MediaWiki AccessControl Extension Mod

1. <?php
2.  
3. /* MediaWiki extension that enables group access restriction on a page-by-page
4.  * basis contributed by Martin Mueller (http://blog.pagansoft.de) based into
5.  * version 1.3 on accesscontrol.php by Josh Greenberg.
6.  * Version 2.0 for MediaWiki >= 1.18 rewrited completly by Aleš Kapica.
7.  * Version 2.0.1 by Paul Wieland to make compatible with NameSpaces
8.  * @package MediaWiki
9.  * @subpackage Extensions
10.  * @author Aleš Kapica
11.  * @copyright 2008-2012 Aleš Kapica
12.  * @licence GNU General Public Licence
13.  */
14.  
15. if( !defined( 'MEDIAWIKI' ) ) {
16.     echo ( "This file is an extension to the MediaWiki software and cannot be used standalone.\n" );
17.     die();
18. }
19.  
20. // sysop users can read all restricted pages
21. $wgAdminCanReadAll = true;
22.  
23. $wgExtensionCredits['specialpage']['AccessControl'] = array(
24.     'name'                  => 'AccessControlExtension',
25.     'author'                => array( 'Aleš Kapica' ),
26.     'url'                   => 'http://www.mediawiki.org/wiki/Extension:AccessControl',
27.     'version'               => '2.1',
28.     'description'           => 'Access control based on users lists. Administrator rights need not be for it.',
29.     'descriptionmsg'        => 'accesscontrol-desc',
30. );
31.  
32. $wgHooks['ParserFirstCallInit'][] = 'wfAccessControlExtension' ;
33.  
34. $dir = dirname( __FILE__ ) . '/';
35. $wgExtensionMessagesFiles['AccessControl'] = $dir . 'AccessControl.i18n.php';
36.  
37.  
38. //Hook the userCan function for bypassing the cache
39. $wgHooks['userCan'][] = 'hookUserCan';
40.  
41. function wfAccessControlExtension( Parser $parser ) {
42.     /* This the hook function adds the tag <accesscontrol> to the wiki parser */
43.     $parser->setHook( "accesscontrol", "doControlUserAccess" );
44.     return true;
45. }
46.  
47. function doControlUserAccess( $input, array $args, Parser $parser, PPFrame $frame ) {
48.     /* Funcion called by wfAccessControlExtension */
49.     return displayGroups();
50. }
51.  
52. function accessControl( $obsahtagu ){
53.     $accessgroup = Array( Array(), Array() );
54.     $listaccesslist = explode( ",", $obsahtagu );
55.     foreach ( $listaccesslist as $accesslist ) {
56.         if ( strpos( $accesslist, "(ro)" ) !== false ) {
57.             $accesslist = trim( str_replace( "(ro)", "", $accesslist ) );
58.             $group = makeGroupArray( $accesslist );
59.             $accessgroup[1] = array_merge( $accessgroup[1], $group[0] );
60.             $accessgroup[1] = array_merge( $accessgroup[1], $group[1] );
61.         } else {
62.             $accesslist = trim( $accesslist );
63.             $group = makeGroupArray ($accesslist );
64.             $accessgroup[0] = array_merge( $accessgroup[0], $group[0] );
65.             $accessgroup[1] = array_merge( $accessgroup[1], $group[1] );
66.         }
67.     }
68.     return $accessgroup;
69. }
70.  
71. function makeGroupArray( $accesslist ) {
72.     /* Function returns array with two lists.
73.         First is list full access users.
74.         Second is list readonly users. */
75.     $userswrite = Array();
76.     $usersreadonly = Array();
77.     $users = getUsersFromPages( $accesslist );
78.     foreach ( array_keys( $users ) as $user ) {
79.         switch ( $users[$user] ) {
80.             case 'read':
81.                 $usersreadonly[] = $user;
82.                 break;
83.             case 'edit':
84.                 $userswrite[] = $user;
85.                 break;
86.         }
87.     }
88.     return array( $userswrite , $usersreadonly );
89. }
90.  
