION['redirect'] );
  178.     }
  179.  
  180.     header( "Location: " . $wgScript . "/" . $wgSitename . ":" . $target );
  181. }
  182.  
  183. function fromTemplates( $string ) {
  184.     global $wgUser, $wgAdminCanReadAll;
  185.     // Vytažení šablon
  186.     if ( strpos( $string, '{{' ) ) {
  187.         if ( substr( $string, strpos ( $string, '{{' ), 3 ) === '{{{' ) {
  188.             $start = strpos( $string, '{{{' );
  189.             $end = strlen( $string );
  190.             $skok = $start + 3;
  191.             fromTemplates( substr( $string, $skok, $end - $skok ) );
  192.         } else {
  193.             $start = strpos( $string, '{{' );
  194.             $end = strpos( $string, '}}' );
  195.             $skok = $start + 2;
  196.             $templatepage = substr( $string, $skok, $end - $skok );
  197.             if ( strpos( $templatepage, '|' ) > 0) {
  198.                 $templatename = substr( $templatepage, 0, strpos( $templatepage, '|' ) );
  199.             } else {
  200.                 $templatename = $templatepage ;
  201.             }
  202.             if ( substr( $templatename, 0, 1 ) === ':') {
  203.                 // vložena stránka
  204.                 $rights = allRightTags( getContentPage( substr( $templatename, 1 ) ) );
  205.             } else {
  206.                 // vložena šablona
  207.                 $rights = allRightTags( getTemplatePage( $templatename ) );
  208.             }
  209.             if ( is_array( $rights ) ) {
  210.             if ( $wgUser->mId === 0 ) {
  211.                 /* Redirection unknown users */
  212.                 $wgActions['view'] = false;
  213.                 doRedirect('accesscontrol-info-anonymous');
  214.                 } else {
  215.                 if ( in_array( 'sysop', $wgUser->mGroups, true ) ) {
  216.                     if ( isset( $wgAdminCanReadAll ) ) {
  217.                         if ( $wgAdminCanReadAll ) {
  218.                             return true;
  219.                             }
  220.                         }
  221.                     }
  222.                 $users = accessControl( $rights['groups'] );
  223.                 if ( ! in_array( strtolower($wgUser->mName), $users[0], true ) ) {
  224.                     $wgActions['edit']           = false;
  225.                     $wgActions['history']        = false;
  226.                     $wgActions['submit']         = false;
  227.                     $wgActions['info']           = false;
  228.                     $wgActions['raw']            = false;
  229.                     $wgActions['delete']         = false;
  230.                     $wgActions['revert']         = false;
  231.                     $wgActions['revisiondelete'] = false;
  232.                     $wgActions['rollback']       = false;
  233.                     $wgActions['markpatrolled']  = false;
  234.                     if ( ! in_array( strtolower($wgUser->mName), $users[1], true ) ) {
  235.                         $wgActions['view']   = false;
  236.                         return doRedirect( 'accesscontrol-info-anonymous' );
  237.                         }
  238.                     }
  239.                 }
  240.             }
  241.             fromTemplates( substr( $string, $end + 2 ) );
  242.         }
  243.         }
  244.     }
  245.  
  246.  
  247. function allRightTags( $string ) {
  248.     /* Function for extraction content tag accesscontrol from raw source the page */
  249.     $contenttag  = Array();
  250.     $starttag    = "<accesscontrol>";
  251.     $endtag      = "</accesscontrol>";
  252.     $redirecttag = "redirect";
  253.  
  254.     if ( ( mb_substr( trim( $string ), 0, 1 ) == "#" )
  255.         && ( stripos( mb_substr( trim( $string ), 1, 9 ), $redirecttag ) == "0" )
  256.         ) {
  257.         /* Treatment redirects - content variable $string must be replaced over content the target page */
  258.         $sourceredirecttag = mb_substr( $string, 0, strpos( $string, ']]' ) );
  259.         $redirecttarget = trim( substr( $sourceredirecttag, strpos( $sourceredirecttag, '[[' ) + 2 ) );
  260.         if ( strpos( $redirecttarget, '|' ) ) {
  261.             $redirecttarget = trim( substr( $redirecttarget, 0, strpos( $redirecttarget, '|' ) ) );
  262.         }
  263.         $Title = new Title();
  264.         $gt = $Title->makeTitle( 0, $redirecttarget );
  265.         return allRightTags( getContentPage( $gt ) );
  266.     }
  267.  
