accesscontrol-2.1/000075500000000000000000000000001213673535200142235ustar00rootroot00000000000000accesscontrol-2.1/.gitignore000064400000000000000000000000321213673535200162060ustar00rootroot00000000000000.svn *~ *.kate-swp .*.swp accesscontrol-2.1/.gitreview000064400000000000000000000002021213673535200162230ustar00rootroot00000000000000[gerrit] host=gerrit.wikimedia.org port=29418 project=mediawiki/extensions/AccessControl.git defaultbranch=master defaultrebase=0 accesscontrol-2.1/AccessControl.i18n.php000064400000000000000000000210541213673535200202560ustar00rootroot00000000000000 'Enables group access restriction on a page by user basis', 'accesscontrol-group' => 'This page is only accessible for group $1.', 'accesscontrol-groups' => 'This page is only accessible for the groups $1.', // FIXME: Add PLURAL and/or merge with the above message 'accesscontrol-info' => 'This is a protected page!', 'accesscontrol-info-user' => 'Only_sysop', 'accesscontrol-info-anonymous' => 'No_anonymous', 'accesscontrol-info-deny' => 'No_Access', 'accesscontrol-edit-anonymous' => 'Deny_anonymous', 'accesscontrol-edit-users' => 'Deny_edit_list', ); /** Message documentation (Message documentation) * @author Beta16 */ $messages['qqq'] = array( 'accesscontrol-desc' => '{{desc}}', ); /** Belarusian (Taraškievica orthography) (‪Беларуская (тарашкевіца)‬) * @author Wizardist */ $messages['be-tarask'] = array( 'accesscontrol-desc' => 'Дазваляе групавое абмежаваньне доступу да старонкі для асобных карыстальнікаў', 'accesscontrol-group' => 'Гэтая старонка даступная толькі для групы «$1».', 'accesscontrol-groups' => 'Гэтая старонка даступная толькі для групаў $1.', 'accesscontrol-info' => 'Гэта абароненая старонка!', ); /** Czech (česky) * @author Aleš Kapica */ $messages['cs'] = array( 'accesscontrol-desc' => 'Toto je rozšíření, které přidává uživatelskou možnost omezení přístupu ke stránce', 'accesscontrol-group' => 'Tato stránka je přístupná pouze pro skupinu $1 !!!', 'accesscontrol-groups' => 'Tato stránka je přístupná pouze pro skupiny $1 !!!', 'accesscontrol-info' => 'Toto je stránka s omezeným přístupem!', ); /** German (Deutsch) * @author Kghbln */ $messages['de'] = array( 'accesscontrol-desc' => 'Ermöglicht auf Benutzergruppen bezogene Seitenzugriffsbeschränkungen', 'accesscontrol-group' => 'Diese Seite kann nur von Mitgliedern der Benutzergruppe $1 aufgerufen werden.', 'accesscontrol-groups' => 'Diese Seite kann nur von Mitgliedern der Benutzergruppen $1 aufgerufen werden.', 'accesscontrol-info' => 'Dies ist eine geschützt Seite.', ); /** Spanish (español) * @author Armando-Martin */ $messages['es'] = array( 'accesscontrol-desc' => 'Habilita la restricción de acceso de grupo a una página por la base de usuarios', 'accesscontrol-group' => 'Esta página sólo es accesible para el grupo $1.', 'accesscontrol-groups' => 'Esta página sólo es accesible para los grupos $1.', 'accesscontrol-info' => '¡Se trata de una página protegida!', ); /** French (français) * @author DavidL */ $messages['fr'] = array( 'accesscontrol-desc' => "Permet la restriction d'accès de groupe sur une page selon l'utilisateur", 'accesscontrol-group' => 'Cette page est accessible uniquement au groupe $1.', 'accesscontrol-groups' => 'Cette page est accessible uniquement aux groupes $1.', 'accesscontrol-info' => "Il s'agit d'une page protégée !", ); /** Galician (Galego) * @author Toliño */ $messages['gl'] = array( 'accesscontrol-desc' => 'Activa a restrición de acceso por grupo a unha páxina segundo o usuario', 'accesscontrol-group' => 'Os usuarios que pertencen ao grupo dos $1 son os únicos que poden acceder a esta páxina.', 'accesscontrol-groups' => 'Os usuarios que pertencen aos grupos $1 son os únicos que poden acceder a esta páxina.', 'accesscontrol-info' => 'Esta páxina está protexida!', ); /** Upper Sorbian (Hornjoserbsce) * @author Michawiki */ $messages['hsb'] = array( 'accesscontrol-desc' => 'Zmóžnja wobmjezowanje přistup na skupiny na stronje na zakładźe wužiwarjow', 'accesscontrol-group' => 'Tuta strona je jenož za skupinu $1 přistupna.', 'accesscontrol-groups' => 'Tuta strona je jenož za skupiny $1 přistupna.', 'accesscontrol-info' => 'To je škitana strona!', ); /** Italian (italiano) * @author Beta16 */ $messages['it'] = array( 'accesscontrol-desc' => "Questa è un'estensione che permette l'accesso a pagine con restrizioni in base al gruppo utente", 'accesscontrol-group' => 'Questa pagina è accessibile solo per il gruppo $1 !!!', 'accesscontrol-groups' => 'Questa pagina è accessibile solo per i gruppi $1 !!!', 'accesscontrol-info' => 'Questa è una pagina protetta!', ); /** Japanese (日本語) * @author Shirayuki */ $messages['ja'] = array( 'accesscontrol-group' => 'このページにはこのグループのみがアクセスできます:$1', 'accesscontrol-groups' => 'このページにはこれらのグループのみがアクセスできます:$1', 'accesscontrol-info' => 'これは保護されたページです!', ); /** Luxembourgish (Lëtzebuergesch) * @author Robby */ $messages['lb'] = array( 'accesscontrol-desc' => 'Aktivéiert de limitéierten Accès op eng Säit op der Basis vun de Benotzerrechter', 'accesscontrol-group' => 'Dës Säit ass kann nëmme vu Benotzer vum Grupp $1 genotzt ginn.', 'accesscontrol-groups' => 'Dës Säit ass kann nëmme vu Benotzer vun de Gruppe(n) $1 genotzt ginn.', 'accesscontrol-info' => 'Dës Säit ass gespaart!', ); /** Macedonian (македонски) * @author Bjankuloski06 */ $messages['mk'] = array( 'accesscontrol-desc' => 'Овозможува граничување на пристапот на корисници од дадени групи', 'accesscontrol-group' => 'Оваа страница е достапна само за групата $1.', 'accesscontrol-groups' => 'Оваа страница е достапна само за групите $1.', 'accesscontrol-info' => 'Ова е заштитена страница!', ); /** Malay (Bahasa Melayu) * @author Tedbundyjr */ $messages['ms'] = array( 'accesscontrol-desc' => 'Membenarkan penghadan akses kumpulan pada laman berdasarkan basis pengguna', 'accesscontrol-group' => 'Laman ini hanya boleh diakses oleh kumpulan $1.', 'accesscontrol-groups' => 'Laman ini hanya boleh diakses oleh kumpulan $1.', 'accesscontrol-info' => 'Ini adalah laman lindungan.', ); /** Dutch (Nederlands) * @author SPQRobin */ $messages['nl'] = array( 'accesscontrol-group' => 'Deze pagina is alleen toegankelijk voor de groep $1 .', 'accesscontrol-groups' => 'Deze pagina is alleen toegankelijk voor de groepen $1 .', ); /** Polish (polski) * @author BeginaFelicysym */ $messages['pl'] = array( 'accesscontrol-desc' => 'Włącza ograniczenia dostępu do stron dla grupy stronie wedle użytkowników', 'accesscontrol-group' => 'Ta strona jest dostępna tylko dla grupy $1 .', 'accesscontrol-groups' => 'Ta strona jest dostępna tylko dla grup $1 .', 'accesscontrol-info' => 'To jest strona chroniona!', ); /** Russian (Русский) * @author plisket4 */ $messages['ru'] = array( 'accesscontrol-desc' => 'Включает механизм ограничения доступа к страницам на основании