/** Function: efIACGetAllowedUsersFromGroupPages( &$groupNames ) * Get the users with access to an article * $groupNames --> Groups that were within <accesscontrol> tags * Returns: Two arrays: * [0] --> Users with full access * [1] --> Users with read-only access */ function efIACGetAllowedUsersFromGroupPages(&$groupNames) { // Set up return arrays $allowedUsersFull = array(); $allowedUsersReadOnly = array(); // Go through each group and store the users foreach ($groupNames as $accessGroup) { // If group is listed as (ro), set readOnly to true $readOnly = false; $name = str_replace('(ro)', '', $accessGroup); if ($accessGroup !== $name) { $readOnly = true; } // Get the page content for the Usergroup page $pageContent = efIACGetArticleContent('Usergroup:' . $name); if ($pageContent !== false) { // Get the list of users $usersFromGroup = explode('*', $pageContent); // Put the users in the appropriate return array as lowercase foreach ($usersFromGroup as $accessUser) { $trimmedUser = trim($accessUser); if ($trimmedUser != '') { $userToAdd = strtolower($trimmedUser); if ($readOnly) { $allowedUsersReadOnly[] = $userToAdd; } else { $allowedUsersFull[] = $userToAdd; } } } } } $allowedUsers[0] = $allowedUsersFull; $allowedUsers[1] = $allowedUsersReadOnly; efIACDebugList("(efIACGetAllowedUsersFromGroupPages) edit users: ", $allowedUsers[0]); efIACDebugList("(efIACGetAllowedUsersFromGroupPages) read users: ", $allowedUsers[1]); return $allowedUsers; }
/** Function: efIACAccessControlUserCanHook( $title, $wgUser, $action, * &$result ) * Hook: userCan * Check the current user's rights to perform an action on a page * $title --> Title object for article being accessed * $wgUser --> Current user * $action --> Action being attempted * &$result --> Result to return (modifiable). * Returns: Whether this user has access to the page for this action * NOTE: Return value determines whether later functions should be run to * check access * $result determines whether this function thinks the user should * have access * This extension always returns the same value as $result */ function efIACAccessControlUserCanHook($title, $wgUser, $action, &$result) { // Option for whether to pass through if sysop global $egAdminCanReadAll; // Make sure we're dealing with a Title object $title = efIACMakeTitle($title); efIACDebugLog("(efIACAccessControlUserCanHook) checking access for " . $wgUser->getName() . " on '" . $title->getText() . "'"); // Check if the user is a sysop $userIsSysop = efIACUserIsSysop($wgUser); // Pass through if user is a sysop and the option is set if ($egAdminCanReadAll && $userIsSysop) { efIACDebugLog("(efIACAccessControlUserCanHook) sysop access"); return efIACReturnResult(true, $result); } // Fail if article requires sysop and user is not one if (efIACArticleRequiresAdmin($title) && !$userIsSysop) { efIACDebugLog("(efIACAccessControlUserCanHook) sysop required"); return efIACReturnResult(false, $result); } // Get the content of the article $content = efIACGetArticleContent($title); // Get the access control list from that content $accessList = efIACGetAccessList($content); // Get the result of whether the user can access $localResult = efIACUserCanAccess($wgUser, $accessList, $action); unset($accessList); unset($content); unset($title); return efIACReturnResult($localResult, $result); }