Wikia - creating communities
<?php
/**
* The RightsControl Extension's task's are:
* - Managements of UserRights in a manor similar to Special:Userrights but safe like
* Special:Makesysop, Special:Makebot, and Special:Desysop.
*
* @package GENetwork Extensions
* @subpackage RightsControl
* @author Daniel Friesen (http://www.wikia.com/wiki/User:Dantman) (dan_the_man@telus.net)
* @license http://www.gnu.org/copyleft/gpl.html GNU General Public Licence 2.0 or later
*/
if( !defined( 'MEDIAWIKI' ) ) die( "This is an extension to the MediaWiki package and cannot be run standalone." );
require_once( "$IP/includes/SpecialPage.php" );
/**
* Constructor
*/
class SpecialRightsControl extends SpecialPage {
function SpecialRightsControl() {
global $wgRequest;
SpecialPage::SpecialPage( 'RightsControl', 'rc-use', true, false, 'default', false );
}
/**
* Execute
*/
function execute( $par = null ) {
global $wgUser, $wgOut, $wgRequest;
# Check rights
if ( $wgUser->isAllowed( 'userrights' ) ) {
$wgOut->redirect( SpecialPage::getTitleFor( 'Userrights' )->getFullURL() );
return false;
}
wfDebug( $wgRequest->getBool( 'pass-error', false ) . "\n" . $wgRequest->getText( 'pass-error', '' ) );
if ( !$wgUser->isAllowed( 'rc-use' ) ) {
$wgOut->permissionRequired( "re-use" );
return false;
}
# Don't allow blocked users to move pages
if ( $wgUser->isBlocked() ) {
$wgOut->blockedPage();
return false;
}
# Check for database lock
if ( wfReadOnly() ) {
$wgOut->readOnlyPage();
return false;
}
$this->setHeaders();
$f = new SpecialRightsControlForm( $par );
//Show Error form if we have errors
if( count( $f->errors ) > 0 ) $f->showErrorForm();
//Always show the user form
$f->showUserForm();
if( !is_null( $f->userObject ) && $f->userObject->getID() != 0 ) {
//Continue with this if we have a user
if( $wgRequest->wasPosted() && $wgRequest->getCheck( 'yes-dogroups' ) && count( $f->errors ) <= 0 ) {
//If there was a yes from the confirmation form
// and we have no errors then run the rights changer
// and redirect us back after finished to refresh the info
$f->doGroups();
$wgOut->redirect( SpecialPage::getTitleFor( 'RightsControl' )->getFullURL(
'username='.wfUrlencode($f->userName).'&rightsControlMainpageFallback=true' ) );
} elseif( $wgRequest->wasPosted() && $wgRequest->getCheck( 'savegroups' ) && count( $f->errors ) <= 0 ) {
//If we requested an action display the confirmation form
$f->showConfirmForm();
} else {
//If nothing else, show the rights form if we have a user chosen
$f->showRightsForm();
}
}
}
}
class SpecialRightsControlForm {
var $allGroups, $selfAction, $errors;
var $userName, $userObject, $userGroups;
var $addGroups, $removeGroups;
/**
* Setup
*/
function SpecialRightsControlForm( $par = NULL ) {
global $wgOut, $wgUser, $wgRequest;
$titleObj = SpecialPage::getTitleFor( 'RightsControl' );
$this->selfAction = $titleObj->escapeLocalURL();
$this->allGroups = User::getAllGroups();
$this->userName = $wgRequest->getVal( 'username', NULL );
$this->userObject = User::newFromName( $this->userName );
$this->userGroups = !is_null( $this->userObject ) ? $this->userObject->getGroups() : array();
$this->addGroups = $wgRequest->getArray( 'add', array() );
$this->removeGroups = $wgRequest->getArray( 'remove', array() );
$this->errors = array();
if( ( is_null( $this->userObject ) && $wgRequest->wasPosted() ) || $this->userName === '' ) {
$this->errors[] = $wgOut->parse( wfMsg( 'nouserspecified' ) );
} elseif( !is_null( $this->userObject ) && $this->userObject->getID() == 0 ) {
$this->errors[] = $wgOut->parse( wfMsg( 'nosuchusershort', wfEscapeWikiText( $this->userName ) ) );
} else {
if( $wgRequest->wasPosted() && $wgRequest->getCheck( 'savegroups' ) ) {
//We requested action, validate it
if( count( $this->addGroups + $this->removeGroups ) > 0 ) {
//If we selected groups to change
foreach( $this->addGroups as $group ) {
if( in_array( $group, $this->userObject->getGroups() ) ) {
//User already has this group to be added
$this->errors[] = $wgOut->parse( wfMsg( 'userrights-alreadyhas', $group ) );
}
if( !$wgUser->isAllowed( "rc-mk-$group" ) ) {
//You can't add this group
$this->errors[] = $wgOut->parse( wfMsg( 'badaccess-addgroup', $group ) );
}
}
foreach( $this->removeGroups as $group ) {
//User dosen't have this group to be removed
if( !in_array( $group, $this->userObject->getGroups() ) ) {
$this->errors[] = $wgOut->parse( wfMsg( 'userrights-isnotgroup', $group ) );
}
if( !$wgUser->isAllowed( "rc-de-$group" ) &&
( !$wgUser->isAllowed( "rc-sr-$group" ) &&
$wgUser->getName() == $this->userObject->getName() ) ) {
//You can't remove this group
$this->errors[] = $wgOut->parse( wfMsg( 'badaccess-removegroup', $group ) );
}
}
} else {
//You didn't select anything
$this->errors[] = $wgOut->parse( wfMsg( 'userrights-noneselected' ) );
}
}
}
}
/**
* Error Box
*/
function showErrorForm() {
global $wgOut;
$wgOut->addHTML(
Xml::openElement( 'fieldset' ).
