Page MenuHomePhabricator
Files F1959

Restrict_access_1.5.5.patch
Public
Actions

Authored By
bzimport
Nov 21 2014, 8:20 PM
Size
31 KB
Referenced Files
None
Subscribers
None

Restrict_access_1.5.5.patch
View Options

diff -ud mediawiki-1.5.5/includes/CategoryPage.php mediawiki-test/includes/CategoryPage.php
--- mediawiki-1.5.5/includes/CategoryPage.php 2005-07-14 08:45:51.000000000 +0300
+++ mediawiki-test/includes/CategoryPage.php 2006-01-17 01:15:07.000000000 +0200
@@ -115,6 +115,11 @@
$title = Title::makeTitle( $x->page_namespace, $x->page_title );
+ # If this page is inside a restricted namespace, skip the result...
+ if(!$wgUser->canAccessNamespace($title->getNamespace())) {
+ continue;
+ }
+
if( $title->getNamespace() == NS_CATEGORY ) {
// Subcategory; strip the 'Category' namespace from the link text.
array_push( $children, $sk->makeKnownLinkObj( $title, $wgContLang->convertHtml( $title->getText() ) ) );
diff -ud mediawiki-1.5.5/includes/DefaultSettings.php mediawiki-test/includes/DefaultSettings.php
--- mediawiki-1.5.5/includes/DefaultSettings.php 2006-01-06 01:18:53.000000000 +0200
+++ mediawiki-test/includes/DefaultSettings.php 2006-01-17 01:15:07.000000000 +0200
@@ -1354,6 +1354,96 @@
# );
$wgExtraNamespaces = NULL;
+ /**
+ * Hidden namespaces. If you include a namespace in this array, only users with
+ * the matching priviledges will be able to see and edit pages in this
+ * namespace.
+ *
+ * The form is " namespace => 'priviledge' " e.g.
+ *
+ * $wgRestrictedNamespaces =
+ * array(100 => 'coolguy',
+ * 101 => 'coolguy'
+ * );
+ *
+ * where 100 is the namespace id and 'coolguy' is the priviledge.
+ *
+ * Each priv. is a string in an array, you can add as many as you like
+ * in the $wgGroupPermitions array e.g.
+ *
+ *$wgGroupPermissions['allowed']['coolguy'] = true;
+ *
+ * In this example you asigned the 'coolguy' priviledge to the 'allowed' group.
+ *
+ */
+$wgRestrictedNamespaces = NULL;
+
+/**
+ * In case you want only to deny the edit right on a namespace, you may put it
+ * in this array. You also need to asign the 'roread' right to the usergroup you
+ * want to be able to read and the 'roedit' right to the usergroup you want to be
+ * able to edit. Read only namespaces are not hiden (nor their logs etc).
+ *
+ * Example: $wgReadOnlyNSes = array(100,101);
+ *
+ */
+$wgReadOnlyNSes = NULL;
+
+/**
+ * In case you have categories of pages located on a restricted namespaces
+ * those categories will appear empty and might be comfusing. Setting this
+ * var to true, (all) categories will be hidden in the Recent changes.
+ */
+$wgHideCategoriesinRC = false;
+
+/**
+ * Logs in Recent Changes are treated all the same, so normaly users will be able
+ * to see moves, protects and deletes of pages in restricted namespaces. Setting
+ * this var to true will hide all logs in Recent Changes and only those for restricted
+ * namespaces in Special:Log.
+ */
+$wgHideLogs = false;
+
+/**
+ * In case you want to customize what logs the user can see both in Recent Changes
+ * and Special:Log, modify this array to include the log types you want to hide. This is
+ * overriden by $wgHideLogs for Recent Changes and those logs for restricted
+ * namespaces in Special:Log. This feature lets you hide also the 'block' and 'rights'
+ * log types that are namespace independed in Special:Log, or show them in RC while
+ * hiding the rest.
+ *
+ * This example shows how to hide all log types in RC, and (block/rights) in Special:Log
+ * (the others in Special:Log are are filtered based on namespace access rights so they
+ * apply only for restricted namespaces).
+ *
+ *$wgHidenLogs = array('block','protect', 'rights', 'delete','upload', 'move');
+ */
+$wgHidenLogs = NULL;
+
+/**
+ * In case some user tries to create a link from some namespace to an other restricted
+ * namespace, while the page gets parsed, instead of the link, a warning message will appear
+ * ('restrlink') to let the user know. If the link is in the same namespace as the edited page,
+ * no check will be done.
+ */
+$wgLinkWarn = true;
+
+/**
+ * In case you want to hide logs about User Talk pages (namespace 3) fromnrecent changes
+ * set this to true.
+ *
+ */
+$wgHideUtalk = false;
+
+/**
+ * You can use this array to alter wiki's upper left logo depending on the namespace
+ * you are in.