группы, к которой пренадлежит пользователь', 'accesscontrol-group' => 'Данная страница доступна только членам группы $1.', 'accesscontrol-groups' => 'Данная страница доступна только членам групп $1.', // FIXME: Add PLURAL and/or merge with the above message 'accesscontrol-info' => 'Это защищенная страница!', 'accesscontrol-info-user' => 'Доступ только у членов группы sysop', 'accesscontrol-info-anonymous' => 'Доступ анонимным пользователям запрещен', 'accesscontrol-info-deny' => 'Доступ запрещен!', 'accesscontrol-edit-anonymous' => 'Запрещено_редактирование_незарегистрированным_пользователям', 'accesscontrol-edit-users' => 'Запрещено_редактирование_списка', ); /** Telugu (తెలుగు) * @author Veeven */ $messages['te'] = array( 'accesscontrol-info' => 'ఇది సంరక్షిత పేజీ!', ); /** Tagalog (Tagalog) * @author AnakngAraw */ $messages['tl'] = array( 'accesscontrol-desc' => 'Nagpapagana ng pagbabawal sa pagpunta ng pangkat sa isang pahina ayon sa pinagbabatayang tagagamit', 'accesscontrol-group' => 'Ang pahinang ito ay mapupuntahan lamang ng pangkat na $1.', 'accesscontrol-groups' => 'Ang pahinang ito ay mapupuntahan lamang ng mga pangkat na $1.', 'accesscontrol-info' => 'Ito ay isang pahinang pinuprutektahan!', ); accesscontrol-2.1/AccessControl.php000064400000000000000000000262301213673535200175010ustar00rootroot00000000000000= 1.18 rewrited completly by Aleš Kapica. * @package MediaWiki * @subpackage Extensions * @author Aleš Kapica * @copyright 2008-2012 Aleš Kapica * @licence GNU General Public Licence */ if( !defined( 'MEDIAWIKI' ) ) { echo ( "This file is an extension to the MediaWiki software and cannot be used standalone.\n" ); die(); } // sysop users can read all restricted pages $wgAdminCanReadAll = true; $wgExtensionCredits['specialpage']['AccessControl'] = array( 'name' => 'AccessControlExtension', 'author' => array( 'Aleš Kapica' ), 'url' => 'http://www.mediawiki.org/wiki/Extension:AccessControl', 'version' => '2.1', 'description' => 'Access control based on users lists. Administrator rights need not be for it.', 'descriptionmsg' => 'accesscontrol-desc', ); $wgHooks['ParserFirstCallInit'][] = 'wfAccessControlExtension' ; $dir = dirname( __FILE__ ) . '/'; $wgExtensionMessagesFiles['AccessControl'] = $dir . 'AccessControl.i18n.php'; //Hook the userCan function for bypassing the cache $wgHooks['userCan'][] = 'hookUserCan'; function wfAccessControlExtension( Parser $parser ) { /* This the hook function adds the tag to the wiki parser */ $parser->setHook( "accesscontrol", "doControlUserAccess" ); return true; } function doControlUserAccess( $input, array $args, Parser $parser, PPFrame $frame ) { /* Funcion called by wfAccessControlExtension */ return displayGroups(); } function accessControl( $obsahtagu ){ $accessgroup = Array( Array(), Array() ); $listaccesslist = explode( ",", $obsahtagu ); foreach ( $listaccesslist as $accesslist ) { if ( strpos( $accesslist, "(ro)" ) !