Extension:CategoryControl

From MediaWiki.org
Jump to: navigation, search
MediaWiki extensions manual - list
Crystal Clear app error.png
CategoryControl

Release status: unstable

Implementation User rights
Description Access control via group and category permissions.
Author(s) Kevin Kragenbrink, II (kkragenbrinktalk)
Last version 0.1
MediaWiki 1.13+
License CC BY-NC-SA
Download Extension:CategoryControl#Code
Hooks used
userCan
Check usage and version matrix

Contents

What can this extension do? [edit]

This extension is meant to provide a very simple and flexible level of Per-Page Access Control by utilizing Categories and usergroups as the control method.

Usage [edit]

Follow the Installation instructions below. Articles to be locked down should be added to a Category that has been specified in the $wgCategoryPermissions array. Users can then be added to the allowed groups using the standard mediawiki user rights management.

Download instructions [edit]

Please cut and paste the code found below and place it in $IP/extensions/CategoryControl/CategoryControl.php. Note: $IP stands for the root directory of your MediaWiki installation, the same directory that holds LocalSettings.php.

Installation [edit]

To install this extension, add the following to LocalSettings.php:

require_once("$IP/extensions/CategoryControl/CategoryControl.php");

Configuration parameters [edit]

The $wgCategoryPermissions variable is used to define permissions in groups for each category and action. If no permissions are defined for a category and action, then permission handling falls back to the standard $wgGroupPermissions.

$wgCategoryPermissions['category']['*'][] = 'sysop'; // Sysops can do anything they want with this category.
$wgCategoryPermissions['category']['*'][] = 'bureaucrat'; // Bureaucrats can do anything they want with this category.
$wgCategoryPermissions['category']['read'] = array( 'newgroup', 'othergroup' ); // Users who are in both NewGroup and OtherGroup can read pages in this category.

Code [edit]

<?php
if( !defined( 'MEDIAWIKI' ) )
{
        echo( "This file is an extension to the MediaWiki software and cannot be used standalone.\n" );
        die( 1 );
}
 
$wgExtensionCredits['parserhook'][] = array( 
        'name' => 'CategoryControl', 
        'author' => '[http://www.mediawiki.org/wiki/User:Kkragenbrink Kevin Kragenbrink, II]', 
        'url' => 'http://mediawiki.org/wiki/Extension:CategoryControl',
        'description' => 'Category and UserGroup based authorizations',
        'version' => 0.1,
); 
 
$wgHooks['userCan'][] = 'hookCategoryControl';
$wgCategoryPermissions = array();
 
function hookCategoryControl( &$title, &$wgUser, $action, &$result )
{
        $result = NULL;
        $categories = $title->getParentCategories();
 
        if( is_array( $categories ) && count( $categories ) )
        {
                foreach( $categories AS $category => $index )
                {
                        $category = substr( $category, (strpos($category, ":")+1));
                        $allow = wfUserCategoryCan( $category, $wgUser, $action );
 
                        if( !$allow )
                                break;
                }
        }
        else
                $allow = TRUE;
 
        // Hack to display the proper error message.
        if( !$allow )
        {
                $result = FALSE;
                global $wgGroupPermissions;
                foreach( $wgGroupPermissions AS $group => $rights )
                {
                        $wgGroupPermissions[$group]['read'] = FALSE;
                }
                return FALSE;
        }
 
        return TRUE;
}
 
function wfUserCategoryCan( $category, &$wgUser, $action )
{
        global $wgCategoryPermissions;
 
        // If the requested category has no specified permissions, allow access.
        if( !array_key_exists( $category, $wgCategoryPermissions ) )
                return TRUE;
 
        // If the specified action has no specified permissions, allow access.
        if( !array_key_exists( $action, $wgCategoryPermissions[$category] ) && !array_key_exists( '*', $wgCategoryPermissions[$category] ) )
                return TRUE;
 
        $permission_lists = is_array( $wgCategoryPermissions[$category][$action] ) ? $wgCategoryPermissions[$category][$action] : $wgCategoryPermissions[$category]['*'];
 
        foreach( $permission_lists AS $list => $permissions )
        {
                $permission[$list] = TRUE;
                if( is_array( $permissions ) )
                {
                        foreach( $permissions AS $group )
                        {
                                $permission[$list] = in_array( $group, $wgUser->getEffectiveGroups() );
                        }
                }
                else
                {
                        $permission[$list] = in_array( $permissions, $wgUser->getEffectiveGroups() );
                }
        }
        return in_array( TRUE, $permission );
}
?>