+ *
+ * Example:
+ * $wgNamespaceLogos = array ( 100 => '/url_path_to/logo.gif');
+**/
+$wgNamespaceLogos = NULL;
+
/**
* Limit images on image description pages to a user-selectable limit. In order
* to reduce disk usage, limits can only be selected from a list. This is the
diff -ud mediawiki-1.5.5/includes/GlobalFunctions.php mediawiki-test/includes/GlobalFunctions.php
--- mediawiki-1.5.5/includes/GlobalFunctions.php 2005-10-28 12:40:10.000000000 +0300
+++ mediawiki-test/includes/GlobalFunctions.php 2006-01-17 01:15:07.000000000 +0200
@@ -1226,14 +1226,15 @@
* @return Html string containing the namespace selector
*/
function &HTMLnamespaceselector($selected = '', $allnamespaces = null) {
- global $wgContLang;
+ global $wgContLang, $wgUser;
$s = "<select name='namespace' class='namespaceselector'>\n";
$arr = $wgContLang->getFormattedNamespaces();
if( !is_null($allnamespaces) ) {
$arr = array($allnamespaces => wfMsgHtml('namespacesall')) + $arr;
}
foreach ($arr as $index => $name) {
- if ($index < NS_MAIN) continue;
+ # Skip Media, Special and restricted namespaces.
+ if ($index < NS_MAIN || !$wgUser->canAccessNamespace( $index )) continue;
$name = $index !== 0 ? $name : wfMsgHtml('blanknamespace');
diff -ud mediawiki-1.5.5/includes/Parser.php mediawiki-test/includes/Parser.php
--- mediawiki-1.5.5/includes/Parser.php 2005-12-21 18:18:31.000000000 +0200
+++ mediawiki-test/includes/Parser.php 2006-01-17 01:15:07.000000000 +0200
@@ -1329,6 +1329,16 @@
$ns = $nt->getNamespace();
$iw = $nt->getInterWiki();
+ #If the link points to a restricted namespace outside the
+ #parent namespace warn the user.
+ global $wgRestrictedNamespaces, $wgLinkWarn ;
+ if( $wgLinkWarn && is_array( $wgRestrictedNamespaces )) {
+ if( array_key_exists( $ns, $wgRestrictedNamespaces ) && ($this->mTitle->getNamespace() != $ns)) {
+ $s .=wfMsg( 'restrlink' ). $trail;
+ continue;
+ }
+ }
+
if ($might_be_img) { # if this is actually an invalid link
if ($ns == NS_IMAGE && $noforce) { #but might be an image
$found = false;
@@ -2060,7 +2070,7 @@
* @access private
*/
function braceSubstitution( $matches ) {
- global $wgLinkCache, $wgContLang;
+ global $wgLinkCache, $wgContLang, $wgRestrictedNamespaces;
$fname = 'Parser::braceSubstitution';
wfProfileIn( $fname );
@@ -2131,6 +2141,10 @@
if ( !$found ) {
# Check for NS: (namespace expansion)
$mwNs = MagicWord::get( MAG_NS );
+ if ( $part1 == 'ns' ) {
+ $text = $linestart . $wgContLang->getNsText( $this->mTitle->getNamespace() );
+ $found = true;
+ }
if ( $mwNs->matchStartAndRemove( $part1 ) ) {
if ( intval( $part1 ) ) {
$text = $linestart . $wgContLang->getNsText( intval( $part1 ) );
@@ -2224,6 +2238,15 @@
# Check for excessive inclusion
$dbk = $title->getPrefixedDBkey();
if ( $this->incrementIncludeCount( $dbk ) ) {
+ # Articles from restricted namespaces can't be used in templates.
+ # They would appear or disappear based on the rights of the user
+ # that refreshes the cache...
+ if( is_array( $wgRestrictedNamespaces ) ) {
+ if( array_key_exists( $title->getNamespace(), $wgRestrictedNamespaces ) ) {
+ $found = true;
+ $text = $linestart . wfMsg( 'templatenotincluded' );
+ }
+ }
if ( $title->getNamespace() == NS_SPECIAL && $this->mOptions->getAllowSpecialInclusion() ) {
# Capture special page output
$text = SpecialPage::capturePath( $title );
diff -ud mediawiki-1.5.5/includes/SearchEngine.php mediawiki-test/includes/SearchEngine.php
--- mediawiki-1.5.5/includes/SearchEngine.php 2005-07-13 09:47:17.000000000 +0300
+++ mediawiki-test/includes/SearchEngine.php 2006-01-17 01:15:07.000000000 +0200
@@ -150,10 +150,10 @@
* @access public
*/
function searchableNamespaces() {
- global $wgContLang;
+ global $wgContLang, $wgUser;
$arr = array();
foreach( $wgContLang->getNamespaces() as $ns => $name ) {
- if( $ns >= NS_MAIN ) {
+ if( $ns >= NS_MAIN && $wgUser->canAccessNamespace( $ns )) {
$arr[$ns] = $name;
}
}
diff -ud mediawiki-1.5.5/includes/SpecialAllpages.php mediawiki-test/includes/SpecialAllpages.php
--- mediawiki-1.5.5/includes/SpecialAllpages.php 2005-08-02 14:08:19.000000000 +0300
+++ mediawiki-test/includes/SpecialAllpages.php 2006-01-17 01:15:07.000000000 +0200
@@ -9,7 +9,7 @@
* @param string $par Becomes "FOO" when called like Special:Allpages/FOO (default NULL)
*/
function wfSpecialAllpages( $par=NULL, $specialPage ) {
- global $indexMaxperpage, $toplevelMaxperpage, $wgRequest, $wgOut, $wgContLang;
+ global $indexMaxperpage, $toplevelMaxperpage, $wgRequest, $wgOut, $wgContLang, $wgUser;
# Config
$indexMaxperpage = 960;
$toplevelMaxperpage = 50;
@@ -19,7 +19,9 @@
$namespaces = $wgContLang->getNamespaces();
- if( !in_array($namespace, array_keys($namespaces)) )
+ #If namespace does not exist or the user is not allowed to access it
+ #return him to the main namespace.
