SHOW:
|
|
- or go back to the newest paste.
1 | <?php | |
2 | ||
3 | /* MediaWiki extension that enables group access restriction on a page-by-page | |
4 | * basis contributed by Martin Mueller (http://blog.pagansoft.de) based into | |
5 | * version 1.3 on accesscontrol.php by Josh Greenberg. | |
6 | * Version 2.0 for MediaWiki >= 1.18 rewrited completly by Aleš Kapica. | |
7 | * Version 2.0.1 by Paul Wieland to make compatible with NameSpaces | |
8 | * @package MediaWiki | |
9 | * @subpackage Extensions | |
10 | * @author Aleš Kapica | |
11 | * @copyright 2008-2012 Aleš Kapica | |
12 | * @licence GNU General Public Licence | |
13 | */ | |
14 | ||
15 | if( !defined( 'MEDIAWIKI' ) ) { | |
16 | echo ( "This file is an extension to the MediaWiki software and cannot be used standalone.\n" ); | |
17 | die(); | |
18 | } | |
19 | ||
20 | // sysop users can read all restricted pages | |
21 | $wgAdminCanReadAll = true; | |
22 | ||
23 | $wgExtensionCredits['specialpage']['AccessControl'] = array( | |
24 | 'name' => 'AccessControlExtension', | |
25 | 'author' => array( 'Aleš Kapica' ), | |
26 | 'url' => 'http://www.mediawiki.org/wiki/Extension:AccessControl', | |
27 | 'version' => '2.1', | |
28 | 'description' => 'Access control based on users lists. Administrator rights need not be for it.', | |
29 | 'descriptionmsg' => 'accesscontrol-desc', | |
30 | ); | |
31 | ||
32 | $wgHooks['ParserFirstCallInit'][] = 'wfAccessControlExtension' ; | |
33 | ||
34 | $dir = dirname( __FILE__ ) . '/'; | |
35 | $wgExtensionMessagesFiles['AccessControl'] = $dir . 'AccessControl.i18n.php'; | |
36 | ||
37 | ||
38 | //Hook the userCan function for bypassing the cache | |
39 | $wgHooks['userCan'][] = 'hookUserCan'; | |
40 | ||
41 | function wfAccessControlExtension( Parser $parser ) { | |
42 | /* This the hook function adds the tag <accesscontrol> to the wiki parser */ | |
43 | $parser->setHook( "accesscontrol", "doControlUserAccess" ); | |
44 | return true; | |
45 | } | |
46 | ||
47 | function doControlUserAccess( $input, array $args, Parser $parser, PPFrame $frame ) { | |
48 | /* Funcion called by wfAccessControlExtension */ | |
49 | return displayGroups(); | |
50 | } | |
51 | ||
52 | function accessControl( $obsahtagu ){ | |
53 | $accessgroup = Array( Array(), Array() ); | |
54 | $listaccesslist = explode( ",", $obsahtagu ); | |
55 | foreach ( $listaccesslist as $accesslist ) { | |
56 | if ( strpos( $accesslist, "(ro)" ) !== false ) { | |
57 | $accesslist = trim( str_replace( "(ro)", "", $accesslist ) ); | |
58 | $group = makeGroupArray( $accesslist ); | |
59 | $accessgroup[1] = array_merge( $accessgroup[1], $group[0] ); | |
60 | $accessgroup[1] = array_merge( $accessgroup[1], $group[1] ); | |
61 | } else { | |
62 | $accesslist = trim( $accesslist ); | |
63 | $group = makeGroupArray ($accesslist ); | |
64 | $accessgroup[0] = array_merge( $accessgroup[0], $group[0] ); | |
65 | $accessgroup[1] = array_merge( $accessgroup[1], $group[1] ); | |
66 | } | |
67 | } | |
68 | return $accessgroup; | |
69 | } | |
70 | ||
71 | function makeGroupArray( $accesslist ) { | |
72 | /* Function returns array with two lists. | |
73 | First is list full access users. | |
74 | Second is list readonly users. */ | |
75 | $userswrite = Array(); | |
76 | $usersreadonly = Array(); | |
77 | $users = getUsersFromPages( $accesslist ); | |
78 | foreach ( array_keys( $users ) as $user ) { | |
79 | switch ( $users[$user] ) { | |
80 | case 'read': | |
81 | $usersreadonly[] = $user; | |
82 | break; | |
83 | case 'edit': | |
84 | $userswrite[] = $user; | |
85 | break; | |
