r36799 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r36798‎ | r36799 | r36800 >
Date:02:06, 30 June 2008
Author:skizzerz
Status:old
Tags:
Comment:
renaming dir to remove space
Modified paths:
  • /trunk/extensions/GroupPermissions+Manager (deleted) (history)
  • /trunk/extensions/GroupPermissionsManager (added) (history)
  • /trunk/extensions/GroupPermissionsManager (added) (history)

Diff [purge]

Index: trunk/extensions/GroupPermissionsManager/GPManager_body.php
@@ -0,0 +1,403 @@
 2+<?php
 3+
 4+/**
 5+* Class definition for the special page
 6+*/
 7+
 8+class GroupPermissions extends SpecialPage {
 9+ var $target = '';
 10+ var $oldrev = '';
 11+ var $permissionslist = array();
 12+ var $groupslist = array();
 13+ var $otherrights = array();
 14+
 15+ /**
 16+ * Constructor
 17+ */
 18+ function GroupPermissions() {
 19+ SpecialPage::SpecialPage( 'GroupPermissions', 'grouppermissions' );
 20+ }
 21+
 22+ /**
 23+ * Main execution function
 24+ */
 25+ function execute( $par ) {
 26+ global $wgRequest, $wgOut, $wgUser;
 27+
 28+ if( !$wgUser->isAllowed( 'grouppermissions' ) ) {
 29+ $wgOut->permissionRequired( 'grouppermissions' );
 30+ return;
 31+ }
 32+ wfLoadExtensionMessages('GroupPermissions');
 33+ $this->setHeaders();
 34+ $wgOut->addWikiText( wfMsg( 'grouppermissions-header' ) );
 35+
 36+ //display the search form and define an array of the usergroups and an array of all current permissions
 37+ global $wgGroupPermissions;
 38+ $this->target = $par ? $par : $wgRequest->getText( 'groupsearch', '');
 39+
 40+ foreach($wgGroupPermissions as $group => $permissions) {
 41+ $this->groupslist[] = $group;
 42+ foreach($permissions as $right => $value) {
 43+ if(!in_array($right, $this->permissionslist)) {
 44+ $this->permissionslist[] = $right;
 45+ }
 46+ }
 47+ }
 48+ //sort the array in alphabetical order for ease of finding things
 49+ sort($this->permissionslist);
 50+
 51+ $wgOut->addHtml( $this->makeSearchForm() );
 52+
 53+ //test if we have a valid target to act upon
 54+ if( $this->target != '') {
 55+ //ok, we do. Now, what action was just being performed?
 56+ if( $wgRequest->getCheck( 'dosearch' ) || !$wgRequest->wasPosted() ) {
 57+ $wgOut->addScriptFile('prefs.js');
 58+ //it was a search, check the group
 59+ if(in_array($this->target, $this->groupslist)) {
 60+ global $wgImplicitGroups;
 61+ //group exists, so we can change it, can't delete it if it's an implicit group
 62+ if(in_array($this->target, $wgImplicitGroups)){
 63+ //cannot delete group, show just show the change form
 64+ $wgOut->addHtml( $this->makeChangeForm() );
 65+ } else {
 66+ //can delete group, so show that form as well
 67+ $wgOut->addHtml( $this->makeDeleteForm() );
 68+ $wgOut->addHtml( $this->makeChangeForm() );
 69+ }
 70+ } else {
 71+ //group doesn't exist, let's make it and assign some rights
 72+ $wgOut->addHtml( $this->makeAddForm() );
 73+ }
 74+ } elseif( $wgRequest->wasPosted() && $wgRequest->getVal('doadd') == '1' ) {
 75+ //we just added a new group!
