Index: trunk/extensions/CentralAuth/WikiSet.php |
— | — | @@ -0,0 +1,169 @@ |
| 2 | +<?php |
| 3 | + |
| 4 | +class WikiSet { |
| 5 | + const OPTIN = 'optin'; |
| 6 | + const OPTOUT = 'optout'; |
| 7 | + const VERSION = 1; |
| 8 | + |
| 9 | + private $mId; //ID of the group |
| 10 | + private $mName; //Display name of the group |
| 11 | + private $mType; //Opt-in based or opt-out based |
| 12 | + private $mWikis; //List of wikis |
| 13 | + private $mVersion = self::VERSION; //Caching purposes |
| 14 | + |
| 15 | + static $mCacheVars = array( |
| 16 | + 'mId', |
| 17 | + 'mName', |
| 18 | + 'mType', |
| 19 | + 'mWikis', |
| 20 | + 'mVersion', |
| 21 | + ); |
| 22 | + |
| 23 | + public function __construct( $name = '', $type = self::OPTIN, $wikis = array(), $id = 0 ) { |
| 24 | + $this->mId = $id; |
| 25 | + $this->mName = $name; |
| 26 | + $this->mType = $type; |
| 27 | + $this->mWikis = $wikis; |
| 28 | + } |
| 29 | + |
| 30 | + protected static function memcKey( $k ) { return "wikiset:{$k}"; } |
| 31 | + |
| 32 | + public function getId() { return $this->mId; } |
| 33 | + public function getName() { return $this->mName; } |
| 34 | + public function setName( $n, $commit = false ) { return $this->setDbField( 'ws_name', $n, $commit ); } |
| 35 | + public function getWikisRaw() { return $this->mWikis; } |
| 36 | + public function setWikisRaw( $w, $commit = false ) { return $this->setDbField( 'ws_wikis', $w, $commit ); } |
| 37 | + public function getType() { return $this->mType; } |
| 38 | + public function setType( $t, $commit = false ) { |
| 39 | + if( !in_array( $t, array( self::OPTIN, self::OPTOUT ) ) ) |
| 40 | + return false; |
| 41 | + return $this->setDbField( 'ws_type', $t, $commit ); |
| 42 | + } |
| 43 | + protected function setDbField( $field, $value, $commit ) { |
| 44 | + $map = array( 'ws_name' => 'mName', 'ws_type' => 'mType', 'ws_wikis' => 'mWikis' ); |
| 45 | + $mname = $map[$field]; |
| 46 | + $this->$mname = $value; |
| 47 | + if( $commit ) |
| 48 | + $this->commit(); |
| 49 | + } |
| 50 | + |
| 51 | + public static function newFromRow( $row ) { |
| 52 | + if( !$row ) return null; |
| 53 | + return new WikiSet( |
| 54 | + $row->ws_name, |
| 55 | + $row->ws_type, |
| 56 | + explode( ',', $row->ws_wikis ), |
| 57 | + $row->ws_id |
| 58 | + ); |
| 59 | + } |
| 60 | + |
| 61 | + public static function newFromName( $id, $useCache = true ) { |
| 62 | + if( $useCache ) { |
| 63 | + global $wgMemc; |
| 64 | + $data = $wgMemc->get( self::memcKey( "name:" . md5( $id ) ) ); |
| 65 | + if( $data ) { |
| 66 | + if( $data['mVersion'] == self::VERSION ) { |
| 67 | + $ws = new WikiSet( null, null, null ); |
| 68 | + foreach( $data as $name => $val ) |
| 69 | + $ws->$name = $val; |
| 70 | + return $ws; |
| 71 | + } |
| 72 | + } |
| 73 | + } |
| 74 | + $dbr = CentralAuthUser::getCentralSlaveDB(); |
| 75 | + $row = $dbr->selectRow( |
| 76 | + 'wikiset', '*', array( 'ws_name' => $id ), __METHOD__ |
| 77 | + ); |
| 78 | + if( !$row ) |
| 79 | + return null; |
| 80 | + $ws = self::newFromRow( $row ); |
| 81 | + $ws->saveToCache(); |
| 82 | + return $ws; |
| 83 | + } |
| 84 | + |
| 85 | + public static function newFromID( $id, $useCache = true ) { |
| 86 | + if( $useCache ) { |
| 87 | + global $wgMemc; |
| 88 | + $data = $wgMemc->get( self::memcKey( $id ) ); |
| 89 | + if( $data ) { |
