[Fusionforge-commits] r10535 - in trunk/src/plugins/mediawiki: common www

Roland Mas lolando at libremir.placard.fr.eu.org
Fri Sep 17 17:49:56 CEST 2010


Author: lolando
Date: 2010-09-17 17:49:56 +0200 (Fri, 17 Sep 2010)
New Revision: 10535

Modified:
   trunk/src/plugins/mediawiki/common/MediaWikiPlugin.class.php
   trunk/src/plugins/mediawiki/www/LocalSettings.php
Log:
Mediawiki plugin now uses new RBAC system

Modified: trunk/src/plugins/mediawiki/common/MediaWikiPlugin.class.php
===================================================================
--- trunk/src/plugins/mediawiki/common/MediaWikiPlugin.class.php	2010-09-17 15:41:59 UTC (rev 10534)
+++ trunk/src/plugins/mediawiki/common/MediaWikiPlugin.class.php	2010-09-17 15:49:56 UTC (rev 10535)
@@ -123,15 +123,37 @@
 			}
 		} elseif ($hookname == "role_get") {
 			$role =& $params['role'] ;
+
+			// Edit privileges
+			$right = new PluginSpecificRoleSetting ($role,
+								'plugin_mediawiki_edit') ;
+			$right->SetAllowedValues (array ('0', '1', '2', '3')) ;
+			$right->SetDefaultValues (array ('Admin' => '3',
+							 'Senior Developer' => '2',
+							 'Junior Developer' => '1',
+							 'Doc Writer' => '3',
+							 'Support Tech' => '0')) ;
 			
-			$edit = new PluginSpecificRoleSetting ($role,
-							       'plugin_mediawiki_edit') ;
-			$edit->SetAllowedValues (array ('0', '1', '2')) ;
-			$edit->SetDefaultValues (array ('Admin' => '2',
-							'Senior Developer' => '2',
-							'Junior Developer' => '1',
-							'Doc Writer' => '2',
-							'Support Tech' => '0')) ;
+			// File upload privileges
+			$right = new PluginSpecificRoleSetting ($role,
+								'plugin_mediawiki_upload') ;
+			$right->SetAllowedValues (array ('0', '1', '2')) ;
+			$right->SetDefaultValues (array ('Admin' => '2',
+							 'Senior Developer' => '2',
+							 'Junior Developer' => '1',
+							 'Doc Writer' => '2',
+							 'Support Tech' => '0')) ;
+			
+			// Administrative tasks
+			$right = new PluginSpecificRoleSetting ($role,
+								'plugin_mediawiki_admin') ;
+			$right->SetAllowedValues (array ('0', '1')) ;
+			$right->SetDefaultValues (array ('Admin' => '1',
+							 'Senior Developer' => '0',
+							 'Junior Developer' => '0',
+							 'Doc Writer' => '0',
+							 'Support Tech' => '0')) ;
+			
 		} elseif ($hookname == "role_normalize") {
 			$role =& $params['role'] ;
 			$new_sa =& $params['new_sa'] ;
@@ -146,12 +168,26 @@
 				$role->normalizeDataForSection ($new_sa, 'plugin_mediawiki_edit') ;
 			}
 		} elseif ($hookname == "role_translate_strings") {
-			$edit = new PluginSpecificRoleSetting ($role,
+			$right = new PluginSpecificRoleSetting ($role,
 							       'plugin_mediawiki_edit') ;
-			$edit->setDescription (_('Mediawiki write access')) ;
-			$edit->setValueDescriptions (array ('0' => _('No editing'),
-							    '1' => _('Edit existing pages only'), 
-							    '2' => _('Edit and create pages'))) ;
+			$right->setDescription (_('Mediawiki write access')) ;
+			$right->setValueDescriptions (array ('0' => _('No editing'),
+							     '1' => _('Edit existing pages only'), 
+							     '2' => _('Edit and create pages'), 
+							     '3' => _('Edit, create, move, delete pages'))) ;
+
+			$right = new PluginSpecificRoleSetting ($role,
+							       'plugin_mediawiki_upload') ;
+			$right->setDescription (_('Mediawiki file upload')) ;
+			$right->setValueDescriptions (array ('0' => _('No uploading'),
+							     '1' => _('Upload permitted'), 
+							     '2' => _('Upload and re-upload'))) ;
+
+			$right = new PluginSpecificRoleSetting ($role,
+							       'plugin_mediawiki_admin') ;
+			$right->setDescription (_('Mediawiki administrative tasks')) ;
+			$right->setValueDescriptions (array ('0' => _('No administrative access'),
+							     '1' => _('Edit interface, import XML dumps'))) ;
 		} else if ($hookname == "project_admin_plugins") {
 			$group_id = $params['group_id'];
 			$group = &group_get_object($group_id);

