/** * Called by img_auth.php when a file has fully been sent to a client * @param Title $title * @param string $filename * @return boolean Always returns true */ public static function onImgAuthFullyStreamedFile(&$title, $filename) { $namespace = $title->getNamespace(); $db_key = $title->getDBkey(); // skip if the file looks not attached to a wikiplace if (!WpPage::isInWikiplace($namespace, $db_key)) { return true; // nothing to do } // get file infos $stat = stat($filename); if (!$stat) { return true; // should not occur, but just in case, avoid a PHP error } // prepare update infos $root = WpWikiplace::extractWikiplaceRoot($db_key, $namespace); $size = $stat['size']; // in bytes WpWikiplace::updateBandwidthUsage($root, $size); return true; }
/** * * @global Output $wgOut * @global User $wgUser * @global Request $wgRequest * @global Boolean $wgProtectOwnDoProtect * @global Array $wgProtectOwnGroups * @param String $action * @param Wikipage $article * @return Boolean */ function poForm($action, $article) { if ($action != PROTECTOWN_ACTION) { // not our extension return true; //don't stop processing } global $wgOut, $wgUser, $wgRequest, $wgProtectOwnDoProtect; // is the user allowed to use ProtectOwn if (!$wgUser->isAllowed(PROTECTOWN_ACTION)) { $wgOut->permissionRequired(PROTECTOWN_ACTION); return false; //stop processing } # user is allowed to use ProtectOwn $title = $article->getTitle(); // is the user the owner? if (!poIsOwner($title, $wgUser)) { // user is not the owner of the page $wgOut->setPageTitle(wfMsg('errorpagetitle')); $wgOut->addHTML(wfMessage('po-notowner')->parse()); return false; //stop processing } # user is the owner // start displaying page $wgOut->setPageTitle(wfMsg('collaborate-title', $title->getPrefixedText())); // as defined in Title.php, around lines 1550 (mw1.18.1), // being authorized to 'protect' require being authorized to 'edit' /* Title.php >> * private function checkActionPermissions( $action, $user, $errors, $doExpensiveQueries, $short ) { * if ( $action == 'protect' ) { * if ( $this->getUserPermissionsErrors( 'edit', $user ) != array() ) { * ... */ # temporary assign protect right, in order to update the restricitons $wgProtectOwnDoProtect = true; // tells spSetProtectionAssignDynamicRights to add the "protect" right // wfDebugLog( 'ProtectOwn', 'Form: purge user\'s rights then force reload'); $wgUser->mRights = null; // clear current user rights $wgUser->getRights(); // force rights reloading $wgProtectOwnDoProtect = false; # check that the user can protect (check also write right) $readonly = $title->getUserPermissionsErrors('protect', $wgUser); $readonly = !empty($readonly); # remove temporary assigned protect right by reloading rights with $wgProtectOwnDoProtect = false // wfDebugLog( 'ProtectOwn', 'Form: purge user\'s rights then force reload'); $wgUser->mRights = null; // clear current user rights (and clear the "protect" right $wgUser->getRights(); // force rights reloading wfDebugLog('ProtectOwn', 'Form: ' . ($readonly ? 'READ-ONLY' : 'READ/WRITE')); // can we AND do we have a request to handle? if ($readonly || !$wgRequest->wasPosted()) { // readonly OR no data submitted, so construct the form (maybe readonly) // display the header. if (!$readonly) { $wgOut->addHTML(Html::rawElement('div', array('class' => 'form_header informations'), wfMessage('po-header', $title->getPrefixedText(), WpWikiplace::extractWikiplaceRoot($title->getDBkey(), $title->getNamespace()))->parse())); } else { $wgOut->addHTML(Html::rawElement('div', array('class' => 'form_header informations'), wfMsg('po-locked'))); } $wgOut->addHTML(poMakeForm($title, $readonly)); return false; //stop processing } // ensure that the form was submitted from the user's own login session if (!