91. function displayGroups() {
92.     /* Function replace the tag <accesscontrol> and his content, behind info about a protection this the page */
93.     $style = "<p id=\"accesscontrol\" style=\"text-align:center;color:#BA0000;font-size:8pt\">";
94.     $text = wfMsg( 'accesscontrol-info' );
95.     $style_end = "</p>";
96.     $wgAllowInfo = $style . $text . $style_end;
97.     return $wgAllowInfo;
98. }
99.  
100. // MOD by Paul Wieland to add $mNamespace so that this extension works with multiple namespaces
101. function getContentPage( $title , $mNamespace=0) {
102.     /* Function get content the page identified by title object from database */
103.     $Title = new Title();
104.     $gt = $Title->makeTitle( $mNamespace, $title );
105.     // create Article and get the content
106.     $contentPage = new Article( $gt, 0 );
107.     return $contentPage->fetchContent( 0 );
108.     }
109.  
110. function getTemplatePage( $template ) {
111.     /* Function get content the template page identified by title object from database */
112.     $Title = new Title();
113.     $gt = $Title->makeTitle( 10, $template );
114.     //echo '<!--';
115.     //print_r($gt);
116.     //echo '-->';
117.     // create Article and get the content
118.     $contentPage = new Article( $gt, 0 );
119.     return $contentPage->fetchContent( 0 );
120.     }
121.  
122. function getUsersFromPages( $skupina ) {
123.     // Edits by Paul Wieland to make this thing work with namespaces (before it would only use ns 0)
124.     $namespace_id = MWNamespace::getCanonicalIndex(strtolower(strstr($skupina, ':', true)));
125.     $skupina = ltrim(strstr($skupina, ':'),':');
126.  
127.     /* Extracts the allowed users from the userspace access list */
128.     $allowedAccess = Array();
129.     $allow = Array();
130.     $Title = new Title();
131.     $gt = $Title->makeTitle( $namespace_id, $skupina );
132.     // create Article and get the content
133.     $groupPage = new Article( $gt, 0 );
134.     $allowedUsers = $groupPage->fetchContent( 0 );
135.     $groupPage = NULL;
136.     $usersAccess = explode( "\n", $allowedUsers );
137.     foreach  ($usersAccess as $userEntry ) {
138.         $userItem = strtolower(trim( $userEntry ));
139.         if ( substr( $userItem, 0, 1 ) == "*" ) {
140.             if ( strpos( $userItem, "(ro)" ) === false ) {
141.                 $user = trim( str_replace( "*", "", $userItem ) );
142.                 $allow[$user] = 'edit';
143.             } else {
144.                 $user = trim( str_replace( "*", "", $userItem ) );
145.                 $user = trim( str_replace( "(ro)", "", $user ) );
146.                 $allow[$user] = 'read';
147.             }
148.         }
149.     }
150.     if ( is_array( $allow ) ) {
151.         $allowedAccess = $allow;
152.         unset( $allow );
153.     }
154.     return $allowedAccess;
155. }
156.  
157. function doRedirect( $info ) {
158.     /* make redirection for non authorized users */
159.     global $wgScript, $wgSitename, $wgOut;
160.  
161.     if ( ! $info ) {
162.         $info = "No_access";
163.         }
164.     if ( $info == "Only_sysop" ) {
165.         $target = wfMsg( 'accesscontrol-info-user' );
166.     } elseif ( $info == "No_anonymous" ) {
167.         $target = wfMsg( 'accesscontrol-info-anonymous' );
168.     } elseif ( $info == "Deny_anonymous") {
169.         $target = wfMsg( 'accesscontrol-edit-anonymous' );
170.     } elseif ( $info == "Deny_edit_list" ) {
171.         $target = wfMsg( 'accesscontrol-edit-users' );
172.     } else {
173.         $target = wfMsg( 'accesscontrol-info-deny' );
174.     }
175.     if ( isset( $_SESSION['redirect'] ) ) {
176.         // removing info about redirect from session after move..