| 90 | + if( $data['mVersion'] == self::VERSION ) { |
| 91 | + $ws = new WikiSet( null, null, null ); |
| 92 | + foreach( $data as $name => $val ) |
| 93 | + $ws->$name = $val; |
| 94 | + return $ws; |
| 95 | + } |
| 96 | + } |
| 97 | + } |
| 98 | + $dbr = CentralAuthUser::getCentralSlaveDB(); |
| 99 | + $row = $dbr->selectRow( |
| 100 | + 'wikiset', '*', array( 'ws_id' => $id ), __METHOD__ |
| 101 | + ); |
| 102 | + if( !$row ) |
| 103 | + return null; |
| 104 | + $ws = self::newFromRow( $row ); |
| 105 | + $ws->saveToCache(); |
| 106 | + return $ws; |
| 107 | + } |
| 108 | + |
| 109 | + public function commit() { |
| 110 | + $dbw = CentralAuthUser::getCentralDB(); |
| 111 | + $dbw->replace( 'wikiset', array( 'ws_id' ), |
| 112 | + array( |
| 113 | + 'ws_id' => $this->mId, |
| 114 | + 'ws_name' => $this->mName, |
| 115 | + 'ws_type' => $this->mType, |
| 116 | + 'ws_wikis' => implode( ',', $this->mWikis ), |
| 117 | + ), __METHOD__ |
| 118 | + ); |
| 119 | + $dbw->commit(); |
| 120 | + $this->purge(); |
| 121 | + return (bool)$dbw->affectedRows(); |
| 122 | + } |
| 123 | + |
| 124 | + public function purge() { |
| 125 | + global $wgMemc; |
| 126 | + $wgMemc->delete( self::memcKey( $this->mId ) ); |
| 127 | + $wgMemc->delete( self::memcKey( "name:" . md5( $this->mName ) ) ); |
| 128 | + } |
| 129 | + |
| 130 | + public function saveToCache() { |
| 131 | + global $wgMemc; |
| 132 | + $data = array(); |
| 133 | + foreach( self::$mCacheVars as $var ) { |
| 134 | + $data[$var] = $this->$var; |
| 135 | + } |
| 136 | + $wgMemc->set( self::memcKey( $this->mId ), $data ); |
| 137 | + } |
| 138 | + |
| 139 | + public function getWikis() { |
| 140 | + if( $this->mType == self::OPTIN ) |
| 141 | + return $this->mWikis; |
| 142 | + else |
| 143 | + return array_diff( CentralAuthUser::getWikiList(), $this->mWikis ); |
| 144 | + } |
| 145 | + |
| 146 | + public function inSet( $wiki = '' ) { |
| 147 | + if( !$wiki ) |
| 148 | + $wiki = wfWikiID(); |
| 149 | + return in_array( $wiki, $this->getWikis() ); |
| 150 | + } |
| 151 | + |
| 152 | + public static function getAllWikiSets() { |
| 153 | + $dbr = CentralAuthUser::getCentralSlaveDB(); |
| 154 | + $res = $dbr->select( 'wikiset', '*', false, __METHOD__ ); |
| 155 | + $result = array(); |
| 156 | + while( $row = $dbr->fetchObject( $res ) ) |
| 157 | + $result[] = self::newFromRow( $row ); |
| 158 | + return $result; |
| 159 | + } |
| 160 | + |
| 161 | + public static function getWikiSetForGroup( $group ) { |
| 162 | + $dbr = CentralAuthUser::getCentralSlaveDB(); |
| 163 | + $res = $dbr->selectRow( 'global_group_restrictions', '*', array( 'ggr_group' => $group ), __METHOD__ ); |
| 164 | + return $res ? $res->ggr_set : 0; |
| 165 | + } |
| 166 | + |
| 167 | + public static function formatType( $type ) { |
| 168 | + return wfMsgHtml( "centralauth-rightslog-set-{$type}" ); |
| 169 | + } |
| 170 | +} |
Property changes on: trunk/extensions/CentralAuth/WikiSet.php |
___________________________________________________________________ |
Added: svn:eol-style |
1 | 171 | + native |
Index: trunk/extensions/CentralAuth/CentralAuth.i18n.php |
— | — | @@ -235,12 +235,20 @@ |
236 | 236 | 'centralauth-log-entry-unhide' => 'unhid global account "<nowiki>$1</nowiki>"', |
237 | 237 | 'centralauth-log-entry-lockandhide' => 'locked and hid global account "<nowiki>$1</nowiki>"', |
238 | 238 | |