+ if( !in_array($namespace, array_keys($namespaces)) || !$wgUser->canAccessNamespace( $namespace))
$namespace = 0;
$wgOut->setPagetitle( $namespace > 0 ?
diff -ud mediawiki-1.5.5/includes/SpecialContributions.php mediawiki-test/includes/SpecialContributions.php
--- mediawiki-1.5.5/includes/SpecialContributions.php 2005-11-27 16:57:04.000000000 +0200
+++ mediawiki-test/includes/SpecialContributions.php 2006-01-17 01:15:07.000000000 +0200
@@ -16,7 +16,14 @@
}
function set_namespace($ns) {
- $this->namespace = $ns;
+ global $wgUser;
+ # If the namespace asked is restricted return
+ # to the main namespace.
+ if($wgUser->canAccessNamespace($ns)) {
+ $this->namespace = $ns;
+ }else{
+ $this->namespace = 0;
+ }
}
function set_limit($limit) {
@@ -69,9 +76,13 @@
}
function get_namespace_cond() {
- if ($this->namespace !== false)
+ global $wgUser;
+ # Include the namespace in the querry only if it's not restricted to the user.
+ if (($this->namespace !== false) && ($wgUser->canAccessNamespace($this->namespace))) {
return " AND page_namespace = " . (int)$this->namespace;
- return "";
+ }else{
+ return "";
+ }
}
function get_previous_offset_for_paging() {
@@ -123,6 +134,16 @@
$offsetQuery = "AND rev_timestamp <= '{$this->offset}'";
$nscond = $this->get_namespace_cond();
+ # Exclude all namespaces that are restricted to this user
+ global $wgRestrictedNamespaces;
+ global $wgUser;
+ if( is_array( $wgRestrictedNamespaces )) {
+ foreach( $wgRestrictedNamespaces as $key => $value ) {
+ if( ! $wgUser->canAccessNamespace( $key )) {
+ $nscond .= ' AND page_namespace <>' . $key;
+ }
+ }
+ }
$use_index = $this->dbr->useIndexClause($index);
$sql = "SELECT
page_namespace,page_title,page_is_new,page_latest,
diff -ud mediawiki-1.5.5/includes/SpecialExport.php mediawiki-test/includes/SpecialExport.php
--- mediawiki-1.5.5/includes/SpecialExport.php 2005-07-13 04:59:12.000000000 +0300
+++ mediawiki-test/includes/SpecialExport.php 2006-01-17 01:15:07.000000000 +0200
@@ -193,9 +193,14 @@
}
function namespaces() {
- global $wgContLang;
+ global $wgContLang, $wgUser;
$spaces = "<namespaces>\n";
+ # Don't display restricted namespaces.
foreach( $wgContLang->getNamespaces() as $ns => $title ) {
+
+ if(!$wgUser->canAccessNamespace($ns) ){
+ continue;
+ }
$spaces .= ' ' . wfElement( 'namespace',
array( 'key' => $ns ),
str_replace( '_', ' ', $title ) ) . "\n";
@@ -312,7 +317,14 @@
*/
function outputStream( $resultset ) {
$last = null;
+ global $wgUser;
while( $row = $resultset->fetchObject() ) {
+
+ #If page is in a secured namespace, skip the row.
