| Index: trunk/extensions/SemanticACL/SemanticACL.php |
| — | — | @@ -0,0 +1,127 @@ |
| | 2 | +<?php |
| | 3 | + |
| | 4 | +if ( !defined( 'MEDIAWIKI' ) ) |
| | 5 | + die(); |
| | 6 | + |
| | 7 | +$wgExtensionCredits['other'][] = array( |
| | 8 | + 'path' => __FILE__, |
| | 9 | + 'name' => 'Semantic ACL', |
| | 10 | + 'author' => array( 'Andrew Garrett' ), |
| | 11 | + 'descriptionmsg' => 'sacl-desc', |
| | 12 | +); |
| | 13 | + |
| | 14 | +$wgExtensionMessagesFiles['SemanticACL'] = dirname(__FILE__).'/Messages.php'; |
| | 15 | + |
| | 16 | +$wgHooks['userCan'][] = 'saclGetPermissionErrors'; |
| | 17 | +$wgHooks['smwInitProperties'][] = 'saclInitProperties'; |
| | 18 | + |
| | 19 | +$wgGroupPermissions['sysop']['sacl-exempt'] = true; |
| | 20 | + |
| | 21 | +// Initialise predefined properties |
| | 22 | +function saclInitProperties() { |
| | 23 | + |
| | 24 | + |
| | 25 | + // Read restriction properties |
| | 26 | + SMWDIProperty::registerProperty( '___VISIBLE', '_str', |
| | 27 | + wfMsgForContent('sacl-property-visibility') ); |
| | 28 | + SMWDIProperty::registerProperty( '___VISIBLE_WL_GROUP', '_str', |
| | 29 | + wfMsgForContent('sacl-property-visibility-wl-group') ); |
| | 30 | + SMWDIProperty::registerProperty( '___VISIBLE_WL_USER', '_wpg', |
| | 31 | + wfMsgForContent('sacl-property-visibility-wl-user') ); |
| | 32 | + |
| | 33 | + SMWDIProperty::registerPropertyAlias( '___VISIBLE', 'Visible to' ); |
| | 34 | + SMWDIProperty::registerPropertyAlias( '___VISIBLE_WL_GROUP', 'View whitelisted group' ); |
| | 35 | + SMWDIProperty::registerPropertyAlias( '___VISIBLE_WL_USER', 'View whitelisted user' ); |
| | 36 | + |
| | 37 | + // Write restriction properties |
| | 38 | + SMWDIProperty::registerProperty( '___EDITABLE', '_str', |
| | 39 | + wfMsgForContent('sacl-property-editable') ); |
| | 40 | + SMWDIProperty::registerProperty( '___EDITABLE_WL_GROUP', '_str', |
| | 41 | + wfMsgForContent('sacl-property-editable-wl-group') ); |
| | 42 | + SMWDIProperty::registerProperty( '___EDITABLE_WL_USER', '_wpg', |
| | 43 | + wfMsgForContent('sacl-property-editable-wl-user') ); |
| | 44 | + |
| | 45 | + SMWDIProperty::registerPropertyAlias( '___EDITABLE_BY', 'Editable by' ); |
| | 46 | + SMWDIProperty::registerPropertyAlias( '___EDITABLE_WL_GROUP', 'Edit whitelisted group' ); |
| | 47 | + SMWDIProperty::registerPropertyAlias( '___EDITABLE_WL_USER', 'Edit whitelisted user' ); |
| | 48 | + |
| | 49 | + return true; |
| | 50 | +} |
| | 51 | + |
| | 52 | + |
| | 53 | +function saclGetPermissionErrors( $title, $user, $action, &$result ) { |
| | 54 | + |
| | 55 | + // Failsafe: Some users are exempt from Semantic ACLs |
| | 56 | + if ( $user->isAllowed( 'sacl-exempt' ) ) { |
| | 57 | + return true; |
| | 58 | + } |
| | 59 | + |
| | 60 | + $store = smwfGetStore(); |
| | 61 | + $subject = SMWDIWikiPage::newFromTitle( $title ); |
| | 62 | + |
| | 63 | + // The prefix for the whitelisted group and user properties |
| | 64 | + // Either ___VISIBLE or ___EDITABLE |
| | 65 | + $prefix = ''; |
| | 66 | + |
| | 67 | + if ( $action == 'read' ) { |
| | 68 | + $prefix = '___VISIBLE'; |
| | 69 | + } else { |
| | 70 | + $type_property = 'Editable by'; |
| | 71 | + $prefix = '___EDITABLE'; |
| | 72 | + } |
| | 73 | + |
| | 74 | + $property = new SMWDIProperty($prefix); |
| | 75 | + $aclTypes = $store->getPropertyValues( $subject, $property ); |
| | 76 | + |
| | 77 | + foreach( $aclTypes as $valueObj ) { |
| | 78 | + $value = strtolower($valueObj->getString()); |
| | 79 | + |
| | 80 | + if ( $value == 'users' ) { |
| | 81 | + if ( $user->isAnon() ) { |
| | 82 | + $result = false; |
| | 83 | + return false; |
| | 84 | + } |
| | 85 | + } elseif ( $value == 'whitelist group' ) { |
| | 86 | + $whitelistProperty = new SMWDIProperty( "{$prefix}_WL_GROUP" ); |
| | 87 | + $whitelistValues = $store->getPropertyValues( $subject, $whitelistProperty ); |
| | 88 | + |
| | 89 | + $inWhitelistedGroup = false; |
| | 90 | + |
| | 91 | + foreach( $whitelistValues as $whitelistValue ) { |
| | 92 | + $group = strtolower($whitelistValue->getString()); |
| | 93 | + |
| | 94 | + if ( in_array( $group, $user->getEffectiveGroups() ) ) { |
| | 95 | + $inWhitelistedGroup = true; |
| | 96 | + break; |
| | 97 | + } |
| | 98 | + } |
| | 99 | + |
| | 100 | + if ( ! $inWhitelistedGroup ) { |
| | 101 | + $result = false; |
| | 102 | + return false; |
| | 103 | + } |
| | 104 | + } elseif ( $value == 'whitelist user' ) { |
| | 105 | + $whitelistProperty = new SMWDIProperty( "{$prefix}_WL_USER" ); |
| | 106 | + $whitelistValues = $store->getPropertyValues( $subject, $whitelistProperty ); |
| | 107 | + |
| | 108 | + $isWhitelistedUser = false; |
| | 109 | + |
| | 110 | + foreach( $whitelistValues as $whitelistValue ) { |
| | 111 | + $title = $whitelistValue->getTitle(); |
| | 112 | + |
| | 113 | + if ( $title->equals( $user->getUserPage() ) ) { |
| | 114 | + $isWhitelistedUser = true; |
| | 115 | + } |
| | 116 | + } |
| | 117 | + |
| | 118 | + if ( ! $isWhitelistedUser ) { |
| | 119 | + $result = false; |
| | 120 | + return false; |
| | 121 | + } |
| | 122 | + } elseif ( $value == 'public' ) { |
| | 123 | + return true; |
| | 124 | + } |
| | 125 | + } |
| | 126 | + |
| | 127 | + return true; |
| | 128 | +} |
| Index: trunk/extensions/SemanticACL/Messages.php |
| — | — | @@ -0,0 +1,15 @@ |
| | 2 | +<?php |
| | 3 | + |
| | 4 | +$messages['en'] = array( |
| | 5 | + 'sacl-desc' => 'Allows access restrictions to be set with Semantic MediaWiki properties.', |
| | 6 | + 'sacl-denied' => 'You are not on the access list for this page.', |
| | 7 | + 'right-sacl-exempt' => 'Exempt from Semantic ACLs', |
| | 8 | + |
| | 9 | + 'sacl-property-visibility' => 'Visible to', |
| | 10 | + 'sacl-property-visibility-wl-group' => 'View whitelisted group', |
| | 11 | + 'sacl-property-visibility-wl-user' => 'View whitelisted user', |
| | 12 | + |
| | 13 | + 'sacl-property-editable' => 'Editable by', |
| | 14 | + 'sacl-property-editable-wl-group' => 'Edit whitelisted group', |
| | 15 | + 'sacl-property-editable-wl-user' => 'Edit whitelisted user', |
| | 16 | +); |