Extension talk:SimpleSecurity/Archive

ifUserCan bugfix (resolved)
-	public function ifUserCan(&$parser, $action, $title, $then, $else = '') { return $title->userCan($action) ? $then : $else; } +	public function ifUserCan(&$parser, $action, $title, $then, $else = '') { $oTitle = Title::newFromText( $title ); return $oTitle->userCan($action) ? $then : $else; } otherwise it will crash as title is simple string

--Eugenem 13:10, 10 August 2008 (UTC)
 * oops, thanks will update asap :-) --Nad 11:17, 12 August 2008 (UTC)
 * it's still not in trunk (2.4.8) :) -- ZoTyA 11:21, 28 August 2008 (UTC)
 * Is it gonna show up in trunk anyway? It's still not in yet -- ZoTyA 17:25, 2 September 2008 (UTC)

doesn't work in MW 1.13 (resolved)
Fatal error: Call to a member function closeAll on a non-object in /sites/jewage.org/wtest/extensions/SimpleSecurity/SimpleSecurity.php on line 295

The call to closeAll fails because $wgLoadBalancer has been removed from this version of MW. http://www.mediawiki.org/wiki/Manual:$wgLoadBalancer
 * I've done it a simpler way now that intercepts database requests without needing to deal with the load balancer. I'll update it soon, but have to finish the category and namespace permissions first. --Nad 11:58, 23 August 2008 (UTC)

errors with 1.10.1 (resolved)
Notice: Undefined variable: DBtype in /var/wwwdata/applications/mediawiki/extensions/SimpleSecurity/SimpleSecurity.php on line 63 This is just php being pedantic. Warning: preg_replace_callback [function.preg-replace-callback]: Unable to call custom replacement function in /var/wwwdata/applications/mediawiki/extensions/SimpleSecurity/SimpleSecurity.php(416) : eval'd code on line 4 Not too sure what's going on here. Database error A database query syntax error has occurred. This may indicate a bug in the software. The last attempted database query was:

SELECT rev_page FROM `revision` WHERE rev_text_id = LIMIT 1

from within function "SimpleSecurity::validateRow". MySQL returned error "1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIMIT 1' at line 1 Looks like it's missing something after the rev_text_id = --Rob 20:02, 24 August 2008 (UTC)
 * MediaWiki: 1.10.1
 * PHP: 5.2.0-8+etch11 (cgi-fcgi)
 * MySQL: 5.0.32-Debian_7etch6-log
 * These bugs are all fixed now I think, plus a couple of others too ;-) --Nad 06:28, 26 August 2008 (UTC)
 * It presents in 4.2.4 too on MW 1.13 --ZoTyA 08:49, 27 August 2008 (UTC)
 * I'm not getting any errors or warnings on 1.13, could you let me know the details of your errors? --Nad 10:40, 27 August 2008 (UTC)
 * Same errors as above (expect in line #410)

preg-replace-callback error (resolved)
This is a new installation
 * MediaWiki: 1.13.0
 * PHP: 5.2.0-8+etch11 (cgi-fcgi)
 * MySQL: 5.0.32-Debian_7etch6-log

$wgSecurityUseDBHook=true; require_once("$IP/extensions/SimpleSecurity/SimpleSecurity.php"); $wgSecurityRenderInfo=true; $wgSecurityAllowUnreadableLinks=false;

If I log'd in as a user I got this: Warning: preg_replace_callback [function.preg-replace-callback]: Unable to call custom replacement function in /wiki/extensions/SimpleSecurity/SimpleSecurity.php(410) : eval'd code on line 5

Uncommenting debug print in line #399. Got the warning in this SELECT (and lots other after this)

SELECT *  FROM `tmwiki_user`  WHERE user_id = '1'  LIMIT 1

If I not log'd in I got this: Database error A database query syntax error has occurred. This may indicate a bug in the software. The last attempted database query was: SELECT rev_page FROM `tmwiki_revision` WHERE rev_text_id = LIMIT 1 from within function "SimpleSecurity::validateRow". MySQL returned error "1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIMIT 1' at line 1 (localhost)".