Modified: trunk/src/plugins/mediawiki/www/LocalSettings.php
===================================================================
--- trunk/src/plugins/mediawiki/www/LocalSettings.php	2010-09-17 15:41:59 UTC (rev 10534)
+++ trunk/src/plugins/mediawiki/www/LocalSettings.php	2010-09-17 15:49:56 UTC (rev 10535)
@@ -115,8 +115,22 @@
 $GLOBALS['REMOTE_ADDR'] = getStringFromServer('REMOTE_ADDR') ;
 $GLOBALS['HTTP_USER_AGENT'] = getStringFromServer('HTTP_USER_AGENT') ;
 
+function FusionForgeRoleToMediawikiGroupName ($role, $project) {
+	if ($role->getHomeProject() == NULL) {
+		return sprintf ('ForgeRole:%s [global]',
+				$role->getName ()) ;
+	} elseif ($role->getHomeProject()->getID() != $project->getID()) {
+		return sprintf ('ForgeRole:%s [project %s]',
+				$role->getName (),
+				$role->getHomeProject()->getUnixName()) ;
+	} else {
+		return sprintf ('ForgeRole:%s',
+				$role->getName ()) ;
+	}
+}
+
 function FusionForgeMWAuth( $user, &$result ) {
-	global $fusionforgeproject ;
+	global $fusionforgeproject, $wgGroupPermissions ;
 
 	$cookie = getStringFromCookie ('session_ser') ;
         if ($cookie != '') {
@@ -127,8 +141,6 @@
         if ($s) {
                 $u = user_get_object ($s);
 		$g = group_get_object_by_name ($fusionforgeproject) ;
-		$perm =& $g->getPermission ();
-		$r =& $u->getRole($g) ;
 
                 $mwname = ucfirst($u->getUnixName ()) ;
                 $mwu = User::newFromName ($mwname);
@@ -145,56 +157,129 @@
 		$user->loadGroups() ;
 		$current_groups = $user->getGroups() ;
 
