r36798 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r36797‎ \| r36798 \| r36799 >
Date:	02:01, 30 June 2008
Author:	skizzerz
Status:	old
Tags:
Comment:	*add new extension GroupPermissions Manager
Modified paths:	/trunk/extensions/GroupPermissions+Manager (added) (history) /trunk/extensions/GroupPermissions+Manager/GPManager.i18n.php (added) (history) /trunk/extensions/GroupPermissions+Manager/GPManager.php (added) (history) /trunk/extensions/GroupPermissions+Manager/GPManager_body.php (added) (history)

Diff [purge]

Index: trunk/extensions/GroupPermissions Manager/GPManager_body.php
—	—	@@ -0,0 +1,403 @@
	2	+<?php
	3	+
	4	+/**
	5	+* Class definition for the special page
	6	+*/
	7	+
	8	+class GroupPermissions extends SpecialPage {
	9	+ var $target = '';
	10	+ var $oldrev = '';
	11	+ var $permissionslist = array();
	12	+ var $groupslist = array();
	13	+ var $otherrights = array();
	14	+
	15	+ /**
	16	+ * Constructor
	17	+ */
	18	+ function GroupPermissions() {
	19	+ SpecialPage::SpecialPage( 'GroupPermissions', 'grouppermissions' );
	20	+ }
	21	+
	22	+ /**
	23	+ * Main execution function
	24	+ */
	25	+ function execute( $par ) {
	26	+ global $wgRequest, $wgOut, $wgUser;
	27	+
	28	+ if( !$wgUser->isAllowed( 'grouppermissions' ) ) {
	29	+ $wgOut->permissionRequired( 'grouppermissions' );
	30	+ return;
	31	+ }
	32	+ wfLoadExtensionMessages('GroupPermissions');
	33	+ $this->setHeaders();
	34	+ $wgOut->addWikiText( wfMsg( 'grouppermissions-header' ) );
	35	+
	36	+ //display the search form and define an array of the usergroups and an array of all current permissions
	37	+ global $wgGroupPermissions;
	38	+ $this->target = $par ? $par : $wgRequest->getText( 'groupsearch', '');
	39	+
	40	+ foreach($wgGroupPermissions as $group => $permissions) {
	41	+ $this->groupslist[] = $group;
	42	+ foreach($permissions as $right => $value) {
	43	+ if(!in_array($right, $this->permissionslist)) {
	44	+ $this->permissionslist[] = $right;
	45	+ }
	46	+ }
	47	+ }
	48	+ //sort the array in alphabetical order for ease of finding things
	49	+ sort($this->permissionslist);
	50	+
	51	+ $wgOut->addHtml( $this->makeSearchForm() );
	52	+
	53	+ //test if we have a valid target to act upon
	54	+ if( $this->target != '') {
	55	+ //ok, we do. Now, what action was just being performed?
	56	+ if( $wgRequest->getCheck( 'dosearch' ) \|\| !$wgRequest->wasPosted() ) {
	57	+ $wgOut->addScriptFile('prefs.js');
	58	+ //it was a search, check the group
	59	+ if(in_array($this->target, $this->groupslist)) {
	60	+ global $wgImplicitGroups;
	61	+ //group exists, so we can change it, can't delete it if it's an implicit group
	62	+ if(in_array($this->target, $wgImplicitGroups)){
	63	+ //cannot delete group, show just show the change form
	64	+ $wgOut->addHtml( $this->makeChangeForm() );
	65	+ } else {
	66	+ //can delete group, so show that form as well
	67	+ $wgOut->addHtml( $this->makeDeleteForm() );
	68	+ $wgOut->addHtml( $this->makeChangeForm() );
	69	+ }
	70	+ } else {
	71	+ //group doesn't exist, let's make it and assign some rights
	72	+ $wgOut->addHtml( $this->makeAddForm() );
	73	+ }
	74	+ } elseif( $wgRequest->wasPosted() && $wgRequest->getVal('doadd') == '1' ) {
	75	+ //we just added a new group!