What details do you need?

-- ZoTyA 11:29, 27 August 2008 (UTC)
 * Are you sure you're using SimpleSecurity version 4.2.4? the errors and line numbers you're reporting don't match the version. Check in your special:version page --Nad 12:50, 27 August 2008 (UTC)
 * It's "4.2.4, 2008-08-27" from trunk-r40071. Now I downloaded 4.2.5 (trunk-r40079), and the error still there!?! -- ZoTyA 16:26, 27 August 2008 (UTC)
 * Tried 4.2.7 from trunk-r40119 and no change :( I've google'd a few and I found a PHP bug witch seems to be present in the official Debian Etch PHP5 (5.2.0-8+etch11) package. I don't know what to do :( -- ZoTyA 10:06, 28 August 2008 (UTC)
 * I think the error is not that Etch/PHP bug, I think that your wiki is doing database activity earlier than mine (perhaps another extension does some early access) and that the database hook is trying to execute the SimpleSecurity::PatchSQL method before it has been defined. Just in case this is what's happening I've made the database hooks not execute if $wgSimpleSecurity is not an object, so try 4.2.8 and let me know if any luck --Nad 10:35, 28 August 2008 (UTC)
 * Same error with 4.2.8! If no other extension loaded I got the same error. if $wgSecurityUseDBHook=false; there are no errors and everything works fine (as I see) -- ZoTyA 11:12, 28 August 2008 (UTC)
 * Fixed in 2.4.9, 2008-08-30 -- ZoTyA 06:55, 30 August 2008 (UTC)

Category-based permissions don't work (resolved)
I Need to define a category which can only be edited by a particular group. I've done the following in LocalSettings.php:

$wgGroupPermissions['PuedeEditar']['read']=true; $wgPageRestrictions['Category:ProtegidoEscritura']['edit'] = 'PuedeEditar';
 * 1) to create a group
 * 1) only members of 'PuedeEditar' can edit on category 'ProtegidoEscritura'

I've created an user in the group 'PuedeEditar' and other user not in this group and also a page with de category 'ProtegidoEscritura':

Category:ProtegidoEscritura

The two users can edit the page...

My configuration of Simple Security on LocalSettings is: $wgSecurityUseDBHook=true; $wgSecurityAllowUnreadableLinks=false; $wgSecurityRenderInfo=true;

I use MediaWiki 1.13 and the last version of Simple Security (4.2.2)

¿ Any suggestions ?
 * What does the list of restrictions say in the security info on a page thats not working? --Nad 09:58, 26 August 2008 (UTC)


 * With $wgSecurityRenderInfo = true, there isn't any restrictions info in the page. It seems that the restriction is not being applied. Anyway, when I protect the page using the tab, I can see the restriction information.
 * I've got a new 1.13 running to debug it in, I should be able to have it running soon --Nad 12:54, 26 August 2008 (UTC)
 * I've fixed some more bugs and got it working in 1.13, give it a try now with version 4.2.4. --Nad 07:51, 27 August 2008 (UTC)

Problem in my MW 1.13 (resolved)
The extention functions worked well.

But on the top of the site (over the logo) apears a text with all the rights of the user

Like this:

"Array ( [0] => userrights [1] => noratelimit [2] => usermerge [3]..."

How can I fix that?


 * Comment out the line #221 of SimpleSecurity.php

# Put the anon read right back in $wgGroupPermissions if it was there initially # - it had to be removed because Title::userCanRead short-circuits with it - print_r($rights); + #print_r($rights);

-- ZoTyA 09:26, 28 August 2008 (UTC)

$wgSecurityExtraGroups in MW 1.13
I haven't used SimpleSecurity before MV 1.13. Is $wgSecurityExtraGroups fully working?

$wgSecurityExtraGroups = array(   'foo' => 'Foo group',    'bar' => 'Bar group' ); The above example makes the protect tab's edit/move/read input select size +2 but the last two is empty (nothing rendered in the source).