239 | | - 'centralauth-rightslog-name' => 'Global rights log', |
240 | | - 'centralauth-rightslog-entry-usergroups' => 'changed global group membership for $1 from $2 to $3', |
241 | | - 'centralauth-rightslog-entry-groupperms' => 'changed group permissions for $1 from $2 to $3', |
| 239 | + 'centralauth-rightslog-name' => 'Global rights log', |
| 240 | + 'centralauth-rightslog-entry-usergroups' => 'changed global group membership for $1 from $2 to $3', |
| 241 | + 'centralauth-rightslog-entry-groupperms' => 'changed group permissions for $1 from $2 to $3', |
242 | 242 | 'centralauth-rightslog-entry-groupperms2' => 'changed group permissions for $1. Added $2; Removed $3', |
243 | | - 'centralauth-rightslog-header' => 'This log contains operations on global groups: membership and permissions changes', |
| 243 | + 'centralauth-rightslog-entry-groupperms3' => 'changed group restricted wikis set for $1 from $2 to $3', |
| 244 | + 'centralauth-rightslog-header' => 'This log contains operations on global groups: membership and permissions changes', |
244 | 245 | |
| 246 | + 'centralauth-rightslog-entry-newset' => 'created $2 wiki set $1 with following wikis: $3', |
| 247 | + 'centralauth-rightslog-entry-setrename' => 'renamed wiki set "$2" to "$1"', |
| 248 | + 'centralauth-rightslog-entry-setnewtype' => 'changed type of "$1" from $2 to $3', |
| 249 | + 'centralauth-rightslog-entry-setchange' => 'changed wikis in "$1": added: $2; removed: $3', |
| 250 | + 'centralauth-rightslog-set-optin' => 'opt-in based', |
| 251 | + 'centralauth-rightslog-set-optout' => 'opt-out based', |
| 252 | + |
245 | 253 | // Global group membership |
246 | 254 | 'globalgroupmembership' => 'Membership in global groups', |
247 | 255 | |
— | — | @@ -249,7 +257,7 @@ |
250 | 258 | 'centralauth-globalgroupperms-grouplist' => 'The following global groups have been configured. |
251 | 259 | You may view and edit the permissions assigned to any group. |
252 | 260 | A group may be deleted by removing all rights from it.', |
253 | | - 'centralauth-globalgroupperms-grouplistitem' => '$1 ([[Special:GlobalGroupPermissions/$2|View and edit permissions]])', |
| 261 | + 'centralauth-globalgroupperms-grouplistitem' => '$1 ([[Special:GlobalGroupPermissions/$2|view/edit]])', |
254 | 262 | 'centralauth-existinggroup-legend' => 'Existing groups', |
255 | 263 | 'centralauth-newgroup-legend' => 'Create a new group', |
256 | 264 | 'centralauth-newgroup-intro' => 'You can use this form to assign permissions to a new group. |
— | — | @@ -265,16 +273,40 @@ |
266 | 274 | 'centralauth-editgroup-member-edit' => '$2 ([[MediaWiki:Group-$1-member|edit]])', |
267 | 275 | 'centralauth-editgroup-members' => 'Member list:', |
268 | 276 | 'centralauth-editgroup-members-link' => '[[Special:Globalusers/$1|List of users with $2 rights]]', |
| 277 | + 'centralauth-editgroup-restrictions' => 'Set of wikis where this group is active:', |
| 278 | + 'centralauth-editgroup-noset' => '(none)', |
269 | 279 | 'centralauth-editgroup-submit' => 'Save changes to group permissions', |
270 | 280 | 'centralauth-editgroup-perms' => 'Assigned permissions:', |
271 | 281 | 'centralauth-editgroup-reason' => 'Reason for change:', |
272 | 282 | 'centralauth-editgroup-success' => 'Group permissions changed', |
273 | 283 | 'centralauth-editgroup-success-text' => 'You have successfully changed the group permissions for the $1 group. |
