Index: trunk/extensions/GroupPermissionsManager/GPManager_body.php |
— | — | @@ -0,0 +1,403 @@ |
| 2 | +<?php |
| 3 | + |
| 4 | +/** |
| 5 | +* Class definition for the special page |
| 6 | +*/ |
| 7 | + |
| 8 | +class GroupPermissions extends SpecialPage { |
| 9 | + var $target = ''; |
| 10 | + var $oldrev = ''; |
| 11 | + var $permissionslist = array(); |
| 12 | + var $groupslist = array(); |
| 13 | + var $otherrights = array(); |
| 14 | + |
| 15 | + /** |
| 16 | + * Constructor |
| 17 | + */ |
| 18 | + function GroupPermissions() { |
| 19 | + SpecialPage::SpecialPage( 'GroupPermissions', 'grouppermissions' ); |
| 20 | + } |
| 21 | + |
| 22 | + /** |
| 23 | + * Main execution function |
| 24 | + */ |
| 25 | + function execute( $par ) { |
| 26 | + global $wgRequest, $wgOut, $wgUser; |
| 27 | + |
| 28 | + if( !$wgUser->isAllowed( 'grouppermissions' ) ) { |
| 29 | + $wgOut->permissionRequired( 'grouppermissions' ); |
| 30 | + return; |
| 31 | + } |
| 32 | + wfLoadExtensionMessages('GroupPermissions'); |
| 33 | + $this->setHeaders(); |
| 34 | + $wgOut->addWikiText( wfMsg( 'grouppermissions-header' ) ); |
| 35 | + |
| 36 | + //display the search form and define an array of the usergroups and an array of all current permissions |
| 37 | + global $wgGroupPermissions; |
| 38 | + $this->target = $par ? $par : $wgRequest->getText( 'groupsearch', ''); |
| 39 | + |
| 40 | + foreach($wgGroupPermissions as $group => $permissions) { |
| 41 | + $this->groupslist[] = $group; |
| 42 | + foreach($permissions as $right => $value) { |
| 43 | + if(!in_array($right, $this->permissionslist)) { |
| 44 | + $this->permissionslist[] = $right; |
| 45 | + } |
| 46 | + } |
| 47 | + } |
| 48 | + //sort the array in alphabetical order for ease of finding things |
| 49 | + sort($this->permissionslist); |
| 50 | + |
| 51 | + $wgOut->addHtml( $this->makeSearchForm() ); |
| 52 | + |
| 53 | + //test if we have a valid target to act upon |
| 54 | + if( $this->target != '') { |
| 55 | + //ok, we do. Now, what action was just being performed? |
| 56 | + if( $wgRequest->getCheck( 'dosearch' ) || !$wgRequest->wasPosted() ) { |
| 57 | + $wgOut->addScriptFile('prefs.js'); |
| 58 | + //it was a search, check the group |
| 59 | + if(in_array($this->target, $this->groupslist)) { |
| 60 | + global $wgImplicitGroups; |
| 61 | + //group exists, so we can change it, can't delete it if it's an implicit group |
| 62 | + if(in_array($this->target, $wgImplicitGroups)){ |
| 63 | + //cannot delete group, show just show the change form |
| 64 | + $wgOut->addHtml( $this->makeChangeForm() ); |
| 65 | + } else { |
| 66 | + //can delete group, so show that form as well |
| 67 | + $wgOut->addHtml( $this->makeDeleteForm() ); |
| 68 | + $wgOut->addHtml( $this->makeChangeForm() ); |
| 69 | + } |
| 70 | + } else { |
| 71 | + //group doesn't exist, let's make it and assign some rights |
| 72 | + $wgOut->addHtml( $this->makeAddForm() ); |
| 73 | + } |
| 74 | + } elseif( $wgRequest->wasPosted() && $wgRequest->getVal('doadd') == '1' ) { |
| 75 | + //we just added a new group! |
| 76 | + $success = $this->writeFile('add'); |
| 77 | + if($success) { |
| 78 | + $this->addLogItem( 'add', trim( $wgRequest->getText( 'addcomment' ) ) ); |
| 79 | + $wgOut->addWikiText( wfMsg( 'grouppermissions-addsuccess', $this->target ) ); |
| 80 | + $this->listsmade = false; |
| 81 | + } |
| 82 | + } elseif( $wgRequest->wasPosted() && $wgRequest->getVal('dodelete') == '1' ) { |
| 83 | + //we just deleted a user group. don't remove users from the group just in case we want to make it again |
| 84 | + $success = $this->writeFile('delete'); |
| 85 | + if($success) { |
| 86 | + $this->addLogItem( 'delete', trim( $wgRequest->getText( 'deletecomment' ) ) ); |
| 87 | + $wgOut->addWikiText( wfMsg( 'grouppermissions-deletesuccess', $this->target ) ); |
| 88 | + $this->listsmade = false; |
| 89 | + } |
| 90 | + } elseif( $wgRequest->wasPosted() && $wgRequest->getVal('dochange') == '1' ) { |
| 91 | + //we modified the permissions of an existing group |
| 92 | + $success = $this->writeFile('change'); |
| 93 | + if($success) { |
| 94 | + $this->addLogItem( 'change', trim( $wgRequest->getText( 'comment' ) ) ); |
| 95 | + $wgOut->addWikiText( wfMsg( 'grouppermissions-changesuccess', $this->target ) ); |
| 96 | + $this->listsmade = false; |
| 97 | + } |
| 98 | + } |
| 99 | + } |
| 100 | + } |
| 101 | + |
| 102 | + /** |
| 103 | + * Produce a form to search for a group |
| 104 | + */ |
| 105 | + function makeSearchForm() { |