 76+ $success = $this->writeFile('add');
 77+ if($success) {
 78+ $this->addLogItem( 'add', trim( $wgRequest->getText( 'addcomment' ) ) );
 79+ $wgOut->addWikiText( wfMsg( 'grouppermissions-addsuccess', $this->target ) );
 80+ $this->listsmade = false;
 81+ }
 82+ } elseif( $wgRequest->wasPosted() && $wgRequest->getVal('dodelete') == '1' ) {
 83+ //we just deleted a user group. don't remove users from the group just in case we want to make it again
 84+ $success = $this->writeFile('delete');
 85+ if($success) {
 86+ $this->addLogItem( 'delete', trim( $wgRequest->getText( 'deletecomment' ) ) );
 87+ $wgOut->addWikiText( wfMsg( 'grouppermissions-deletesuccess', $this->target ) );
 88+ $this->listsmade = false;
 89+ }
 90+ } elseif( $wgRequest->wasPosted() && $wgRequest->getVal('dochange') == '1' ) {
 91+ //we modified the permissions of an existing group
 92+ $success = $this->writeFile('change');
 93+ if($success) {
 94+ $this->addLogItem( 'change', trim( $wgRequest->getText( 'comment' ) ) );
 95+ $wgOut->addWikiText( wfMsg( 'grouppermissions-changesuccess', $this->target ) );
 96+ $this->listsmade = false;
 97+ }
 98+ }
 99+ }
 100+ }
 101+
 102+ /**
 103+ * Produce a form to search for a group
 104+ */
 105+ function makeSearchForm() {
 106+ $thisTitle = Title::makeTitle( NS_SPECIAL, $this->getName() );
 107+ $form = "<fieldset>\n<legend>".wfMsgHtml('grouppermissions-searchlabel')."</legend>\n";
 108+ $form .= "<form method=\"post\" action=\"".$thisTitle->getLocalUrl()."\">\n";
 109+ $form .= "<label for=\"groupsearch\">".wfMsg('grouppermissions-search')."</label> ";
 110+ $form .= "<input type=\"text\" name=\"groupsearch\" id=\"groupsearch\" value=\"".$this->target."\" /> ";
 111+ $form .= "<input type=\"submit\" name=\"dosearch\" value=\"".wfMsg('grouppermissions-dosearch')."\" />";
 112+ $form .= "<input type=\"hidden\" name=\"issearch\" value=\"1\" />\n</form>\n</fieldset>\n";
 113+ return $form;
 114+ }
 115+
 116+ /**
 117+ * Produce a form for changing group permissions
 118+ */
 119+ function makeChangeForm() {
 120+ //Returns the checkbox toggles for the given group.
 121+ $thisTitle = Title::makeTitle( NS_SPECIAL, $this->getName() );
 122+ $form = "<br /><div>\n";
 123+ $form .= "<form method=\"post\" action=\"".$thisTitle->getLocalUrl()."\" id=\"preferences\">\n";
 124+ //get the rows of checkboxes, specify that we should get values for them as well
 125+ $form .= $this->createCheckboxes( $form, true );
 126+ $form .= "<br />\n";
 127+ $form .= "<label for=\"comment\">".wfMsg('grouppermissions-comment')."</label> ";
 128+ $form .= "<input type=\"text\" name=\"comment\" id=\"comment\" size=\"45\" />\n";
 129+ $form .= "<input type=\"submit\" name=\"change\" value=\"".wfMsg('grouppermissions-change')."\" />\n";
 130+ $form .= "<input type=\"hidden\" name=\"dochange\" value=\"1\" />";
 131+ $form .= "<input type=\"hidden\" name=\"groupsearch\" value=\"".$this->target."\" />\n";
 132+ $form .= "</form>\n</div>\n";
 133+ return $form;
 134+ }
 135+
 136+ /**
 137+ * Produce a form to delete a group
 138+ */
 139+ function makeDeleteForm() {
 140+ //sanity check, make sure that we aren't showing this for the automatic groups
 141+ global $wgImplicitGroups;
 142+ if(in_array($this->target, $wgImplicitGroups)) {
 143+ return '';
 144+ }
 145+ $thisTitle = Title::makeTitle( NS_SPECIAL, $this->getName() );
 146+ $form = "<fieldset>\n<legend>".wfMsgHtml('grouppermissions-deletelabel')."</legend>\n";
 147+ $form .= "<form method=\"post\" action=\"".$thisTitle->getLocalUrl()."\">\n";
 148+ $form .= "<label for=\"deletecomment\">".wfMsg('grouppermissions-comment')."</label> ";
 149+ $form .= "<input type=\"text\" name=\"deletecomment\" id=\"deletecomment\" /> ";
 150+ $form .= "<input type=\"submit\" name=\"delete\" value=\"".wfMsg('grouppermissions-delete')."\" />\n";
 151+ $form .= "<input type=\"hidden\" name=\"dodelete\" value=\"1\" />";
 152+ $form .= "<input type=\"hidden\" name=\"groupsearch\" value=\"".$this->target."\" />\n";
 153+ $form .= "</form>\n</fieldset>\n";
 154+ return $form;
 155+ }
 156+
 157+ /**
 158+ * Produce a form to add a group
 159+ */
 160+ function makeAddForm() {
 161+ //make a new group and return all toggles
 162+ $thisTitle = Title::makeTitle( NS_SPECIAL, $this->getName() );
 163+ $form = "<br /><div>\n";
 164+ $form .= "<form method=\"post\" action=\"".$thisTitle->getLocalUrl()."\" id=\"preferences\">\n";
 165+ //get the rows of checkboxes, specify that we should not get values for them
 166+ $form .= $this->createCheckboxes( $form, false );
 167+ $form .= "<br />\n";
 168+ $form .= "<label for=\"addcomment\">".wfMsg('grouppermissions-comment')."</label> ";
 169+ $form .= "<input type=\"text\" name=\"addcomment\" id=\"addcomment\" size=\"45\" />\n";
 170+ $form .= "<input type=\"submit\" name=\"add\" value=\"".wfMsg('grouppermissions-add')."\" />\n";
 171+ $form .= "<input type=\"hidden\" name=\"doadd\" value=\"1\" />";
 172+ $form .= "<input type=\"hidden\" name=\"groupsearch\" value=\"".$this->target."\" />\n";
 173+ $form .= "</form>\n</div>\n";
 174+ return $form;
 175+ }
 176+
 177+ /**
 178+ * Add logging entries for the specified action if logging is enabled
 179+ */
 180+ function addLogItem( $type, $comment = '' ) {
 181+ $target = $this->target;
 182+ $page = User::getGroupPage($target);
 183+ if(!$page instanceOf Title) {
 184+ $page = Title::makeTitle(0, $target);
 185+ }
 186+ $log = new LogPage('gpmanager');
 187+ $s = $log->addEntry($type, $page, $comment, array($target));
 188+ return $s;
 189+ }
 190+
 191+ /**
 192+ * Make the sorted tables of radio buttons and permissions
 193+ * @param form the form that it is adding the radio buttons to.