  268.     // Kontrola accesscontrol ve vložených šablonách a stránkách
  269.     fromTemplates($string);
  270.  
  271.     $start = strpos( $string, $starttag );
  272.     if ( $start !== false ) {
  273.         $start += strlen( $starttag );
  274.         $end = strpos( $string, $endtag );
  275.         if ( $end !== false ) {
  276.             $groupsString = substr( $string, $start, $end-$start );
  277.             if ( strlen( $groupsString ) == 0 ) {
  278.                 $contenttag['end'] = strlen( $starttag ) + strlen( $endtag );
  279.             } else {
  280.                 $contenttag['groups'] = $groupsString;
  281.                 $contenttag['end'] = $end + strlen( $endtag );
  282.             }
  283.  
  284.             if( isset( $_SESSION['redirect'] ) ) {
  285.                 $_SESSION['redirect'] = $contenttag;
  286.             } else {
  287.                 return $contenttag;
  288.             }
  289.         }
  290.     } else {
  291.         if( isset( $_SESSION['redirect'] ) ) {
  292.             return $_SESSION['redirect'];
  293.         } else {
  294.             return false;
  295.         }
  296.     }
  297. }
  298.  
  299. function hookUserCan( &$title, &$wgUser, $action, &$result ) {
  300.     /* Main function control access for all users */
  301.     global $wgActions, $wgAdminCanReadAll;
  302.     if ( $wgUser->mId === 0 ) {
  303.         /* Deny actions for all anonymous */
  304.         $wgActions['edit']           = false;
  305.         $wgActions['history']        = false;
  306.         $wgActions['submit']         = false;
  307.         $wgActions['info']           = false;
  308.         $wgActions['raw']            = false;
  309.         $wgActions['delete']         = false;
  310.         $wgActions['revert']         = false;
  311.         $wgActions['revisiondelete'] = false;
  312.         $wgActions['rollback']       = false;
  313.         $wgActions['markpatrolled']  = false;
  314.         }
  315.  
  316.     $rights = allRightTags( getContentPage( $title->mDbkeyform , $title->mNamespace) );
  317.    
  318.     if ( is_array( $rights ) ) {
  319.         if ( $wgUser->mId === 0 ) {
  320.             /* Redirection unknown users */
  321.             $wgActions['view'] = false;
  322.             doRedirect( 'accesscontrol-info-anonymous' );
  323.         } else {
  324.             if ( in_array( 'sysop', $wgUser->mGroups, true ) ) {
  325.                 if ( isset( $wgAdminCanReadAll ) ) {
  326.                     if ( $wgAdminCanReadAll ) {
  327.                         return true;
  328.                     }
  329.                 }
  330.             }
  331.             $users = accessControl( $rights['groups'] );
  332.             if ( in_array( strtolower($wgUser->mName), $users[0], true ) ) {
  333.                 return true;
  334.             } else {
  335.                 $wgActions['edit']           = false;
  336.                 $wgActions['history']        = false;
  337.                 $wgActions['submit']         = false;
  338.                 $wgActions['info']           = false;
  339.                 $wgActions['raw']            = false;
  340.                 $wgActions['delete']         = false;
  341.                 $wgActions['revert']         = false;
  342.                 $wgActions['revisiondelete'] = false;
  343.                 $wgActions['rollback']       = false;
  344.                 $wgActions['markpatrolled']  = false;
  345.                 if ( in_array( strtolower($wgUser->mName), $users[1], true ) ) {
  346.                     return true;
  347.                 } else {
  348.                     $wgActions['view']   = false;
  349.                     return doRedirect( 'accesscontrol-info-anonymous' );
  350.                 }
  351.             }
  352.         }
  353.     } else {
  354.         return true;
  355.     }
  356. }
  357.  
  358. ?>
RAW Paste Data