Xml::element( 'legend', NULL, wfMsg( 'userrights-error' ) ).
Xml::openElement( 'div', array( 'class' => 'error' ) )
);
foreach( $this->errors as $error )
$wgOut->addHTML( $error );
$wgOut->addHTML(
Xml::closeElement( 'div' ).
Xml::closeElement( 'fieldset' )
);
}
/**
* User Search Form
*/
function showUserForm() {
global $wgOut;
$wgOut->addHTML(
Xml::openElement( 'fieldset' ).
Xml::element( 'legend', NULL, wfMsg( 'userrights-lookup-user' ) ).
Xml::openElement( 'form', array( 'method' => 'post', 'action' => $this->selfAction, 'name' => 'userform' ) ).
//Username
Xml::openElement( 'p' ).
Xml::inputLabel( wfMsg( 'userrights-user-editname' ),
'username', 'username', 30,
$this->userName ).
Xml::closeElement( 'p' ).
//Submit
Xml::openElement( 'p' ).
Xml::submitButton( wfMsg( 'editusergroup' ) ).
Xml::closeElement( 'p' ).
Xml::closeElement( 'form' ).
Xml::closeElement( 'fieldset' )
);
}
/**
* User Rights Control Form
*/
function showRightsForm() {
global $wgOut, $wgUser;
$wgOut->addHTML(
Xml::openElement( 'fieldset' ).
Xml::element( 'legend', NULL, wfMsg( 'editusergroup' ) ).
Xml::openElement( 'form', array( 'method' => 'post', 'action' => $this->selfAction, 'name' => 'userrights' ) ).
Xml::hidden( 'username', $this->userName ).
$wgOut->parse( wfMsg( 'editinguser', $this->userObject->getName() ) ).
Xml::openElement( 'table', array(
'style' => 'width: 100%;'
) ).
Xml::openElement( 'tr' ).
//Headers
Xml::element( 'th' ).
Xml::openElement( 'th' ).
$wgOut->parse( wfMsg( 'userremovefrom' ) ).
Xml::closeElement( 'th' ).
Xml::openElement( 'th' ).
$wgOut->parse( wfMsg( 'useraddto' ) ).
Xml::closeElement( 'th' ).
Xml::closeElement( 'tr' ).
Xml::openElement( 'tr' ).
Xml::openElement( 'td', array( 'style' => 'vertical-align: top;' ) ).
Xml::openElement( 'ul' ).
$wgOut->parse( wfMsg( 'useringroups' ) )
);
//List groups
foreach( $this->userGroups as $group )
$wgOut->addHTML(
Xml::openElement( 'li' ).
User::makeGroupLinkHTML( $group, User::getGroupMember( $group ) ).
Xml::closeElement( 'li' )
);
$wgOut->addHTML(
Xml::closeElement( 'ul' ).
Xml::closeElement( 'td' ).
Xml::openElement( 'td', array( 'style' => 'width: 20%; text-align: center;' ) ).
Xml::openElement( 'select', array( 'name' => 'remove[]', 'multiple'=> 'multiple', 'size' => 6 ) )
);
//Remove from
foreach( $this->userGroups as $group )
if( $wgUser->isAllowed( "rc-de-$group" ) ||
( $wgUser->isAllowed( "rc-sr-$group" ) &&
$wgUser->getName() == $this->userObject->getName() ) )
$wgOut->addHTML( Xml::option( User::getGroupMember( $group ), $group ) );
$wgOut->addHTML(
Xml::closeElement( 'select' ).
Xml::closeElement( 'td' ).
Xml::openElement( 'td', array( 'style' => 'width: 20%; text-align: center;' ) ).