274 | 284 | [[Special:GlobalGroupPermissions|Return to group management]]', |
275 | | - 'centralauth-globalgrouppermissions-knownwiki' => "Select a wiki on which they have an account:", |
| 285 | + 'centralauth-globalgrouppermissions-knownwiki' => "Wiki on which they have an account:", |
276 | 286 | 'centralauth-globalgroupmembership-badknownwiki' => "The global user '''$1''' is not active on the wiki you specified ('' $2 ''). |
277 | 287 | You may be attempting to assign rights to the wrong user!", |
278 | 288 | |
| 289 | + // Wiki sets editing |
| 290 | + 'centralauth-editset' => 'Edit wiki sets', |
| 291 | + 'centralauth-editset-legend' => 'Edit or create wiki set', |
| 292 | + 'centralauth-editset-intro' => 'The following wiki sets have already been created. You may view and modify any of them, or create a new set.', |
| 293 | + 'centralauth-editset-item' => '$1 ([[Special:EditWikiSets/$2|view/edit]])', |
| 294 | + 'centralauth-editset-new' => 'Create a new set', |
| 295 | + 'centralauth-editset-notfound' => 'Wiki set "$1" not found.', |
| 296 | + 'centralauth-editset-optin' => 'Opt-in based (includes only specified wikis)', |
| 297 | + 'centralauth-editset-optout' => 'Opt-out based (includes all wikis except specified)', |
| 298 | + 'centralauth-editset-legend-edit' => 'Editing wiki set "$1"', |
| 299 | + 'centralauth-editset-legend-new' => 'Creating new wiki set', |
| 300 | + 'centralauth-editset-name' => 'Name:', |
| 301 | + 'centralauth-editset-type' => 'Type:', |
| 302 | + 'centralauth-editset-wikis' => 'Wikis:', |
| 303 | + 'centralauth-editset-reason' => 'Reason:', |
| 304 | + 'centralauth-editset-submit' => 'Submit', |
| 305 | + 'centralauth-editset-badname' => 'Invalid or empty set name.', |
| 306 | + 'centralauth-editset-badtype' => 'Invalid set type.', |
| 307 | + 'centralauth-editset-nowikis' => 'No wikis specified.', |
| 308 | + 'centralauth-editset-badwikis' => 'Following wikis do not exist: $1.', |
| 309 | + 'centralauth-editset-success' => 'Successfully changed wiki set.', |
| 310 | + |
279 | 311 | // User rights |
280 | 312 | 'right-globalgroupmembership' => 'Edit membership to global groups', |
281 | 313 | 'right-centralauth-admin' => 'Administrate global accounts', |
Index: trunk/extensions/CentralAuth/central-auth.sql |
— | — | @@ -134,3 +134,33 @@ |
135 | 135 | KEY (ggp_group), |
136 | 136 | KEY (ggp_permission) |
137 | 137 | ) /*$wgDBTableOptions*/; |
| 138 | + |
| 139 | +-- Sets of wikis (for things like restricting global groups) |
| 140 | +-- May be defined in two ways: only specified wikis or all wikis except opt-outed |
| 141 | +CREATE TABLE wikiset ( |
| 142 | + -- ID of wikiset |
| 143 | + ws_id int auto_increment, |
| 144 | + -- Display name of wikiset |
| 145 | + ws_name varchar(255) not null, |
| 146 | + -- Type of set: opt-in or opt-out |
| 147 | + ws_type enum ('optin', 'optout'), |
| 148 | + -- Wikis in that set. Why isn't it a seperate table? |
| 149 | + -- Because we can just use such simple list, we don't need complicated queries on it |
| 150 | + -- Let's suppose that max length of db name is 31 (32 with ","), then we have space for |
| 151 | + -- 2048 wikis. More than we need |
| 152 | + ws_wikis varbinary(65536) not null, |
| 153 | + |
| 154 | + PRIMARY KEY ws_id (ws_id), |
| 155 | + UNIQUE ws_name (ws_name) |