| 106 | + $thisTitle = Title::makeTitle( NS_SPECIAL, $this->getName() ); |
| 107 | + $form = "<fieldset>\n<legend>".wfMsgHtml('grouppermissions-searchlabel')."</legend>\n"; |
| 108 | + $form .= "<form method=\"post\" action=\"".$thisTitle->getLocalUrl()."\">\n"; |
| 109 | + $form .= "<label for=\"groupsearch\">".wfMsg('grouppermissions-search')."</label> "; |
| 110 | + $form .= "<input type=\"text\" name=\"groupsearch\" id=\"groupsearch\" value=\"".$this->target."\" /> "; |
| 111 | + $form .= "<input type=\"submit\" name=\"dosearch\" value=\"".wfMsg('grouppermissions-dosearch')."\" />"; |
| 112 | + $form .= "<input type=\"hidden\" name=\"issearch\" value=\"1\" />\n</form>\n</fieldset>\n"; |
| 113 | + return $form; |
| 114 | + } |
| 115 | + |
| 116 | + /** |
| 117 | + * Produce a form for changing group permissions |
| 118 | + */ |
| 119 | + function makeChangeForm() { |
| 120 | + //Returns the checkbox toggles for the given group. |
| 121 | + $thisTitle = Title::makeTitle( NS_SPECIAL, $this->getName() ); |
| 122 | + $form = "<br /><div>\n"; |
| 123 | + $form .= "<form method=\"post\" action=\"".$thisTitle->getLocalUrl()."\" id=\"preferences\">\n"; |
| 124 | + //get the rows of checkboxes, specify that we should get values for them as well |
| 125 | + $form .= $this->createCheckboxes( $form, true ); |
| 126 | + $form .= "<br />\n"; |
| 127 | + $form .= "<label for=\"comment\">".wfMsg('grouppermissions-comment')."</label> "; |
| 128 | + $form .= "<input type=\"text\" name=\"comment\" id=\"comment\" size=\"45\" />\n"; |
| 129 | + $form .= "<input type=\"submit\" name=\"change\" value=\"".wfMsg('grouppermissions-change')."\" />\n"; |
| 130 | + $form .= "<input type=\"hidden\" name=\"dochange\" value=\"1\" />"; |
| 131 | + $form .= "<input type=\"hidden\" name=\"groupsearch\" value=\"".$this->target."\" />\n"; |
| 132 | + $form .= "</form>\n</div>\n"; |
| 133 | + return $form; |
| 134 | + } |
| 135 | + |
| 136 | + /** |
| 137 | + * Produce a form to delete a group |
| 138 | + */ |
| 139 | + function makeDeleteForm() { |
| 140 | + //sanity check, make sure that we aren't showing this for the automatic groups |
| 141 | + global $wgImplicitGroups; |
| 142 | + if(in_array($this->target, $wgImplicitGroups)) { |
| 143 | + return ''; |
| 144 | + } |
| 145 | + $thisTitle = Title::makeTitle( NS_SPECIAL, $this->getName() ); |
| 146 | + $form = "<fieldset>\n<legend>".wfMsgHtml('grouppermissions-deletelabel')."</legend>\n"; |
| 147 | + $form .= "<form method=\"post\" action=\"".$thisTitle->getLocalUrl()."\">\n"; |
| 148 | + $form .= "<label for=\"deletecomment\">".wfMsg('grouppermissions-comment')."</label> "; |
| 149 | + $form .= "<input type=\"text\" name=\"deletecomment\" id=\"deletecomment\" /> "; |
| 150 | + $form .= "<input type=\"submit\" name=\"delete\" value=\"".wfMsg('grouppermissions-delete')."\" />\n"; |
| 151 | + $form .= "<input type=\"hidden\" name=\"dodelete\" value=\"1\" />"; |
| 152 | + $form .= "<input type=\"hidden\" name=\"groupsearch\" value=\"".$this->target."\" />\n"; |
| 153 | + $form .= "</form>\n</fieldset>\n"; |
| 154 | + return $form; |
| 155 | + } |
| 156 | + |
| 157 | + /** |
| 158 | + * Produce a form to add a group |
| 159 | + */ |
| 160 | + function makeAddForm() { |
| 161 | + //make a new group and return all toggles |
| 162 | + $thisTitle = Title::makeTitle( NS_SPECIAL, $this->getName() ); |
| 163 | + $form = "<br /><div>\n"; |
| 164 | + $form .= "<form method=\"post\" action=\"".$thisTitle->getLocalUrl()."\" id=\"preferences\">\n"; |
| 165 | + //get the rows of checkboxes, specify that we should not get values for them |
| 166 | + $form .= $this->createCheckboxes( $form, false ); |
| 167 | + $form .= "<br />\n"; |
| 168 | + $form .= "<label for=\"addcomment\">".wfMsg('grouppermissions-comment')."</label> "; |
| 169 | + $form .= "<input type=\"text\" name=\"addcomment\" id=\"addcomment\" size=\"45\" />\n"; |
| 170 | + $form .= "<input type=\"submit\" name=\"add\" value=\"".wfMsg('grouppermissions-add')."\" />\n"; |
| 171 | + $form .= "<input type=\"hidden\" name=\"doadd\" value=\"1\" />"; |
| 172 | + $form .= "<input type=\"hidden\" name=\"groupsearch\" value=\"".$this->target."\" />\n"; |
| 173 | + $form .= "</form>\n</div>\n"; |
| 174 | + return $form; |
| 175 | + } |
| 176 | + |
| 177 | + /** |
| 178 | + * Add logging entries for the specified action if logging is enabled |
| 179 | + */ |
| 180 | + function addLogItem( $type, $comment = '' ) { |
| 181 | + $target = $this->target; |