86 | } | |
87 | } | |
88 | return array( $userswrite , $usersreadonly ); | |
89 | } | |
90 | ||
91 | function displayGroups() { | |
92 | /* Function replace the tag <accesscontrol> and his content, behind info about a protection this the page */ | |
93 | $style = "<p id=\"accesscontrol\" style=\"text-align:center;color:#BA0000;font-size:8pt\">"; | |
94 | $text = wfMsg( 'accesscontrol-info' ); | |
95 | $style_end = "</p>"; | |
96 | $wgAllowInfo = $style . $text . $style_end; | |
97 | return $wgAllowInfo; | |
98 | } | |
99 | ||
100 | // MOD by Paul Wieland to add $mNamespace so that this extension works with multiple namespaces | |
101 | function getContentPage( $title , $mNamespace=0) { | |
102 | /* Function get content the page identified by title object from database */ | |
103 | $Title = new Title(); | |
104 | $gt = $Title->makeTitle( $mNamespace, $title ); | |
105 | // create Article and get the content | |
106 | $contentPage = new Article( $gt, 0 ); | |
107 | return $contentPage->fetchContent( 0 ); | |
108 | } | |
109 | ||
110 | function getTemplatePage( $template ) { | |
111 | /* Function get content the template page identified by title object from database */ | |
112 | $Title = new Title(); | |
113 | $gt = $Title->makeTitle( 10, $template ); | |
114 | //echo '<!--'; | |
115 | //print_r($gt); | |
116 | //echo '-->'; | |
117 | // create Article and get the content | |
118 | $contentPage = new Article( $gt, 0 ); | |
119 | return $contentPage->fetchContent( 0 ); | |
120 | } | |
121 | ||
122 | function getUsersFromPages( $skupina ) { | |
123 | // Edits by Paul Wieland to make this thing work with namespaces (before it would only use ns 0) | |
124 | $namespace_id = MWNamespace::getCanonicalIndex(strtolower(strstr($skupina, ':', true))); | |
125 | $skupina = ltrim(strstr($skupina, ':'),':'); | |
126 | ||
127 | /* Extracts the allowed users from the userspace access list */ | |
128 | $allowedAccess = Array(); | |
129 | $allow = Array(); | |
130 | $Title = new Title(); | |
131 | $gt = $Title->makeTitle( $namespace_id, $skupina ); | |
132 | // create Article and get the content | |
133 | $groupPage = new Article( $gt, 0 ); | |
134 | $allowedUsers = $groupPage->fetchContent( 0 ); | |
135 | $groupPage = NULL; | |
136 | $usersAccess = explode( "\n", $allowedUsers ); | |
137 | foreach ($usersAccess as $userEntry ) { | |
138 | $userItem = strtolower(trim( $userEntry )); | |
139 | if ( substr( $userItem, 0, 1 ) == "*" ) { | |
140 | if ( strpos( $userItem, "(ro)" ) === false ) { | |
141 | $user = trim( str_replace( "*", "", $userItem ) ); | |
142 | $allow[$user] = 'edit'; | |
143 | } else { | |
144 | $user = trim( str_replace( "*", "", $userItem ) ); | |
145 | $user = trim( str_replace( "(ro)", "", $user ) ); | |
146 | $allow[$user] = 'read'; | |
147 | } | |
148 | } | |
149 | } | |
150 | if ( is_array( $allow ) ) { | |
151 | $allowedAccess = $allow; | |
152 | unset( $allow ); | |
153 | } | |
154 | return $allowedAccess; | |
155 | } | |
156 | ||
157 | function doRedirect( $info ) { | |
158 | /* make redirection for non authorized users */ | |
159 | global $wgScript, $wgSitename, $wgOut; | |
160 | ||
161 | if ( ! $info ) { | |
162 | $info = "No_access"; | |
163 | } | |
164 | if ( $info == "Only_sysop" ) { | |
165 | $target = wfMsg( 'accesscontrol-info-user' ); | |
166 | } elseif ( $info == "No_anonymous" ) { | |
167 | $target = wfMsg( 'accesscontrol-info-anonymous' ); | |
168 | } elseif ( $info == "Deny_anonymous") { | |
169 | $target = wfMsg( 'accesscontrol-edit-anonymous' ); | |
170 | } elseif ( $info == "Deny_edit_list" ) { | |