Xml::openElement( 'select', array( 'name' => 'add[]', 'multiple'=> 'multiple', 'size' => 6 ) )
);
//Add to
foreach( $this->allGroups as $group )
if( !in_array( $group, $this->userGroups ) )
if( $wgUser->isAllowed( "rc-mk-$group" ) )
$wgOut->addHTML( Xml::option( User::getGroupMember( $group ), $group ) );
$wgOut->addHTML(
Xml::closeElement( 'select' ).
Xml::closeElement( 'td' ).
Xml::closeElement( 'tr' ).
Xml::closeElement( 'table' ).
$wgOut->parse( wfMsg( 'userrights-limitedhelp' ) ).
$wgOut->parse( wfMsg( 'userrights-groupshelp' ) ).
Xml::submitButton( wfMsg( 'saveusergroups' ), array( 'name' => 'savegroups' ) ).
Xml::closeElement( 'form' ).
Xml::closeElement( 'fieldset' )
);
}
/**
* Confirmation Form
*/
function showConfirmForm() {
global $wgOut, $wgUser, $wgRequest;
$wgOut->addHTML(
Xml::openElement( 'fieldset' ).
Xml::element( 'legend', NULL, wfMsg( 'userrights-confirm' ) ).
Xml::openElement( 'form', array( 'method' => 'post', 'action' => $this->selfAction, 'name' => 'userform' ) ).
Xml::hidden( 'username', $this->userName )
);
//Add the change data into hidden elements
foreach( $this->removeGroups as $group )
$wgOut->addHTML( Xml::hidden( 'remove[]', $group ) );
foreach( $this->addGroups as $group )
$wgOut->addHTML( Xml::hidden( 'add[]', $group ) );
//Output the info
foreach( $this->addGroups as $group ) {
//Add this group
$wgOut->addHTML(
$wgOut->parse( wfMsg( 'userrights-addgroup', User::getGroupMember( $group ), $group ) )
);
if( $wgUser->isAllowed( "rc-mk-$group" ) && !$wgUser->isAllowed( "rc-de-$group" ) ) {
//You can add this, but you won't be able to remove it
$wgOut->addHTML(
$wgOut->parse( wfMsg( 'userrights-oneway-noremove', User::getGroupMember( $group ), $group ) )
);
}
}
foreach( $this->removeGroups as $group ) {
//Remove this group
$wgOut->addHTML(
$wgOut->parse( wfMsg( 'userrights-removegroup', User::getGroupMember( $group ), $group ) )
);
if( $wgUser->isAllowed( "rc-de-$group" ) && !$wgUser->isAllowed( "rc-mk-$group" ) ) {
//You can remove this, but you won't be able to add it
$wgOut->addHTML(
$wgOut->parse( wfMsg( 'userrights-oneway-nogrant', User::getGroupMember( $group ), $group ) )
);
}
}
$wgOut->addHTML(
$wgOut->parse( wfMsg( 'userrights-sure' ) ).
Xml::submitButton( wfMsg( 'userrights-yes' ), array( 'name' => 'yes-dogroups' ) ).
Xml::submitButton( wfMsg( 'userrights-no' ), array( 'name' => 'no-dogroups' ) ).
Xml::closeElement( 'form' ).
Xml::closeElement( 'fieldset' )
);
}
/**
* Actually change the groups.
*
* @note This function has no validation, this is all done at setup and this must NOT be
* executed unless you have already made sure that there are no errors in the
* $errors array.
* @note Most of this is actually directly copied from includes/SpecialUserrights.php
* but while that page itself is a security issue for permissions, the actual
* code managing permissions is alright, we already made sure everything was ok.
*/
function doGroups() {
$oldGroups = $this->userGroups;
$newGroups = $oldGroups;
// remove then add groups
$newGroups = array_diff($newGroups, $this->removeGroups);
foreach( $this->removeGroups as $group ) {
$this->userObject->removeGroup( $group );
}
$newGroups = array_merge($newGroups, $this->addGroups);
foreach( $this->addGroups as $group ) {
$this->userObject->addGroup( $group );
}
$newGroups = array_unique( $newGroups );
wfDebug( 'oldGroups: ' . print_r( $oldGroups, true ) );
wfDebug( 'newGroups: ' . print_r( $newGroups, true ) );
wfRunHooks( 'UserRights', array( &$u, $this->addGroups, $this->removeGroups ) );
$log = new LogPage( 'rights' );
$log->addEntry( 'rights',
Title::makeTitle( NS_USER, $this->userObject->getName() ), '',
array(
implode( ', ', $oldGroups ),
implode( ', ', $newGroups )
) );
}
}
?>
![[Dantman]](http://images2.wikia.nocookie.net/common/avatars/0/0e/34115.png?20091113025627)
