Extension:CategoryControl

From MediaWiki.org

Jump to: navigation, search
If you need per-page or partial page access restrictions, you are advised to install an appropriate content management package. MediaWiki was not written to provide per-page access restrictions, and almost all hacks or patches promising to add them will likely have flaws somewhere, which could lead to exposure of confidential data. We are not responsible for anything being leaked, leading to loss of funds or one's job.
For further details, see Security issues with authorization extensions


           

Manual on MediaWiki Extensions
List of MediaWiki Extensions
Crystal Clear action run.png
CategoryControl

Release status: experimental
Implementation  User rights
Description Access control via group and category permissions.
Author(s)  Kevin Kragenbrink, II (kkragenbrinkTalk)
Last Version  0.1
MediaWiki  1.13+
License CC BY-NC-SA
Download Extension:CategoryControl#Code

check usage (experimental)

Contents

[edit] What can this extension do?

This extension is meant to provide a very simple and flexible level of Per-Page Access Control by utilizing Categories and usergroups as the control method.

[edit] Usage

Follow the Installation instructions below. Articles to be locked down should be added to a Category that has been specified in the $wgCategoryPermissions array. Users can then be added to the allowed groups using the standard mediawiki user rights management.

[edit] Download instructions

Please cut and paste the code found below and place it in $IP/extensions/CategoryControl/CategoryControl.php. Note: $IP stands for the root directory of your MediaWiki installation, the same directory that holds LocalSettings.php.

[edit] Installation

To install this extension, add the following to LocalSettings.php:

require_once("$IP/extensions/CategoryControl/CategoryControl.php");

[edit] Configuration parameters

The $wgCategoryPermissions variable is used to define permissions in groups for each category and action. If no permissions are defined for a category and action, then permission handling falls back to the standard $wgGroupPermissions.

$wgCategoryPermissions['category']['*'] = 'sysop' // Sysops can do anything they want with this category.
$wgCategoryPermissions['category']['*'] = 'bureaucrat' // Bureaucrats can do anything they want with this category.
$wgCategoryPermissions['category']['read'] = array( 'newgroup', 'othergroup' ); // Users who are in both NewGroup and OtherGroup can read pages in this category.

[edit] Code

<?php
if( !defined( 'MEDIAWIKI' ) )
{
	echo( "This file is an extension to the MediaWiki software and cannot be used standalone.\n" );
	die( 1 );
}
 
$wgExtensionCredits['parserhook'][] = array( 
	'name' => 'CategoryControl', 
	'author' => '[http://www.mediawiki.org/wiki/User:Kkragenbrink Kevin Kragenbrink, II]', 
	'url' => 'http://mediawiki.org/wiki/Extension:CategoryControl',
	'description' => 'Category and UserGroup based authorizations',
	'version' => 0.1,
); 
 
$wgHooks['userCan'][] = 'hookCategoryControl';
$wgCategoryPermissions = array();
 
function hookCategoryControl( &$title, &$wgUser, $action, &$result )
{
	$result = NULL;
	$categories = $title->getParentCategories();
 
	if( is_array( $categories ) && count( $categories ) )
	{
		foreach( $categories AS $category => $index )
		{
			$category = substr( $category, 9 );
			$allow = wfUserCategoryCan( $category, $wgUser, $action );
 
			if( !$allow )
				break;
		}
	}
	else
		$allow = TRUE;
 
	// Hack to display the proper error message.
	if( !$allow )
	{
		$result = FALSE;
		global $wgGroupPermissions;
		foreach( $wgGroupPermissions AS $group => $rights )
		{
			$wgGroupPermissions[$group]['read'] = FALSE;
		}
		return FALSE;
	}
 
	return TRUE;
}
 
function wfUserCategoryCan( $category, &$wgUser, $action )
{
	global $wgCategoryPermissions;
 
	// If the requested category has no specified permissions, allow access.
	if( !in_array( $category, array_keys( $wgCategoryPermissions ) ) )
		return TRUE;
 
	// If the specified action has no specified permissions, allow access.
	if( !in_array( $action, array_keys( $wgCategoryPermissions[$category] ) ) && !in_array( '*', array_keys( $wgCategoryPermissions[$category] ) ) )
		return TRUE;
 
	$permission_lists = is_array( $wgCategoryPermissions[$category][$action] ) ? $wgCategoryPermissions[$category][$action] : $wgCategoryPermissions[$category]['*'];
 
	foreach( $permission_lists AS $list => $permissions )
	{
		$permission[$list] = TRUE;
		if( is_array( $permissions ) )
		{
			foreach( $permissions AS $group )
			{
				$permission[$list] = in_array( $group, $wgUser->getEffectiveGroups() );
			}
		}
		else
		{
			$permission[$list] = in_array( $permissions, $wgUser->getEffectiveGroups() );
		}
	}
 
	return in_array( TRUE, $permission );
}
Retrieved from "http://www.mediawiki.org/wiki/Extension:CategoryControl"