[Fusionforge-commits] r10535 - in trunk/src/plugins/mediawiki: common www
Roland Mas
lolando at libremir.placard.fr.eu.org
Fri Sep 17 17:49:56 CEST 2010
Author: lolando
Date: 2010-09-17 17:49:56 +0200 (Fri, 17 Sep 2010)
New Revision: 10535
Modified:
trunk/src/plugins/mediawiki/common/MediaWikiPlugin.class.php
trunk/src/plugins/mediawiki/www/LocalSettings.php
Log:
Mediawiki plugin now uses new RBAC system
Modified: trunk/src/plugins/mediawiki/common/MediaWikiPlugin.class.php
===================================================================
--- trunk/src/plugins/mediawiki/common/MediaWikiPlugin.class.php 2010-09-17 15:41:59 UTC (rev 10534)
+++ trunk/src/plugins/mediawiki/common/MediaWikiPlugin.class.php 2010-09-17 15:49:56 UTC (rev 10535)
@@ -123,15 +123,37 @@
}
} elseif ($hookname == "role_get") {
$role =& $params['role'] ;
+
+ // Edit privileges
+ $right = new PluginSpecificRoleSetting ($role,
+ 'plugin_mediawiki_edit') ;
+ $right->SetAllowedValues (array ('0', '1', '2', '3')) ;
+ $right->SetDefaultValues (array ('Admin' => '3',
+ 'Senior Developer' => '2',
+ 'Junior Developer' => '1',
+ 'Doc Writer' => '3',
+ 'Support Tech' => '0')) ;
- $edit = new PluginSpecificRoleSetting ($role,
- 'plugin_mediawiki_edit') ;
- $edit->SetAllowedValues (array ('0', '1', '2')) ;
- $edit->SetDefaultValues (array ('Admin' => '2',
- 'Senior Developer' => '2',
- 'Junior Developer' => '1',
- 'Doc Writer' => '2',
- 'Support Tech' => '0')) ;
+ // File upload privileges
+ $right = new PluginSpecificRoleSetting ($role,
+ 'plugin_mediawiki_upload') ;
+ $right->SetAllowedValues (array ('0', '1', '2')) ;
+ $right->SetDefaultValues (array ('Admin' => '2',
+ 'Senior Developer' => '2',
+ 'Junior Developer' => '1',
+ 'Doc Writer' => '2',
+ 'Support Tech' => '0')) ;
+
+ // Administrative tasks
+ $right = new PluginSpecificRoleSetting ($role,
+ 'plugin_mediawiki_admin') ;
+ $right->SetAllowedValues (array ('0', '1')) ;
+ $right->SetDefaultValues (array ('Admin' => '1',
+ 'Senior Developer' => '0',
+ 'Junior Developer' => '0',
+ 'Doc Writer' => '0',
+ 'Support Tech' => '0')) ;
+
} elseif ($hookname == "role_normalize") {
$role =& $params['role'] ;
$new_sa =& $params['new_sa'] ;
@@ -146,12 +168,26 @@
$role->normalizeDataForSection ($new_sa, 'plugin_mediawiki_edit') ;
}
} elseif ($hookname == "role_translate_strings") {
- $edit = new PluginSpecificRoleSetting ($role,
+ $right = new PluginSpecificRoleSetting ($role,
'plugin_mediawiki_edit') ;
- $edit->setDescription (_('Mediawiki write access')) ;
- $edit->setValueDescriptions (array ('0' => _('No editing'),
- '1' => _('Edit existing pages only'),
- '2' => _('Edit and create pages'))) ;
+ $right->setDescription (_('Mediawiki write access')) ;
+ $right->setValueDescriptions (array ('0' => _('No editing'),
+ '1' => _('Edit existing pages only'),
+ '2' => _('Edit and create pages'),
+ '3' => _('Edit, create, move, delete pages'))) ;
+
+ $right = new PluginSpecificRoleSetting ($role,
+ 'plugin_mediawiki_upload') ;
+ $right->setDescription (_('Mediawiki file upload')) ;
+ $right->setValueDescriptions (array ('0' => _('No uploading'),
+ '1' => _('Upload permitted'),
+ '2' => _('Upload and re-upload'))) ;
+
+ $right = new PluginSpecificRoleSetting ($role,