+ if(!$wgUser->canAccessNamespace($row->page_namespace) ){
+ continue;
+ }
+
if( is_null( $last ) ||
$last->page_namespace != $row->page_namespace ||
$last->page_title != $row->page_title ) {
diff -ud mediawiki-1.5.5/includes/SpecialListusers.php mediawiki-test/includes/SpecialListusers.php
--- mediawiki-1.5.5/includes/SpecialListusers.php 2005-07-13 18:14:12.000000000 +0300
+++ mediawiki-test/includes/SpecialListusers.php 2006-01-17 01:15:07.000000000 +0200
@@ -54,7 +54,7 @@
* @todo localize
*/
function getPageHeader( ) {
- global $wgScript;
+ global $wgScript, $wgUser;
// Various variables used for the form
$action = htmlspecialchars( $wgScript );
@@ -67,7 +67,8 @@
wfMsgHtml( 'groups-editgroup-name' ) . '<select name="group">';
// get all group names and IDs
- $groups = User::getAllGroups();
+// $groups = User::getAllGroups();
+ $groups = $wgUser->getGroups();
// we want a default empty group
$out.= '<option value=""></option>';
@@ -152,7 +153,7 @@
}
function formatResult( $skin, $result ) {
- global $wgContLang;
+ global $wgContLang, $wgUser;
$userPage = Title::makeTitle( $result->namespace, $result->title );
$name = $skin->makeLinkObj( $userPage, htmlspecialchars( $userPage->getText() ) );
@@ -168,15 +169,27 @@
$groups[] = User::getGroupName( $row->ug_group );
}
$dbr->freeResult( $result );
-
- if( count( $groups ) > 0 ) {
- $name .= ' (' .
- $skin->makeLink( wfMsgForContent( 'administrators' ),
- htmlspecialchars( implode( ', ', $groups ) ) ) .
- ')';
+
+ $incl = false;
+ $rUsergroups = implode(',',$groups);
+ $tUserGroups = $wgUser->getGroups();
+ for( $i = 0; count($tUserGroups) >= $i; $i++) {
+ if( substr_count($rUsergroups, $tUserGroups[$i]) >0 ){
+ $incl = true;
+ break;
+ }
}
- }
+ if( $incl ){
+ if( count( $groups ) > 0 ) {
+ $name .= ' (' .
+ $skin->makeLink( wfMsgForContent( 'administrators' ),
+ htmlspecialchars( implode( ', ', $groups ) ) ) .
+ ')';
+ }
+ return $name;
+ }
+ }
return $name;
}
}
diff -ud mediawiki-1.5.5/includes/SpecialLog.php mediawiki-test/includes/SpecialLog.php
--- mediawiki-1.5.5/includes/SpecialLog.php 2005-06-27 12:14:32.000000000 +0300
+++ mediawiki-test/includes/SpecialLog.php 2006-01-17 01:15:07.000000000 +0200
@@ -236,13 +236,14 @@
* @return object database result set
*/
function getLogRows() {
- global $wgLinkCache;
+ global $wgLinkCache, $wgUser;
$result = $this->reader->getRows();
$this->numResults = 0;
// Fetch results and form a batch link existence query
$batch = new LinkBatch;
while ( $s = $result->fetchObject() ) {
+
// User link
$title = Title::makeTitleSafe( NS_USER, $s->user_name );
$batch->addObj( $title );
@@ -292,11 +293,41 @@
* @private
*/
function logLine( $s ) {
- global $wgLang, $wgLinkCache;
+ global $wgLang, $wgLinkCache, $wgUser;
+ global $wgHideLogs, $wgHidenLogs;
$title = Title::makeTitle( $s->log_namespace, $s->log_title );
$user = Title::makeTitleSafe( NS_USER, $s->user_name );
$time = $wgLang->timeanddate( $s->log_timestamp, true );
+ # Hide all logs or the log types in $wgHidenLogs.
+
+ # Block and rights are namespace independed.
+ if((is_array($wgHidenLogs) &&
+ ((in_array('block', $wgHidenLogs) && $s->log_type =='block' )
+ ||(in_array('rights', $wgHidenLogs) && $s->log_type=='rights'))
+ ||($wgHideLogs && ($s->log_type=='block' ||$s->log_type=='rights')))){
+ return;
+ }
+
+ # Upload namespaces are public.
+ if(is_array($wgHidenLogs) && (in_array('upload', $wgHidenLogs) && $s->log_type=='upload') || ($wgHideLogs && $s->log_type=='upload')) {
+ return;
+ }
+
+ # We hide the rest only for the restricted namespaces.