| 182 | + $page = User::getGroupPage($target); |
| 183 | + if(!$page instanceOf Title) { |
| 184 | + $page = Title::makeTitle(0, $target); |
| 185 | + } |
| 186 | + $log = new LogPage('gpmanager'); |
| 187 | + $s = $log->addEntry($type, $page, $comment, array($target)); |
| 188 | + return $s; |
| 189 | + } |
| 190 | + |
| 191 | + /** |
| 192 | + * Make the sorted tables of radio buttons and permissions |
| 193 | + * @param form the form that it is adding the radio buttons to. |
| 194 | + * @param getcurrentvalues is used for determining if it should set the radio buttons at the current permissions |
| 195 | + */ |
| 196 | + function createCheckboxes( &$form, $getcurrentvalues ) { |
| 197 | + global $wgGroupPermissions, $wgGPManagerSortTypes, $wgGPManagerSort, $wgGPManagerNeverGrant; |
| 198 | + if($getcurrentvalues) { |
| 199 | + //let's extract the appropriate array of values from GroupPermissions once so we don't have to put it in the foreach |
| 200 | + foreach($wgGroupPermissions as $group => $permissions) { |
| 201 | + if($group == $this->target) { |
| 202 | + $evGroupPermissions = $permissions; |
| 203 | + break; |
| 204 | + } |
| 205 | + } |
| 206 | + } |
| 207 | + $sort = array(); |
| 208 | + foreach($wgGPManagerSortTypes as $type) { |
| 209 | + $sort[$type] = array(); |
| 210 | + } |
| 211 | + |
| 212 | + foreach($this->permissionslist as $right) { |
| 213 | + $s = false; |
| 214 | + foreach($wgGPManagerSortTypes as $type) { |
| 215 | + if(in_array($right, $wgGPManagerSort[$type])) { |
| 216 | + $s = true; |
| 217 | + $sort[$type][$right] = false; |
| 218 | + $st = $type; |
| 219 | + } |
| 220 | + } |
| 221 | + if(!$s) { |
| 222 | + $sort['misc'][$right] = false; |
| 223 | + $st = 'misc'; |
| 224 | + } |
| 225 | + if($getcurrentvalues) { |
| 226 | + //let's change all the falses to something else if need be |
| 227 | + foreach($evGroupPermissions as $permission => $value) { |
| 228 | + $bool = in_array($right, array_keys($evGroupPermissions)); |
| 229 | + if($right == $permission) { |
| 230 | + if($value) |
| 231 | + $sort[$st][$right] = true; |
| 232 | + break; |
| 233 | + } |
| 234 | + } |
| 235 | + } |
| 236 | + } |
| 237 | + foreach($sort as $type => $list) { |
| 238 | + $form .= '<fieldset><legend>'.wfMsgHtml('grouppermissions-sort-'.$type).'</legend>'; |
| 239 | + $form .= "\n<h2>".wfMsgHtml('grouppermissions-sort-'.$type)."</h2>\n<table>"; |
| 240 | + foreach($list as $right => $value) { |
| 241 | + $form .= "\n<tr><td>".$right."</td><td>"; |
| 242 | + if($value) { |
| 243 | + $form .= $this->makeRadio($right, 'true', true) . $this->makeRadio($right, 'false') . $this->makeRadio($right, 'never'); |
| 244 | + } else { |
| 245 | + $form .= $this->makeRadio($right, 'true'); |
| 246 | + if(array_key_exists($this->target, $wgGPManagerNeverGrant)) { |
| 247 | + if(!in_array($right, $wgGPManagerNeverGrant[$this->target])) { |
| 248 | + $form .= $this->makeRadio($right, 'false', true) . $this->makeRadio($right, 'never'); |
| 249 | + } else { |
| 250 | + $form .= $this->makeRadio($right, 'false') . $this->makeRadio($right, 'never', true); |
| 251 | + } |
| 252 | + } else { |
| 253 | + $form .= $this->makeRadio($right, 'false', true) . $this->makeRadio($right, 'never'); |
| 254 | + } |
| 255 | + } |
| 256 | + $form .= "</td></tr>\n"; |
| 257 | + } |
| 258 | + $form .= "\n</table></fieldset>\n"; |
| 259 | + } |
| 260 | + } |
| 261 | + |
| 262 | + /** |
| 263 | + * Write the php file |
| 264 | + */ |
| 265 | + function writeFile( $type ) { |
| 266 | + //can we write the file? |
| 267 | + if(!is_writable( dirname(__FILE__) . "/config" )) { |
| 268 | + echo( "<h2>Cannot write config file, aborting</h2> |
| 269 | + |
| 270 | + <p>In order to use this extension, you need to make the /config subdirectory of this extension |
| 271 | + writable by the webserver (eg, if you have this extension installed in /extensions/GPManager, |
| 272 | + you need to make /extensions/GPManager/config writable by the webserver.</p> |
| 273 | + |
| 274 | + <p>Make the necessary changes, then refresh this page to try again</p>" ); |
| 275 | + die( 1 ); |
| 276 | + } |
| 277 | + $this->oldrev = gmdate('dmYHis'); |
| 278 | + if(file_exists(dirname(__FILE__) . '/config/GroupPermissions.php')) { |
| 279 | + $r = rename(dirname(__FILE__) . '/config/GroupPermissions.php', dirname(__FILE__) . '/config/GroupPermissions.' . $this->oldrev . '.php'); |
| 280 | + if(!$r) { |
| 281 | + global $wgOut; |
| 282 | + $wgOut->addWikiText(wfMsg('grouppermissions-nooldrev')); |