 194+ * @param getcurrentvalues is used for determining if it should set the radio buttons at the current permissions
 195+ */
 196+ function createCheckboxes( &$form, $getcurrentvalues ) {
 197+ global $wgGroupPermissions, $wgGPManagerSortTypes, $wgGPManagerSort, $wgGPManagerNeverGrant;
 198+ if($getcurrentvalues) {
 199+ //let's extract the appropriate array of values from GroupPermissions once so we don't have to put it in the foreach
 200+ foreach($wgGroupPermissions as $group => $permissions) {
 201+ if($group == $this->target) {
 202+ $evGroupPermissions = $permissions;
 203+ break;
 204+ }
 205+ }
 206+ }
 207+ $sort = array();
 208+ foreach($wgGPManagerSortTypes as $type) {
 209+ $sort[$type] = array();
 210+ }
 211+
 212+ foreach($this->permissionslist as $right) {
 213+ $s = false;
 214+ foreach($wgGPManagerSortTypes as $type) {
 215+ if(in_array($right, $wgGPManagerSort[$type])) {
 216+ $s = true;
 217+ $sort[$type][$right] = false;
 218+ $st = $type;
 219+ }
 220+ }
 221+ if(!$s) {
 222+ $sort['misc'][$right] = false;
 223+ $st = 'misc';
 224+ }
 225+ if($getcurrentvalues) {
 226+ //let's change all the falses to something else if need be
 227+ foreach($evGroupPermissions as $permission => $value) {
 228+ $bool = in_array($right, array_keys($evGroupPermissions));
 229+ if($right == $permission) {
 230+ if($value)
 231+ $sort[$st][$right] = true;
 232+ break;
 233+ }
 234+ }
 235+ }
 236+ }
 237+ foreach($sort as $type => $list) {
 238+ $form .= '<fieldset><legend>'.wfMsgHtml('grouppermissions-sort-'.$type).'</legend>';
 239+ $form .= "\n<h2>".wfMsgHtml('grouppermissions-sort-'.$type)."</h2>\n<table>";
 240+ foreach($list as $right => $value) {
 241+ $form .= "\n<tr><td>".$right."</td><td>";
 242+ if($value) {
 243+ $form .= $this->makeRadio($right, 'true', true) . $this->makeRadio($right, 'false') . $this->makeRadio($right, 'never');
 244+ } else {
 245+ $form .= $this->makeRadio($right, 'true');
 246+ if(array_key_exists($this->target, $wgGPManagerNeverGrant)) {
 247+ if(!in_array($right, $wgGPManagerNeverGrant[$this->target])) {
 248+ $form .= $this->makeRadio($right, 'false', true) . $this->makeRadio($right, 'never');
 249+ } else {
 250+ $form .= $this->makeRadio($right, 'false') . $this->makeRadio($right, 'never', true);
 251+ }
 252+ } else {
 253+ $form .= $this->makeRadio($right, 'false', true) . $this->makeRadio($right, 'never');
 254+ }
 255+ }
 256+ $form .= "</td></tr>\n";
 257+ }
 258+ $form .= "\n</table></fieldset>\n";
 259+ }
 260+ }
 261+
 262+ /**
 263+ * Write the php file
 264+ */
 265+ function writeFile( $type ) {
 266+ //can we write the file?
