/** Function: efIACUserLockingThemselvesOut( &$text ) * Verify that a user isn't making a change that locks themselves out * $text --> Text that has been entered and is about to be saved * Returns: True if this save should be prevented */ function efIACUserLockingThemselvesOut(&$text) { global $wgUser; global $egPreventSaveDenyingAccess; // If the option to prevent this is off, let it through if (!$egPreventSaveDenyingAccess || $egPreventSaveDenyingAccess == 'none') { return false; } // Get the access control groups for the new content $accessGroups = efIACGetAccessList($text); // Determine if the user will be able to have access in the new content // egPreventSaveDenyingAccess will be 'read' or 'edit' depending on // which right the user must maintain $userCanAccess = efIACUserCanAccess($wgUser, $accessGroups, $egPreventSaveDenyingAccess); if (!$userCanAccess) { efIACDebugLog("(efIACUserLockingThemselvesOut) self-lockout save "); } unset($accessGroups); return !$userCanAccess; }
/** Function: efIACAccessControlUserCanHook( $title, $wgUser, $action, * &$result ) * Hook: userCan * Check the current user's rights to perform an action on a page * $title --> Title object for article being accessed * $wgUser --> Current user * $action --> Action being attempted * &$result --> Result to return (modifiable). * Returns: Whether this user has access to the page for this action * NOTE: Return value determines whether later functions should be run to * check access * $result determines whether this function thinks the user should * have access * This extension always returns the same value as $result */ function efIACAccessControlUserCanHook($title, $wgUser, $action, &$result) { // Option for whether to pass through if sysop global $egAdminCanReadAll; // Make sure we're dealing with a Title object $title = efIACMakeTitle($title); efIACDebugLog("(efIACAccessControlUserCanHook) checking access for " . $wgUser->getName() . " on '" . $title->getText() . "'"); // Check if the user is a sysop $userIsSysop = efIACUserIsSysop($wgUser); // Pass through if user is a sysop and the option is set if ($egAdminCanReadAll && $userIsSysop) { efIACDebugLog("(efIACAccessControlUserCanHook) sysop access"); return efIACReturnResult(true, $result); } // Fail if article requires sysop and user is not one if (efIACArticleRequiresAdmin($title) && !$userIsSysop) { efIACDebugLog("(efIACAccessControlUserCanHook) sysop required"); return efIACReturnResult(false, $result); } // Get the content of the article $content = efIACGetArticleContent($title); // Get the access control list from that content $accessList = efIACGetAccessList($content); // Get the result of whether the user can access $localResult = efIACUserCanAccess($wgUser, $accessList, $action); unset($accessList); unset($content); unset($title); return efIACReturnResult($localResult, $result); }