/** Function: efIACGetAllowedUsersFromGroupPages( &$groupNames )
* Get the users with access to an article
* $groupNames --> Groups that were within <accesscontrol> tags
* Returns: Two arrays:
* [0] --> Users with full access
* [1] --> Users with read-only access
*/
function efIACGetAllowedUsersFromGroupPages(&$groupNames)
{
// Set up return arrays
$allowedUsersFull = array();
$allowedUsersReadOnly = array();
// Go through each group and store the users
foreach ($groupNames as $accessGroup) {
// If group is listed as (ro), set readOnly to true
$readOnly = false;
$name = str_replace('(ro)', '', $accessGroup);
if ($accessGroup !== $name) {
$readOnly = true;
}
// Get the page content for the Usergroup page
$pageContent = efIACGetArticleContent('Usergroup:' . $name);
if ($pageContent !== false) {
// Get the list of users
$usersFromGroup = explode('*', $pageContent);
// Put the users in the appropriate return array as lowercase
foreach ($usersFromGroup as $accessUser) {
$trimmedUser = trim($accessUser);
if ($trimmedUser != '') {
$userToAdd = strtolower($trimmedUser);
if ($readOnly) {
$allowedUsersReadOnly[] = $userToAdd;
} else {
$allowedUsersFull[] = $userToAdd;
}
}
}
}
}
$allowedUsers[0] = $allowedUsersFull;
$allowedUsers[1] = $allowedUsersReadOnly;
efIACDebugList("(efIACGetAllowedUsersFromGroupPages) edit users: ", $allowedUsers[0]);
efIACDebugList("(efIACGetAllowedUsersFromGroupPages) read users: ", $allowedUsers[1]);
return $allowedUsers;
}
/** Function: efIACAccessControlUserCanHook( $title, $wgUser, $action,
* &$result )
* Hook: userCan
* Check the current user's rights to perform an action on a page
* $title --> Title object for article being accessed
* $wgUser --> Current user
* $action --> Action being attempted
* &$result --> Result to return (modifiable).
* Returns: Whether this user has access to the page for this action
* NOTE: Return value determines whether later functions should be run to
* check access
* $result determines whether this function thinks the user should
* have access
* This extension always returns the same value as $result
*/
function efIACAccessControlUserCanHook($title, $wgUser, $action, &$result)
{
// Option for whether to pass through if sysop
global $egAdminCanReadAll;
// Make sure we're dealing with a Title object
$title = efIACMakeTitle($title);
efIACDebugLog("(efIACAccessControlUserCanHook) checking access for " . $wgUser->getName() . " on '" . $title->getText() . "'");
// Check if the user is a sysop
$userIsSysop = efIACUserIsSysop($wgUser);
// Pass through if user is a sysop and the option is set
if ($egAdminCanReadAll && $userIsSysop) {
efIACDebugLog("(efIACAccessControlUserCanHook) sysop access");
return efIACReturnResult(true, $result);
}
// Fail if article requires sysop and user is not one
if (efIACArticleRequiresAdmin($title) && !$userIsSysop) {
efIACDebugLog("(efIACAccessControlUserCanHook) sysop required");
return efIACReturnResult(false, $result);
}
// Get the content of the article
$content = efIACGetArticleContent($title);
// Get the access control list from that content
$accessList = efIACGetAccessList($content);
// Get the result of whether the user can access
$localResult = efIACUserCanAccess($wgUser, $accessList, $action);
unset($accessList);
unset($content);
unset($title);
return efIACReturnResult($localResult, $result);
}