$wgSecurityExtraGroups = array(   'edit' => 'something', );

If the index is edit/move/read that makes the protect tab's edit/move/read select size +1 and the last options name is something, value is edit (the index).

Ofcourse I tried to add groups witch have users and at least read right.

-- ZoTyA 17:22, 28 August 2008 (UTC)
 * Any comments? -- ZoTyA 17:26, 2 September 2008 (UTC)
 * The index should be the internal name of a group (as seen in the user rights special page etc), and the value is a more friendly name shown in the protection form. There should not be any actions specified in that array it's just for adding groups into the protection form. --Nad 22:30, 2 September 2008 (UTC)
 * Have you gotten this working? Because I'm experiencing the same blank space in the select box.  I've specified the same name as a group I created, but it still only shows a blank. Jprice 18:19, 4 September 2008 (UTC)
 * No, it's still not working to me -- ZoTyA 19:01, 4 September 2008 (UTC)

Here's what I have in my LocalSettings.php: $wgGroupPermissions['DBA' ]['move']           = true; $wgGroupPermissions['DBA' ]['read']           = true; $wgGroupPermissions['DBA' ]['edit']           = true; $wgGroupPermissions['DBA' ]['createpage']     = true;

$wgSecurityUseDBHook = true; include("$IP/extensions/SimpleSecurity/SimpleSecurity.php"); $wgSecurityExtraGroups = array('DBA' => 'DBA group'); Still only getting an extra blank space in the selection box right below 'Sysops only'. What am I missing? Jprice 13:22, 5 September 2008 (UTC)
 * 1) Security
 * You're right it's not working in 1.13, I'll look in to it shortly --Nad 22:31, 5 September 2008 (UTC)
 * Ok try it now, I found what 1.13 was doing differently and accounted for it --Nad 01:00, 6 September 2008 (UTC)
 * It's working for me -- ZoTyA 09:22, 7 September 2008 (UTC)
 * Still not for me. Since it works for ZoTyA now, I can only assume it's something wrong in my setup.  Is there any way to turn on any debugging to see what it's doing? -- Jprice 12:33, 8 September 2008 (UTC)
 * Figured it out. It's a problem with Firefox 3.  It works fine now in IE.  Not sure what FF is doing differently, but I've had a few issues with FF3. Seriously considering downgrading back to v2. -- Jprice 15:08, 8 September 2008 (UTC)
 * Strange because I use FF3 too. -- ZoTyA 18:06, 8 September 2008 (UTC)
 * I'm on FF3 too with no problem, is this still the problem of the extra group not showing or something else? --Nad 21:19, 8 September 2008 (UTC)
 * Strange. Yes, it's the same "blank space" issue.  Can't imagine it's anything in my LocalSettings.php, since it works in IE.  Is there some obscure browser setting that would cause this? -- Jprice 21:30, 8 September 2008 (UTC)

I'm not sure it's a strange one alright, could you give me the html source of the FF3 page? probly best to email it to me on aran at organicdesign dot co dot nz. --Nad 00:25, 9 September 2008 (UTC)
 * Just emailed the info. I'm wondering if this could be some sort of cache issue?  Clearing the browser cache didn't help.  Is there some way to clear out the MW cache? -- Jprice 13:18, 9 September 2008 (UTC)
 * You can clear the cache in MediaWiki by adding action=purge to the query string. It behaves differently depending on whether you are an anonymous login or not --Zven 21:56, 10 September 2008 (UTC)
 * I had another extension act a little whacky on me. That plus some performance issues with FF3 was the last straw.  I've downgraded back to FF2, and it's working fine.  If you happen to find out why it wasn't working, I'd be curious to know.  But I'm going to wait a few months before trying FF3 again. -- Jprice 19:23, 9 September 2008 (UTC)