| 156 | +) /*$wgDBTableOptions*/; |
| 157 | + |
| 158 | +-- Allow certain global groups to have their permissions only on certain wikis |
| 159 | +CREATE TABLE global_group_restrictions ( |
| 160 | + -- Group to restrict |
| 161 | + ggr_group varchar(255) not null, |
| 162 | + -- Wikiset to use |
| 163 | + ggr_set int not null, |
| 164 | + |
| 165 | + PRIMARY KEY (ggr_group), |
| 166 | + KEY (ggr_set) |
| 167 | +) /*$wgDBTableOptions*/; |
Index: trunk/extensions/CentralAuth/db_patches/patch-wikisets.sql |
— | — | @@ -0,0 +1,29 @@ |
| 2 | +-- Sets of wikis (for things like restricting global groups) |
| 3 | +-- May be defined in two ways: only specified wikis or all wikis except opt-outed |
| 4 | +CREATE TABLE wikiset ( |
| 5 | + -- ID of wikiset |
| 6 | + ws_id int auto_increment, |
| 7 | + -- Display name of wikiset |
| 8 | + ws_name varchar(255) not null, |
| 9 | + -- Type of set: opt-in or opt-out |
| 10 | + ws_type enum ('optin', 'optout'), |
| 11 | + -- Wikis in that set. Why isn't it a seperate table? |
| 12 | + -- Because we can just use such simple list, we don't need complicated queries on it |
| 13 | + -- Let's suppose that max length of db name is 31 (32 with ","), then we have space for |
| 14 | + -- 2048 wikis. More than we need |
| 15 | + ws_wikis varbinary(65536) not null, |
| 16 | + |
| 17 | + PRIMARY KEY ws_id (ws_id), |
| 18 | + UNIQUE ws_name (ws_name) |
| 19 | +) /*$wgDBTableOptions*/; |
| 20 | + |
| 21 | +-- Allow certain global groups to have their permissions only on certain wikis |
| 22 | +CREATE TABLE global_group_restrictions ( |
| 23 | + -- Group to restrict |
| 24 | + ggr_group varchar(255) not null, |
| 25 | + -- Wikiset to use |
| 26 | + ggr_set int not null, |
| 27 | + |
| 28 | + PRIMARY KEY (ggr_group), |
| 29 | + KEY (ggr_set) |
| 30 | +) /*$wgDBTableOptions*/; |
\ No newline at end of file |
Property changes on: trunk/extensions/CentralAuth/db_patches/patch-wikisets.sql |
___________________________________________________________________ |
Added: svn:eol-style |
1 | 31 | + native |
Index: trunk/extensions/CentralAuth/CentralAuthUser.php |
— | — | @@ -18,7 +18,7 @@ |
19 | 19 | */ |
20 | 20 | /*private*/ var $mName; |
21 | 21 | /*private*/ var $mStateDirty = false; |
22 | | - /*private*/ var $mVersion = 1; |
| 22 | + /*private*/ var $mVersion = 2; |
23 | 23 | /*private*/ var $mDelayInvalidation = 0; |
24 | 24 | |
25 | 25 | static $mCacheVars = array( |
— | — | @@ -153,26 +153,40 @@ |
154 | 154 | return; |
155 | 155 | } |
156 | 156 | // We need the user id from the database, but this should be checked by the getId accessor. |
157 | | - |
| 157 | + |
158 | 158 | wfDebugLog( 'CentralAuth', "Loading groups for global user {$this->mName}" ); |
159 | | - |
| 159 | + |
160 | 160 | $dbr = self::getCentralDB(); // We need the master. |
161 | | - |
| 161 | + |
162 | 162 | $res = $dbr->select( |
163 | 163 | array( 'global_group_permissions', 'global_user_groups' ), |
164 | 164 | array( 'ggp_permission', 'ggp_group' ), |
165 | 165 | array( 'ggp_group=gug_group', 'gug_user' => $this->getId() ), |
166 | | - __METHOD__ ); |
167 | | - |
| 166 | + __METHOD__ |
| 167 | + ); |
| 168 | + |
| 169 | + $resSets = $dbr->select( |
| 170 | + array( 'global_user_groups', 'global_group_restrictions', 'wikiset' ), |
| 171 | + array( 'ggr_group', 'ws_id', 'ws_name', 'ws_type', 'ws_wikis' ), |