	76	+ $success = $this->writeFile('add');
	77	+ if($success) {
	78	+ $this->addLogItem( 'add', trim( $wgRequest->getText( 'addcomment' ) ) );
	79	+ $wgOut->addWikiText( wfMsg( 'grouppermissions-addsuccess', $this->target ) );
	80	+ $this->listsmade = false;
	81	+ }
	82	+ } elseif( $wgRequest->wasPosted() && $wgRequest->getVal('dodelete') == '1' ) {
	83	+ //we just deleted a user group. don't remove users from the group just in case we want to make it again
	84	+ $success = $this->writeFile('delete');
	85	+ if($success) {
	86	+ $this->addLogItem( 'delete', trim( $wgRequest->getText( 'deletecomment' ) ) );
	87	+ $wgOut->addWikiText( wfMsg( 'grouppermissions-deletesuccess', $this->target ) );
	88	+ $this->listsmade = false;
	89	+ }
	90	+ } elseif( $wgRequest->wasPosted() && $wgRequest->getVal('dochange') == '1' ) {
	91	+ //we modified the permissions of an existing group
	92	+ $success = $this->writeFile('change');
	93	+ if($success) {
	94	+ $this->addLogItem( 'change', trim( $wgRequest->getText( 'comment' ) ) );
	95	+ $wgOut->addWikiText( wfMsg( 'grouppermissions-changesuccess', $this->target ) );
	96	+ $this->listsmade = false;
	97	+ }
	98	+ }
	99	+ }
	100	+ }
	101	+
	102	+ /**
	103	+ * Produce a form to search for a group
	104	+ */
	105	+ function makeSearchForm() {
	106	+ $thisTitle = Title::makeTitle( NS_SPECIAL, $this->getName() );
	107	+ $form = "<fieldset>\n<legend>".wfMsgHtml('grouppermissions-searchlabel')."</legend>\n";
	108	+ $form .= "<form method=\"post\" action=\"".$thisTitle->getLocalUrl()."\">\n";
	109	+ $form .= "<label for=\"groupsearch\">".wfMsg('grouppermissions-search')."</label> ";
	110	+ $form .= "<input type=\"text\" name=\"groupsearch\" id=\"groupsearch\" value=\"".$this->target."\" /> ";
	111	+ $form .= "<input type=\"submit\" name=\"dosearch\" value=\"".wfMsg('grouppermissions-dosearch')."\" />";
	112	+ $form .= "<input type=\"hidden\" name=\"issearch\" value=\"1\" />\n</form>\n</fieldset>\n";
	113	+ return $form;
	114	+ }
	115	+
	116	+ /**
	117	+ * Produce a form for changing group permissions
	118	+ */
	119	+ function makeChangeForm() {
	120	+ //Returns the checkbox toggles for the given group.
	121	+ $thisTitle = Title::makeTitle( NS_SPECIAL, $this->getName() );
	122	+ $form = "<br /><div>\n";
	123	+ $form .= "<form method=\"post\" action=\"".$thisTitle->getLocalUrl()."\" id=\"preferences\">\n";
	124	+ //get the rows of checkboxes, specify that we should get values for them as well
	125	+ $form .= $this->createCheckboxes( $form, true );
	126	+ $form .= "<br />\n";
	127	+ $form .= "<label for=\"comment\">".wfMsg('grouppermissions-comment')."</label> ";
	128	+ $form .= "<input type=\"text\" name=\"comment\" id=\"comment\" size=\"45\" />\n";
	129	+ $form .= "<input type=\"submit\" name=\"change\" value=\"".wfMsg('grouppermissions-change')."\" />\n";
	130	+ $form .= "<input type=\"hidden\" name=\"dochange\" value=\"1\" />";
	131	+ $form .= "<input type=\"hidden\" name=\"groupsearch\" value=\"".$this->target."\" />\n";
	132	+ $form .= "</form>\n</div>\n";
	133	+ return $form;
	134	+ }
	135	+
	136	+ /**
	137	+ * Produce a form to delete a group
	138	+ */
	139	+ function makeDeleteForm() {
	140	+ //sanity check, make sure that we aren't showing this for the automatic groups
	141	+ global $wgImplicitGroups;
	142	+ if(in_array($this->target, $wgImplicitGroups)) {
	143	+ return '';
	144	+ }
	145	+ $thisTitle = Title::makeTitle( NS_SPECIAL, $this->getName() );
	146	+ $form = "<fieldset>\n<legend>".wfMsgHtml('grouppermissions-deletelabel')."</legend>\n";
	147	+ $form .= "<form method=\"post\" action=\"".$thisTitle->getLocalUrl()."\">\n";
	148	+ $form .= "<label for=\"deletecomment\">".wfMsg('grouppermissions-comment')."</label> ";
	149	+ $form .= "<input type=\"text\" name=\"deletecomment\" id=\"deletecomment\" /> ";
	150	+ $form .= "<input type=\"submit\" name=\"delete\" value=\"".wfMsg('grouppermissions-delete')."\" />\n";
	151	+ $form .= "<input type=\"hidden\" name=\"dodelete\" value=\"1\" />";
	152	+ $form .= "<input type=\"hidden\" name=\"groupsearch\" value=\"".$this->target."\" />\n";
	153	+ $form .= "</form>\n</fieldset>\n";
	154	+ return $form;
	155	+ }
	156	+
	157	+ /**
	158	+ * Produce a form to add a group
	159	+ */
	160	+ function makeAddForm() {
	161	+ //make a new group and return all toggles
	162	+ $thisTitle = Title::makeTitle( NS_SPECIAL, $this->getName() );
	163	+ $form = "<br /><div>\n";
	164	+ $form .= "<form method=\"post\" action=\"".$thisTitle->getLocalUrl()."\" id=\"preferences\">\n";
	165	+ //get the rows of checkboxes, specify that we should not get values for them
	166	+ $form .= $this->createCheckboxes( $form, false );
	167	+ $form .= "<br />\n";
	168	+ $form .= "<label for=\"addcomment\">".wfMsg('grouppermissions-comment')."</label> ";
	169	+ $form .= "<input type=\"text\" name=\"addcomment\" id=\"addcomment\" size=\"45\" />\n";
	170	+ $form .= "<input type=\"submit\" name=\"add\" value=\"".wfMsg('grouppermissions-add')."\" />\n";
	171	+ $form .= "<input type=\"hidden\" name=\"doadd\" value=\"1\" />";
	172	+ $form .= "<input type=\"hidden\" name=\"groupsearch\" value=\"".$this->target."\" />\n";
	173	+ $form .= "</form>\n</div>\n";
	174	+ return $form;
	175	+ }
	176	+
	177	+ /**
	178	+ * Add logging entries for the specified action if logging is enabled
	179	+ */
	180	+ function addLogItem( $type, $comment = '' ) {
	181	+ $target = $this->target;
	182	+ $page = User::getGroupPage($target);
	183	+ if(!$page instanceOf Title) {
	184	+ $page = Title::makeTitle(0, $target);
	185	+ }
	186	+ $log = new LogPage('gpmanager');
	187	+ $s = $log->addEntry($type, $page, $comment, array($target));
	188	+ return $s;
	189	+ }
	190	+
	191	+ /**
	192	+ * Make the sorted tables of radio buttons and permissions
	193	+ * @param form the form that it is adding the radio buttons to.