 * I have the same problem. I tryed it in Firefox 2 and Internet Explorer 7 but get still blank spaces. I also cleared the browser cache aswell as the MediaWiki cache but no effect. Im using MediaWiki 1.13.1 and have PHP 5.2.4-2 installed. --Cagey83 13:33, 18 September 2008 (UTC)
 * Ok, I thought it was resolved, but it's back. Maybe I didn't check closely enough last time, but it's the "blank space" issue again.  What I've found is quite strange.  If I'm logged in as any user (even wikiadmin) I just get the extra blank space in the box.  If I log out, and then click on the back button(to get back to the protect page), and refresh, then the group appears!  Although it's greyed out because non-logged in users do not have the 'protect' privilege.  If I log back in and refresh, the group disappears and is replaced with the blank space. -- Jprice 20:41, 18 September 2008 (UTC)
 * It's seems like it's something with the protect priv. Once I set $wgGroupPermissions['user']['protect'] = false; then refreshed the page as a logged in user, I can see the extra groups. (greyed out of course)  So why can't I see them when the protect priv is set to true? -- Jprice 20:49, 18 September 2008 (UTC)

I'm having the exact same issue as Jprice, running a fresh install of 1.13.1 --GravitySpec 07:29, 19 September 2008 (UTC)

It's the same for me aswell as Jprice described it. --Cagey83 16:09, 19 September 2008 (UTC)
 * Well, I've been playing around with this quite a bit, and I'm finally getting somewhere. I started rearranging the order of things in LocalSettings.php.  This is what the relevant section of the file looks like now:

$wgGroupPermissions['MGR']['read'] = true; $wgGroupPermissions['ORA']['read'] = true; $wgGroupPermissions['SQL']['read'] = true; $wgGroupPermissions['DB2']['read'] = true;
 * 1) Create additional groups

$wgSecurityUseDBHook = true; include("$IP/extensions/SimpleSecurity/SimpleSecurity.php"); $wgSecurityExtraGroups = array( 'MGR' => 'Managers',                               'ORA' => 'Oracle DBAs',                                'SQL' => 'SQL Server DBAs',                                'DB2' => 'DB2 DBAs');
 * 1) Security
 * I then assigned certain groups to different users in the "User rights management" page. Now users can only see the groups to which they belong.  Then rest of the spots are still blank.  Which really isn't a problem, since I can't see why a user would want to protect a page to a group outside of what they are assigned.
 * Because of this, I specifically assigned all the groups to the wikiadmin user, so all of them are visible when logged in as wikiadmin. -- Jprice 17:00, 19 September 2008 (UTC)

Thanks for the great discovery Jprice! I added my admin user that I created to the group I created and it became visible too. Working like a charm now! :D --GravitySpec 22:08, 19 September 2008 (UTC)

not an action group permission (resolved)
Some extensions expects that the group permission's name does not contains space. I don't know what is the MW rule for this, but can you change it to not_an_action ?

SimpleSecurity.php line #109. foreach ($wgSecurityExtraGroups as $k => $v) { if (empty($v)) $v = ucfirst($k); $wgRestrictionLevels[] = $k; $wgMessageCache->addMessages(array( "protect-level-$k" => $v )); #$wgGroupPermissions[$k]['not an action'] = true; # Ensure the new groups show up in rights management $wgGroupPermissions[$k]['not_an_action'] = true; # Ensure the new groups show up in rights management }

-- ZoTyA 17:53, 28 August 2008 (UTC)
 * Ok done. Do you have your wiki available online so I can have a look and see if I can see why your DBHook won't work? --Nad 20:28, 28 August 2008 (UTC)
 * It's one of my client's and it's available online but its already contains a lot of private information, so I can't give you access to it. neither an account nor ftp access. But if you tell me what to debug/see it would be my pleasure. -- ZoTyA 12:58, 29 August 2008 (UTC)
 * Looks like I found the problem :-) it says in the PHP docs (here) that specifying a callback function which is a static method using the "class::method" format requires PHP>5.2.3, so I've changed it to array("class","method") which should work for all PHP5.x. Try the latest version and see if you're still getting the error. --Nad 22:52, 29 August 2008 (UTC)
 * I tested the situation on a PHP 5.2.0 set up and got the same error as you, the latest SimpleSecurity version doesn't have the error! --Nad 03:49, 30 August 2008 (UTC)
 * Looks good! No preg_replace_callback warning and no sql error! -- ZoTyA 06:54, 30 August 2008 (UTC)