| 283 | + } |
| 284 | + } |
| 285 | + $grouppermissions = '<?php |
| 286 | +##### This file was automatically generated by Special:Grouppermissions. When changing group |
| 287 | +##### permissions, please do so HERE instead of LocalSettings.php or anywhere else. If you |
| 288 | +##### set permissions elsewhere, changing them here may not produce the desired results. |
| 289 | +$wgGroupPermissions = array(); |
| 290 | +$wgGPManagerNeverGrant = array();'; |
| 291 | + global $wgGroupPermissions, $wgRequest, $wgGPManagerNeverGrant; |
| 292 | + //run through the current permissions first and change those if need be, only define true to keep down the filesize |
| 293 | + foreach($wgGroupPermissions as $group => $permissions) { |
| 294 | + if( $group == $this->target && $type == 'change' ) { |
| 295 | + foreach($_POST as $key => $value) { |
| 296 | + if(strpos($key, 'right-') === 0 && $value == 'true') { |
| 297 | + $r = explode('-', $key, 2); |
| 298 | + $right = $r[1]; |
| 299 | + $grouppermissions .= "\n\$wgGroupPermissions['".$group."']['".$right."'] = true;"; |
| 300 | + } |
| 301 | + } |
| 302 | + } elseif( $group != $this->target ) { |
| 303 | + foreach($permissions as $right => $value) { |
| 304 | + if( $value == 'true') { |
| 305 | + //group doesn't match target group and the current value is true |
| 306 | + $grouppermissions .= "\n\$wgGroupPermissions['".$group."']['".$right."'] = true;"; |
| 307 | + } |
| 308 | + } |
| 309 | + } |
| 310 | + } |
| 311 | + |
| 312 | + if($type == 'add') { |
| 313 | + //add the new group and its permissions |
| 314 | + foreach($_POST as $key => $value) { |
| 315 | + if(strpos($key, 'right-') === 0 && $value == 'true') { |
| 316 | + $r = explode('-', $key, 2); |
| 317 | + $right = $r[1]; |
| 318 | + $grouppermissions .= "\n\$wgGroupPermissions['".$this->target."']['".$right."'] = true;"; |
| 319 | + } |
| 320 | + } |
| 321 | + } |
| 322 | + |
| 323 | + //let's iterate through the never grants now |
| 324 | + if($wgGPManagerNeverGrant === array()) { |
| 325 | + foreach($wgGroupPermissions as $group => $permissions) { |
| 326 | + if($type != 'delete' || $group != $this->target) { |
| 327 | + $wgGPManagerNeverGrant[$group] = array(); |
| 328 | + } |
| 329 | + } |
| 330 | + } |
| 331 | + if($type == 'add') { |
| 332 | + $wgGPManagerNeverGrant[$this->target] = array(); |
| 333 | + } |
| 334 | + foreach($wgGPManagerNeverGrant as $group => $rights) { |
| 335 | + if($group != $this->target) { |
| 336 | + //we didn't change this one, so keep it as-is, defining it as false in wgGroupPermissions so it appears as a group |
| 337 | + foreach($rights as $right) { |
| 338 | + if($right == '') { |
| 339 | + continue; |
| 340 | + } |
| 341 | + $grouppermissions .= "\n\$wgGroupPermissions['".$group."']['".$right."'] = false;"; |
| 342 | + } |
| 343 | + $str = "array('" . implode("', '", $rights) . "')"; |
| 344 | + if($str == 'array(\'\')') { |
| 345 | + $str = 'array()'; |
| 346 | + } |
| 347 | + $grouppermissions .= "\n\$wgGPManagerNeverGrant['".$group."'] = ".$str.";"; |
| 348 | + } elseif($type != 'delete') { |
| 349 | + //we changed this group, so make appropriate changes. First, cut out all the ones that were changed to something other than never |
| 350 | + foreach($rights as $permission) { |
| 351 | + if($wgRequest->getVal('right-'.$permission) != 'never') { |
| 352 | + $l = array_search($permission, $rights); |
| 353 | + array_splice($rights, $l, 1); |
| 354 | + } |
| 355 | + } |
| 356 | + //then, add in new ones |
| 357 | + foreach($_POST as $key => $value) { |
| 358 | + if(strpos($key, 'right-') === 0 && $value == 'never') { |
| 359 | + $r = explode('-', $key, 2); |
| 360 | + $right = $r[1]; |
| 361 | + $rights[] = $right; |
| 362 | + } |
| 363 | + } |
| 364 | + //delete duplicate keys |
| 365 | + $rights = array_unique($rights); |
| 366 | + //now put it in the file, defining it in wgGroupPermissions as false so it registers the group |
| 367 | + foreach($rights as $right) { |
| 368 | + if($right == '') { |
| 369 | + continue; |
| 370 | + } |
| 371 | + $grouppermissions .= "\n\$wgGroupPermissions['".$group."']['".$right."'] = false;"; |
| 372 | + } |
| 373 | + $str = "array('" . implode("', '", $rights) . "')"; |
| 374 | + if($str == 'array(\'\')') { |
| 375 | + $str = 'array()'; |
| 376 | + } |
| 377 | + $grouppermissions .= "\n\$wgGPManagerNeverGrant['".$group."'] = ".$str.";"; |
| 378 | + } |
| 379 | + } |
| 380 | + |