	194	+ * @param getcurrentvalues is used for determining if it should set the radio buttons at the current permissions
	195	+ */
	196	+ function createCheckboxes( &$form, $getcurrentvalues ) {
	197	+ global $wgGroupPermissions, $wgGPManagerSortTypes, $wgGPManagerSort, $wgGPManagerNeverGrant;
	198	+ if($getcurrentvalues) {
	199	+ //let's extract the appropriate array of values from GroupPermissions once so we don't have to put it in the foreach
	200	+ foreach($wgGroupPermissions as $group => $permissions) {
	201	+ if($group == $this->target) {
	202	+ $evGroupPermissions = $permissions;
	203	+ break;
	204	+ }
	205	+ }
	206	+ }
	207	+ $sort = array();
	208	+ foreach($wgGPManagerSortTypes as $type) {
	209	+ $sort[$type] = array();
	210	+ }
	211	+
	212	+ foreach($this->permissionslist as $right) {
	213	+ $s = false;
	214	+ foreach($wgGPManagerSortTypes as $type) {
	215	+ if(in_array($right, $wgGPManagerSort[$type])) {
	216	+ $s = true;
	217	+ $sort[$type][$right] = false;
	218	+ $st = $type;
	219	+ }
	220	+ }
	221	+ if(!$s) {
	222	+ $sort['misc'][$right] = false;
	223	+ $st = 'misc';
	224	+ }
	225	+ if($getcurrentvalues) {
	226	+ //let's change all the falses to something else if need be
	227	+ foreach($evGroupPermissions as $permission => $value) {
	228	+ $bool = in_array($right, array_keys($evGroupPermissions));
	229	+ if($right == $permission) {
	230	+ if($value)
	231	+ $sort[$st][$right] = true;
	232	+ break;
	233	+ }
	234	+ }
	235	+ }
	236	+ }
	237	+ foreach($sort as $type => $list) {
	238	+ $form .= '<fieldset><legend>'.wfMsgHtml('grouppermissions-sort-'.$type).'</legend>';
	239	+ $form .= "\n<h2>".wfMsgHtml('grouppermissions-sort-'.$type)."</h2>\n<table>";
	240	+ foreach($list as $right => $value) {
	241	+ $form .= "\n<tr><td>".$right."</td><td>";
	242	+ if($value) {
	243	+ $form .= $this->makeRadio($right, 'true', true) . $this->makeRadio($right, 'false') . $this->makeRadio($right, 'never');
	244	+ } else {
	245	+ $form .= $this->makeRadio($right, 'true');
	246	+ if(array_key_exists($this->target, $wgGPManagerNeverGrant)) {
	247	+ if(!in_array($right, $wgGPManagerNeverGrant[$this->target])) {
	248	+ $form .= $this->makeRadio($right, 'false', true) . $this->makeRadio($right, 'never');
	249	+ } else {
	250	+ $form .= $this->makeRadio($right, 'false') . $this->makeRadio($right, 'never', true);
	251	+ }
	252	+ } else {
	253	+ $form .= $this->makeRadio($right, 'false', true) . $this->makeRadio($right, 'never');
	254	+ }
	255	+ }
	256	+ $form .= "</td></tr>\n";
	257	+ }
	258	+ $form .= "\n</table></fieldset>\n";
	259	+ }
	260	+ }
	261	+
	262	+ /**
	263	+ * Write the php file
	264	+ */
	265	+ function writeFile( $type ) {
	266	+ //can we write the file?