+ if(!$wgUser->canAccessNamespace($s->log_namespace)){
+ if($wgHideLogs){
+ return;
+ }
+ if(is_array($wgHidenLogs)){
+ if((in_array('protect', $wgHidenLogs) && $s->log_type=='protect')
+ ||(in_array('delete', $wgHidenLogs) && $s->log_type=='delete')
+ ||(in_array('move', $wgHidenLogs) && $s->log_type=='move')){
+ return;
+ }
+ }
+ }
+
// Enter the existence or non-existence of this page into the link cache,
// for faster makeLinkObj() in LogPage::actionText()
if( $s->page_id ) {
diff -ud mediawiki-1.5.5/includes/SpecialPreferences.php mediawiki-test/includes/SpecialPreferences.php
--- mediawiki-1.5.5/includes/SpecialPreferences.php 2005-10-21 23:47:39.000000000 +0300
+++ mediawiki-test/includes/SpecialPreferences.php 2006-01-17 01:15:07.000000000 +0200
@@ -89,7 +89,7 @@
if ( $this->mPosted ) {
$namespaces = $wgContLang->getNamespaces();
foreach ( $namespaces as $i => $namespace ) {
- if ( $i >= 0 ) {
+ if ( $i >= 0 && $wgUser->canAccessNamespace( $i) ) {
$this->mSearchNs[$i] = $request->getCheck( "wpNs$i" ) ? 1 : 0;
}
}
@@ -352,7 +352,7 @@
$namespaces = $wgContLang->getNamespaces();
foreach ( $namespaces as $i => $namespace ) {
- if ( $i >= NS_MAIN ) {
+ if ( $i >= NS_MAIN && $wgUser->canAccessNamespace( $i)) {
$this->mSearchNs[$i] = $wgUser->getOption( 'searchNs'.$i );
}
}
@@ -369,7 +369,7 @@
$r1 = null;
foreach ( $namespaces as $i => $name ) {
- if ($i < 0)
+ if ($i < 0 && !$wgUser->canAccessNamespace( $i))
continue;
$checked = $this->mSearchNs[$i] ? "checked='checked'" : '';
$name = str_replace( '_', ' ', $namespaces[$i] );
diff -ud mediawiki-1.5.5/includes/SpecialRandompage.php mediawiki-test/includes/SpecialRandompage.php
--- mediawiki-1.5.5/includes/SpecialRandompage.php 2005-08-02 03:01:45.000000000 +0300
+++ mediawiki-test/includes/SpecialRandompage.php 2006-01-17 01:15:07.000000000 +0200
@@ -11,12 +11,12 @@
* used as e.g. Special:Randompage/Category
*/
function wfSpecialRandompage( $par = NS_MAIN ) {
- global $wgOut, $wgTitle, $wgArticle, $wgExtraRandompageSQL, $wgContLang;
+ global $wgOut, $wgTitle, $wgArticle, $wgExtraRandompageSQL, $wgContLang, $wgUser;
$fname = 'wfSpecialRandompage';
# Determine the namespace to get a random page from.
$namespace = $wgContLang->getNsIndex($par);
- if ($namespace === false || $namespace < NS_MAIN) {
+ if ($namespace === false || $namespace < NS_MAIN || !$wgUser->canAccessNamespace($namespace)) {
$namespace = NS_MAIN;
}
diff -ud mediawiki-1.5.5/includes/SpecialRecentchanges.php mediawiki-test/includes/SpecialRecentchanges.php
--- mediawiki-1.5.5/includes/SpecialRecentchanges.php 2005-11-18 22:05:37.000000000 +0200
+++ mediawiki-test/includes/SpecialRecentchanges.php 2006-01-17 01:15:07.000000000 +0200
@@ -21,6 +21,7 @@
global $wgFeedClasses, $wgUseRCPatrol;
global $wgRCShowWatchingUsers, $wgShowUpdatedMarker;
global $wgLinkCache;
+ global $wgRestrictedNamespaces, $wgHideCategoriesinRC, $wgHidenLogs, $wgHideLogs, $wgHideUtalk;
$fname = 'wfSpecialRecentchanges';
# Get query parameters
@@ -119,8 +120,9 @@
# Get last modified date, for client caching
# Don't use this if we are using the patrol feature, patrol changes don't update the timestamp
+ # Don't use it if there are hidden namespaces, as the feed must be different for the users
$lastmod = $dbr->selectField( 'recentchanges', 'MAX(rc_timestamp)', false, $fname );
- if ( $feedFormat || !$wgUseRCPatrol ) {
+ if ( !is_array( $wgRestrictedNamespaces ) && ($feedFormat || !$wgUseRCPatrol) ) {
if( $lastmod && $wgOut->checkLastModified( $lastmod ) ){
# Client cache fresh and headers sent, nothing more to do.
return;
@@ -131,6 +133,33 @@
$hidem .= $hidebots ? ' AND rc_bot=0' : '';
$hidem .= $hideliu ? ' AND rc_user=0' : '';
$hidem .= $hidepatrolled ? ' AND rc_patrolled=0' : '';
+
+ # Hide all categories if $wgHideCategoriesinRC is set
+ $hidem .= $wgHideCategoriesinRC ? ' AND rc_namespace <> 14':'';
+ # Hide all User_talk pages if $wgHideUtalk is set
+ $hidem .= $wgHideUtalk ? ' AND rc_namespace <> 3':'';
+ # Hide all logs if $wgHideRCLogs is set
+ $hidem .= $wgHideLogs ? ' AND rc_type <> 3':'';
+ # Hide all logs or the log types in $wgHidenLogs.
+ if(!$wgHideLogs && is_array($wgHidenLogs)){
+ # Block and rights are namespace independed.