 267+ if(!is_writable( dirname(__FILE__) . "/config" )) {
 268+ echo( "<h2>Cannot write config file, aborting</h2>
 269+
 270+ <p>In order to use this extension, you need to make the /config subdirectory of this extension
 271+ writable by the webserver (eg, if you have this extension installed in /extensions/GPManager,
 272+ you need to make /extensions/GPManager/config writable by the webserver.</p>
 273+
 274+ <p>Make the necessary changes, then refresh this page to try again</p>" );
 275+ die( 1 );
 276+ }
 277+ $this->oldrev = gmdate('dmYHis');
 278+ if(file_exists(dirname(__FILE__) . '/config/GroupPermissions.php')) {
 279+ $r = rename(dirname(__FILE__) . '/config/GroupPermissions.php', dirname(__FILE__) . '/config/GroupPermissions.' . $this->oldrev . '.php');
 280+ if(!$r) {
 281+ global $wgOut;
 282+ $wgOut->addWikiText(wfMsg('grouppermissions-nooldrev'));
 283+ }
 284+ }
 285+ $grouppermissions = '<?php
 286+##### This file was automatically generated by Special:Grouppermissions. When changing group
 287+##### permissions, please do so HERE instead of LocalSettings.php or anywhere else. If you
 288+##### set permissions elsewhere, changing them here may not produce the desired results.
 289+$wgGroupPermissions = array();
 290+$wgGPManagerNeverGrant = array();';
 291+ global $wgGroupPermissions, $wgRequest, $wgGPManagerNeverGrant;
 292+ //run through the current permissions first and change those if need be, only define true to keep down the filesize
 293+ foreach($wgGroupPermissions as $group => $permissions) {
 294+ if( $group == $this->target && $type == 'change' ) {
 295+ foreach($_POST as $key => $value) {
 296+ if(strpos($key, 'right-') === 0 && $value == 'true') {
 297+ $r = explode('-', $key, 2);
 298+ $right = $r[1];
 299+ $grouppermissions .= "\n\$wgGroupPermissions['".$group."']['".$right."'] = true;";
 300+ }
 301+ }
 302+ } elseif( $group != $this->target ) {
 303+ foreach($permissions as $right => $value) {
 304+ if( $value == 'true') {
 305+ //group doesn't match target group and the current value is true
 306+ $grouppermissions .= "\n\$wgGroupPermissions['".$group."']['".$right."'] = true;";
 307+ }
 308+ }
 309+ }
 310+ }
 311+
 312+ if($type == 'add') {
 313+ //add the new group and its permissions
 314+ foreach($_POST as $key => $value) {
 315+ if(strpos($key, 'right-') === 0 && $value == 'true') {
 316+ $r = explode('-', $key, 2);
 317+ $right = $r[1];
 318+ $grouppermissions .= "\n\$wgGroupPermissions['".$this->target."']['".$right."'] = true;";
 319+ }
 320+ }
 321+ }
 322+
 323+ //let's iterate through the never grants now
 324+ if($wgGPManagerNeverGrant === array()) {
 325+ foreach($wgGroupPermissions as $group => $permissions) {
 326+ if($type != 'delete' || $group != $this->target) {
 327+ $wgGPManagerNeverGrant[$group] = array();
 328+ }
 329+ }
 330+ }
 331+ if($type == 'add') {
 332+ $wgGPManagerNeverGrant[$this->target] = array();
 333+ }
 334+ foreach($wgGPManagerNeverGrant as $group => $rights) {
 335+ if($group != $this->target) {
 336+ //we didn't change this one, so keep it as-is, defining it as false in wgGroupPermissions so it appears as a group
 337+ foreach($rights as $right) {
 338+ if($right == '') {
 339+ continue;
 340+ }
 341+ $grouppermissions .= "\n\$wgGroupPermissions['".$group."']['".$right."'] = false;";
 342+ }
 343+ $str = "array('" . implode("', '", $rights) . "')";
 344+ if($str == 'array(\'\')') {
 345+ $str = 'array()';
 346+ }
 347+ $grouppermissions .= "\n\$wgGPManagerNeverGrant['".$group."'] = ".$str.";";
 348+ } elseif($type != 'delete') {
 349+ //we changed this group, so make appropriate changes. First, cut out all the ones that were changed to something other than never
 350+ foreach($rights as $permission) {
 351+ if($wgRequest->getVal('right-'.$permission) != 'never') {
 352+ $l = array_search($permission, $rights);
 353+ array_splice($rights, $l, 1);
 354+ }
 355+ }
 356+ //then, add in new ones
 357+ foreach($_POST as $key => $value) {
 358+ if(strpos($key, 'right-') === 0 && $value == 'never') {
 359+ $r = explode('-', $key, 2);
 360+ $right = $r[1];
 361+ $rights[] = $right;