	267	+ if(!is_writable( dirname(__FILE__) . "/config" )) {
	268	+ echo( "<h2>Cannot write config file, aborting</h2>
	269	+
	270	+ <p>In order to use this extension, you need to make the /config subdirectory of this extension
	271	+ writable by the webserver (eg, if you have this extension installed in /extensions/GPManager,
	272	+ you need to make /extensions/GPManager/config writable by the webserver.</p>
	273	+
	274	+ <p>Make the necessary changes, then refresh this page to try again</p>" );
	275	+ die( 1 );
	276	+ }
	277	+ $this->oldrev = gmdate('dmYHis');
	278	+ if(file_exists(dirname(__FILE__) . '/config/GroupPermissions.php')) {
	279	+ $r = rename(dirname(__FILE__) . '/config/GroupPermissions.php', dirname(__FILE__) . '/config/GroupPermissions.' . $this->oldrev . '.php');
	280	+ if(!$r) {
	281	+ global $wgOut;
	282	+ $wgOut->addWikiText(wfMsg('grouppermissions-nooldrev'));
	283	+ }
	284	+ }
	285	+ $grouppermissions = '<?php
	286	+##### This file was automatically generated by Special:Grouppermissions. When changing group
	287	+##### permissions, please do so HERE instead of LocalSettings.php or anywhere else. If you
	288	+##### set permissions elsewhere, changing them here may not produce the desired results.
	289	+$wgGroupPermissions = array();
	290	+$wgGPManagerNeverGrant = array();';
	291	+ global $wgGroupPermissions, $wgRequest, $wgGPManagerNeverGrant;
	292	+ //run through the current permissions first and change those if need be, only define true to keep down the filesize
	293	+ foreach($wgGroupPermissions as $group => $permissions) {
	294	+ if( $group == $this->target && $type == 'change' ) {
	295	+ foreach($_POST as $key => $value) {
	296	+ if(strpos($key, 'right-') === 0 && $value == 'true') {
	297	+ $r = explode('-', $key, 2);
	298	+ $right = $r[1];
	299	+ $grouppermissions .= "\n\$wgGroupPermissions['".$group."']['".$right."'] = true;";
	300	+ }
	301	+ }
	302	+ } elseif( $group != $this->target ) {
	303	+ foreach($permissions as $right => $value) {
	304	+ if( $value == 'true') {
	305	+ //group doesn't match target group and the current value is true
	306	+ $grouppermissions .= "\n\$wgGroupPermissions['".$group."']['".$right."'] = true;";
	307	+ }
	308	+ }
	309	+ }
	310	+ }
	311	+
	312	+ if($type == 'add') {
	313	+ //add the new group and its permissions
	314	+ foreach($_POST as $key => $value) {
	315	+ if(strpos($key, 'right-') === 0 && $value == 'true') {
	316	+ $r = explode('-', $key, 2);
	317	+ $right = $r[1];
	318	+ $grouppermissions .= "\n\$wgGroupPermissions['".$this->target."']['".$right."'] = true;";
	319	+ }
	320	+ }
	321	+ }
	322	+
	323	+ //let's iterate through the never grants now
	324	+ if($wgGPManagerNeverGrant === array()) {
	325	+ foreach($wgGroupPermissions as $group => $permissions) {
	326	+ if($type != 'delete' \|\| $group != $this->target) {
	327	+ $wgGPManagerNeverGrant[$group] = array();
	328	+ }
	329	+ }
	330	+ }
	331	+ if($type == 'add') {
	332	+ $wgGPManagerNeverGrant[$this->target] = array();
	333	+ }
	334	+ foreach($wgGPManagerNeverGrant as $group => $rights) {
	335	+ if($group != $this->target) {
	336	+ //we didn't change this one, so keep it as-is, defining it as false in wgGroupPermissions so it appears as a group
	337	+ foreach($rights as $right) {
	338	+ if($right == '') {
	339	+ continue;
	340	+ }
	341	+ $grouppermissions .= "\n\$wgGroupPermissions['".$group."']['".$right."'] = false;";
	342	+ }
	343	+ $str = "array('" . implode("', '", $rights) . "')";
	344	+ if($str == 'array(\'\')') {
	345	+ $str = 'array()';
	346	+ }
	347	+ $grouppermissions .= "\n\$wgGPManagerNeverGrant['".$group."'] = ".$str.";";
	348	+ } elseif($type != 'delete') {
	349	+ //we changed this group, so make appropriate changes. First, cut out all the ones that were changed to something other than never
	350	+ foreach($rights as $permission) {
	351	+ if($wgRequest->getVal('right-'.$permission) != 'never') {
	352	+ $l = array_search($permission, $rights);
	353	+ array_splice($rights, $l, 1);
	354	+ }
	355	+ }
	356	+ //then, add in new ones
	357	+ foreach($_POST as $key => $value) {
	358	+ if(strpos($key, 'right-') === 0 && $value == 'never') {
	359	+ $r = explode('-', $key, 2);
	360	+ $right = $r[1];
	361	+ $rights[] = $right;
	362	+ }
	363	+ }