+ $hidem .= in_array('block', $wgHidenLogs) ? ' AND rc_title <> "Log/block"':'';
+ $hidem .= in_array('rights', $wgHidenLogs) ? ' AND rc_title <> "Log/rights"':'';
+ # Hide the log types set in $wgHidenLogs
+ $hidem .= in_array('protect', $wgHidenLogs) ? ' AND rc_title <> "Log/protect"':'';
+ $hidem .= in_array('delete', $wgHidenLogs) ? ' AND rc_title <> "Log/delete"':'';
+ $hidem .= in_array('upload', $wgHidenLogs) ? ' AND rc_title <> "Log/upload"':'';
+ $hidem .= in_array('move', $wgHidenLogs) ? ' AND rc_title <> "Log/move"':'';
+ }
+ # Exclude all namespaces that are restricted to this user
+ if( is_array( $wgRestrictedNamespaces )) {
+ foreach( $wgRestrictedNamespaces as $key => $value ) {
+ if( ! $wgUser->canAccessNamespace( $key )) {
+ $hidem .= ' AND rc_namespace <>' . $key;
+ }
+ }
+ }
+
$hidem .= is_null( $namespace ) ? '' : ' AND rc_namespace' . ($invert ? '!=' : '=') . $namespace;
// This is the big thing!
@@ -264,11 +293,18 @@
* go ahead and use it even if there have been edits made
* since it was rendered. This keeps a swarm of requests
* from being too bad on a super-frequently edited wiki.
+ *
+ * Using restricted namespaces forbids caching the feed,
+ * however, since it must be rendered according to user
+ * rights.
+ *
*/
- if( time() - wfTimestamp( TS_UNIX, $feedLastmod )
- < $wgFeedCacheTimeout
- || wfTimestamp( TS_UNIX, $feedLastmod )
- > wfTimestamp( TS_UNIX, $lastmod ) ) {
+
+ if( !is_array( $wgRestrictedNamespaces )
+ && (time() - wfTimestamp( TS_UNIX, $feedLastmod )
+ < $wgFeedCacheTimeout
+ || wfTimestamp( TS_UNIX, $feedLastmod )
+ > wfTimestamp( TS_UNIX, $lastmod ) ) ) {
wfDebug( "RC: loading feed from cache ($key; $feedLastmod; $lastmod)...\n" );
$cachedFeed = $messageMemc->get( $key );
} else {
diff -ud mediawiki-1.5.5/includes/SpecialRecentchangeslinked.php mediawiki-test/includes/SpecialRecentchangeslinked.php
--- mediawiki-1.5.5/includes/SpecialRecentchangeslinked.php 2005-08-25 07:32:20.000000000 +0300
+++ mediawiki-test/includes/SpecialRecentchangeslinked.php 2006-01-17 01:15:07.000000000 +0200
@@ -58,10 +58,22 @@
WfMsg( "hide" ), "target=" . htmlspecialchars( $nt->getPrefixedURL() ) .
"&days={$days}&limit={$limit}&hideminor=1" );
}
+ $cmq = '';
+
if ( $hideminor ) {
$cmq = 'AND rev_minor_edit=0';
- } else { $cmq = ''; }
+ }
+ # Exclude all namespaces that are restricted to this user
+ global $wgRestrictedNamespaces;
+ if( is_array( $wgRestrictedNamespaces )) {
+ foreach( $wgRestrictedNamespaces as $key => $value ) {
+ if( ! $wgUser->canAccessNamespace( $key )) {
+ $cmq .= ' AND page_namespace <>' . $key;
+ }
+ }
+ }
+
extract( $dbr->tableNames( 'categorylinks', 'pagelinks', 'revision', 'page' ) );
// If target is a Category, use categorylinks and invert from and to
diff -ud mediawiki-1.5.5/includes/SpecialUserlogin.php mediawiki-test/includes/SpecialUserlogin.php
--- mediawiki-1.5.5/includes/SpecialUserlogin.php 2005-08-26 16:54:11.000000000 +0300
+++ mediawiki-test/includes/SpecialUserlogin.php 2006-01-17 01:15:07.000000000 +0200
@@ -407,6 +407,7 @@
function successfulLogin( $msg ) {
global $wgUser;
global $wgOut;
+ global $wgLinkWarn;
# Run any hooks; ignore results
@@ -416,7 +417,19 @@
$wgOut->setRobotpolicy( 'noindex,nofollow' );
$wgOut->setArticleRelated( false );
$wgOut->addWikiText( $msg );
- $wgOut->returnToMain();
+
+ if($wgUser->getRMainPages() != NULL) {
+
+ # We are going to put some links to restricted namespaces
+ # that the user has access to, so we disable the warning.