 362+ }
 363+ }
 364+ //delete duplicate keys
 365+ $rights = array_unique($rights);
 366+ //now put it in the file, defining it in wgGroupPermissions as false so it registers the group
 367+ foreach($rights as $right) {
 368+ if($right == '') {
 369+ continue;
 370+ }
 371+ $grouppermissions .= "\n\$wgGroupPermissions['".$group."']['".$right."'] = false;";
 372+ }
 373+ $str = "array('" . implode("', '", $rights) . "')";
 374+ if($str == 'array(\'\')') {
 375+ $str = 'array()';
 376+ }
 377+ $grouppermissions .= "\n\$wgGPManagerNeverGrant['".$group."'] = ".$str.";";
 378+ }
 379+ }
 380+
 381+ $grouppermissions = str_replace( "\r\n", "\n", $grouppermissions );
 382+ chdir( dirname(__FILE__) . "/config" );
 383+ $f = fopen( "GroupPermissions.php", 'wt' );
 384+ if(fwrite( $f, $grouppermissions ) ) {
 385+ fclose( $f );
 386+ print "\n";
 387+ return true;
 388+ } else {
 389+ fclose( $f );
 390+ echo("<p class='error'>An error occured while writing the config/GroupPermissions.php file. Check user rights and disk space then try again.</p>");
 391+ return false;
 392+ }
 393+ }
 394+
 395+ function makeRadio( $right = '', $value = '', $checked = false ) {
 396+ if($checked) {
 397+ $input = "<input type=\"radio\" name=\"right-{$right}\" id=\"{$right}-{$value}\" class=\"{$value}\" value=\"{$value}\" checked=\"checked\" />";
 398+ } else {
 399+ $input ="<input type=\"radio\" name=\"right-{$right}\" id=\"{$right}-{$value}\" class=\"{$value}\" value=\"{$value}\" />";
 400+ }
 401+ $input .= " <label for=\"{$right}-{$value}\">".wfMsgHtml('grouppermissions-'.$value)."</label> ";
 402+ return $input;
 403+ }
 404+}
\ No newline at end of file
Property changes on: trunk/extensions/GroupPermissionsManager/GPManager_body.php
___________________________________________________________________
Added: svn:eol-style
1405 + native
Index: trunk/extensions/GroupPermissionsManager/GPManager.i18n.php
@@ -0,0 +1,58 @@
 2+<?php
 3+
 4+/**
 5+* Internationalisation file for the GroupPermissions Manager extension
 6+* See http://www.mediawiki.org/wiki/Extension:GroupPermissions_Manager for more info
 7+*/
 8+
 9+$messages = array();
 10+
 11+/** English
 12+ * @author Ryan Schmidt
 13+ */
 14+$messages['en'] = array(
 15+ 'grouppermissions' => 'Manage Group Permissions',
 16+ 'grouppermissions-desc' => 'Manage group permissions via a special page',
 17+ 'grouppermissions-desc2' => 'Extended permissions system',
 18+ 'grouppermissions-header' => "You may use this page to change the underlying permissions of the various usergroups",
 19+ 'grouppermissions-search' => 'Group:',
 20+ 'grouppermissions-dologin' => 'Login',
 21+ 'grouppermissions-dosearch' => 'Go',
 22+ 'grouppermissions-searchlabel' => 'Search for Group',
 23+ 'grouppermissions-deletelabel' => 'Delete Group',
 24+ 'grouppermissions-error' => 'An unknown error has occurred, please hit the back button on your browser and try again',
 25+ 'grouppermissions-change' => 'Change group permissions',
 26+ 'grouppermissions-add' => 'Add group',
 27+ 'grouppermissions-delete' => 'Delete group',
 28+ 'grouppermissions-comment' => 'Comment:',
 29+ 'grouppermissions-addsuccess' => '$1 has been successfully added',
 30+ 'grouppermissions-deletesuccess' => '$1 has been successfully deleted',
 31+ 'grouppermissions-changesuccess' => 'Permissions for $1 have successfully been changed',
 32+ 'grouppermissions-true' => 'True',
 33+ 'grouppermissions-false' => 'False',
 34+ 'grouppermissions-never' => 'Never',
 35+ 'grouppermissions-nooldrev' => 'Error encountered when attempting to archive the current config file. No archive will be made',
 36+ 'grouppermissions-sort-read' => 'Reading',
 37+ 'grouppermissions-sort-edit' => 'Editing',
 38+ 'grouppermissions-sort-manage' => 'Management',
 39+ 'grouppermissions-sort-admin' => 'Administration',
 40+ 'grouppermissions-sort-tech' => 'Technical',
 41+ 'grouppermissions-sort-misc' => 'Miscellaneous',
 42+ 'grouppermissions-log-add' => 'added group "$2"',
 43+ 'grouppermissions-log-change' => 'changed permissions for group "$2"',
 44+ 'grouppermissions-log-delete' => 'deleted group "$2"',