171 | $target = wfMsg( 'accesscontrol-edit-users' ); | |
172 | } else { | |
173 | $target = wfMsg( 'accesscontrol-info-deny' ); | |
174 | } | |
175 | if ( isset( $_SESSION['redirect'] ) ) { | |
176 | // removing info about redirect from session after move.. | |
177 | unset( $_SESSION['redirect'] ); | |
178 | } | |
179 | ||
180 | header( "Location: " . $wgScript . "/" . $wgSitename . ":" . $target ); | |
181 | } | |
182 | ||
183 | function fromTemplates( $string ) { | |
184 | global $wgUser, $wgAdminCanReadAll; | |
185 | // Vytažení šablon | |
186 | if ( strpos( $string, '{{' ) ) { | |
187 | if ( substr( $string, strpos ( $string, '{{' ), 3 ) === '{{{' ) { | |
188 | $start = strpos( $string, '{{{' ); | |
189 | $end = strlen( $string ); | |
190 | $skok = $start + 3; | |
191 | fromTemplates( substr( $string, $skok, $end - $skok ) ); | |
192 | } else { | |
193 | $start = strpos( $string, '{{' ); | |
194 | $end = strpos( $string, '}}' ); | |
195 | $skok = $start + 2; | |
196 | $templatepage = substr( $string, $skok, $end - $skok ); | |
197 | if ( strpos( $templatepage, '|' ) > 0) { | |
198 | $templatename = substr( $templatepage, 0, strpos( $templatepage, '|' ) ); | |
199 | } else { | |
200 | $templatename = $templatepage ; | |
201 | } | |
202 | if ( substr( $templatename, 0, 1 ) === ':') { | |
203 | // vložena stránka | |
204 | $rights = allRightTags( getContentPage( substr( $templatename, 1 ) ) ); | |
205 | } else { | |
206 | // vložena šablona | |
207 | $rights = allRightTags( getTemplatePage( $templatename ) ); | |
208 | } | |
209 | if ( is_array( $rights ) ) { | |
210 | if ( $wgUser->mId === 0 ) { | |
211 | /* Redirection unknown users */ | |
212 | $wgActions['view'] = false; | |
213 | doRedirect('accesscontrol-info-anonymous'); | |
214 | } else { | |
215 | if ( in_array( 'sysop', $wgUser->mGroups, true ) ) { | |
216 | if ( isset( $wgAdminCanReadAll ) ) { | |
217 | if ( $wgAdminCanReadAll ) { | |
218 | return true; | |
219 | } | |
220 | } | |
221 | } | |
222 | $users = accessControl( $rights['groups'] ); | |
223 | if ( ! in_array( strtolower($wgUser->mName), $users[0], true ) ) { | |
224 | $wgActions['edit'] = false; | |
225 | $wgActions['history'] = false; | |
226 | $wgActions['submit'] = false; | |
227 | $wgActions['info'] = false; | |
228 | $wgActions['raw'] = false; | |
229 | $wgActions['delete'] = false; | |
230 | $wgActions['revert'] = false; | |
231 | $wgActions['revisiondelete'] = false; | |
232 | $wgActions['rollback'] = false; | |
233 | $wgActions['markpatrolled'] = false; | |
234 | if ( ! in_array( strtolower($wgUser->mName), $users[1], true ) ) { | |
235 | $wgActions['view'] = false; | |
236 | return doRedirect( 'accesscontrol-info-anonymous' ); | |
237 | } | |
238 | } | |
239 | } | |
240 | } | |
241 | fromTemplates( substr( $string, $end + 2 ) ); | |
242 | } | |
243 | } | |
244 | } | |
245 | ||
246 | ||
247 | function allRightTags( $string ) { | |
248 | /* Function for extraction content tag accesscontrol from raw source the page */ | |
249 | $contenttag = Array(); | |
250 | $starttag = "<accesscontrol>"; | |
251 | $endtag = "</accesscontrol>"; | |
252 | $redirecttag = "redirect"; | |
253 | ||
254 | if ( ( mb_substr( trim( $string ), 0, 1 ) == "#" ) | |
255 | && ( stripos( mb_substr( trim( $string ), 1, 9 ), $redirecttag ) == "0" ) | |
256 | ) { | |
257 | /* Treatment redirects - content variable $string must be replaced over content the target page */ | |
258 | $sourceredirecttag = mb_substr( $string, 0, strpos( $string, ']]' ) ); | |