-                // Role-based access control
-		if (!isset ($r) || !$r || $r->isError()) {
-			$rname = '' ;
+		if (USE_PFO_RBAC) {
+			$available_roles = RBACEngine::getInstance()->getAvailableRoles() ;
+			$rs = array () ;
+			foreach ($available_roles as $r) {
+				$linked_projects = $r->getLinkedProjects () ;
+
+				foreach ($linked_projects as $lp) {
+					if ($lp->getID() == $g->getID()) {
+						$rs[] = $r ;
+					}
+				}
+			}
 		} else {
-			$rname = "ForgeRole:".$r->getName () ;
+			$perm =& $g->getPermission ();
+			$r = $u->getRole($g) ;
+			if (isset ($r) && $r && !$r->isError()) {
+				$rs = array ($r) ;
+			}
 		}
+		
+		// Sync MW groups for current user with FF roles
+		$rnames = array () ;
+		foreach ($rs as $r) {
+			$rnames[] = FusionForgeRoleToMediawikiGroupName ($r, $g) ;
+		}
 		$role_groups = preg_grep ("/^ForgeRole:/", $current_groups) ;
+
+		foreach ($rnames as $rname) {
+			if (!in_array ($rname, $current_groups)) {
+				$user->addGroup ($rname) ;
+			}
+		}
 		foreach ($role_groups as $cg) {
-			if ($cg != $rname) {
-                                $user->removeGroup ($cg) ;
+			if (!in_array ($cg, $rnames)) {
+				$user->removeGroup ($cg) ;
 			}
 		}
-		if (!in_array ($rname, $current_groups)) {
-			$user->addGroup ($rname) ;
+
+		// Setup rights for all roles referenced by project
+		$rs = $g->getRoles() ;
+		foreach ($rs as $r) {
+			$gr = FusionForgeRoleToMediawikiGroupName ($r, $g) ;
+
+			// Day-to-day edit privileges
+			switch ($r->getVal('plugin_mediawiki_edit', $g->getID())) {
+			case 0:
+				$wgGroupPermissions[$gr]['edit']          = false;
+				$wgGroupPermissions[$gr]['createpage']    = false;
+				$wgGroupPermissions[$gr]['createtalk']    = false;
+				$wgGroupPermissions[$gr]['minoredit']     = false;
+				$wgGroupPermissions[$gr]['move']          = false;
+				$wgGroupPermissions[$gr]['delete']        = false;
+				$wgGroupPermissions[$gr]['undelete']      = false;
+				break ;
+			case 1:
+				$wgGroupPermissions[$gr]['edit']          = true;
+				$wgGroupPermissions[$gr]['createpage']    = false;
+				$wgGroupPermissions[$gr]['createtalk']    = false;
+				$wgGroupPermissions[$gr]['minoredit']     = false;
+				$wgGroupPermissions[$gr]['move']          = false;
+				$wgGroupPermissions[$gr]['delete']        = false;
+				$wgGroupPermissions[$gr]['undelete']      = false;
+				break ;
+			case 2:
+				$wgGroupPermissions[$gr]['edit']          = true;
+				$wgGroupPermissions[$gr]['createpage']    = true;
+				$wgGroupPermissions[$gr]['createtalk']    = true;
+				$wgGroupPermissions[$gr]['minoredit']     = true;
+				$wgGroupPermissions[$gr]['move']          = false;
+				$wgGroupPermissions[$gr]['delete']        = false;
+				$wgGroupPermissions[$gr]['undelete']      = false;
+				break ;
+			case 3:
+				$wgGroupPermissions[$gr]['edit']          = true;
+				$wgGroupPermissions[$gr]['createpage']    = true;
+				$wgGroupPermissions[$gr]['createtalk']    = true;
+				$wgGroupPermissions[$gr]['minoredit']     = true;
+				$wgGroupPermissions[$gr]['move']          = true;
+				$wgGroupPermissions[$gr]['delete']        = true;
+				$wgGroupPermissions[$gr]['undelete']      = true;
+				break ;
+			}
+
+			// File upload privileges
+			switch ($r->getVal('plugin_mediawiki_upload', $g->getID())) {
+			case 0:
+				$wgGroupPermissions[$gr]['upload']        = false;
+				$wgGroupPermissions[$gr]['reupload-own']  = false;
+				$wgGroupPermissions[$gr]['reupload']      = false;
+				$wgGroupPermissions[$gr]['upload_by_url'] = false;
+				break ;
+			case 1:
+				$wgGroupPermissions[$gr]['upload']        = true;
+				$wgGroupPermissions[$gr]['reupload-own']  = true;
+				$wgGroupPermissions[$gr]['reupload']      = false;
+				$wgGroupPermissions[$gr]['upload_by_url'] = false;
+				break ;
+			case 2:
+				$wgGroupPermissions[$gr]['upload']        = true;
+				$wgGroupPermissions[$gr]['reupload-own']  = true;
+				$wgGroupPermissions[$gr]['reupload']      = true;
+				$wgGroupPermissions[$gr]['upload_by_url'] = true;
+				break ;
+			}
+
+			// Administrative tasks
+			switch ($r->getVal('plugin_mediawiki_admin', $g->getID())) {
+			case 0:
+				$wgGroupPermissions[$gr]['editinterface'] = false;
+				$wgGroupPermissions[$gr]['import']        = false;
+				$wgGroupPermissions[$gr]['importupload']  = false;
+				$wgGroupPermissions[$gr]['siteadmin']     = false;
+				break ;
+			case 1:
+				$wgGroupPermissions[$gr]['editinterface'] = true;
+				$wgGroupPermissions[$gr]['import']        = true;
+				$wgGroupPermissions[$gr]['importupload']  = true;
+				$wgGroupPermissions[$gr]['siteadmin']     = true;
+				break ;
+			}
+
 		}
 
-		// Previous (group-based) access control
-               $current_groups = $user->getGroups() ;
-                if ($perm && is_object($perm) && $perm->isAdmin()) {
-                        if (!in_array ('sysop', $current_groups)) {
-                                $user->addGroup ('sysop') ;
-                        }
-                        if (!in_array ('Members', $current_groups)) {
-                                $user->addGroup ('Members') ;
-                        }
-                        if (!in_array ('ForgeUsers', $current_groups)) {
-                                $user->addGroup ('ForgeUsers') ;
-                        }
-                } elseif ($perm && is_object($perm) && $perm->isMember()) {
-                        if (in_array ('sysop', $current_groups)) {
-                                $user->removeGroup ('sysop') ;
-                        }
-                        if (!in_array ('Members', $current_groups)) {
-                                $user->addGroup ('Members') ;
-                        }
-                        if (!in_array ('ForgeUsers', $current_groups)) {
-                                $user->addGroup ('ForgeUsers') ;
-                        }
-                } else {
-                        if (in_array ('sysop', $current_groups)) {
-                                $user->removeGroup ('sysop') ;
-                        }
-                        if (in_array ('Members', $current_groups)) {
-                                $user->removeGroup ('Members') ;
-                        }
-                        if (!in_array ('ForgeUsers', $current_groups)) {
-                                $user->addGroup ('ForgeUsers') ;
-                        }
-                }
-
                 $user->setCookies ();
                 $user->saveSettings ();
 		wfSetupSession ();
@@ -206,10 +291,6 @@
 	return true ;
 }
 