| 381 | + $grouppermissions = str_replace( "\r\n", "\n", $grouppermissions ); |
| 382 | + chdir( dirname(__FILE__) . "/config" ); |
| 383 | + $f = fopen( "GroupPermissions.php", 'wt' ); |
| 384 | + if(fwrite( $f, $grouppermissions ) ) { |
| 385 | + fclose( $f ); |
| 386 | + print "\n"; |
| 387 | + return true; |
| 388 | + } else { |
| 389 | + fclose( $f ); |
| 390 | + echo("<p class='error'>An error occured while writing the config/GroupPermissions.php file. Check user rights and disk space then try again.</p>"); |
| 391 | + return false; |
| 392 | + } |
| 393 | + } |
| 394 | + |
| 395 | + function makeRadio( $right = '', $value = '', $checked = false ) { |
| 396 | + if($checked) { |
| 397 | + $input = "<input type=\"radio\" name=\"right-{$right}\" id=\"{$right}-{$value}\" class=\"{$value}\" value=\"{$value}\" checked=\"checked\" />"; |
| 398 | + } else { |
| 399 | + $input ="<input type=\"radio\" name=\"right-{$right}\" id=\"{$right}-{$value}\" class=\"{$value}\" value=\"{$value}\" />"; |
| 400 | + } |
| 401 | + $input .= " <label for=\"{$right}-{$value}\">".wfMsgHtml('grouppermissions-'.$value)."</label> "; |
| 402 | + return $input; |
| 403 | + } |
| 404 | +} |
\ No newline at end of file |
Property changes on: trunk/extensions/GroupPermissionsManager/GPManager_body.php |
___________________________________________________________________ |
Added: svn:eol-style |
1 | 405 | + native |
Index: trunk/extensions/GroupPermissionsManager/GPManager.i18n.php |
— | — | @@ -0,0 +1,58 @@ |
| 2 | +<?php |
| 3 | + |
| 4 | +/** |
| 5 | +* Internationalisation file for the GroupPermissions Manager extension |
| 6 | +* See http://www.mediawiki.org/wiki/Extension:GroupPermissions_Manager for more info |
| 7 | +*/ |
| 8 | + |
| 9 | +$messages = array(); |
| 10 | + |
| 11 | +/** English |
| 12 | + * @author Ryan Schmidt |
| 13 | + */ |
| 14 | +$messages['en'] = array( |
| 15 | + 'grouppermissions' => 'Manage Group Permissions', |
| 16 | + 'grouppermissions-desc' => 'Manage group permissions via a special page', |
| 17 | + 'grouppermissions-desc2' => 'Extended permissions system', |
| 18 | + 'grouppermissions-header' => "You may use this page to change the underlying permissions of the various usergroups", |
| 19 | + 'grouppermissions-search' => 'Group:', |
| 20 | + 'grouppermissions-dologin' => 'Login', |
| 21 | + 'grouppermissions-dosearch' => 'Go', |
| 22 | + 'grouppermissions-searchlabel' => 'Search for Group', |
| 23 | + 'grouppermissions-deletelabel' => 'Delete Group', |
| 24 | + 'grouppermissions-error' => 'An unknown error has occurred, please hit the back button on your browser and try again', |
| 25 | + 'grouppermissions-change' => 'Change group permissions', |
| 26 | + 'grouppermissions-add' => 'Add group', |
| 27 | + 'grouppermissions-delete' => 'Delete group', |
| 28 | + 'grouppermissions-comment' => 'Comment:', |
| 29 | + 'grouppermissions-addsuccess' => '$1 has been successfully added', |
| 30 | + 'grouppermissions-deletesuccess' => '$1 has been successfully deleted', |
| 31 | + 'grouppermissions-changesuccess' => 'Permissions for $1 have successfully been changed', |
| 32 | + 'grouppermissions-true' => 'True', |
| 33 | + 'grouppermissions-false' => 'False', |
| 34 | + 'grouppermissions-never' => 'Never', |
| 35 | + 'grouppermissions-nooldrev' => 'Error encountered when attempting to archive the current config file. No archive will be made', |
| 36 | + 'grouppermissions-sort-read' => 'Reading', |
| 37 | + 'grouppermissions-sort-edit' => 'Editing', |
| 38 | + 'grouppermissions-sort-manage' => 'Management', |
| 39 | + 'grouppermissions-sort-admin' => 'Administration', |
| 40 | + 'grouppermissions-sort-tech' => 'Technical', |
| 41 | + 'grouppermissions-sort-misc' => 'Miscellaneous', |
| 42 | + 'grouppermissions-log-add' => 'added group "$2"', |
| 43 | + 'grouppermissions-log-change' => 'changed permissions for group "$2"', |
| 44 | + 'grouppermissions-log-delete' => 'deleted group "$2"', |
| 45 | + 'grouppermissions-log-name' => 'GroupPermissions log', |
| 46 | + 'grouppermissions-log-entry' => '', #do not translate this message |
| 47 | + 'grouppermissions-log-header' => 'This page tracks changes to the underlying permissions of user groups', |
| 48 | + 'right-viewsource' => 'View wiki source of protected pages', |
| 49 | + 'right-raw' => 'View raw pages', |
| 50 | + 'right-render' => 'View rendered pages without navigation', |
| 51 | + 'right-info' => 'View page info', |
| 52 | + 'right-credits' => 'View page credits', |
