Extension:Group Based Access Control/AllUsers-0-8Mod

From MediaWiki.org
Jump to navigation Jump to search

See Extension_talk:Group_Based_Access_Control#All_users This modification allows you to use "*" as a group name to reference all wiki users. You just have to replace two functions with these:

	// The callback function for user access
	function controlUserAccess( $input, $showGroupText, $useReadOnlyFlag = false )
	{
		// Grab currently logged in user
		global $wgUser;

		// whether to show or to show not the little message on the Site
		global $wgAccessControlDisableMessages;
		// the page where we redirect if access was denied
		global $wgAdminCanReadAll;

		global $wgArticlePath;

		// get allowed Groups from Tag
		$groupAccess = explode(",,", $input);

		$groupsToDisplay = getGroupsToDisplay($groupAccess);

		$allowedAccess = getAllowedUsersFromGroupPages($groupAccess, $useReadOnlyFlag);

		debugme("controlUserAccess_0: the following users have access: ".implode($allowedAccess," / "));

		debugme("controlUserAccess_1: testing for access for user ".$wgUser->getName());
		// if user is NOT in Array of allowed Users...
		if (!in_array(strtolower(trim($wgUser->getName())), $allowedAccess))
		{
	                foreach($groupAccess as $groupEntry)
        	        {
                	        $groupTitle = makeGroupTitle($groupEntry, $readOnly);
                                debugme("controlUserAccess_A: Testing grouptitle -> " . $groupTitle);

                        	if(strcmp(trim($groupTitle), '*'))
	                        {
        	                         debugme("controlUserAccess_B: user in group '*', so access is granted");
					if($useReadOnlyFlag == true) return false;
                	                 if ($showGroupText)
                        	         {
                                	        return( displayGroups($groupsToDisplay) );
	                                 } else {
        	                                return true;
                	                 }
                        	}
	                }

			debugme("controlUserAccess_2: user ".$wgUser->getName()." not in group(s) ".str_replace("(ro)","",implode($groupsToDisplay,"/")).", testing for sysop rights");
			// if user in sysop-Group and admins may see restricted pages allow access nevertheless
			if ((in_array("sysop", $wgUser->mGroups)) && ($wgAdminCanReadAll == true))
			{
				debugme("controlUserAccess_3: user ".$wgUser->getName()." is sysop and wgAdminCanReadAll is true, so access will be granted");
				// Allow Access (and show Text if configured)
				if ($showGroupText)
				{
					return( displayGroups($groupsToDisplay) );
				}
				else
				{
					return true;
				}
			}
			else
			{
				debugme("user controlUserAccess_4: ".$wgUser->getName()." is not sysop or wgAdminCanReadAll is not true, so access is not allowed");
				doRedirect();
				return false;
			}
		}
		else
		{
			debugme("controlUserAccess_6: access granted, user ".$wgUser->getName()." is in group(s) ".implode($groupsToDisplay,"/"));
			// Allow Access (and show Text if configured)
			if ($showGroupText)
			{
				return( displayGroups($groupsToDisplay) );
			}
			else
			{
				return true;
			}
		}
	}

	// The callback function for user access if $wgUseMediaWikiGroups is set
	function controlMediaWikiUserAccess( $input, $showGroupText, $useReadOnlyFlag = false )
	{
		global $wgUser;
		global $wgAdminCanReadAll;
                global $wgAccessControlAnonymousGroupName;

		// get allowed Groups from Tag
		$groupAccess = explode(",,", $input);
		$readOnly = false;

		require_once("includes/User.php");

		debugme("controlMediaWikiUserAccess_1: ".$wgUser->getName());

		$groupsToDisplay = getGroupsToDisplay($groupAccess);

                $wgUsermGroups = $wgUser->mGroups;
		if (anonymousUser($wgUser))
		{
			$wgUsermGroups[] = $wgAccessControlAnonymousGroupName;
		}	

		if(in_array("sysop", $wgUsermGroups) && $wgAdminCanReadAll)
		{
			debugme("controlMediaWikiUserAccess_2: user in sysop group, so access is granted");

			if ($showGroupText)
			{
				return( displayGroups($groupsToDisplay) );
			}
			else
			{
				return true;
			}
		}

		foreach($groupAccess as $groupEntry)
		{
			$groupTitle = makeGroupTitle($groupEntry, $readOnly);
			debugme("controlMediaWikiUserAccess_3: Group = " . $groupTitle);

			if (($useReadOnlyFlag == true) && ($readOnly == true))
			{
				debugme("controlMediaWikiUserAccess_4: group '".$groupTitle."', is readonly so access is not granted");
			}
			else
			{
				if(in_array($groupTitle, $wgUsermGroups))
				{
					debugme("controlMediaWikiUserAccess_5: user in group '".$groupTitle."', so access is granted");
					if ($showGroupText)
					{
						return( displayGroups($groupsToDisplay) );
					}
					else
					{
						return true;
					}
				} else if ($groupTitle == '*')
				{
 					debugme("controlMediaWikiUserAccess_4: user in group '*', so access is granted");
					if ($showGroupText)
					{
						return( displayGroups($groupsToDisplay) );
					} else { 
						return true;
					}
				}
			}
		}

		debugme("controlMediaWikiUserAccess_6: user access denied");
		doRedirect();
		return false;
	}