Extension talk:Improved Access Control

From mediawiki.org
Latest comment: 8 years ago by Ckoerner in topic Google Code Shutting Down

A 'strange' error when using php changepassword --user=xxxx --password=xxxx[edit]

Got this error/warning PHP Strict Standards: Declaration of AccessControlChangesList::recentChangesLine() should be compatible with OldChangesList::recentChangesLine(&$rc, $watched = false, $linenumber = NULL) in /u01/mediawiki/extensions/added/improved-accesscontrol/includes/AccessControlChangesList.php on line 6

but password is changed.

Installed software

Product         Version
MediaWiki	1.23.10
PHP	        5.5.25 (apache2handler)
MySQL	        5.1.73

Anyone an idea how to solve this? It's not critical though.

Two years later this message still shows up in the error_log. It also happens when accessing pages. Using MediaWiki 1.27.4 and 1.29.2 at the moment with PHP 7.2.0.

Works, but breaks block on anonymous access[edit]

In LocalSettings.php, I have

 $wgGroupPermissions['*']['read']            = false;

and without this extension that stopped users who weren't logged in from viewing pages. But with improved-access-control extension, anonymous users can view all pages.

Any idea how I can fix this?

Yikes, I'll see if I can get a fix out for this within the week. JEisen 13:42, 13 January 2009 (UTC)Reply
There's now a new download (1.1.2) which should fix this. It's borderline whether this is a bug in MediaWiki or not, but for now there's a fix in my extension. JEisen 06:52, 25 January 2009 (UTC)Reply


Doesn´t work with Mediawiki 1.13.3 ?[edit]

  • I have the problem that everyone can take a look on every page. is it my fault and i missconfigured something or has anyone the same problem ?
  • Now works the restriction. but only sysops have access. the groupmanagement doesn´t work.
  • The wikisearch doesn´t work too if your not a sysop
Fatal error: Call to a member function getArticleId() on a non-object in /var/www/wiki/extensions/improved-accesscontrol/includes/accessHookSupport.php on line 130
I'm testing with 1.13.3 and can't reproduce this problem. Can you give more details on your configuration? Are you using the latest version of the extension (1.1.2)? Is this when using the patch, and with what settings in improved-accesscontrol-options.php? JEisen 13:51, 29 January 2009 (UTC)Reply


I did a complete new installation(latest version + Patch)
I changed following Settings in ia-options to true: $egUsergroupsRequireAdmin and $egAdminCanReadAll
With my Sysop Account i´ve got access to all pages; with my Testaccount which is assigned to the Usergroup "Group1" i´ve got access to pages which should be open to the account. But when i try to get access to a restricted page i get following error message:
Fatal error: Call to a member function getArticleId() on a non-object in /var/www/wiki/extensions/improved-accesscontrol/includes/accessHookSupport.php on line 120
Line 119 // Get the article ID to make sure it exists
Line 120 $articleID = $title->getArticleId();
if I use $wgTitle instead of $title I´ve got a permission error; Even if the patch isn´t installed or while searching the fatal error appears

Problem with transclusion[edit]

My wiki (MoWes Package) is as follows:

  • MediaWiki 1.13.1
  • PHP 5.2.6 (apache2handler)
  • MySQL 5.0.67-community-nt
  • latest Version of Improved-AccessControl
  • My Wiki is in english. I created a page called "Usergroup:Restricted" which contains one user (not a sysop!)
  • I created a test page (:Testseite) which I cannot access using another regular user (ok)
  • I created another page which refers to the restricted one {{:testseite}}, but is not restricted. To me it seems as if transclusion is not checked at all because I always get the contents of the first test page (which I should not be able to see)

Creating a logfile I get following output:

(efIACAccessControlUserCanHook) checking access for Elch71 on 'Testseite2'
(efIACUserCanAccess) no access controls on article
(efIACReturnResult) Return status is 1.
Override is .

After applying the Revisions to editpage.php & specialSearch.php the transclusion is changed to an error message in the article.
Is this how the transclusion protection works? - sorry, but it is not quite clear to me
As a consequence it means: if the page which contains the transclusion exists before the protected article is created - or - the article is protected after the referring page is created the protected text is shown - right?

Transclusion protection is put in on editing only -- with the current design, I can't read access controls on a transcluded page before it's loaded. So what it does instead is prevents someone without permissions to transclude a protected page by replacing it with an error. I'm about to pick this code up again to make sure it works with 1.13.5 and 1.14.0 -- I'll see if there's anything I can do to make that cleaner. JEisen 20:36, 14 March 2009 (UTC)Reply
understood - thanks for the quick answer. Also many thanks for creating this tool!!! It's really appreciated K.W. 84.149.248.31 18:55, 15 March 2009 (UTC)Reply

thank you f[edit]

hey, great extension it help me a lot. One question: how do you run the patch?

thanks miks

Allow 'logged in user'?[edit]

Great improvement over the existing access control extensions, with one small issue. I want to allow anonymous access to some pages (for example, the front page), so I cannot just deny all users in the Mediawiki config. However, I'd like to permit logged in users to view other pages (including a 'how to get more access' page).

