[Fusionforge-commits] r9486 - trunk/gforge/plugins/mediawiki/etc/plugins/mediawiki

Roland Mas lolando at libremir.placard.fr.eu.org
Wed Apr 14 16:15:42 CEST 2010


Author: lolando
Date: 2010-04-14 16:15:41 +0200 (Wed, 14 Apr 2010)
New Revision: 9486

Modified:
   trunk/gforge/plugins/mediawiki/etc/plugins/mediawiki/LocalSettings.php
Log:
Actually use RBAC for Mediawiki permissions

Modified: trunk/gforge/plugins/mediawiki/etc/plugins/mediawiki/LocalSettings.php
===================================================================
--- trunk/gforge/plugins/mediawiki/etc/plugins/mediawiki/LocalSettings.php	2010-04-14 14:15:34 UTC (rev 9485)
+++ trunk/gforge/plugins/mediawiki/etc/plugins/mediawiki/LocalSettings.php	2010-04-14 14:15:41 UTC (rev 9486)
@@ -112,6 +112,7 @@
                 $u = user_get_object ($s);
 		$g = group_get_object_by_name ($fusionforgeproject) ;
 		$perm =& $g->getPermission($u);
+		$r =& $u->getRole($g) ;
 
                 $mwname = ucfirst($u->getUnixName ()) ;
                 $mwu = User::newFromName ($mwname);
@@ -127,6 +128,25 @@
 
 		$user->loadGroups() ;
 		$current_groups = $user->getGroups() ;
+
+                // Role-based access control
+		if ($r->isError()) {
+			$rname = '' ;
+		} else {
+			$rname = "ForgeRole:".$r->getName () ;
+		}
+		$role_groups = preg_grep ("^ForgeRole:", $current_groups) ;
+		foreach ($role_groups as $cg) {
+			if ($cg != $rname) {
+                                $user->removeGroup ($cg) ;
+			}
+		}
+		if (!in_array ($rname, $current_groups)) {
+			$user->addGroup ($rname) ;
+		}
+
+		// Previous (group-based) access control
+               $current_groups = $user->getGroups() ;
                 if ($perm && is_object($perm) && $perm->isAdmin()) {
                         if (!in_array ('sysop', $current_groups)) {
                                 $user->addGroup ('sysop') ;
@@ -188,10 +208,28 @@
 
 $GLOBALS['wgHooks']['UserLoadFromSession'][]='FusionForgeMWAuth';
 
-$wgGroupPermissions['Members']['createaccount'] = true;
-$wgGroupPermissions['Members']['edit']          = true;
-$wgGroupPermissions['Members']['createpage']    = true;
-$wgGroupPermissions['Members']['createtalk']    = true;
+$g = group_get_object_by_name ($fusionforgeproject) ;
+$roles = $g->getRoles () ;
+foreach ($roles as $role) {
+	$gr = "ForgeRole:".$role->getName () ;
+	switch ($role->getVal('plugin_mediawiki_edit', 0)) {
+	case 0:
+		$wgGroupPermissions[$gr]['edit']          = false;
+		$wgGroupPermissions[$gr]['createpage']    = false;
+		$wgGroupPermissions[$gr]['createtalk']    = false;
+		break ;
+	case 1:
+		$wgGroupPermissions[$gr]['edit']          = true;
+		$wgGroupPermissions[$gr]['createpage']    = false;
+		$wgGroupPermissions[$gr]['createtalk']    = false;
+		break ;
+	case 2:
+		$wgGroupPermissions[$gr]['edit']          = true;
+		$wgGroupPermissions[$gr]['createpage']    = true;
+		$wgGroupPermissions[$gr]['createtalk']    = true;
+		break ;
+	}
+}
 
 $wgGroupPermissions['ForgeUsers']['createaccount'] = false;
 $wgGroupPermissions['ForgeUsers']['edit']          = false;




More information about the Fusionforge-commits mailing list