259 | $redirecttarget = trim( substr( $sourceredirecttag, strpos( $sourceredirecttag, '[[' ) + 2 ) ); | |
260 | if ( strpos( $redirecttarget, '|' ) ) { | |
261 | $redirecttarget = trim( substr( $redirecttarget, 0, strpos( $redirecttarget, '|' ) ) ); | |
262 | } | |
263 | $Title = new Title(); | |
264 | $gt = $Title->makeTitle( 0, $redirecttarget ); | |
265 | return allRightTags( getContentPage( $gt ) ); | |
266 | } | |
267 | ||
268 | // Kontrola accesscontrol ve vložených šablonách a stránkách | |
269 | fromTemplates($string); | |
270 | ||
271 | $start = strpos( $string, $starttag ); | |
272 | if ( $start !== false ) { | |
273 | $start += strlen( $starttag ); | |
274 | $end = strpos( $string, $endtag ); | |
275 | if ( $end !== false ) { | |
276 | $groupsString = substr( $string, $start, $end-$start ); | |
277 | if ( strlen( $groupsString ) == 0 ) { | |
278 | $contenttag['end'] = strlen( $starttag ) + strlen( $endtag ); | |
279 | } else { | |
280 | $contenttag['groups'] = $groupsString; | |
281 | $contenttag['end'] = $end + strlen( $endtag ); | |
282 | } | |
283 | ||
284 | if( isset( $_SESSION['redirect'] ) ) { | |
285 | $_SESSION['redirect'] = $contenttag; | |
286 | } else { | |
287 | return $contenttag; | |
288 | } | |
289 | } | |
290 | } else { | |
291 | if( isset( $_SESSION['redirect'] ) ) { | |
292 | return $_SESSION['redirect']; | |
293 | } else { | |
294 | return false; | |
295 | } | |
296 | } | |
297 | } | |
298 | ||
299 | function hookUserCan( &$title, &$wgUser, $action, &$result ) { | |
300 | /* Main function control access for all users */ | |
301 | global $wgActions, $wgAdminCanReadAll; | |
302 | if ( $wgUser->mId === 0 ) { | |
303 | /* Deny actions for all anonymous */ | |
304 | $wgActions['edit'] = false; | |
305 | $wgActions['history'] = false; | |
306 | $wgActions['submit'] = false; | |
307 | $wgActions['info'] = false; | |
308 | $wgActions['raw'] = false; | |
309 | $wgActions['delete'] = false; | |
310 | $wgActions['revert'] = false; | |
311 | $wgActions['revisiondelete'] = false; | |
312 | $wgActions['rollback'] = false; | |
313 | $wgActions['markpatrolled'] = false; | |
314 | } | |
315 | ||
316 | $rights = allRightTags( getContentPage( $title->mDbkeyform , $title->mNamespace) ); | |
317 | ||
318 | if ( is_array( $rights ) ) { | |
319 | if ( $wgUser->mId === 0 ) { | |
320 | /* Redirection unknown users */ | |
321 | $wgActions['view'] = false; | |
322 | doRedirect( 'accesscontrol-info-anonymous' ); | |
323 | } else { | |
324 | if ( in_array( 'sysop', $wgUser->mGroups, true ) ) { | |
325 | if ( isset( $wgAdminCanReadAll ) ) { | |
326 | if ( $wgAdminCanReadAll ) { | |
327 | return true; | |
328 | } | |
329 | } | |
330 | } | |
331 | $users = accessControl( $rights['groups'] ); | |
332 | if ( in_array( strtolower($wgUser->mName), $users[0], true ) ) { | |
333 | return true; | |
334 | } else { | |
335 | $wgActions['edit'] = false; | |
336 | $wgActions['history'] = false; | |
337 | $wgActions['submit'] = false; | |
338 | $wgActions['info'] = false; | |
339 | $wgActions['raw'] = false; | |
340 | $wgActions['delete'] = false; | |
341 | $wgActions['revert'] = false; | |
342 | $wgActions['revisiondelete'] = false; | |
343 | $wgActions['rollback'] = false; | |
344 | $wgActions['markpatrolled'] = false; | |
345 | if ( in_array( strtolower($wgUser->mName), $users[1], true ) ) { | |
346 | return true; | |
347 | } else { | |
348 | $wgActions['view'] = false; | |
349 | return doRedirect( 'accesscontrol-info-anonymous' ); | |
350 | } | |
351 | } | |
352 | } | |
353 | } else { | |
354 | return true; | |
355 | } | |
356 | } | |
357 | ||
358 | ?> |