	364	+ //delete duplicate keys
	365	+ $rights = array_unique($rights);
	366	+ //now put it in the file, defining it in wgGroupPermissions as false so it registers the group
	367	+ foreach($rights as $right) {
	368	+ if($right == '') {
	369	+ continue;
	370	+ }
	371	+ $grouppermissions .= "\n\$wgGroupPermissions['".$group."']['".$right."'] = false;";
	372	+ }
	373	+ $str = "array('" . implode("', '", $rights) . "')";
	374	+ if($str == 'array(\'\')') {
	375	+ $str = 'array()';
	376	+ }
	377	+ $grouppermissions .= "\n\$wgGPManagerNeverGrant['".$group."'] = ".$str.";";
	378	+ }
	379	+ }
	380	+
	381	+ $grouppermissions = str_replace( "\r\n", "\n", $grouppermissions );
	382	+ chdir( dirname(__FILE__) . "/config" );
	383	+ $f = fopen( "GroupPermissions.php", 'wt' );
	384	+ if(fwrite( $f, $grouppermissions ) ) {
	385	+ fclose( $f );
	386	+ print "\n";
	387	+ return true;
	388	+ } else {
	389	+ fclose( $f );
	390	+ echo("<p class='error'>An error occured while writing the config/GroupPermissions.php file. Check user rights and disk space then try again.</p>");
	391	+ return false;
	392	+ }
	393	+ }
	394	+
	395	+ function makeRadio( $right = '', $value = '', $checked = false ) {
	396	+ if($checked) {
	397	+ $input = "<input type=\"radio\" name=\"right-{$right}\" id=\"{$right}-{$value}\" class=\"{$value}\" value=\"{$value}\" checked=\"checked\" />";
	398	+ } else {
	399	+ $input ="<input type=\"radio\" name=\"right-{$right}\" id=\"{$right}-{$value}\" class=\"{$value}\" value=\"{$value}\" />";
	400	+ }
	401	+ $input .= " <label for=\"{$right}-{$value}\">".wfMsgHtml('grouppermissions-'.$value)."</label> ";
	402	+ return $input;
	403	+ }
	404	+}
\ No newline at end of file
Property changes on: trunk/extensions/GroupPermissions Manager/GPManager_body.php
___________________________________________________________________
Added: svn:eol-style
1	405	+ native
Index: trunk/extensions/GroupPermissions Manager/GPManager.i18n.php
—	—	@@ -0,0 +1,58 @@
	2	+<?php
	3	+
	4	+/**
	5	+* Internationalisation file for the GroupPermissions Manager extension
	6	+* See http://www.mediawiki.org/wiki/Extension:GroupPermissions_Manager for more info
	7	+*/
	8	+
	9	+$messages = array();
	10	+
	11	+/** English
	12	+ * @author Ryan Schmidt
	13	+ */
	14	+$messages['en'] = array(
	15	+ 'grouppermissions' => 'Manage Group Permissions',
	16	+ 'grouppermissions-desc' => 'Manage group permissions via a special page',
	17	+ 'grouppermissions-desc2' => 'Extended permissions system',
	18	+ 'grouppermissions-header' => "You may use this page to change the underlying permissions of the various usergroups",
	19	+ 'grouppermissions-search' => 'Group:',
	20	+ 'grouppermissions-dologin' => 'Login',
	21	+ 'grouppermissions-dosearch' => 'Go',
	22	+ 'grouppermissions-searchlabel' => 'Search for Group',
	23	+ 'grouppermissions-deletelabel' => 'Delete Group',
	24	+ 'grouppermissions-error' => 'An unknown error has occurred, please hit the back button on your browser and try again',
	25	+ 'grouppermissions-change' => 'Change group permissions',
	26	+ 'grouppermissions-add' => 'Add group',
	27	+ 'grouppermissions-delete' => 'Delete group',
	28	+ 'grouppermissions-comment' => 'Comment:',
	29	+ 'grouppermissions-addsuccess' => '$1 has been successfully added',
	30	+ 'grouppermissions-deletesuccess' => '$1 has been successfully deleted',
	31	+ 'grouppermissions-changesuccess' => 'Permissions for $1 have successfully been changed',
	32	+ 'grouppermissions-true' => 'True',
	33	+ 'grouppermissions-false' => 'False',
	34	+ 'grouppermissions-never' => 'Never',
	35	+ 'grouppermissions-nooldrev' => 'Error encountered when attempting to archive the current config file. No archive will be made',
	36	+ 'grouppermissions-sort-read' => 'Reading',
	37	+ 'grouppermissions-sort-edit' => 'Editing',
	38	+ 'grouppermissions-sort-manage' => 'Management',
	39	+ 'grouppermissions-sort-admin' => 'Administration',
	40	+ 'grouppermissions-sort-tech' => 'Technical',
	41	+ 'grouppermissions-sort-misc' => 'Miscellaneous',
	42	+ 'grouppermissions-log-add' => 'added group "$2"',
	43	+ 'grouppermissions-log-change' => 'changed permissions for group "$2"',
	44	+ 'grouppermissions-log-delete' => 'deleted group "$2"',
	45	+ 'grouppermissions-log-name' => 'GroupPermissions log',