| 172 | + array( 'ggr_group=gug_group', 'ggr_set=ws_id', 'gug_user' => $this->getId() ), |
| 173 | + __METHOD__ |
| 174 | + ); |
| 175 | + |
| 176 | + $sets = array(); |
| 177 | + while( $row = $dbr->fetchObject( $resSets ) ) { |
| 178 | + $sets[$row->ggr_group] = WikiSet::newFromRow( $row ); |
| 179 | + } |
| 180 | + |
168 | 181 | // Grab the user's rights/groups. |
169 | 182 | $rights = array(); |
170 | 183 | $groups = array(); |
171 | | - |
172 | | - while ($row = $dbr->fetchObject( $res ) ) { |
173 | | - $rights[] = $row->ggp_permission; |
| 184 | + |
| 185 | + while( $row = $dbr->fetchObject( $res ) ) { |
| 186 | + $set = @$sets[$row->ggp_group]; |
| 187 | + $rights[] = array( 'right' => $row->ggp_permission, 'set' => $set ? $set->getID() : false ); |
174 | 188 | $groups[$row->ggp_group] = 1; |
175 | 189 | } |
176 | | - |
| 190 | + |
177 | 191 | $this->mRights = $rights; |
178 | 192 | $this->mGroups = array_keys($groups); |
179 | 193 | } |
— | — | @@ -1620,7 +1634,18 @@ |
1621 | 1635 | function getGlobalRights() { |
1622 | 1636 | $this->loadGroups(); |
1623 | 1637 | |
1624 | | - return $this->mRights; |
| 1638 | + $rights = array(); |
| 1639 | + $sets = array(); |
| 1640 | + foreach( $this->mRights as $right ) { |
| 1641 | + if( $right['set'] ) { |
| 1642 | + $set = isset( $sets[$right['set']] ) ? $sets[$right['set']] : WikiSet::newFromID( $right['set'] ); |
| 1643 | + if( $set->inSet() ) |
| 1644 | + $rights[] = $right['right']; |
| 1645 | + } else { |
| 1646 | + $rights[] = $right['right']; |
| 1647 | + } |
| 1648 | + } |
| 1649 | + return $rights; |
1625 | 1650 | } |
1626 | 1651 | |
1627 | 1652 | function removeFromGlobalGroups( $groups ) { |
Index: trunk/extensions/CentralAuth/CentralAuth.php |
— | — | @@ -136,12 +136,14 @@ |
137 | 137 | $wgAutoloadClasses['CentralAuthHooks'] = "$caBase/CentralAuthHooks.php"; |
138 | 138 | $wgAutoloadClasses['WikiMap'] = "$caBase/WikiMap.php"; |
139 | 139 | $wgAutoloadClasses['WikiReference'] = "$caBase/WikiMap.php"; |
| 140 | +$wgAutoloadClasses['WikiSet'] = "$caBase/WikiSet.php"; |
140 | 141 | $wgAutoloadClasses['SpecialAutoLogin'] = "$caBase/SpecialAutoLogin.php"; |
141 | 142 | $wgAutoloadClasses['CentralAuthUserArray'] = "$caBase/CentralAuthUserArray.php"; |
142 | 143 | $wgAutoloadClasses['CentralAuthUserArrayFromResult'] = "$caBase/CentralAuthUserArray.php"; |
143 | 144 | $wgAutoloadClasses['SpecialGlobalGroupMembership'] = "$caBase/SpecialGlobalGroupMembership.php"; |
144 | 145 | $wgAutoloadClasses['CentralAuthGroupMembershipProxy'] = "$caBase/CentralAuthGroupMembershipProxy.php"; |
145 | 146 | $wgAutoloadClasses['SpecialGlobalGroupPermissions'] = "$caBase/SpecialGlobalGroupPermissions.php"; |
| 147 | +$wgAutoloadClasses['SpecialEditWikiSets'] = "$caBase/SpecialEditWikiSets.php"; |
146 | 148 | |
147 | 149 | $wgExtensionMessagesFiles['SpecialCentralAuth'] = "$caBase/CentralAuth.i18n.php"; |
148 | 150 | |
— | — | @@ -182,6 +184,7 @@ |
183 | 185 | $wgSpecialPages['MergeAccount'] = 'SpecialMergeAccount'; |
184 | 186 | $wgSpecialPages['GlobalGroupMembership'] = 'SpecialGlobalGroupMembership'; |
185 | 187 | $wgSpecialPages['GlobalGroupPermissions'] = 'SpecialGlobalGroupPermissions'; |
| 188 | +$wgSpecialPages['EditWikiSets'] = 'SpecialEditWikiSets'; |
186 | 189 | $wgSpecialPages['GlobalUsers'] = 'SpecialGlobalUsers'; |
