/** * @since 1.0.0 * * @param array $whoCanApprove array of who can approve, * @return boolean: Whether or not the user has permission to approve the page * * $whoCanApprove is like: * array( * 'group' => array('editors', 'management'), * 'user' => 'John', * 'creator' => true, * 'property' => 'Subject matter expert', * 'override' => false // <-- this is irrelevant within this function * ) */ public static function checkIfUserInPerms($whoCanApprove) { // $whoCanApprove['override'] determines whether or not this pass // through checkIfUserInPerms() will override previous passes. If this // isn't going to overwrite other permissions, and other permissions // say the user can approve, no need to check further. if ($whoCanApprove['override'] == false && self::$mUserCanApprove == true) { return self::$mUserCanApprove; } $userGroups = array_map('strtolower', self::$currentUser->getGroups()); // check if user is the page creator if ($whoCanApprove['creator'] === true && self::isPageCreator()) { self::$mUserCanApprove = true; return self::$mUserCanApprove; } // check if the user is in any of the listed groups foreach ($whoCanApprove['group'] as $group) { if (in_array(strtolower($group), $userGroups)) { self::$mUserCanApprove = true; return self::$mUserCanApprove; } } // check if the user is in the list of users foreach ($whoCanApprove['user'] as $user) { if (strtolower($user) === strtolower(self::$currentUser->getName())) { self::$mUserCanApprove = true; return self::$mUserCanApprove; } } // check if the user is set as the value of any SMW properties // (if SMW enabled) foreach ($whoCanApprove['property'] as $property) { if (self::smwPropertyEqualsCurrentUser($property)) { self::$mUserCanApprove = true; return self::$mUserCanApprove; } } // At this point self::$mUserCanApprove was not set to TRUE in this // call to this method, and thus from the perspective of just this call // to this method FALSE should be returned. Previous calls to this // method are irrelevant because if self::$mUserCanApprove was TRUE // and $whoCanApprove['override'] was FALSE this call to this method // would already have returned TRUE in the first if-block at the top. // This could be overridden in subsequent calls to this method. self::$mUserCanApprove = false; return self::$mUserCanApprove; }
public static function userCanApprove($title) { global $egApprovedRevsSelfOwnedNamespaces; // $mUserCanApprove is a static variable used for // "caching" the result of this function, so that // it only has to be called once. if (self::$mUserCanApprove) { return true; } elseif (self::$mUserCanApprove === false) { return false; } elseif ($title->userCan('approverevisions')) { self::$mUserCanApprove = true; return true; } else { // If the user doesn't have the 'approverevisions' // permission, they still might be able to approve // revisions - it depends on whether the current // namespace is within the admin-defined // $egApprovedRevsSelfOwnedNamespaces array. global $wgUser; $namespace = $title->getNamespace(); if (in_array($namespace, $egApprovedRevsSelfOwnedNamespaces)) { if ($namespace == NS_USER) { // If the page is in the 'User:'******'s their user page. if ($title->getText() == $wgUser->getName()) { self::$mUserCanApprove = true; return true; } } else { // Otherwise, they can approve revisions // if they created the page. // We get that information via a SQL // query - is there an easier way? $dbr = wfGetDB(DB_SLAVE); $row = $dbr->selectRow(array('revision', 'page'), 'revision.rev_user_text', array('page.page_title' => $title->getDBkey()), null, array('ORDER BY' => 'revision.rev_id ASC'), array('revision' => array('JOIN', 'revision.rev_page = page.page_id'))); if ($row->rev_user_text == $wgUser->getName()) { self::$mUserCanApprove = true; return true; } } } } self::$mUserCanApprove = false; return false; }
public static function checkIfUserInPerms($perms, $inclusive = false) { global $wgUser; // if this isn't going to overwrite other permissions, and other permissions say the user // can approve, no need to check further if ($inclusive == true && self::$mUserCanApprove == true) { return true; } // Is like: ["User:John", "User:Jen", "Group:sysop", "Self", "Creator", "Property:Reviewer"] // Thought about strtolower-ing all of this, but "Property:Prop Name" needs to maintain // character case. $perms = explode(',', $perms); $userGroups = array_map('strtolower', $wgUser->getGroups()); foreach ($perms as $perm) { // $perm[0] == perm type, $perm[1] == perm value (if applicable) $perm = explode(':', $perm); switch (strtolower(trim($perm[0]))) { case "user": if (strtolower(trim($perm[1])) === strtolower($wgUser->getName())) { return self::$mUserCanApprove = true; } break; case "group": if (in_array(strtolower(trim($perm[1])), $userGroups)) { return self::$mUserCanApprove = true; } break; case "creator": if (self::isPageCreator()) { return self::$mUserCanApprove = true; } break; case "property": if (self::smwPropertyEqualsCurrentUser($perm[1])) { return self::$mUserCanApprove = true; } break; case "": // skip lines w/o perms (i.e. lines like "Main = ") break; default: throw new MWException(__METHOD__ . '(): invalid permissions type'); } } // if $inclusive==true, the fact that this call to checkIfUserInPerms() didn't find a match does // not mean that that the user is denied. Instead return the unmodified value of // self::$mUserCanApprove, which could be either true or false depending on previous passes // through checkIfUserInPerms() if ($inclusive) { // FIXME: isn't this unnecessary? Will always return false? If was true and $inclusive // wouldn't it have been caught at beginning of function? return self::$mUserCanApprove; } else { return self::$mUserCanApprove = false; } }