Fatal error in MW 1.13
It doesn't happen often, but I'm sometimes getting this:

Fatal error: Call to a member function userCanReadTitle on a non-object in /var/lib/mediawiki1.7/extensions/SimpleSecurity/SimpleSecurity.php on line 278

It seems to be when I haven't been to the wiki in a while (say a day). The only way I can clear it up is to comment out the extension from LocalSettings.php, refresh the page, then uncomment it. Then it works. ...at least for a while. (btw, I realize the path shows 1.7, but I upgraded to 1.13) Jprice 18:13, 4 September 2008 (UTC)
 * It happened absolutely the same to me today. I think it's about the MW cache. -- ZoTyA 19:00, 4 September 2008 (UTC)
 * My cache is set as $wgMainCacheType = CACHE_NONE; Should it be set to something else?  Jprice 19:17, 4 September 2008 (UTC)
 * That's weird, that function should only get called on the condition that the object exists, try the latest version, I've changed it slightly which even if it still has a problem may shed more light on it. --Nad 20:58, 4 September 2008 (UTC)

SimpleSecurity cause search to fail (resolved)
hey Aran,

I noticed a big bug... The search function doesn't work when simplesecurity is active. It returns nothing. I'm running mw 1.11.

and can you choose multiple groups in the per page protection? I know you can add multiple groups in category protection.

thanks.

m
 * in <1.13 search returns no results, in 1.13+ causes an error SearchEngineDummy::replacePrefixes method not found --Nad 01:32, 6 September 2008 (UTC)
 * Fixed, searchEngine type is based on DBType --Nad 21:19, 6 September 2008 (UTC)

conflict with parserfunctions (resolved)
ParserFunctions are works well before apply this SimpleSecurity extention. But it doesn't work after applied SimpleSecurity extention. {{#if:{{#ifexpr:{{{1}}}}}|{{{1}}}|{{#expr: ......... Could you check if any conflict with parserfunctions?

MediaWiki: 1.12.0 PHP: 5.2.5 MySQL: 5.0.51a extentions: Inputbox, ParserFunctions(1.1.1), SimpleSecurity(4.2.13, 2008-09-07)

thanks --203.247.149.205 04:44, 8 September 2008 (UTC)
 * I'm not seeing any problem with ParserFunctions and SimpleSecurity, could you give me more details on how it's failing exactly, and ensure that it's definitely only failing while SimpleSecurity is also installed? --Nad 10:55, 8 September 2008 (UTC)
 * I found out ParserFunction was wrong only after SimpleSecurity installed. So, I tried comment out 'including SimpleSecurity'.
 * //include('extensions/SimpleSecurity/SimpleSecurity.php'); --> parserFunction works well.
 * include('extensions/SimpleSecurity/SimpleSecurity.php'); --> parserFunction doesn't works.
 * Could you let me know which part show you? Thank you very much, Nad!! --203.247.149.205 00:42, 9 September 2008 (UTC)
 * I solved this problem. My problem cleared by installing 'LOParserFunctions' extentions. That is, my problem has no connection with SimpleSecurity. Thanks for your attention! --203.247.149.205 06:29, 9 September 2008 (UTC)

Two (now three) problems
Hi, I'm using SimpleSecurity Version 4.1.2 and have three problems with it:


 * 1) The category-based permissions doesn't work. I like to restrict read and edit access to the category "Management" to the group "bureaucrat". So I added $wgPageRestrictions['Category:Management']['read'] = 'bureaucrat'; to my LocalSettings.php. But nothing happens. Since I use a german MediaWiki installation I also tried $wgPageRestrictions['Kategorie:Management']['read'] = 'bureaucrat'; but that doesn't help neither.
 * 2) When I protect a single page that works in principle. But Sysops are able to watch pages that should be only visible for bureauctats. Edit restriction works properly anyway.
 * 3) When I restrict the read access to a single page only for bureaucrats, normal users can't see them actually. But instead of an error message or something they get a "The page can not be displayed" error screen by the browser.
 * --JazzmanDE 14:46, 12 September 2008 (UTC)