	46	+ 'grouppermissions-log-entry' => '', #do not translate this message
	47	+ 'grouppermissions-log-header' => 'This page tracks changes to the underlying permissions of user groups',
	48	+ 'right-viewsource' => 'View wiki source of protected pages',
	49	+ 'right-raw' => 'View raw pages',
	50	+ 'right-render' => 'View rendered pages without navigation',
	51	+ 'right-info' => 'View page info',
	52	+ 'right-credits' => 'View page credits',
	53	+ 'right-history' => 'View page histories',
	54	+ 'right-search' => 'Search the wiki',
	55	+ 'right-contributions' => 'View contributions pages',
	56	+ 'right-recentchanges' => 'View recent changes',
	57	+ 'right-edittalk' => 'Edit discussion pages',
	58	+ 'right-edit' => 'Edit pages (which are not discussion pages)',
	59	+);
\ No newline at end of file
Property changes on: trunk/extensions/GroupPermissions Manager/GPManager.i18n.php
___________________________________________________________________
Added: svn:eol-style
1	60	+ native
Index: trunk/extensions/GroupPermissions Manager/GPManager.php
—	—	@@ -0,0 +1,256 @@
	2	+<?php
	3	+/**
	4	+* GroupPermissions Manager extension by Ryan Schmidt
	5	+* Allows privelaged users to modify group permissions via a special page
	6	+* See http://www.mediawiki.org/wiki/Extension:GroupPermissions_Manager for more info
	7	+*/
	8	+
	9	+if(!defined('MEDIAWIKI')) {
	10	+ echo("This file is an extension to the MediaWiki software and is not a valid access point");
	11	+ die(1);
	12	+}
	13	+
	14	+$wgExtensionCredits['specialpage'][] = array(
	15	+'name' => 'GroupPermissions Manager',
	16	+'author' => 'Ryan Schmidt',
	17	+'url' => 'http://www.mediawiki.org/wiki/Extension:GroupPermissions_Manager',
	18	+'version' => '3.0',
	19	+'description' => 'Manage group permissions via a special page',
	20	+'descriptionmsg' => 'grouppermissions-desc',
	21	+);
	22	+$wgAutoloadClasses['GroupPermissions'] = dirname(__FILE__) . '/GPManager_body.php';
	23	+$wgSpecialPages['GroupPermissions'] = 'GroupPermissions';
	24	+$wgAvailableRights[] = 'grouppermissions';
	25	+$wgExtensionMessagesFiles['GroupPermissions'] = dirname(__FILE__) . '/GPManager.i18n.php';
	26	+
	27	+$wgLogTypes[] = 'gpmanager';
	28	+$wgLogActions['gpmanager/add'] = 'grouppermissions-log-add';
	29	+$wgLogActions['gpmanager/change'] = 'grouppermissions-log-change';
	30	+$wgLogActions['gpmanager/delete'] = 'grouppermissions-log-delete';
	31	+$wgLogActions['gpmanager/gpmanager'] = 'grouppermissions-log-entry';
	32	+$wgLogHeaders['gpmanager'] = 'grouppermissions-log-header';
	33	+$wgLogNames['gpmanager'] = 'grouppermissions-log-name';
	34	+$wgSpecialPageGroups['GroupPermissions'] = 'wiki';
	35	+
	36	+##Permission required to use the special page
	37	+##By default all bureaucrats can
	38	+$wgGroupPermissions['bureaucrat']['grouppermissions'] = true;
	39	+##Uncomment this if you want to make a separate group that can access the page as well
	40	+#$wgGroupPermissions['grouppermissions']['grouppermissions'] = true;
	41	+
	42	+/**
	43	+* Permissions++ sub-extension
	44	+* This requires the GroupPermissions manager extension to function to its utmost ability, so don't insall this separate from it (or vice versa)
	45	+*/
	46	+
	47	+$wgExtensionCredits['other'][] = array(
	48	+'name' => 'Permissions++',
	49	+'author' => 'Ryan Schmidt',
	50	+'url' => 'http://www.mediawiki.org/wiki/Extension:GroupPermissions_Manager',
	51	+'version' => '1.0',
	52	+'description' => 'Extended permissions system',
	53	+'descriptionmsg' => 'grouppermissions-desc2',
	54	+);
	55	+
	56	+$wgHooks['UserGetRights'][] = 'efGPManagerRevokeRights';
	57	+$wgHooks['userCan'][] = 'efGPManagerExtendedPermissionsGrant';
	58	+$wgHooks['getUserPermissionsErrors'][] = 'efGPManagerExtendedPermissionsRevoke';
	59	+$wgGPManagerNeverGrant = array();
	60	+$wgGPManagerSort = array();
	61	+$wgGPManagerSortTypes = array( 'read', 'edit', 'manage', 'admin', 'tech', 'misc' );
	62	+
	63	+##Default permissions for the ones added by Permissions++ extension
	64	+###Reading-related permissions
	65	+$wgGroupPermissions['*']['viewsource'] = true; //allows viewing of wiki source when one cannot edit the page
	66	+$wgGroupPermissions['*']['history'] = true; //allows viewing of page histories