+ 'plugin_mediawiki_admin') ;
+ $right->setDescription (_('Mediawiki administrative tasks')) ;
+ $right->setValueDescriptions (array ('0' => _('No administrative access'),
+ '1' => _('Edit interface, import XML dumps'))) ;
} else if ($hookname == "project_admin_plugins") {
$group_id = $params['group_id'];
$group = &group_get_object($group_id);
Modified: trunk/src/plugins/mediawiki/www/LocalSettings.php
===================================================================
--- trunk/src/plugins/mediawiki/www/LocalSettings.php 2010-09-17 15:41:59 UTC (rev 10534)
+++ trunk/src/plugins/mediawiki/www/LocalSettings.php 2010-09-17 15:49:56 UTC (rev 10535)
@@ -115,8 +115,22 @@
$GLOBALS['REMOTE_ADDR'] = getStringFromServer('REMOTE_ADDR') ;
$GLOBALS['HTTP_USER_AGENT'] = getStringFromServer('HTTP_USER_AGENT') ;
+function FusionForgeRoleToMediawikiGroupName ($role, $project) {
+ if ($role->getHomeProject() == NULL) {
+ return sprintf ('ForgeRole:%s [global]',
+ $role->getName ()) ;
+ } elseif ($role->getHomeProject()->getID() != $project->getID()) {
+ return sprintf ('ForgeRole:%s [project %s]',
+ $role->getName (),
+ $role->getHomeProject()->getUnixName()) ;
+ } else {
+ return sprintf ('ForgeRole:%s',
+ $role->getName ()) ;
+ }
+}
+
function FusionForgeMWAuth( $user, &$result ) {
- global $fusionforgeproject ;
+ global $fusionforgeproject, $wgGroupPermissions ;
$cookie = getStringFromCookie ('session_ser') ;
if ($cookie != '') {
@@ -127,8 +141,6 @@
if ($s) {
$u = user_get_object ($s);
$g = group_get_object_by_name ($fusionforgeproject) ;
- $perm =& $g->getPermission ();
- $r =& $u->getRole($g) ;
$mwname = ucfirst($u->getUnixName ()) ;
$mwu = User::newFromName ($mwname);
@@ -145,56 +157,129 @@
$user->loadGroups() ;
$current_groups = $user->getGroups() ;
- // Role-based access control
- if (!isset ($r) || !$r || $r->isError()) {
- $rname = '' ;
+ if (USE_PFO_RBAC) {
+ $available_roles = RBACEngine::getInstance()->getAvailableRoles() ;
+ $rs = array () ;
+ foreach ($available_roles as $r) {
+ $linked_projects = $r->getLinkedProjects () ;
+
+ foreach ($linked_projects as $lp) {
+ if ($lp->getID() == $g->getID()) {
+ $rs[] = $r ;
+ }
+ }
+ }
} else {
- $rname = "ForgeRole:".$r->getName () ;
+ $perm =& $g->getPermission ();
+ $r = $u->getRole($g) ;
+ if (isset ($r) && $r && !$r->isError()) {
+ $rs = array ($r) ;
+ }
}
+
+ // Sync MW groups for current user with FF roles
+ $rnames = array () ;
+ foreach ($rs as $r) {
+ $rnames[] = FusionForgeRoleToMediawikiGroupName ($r, $g) ;
+ }
$role_groups = preg_grep ("/^ForgeRole:/", $current_groups) ;
+
+ foreach ($rnames as $rname) {
+ if (!in_array ($rname, $current_groups)) {
+ $user->addGroup ($rname) ;
+ }
+ }
foreach ($role_groups as $cg) {
- if ($cg != $rname) {
- $user->removeGroup ($cg) ;
+ if (!in_array ($cg, $rnames)) {
+ $user->removeGroup ($cg) ;
}
}
- if (!in_array ($rname, $current_groups)) {
- $user->addGroup ($rname) ;
+
+ // Setup rights for all roles referenced by project
+ $rs = $g->getRoles() ;
+ foreach ($rs as $r) {
+ $gr = FusionForgeRoleToMediawikiGroupName ($r, $g) ;
+
+ // Day-to-day edit privileges
+ switch ($r->getVal('plugin_mediawiki_edit', $g->getID())) {
+ case 0:
+ $wgGroupPermissions[$gr]['edit'] = false;
+ $wgGroupPermissions[$gr]['createpage'] = false;
