Extension:CategoryControl

From MediaWiki.org
Jump to: navigation, search
If you need per-page or partial page access restrictions, you are advised to install an appropriate content management package. MediaWiki was not written to provide per-page access restrictions, and almost all hacks or patches promising to add them will likely have flaws somewhere, which could lead to exposure of confidential data. We are not responsible for anything being leaked, leading to loss of funds or one's job.
For further details, see Security issues with authorization extensions
MediaWiki extensions manual - list
Crystal Clear app error.png
CategoryControl

Release status: unstable
Implementation User rights
Description Access control via group and category permissions.
Author(s) Kevin Kragenbrink, II (kkragenbrinktalk)
Last version 0.1
MediaWiki 1.13+
License CC BY-NC-SA
Download Extension:CategoryControl#Code
Hooks used
userCan
Check usage and version matrix

Contents

What can this extension do? [edit]

This extension is meant to provide a very simple and flexible level of Per-Page Access Control by utilizing Categories and usergroups as the control method.

Usage [edit]

Follow the Installation instructions below. Articles to be locked down should be added to a Category that has been specified in the $wgCategoryPermissions array. Users can then be added to the allowed groups using the standard mediawiki user rights management.

Download instructions [edit]

Please cut and paste the code found below and place it in $IP/extensions/CategoryControl/CategoryControl.php. Note: $IP stands for the root directory of your MediaWiki installation, the same directory that holds LocalSettings.php.

Installation [edit]

To install this extension, add the following to LocalSettings.php:

require_once("$IP/extensions/CategoryControl/CategoryControl.php");

Configuration parameters [edit]

The $wgCategoryPermissions variable is used to define permissions in groups for each category and action. If no permissions are defined for a category and action, then permission handling falls back to the standard $wgGroupPermissions.

$wgCategoryPermissions['category']['*'][] = 'sysop'; // Sysops can do anything they want with this category.
$wgCategoryPermissions['category']['*'][] = 'bureaucrat'; // Bureaucrats can do anything they want with this category.
$wgCategoryPermissions['category']['read'] = array( 'newgroup', 'othergroup' ); // Users who are in both NewGroup and OtherGroup can read pages in this category.

Code [edit]

<?php
if( !defined( 'MEDIAWIKI' ) )
{
        echo( "This file is an extension to the MediaWiki software and cannot be used standalone.\n" );
        die( 1 );
}
 
$wgExtensionCredits['parserhook'][] = array( 
        'name' => 'CategoryControl', 
        'author' => '[http://www.mediawiki.org/wiki/User:Kkragenbrink Kevin Kragenbrink, II]', 
        'url' => 'http://mediawiki.org/wiki/Extension:CategoryControl',
        'description' => 'Category and UserGroup based authorizations',
        'version' => 0.1,
); 
 
$wgHooks['userCan'][] = 'hookCategoryControl';
$wgCategoryPermissions = array();
 
function hookCategoryControl( &$title, &$wgUser, $action, &$result )
{
        $result = NULL;
        $categories = $title->getParentCategories();
 
        if( is_array( $categories ) && count( $categories ) )
        {
                foreach( $categories AS $category => $index )
                {
                        $category = substr( $category, (strpos($category, ":")+1));
                        $allow = wfUserCategoryCan( $category, $wgUser, $action );
 
                        if( !$allow )
                                break;
                }
        }
        else
                $allow = TRUE;
 
        // Hack to display the proper error message.
        if( !$allow )
        {
                $result = FALSE;
                global $wgGroupPermissions;
                foreach( $wgGroupPermissions AS $group => $rights )
                {
                        $wgGroupPermissions[$group]['read'] = FALSE;
                }
                return FALSE;
        }
 
        return TRUE;
}
 
function wfUserCategoryCan( $category, &$wgUser, $action )
{
        global $wgCategoryPermissions;
 
        // If the requested category has no specified permissions, allow access.
        if( !array_key_exists( $category, $wgCategoryPermissions ) )
                return TRUE;
 
        // If the specified action has no specified permissions, allow access.
        if( !array_key_exists( $action, $wgCategoryPermissions[$category] ) && !array_key_exists( '*', $wgCategoryPermissions[$category] ) )
                return TRUE;
 
        $permission_lists = is_array( $wgCategoryPermissions[$category][$action] ) ? $wgCategoryPermissions[$category][$action] : $wgCategoryPermissions[$category]['*'];
 
        foreach( $permission_lists AS $list => $permissions )
        {
                $permission[$list] = TRUE;
                if( is_array( $permissions ) )
                {
                        foreach( $permissions AS $group )
                        {
                                $permission[$list] = in_array( $group, $wgUser->getEffectiveGroups() );
                        }
                }
                else
                {
                        $permission[$list] = in_array( $permissions, $wgUser->getEffectiveGroups() );
                }
        }
        return in_array( TRUE, $permission );
}
?>
Retrieved from "http://www.mediawiki.org/w/index.php?title=Extension:CategoryControl&oldid=534342"