$wgUser->matchEditToken($wgRequest->getText('wpToken'))) { // hummm.... how did this case happen? $wgOut->setPageTitle(wfMsg('errorpagetitle')); $wgOut->addWikiMsg('sessionfailure'); return false; // stop processing } # ok, so let's change restrictions! $new_restrictions = array(); $expiration = array(); $expiry = Block::infinity(); // the restriction will never expire // we load the title specific available restrictions $applicableRestrictionTypes = $title->getRestrictionTypes(); // for each of theses available restrictions foreach ($applicableRestrictionTypes as $action) { // 'read', 'upload', ... $current_restrictions = $title->getRestrictions($action); //'sysop', 'owner', ... wfDebugLog('ProtectOwn', 'Form: current title, action "' . $action . '" restricted to level(s) "' . implode(',', $current_restrictions) . '"'); // ensure that we have not to keep the previous restrictions $keep_old_restriction_for_this_action = false; // does the title have already a restriction ? if ($current_restrictions !== array()) { // check that the user can change the current restriction(s) // so, if there is multiple restrictions (for one action), user need to // satisfy all current restrictions in order to change at least on of them // (maybe, this behviour can be improved) // (the mediawiki check that the user satisfy all to allow an action... that's it) foreach ($current_restrictions as $current_restriction) { if (!poCanTheUserSetToThisLevel($wgUser, $title, $current_restriction)) { // if the user cannot set this restriction, we keep the previous restrictions // if giving few restrictions, MW core raises a warning: // mysql_real_escape_string() expects parameter 1 to be string, // array given in /var/seizam/seizamcore/WikiZam/includes/db/DatabaseMysql.php on line 331 // so, only one restriction per action $new_restrictions[$action] = $current_restriction; $keep_old_restriction_for_this_action = true; break; // end $current_restrictions foreach } } } if ($keep_old_restriction_for_this_action) { continue; } // end $applicableRestrictionTypes current iteration foreach // set expiry $expiration[$action] = $expiry; # we arrive here if user can change the restrictions // by default, restricted to owner $new_restrictions[$action] = 'owner'; // check what's checked, taking account $wgProtectOwnGroups order global $wgProtectOwnGroups; foreach ($wgProtectOwnGroups as $current_level) { // convert from BACK-END to FRONT-END: 'everyone' = '' $current_level = $current_level == '' ? 'everyone' : $current_level; // is the checkbox $action/$current_level checked ? if ($wgRequest->getText("radio-{$action}") == $current_level) { // convert from FRONT-END to BACK-END $current_level = $current_level == 'everyone' ? '' : $current_level; // can the user set to this level? if (poCanTheUserSetToThisLevel($wgUser, $title, $current_level)) { wfDebugLog('ProtectOwn', 'Form: restricting ' . $action . ' to ' . $current_level); // so we can set the restriction to it $new_restrictions[$action] = $current_level; } else { # the user wanted to restrict the action to a level, in which she is not # what to do? diplay an error message? # if no code in this block, we will resume checkboxes getting values, # and set to restriction level 'owner' if no one else checked } } } } // END foreach $applicableRestrictionTypes // don't cascade the owner restriction, because a subpage may not have the same owner // so casacing won't make sens, and can be very problematic // don't change this unless you know serioulsy what you are doing !!! // display the header. // display error/succes message if (poUpdateRestrictions($article, $new_restrictions)) { $wgOut->addHTML(Html::rawElement('div', array('class' => 'informations success'), wfMessage('po-success')->text())); } else { $wgOut->addHTML(Html::rawElement('div', array('class' => 'informations error'), wfMessage('po-failure')->text())); } if (!$readonly) { $wgOut->addHTML(Html::rawElement('div', array('class' => 'form_header informations'), wfMessage('po-header', $title->getPrefixedText(), WpWikiplace::extractWikiplaceRoot($title->getDBkey(), $title->getNamespace()))->parse())); } else { $wgOut->addHTML(Html::rawElement('div', array('class' => 'form_header informations'), wfMsg('po-locked'))); } // re-display the ProtectOwn form with the current restrictions (reloaded above) $wgOut->addHTML(poMakeForm($article->getTitle())); // stop hook processing, and doesn't throw an error message return false; }