+ $wgLinkWarn = false;
+
+ $wgOut->addWikiText(wfMsg('RNSlist').str_replace( '_', ' ',$wgUser->getRMainPages()));
+ $wgOut->returnToMain(false);
+
+ }else{
+ $wgOut->returnToMain();
+ }
}
/** */
diff -ud mediawiki-1.5.5/includes/SpecialWantedpages.php mediawiki-test/includes/SpecialWantedpages.php
--- mediawiki-1.5.5/includes/SpecialWantedpages.php 2005-05-26 13:23:35.000000000 +0300
+++ mediawiki-test/includes/SpecialWantedpages.php 2006-01-17 01:15:07.000000000 +0200
@@ -44,9 +44,15 @@
}
function formatResult( $skin, $result ) {
- global $wgContLang;
+ global $wgContLang, $wgUser;
$nt = Title::makeTitle( $result->namespace, $result->title );
+
+ # Don't show wanted pages in restricted namespaces
+ if( !$wgUser->canAccessNamespace( $nt->getNamespace() ) ) {
+ return "";
+ }
+
$text = $wgContLang->convert( $nt->getPrefixedText() );
$plink = $skin->makeBrokenLink( $nt->getPrefixedText(), $text );
diff -ud mediawiki-1.5.5/includes/SpecialWhatlinkshere.php mediawiki-test/includes/SpecialWhatlinkshere.php
--- mediawiki-1.5.5/includes/SpecialWhatlinkshere.php 2005-12-11 20:50:16.000000000 +0200
+++ mediawiki-test/includes/SpecialWhatlinkshere.php 2006-01-17 01:15:07.000000000 +0200
@@ -97,6 +97,11 @@
// Last row is for checks only; don't display it.
break;
}
+
+ #If the linking page is located in a secured namespace, skip it.
+ if(!$wgUser->canAccessNamespace($row->page_namespace)) {
+ continue;
+ }
$nt = Title::makeTitle( $row->page_namespace, $row->page_title );
diff -ud mediawiki-1.5.5/includes/Title.php mediawiki-test/includes/Title.php
--- mediawiki-1.5.5/includes/Title.php 2005-10-30 03:30:44.000000000 +0200
+++ mediawiki-test/includes/Title.php 2006-01-17 01:15:07.000000000 +0200
@@ -905,6 +905,10 @@
wfProfileIn( $fname );
global $wgUser;
+ if( !$wgUser->canAccessNamespace( $this->mNamespace )) {
+ wfProfileOut( $fname );
+ return false;
+ }
if( NS_SPECIAL == $this->mNamespace ) {
wfProfileOut( $fname );
return false;
@@ -998,7 +1002,7 @@
function userCanRead() {
global $wgUser;
- if( $wgUser->isAllowed('read') ) {
+ if( $wgUser->isAllowed('read',$this )){
return true;
} else {
global $wgWhitelistRead;
@@ -1012,15 +1016,17 @@
}
/** some pages are explicitly allowed */
- $name = $this->getPrefixedText();
- if( $wgWhitelistRead && in_array( $name, $wgWhitelistRead ) ) {
- return true;
- }
+ if( is_array( $wgWhitelistRead )) {
+ $name = $this->getPrefixedText();
+ if( in_array( $name, $wgWhitelistRead ) ) {
+ return true;
+ }
- # Compatibility with old settings
- if( $wgWhitelistRead && $this->getNamespace() == NS_MAIN ) {
- if( in_array( ':' . $name, $wgWhitelistRead ) ) {
- return true;
+ # Compatibility with old settings
+ if( $this->getNamespace() == NS_MAIN ) {
+ if( in_array( ':' . $name, $wgWhitelistRead ) ) {
+ return true;
+ }
}
}
}
diff -ud mediawiki-1.5.5/includes/User.php mediawiki-test/includes/User.php
--- mediawiki-1.5.5/includes/User.php 2005-12-01 10:39:21.000000000 +0200
+++ mediawiki-test/includes/User.php 2006-01-17 01:15:07.000000000 +0200
@@ -1018,12 +1018,155 @@
/**
* Check if user is allowed to access a feature / make an action
* @param string $action Action to be checked (see $wgAvailableRights in Defines.php for possible actions).
+ * @param string $title Title of the article (so we can check if it's namespace is restricted to the user).
* @return boolean True: action is allowed, False: action should not be allowed
*/
- function isAllowed($action='') {
+ function isAllowed($action='', $title = NULL) {
+ global $wgRestrictedNamespaces, $wgReadOnlyNSes;
+
$this->loadFromDatabase();
+
+ if( $title == NULL ) {
+ global $wgTitle;
+ $title = $wgTitle;
+ }
+
+ $ns = $title->getNamespace();
+ // If user wants to read a page, that page is in a read only namespace
+ // and the user has the 'roread' right, allow him to read it. If it has
+ // the 'roedit' right allow him to edit it.
+ if( is_array($wgReadOnlyNSes)) {
+ if( $action == 'read' && in_array($ns, $wgReadOnlyNSes) && in_array('roread', $this->mRights) && !$this->isBlocked() ) {
+ return true;
+ }
+ if( $action == 'edit' && !$title->isProtected() && in_array($ns, $wgReadOnlyNSes) && in_array('roedit', $this->mRights) && !$this->isBlocked()) {
+ return true;
+ }
+ }
+
+ // Prevent access to restricted namespaces if the user does not have all
+ // required rights.