+ $wgGroupPermissions[$gr]['createtalk'] = false;
+ $wgGroupPermissions[$gr]['minoredit'] = false;
+ $wgGroupPermissions[$gr]['move'] = false;
+ $wgGroupPermissions[$gr]['delete'] = false;
+ $wgGroupPermissions[$gr]['undelete'] = false;
+ break ;
+ case 1:
+ $wgGroupPermissions[$gr]['edit'] = true;
+ $wgGroupPermissions[$gr]['createpage'] = false;
+ $wgGroupPermissions[$gr]['createtalk'] = false;
+ $wgGroupPermissions[$gr]['minoredit'] = false;
+ $wgGroupPermissions[$gr]['move'] = false;
+ $wgGroupPermissions[$gr]['delete'] = false;
+ $wgGroupPermissions[$gr]['undelete'] = false;
+ break ;
+ case 2:
+ $wgGroupPermissions[$gr]['edit'] = true;
+ $wgGroupPermissions[$gr]['createpage'] = true;
+ $wgGroupPermissions[$gr]['createtalk'] = true;
+ $wgGroupPermissions[$gr]['minoredit'] = true;
+ $wgGroupPermissions[$gr]['move'] = false;
+ $wgGroupPermissions[$gr]['delete'] = false;
+ $wgGroupPermissions[$gr]['undelete'] = false;
+ break ;
+ case 3:
+ $wgGroupPermissions[$gr]['edit'] = true;
+ $wgGroupPermissions[$gr]['createpage'] = true;
+ $wgGroupPermissions[$gr]['createtalk'] = true;
+ $wgGroupPermissions[$gr]['minoredit'] = true;
+ $wgGroupPermissions[$gr]['move'] = true;
+ $wgGroupPermissions[$gr]['delete'] = true;
+ $wgGroupPermissions[$gr]['undelete'] = true;
+ break ;
+ }
+
+ // File upload privileges
+ switch ($r->getVal('plugin_mediawiki_upload', $g->getID())) {
+ case 0:
+ $wgGroupPermissions[$gr]['upload'] = false;
+ $wgGroupPermissions[$gr]['reupload-own'] = false;
+ $wgGroupPermissions[$gr]['reupload'] = false;
+ $wgGroupPermissions[$gr]['upload_by_url'] = false;
+ break ;
+ case 1:
+ $wgGroupPermissions[$gr]['upload'] = true;
+ $wgGroupPermissions[$gr]['reupload-own'] = true;
+ $wgGroupPermissions[$gr]['reupload'] = false;
+ $wgGroupPermissions[$gr]['upload_by_url'] = false;
+ break ;
+ case 2:
+ $wgGroupPermissions[$gr]['upload'] = true;
+ $wgGroupPermissions[$gr]['reupload-own'] = true;
+ $wgGroupPermissions[$gr]['reupload'] = true;
+ $wgGroupPermissions[$gr]['upload_by_url'] = true;
+ break ;
+ }
+
+ // Administrative tasks
+ switch ($r->getVal('plugin_mediawiki_admin', $g->getID())) {
+ case 0:
+ $wgGroupPermissions[$gr]['editinterface'] = false;
+ $wgGroupPermissions[$gr]['import'] = false;
+ $wgGroupPermissions[$gr]['importupload'] = false;
+ $wgGroupPermissions[$gr]['siteadmin'] = false;
+ break ;
+ case 1:
+ $wgGroupPermissions[$gr]['editinterface'] = true;
+ $wgGroupPermissions[$gr]['import'] = true;
+ $wgGroupPermissions[$gr]['importupload'] = true;
+ $wgGroupPermissions[$gr]['siteadmin'] = true;
+ break ;
+ }
+
}
- // Previous (group-based) access control
- $current_groups = $user->getGroups() ;
- if ($perm && is_object($perm) && $perm->isAdmin()) {
- if (!in_array ('sysop', $current_groups)) {
- $user->addGroup ('sysop') ;
- }
- if (!in_array ('Members', $current_groups)) {
- $user->addGroup ('Members') ;
- }
- if (!in_array ('ForgeUsers', $current_groups)) {
- $user->addGroup ('ForgeUsers') ;
- }
- } elseif ($perm && is_object($perm) && $perm->isMember()) {
- if (in_array ('sysop', $current_groups)) {
- $user->removeGroup ('sysop') ;
- }
- if (!in_array ('Members', $current_groups)) {
- $user->addGroup ('Members') ;
- }