== false ) { $accesslist = trim( str_replace( "(ro)", "", $accesslist ) ); $group = makeGroupArray( $accesslist ); $accessgroup[1] = array_merge( $accessgroup[1], $group[0] ); $accessgroup[1] = array_merge( $accessgroup[1], $group[1] ); } else { $accesslist = trim( $accesslist ); $group = makeGroupArray ($accesslist ); $accessgroup[0] = array_merge( $accessgroup[0], $group[0] ); $accessgroup[1] = array_merge( $accessgroup[1], $group[1] ); } } return $accessgroup; } function makeGroupArray( $accesslist ) { /* Function returns array with two lists. First is list full access users. Second is list readonly users. */ $userswrite = Array(); $usersreadonly = Array(); $users = getUsersFromPages( $accesslist ); foreach ( array_keys( $users ) as $user ) { switch ( $users[$user] ) { case 'read': $usersreadonly[] = $user; break; case 'edit': $userswrite[] = $user; break; } } return array( $userswrite , $usersreadonly ); } function displayGroups() { /* Function replace the tag and his content, behind info about a protection this the page */ $style = "

"; $text = wfMsg( 'accesscontrol-info' ); $style_end = "

"; $wgAllowInfo = $style . $text . $style_end; return $wgAllowInfo; } function getContentPage( $title ) { /* Function get content the page identified by title object from database */ $Title = new Title(); $gt = $Title->makeTitle( 0, $title ); // create Article and get the content $contentPage = new Article( $gt, 0 ); return $contentPage->fetchContent( 0 ); } function getTemplatePage( $template ) { /* Function get content the template page identified by title object from database */ $Title = new Title(); $gt = $Title->makeTitle( 10, $template ); //echo ''; // create Article and get the content $contentPage = new Article( $gt, 0 ); return $contentPage->fetchContent( 0 ); } function getUsersFromPages( $skupina ) { /* Extracts the allowed users from the userspace access list */ $allowedAccess = Array(); $allow = Array(); $Title = new Title(); $gt = $Title->makeTitle( 0, $skupina ); // create Article and get the content $groupPage = new Article( $gt, 0 ); $allowedUsers = $groupPage->fetchContent( 0 ); $groupPage = NULL; $usersAccess = explode( "\n", $allowedUsers ); foreach ($usersAccess as $userEntry ) { $userItem = trim( $userEntry ); if ( substr( $userItem, 0, 1 ) == "*" ) { if ( strpos( $userItem, "(ro)" ) === false ) { $user = trim( str_replace( "*", "", $userItem ) ); $allow[$user] = 'edit'; } else { $user = trim( str_replace( "*", "", $userItem ) ); $user = trim( str_replace( "(ro)", "", $user ) ); $allow[$user] = 'read'; } } } if ( is_array( $allow ) ) { $allowedAccess = $allow; unset( $allow ); } return $allowedAccess; } function doRedirect( $info ) { /* make redirection for non authorized users */ global $wgScript, $wgSitename, $wgOut; if ( ! $info ) { $info = "No_access"; } if ( $info == "Only_sysop" ) { $target = wfMsg( 'accesscontrol-info-user' ); } elseif ( $info == "No_anonymous" ) { $target = wfMsg( 'accesscontrol-info-anonymous' ); } elseif ( $info == "Deny_anonymous") { $target = wfMsg( 'accesscontrol-edit-anonymous' ); } elseif ( $info == "Deny_edit_list" ) { $target = wfMsg( 'accesscontrol-edit-users' ); } else { $target = wfMsg( 'accesscontrol-info-deny' ); } if ( isset( $_SESSION['redirect'] ) ) { // removing info about redirect from session after move.. unset( $_SESSION['redirect'] ); } header( "Location: " . $wgScript . "/" . $wgSitename . ":" . $target ); } function fromTemplates( $string ) { global $wgUser, $wgAdminCanReadAll; // Vytažení šablon if ( strpos( $string, '{{' ) ) { if ( substr( $string, strpos ( $string, '{{' ), 3 ) === '{{{' ) { $start = strpos( $string, '{{{' ); $end = strlen( $string ); $skok = $start + 3; fromTemplates( substr( $string, $skok, $end - $skok ) ); } else { $start = strpos( $string, '{{' ); $end = strpos( $string, '}}' ); $skok = $start + 2; $templatepage = substr( $string, $skok, $end - $skok ); if ( strpos( $templatepage, '|' ) > 0) { $templatename = substr( $templatepage, 0, strpos( $templatepage, '|' ) ); } else { $templatename = $templatepage ; } if ( substr( $templatename, 0, 1 ) === ':') { // vložena stránka $rights = allRightTags( getContentPage( substr( $templatename, 1 ) ) ); } else { // vložena šablona $rights = allRightTags( getTemplatePage( $templatename ) ); } if ( is_array( $rights ) ) { if ( $wgUser->mId === 0 ) { /* Redirection unknown users */ $wgActions['view'] = false; doRedirect('accesscontrol-info-anonymous'); } else { if ( in_array( 'sysop', $wgUser->mGroups, true ) ) { if ( isset( $wgAdminCanReadAll ) ) { if ( $wgAdminCanReadAll ) { return true; } } } $users = accessControl( $rights['groups'] ); if ( ! in_array( $wgUser->mName, $users[0], true ) ) { $wgActions['edit'] = false; $wgActions['history'] = false; $wgActions['submit'] = false; $wgActions['info'] = false; $wgActions['raw'] = false; $wgActions['delete'] = false; $wgActions['revert'] = false; $wgActions['revisiondelete'] = false; $wgActions['rollback'] = false; $wgActions['markpatrolled'] = false; if ( ! in_array( $wgUser->mName, $users[1], true ) ) { $wgActions['view'] = false; return doRedirect( 'accesscontrol-info-anonymous' ); } } } } fromTemplates( substr( $string, $end + 2 ) ); } } } function allRightTags( $string ) { /* Function for extraction content tag accesscontrol from raw source the page */ $contenttag = Array(); $starttag = ""; $endtag = ""; $redirecttag = "redirect"; if ( ( mb_substr( trim( $string ), 0, 1 ) == "#" ) && ( stripos( mb_substr( trim( $string ), 1, 9 ), $redirecttag ) == "0" ) ) { /* Treatment redirects - content variable $string must be replaced over content the target page */ $sourceredirecttag = mb_substr( $string, 0, strpos( $string, ']]' ) ); $redirecttarget = trim( substr( $sourceredirecttag, strpos( $sourceredirecttag, '[[' ) + 2 ) ); if ( strpos( $redirecttarget, '|' ) ) { $redirecttarget = trim( substr( $redirecttarget, 0, strpos( $redirecttarget, '|' ) ) ); } $Title = new Title(); $gt = $Title->makeTitle( 0, $redirecttarget ); return allRightTags( getContentPage( $gt ) ); } // Kontrola accesscontrol ve vložených šablonách a stránkách fromTemplates($string); $start = strpos( $string, $starttag ); if ( $start !== false ) { $start += strlen( $starttag ); $end = strpos( $string, $endtag ); if ( $end !== false ) { $groupsString = substr( $string, $start, $end-$start ); if ( strlen( $groupsString ) == 0 ) { $contenttag['end'] = strlen( $starttag ) + strlen( $endtag ); } else { $contenttag['groups'] = $groupsString; $contenttag['end'] = $end + strlen( $endtag ); } if( isset( $_SESSION['redirect'] ) ) { $_SESSION['redirect'] = $contenttag; } else { return $contenttag; } } } else { if( isset( $_SESSION['redirect'] ) ) { return $_SESSION['redirect']; } else { return false; } } } function hookUserCan( &$title, &$wgUser, $action, &$result ) { /* Main function control access for all users */ global $wgActions, $wgAdminCanReadAll; if ( $wgUser->mId === 0 ) { /* Deny actions for all anonymous */ $wgActions['edit'] = false; $wgActions['history'] = false; $wgActions['submit'] = false; $wgActions['info'] = false; $wgActions['raw'] = false; $wgActions['delete'] = false; $wgActions['revert'] = false; $wgActions['revisiondelete'] = false; $wgActions['rollback'] = false; $wgActions['markpatrolled'] = false; } $rights = allRightTags( getContentPage( $title->mDbkeyform ) ); if ( is_array( $rights ) ) { if ( $wgUser->mId === 0 ) { /* Redirection unknown users */ $wgActions['view'] = false; doRedirect( 'accesscontrol-info-anonymous' ); } else { if ( in_array( 'sysop', $wgUser->mGroups, true ) ) { if ( isset( $wgAdminCanReadAll ) ) { if ( $wgAdminCanReadAll ) { return true; } } } $users = accessControl( $rights['groups'] ); if ( in_array( $wgUser->mName, $users[0], true ) ) { return true; } else { $wgActions['edit'] = false; $wgActions['history'] = false; $wgActions['submit'] = false; $wgActions['info'] = false; $wgActions['raw'] = false; $wgActions['delete'] = false; $wgActions['revert'] = false; $wgActions['revisiondelete'] = false; $wgActions['rollback'] = false; $wgActions['markpatrolled'] = false; if ( in_array( $wgUser->mName, $users[1], true ) ) { return true; } else { $wgActions['view'] = false; return doRedirect( 'accesscontrol-info-anonymous' ); } } } } else { return true; } } ?> accesscontrol-2.1/changelog.txt000064400000000000000000000044561213673535200167240ustar00rootroot00000000000000version 2.1 * Fixed security problem with insert protected page, or template version 2.0 * Completly rewrited for MediaWiki >= 1.18 by Aleš Kapica * Removed not used variables: $wgAccessControlDebug $wgAccessControlDebugFile $wgAllowInfo $wgAllowUserList $wgAccessControlMessages version 1.3 * Gabor Simon fixed problem in function getUsersFromPages() * Applying patch from Stephan Herrmann version 1.2 * Fixed errors in parameter fuction doControlUserAccess() * Repairing while lopp in function getContentTag() version 1.1 * Fixed security bug with accessibility on protected page over #REDIRECT version 1.0 * Refactored all code * Added localization file * Changed separator on one comma (from double) * Readonly access is can not only group, but user too version 0.8 *Fixes for hook errors in MediaWiki 1.11.0 included *Support for the Group of anonymous users added *UNIQ/QUINU-Bug kind of fixed (own Link-Parser) version 0.7 *now it's possible to have read-only groups. *set the english language as default *refactored some functions for better readability *it's now possible to use the internal groups from MediaWiki *Added a TODO-Document version 0.6 *Bugfix release, touching the article didn't work, so I use a header redirect (bad hack, but works). *works now also for anonymous users version 0.5 *Articles with the accesscontrol tag are now touched in advance to displaying it, so the page will not read from the cache *removed some development junk ;-) *better documentation of the accesscontrolSettings.php *added some debugging code version 0.4 *tested in Version 1.8.2 *added some Tips *if more then one group is in the tag, all groups are now displayed *there is now an option, where you can turn off the behaviour, that users in the sysop group can see restricted pages *the "access is allowed only for group..." text is now in the accesscontrolSettings.php for easier localisation version 0.3 *access is now also controlled for editing the pages (if you access it manually per action=edit in the URL) *only sysops can now view and edit the "Usergroup:.." pages *added a changelog ;-) version 0.2 *some fixes, to make it work under Version 1.7.1 *Sysops can now always access pages, so if you make an error, you have always the opportunity to correct it ;-) version 0.1 first Version