/** Function: efIACUserLockingThemselvesOut( &$text )
* Verify that a user isn't making a change that locks themselves out
* $text --> Text that has been entered and is about to be saved
* Returns: True if this save should be prevented
*/
function efIACUserLockingThemselvesOut(&$text)
{
global $wgUser;
global $egPreventSaveDenyingAccess;
// If the option to prevent this is off, let it through
if (!$egPreventSaveDenyingAccess || $egPreventSaveDenyingAccess == 'none') {
return false;
}
// Get the access control groups for the new content
$accessGroups = efIACGetAccessList($text);
// Determine if the user will be able to have access in the new content
// egPreventSaveDenyingAccess will be 'read' or 'edit' depending on
// which right the user must maintain
$userCanAccess = efIACUserCanAccess($wgUser, $accessGroups, $egPreventSaveDenyingAccess);
if (!$userCanAccess) {
efIACDebugLog("(efIACUserLockingThemselvesOut) self-lockout save ");
}
unset($accessGroups);
return !$userCanAccess;
}
/** Function: efIACAccessControlUserCanHook( $title, $wgUser, $action,
* &$result )
* Hook: userCan
* Check the current user's rights to perform an action on a page
* $title --> Title object for article being accessed
* $wgUser --> Current user
* $action --> Action being attempted
* &$result --> Result to return (modifiable).
* Returns: Whether this user has access to the page for this action
* NOTE: Return value determines whether later functions should be run to
* check access
* $result determines whether this function thinks the user should
* have access
* This extension always returns the same value as $result
*/
function efIACAccessControlUserCanHook($title, $wgUser, $action, &$result)
{
// Option for whether to pass through if sysop
global $egAdminCanReadAll;
// Make sure we're dealing with a Title object
$title = efIACMakeTitle($title);
efIACDebugLog("(efIACAccessControlUserCanHook) checking access for " . $wgUser->getName() . " on '" . $title->getText() . "'");
// Check if the user is a sysop
$userIsSysop = efIACUserIsSysop($wgUser);
// Pass through if user is a sysop and the option is set
if ($egAdminCanReadAll && $userIsSysop) {
efIACDebugLog("(efIACAccessControlUserCanHook) sysop access");
return efIACReturnResult(true, $result);
}
// Fail if article requires sysop and user is not one
if (efIACArticleRequiresAdmin($title) && !$userIsSysop) {
efIACDebugLog("(efIACAccessControlUserCanHook) sysop required");
return efIACReturnResult(false, $result);
}
// Get the content of the article
$content = efIACGetArticleContent($title);
// Get the access control list from that content
$accessList = efIACGetAccessList($content);
// Get the result of whether the user can access
$localResult = efIACUserCanAccess($wgUser, $accessList, $action);
unset($accessList);
unset($content);
unset($title);
return efIACReturnResult($localResult, $result);
}