177.         unset( $_SESSION['redirect'] );
178.     }
179.  
180.     header( "Location: " . $wgScript . "/" . $wgSitename . ":" . $target );
181. }
182.  
183. function fromTemplates( $string ) {
184.     global $wgUser, $wgAdminCanReadAll;
185.     // Vytažení šablon
186.     if ( strpos( $string, '{{' ) ) {
187.         if ( substr( $string, strpos ( $string, '{{' ), 3 ) === '{{{' ) {
188.             $start = strpos( $string, '{{{' );
189.             $end = strlen( $string );
190.             $skok = $start + 3;
191.             fromTemplates( substr( $string, $skok, $end - $skok ) );
192.         } else {
193.             $start = strpos( $string, '{{' );
194.             $end = strpos( $string, '}}' );
195.             $skok = $start + 2;
196.             $templatepage = substr( $string, $skok, $end - $skok );
197.             if ( strpos( $templatepage, '|' ) > 0) {
198.                 $templatename = substr( $templatepage, 0, strpos( $templatepage, '|' ) );
199.             } else {
200.                 $templatename = $templatepage ;
201.             }
202.             if ( substr( $templatename, 0, 1 ) === ':') {
203.                 // vložena stránka
204.                 $rights = allRightTags( getContentPage( substr( $templatename, 1 ) ) );
205.             } else {
206.                 // vložena šablona
207.                 $rights = allRightTags( getTemplatePage( $templatename ) );
208.             }
209.             if ( is_array( $rights ) ) {
210.             if ( $wgUser->mId === 0 ) {
211.                 /* Redirection unknown users */
212.                 $wgActions['view'] = false;
213.                 doRedirect('accesscontrol-info-anonymous');
214.                 } else {
215.                 if ( in_array( 'sysop', $wgUser->mGroups, true ) ) {
216.                     if ( isset( $wgAdminCanReadAll ) ) {
217.                         if ( $wgAdminCanReadAll ) {
218.                             return true;
219.                             }
220.                         }
221.                     }
222.                 $users = accessControl( $rights['groups'] );
223.                 if ( ! in_array( strtolower($wgUser->mName), $users[0], true ) ) {
224.                     $wgActions['edit']           = false;
225.                     $wgActions['history']        = false;
226.                     $wgActions['submit']         = false;
227.                     $wgActions['info']           = false;
228.                     $wgActions['raw']            = false;
229.                     $wgActions['delete']         = false;
230.                     $wgActions['revert']         = false;
231.                     $wgActions['revisiondelete'] = false;
232.                     $wgActions['rollback']       = false;
233.                     $wgActions['markpatrolled']  = false;
234.                     if ( ! in_array( strtolower($wgUser->mName), $users[1], true ) ) {
235.                         $wgActions['view']   = false;
236.                         return doRedirect( 'accesscontrol-info-anonymous' );
237.                         }
238.                     }
239.                 }
240.             }
241.             fromTemplates( substr( $string, $end + 2 ) );
242.         }
243.         }
244.     }
245.  
246.  
247. function allRightTags( $string ) {
248.     /* Function for extraction content tag accesscontrol from raw source the page */
249.     $contenttag  = Array();
250.     $starttag    = "<accesscontrol>";
251.     $endtag      = "</accesscontrol>";
252.     $redirecttag = "redirect";
253.  
254.     if ( ( mb_substr( trim( $string ), 0, 1 ) == "#" )
255.         && ( stripos( mb_substr( trim( $string ), 1, 9 ), $redirecttag ) == "0" )
256.         ) {
257.         /* Treatment redirects - content variable $string must be replaced over content the target page */
258.         $sourceredirecttag = mb_substr( $string, 0, strpos( $string, ']]' ) );
259.         $redirecttarget = trim( substr( $sourceredirecttag, strpos( $sourceredirecttag, '[[' ) + 2 ) );
260.         if ( strpos( $redirecttarget, '|' ) ) {
261.             $redirecttarget = trim( substr( $redirecttarget, 0, strpos( $redirecttarget, '|' ) ) );
262.         }
263.         $Title = new Title();
264.         $gt = $Title->makeTitle( 0, $redirecttarget );
265.         return allRightTags( getContentPage( $gt ) );
266.     }
267.  