| 53 | + 'right-history' => 'View page histories', |
| 54 | + 'right-search' => 'Search the wiki', |
| 55 | + 'right-contributions' => 'View contributions pages', |
| 56 | + 'right-recentchanges' => 'View recent changes', |
| 57 | + 'right-edittalk' => 'Edit discussion pages', |
| 58 | + 'right-edit' => 'Edit pages (which are not discussion pages)', |
| 59 | +); |
\ No newline at end of file |
Property changes on: trunk/extensions/GroupPermissionsManager/GPManager.i18n.php |
___________________________________________________________________ |
Added: svn:eol-style |
1 | 60 | + native |
Index: trunk/extensions/GroupPermissionsManager/GPManager.php |
— | — | @@ -0,0 +1,256 @@ |
| 2 | +<?php |
| 3 | +/** |
| 4 | +* GroupPermissions Manager extension by Ryan Schmidt |
| 5 | +* Allows privelaged users to modify group permissions via a special page |
| 6 | +* See http://www.mediawiki.org/wiki/Extension:GroupPermissions_Manager for more info |
| 7 | +*/ |
| 8 | + |
| 9 | +if(!defined('MEDIAWIKI')) { |
| 10 | + echo("This file is an extension to the MediaWiki software and is not a valid access point"); |
| 11 | + die(1); |
| 12 | +} |
| 13 | + |
| 14 | +$wgExtensionCredits['specialpage'][] = array( |
| 15 | +'name' => 'GroupPermissions Manager', |
| 16 | +'author' => 'Ryan Schmidt', |
| 17 | +'url' => 'http://www.mediawiki.org/wiki/Extension:GroupPermissions_Manager', |
| 18 | +'version' => '3.0', |
| 19 | +'description' => 'Manage group permissions via a special page', |
| 20 | +'descriptionmsg' => 'grouppermissions-desc', |
| 21 | +); |
| 22 | +$wgAutoloadClasses['GroupPermissions'] = dirname(__FILE__) . '/GPManager_body.php'; |
| 23 | +$wgSpecialPages['GroupPermissions'] = 'GroupPermissions'; |
| 24 | +$wgAvailableRights[] = 'grouppermissions'; |
| 25 | +$wgExtensionMessagesFiles['GroupPermissions'] = dirname(__FILE__) . '/GPManager.i18n.php'; |
| 26 | + |
| 27 | +$wgLogTypes[] = 'gpmanager'; |
| 28 | +$wgLogActions['gpmanager/add'] = 'grouppermissions-log-add'; |
| 29 | +$wgLogActions['gpmanager/change'] = 'grouppermissions-log-change'; |
| 30 | +$wgLogActions['gpmanager/delete'] = 'grouppermissions-log-delete'; |
| 31 | +$wgLogActions['gpmanager/gpmanager'] = 'grouppermissions-log-entry'; |
| 32 | +$wgLogHeaders['gpmanager'] = 'grouppermissions-log-header'; |
| 33 | +$wgLogNames['gpmanager'] = 'grouppermissions-log-name'; |
| 34 | +$wgSpecialPageGroups['GroupPermissions'] = 'wiki'; |
| 35 | + |
| 36 | +##Permission required to use the special page |
| 37 | +##By default all bureaucrats can |
| 38 | +$wgGroupPermissions['bureaucrat']['grouppermissions'] = true; |
| 39 | +##Uncomment this if you want to make a separate group that can access the page as well |
| 40 | +#$wgGroupPermissions['grouppermissions']['grouppermissions'] = true; |
| 41 | + |
| 42 | +/** |
| 43 | +* Permissions++ sub-extension |
| 44 | +* This requires the GroupPermissions manager extension to function to its utmost ability, so don't insall this separate from it (or vice versa) |
| 45 | +*/ |
| 46 | + |
| 47 | +$wgExtensionCredits['other'][] = array( |
| 48 | +'name' => 'Permissions++', |
| 49 | +'author' => 'Ryan Schmidt', |
| 50 | +'url' => 'http://www.mediawiki.org/wiki/Extension:GroupPermissions_Manager', |
| 51 | +'version' => '1.0', |
| 52 | +'description' => 'Extended permissions system', |
| 53 | +'descriptionmsg' => 'grouppermissions-desc2', |
| 54 | +); |
| 55 | + |
| 56 | +$wgHooks['UserGetRights'][] = 'efGPManagerRevokeRights'; |
| 57 | +$wgHooks['userCan'][] = 'efGPManagerExtendedPermissionsGrant'; |
| 58 | +$wgHooks['getUserPermissionsErrors'][] = 'efGPManagerExtendedPermissionsRevoke'; |
| 59 | +$wgGPManagerNeverGrant = array(); |
| 60 | +$wgGPManagerSort = array(); |
| 61 | +$wgGPManagerSortTypes = array( 'read', 'edit', 'manage', 'admin', 'tech', 'misc' ); |
| 62 | + |
| 63 | +##Default permissions for the ones added by Permissions++ extension |
| 64 | +###Reading-related permissions |
| 65 | +$wgGroupPermissions['*']['viewsource'] = true; //allows viewing of wiki source when one cannot edit the page |
| 66 | +$wgGroupPermissions['*']['history'] = true; //allows viewing of page histories |
| 67 | +$wgGroupPermissions['*']['raw'] = true; //allows use of action=raw |
| 68 | +$wgGroupPermissions['*']['render'] = true; //allows use of action=render |
| 69 | +$wgGroupPermissions['*']['info'] = true; //allows use of action=info if the option is enabled |
| 70 | +$wgGroupPermissions['*']['credits'] = true; //allows use of action=credits |