With access-control-1.0, it was possible to use any page that contained a bulleted list as a list of users; we used Special:ListUsers for this purpose. You could also use the built-in users group, but that didn't work very well (along with other problems, hence moving away from it).

Is it possible to specify 'any logged in user' in an access control block?

Use MediaWiki group[edit]

Use this function in "accessHookSupport.php"

function efIACUserCanAccessMediaWikiGroups( &$user, &$accessGroups, $action ){

  global $egReadOnlyActionAccess;
  global $wgUser;
  $explodedGroups = explode( ',,', $accessGroups );
  $userGroups = $wgUser->mGroups;
  $userName = trim($user->getName());

  if(in_array($userName, $explodedGroups))
  {
                efIACDebugLog("(efIACUserCanAccessPageGroups)"."full access granted ");
                return true;
  }
  if(in_array($userName."(ro)", $explodedGroups) && in_array( $action, $egReadOnlyActionAccess ))
  {
                efIACDebugLog( "(efIACUserCanAccessPageGroups)"."read-only access granted ");
                return true;
  }
        foreach($userGroups as $usergroup)
        {
                if(in_array($usergroup, $explodedGroups))
                {
                        efIACDebugLog("(efIACUserCanAccessPageGroups)"."full access granted ");
                        return true;
                }
                else if(in_array($usergroup."(ro)", $explodedGroups) && in_array( $action, $egReadOnlyActionAccess ))
                {
                        efIACDebugLog( "(efIACUserCanAccessPageGroups)"."read-only access granted ");
                        return true;
                }
        }
        return false;
}

195.241.5.2 07:38, 10 June 2009 (UTC) This patch works as expected on MW 1.14 --Pieter LexisReply

OldChangesList[edit]

I get the following error:

Fatal error: Class 'OldChangesList' not found in /var/lib/mediawiki/extensions/improved-accesscontrol/includes/AccessControlChangesList.php on line 6

How do I fix this error or get the correct file?

Problem with efIACAccessControlEditFilterHook[edit]

I kept getting an error whenever anyone tried to save a page. I had to change accessHooks.php from

 function efIACAccessControlEditFilterHook( &$editor, &$text, $section, &$error ){

to:

 function efIACAccessControlEditFilterHook( $editor, $text, $section, &$error ){

That seems to fix it, haven't noticed any problems from that change. Did anyone else have this problem? I'm using MW 1.15.1 (I know it says only tested for 1.13.* ) Great extension though! I love it!

Thanks, DW

confirmed[edit]

Yes, after I upgraded our server from debian lenny to squeeze, I got this error. Your change fixed it for me, too. Thanks a lot. Robert


Yes, this was a problem I had and this fixed it. The backtrace only mentioned the first parameter because it was the first exception, but both $editor and $text were as references and need to be values. Thanks for the Help!, Tovah.


Was getting this message:

Internal error

Set $wgShowExceptionDetails = true; at the bottom of LocalSettings.php to show detailed debugging information.

checked the extension page for an update and then the discussion; but this fix did it for me as well, here's the list of update that were done:

  • Upgraded CentOS from 5.2 to 5.8
  • Upgraded MySQL from 5.0 to 5.5
  • Upgraded PHP from 5.1.6 to 5.3.19
  • Upgraded PHPMyAdmin from 2.11 to 3.5.4

Thanks a lot

Using in template[edit]

Hi i want include <accesscontrol> tag via template {{restricted}}.

Any way to use this?

Now it's display "This page is restricted" but whatever visible for restricted users. If i include directly in page without template it's work.

Bug on admins access[edit]

I have one bug in this module. When admin go to submit his changes to the article he has a problem "You cannot save content that you will be unable".

It cause this code didn't check if it user is sysop and not locking this article for sysop+)

 if( efIACUserLockingThemselvesOut( $editor->textbox1 ) ){
   $error = efIACGetMessage( 'locking-self-out' );
 }

Temporary fix is commented this code. Good fix is check if it sysop user and AdminCanReadAll flag is on.

Google Code Shutting Down[edit]

Hello, As you are likely aware, Google is shutting down their Google Code service in January of 2016. This extension appears to house its code with Google Code and is at risk to creating broken links and confusion of users in the near future.

I’m helping to let folks know about this coming update and provide some helpful links to make this migration easy. I hope you’ll take a moment and migrate your extension to a new hosting solution.

For extensions that have a compatible license, you can request developer access to the MediaWiki source repositories for extensions and get a new repository created for you. Alternatively, you may also export your code to other popular repositories such as Github and Bitbucket. Google has provided tools to help with this migration.

Ckoerner (talk) 17:17, 7 July 2015 (UTC)Reply