268.     // Kontrola accesscontrol ve vložených šablonách a stránkách
269.     fromTemplates($string);
270.  
271.     $start = strpos( $string, $starttag );
272.     if ( $start !== false ) {
273.         $start += strlen( $starttag );
274.         $end = strpos( $string, $endtag );
275.         if ( $end !== false ) {
276.             $groupsString = substr( $string, $start, $end-$start );
277.             if ( strlen( $groupsString ) == 0 ) {
278.                 $contenttag['end'] = strlen( $starttag ) + strlen( $endtag );
279.             } else {
280.                 $contenttag['groups'] = $groupsString;
281.                 $contenttag['end'] = $end + strlen( $endtag );
282.             }
283.  
284.             if( isset( $_SESSION['redirect'] ) ) {
285.                 $_SESSION['redirect'] = $contenttag;
286.             } else {
287.                 return $contenttag;
288.             }
289.         }
290.     } else {
291.         if( isset( $_SESSION['redirect'] ) ) {
292.             return $_SESSION['redirect'];
293.         } else {
294.             return false;
295.         }
296.     }
297. }
298.  
299. function hookUserCan( &$title, &$wgUser, $action, &$result ) {
300.     /* Main function control access for all users */
301.     global $wgActions, $wgAdminCanReadAll;
302.     if ( $wgUser->mId === 0 ) {
303.         /* Deny actions for all anonymous */
304.         $wgActions['edit']           = false;
305.         $wgActions['history']        = false;
306.         $wgActions['submit']         = false;
307.         $wgActions['info']           = false;
308.         $wgActions['raw']            = false;
309.         $wgActions['delete']         = false;
310.         $wgActions['revert']         = false;
311.         $wgActions['revisiondelete'] = false;
312.         $wgActions['rollback']       = false;
313.         $wgActions['markpatrolled']  = false;
314.         }
315.  
316.     $rights = allRightTags( getContentPage( $title->mDbkeyform , $title->mNamespace) );
317.    
318.     if ( is_array( $rights ) ) {
319.         if ( $wgUser->mId === 0 ) {
320.             /* Redirection unknown users */
321.             $wgActions['view'] = false;
322.             doRedirect( 'accesscontrol-info-anonymous' );
323.         } else {
324.             if ( in_array( 'sysop', $wgUser->mGroups, true ) ) {
325.                 if ( isset( $wgAdminCanReadAll ) ) {
326.                     if ( $wgAdminCanReadAll ) {
327.                         return true;
328.                     }
329.                 }
330.             }
331.             $users = accessControl( $rights['groups'] );
332.             if ( in_array( strtolower($wgUser->mName), $users[0], true ) ) {
333.                 return true;
334.             } else {
335.                 $wgActions['edit']           = false;
336.                 $wgActions['history']        = false;
337.                 $wgActions['submit']         = false;
338.                 $wgActions['info']           = false;
339.                 $wgActions['raw']            = false;
340.                 $wgActions['delete']         = false;
341.                 $wgActions['revert']         = false;
342.                 $wgActions['revisiondelete'] = false;
343.                 $wgActions['rollback']       = false;
344.                 $wgActions['markpatrolled']  = false;
345.                 if ( in_array( strtolower($wgUser->mName), $users[1], true ) ) {
346.                     return true;
347.                 } else {
348.                     $wgActions['view']   = false;
349.                     return doRedirect( 'accesscontrol-info-anonymous' );
350.                 }
351.             }
352.         }
353.     } else {
354.         return true;
355.     }
356. }
357.  
358. ?>