| 71 | +$wgGroupPermissions['*']['search'] = true; //allows access to Special:Search |
| 72 | +$wgGroupPermissions['*']['recentchanges'] = true; //allows access to Special:RecentChanges |
| 73 | +$wgGroupPermissions['*']['contributions'] = true; //allows viewing Special:Contributions pages, including own |
| 74 | +###Editing-related permissions |
| 75 | +###Note that 'edit' is reduced to only allowing editing of non-talk pages now, it is NOT a global toggle anymore |
| 76 | +###In addition, 'createpage', and 'createtalk' no longer require the 'edit' right, this can be useful if you want to allow people to make pages, but not edit existing ones |
| 77 | +$wgGroupPermissions['*']['edittalk'] = true; //can edit talk pages, including use of section=new |
| 78 | + |
| 79 | +##Grouping of permissions for the GPManager |
| 80 | +$wgGPManagerSort['read'] = array( 'read', 'viewsource', 'history', 'raw', 'render', 'info', |
| 81 | +'credits', 'search', 'recentchanges', 'contributions' ); |
| 82 | +$wgGPManagerSort['edit'] = array( 'edit', 'createpage', 'createtalk', 'move', 'move-subpages', |
| 83 | +'createaccount', 'upload', 'reupload', 'reupload-shared', 'upload_by_url', |
| 84 | +'editprotected', 'edittalk', 'writeapi' ); |
| 85 | +$wgGPManagerSort['manage'] = array( 'delete', 'bigdelete', 'deletedhistory', 'undelete', 'mergehistory', |
| 86 | +'protect', 'block', 'blockemail', 'hideuser', 'userrights', 'userrights-interwiki', 'rollback', 'markbotedits', |
| 87 | +'patrol', 'editinterface', 'editusercssjs', 'hiderevision', 'deleterevision', 'browsearchive', 'suppressrevision', |
| 88 | +'suppressionlog' ); |
| 89 | +$wgGPManagerSort['admin'] = array( 'siteadmin', 'import', 'importupload', 'trackback', 'unwatchedpages', |
| 90 | +'grouppermissions' ); |
| 91 | +$wgGPManagerSort['tech'] = array( 'bot', 'purge', 'minoredit', 'nominornewtalk', 'ipblock-exempt', |
| 92 | +'proxyunbannable', 'autopatrol', 'apihighlimits', 'suppressredirect', 'autoconfirmed', |
| 93 | +'emailconfirmed', 'noratelimit' ); |
| 94 | +$wgGPManagerSort['misc'] = array(); //all rights added by extensions that don't have a sort clause get put here |
| 95 | + |
| 96 | +##Load the config file, if it exists. This must be the last thing to run in the startup part |
| 97 | +if(file_exists(dirname(__FILE__) . "/config/GroupPermissions.php") ) { |
| 98 | + require_once(dirname(__FILE__) . "/config/GroupPermissions.php"); |
| 99 | +} |
| 100 | + |
| 101 | +//Revoke the rights that are set to "never" |
| 102 | +function efGPManagerRevokeRights(&$user, &$rights) { |
| 103 | + global $wgGPManagerNeverGrant; |
| 104 | + $groups = $user->getEffectiveGroups(); |
| 105 | + $never = array(); |
| 106 | + $rights = array_unique($rights); |
| 107 | + foreach( $groups as $group ) { |
| 108 | + if( array_key_exists( $group, $wgGPManagerNeverGrant ) ) { |
| 109 | + foreach( $wgGPManagerNeverGrant[$group] as $right ) { |
| 110 | + $never[] = $right; |
| 111 | + } |
| 112 | + } |
| 113 | + } |
| 114 | + $never = array_unique( $never ); |
| 115 | + foreach( $never as $revoke ) { |
| 116 | + $offset = array_search( $revoke, $rights ); |
| 117 | + if( $offset !== false ) { |
| 118 | + array_splice( $rights, $offset, 1 ); |
| 119 | + } |
| 120 | + } |
| 121 | + return true; |
| 122 | +} |
| 123 | + |
| 124 | +//Extend the permissions system for finer-grained control without requiring hacks |
| 125 | +//For allowing actions that the normal permissions system would prevent |
| 126 | +function efGPManagerExtendedPermissionsGrant($title, $user, $action, &$result) { |
| 127 | + global $wgRequest; |
| 128 | + $result = false; |
| 129 | + if( $action == 'edit' && ($wgRequest->getVal('action') == 'edit' || $wgRequest->getVal('action') == 'submit') ) { |
| 130 | + if( !$title->exists() ) { |
| 131 | + $protection = getTitleProtection($title); |
| 132 | + if($protection) { |
| 133 | + if( !$user->isAllowed($protection['pt_create_perm']) ) { |
| 134 | + //pass it on to the normal permissions system to handle |
| 135 | + $result = null; |
| 136 | + return true; |
| 137 | + } |
| 138 | + } |
| 139 | + //otherwise don't pass it on to the normal permission system, because the edit right would then be checked |
| 140 | + if( $title->isTalkPage() && $user->isAllowed('createtalk') ) { |
| 141 | + $result = true; |
| 142 | + return false; |
| 143 | + } elseif( !$title->isTalkPage() && $user->isAllowed('createpage') ) { |
| 144 | + $result = true; |
| 145 | + return false; |
| 146 | + } |
| 147 | + } else { |