	67	+$wgGroupPermissions['*']['raw'] = true; //allows use of action=raw
	68	+$wgGroupPermissions['*']['render'] = true; //allows use of action=render
	69	+$wgGroupPermissions['*']['info'] = true; //allows use of action=info if the option is enabled
	70	+$wgGroupPermissions['*']['credits'] = true; //allows use of action=credits
	71	+$wgGroupPermissions['*']['search'] = true; //allows access to Special:Search
	72	+$wgGroupPermissions['*']['recentchanges'] = true; //allows access to Special:RecentChanges
	73	+$wgGroupPermissions['*']['contributions'] = true; //allows viewing Special:Contributions pages, including own
	74	+###Editing-related permissions
	75	+###Note that 'edit' is reduced to only allowing editing of non-talk pages now, it is NOT a global toggle anymore
	76	+###In addition, 'createpage', and 'createtalk' no longer require the 'edit' right, this can be useful if you want to allow people to make pages, but not edit existing ones
	77	+$wgGroupPermissions['*']['edittalk'] = true; //can edit talk pages, including use of section=new
	78	+
	79	+##Grouping of permissions for the GPManager
	80	+$wgGPManagerSort['read'] = array( 'read', 'viewsource', 'history', 'raw', 'render', 'info',
	81	+'credits', 'search', 'recentchanges', 'contributions' );
	82	+$wgGPManagerSort['edit'] = array( 'edit', 'createpage', 'createtalk', 'move', 'move-subpages',
	83	+'createaccount', 'upload', 'reupload', 'reupload-shared', 'upload_by_url',
	84	+'editprotected', 'edittalk', 'writeapi' );
	85	+$wgGPManagerSort['manage'] = array( 'delete', 'bigdelete', 'deletedhistory', 'undelete', 'mergehistory',
	86	+'protect', 'block', 'blockemail', 'hideuser', 'userrights', 'userrights-interwiki', 'rollback', 'markbotedits',
	87	+'patrol', 'editinterface', 'editusercssjs', 'hiderevision', 'deleterevision', 'browsearchive', 'suppressrevision',
	88	+'suppressionlog' );
	89	+$wgGPManagerSort['admin'] = array( 'siteadmin', 'import', 'importupload', 'trackback', 'unwatchedpages',
	90	+'grouppermissions' );
	91	+$wgGPManagerSort['tech'] = array( 'bot', 'purge', 'minoredit', 'nominornewtalk', 'ipblock-exempt',
	92	+'proxyunbannable', 'autopatrol', 'apihighlimits', 'suppressredirect', 'autoconfirmed',
	93	+'emailconfirmed', 'noratelimit' );
	94	+$wgGPManagerSort['misc'] = array(); //all rights added by extensions that don't have a sort clause get put here
	95	+
	96	+##Load the config file, if it exists. This must be the last thing to run in the startup part
	97	+if(file_exists(dirname(__FILE__) . "/config/GroupPermissions.php") ) {
	98	+ require_once(dirname(__FILE__) . "/config/GroupPermissions.php");
	99	+}
	100	+
	101	+//Revoke the rights that are set to "never"
	102	+function efGPManagerRevokeRights(&$user, &$rights) {
	103	+ global $wgGPManagerNeverGrant;
	104	+ $groups = $user->getEffectiveGroups();
	105	+ $never = array();
	106	+ $rights = array_unique($rights);
	107	+ foreach( $groups as $group ) {
	108	+ if( array_key_exists( $group, $wgGPManagerNeverGrant ) ) {
	109	+ foreach( $wgGPManagerNeverGrant[$group] as $right ) {
	110	+ $never[] = $right;
	111	+ }
	112	+ }
	113	+ }
	114	+ $never = array_unique( $never );
	115	+ foreach( $never as $revoke ) {
	116	+ $offset = array_search( $revoke, $rights );
	117	+ if( $offset !== false ) {
	118	+ array_splice( $rights, $offset, 1 );
	119	+ }
	120	+ }
	121	+ return true;
	122	+}
	123	+
	124	+//Extend the permissions system for finer-grained control without requiring hacks
	125	+//For allowing actions that the normal permissions system would prevent
	126	+function efGPManagerExtendedPermissionsGrant($title, $user, $action, &$result) {
	127	+ global $wgRequest;
	128	+ $result = false;
	129	+ if( $action == 'edit' && ($wgRequest->getVal('action') == 'edit' \|\| $wgRequest->getVal('action') == 'submit') ) {
	130	+ if( !$title->exists() ) {
	131	+ $protection = getTitleProtection($title);
	132	+ if($protection) {
	133	+ if( !$user->isAllowed($protection['pt_create_perm']) ) {
	134	+ //pass it on to the normal permissions system to handle
	135	+ $result = null;
	136	+ return true;
	137	+ }
	138	+ }
	139	+ //otherwise don't pass it on to the normal permission system, because the edit right would then be checked
	140	+ if( $title->isTalkPage() && $user->isAllowed('createtalk') ) {