 45+ 'grouppermissions-log-name' => 'GroupPermissions log',
 46+ 'grouppermissions-log-entry' => '', #do not translate this message
 47+ 'grouppermissions-log-header' => 'This page tracks changes to the underlying permissions of user groups',
 48+ 'right-viewsource' => 'View wiki source of protected pages',
 49+ 'right-raw' => 'View raw pages',
 50+ 'right-render' => 'View rendered pages without navigation',
 51+ 'right-info' => 'View page info',
 52+ 'right-credits' => 'View page credits',
 53+ 'right-history' => 'View page histories',
 54+ 'right-search' => 'Search the wiki',
 55+ 'right-contributions' => 'View contributions pages',
 56+ 'right-recentchanges' => 'View recent changes',
 57+ 'right-edittalk' => 'Edit discussion pages',
 58+ 'right-edit' => 'Edit pages (which are not discussion pages)',
 59+);
\ No newline at end of file
Property changes on: trunk/extensions/GroupPermissionsManager/GPManager.i18n.php
___________________________________________________________________
Added: svn:eol-style
160 + native
Index: trunk/extensions/GroupPermissionsManager/GPManager.php
@@ -0,0 +1,256 @@
 2+<?php
 3+/**
 4+* GroupPermissions Manager extension by Ryan Schmidt
 5+* Allows privelaged users to modify group permissions via a special page
 6+* See http://www.mediawiki.org/wiki/Extension:GroupPermissions_Manager for more info
 7+*/
 8+
 9+if(!defined('MEDIAWIKI')) {
 10+ echo("This file is an extension to the MediaWiki software and is not a valid access point");
 11+ die(1);
 12+}
 13+
 14+$wgExtensionCredits['specialpage'][] = array(
 15+'name' => 'GroupPermissions Manager',
 16+'author' => 'Ryan Schmidt',
 17+'url' => 'http://www.mediawiki.org/wiki/Extension:GroupPermissions_Manager',
 18+'version' => '3.0',
 19+'description' => 'Manage group permissions via a special page',
 20+'descriptionmsg' => 'grouppermissions-desc',
 21+);
 22+$wgAutoloadClasses['GroupPermissions'] = dirname(__FILE__) . '/GPManager_body.php';
 23+$wgSpecialPages['GroupPermissions'] = 'GroupPermissions';
 24+$wgAvailableRights[] = 'grouppermissions';
 25+$wgExtensionMessagesFiles['GroupPermissions'] = dirname(__FILE__) . '/GPManager.i18n.php';
 26+
 27+$wgLogTypes[] = 'gpmanager';
 28+$wgLogActions['gpmanager/add'] = 'grouppermissions-log-add';
 29+$wgLogActions['gpmanager/change'] = 'grouppermissions-log-change';
 30+$wgLogActions['gpmanager/delete'] = 'grouppermissions-log-delete';
 31+$wgLogActions['gpmanager/gpmanager'] = 'grouppermissions-log-entry';
 32+$wgLogHeaders['gpmanager'] = 'grouppermissions-log-header';
 33+$wgLogNames['gpmanager'] = 'grouppermissions-log-name';
 34+$wgSpecialPageGroups['GroupPermissions'] = 'wiki';
 35+
 36+##Permission required to use the special page
 37+##By default all bureaucrats can
 38+$wgGroupPermissions['bureaucrat']['grouppermissions'] = true;
 39+##Uncomment this if you want to make a separate group that can access the page as well
 40+#$wgGroupPermissions['grouppermissions']['grouppermissions'] = true;
 41+
 42+/**
 43+* Permissions++ sub-extension
 44+* This requires the GroupPermissions manager extension to function to its utmost ability, so don't insall this separate from it (or vice versa)
 45+*/
 46+
 47+$wgExtensionCredits['other'][] = array(
 48+'name' => 'Permissions++',
 49+'author' => 'Ryan Schmidt',
 50+'url' => 'http://www.mediawiki.org/wiki/Extension:GroupPermissions_Manager',
 51+'version' => '1.0',
 52+'description' => 'Extended permissions system',
 53+'descriptionmsg' => 'grouppermissions-desc2',
 54+);
 55+
 56+$wgHooks['UserGetRights'][] = 'efGPManagerRevokeRights';
 57+$wgHooks['userCan'][] = 'efGPManagerExtendedPermissionsGrant';
 58+$wgHooks['getUserPermissionsErrors'][] = 'efGPManagerExtendedPermissionsRevoke';
 59+$wgGPManagerNeverGrant = array();
 60+$wgGPManagerSort = array();
 61+$wgGPManagerSortTypes = array( 'read', 'edit', 'manage', 'admin', 'tech', 'misc' );
 62+
 63+##Default permissions for the ones added by Permissions++ extension
 64+###Reading-related permissions
 65+$wgGroupPermissions['*']['viewsource'] = true; //allows viewing of wiki source when one cannot edit the page
 66+$wgGroupPermissions['*']['history'] = true; //allows viewing of page histories
 67+$wgGroupPermissions['*']['raw'] = true; //allows use of action=raw
 68+$wgGroupPermissions['*']['render'] = true; //allows use of action=render
 69+$wgGroupPermissions['*']['info'] = true; //allows use of action=info if the option is enabled
 70+$wgGroupPermissions['*']['credits'] = true; //allows use of action=credits
 71+$wgGroupPermissions['*']['search'] = true; //allows access to Special:Search
 72+$wgGroupPermissions['*']['recentchanges'] = true; //allows access to Special:RecentChanges
 73+$wgGroupPermissions['*']['contributions'] = true; //allows viewing Special:Contributions pages, including own
 74+###Editing-related permissions
 75+###Note that 'edit' is reduced to only allowing editing of non-talk pages now, it is NOT a global toggle anymore
 76+###In addition, 'createpage', and 'createtalk' no longer require the 'edit' right, this can be useful if you want to allow people to make pages, but not edit existing ones
 77+$wgGroupPermissions['*']['edittalk'] = true; //can edit talk pages, including use of section=new
 78+
 79+##Grouping of permissions for the GPManager
 80+$wgGPManagerSort['read'] = array( 'read', 'viewsource', 'history', 'raw', 'render', 'info',
 81+'credits', 'search', 'recentchanges', 'contributions' );
 82+$wgGPManagerSort['edit'] = array( 'edit', 'createpage', 'createtalk', 'move', 'move-subpages',
 83+'createaccount', 'upload', 'reupload', 'reupload-shared', 'upload_by_url',
 84+'editprotected', 'edittalk', 'writeapi' );
 85+$wgGPManagerSort['manage'] = array( 'delete', 'bigdelete', 'deletedhistory', 'undelete', 'mergehistory',
 86+'protect', 'block', 'blockemail', 'hideuser', 'userrights', 'userrights-interwiki', 'rollback', 'markbotedits',
 87+'patrol', 'editinterface', 'editusercssjs', 'hiderevision', 'deleterevision', 'browsearchive', 'suppressrevision',
 88+'suppressionlog' );
 89+$wgGPManagerSort['admin'] = array( 'siteadmin', 'import', 'importupload', 'trackback', 'unwatchedpages',
 90+'grouppermissions' );
 91+$wgGPManagerSort['tech'] = array( 'bot', 'purge', 'minoredit', 'nominornewtalk', 'ipblock-exempt',
 92+'proxyunbannable', 'autopatrol', 'apihighlimits', 'suppressredirect', 'autoconfirmed',
 93+'emailconfirmed', 'noratelimit' );
 94+$wgGPManagerSort['misc'] = array(); //all rights added by extensions that don't have a sort clause get put here
 95+
 96+##Load the config file, if it exists. This must be the last thing to run in the startup part
 97+if(file_exists(dirname(__FILE__) . "/config/GroupPermissions.php") ) {
 98+ require_once(dirname(__FILE__) . "/config/GroupPermissions.php");
 99+}
 100+
 101+//Revoke the rights that are set to "never"
 102+function efGPManagerRevokeRights(&$user, &$rights) {
 103+ global $wgGPManagerNeverGrant;
 104+ $groups = $user->getEffectiveGroups();
 105+ $never = array();
 106+ $rights = array_unique($rights);
 107+ foreach( $groups as $group ) {
 108+ if( array_key_exists( $group, $wgGPManagerNeverGrant ) ) {
 109+ foreach( $wgGPManagerNeverGrant[$group] as $right ) {
 110+ $never[] = $right;
 111+ }
 112+ }
 113+ }
 114+ $never = array_unique( $never );
 115+ foreach( $never as $revoke ) {
 116+ $offset = array_search( $revoke, $rights );
 117+ if( $offset !== false ) {
 118+ array_splice( $rights, $offset, 1 );
 119+ }
 120+ }
 121+ return true;
 122+}
 123+
 124+//Extend the permissions system for finer-grained control without requiring hacks
 125+//For allowing actions that the normal permissions system would prevent
 126+function efGPManagerExtendedPermissionsGrant($title, $user, $action, &$result) {
 127+ global $wgRequest;
 128+ $result = false;
 129+ if( $action == 'edit' && ($wgRequest->getVal('action') == 'edit' || $wgRequest->getVal('action') == 'submit') ) {
 130+ if( !$title->exists() ) {
 131+ $protection = getTitleProtection($title);
 132+ if($protection) {
 133+ if( !$user->isAllowed($protection['pt_create_perm']) ) {
 134+ //pass it on to the normal permissions system to handle
 135+ $result = null;
 136+ return true;
 137+ }
 138+ }
 139+ //otherwise don't pass it on to the normal permission system, because the edit right would then be checked