| 148 | + $protection = $title->getRestrictions('edit'); |
| 149 | + if($protection) { |
| 150 | + foreach($protection as $right) { |
| 151 | + if(!$user->isAllowed($right)) { |
| 152 | + //pass it on to the normal permissions system |
| 153 | + $result = null; |
| 154 | + return true; |
| 155 | + } |
| 156 | + } |
| 157 | + } |
| 158 | + if( $title->isTalkPage() && $user->isAllowed('edittalk') ) { |
| 159 | + $result = true; |
| 160 | + return false; |
| 161 | + } elseif( !$title->isTalkPage() && $user->isAllowed('edit') ) { |
| 162 | + $result = true; |
| 163 | + return false; |
| 164 | + } |
| 165 | + } |
| 166 | + } |
| 167 | + //hack for the UserCanRead method |
| 168 | + $res = efGPManagerExtendedPermissionsRevoke($title, $user, $action, &$result); |
| 169 | + if(!$res) { |
| 170 | + $result = false; |
| 171 | + //yay epic hacking! If I can't choose to make it return badaccess-group0... I'll simply force it to |
| 172 | + global $wgGroupPermissions; |
| 173 | + foreach($wgGroupPermissions as $group => $rights) { |
| 174 | + $wgGroupPermissions[$group]['read'] = false; |
| 175 | + } |
| 176 | + return false; |
| 177 | + } |
| 178 | + $result = null; |
| 179 | + return true; //otherwise we don't care |
| 180 | +} |
| 181 | + |
| 182 | +//for preventing actions the normal permissions system would allow |
| 183 | +function efGPManagerExtendedPermissionsRevoke($title, $user, $action, &$result) { |
| 184 | + global $wgRequest; |
| 185 | + $result = null; |
| 186 | + $err = array('badaccess-group0'); |
| 187 | + if( $action == 'read' ) { |
| 188 | + if( $title->isSpecial('Recentchanges') && !$user->isAllowed('recentchanges') ) { |
| 189 | + $result = $err; |
| 190 | + return false; |
| 191 | + } |
| 192 | + if( $title->isSpecial('Search') && !$user->isAllowed('search') ) { |
| 193 | + $result = $err; |
| 194 | + return false; |
| 195 | + } |
| 196 | + if( $title->isSpecial('Contributions') && !$user->isAllowed('contributions') ) { |
| 197 | + $result = $err; |
| 198 | + return false; |
| 199 | + } |
| 200 | + if( $wgRequest->getVal('action') == 'edit' || $wgRequest->getVal('action') == 'submit' ) { |
| 201 | + if( !$title->userCan('edit') && !$user->isAllowed('viewsource') ) { |
| 202 | + $result = $err; |
| 203 | + return false; |
| 204 | + } |
| 205 | + } |
| 206 | + if( $wgRequest->getVal('action') == 'history' && !$user->isAllowed('history') ) { |
| 207 | + $result = $err; |
| 208 | + return false; |
| 209 | + } |
| 210 | + if( $wgRequest->getVal('action') == 'raw' && !$user->isAllowed('raw') ) { |
| 211 | + $result = $err; |
| 212 | + return false; |
| 213 | + } |
| 214 | + if( $wgRequest->getVal('action') == 'render' && !$user->isAllowed('render') ) { |
| 215 | + $result = $err; |
| 216 | + return false; |
| 217 | + } |
| 218 | + if( $wgRequest->getVal('action') == 'credits' && !$user->isAllowed('credits') ) { |
| 219 | + $result = $err; |
| 220 | + return false; |
| 221 | + } |
| 222 | + if( $wgRequest->getVal('action') == 'info' && !$user->isAllowed('info') ) { |
| 223 | + $result = $err; |
| 224 | + return false; |
| 225 | + } |
| 226 | + } |
| 227 | + if( $action == 'edit' ) { |
| 228 | + if($title->exists() && ($wgRequest->getVal('action') == 'edit' || $wgRequest->getVal('action') == 'submit')) { |
| 229 | + if( $title->isTalkPage() && !$user->isAllowed('edittalk') ) { |
| 230 | + $result = $err; |
| 231 | + return false; |
| 232 | + } elseif( !$title->isTalkPage() && !$user->isAllowed('edit') ) { |
| 233 | + $result = $err; |
| 234 | + return false; |
| 235 | + } |
| 236 | + } |
| 237 | + } |
| 238 | + return true; //otherwise we don't care |
| 239 | +} |
| 240 | + |
| 241 | +//Since the one in Title.php is private... |
| 242 | +function getTitleProtection($title) { |
| 243 | + // Can't protect pages in special namespaces |
| 244 | + if ( $title->getNamespace() < 0 ) { |
| 245 | + return false; |
| 246 | + } |
| 247 | + |
| 248 | + $dbr = wfGetDB( DB_SLAVE ); |
| 249 | + $res = $dbr->select( 'protected_titles', '*', |
| 250 | + array ('pt_namespace' => $title->getNamespace(), 'pt_title' => $title->getDBkey()) ); |
| 251 | + |
| 252 | + if ($row = $dbr->fetchRow( $res )) { |
| 253 | + return $row; |
| 254 | + } else { |
| 255 | + return false; |
| 256 | + } |
| 257 | +} |
\ No newline at end of file |
Property changes on: trunk/extensions/GroupPermissionsManager/GPManager.php |
___________________________________________________________________ |
Added: svn:eol-style |
1 | 258 | + native |