+ if( !$this->canAccessNamespace($ns) ) {
+ return false;
+ }
+
+ // If we are in user's page, allow him to do everything...
+ if ( $action == 'edit' && ($ns == NS_USER_TALK || $ns == NS_USER) && $title->getText() == $this->getName() && !$this->isBlocked() && !$title->isProtected() ) {
+ return true;
+ }
+
+ if ( $action == 'protect' && ($ns == NS_USER_TALK || $ns == NS_USER) && $title->getText() == $this->getName() && !$this->isBlocked() ){
+ return true;
+ }
+
+ // If user wants to edit a talk page and has the talk right, allow him to do so...
+ if( $title->isTalkPage() && $action == 'edit' && in_array('talk', $this->mRights) && !$this->isBlocked() && !$title->isProtected() ){
+ return true;
+ }
+
+ // If user wants to leave a mesage on another's user talk page and that page is unprotected, allow him to do so...
+ if( $action == 'edit' && $ns == NS_USER_TALK && !$this->isBlocked() && !$title->isProtected() ){
+ return true;
+ }
+
+ // If user has the sedit right, allow him to edit pages in the restricted namespaces
+ // he has access.
+ if( is_array($wgRestrictedNamespaces) && array_key_exists($ns, $wgRestrictedNamespaces)
+ && $this->canAccessNamespace($ns) && !$this->isBlocked() ){
+
+ if( $action == 'edit' && in_array('sedit', $this->mRights) && !$title->isProtected() ) {
+ return true;
+ }
+
+ // If user has the sprotect right, allow him to edit pages in the in the restricted namespaces
+ // he has access.
+ if(($action == 'protect' || $action == 'unprotect') && in_array('sprotect', $this->mRights)) {
+ return true;
+ }
+
+
+ // If user has the sdelete right, allow him to edit pages in the in the restricted namespaces
+ // he has access.
+ if( !$title->isProtected() && ($action == 'delete' || $action == 'undelete') && (in_array('sdelete', $this->mRights)) ) {
+ return true;
+ }
+ }
+
+ //If the user wants to delete or undelete a page and it's blocked don't allow him to do so.
+ if( ($action == 'delete' || $action == 'undelete') && ($title->isProtected() || $this->isBlocked()) ){
+ return false;
+ }
+
+
+ //If the user wants to protect or unprotect a page and it's blocked don't allow him to do so.
+ if( ($action == 'protect' || $action == 'unprotect') && $this->isBlocked() ){
+ return false;
+ }
+
return in_array( $action , $this->mRights );
}
+
+ /**
+ * Check if user is allowed to access a given namespace
+ * @param string $namespace ID of the namespace that needs to be checked.
+ * @return boolean True: access is allowed, False: access is denied
+ */
+ function canAccessNamespace( $namespace='' ) {
+ global $wgRestrictedNamespaces;
+ $this->loadFromDatabase();
+
+ if( is_array( $wgRestrictedNamespaces )) {
+ if( array_key_exists( $namespace, $wgRestrictedNamespaces ) ) {
+ if( in_array($wgRestrictedNamespaces[$namespace], $this->mRights)){
+ return true;
+ }
+ return false;
+ }
+ }
+
+ return true;
+
+ }
+
+ /**
+ * Get the restricted namespaces the user has access to (talk namespaces not included).
+ * @return string with the namespace names seperated by the "\n" character/
+ */
+ function getAllowedRNSes() {
+ global $wgRestrictedNamespaces;
+ $this->loadFromDatabase();
+ $names = NULL;
+
+ if( is_array( $wgRestrictedNamespaces ) ) {
+ foreach ($wgRestrictedNamespaces as $nsid => $ugroup) {
+ if( $this->canAccessNamespace($nsid) && !($nsid %2) ) {
+ $names .= Namespace::getCanonicalName($nsid)."\n";
+ }
+ }
+ }
+ return $names;
+ }
+
+ /**
+ * Get the main page title of each restricted namespace (talk namespaces not included)
+ * the user has access to.
+ * @return string: The titles seperated by the "\n" character.
+ */
+ function getRMainPages() {
+ global $wgRestrictedNamespaces;
+ $titles = NULL;
+
+ if( is_array( $wgRestrictedNamespaces ) ) {
+ $namespaces = $this->getAllowedRNSes();
+ $nsarray = explode("\n",$namespaces);
+ foreach ($nsarray as $index => $nsname) {
+ if($nsname != ""){
+ $titles .= "[[".$nsname.":".wfMsgForContent( 'mainpage' )."|".$nsname."]]"."<br/>\n";
+ }
+ }
+ }
+ return $titles;
+ }
/**
* Load a skin if it doesn't exist or return it

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
1462
Default Alt Text
Restrict_access_1.5.5.patch (31 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL