User:Hendrik Brummermann/TODO/WikiRights
From Meta, a Wikimedia project coordination wiki
TODO-List [edit]
Viewing of articlesModifing of articles (edit, move, ...)sysops may allways change rightstalk pages may be edited if primary page may be readfilling $_SESSION["_ridlist"]Viewing of files / imagesCategories as group of articlesArticles used as template inclusion- Filter Search Results
Whitelist Special PagesUncategorized pagesGroup for anons
Code [edit]
<?php
/*
* CC-BY Hendrik Brummermann <nhb_web@nexgo.de>
* http://meta.wikimedia.org/wiki/User:Hendrik_Brummermann/TODO/WikiRights
*/
$wgHooks['userCan'][] = 'wikiRights';
$wgHooks['SkinTemplateContentActions'][] = 'wikiRightsTab';
$wgGroupPermissions['sysop']['rights'] = true;
$wgWikiRightsNoCategoryGroup = 211000;
$wgWikiRightsAnonGroup=9999999;
$wgExtensionFunctions[] = 'wfWikiRights';
function wfWikiRights() {
global $wgMessageCache;
$wgMessageCache->addMessage( 'includenotallowed', 'This page includes "$1" but you are not allowed to read it.' );
}
function wikiRights($orgtitle, $user, $action, &$result) {
global $wgWikiRightsNoCategoryGroup, $wgWikiRightsAnonGroup;
$title = $orgtitle;
// $title->invalidateCache();
if ( ($title->getText() === "-") && ($title->getArticleID() === 0 ) ) {
return false;
}
// sysops may allways change rights
if ( $action == "rights" ) {
if ($user->isAllowed($action)) {
$result = true;
return false;
}
}
// new pages may be created
if ( ($action == "read" || $action == "edit") && (!$title->exists()) ) {
return false;
}
// use build-in rights for special pages and MediaWiki interface messages
if ( ($title->getNamespace() < 0) || ($title->getNamespace() == NS_MEDIAWIKI) ) {
return false;
}
// use build-in rights for user pages (without subpaces)
if ( ($title->getNamespace() == NS_USER) || ($title->getNamespace() == NS_USER_TALK) ) {
if (strpos($title->getText(), "/") === FALSE) {
return false;
}
}
// talk pages may be edited if the primary page may be read
if ( (($action == "read") || ($action == "edit")) && ($title->isTalkPage()) ) {
$title = Title::makeTitle( Namespace::getSubject( $title->getNamespace() ), $title->getDBkey() );
$action = "read";
}
// which table?
$table = "his_canwrite";
if ( $action == "read" ) {
$table = "his_canread";
}
// extract group list from session
session_start();
$groups = $wgWikiRightsAnonGroup;
if (isset($_SESSION["_ridlist"])) {
$groups = $_SESSION["_ridlist"];
}
// Check rights for this arctile
$articleSQL = "SELECT count(*) FROM " . $table . " WHERE pageid=" . $title->getArticleID()
. " AND ownerid IN (" . $groups . ");";
// Check rights for all the categories this article is in (not transitive for now)
$categorySQL = "SELECT count(*) FROM " . $table . ", categorylinks, page WHERE cl_from=" . $title->getArticleID()
. " AND ownerid IN (" . $groups . ") "
. " AND pageid = page.page_id AND cl_to=page_title AND page_namespace=14;";
// If rights are missing, return false and stop processing of built-in rights.
if ( (!wikiRightsEvalCountSelect($articleSQL)) && (!wikiRightsEvalCountSelect($categorySQL)) ) {
// Pages without categories
$noCategorySQL = "SELECT count(*) FROM categorylinks, page WHERE page.page_namespace=14 AND page.page_title=categorylinks.cl_to AND cl_from=" . $title->getArticleID();
if ( !wikiRightsEvalCountSelect($noCategorySQL) ) {
// check if user is in NoCategoryGroup
$allowed = explode(',', $groups);
if ( in_array ( $wgWikiRightsNoCategoryGroup, $allowed) ) {
return false;
}
}
wfDebug("Keine $action-Rechte fuer Benutzer " . $user->getName() . " (Gruppen $groups) auf Artikel " . $title->getArticleID() . " \n");
$result = false;
return false;
}
// Use build in MediaWiki rights
return true;
}
function wikiRightsEvalCountSelect( $sql ) {
// Ask database
$dbr =& wfGetDB( DB_SLAVE );
$res = $dbr->query( $sql );
$resarray = mysql_fetch_array($res);
if ( ($resarray === FALSE) || ($resarray[0] == 0) ) {
return false;
}
return true;
}
function wikiRightsTab($actions) {
global $wgTitle;
if ( ! isset($_REQUEST['action']) ) {
if ( !$wgTitle->isTalkPage() && $wgTitle->userCan('rights') ) {
$tid = $wgTitle->getArticleID();
$title = $wgTitle->getFullText();
$actions['rights'] = array(
'class'=>'rights',
'text'=>'Rechte',
'href'=>"/qisserver/rds?state=change&type=8&moduleParameter=lesen&nextdir=change&next=tree.vm&subdir=verwiki&page.page_id={$tid}&page.page_title={$title}&sqlmode=update&init=y"
);
}
}
return true;
}
?>
----
##### Begin Patch img_auth.php
global $wgUser;
$result = true;
$title = Title::newFromText($imageName);
if ( ! wfRunHooks( 'userCan', array( &$title, &$wgUser, "read", &$result ) ) ) {
wfProfileOut( $fname );
if ( ! $result ) {
wfForbidden();
}
}
###### End Patch img_auth.php
----
Prevent include of articles without rights
--- Article.php.bak 2006-04-26 10:33:29.000000000 +0200
+++ Article.php 2006-04-26 10:41:04.000000000 +0200
@@ -376,6 +376,9 @@
$redirect = ($redirect == 'no') ? 'no' : 'yes';
$t .= ',redirect='.$redirect;
}
+ if ( ($this->mTitle->getNamespace() == NS_MAIN) && !$this->mTitle->userCanRead() ) {
+ return wfMsg ('includenotallowed', $t);
+ }
$this->mContent = wfMsg( 'missingarticle', $t );
if( $oldid ) {
--- Parser.php.bak 2006-04-26 10:27:45.000000000 +0200
+++ Parser.php 2006-04-26 11:25:55.000000000 +0200
@@ -2235,6 +2235,9 @@
$this->mOutput->setCacheTime( -1 );
}
} else {
+ if ( $title->getNamespace() == NS_MAIN ) {
+ $this->mOutput->setCacheTime( -1 );
+ }
$article = new Article( $title );
$articleContent = $article->getContentWithoutUsingSoManyDamnGlobals();
if ( $articleContent !== false ) {