-//function NoLogoutLinkOnMainPage(&$personal_urls){unset($personal_urls['logout']);return true;}
-//$wgHooks['PersonalUrls']['logout']='NoLogoutLinkOnMainPage';
-//function NoLoginLinkOnMainPage(&$personal_urls){unset($personal_urls['anonlogin']);return true;}
-//$wgHooks['PersonalUrls']['anonlogin']='NoLoginLinkOnMainPage';
 function NoLinkOnMainPage(&$personal_urls){
 	unset($personal_urls['anonlogin']);
 	unset($personal_urls['anontalk']);
@@ -264,43 +345,14 @@
 
 $GLOBALS['wgHooks']['UserLoadFromSession'][]='FusionForgeMWAuth';
 
-$g = group_get_object_by_name ($fusionforgeproject) ;
-$roles = $g->getRoles () ;
-foreach ($roles as $role) {
-	$gr = "ForgeRole:".$role->getName () ;
-	switch ($role->getVal('plugin_mediawiki_edit', 0)) {
-	case 0:
-		$wgGroupPermissions[$gr]['edit']          = false;
-		$wgGroupPermissions[$gr]['createpage']    = false;
-		$wgGroupPermissions[$gr]['createtalk']    = false;
-		break ;
-	case 1:
-		$wgGroupPermissions[$gr]['edit']          = true;
-		$wgGroupPermissions[$gr]['createpage']    = false;
-		$wgGroupPermissions[$gr]['createtalk']    = false;
-		break ;
-	case 2:
-		$wgGroupPermissions[$gr]['edit']          = true;
-		$wgGroupPermissions[$gr]['createpage']    = true;
-		$wgGroupPermissions[$gr]['createtalk']    = true;
-		break ;
-	}
-}
-
 $wgGroupPermissions['ForgeUsers']['createaccount'] = false;
 $wgGroupPermissions['ForgeUsers']['edit']          = false;
-$wgGroupPermissions['ForgeUsers']['createpage']    = false;
-$wgGroupPermissions['ForgeUsers']['createtalk']    = false;
 
 $wgGroupPermissions['user']['createaccount'] = false;
 $wgGroupPermissions['user']['edit']          = false;
-$wgGroupPermissions['user']['createpage']    = false;
-$wgGroupPermissions['user']['createtalk']    = false;
 
 $wgGroupPermissions['*']['createaccount'] = false;
 $wgGroupPermissions['*']['edit']          = false;
-$wgGroupPermissions['*']['createpage']    = false;
-$wgGroupPermissions['*']['createtalk']    = false;
 
 $res = db_query_params("SELECT is_public from groups where unix_group_name=$1", array($fusionforgeproject)) ;
 $row = db_fetch_array($res);
@@ -317,13 +369,13 @@
 	$wgGroupPermissions['ForgeUsers']['read']     	= false;
 	$wgGroupPermissions['user']['read']     	= false;
 	$wgGroupPermissions['*']['read']          	= false;
-} 
+}
 
 $wgFavicon = '/images/icon.png' ;
 $wgBreakFrames = false ;
 ini_set ('memory_limit', '50M') ;
 
-// LOAD THE SITE-WIDE AND PROJECT-SPECIFIC EXTRA-SETTINGS 
+// LOAD THE SITE-WIDE AND PROJECT-SPECIFIC EXTRA-SETTINGS
 if (is_file(forge_get_config('config_path')."/plugins/mediawiki/LocalSettings.php")) {
 	include(forge_get_config('config_path')."/plugins/mediawiki/LocalSettings.php");
 }
@@ -344,7 +396,7 @@
 // project specific settings
 if (is_file("$project_dir/ProjectSettings.php")) {
         include ("$project_dir/ProjectSettings.php") ;
-} 
+}
 
 // Local Variables:
 // mode: php




More information about the Fusionforge-commits mailing list