Extension:CategoryControl
From MediaWiki.org
For further details, see Security issues with authorization extensions
|
Release status: experimental |
|||
|---|---|---|---|
| Implementation | User rights | ||
| Description | Access control via group and category permissions. | ||
| Author(s) | Kevin Kragenbrink, II (kkragenbrinkTalk) | ||
| Last Version | 0.1 | ||
| MediaWiki | 1.13+ | ||
| License | CC BY-NC-SA | ||
| Download | Extension:CategoryControl#Code | ||
|
|||
|
check usage (experimental) |
|||
Contents |
[edit] What can this extension do?
This extension is meant to provide a very simple and flexible level of Per-Page Access Control by utilizing Categories and usergroups as the control method.
[edit] Usage
Follow the Installation instructions below. Articles to be locked down should be added to a Category that has been specified in the $wgCategoryPermissions array. Users can then be added to the allowed groups using the standard mediawiki user rights management.
[edit] Download instructions
Please cut and paste the code found below and place it in $IP/extensions/CategoryControl/CategoryControl.php. Note: $IP stands for the root directory of your MediaWiki installation, the same directory that holds LocalSettings.php.
[edit] Installation
To install this extension, add the following to LocalSettings.php:
require_once("$IP/extensions/CategoryControl/CategoryControl.php");
[edit] Configuration parameters
The $wgCategoryPermissions variable is used to define permissions in groups for each category and action. If no permissions are defined for a category and action, then permission handling falls back to the standard $wgGroupPermissions.
$wgCategoryPermissions['category']['*'] = 'sysop' // Sysops can do anything they want with this category. $wgCategoryPermissions['category']['*'] = 'bureaucrat' // Bureaucrats can do anything they want with this category. $wgCategoryPermissions['category']['read'] = array( 'newgroup', 'othergroup' ); // Users who are in both NewGroup and OtherGroup can read pages in this category.
[edit] Code
<?php if( !defined( 'MEDIAWIKI' ) ) { echo( "This file is an extension to the MediaWiki software and cannot be used standalone.\n" ); die( 1 ); } $wgExtensionCredits['parserhook'][] = array( 'name' => 'CategoryControl', 'author' => '[http://www.mediawiki.org/wiki/User:Kkragenbrink Kevin Kragenbrink, II]', 'url' => 'http://mediawiki.org/wiki/Extension:CategoryControl', 'description' => 'Category and UserGroup based authorizations', 'version' => 0.1, ); $wgHooks['userCan'][] = 'hookCategoryControl'; $wgCategoryPermissions = array(); function hookCategoryControl( &$title, &$wgUser, $action, &$result ) { $result = NULL; $categories = $title->getParentCategories(); if( is_array( $categories ) && count( $categories ) ) { foreach( $categories AS $category => $index ) { $category = substr( $category, 9 ); $allow = wfUserCategoryCan( $category, $wgUser, $action ); if( !$allow ) break; } } else $allow = TRUE; // Hack to display the proper error message. if( !$allow ) { $result = FALSE; global $wgGroupPermissions; foreach( $wgGroupPermissions AS $group => $rights ) { $wgGroupPermissions[$group]['read'] = FALSE; } return FALSE; } return TRUE; } function wfUserCategoryCan( $category, &$wgUser, $action ) { global $wgCategoryPermissions; // If the requested category has no specified permissions, allow access. if( !in_array( $category, array_keys( $wgCategoryPermissions ) ) ) return TRUE; // If the specified action has no specified permissions, allow access. if( !in_array( $action, array_keys( $wgCategoryPermissions[$category] ) ) && !in_array( '*', array_keys( $wgCategoryPermissions[$category] ) ) ) return TRUE; $permission_lists = is_array( $wgCategoryPermissions[$category][$action] ) ? $wgCategoryPermissions[$category][$action] : $wgCategoryPermissions[$category]['*']; foreach( $permission_lists AS $list => $permissions ) { $permission[$list] = TRUE; if( is_array( $permissions ) ) { foreach( $permissions AS $group ) { $permission[$list] = in_array( $group, $wgUser->getEffectiveGroups() ); } } else { $permission[$list] = in_array( $permissions, $wgUser->getEffectiveGroups() ); } } return in_array( TRUE, $permission ); }