	141	+ $result = true;
	142	+ return false;
	143	+ } elseif( !$title->isTalkPage() && $user->isAllowed('createpage') ) {
	144	+ $result = true;
	145	+ return false;
	146	+ }
	147	+ } else {
	148	+ $protection = $title->getRestrictions('edit');
	149	+ if($protection) {
	150	+ foreach($protection as $right) {
	151	+ if(!$user->isAllowed($right)) {
	152	+ //pass it on to the normal permissions system
	153	+ $result = null;
	154	+ return true;
	155	+ }
	156	+ }
	157	+ }
	158	+ if( $title->isTalkPage() && $user->isAllowed('edittalk') ) {
	159	+ $result = true;
	160	+ return false;
	161	+ } elseif( !$title->isTalkPage() && $user->isAllowed('edit') ) {
	162	+ $result = true;
	163	+ return false;
	164	+ }
	165	+ }
	166	+ }
	167	+ //hack for the UserCanRead method
	168	+ $res = efGPManagerExtendedPermissionsRevoke($title, $user, $action, &$result);
	169	+ if(!$res) {
	170	+ $result = false;
	171	+ //yay epic hacking! If I can't choose to make it return badaccess-group0... I'll simply force it to
	172	+ global $wgGroupPermissions;
	173	+ foreach($wgGroupPermissions as $group => $rights) {
	174	+ $wgGroupPermissions[$group]['read'] = false;
	175	+ }
	176	+ return false;
	177	+ }
	178	+ $result = null;
	179	+ return true; //otherwise we don't care
	180	+}
	181	+
	182	+//for preventing actions the normal permissions system would allow
	183	+function efGPManagerExtendedPermissionsRevoke($title, $user, $action, &$result) {
	184	+ global $wgRequest;
	185	+ $result = null;
	186	+ $err = array('badaccess-group0');
	187	+ if( $action == 'read' ) {
	188	+ if( $title->isSpecial('Recentchanges') && !$user->isAllowed('recentchanges') ) {
	189	+ $result = $err;
	190	+ return false;
	191	+ }
	192	+ if( $title->isSpecial('Search') && !$user->isAllowed('search') ) {
	193	+ $result = $err;
	194	+ return false;
	195	+ }
	196	+ if( $title->isSpecial('Contributions') && !$user->isAllowed('contributions') ) {
	197	+ $result = $err;
	198	+ return false;
	199	+ }
	200	+ if( $wgRequest->getVal('action') == 'edit' \|\| $wgRequest->getVal('action') == 'submit' ) {
	201	+ if( !$title->userCan('edit') && !$user->isAllowed('viewsource') ) {
	202	+ $result = $err;
	203	+ return false;
	204	+ }
	205	+ }
	206	+ if( $wgRequest->getVal('action') == 'history' && !$user->isAllowed('history') ) {
	207	+ $result = $err;
	208	+ return false;
	209	+ }
	210	+ if( $wgRequest->getVal('action') == 'raw' && !$user->isAllowed('raw') ) {
	211	+ $result = $err;
	212	+ return false;
	213	+ }
	214	+ if( $wgRequest->getVal('action') == 'render' && !$user->isAllowed('render') ) {
	215	+ $result = $err;
	216	+ return false;
	217	+ }
	218	+ if( $wgRequest->getVal('action') == 'credits' && !$user->isAllowed('credits') ) {
	219	+ $result = $err;
	220	+ return false;
	221	+ }
	222	+ if( $wgRequest->getVal('action') == 'info' && !$user->isAllowed('info') ) {
	223	+ $result = $err;
	224	+ return false;
	225	+ }
	226	+ }
	227	+ if( $action == 'edit' ) {
	228	+ if($title->exists() && ($wgRequest->getVal('action') == 'edit' \|\| $wgRequest->getVal('action') == 'submit')) {
	229	+ if( $title->isTalkPage() && !$user->isAllowed('edittalk') ) {
	230	+ $result = $err;
	231	+ return false;
	232	+ } elseif( !$title->isTalkPage() && !$user->isAllowed('edit') ) {
	233	+ $result = $err;
	234	+ return false;
	235	+ }
	236	+ }
	237	+ }
	238	+ return true; //otherwise we don't care
	239	+}
	240	+
	241	+//Since the one in Title.php is private...
	242	+function getTitleProtection($title) {
	243	+ // Can't protect pages in special namespaces
	244	+ if ( $title->getNamespace() < 0 ) {
	245	+ return false;
	246	+ }
	247	+
	248	+ $dbr = wfGetDB( DB_SLAVE );
	249	+ $res = $dbr->select( 'protected_titles', '*',
	250	+ array ('pt_namespace' => $title->getNamespace(), 'pt_title' => $title->getDBkey()) );
	251	+
	252	+ if ($row = $dbr->fetchRow( $res )) {
	253	+ return $row;
	254	+ } else {
	255	+ return false;
	256	+ }
	257	+}
\ No newline at end of file
Property changes on: trunk/extensions/GroupPermissions Manager/GPManager.php
___________________________________________________________________
Added: svn:eol-style
1	258	+ native

Status & tagging log

15:28, 12 September 2011 Meno25 (talk | contribs) changed the status of r36798 [removed: ok added: old]