 140+ if( $title->isTalkPage() && $user->isAllowed('createtalk') ) {
 141+ $result = true;
 142+ return false;
 143+ } elseif( !$title->isTalkPage() && $user->isAllowed('createpage') ) {
 144+ $result = true;
 145+ return false;
 146+ }
 147+ } else {
 148+ $protection = $title->getRestrictions('edit');
 149+ if($protection) {
 150+ foreach($protection as $right) {
 151+ if(!$user->isAllowed($right)) {
 152+ //pass it on to the normal permissions system
 153+ $result = null;
 154+ return true;
 155+ }
 156+ }
 157+ }
 158+ if( $title->isTalkPage() && $user->isAllowed('edittalk') ) {
 159+ $result = true;
 160+ return false;
 161+ } elseif( !$title->isTalkPage() && $user->isAllowed('edit') ) {
 162+ $result = true;
 163+ return false;
 164+ }
 165+ }
 166+ }
 167+ //hack for the UserCanRead method
 168+ $res = efGPManagerExtendedPermissionsRevoke($title, $user, $action, &$result);
 169+ if(!$res) {
 170+ $result = false;
 171+ //yay epic hacking! If I can't choose to make it return badaccess-group0... I'll simply force it to
 172+ global $wgGroupPermissions;
 173+ foreach($wgGroupPermissions as $group => $rights) {
 174+ $wgGroupPermissions[$group]['read'] = false;
 175+ }
 176+ return false;
 177+ }
 178+ $result = null;
 179+ return true; //otherwise we don't care
 180+}
 181+
 182+//for preventing actions the normal permissions system would allow
 183+function efGPManagerExtendedPermissionsRevoke($title, $user, $action, &$result) {
 184+ global $wgRequest;
 185+ $result = null;
 186+ $err = array('badaccess-group0');
 187+ if( $action == 'read' ) {
 188+ if( $title->isSpecial('Recentchanges') && !$user->isAllowed('recentchanges') ) {
 189+ $result = $err;
 190+ return false;
 191+ }
 192+ if( $title->isSpecial('Search') && !$user->isAllowed('search') ) {
 193+ $result = $err;
 194+ return false;
 195+ }
 196+ if( $title->isSpecial('Contributions') && !$user->isAllowed('contributions') ) {
 197+ $result = $err;
 198+ return false;
 199+ }
 200+ if( $wgRequest->getVal('action') == 'edit' || $wgRequest->getVal('action') == 'submit' ) {
 201+ if( !$title->userCan('edit') && !$user->isAllowed('viewsource') ) {
 202+ $result = $err;
 203+ return false;
 204+ }
 205+ }
 206+ if( $wgRequest->getVal('action') == 'history' && !$user->isAllowed('history') ) {
 207+ $result = $err;
 208+ return false;
 209+ }
 210+ if( $wgRequest->getVal('action') == 'raw' && !$user->isAllowed('raw') ) {
 211+ $result = $err;
 212+ return false;
 213+ }
 214+ if( $wgRequest->getVal('action') == 'render' && !$user->isAllowed('render') ) {
 215+ $result = $err;
 216+ return false;
 217+ }
 218+ if( $wgRequest->getVal('action') == 'credits' && !$user->isAllowed('credits') ) {
 219+ $result = $err;
 220+ return false;
 221+ }
 222+ if( $wgRequest->getVal('action') == 'info' && !$user->isAllowed('info') ) {
 223+ $result = $err;
 224+ return false;
 225+ }
 226+ }
 227+ if( $action == 'edit' ) {
 228+ if($title->exists() && ($wgRequest->getVal('action') == 'edit' || $wgRequest->getVal('action') == 'submit')) {
 229+ if( $title->isTalkPage() && !$user->isAllowed('edittalk') ) {
 230+ $result = $err;
 231+ return false;
 232+ } elseif( !$title->isTalkPage() && !$user->isAllowed('edit') ) {
 233+ $result = $err;
 234+ return false;
 235+ }
 236+ }
 237+ }
 238+ return true; //otherwise we don't care
 239+}
 240+
 241+//Since the one in Title.php is private...
 242+function getTitleProtection($title) {
 243+ // Can't protect pages in special namespaces
 244+ if ( $title->getNamespace() < 0 ) {
 245+ return false;
 246+ }
 247+
 248+ $dbr = wfGetDB( DB_SLAVE );
 249+ $res = $dbr->select( 'protected_titles', '*',
 250+ array ('pt_namespace' => $title->getNamespace(), 'pt_title' => $title->getDBkey()) );
 251+
 252+ if ($row = $dbr->fetchRow( $res )) {
 253+ return $row;
 254+ } else {
 255+ return false;
 256+ }
 257+}
\ No newline at end of file
Property changes on: trunk/extensions/GroupPermissionsManager/GPManager.php
___________________________________________________________________
Added: svn:eol-style
1258 + native

Status & tagging log