/**
* @since 1.0.0
*
* @param array $whoCanApprove array of who can approve,
* @return boolean: Whether or not the user has permission to approve the page
*
* $whoCanApprove is like:
* array(
* 'group' => array('editors', 'management'),
* 'user' => 'John',
* 'creator' => true,
* 'property' => 'Subject matter expert',
* 'override' => false // <-- this is irrelevant within this function
* )
*/
public static function checkIfUserInPerms($whoCanApprove)
{
// $whoCanApprove['override'] determines whether or not this pass
// through checkIfUserInPerms() will override previous passes. If this
// isn't going to overwrite other permissions, and other permissions
// say the user can approve, no need to check further.
if ($whoCanApprove['override'] == false && self::$mUserCanApprove == true) {
return self::$mUserCanApprove;
}
$userGroups = array_map('strtolower', self::$currentUser->getGroups());
// check if user is the page creator
if ($whoCanApprove['creator'] === true && self::isPageCreator()) {
self::$mUserCanApprove = true;
return self::$mUserCanApprove;
}
// check if the user is in any of the listed groups
foreach ($whoCanApprove['group'] as $group) {
if (in_array(strtolower($group), $userGroups)) {
self::$mUserCanApprove = true;
return self::$mUserCanApprove;
}
}
// check if the user is in the list of users
foreach ($whoCanApprove['user'] as $user) {
if (strtolower($user) === strtolower(self::$currentUser->getName())) {
self::$mUserCanApprove = true;
return self::$mUserCanApprove;
}
}
// check if the user is set as the value of any SMW properties
// (if SMW enabled)
foreach ($whoCanApprove['property'] as $property) {
if (self::smwPropertyEqualsCurrentUser($property)) {
self::$mUserCanApprove = true;
return self::$mUserCanApprove;
}
}
// At this point self::$mUserCanApprove was not set to TRUE in this
// call to this method, and thus from the perspective of just this call
// to this method FALSE should be returned. Previous calls to this
// method are irrelevant because if self::$mUserCanApprove was TRUE
// and $whoCanApprove['override'] was FALSE this call to this method
// would already have returned TRUE in the first if-block at the top.
// This could be overridden in subsequent calls to this method.
self::$mUserCanApprove = false;
return self::$mUserCanApprove;
}
public static function userCanApprove($title)
{
global $egApprovedRevsSelfOwnedNamespaces;
// $mUserCanApprove is a static variable used for
// "caching" the result of this function, so that
// it only has to be called once.
if (self::$mUserCanApprove) {
return true;
} elseif (self::$mUserCanApprove === false) {
return false;
} elseif ($title->userCan('approverevisions')) {
self::$mUserCanApprove = true;
return true;
} else {
// If the user doesn't have the 'approverevisions'
// permission, they still might be able to approve
// revisions - it depends on whether the current
// namespace is within the admin-defined
// $egApprovedRevsSelfOwnedNamespaces array.
global $wgUser;
$namespace = $title->getNamespace();
if (in_array($namespace, $egApprovedRevsSelfOwnedNamespaces)) {
if ($namespace == NS_USER) {
// If the page is in the 'User:'******'s their user page.
if ($title->getText() == $wgUser->getName()) {
self::$mUserCanApprove = true;
return true;
}
} else {
// Otherwise, they can approve revisions
// if they created the page.
// We get that information via a SQL
// query - is there an easier way?
$dbr = wfGetDB(DB_SLAVE);
$row = $dbr->selectRow(array('revision', 'page'), 'revision.rev_user_text', array('page.page_title' => $title->getDBkey()), null, array('ORDER BY' => 'revision.rev_id ASC'), array('revision' => array('JOIN', 'revision.rev_page = page.page_id')));
if ($row->rev_user_text == $wgUser->getName()) {
self::$mUserCanApprove = true;
return true;
}
}
}
}
self::$mUserCanApprove = false;
return false;
}
public static function checkIfUserInPerms($perms, $inclusive = false)
{
global $wgUser;
// if this isn't going to overwrite other permissions, and other permissions say the user
// can approve, no need to check further
if ($inclusive == true && self::$mUserCanApprove == true) {
return true;
}
// Is like: ["User:John", "User:Jen", "Group:sysop", "Self", "Creator", "Property:Reviewer"]
// Thought about strtolower-ing all of this, but "Property:Prop Name" needs to maintain
// character case.
$perms = explode(',', $perms);
$userGroups = array_map('strtolower', $wgUser->getGroups());
foreach ($perms as $perm) {
// $perm[0] == perm type, $perm[1] == perm value (if applicable)
$perm = explode(':', $perm);
switch (strtolower(trim($perm[0]))) {
case "user":
if (strtolower(trim($perm[1])) === strtolower($wgUser->getName())) {
return self::$mUserCanApprove = true;
}
break;
case "group":
if (in_array(strtolower(trim($perm[1])), $userGroups)) {
return self::$mUserCanApprove = true;
}
break;
case "creator":
if (self::isPageCreator()) {
return self::$mUserCanApprove = true;
}
break;
case "property":
if (self::smwPropertyEqualsCurrentUser($perm[1])) {
return self::$mUserCanApprove = true;
}
break;
case "":
// skip lines w/o perms (i.e. lines like "Main = ")
break;
default:
throw new MWException(__METHOD__ . '(): invalid permissions type');
}
}
// if $inclusive==true, the fact that this call to checkIfUserInPerms() didn't find a match does
// not mean that that the user is denied. Instead return the unmodified value of
// self::$mUserCanApprove, which could be either true or false depending on previous passes
// through checkIfUserInPerms()
if ($inclusive) {
// FIXME: isn't this unnecessary? Will always return false? If was true and $inclusive
// wouldn't it have been caught at beginning of function?
return self::$mUserCanApprove;
} else {
return self::$mUserCanApprove = false;
}
}