187 | 190 | $wgSpecialPageGroups['GlobalUsers'] = 'users'; |
188 | 191 | |
— | — | @@ -195,9 +198,25 @@ |
196 | 199 | $wgLogActions['globalauth/unhide'] = 'centralauth-log-entry-unhide'; |
197 | 200 | $wgLogActions['globalauth/lockandhid'] = 'centralauth-log-entry-lockandhide'; |
198 | 201 | |
199 | | -$wgLogTypes[] = 'gblrights'; |
200 | | -$wgLogNames['gblrights'] = 'centralauth-rightslog-name'; |
201 | | -$wgLogHeaders['gblrights'] = 'centralauth-rightslog-header'; |
202 | | -$wgLogActions['gblrights/usergroups'] = 'centralauth-rightslog-entry-usergroups'; |
203 | | -$wgLogActions['gblrights/groupperms'] = 'centralauth-rightslog-entry-groupperms'; |
204 | | -$wgLogActions['gblrights/groupperms2'] = 'centralauth-rightslog-entry-groupperms2'; |
| 202 | +$wgLogTypes[] = 'gblrights'; |
| 203 | +$wgLogNames['gblrights'] = 'centralauth-rightslog-name'; |
| 204 | +$wgLogHeaders['gblrights'] = 'centralauth-rightslog-header'; |
| 205 | +$wgLogActions['gblrights/usergroups'] = 'centralauth-rightslog-entry-usergroups'; |
| 206 | +$wgLogActions['gblrights/groupperms'] = 'centralauth-rightslog-entry-groupperms'; |
| 207 | +$wgLogActions['gblrights/groupperms2'] = 'centralauth-rightslog-entry-groupperms2'; |
| 208 | +$wgLogActions['gblrights/groupperms3'] = 'centralauth-rightslog-entry-groupperms3'; |
| 209 | +foreach( array( 'newset', 'setrename', 'setnewtype', 'setchange' ) as $type ) |
| 210 | + $wgLogActionsHandlers["gblrights/{$type}"] = 'efHandleWikiSetLogEntry'; |
| 211 | + |
| 212 | +function efHandleWikiSetLogEntry( $type, $action, $title, $skin, $params, $filterWikilinks = false ) { |
| 213 | + $link = $skin ? $skin->makeLinkObj( $title, $params[0] ) : $params[0]; |
| 214 | + if( $action == 'newset' ) |
| 215 | + $args = array( WikiSet::formatType( $params[1] ), $params[2] ); |
| 216 | + if( $action == 'setrename' ) |
| 217 | + $args = array( $params[1] ); |
| 218 | + if( $action == 'setnewtype' ) |
| 219 | + $args = array( WikiSet::formatType( $params[1] ) ); |
| 220 | + if( $action == 'setchange' ) |
| 221 | + $args = array( $params[1] ? $params[1] : wfMsg( 'rightsnone' ), $params[2] ? $params[2] : wfMsg( 'rightsnone' ) ); |
| 222 | + return wfMsgReal( "centralauth-rightslog-entry-{$action}", array_merge( array( $link ), $args ), true, !$skin ); |
| 223 | +} |
\ No newline at end of file |
Index: trunk/extensions/CentralAuth/SpecialGlobalGroupPermissions.php |
— | — | @@ -112,7 +112,7 @@ |
113 | 113 | } |
114 | 114 | |
115 | 115 | function buildGroupView( $group ) { |
116 | | - global $wgOut, $wgUser,$wgScript; |
| 116 | + global $wgOut, $wgUser, $wgScript; |
117 | 117 | |
118 | 118 | $wgOut->setSubtitle( wfMsg( 'centralauth-editgroup-subtitle', $group ) ); |
119 | 119 | |
— | — | @@ -127,6 +127,7 @@ |
128 | 128 | $fields['centralauth-editgroup-display'] = wfMsgExt( 'centralauth-editgroup-display-edit', array( 'parseinline' ), $group, User::getGroupName( $group ) ); |
129 | 129 | $fields['centralauth-editgroup-member'] = wfMsgExt( 'centralauth-editgroup-member-edit', array( 'parseinline' ), $group, User::getGroupMember( $group ) ); |
130 | 130 | $fields['centralauth-editgroup-members'] = wfMsgExt( 'centralauth-editgroup-members-link', array( 'parseinline' ), $group, User::getGroupMember( $group ) ); |
| 131 | + $fields['centralauth-editgroup-restrictions'] = $this->buildWikiSetSelector($group); |