- if (!in_array ('ForgeUsers', $current_groups)) {
- $user->addGroup ('ForgeUsers') ;
- }
- } else {
- if (in_array ('sysop', $current_groups)) {
- $user->removeGroup ('sysop') ;
- }
- if (in_array ('Members', $current_groups)) {
- $user->removeGroup ('Members') ;
- }
- if (!in_array ('ForgeUsers', $current_groups)) {
- $user->addGroup ('ForgeUsers') ;
- }
- }
-
$user->setCookies ();
$user->saveSettings ();
wfSetupSession ();
@@ -206,10 +291,6 @@
return true ;
}
-//function NoLogoutLinkOnMainPage(&$personal_urls){unset($personal_urls['logout']);return true;}
-//$wgHooks['PersonalUrls']['logout']='NoLogoutLinkOnMainPage';
-//function NoLoginLinkOnMainPage(&$personal_urls){unset($personal_urls['anonlogin']);return true;}
-//$wgHooks['PersonalUrls']['anonlogin']='NoLoginLinkOnMainPage';
function NoLinkOnMainPage(&$personal_urls){
unset($personal_urls['anonlogin']);
unset($personal_urls['anontalk']);
@@ -264,43 +345,14 @@
$GLOBALS['wgHooks']['UserLoadFromSession'][]='FusionForgeMWAuth';
-$g = group_get_object_by_name ($fusionforgeproject) ;
-$roles = $g->getRoles () ;
-foreach ($roles as $role) {
- $gr = "ForgeRole:".$role->getName () ;
- switch ($role->getVal('plugin_mediawiki_edit', 0)) {
- case 0:
- $wgGroupPermissions[$gr]['edit'] = false;
- $wgGroupPermissions[$gr]['createpage'] = false;
- $wgGroupPermissions[$gr]['createtalk'] = false;
- break ;
- case 1:
- $wgGroupPermissions[$gr]['edit'] = true;
- $wgGroupPermissions[$gr]['createpage'] = false;
- $wgGroupPermissions[$gr]['createtalk'] = false;
- break ;
- case 2:
- $wgGroupPermissions[$gr]['edit'] = true;
- $wgGroupPermissions[$gr]['createpage'] = true;
- $wgGroupPermissions[$gr]['createtalk'] = true;
- break ;
- }
-}
-
$wgGroupPermissions['ForgeUsers']['createaccount'] = false;
$wgGroupPermissions['ForgeUsers']['edit'] = false;
-$wgGroupPermissions['ForgeUsers']['createpage'] = false;
-$wgGroupPermissions['ForgeUsers']['createtalk'] = false;
$wgGroupPermissions['user']['createaccount'] = false;
$wgGroupPermissions['user']['edit'] = false;
-$wgGroupPermissions['user']['createpage'] = false;
-$wgGroupPermissions['user']['createtalk'] = false;
$wgGroupPermissions['*']['createaccount'] = false;
$wgGroupPermissions['*']['edit'] = false;
-$wgGroupPermissions['*']['createpage'] = false;
-$wgGroupPermissions['*']['createtalk'] = false;
$res = db_query_params("SELECT is_public from groups where unix_group_name=$1", array($fusionforgeproject)) ;
$row = db_fetch_array($res);
@@ -317,13 +369,13 @@
$wgGroupPermissions['ForgeUsers']['read'] = false;
$wgGroupPermissions['user']['read'] = false;
$wgGroupPermissions['*']['read'] = false;
-}
+}
$wgFavicon = '/images/icon.png' ;
$wgBreakFrames = false ;
ini_set ('memory_limit', '50M') ;
-// LOAD THE SITE-WIDE AND PROJECT-SPECIFIC EXTRA-SETTINGS
+// LOAD THE SITE-WIDE AND PROJECT-SPECIFIC EXTRA-SETTINGS
if (is_file(forge_get_config('config_path')."/plugins/mediawiki/LocalSettings.php")) {
include(forge_get_config('config_path')."/plugins/mediawiki/LocalSettings.php");
}
@@ -344,7 +396,7 @@
// project specific settings
if (is_file("$project_dir/ProjectSettings.php")) {
include ("$project_dir/ProjectSettings.php") ;
-}
+}
// Local Variables:
// mode: php
More information about the Fusionforge-commits
mailing list