First upgrade SimpleSecurity to the latest version, there have been many changes since 4.1.2, second let me know your MW version and if possible a link to the site so I can check it out. --Nad 21:13, 12 September 2008 (UTC)
 * I'm afraid but I can't upgrade SimpleSecurity because ParserFunctions doesn't seem to work properly with the current version. When I use 4.2.14 some more complex code doesn'T work anymore. --JazzmanDE 10:30, 17 September 2008 (UTC)
 * P.S. The usage of Extension:LO Parser Functions avoids some errors but not all of them. I can't say what's exaclty not working but with SimpleSecurity 4.1.2. I hadn't this problem. --JazzmanDE 11:55, 17 September 2008 (UTC)
 * P.P.S. With 4.2.14 the category-based permissions seem to work in general. But nothing really happens, just a appears on the pages in the category. --JazzmanDE 12:03, 17 September 2008 (UTC)
 * P.P.P.S. My MW version is 1.12.0 but sadly I can't give you access to the contents of the wiki. --JazzmanDE 14:24, 17 September 2008 (UTC)

I can't be much help if you can't tell me exactly what's not working, and I need to know what's failing with the latest version, not in 4.1.2. I have it running on 1.12 and 1.13 with parser functions and have no problems, so I need to specifically what's failing to test it. --Nad 20:19, 17 September 2008 (UTC)

Alright, I'll try to describe it more precisely:
 * Frame data:
 * MediaWiki Version 1.12.0
 * PHP 5.2.6
 * MySQL 4.1.22
 * Additional extensions: CSS 1.0.4, DynamicPageList2 1.7.4, Inputbox (no version displayed), Sort2
 * Aim: To allow only bureaucrats to read, edit or move pages in the category "Management" (neither admins)
 * Configuration code in LocalSettings.php:

$wgPageRestrictions['Category:Management']['read'] = 'bureaucrat'; $wgPageRestrictions['Category:Management']['edit'] = 'bureaucrat'; $wgPageRestrictions['Category:Management']['move'] = 'bureaucrat';
 * Case 1: ParserFunctions 1.1.1, SimpleSecurity 4.1.2
 * Admins: Can view, edit and move pages in the category.
 * Normal users: Can't view, "Page can't be displayed" browser error when trying to reach page directly.


 * Case 2: ParserFunctions 1.1.1, SimpleSecurity 4.2.14
 * Admins: Can view, edit and move pages in the category. Text "" is displayed on top of the page.
 * Normal users: Cant't view the page, correct error messages from wiki.
 * Bureaucrats: Can view/edit neither.
 * Parser errors: Obviously #expr, #ifeq and #switch functions doesn't seem to work.


 * Case 3: LO Parser Functions, SimpleSecurity 4.2.14
 * Admins/users/bureaucrats:Same as Case 2.
 * Parser errors: #expr works, #switch and #ifeq don't.

I hope the problem is clearer now. Thanks for your effort! --JazzmanDE 11:15, 18 September 2008 (UTC)
 * P.S. Case 3 seems to be a problem with LO Parser Functions (didn't have a closer look on that extension yet). The problem remains when disabling SimpleSecurity. --JazzmanDE 11:29, 18 September 2008 (UTC)

Extra security groups won't show up
I added your sample extra security groups to $wgSecurityExtraGroups but they won't show up. Strangely enough the html select box property "size" has the right number of entries, but no extra option rows are added. So my list has empty entries. Im using MediaWiki 1.13.1 and have PHP 5.2.4-2 installed. --Cagey83 13:08, 18 September 2008 (UTC)
 * Okay, it's the same as Problem 7--Cagey83 13:19, 18 September 2008 (UTC)