131 | 132 | $fields['centralauth-editgroup-perms'] = $this->buildCheckboxes($group); |
132 | 133 | $fields['centralauth-editgroup-reason'] = wfInput( 'wpReason' ); |
133 | 134 | |
— | — | @@ -139,7 +140,19 @@ |
140 | 141 | |
141 | 142 | $this->showLogFragment( $group, $wgOut ); |
142 | 143 | } |
143 | | - |
| 144 | + |
| 145 | + function buildWikiSetSelector( $group ) { |
| 146 | + $sets = WikiSet::getAllWikiSets(); |
| 147 | + $default = WikiSet::getWikiSetForGroup( $group ); |
| 148 | + |
| 149 | + $select = new XmlSelect( 'set', 'wikiset', $default ); |
| 150 | + $select->addOption( wfMsg( 'centralauth-editgroup-noset' ), '0' ); |
| 151 | + foreach( $sets as $set ) { |
| 152 | + $select->addOption( $set->getName(), $set->getID() ); |
| 153 | + } |
| 154 | + return $select->getHTML(); |
| 155 | + } |
| 156 | + |
144 | 157 | function buildCheckboxes( $group ) { |
145 | 158 | |
146 | 159 | $rights = User::getAllRights(); |
— | — | @@ -221,7 +234,15 @@ |
222 | 235 | // Log it |
223 | 236 | if (!(count($addRights)==0 && count($removeRights)==0)) |
224 | 237 | $this->addLogEntry( $group, $addRights, $removeRights, $reason ); |
225 | | - |
| 238 | + |
| 239 | + // Change set |
| 240 | + $current = WikiSet::getWikiSetForGroup( $group ); |
| 241 | + $new = $wgRequest->getVal( 'set' ); |
| 242 | + if( $current != $new ) { |
| 243 | + $this->setRestrictions( $group, $new ); |
| 244 | + $this->addLogEntry2( $group, $current, $new, $reason ); |
| 245 | + } |
| 246 | + |
226 | 247 | $this->invalidateRightsCache( $group ); |
227 | 248 | |
228 | 249 | // Display success |
— | — | @@ -262,8 +283,6 @@ |
263 | 284 | global $wgRequest; |
264 | 285 | |
265 | 286 | $log = new LogPage( 'gblrights' ); |
266 | | - |
267 | | - $added = |
268 | 287 | |
269 | 288 | $log->addEntry( 'groupperms2', |
270 | 289 | SpecialPage::getTitleFor( 'GlobalUsers', $group ), |
— | — | @@ -278,7 +297,40 @@ |
279 | 298 | function makeRightsList( $ids ) { |
280 | 299 | return (bool)count($ids) ? implode( ', ', $ids ) : wfMsgForContent( 'rightsnone' ); |
281 | 300 | } |
282 | | - |
| 301 | + |
| 302 | + function setRestrictions( $group, $set ) { |
| 303 | + $dbw = CentralAuthUser::getCentralDB(); |
| 304 | + if( $set == 0 ) { |
| 305 | + $dbw->delete( 'global_group_restrictions', array( 'ggr_group' => $group ), __METHOD__ ); |
| 306 | + } else { |
| 307 | + $dbw->replace( 'global_group_restrictions', array( 'ggr_group' ), |
| 308 | + array( 'ggr_group' => $group, 'ggr_set' => $set, ), __METHOD__ ); |
| 309 | + } |
| 310 | + return (bool)$dbw->affectedRows(); |
| 311 | + } |
| 312 | + |
| 313 | + function addLogEntry2( $group, $old, $new, $reason ) { |
| 314 | + global $wgRequest; |
| 315 | + |
| 316 | + $log = new LogPage( 'gblrights' ); |
| 317 | + |
| 318 | + $log->addEntry( 'groupperms3', |
| 319 | + SpecialPage::getTitleFor( 'GlobalUsers', $group ), |
| 320 | + $reason, |
| 321 | + array( |
| 322 | + $this->getWikiSetName( $old ), |
| 323 | + $this->getWikiSetName( $new ), |
| 324 | + ) |
| 325 | + ); |
| 326 | + } |
| 327 | + |
| 328 | + function getWikiSetName( $id ) { |
| 329 | + if( $id ) |
| 330 | + return WikiSet::newFromID( $id )->getName(); |
| 331 | + else |
| 332 | + return wfMsgForContent( 'centralauth-editgroup-noset' ); |
| 333 | + } |
| 334 | + |
283 | 335 | function invalidateRightsCache( $group ) { |
284 | 336 | global $wgMemc; |
285 | 337 | |