Hi,
OK, I know one of key feature of a Wiki is "unrestricted access to everyone", but there are some times when you definitely want to have a subpart of a Wiki to be more "private", or "read only", using a more sophisticated scheme than white-lists (no, I don't want to create a separate wiki).
So, I'm willing to give it a stab and see if I can turn that out into an extension, as a small spare-time project (that would probably be completed in 2012 I guess). In the meantime would you guys be open to add some hooks into 1.4 / 1.5 ? Or pointing out where to put them ?
For example, I have the feeling Title::userCanEdit() and Title::userCanRead() would be two interesting places to put event/hooks.
I'm not exactly sure what userCanRead() prevent from though, any clue ? For example, if I check the "Special::Recent Changes", it seems to me that if user can not read a given page P, he should certainly not be able to see the comments that were entered when someone else modified that page P (neither should he be able to see the "diffs"). My fear is that I miss one of the many ways to see the contents of a page.
Actually I just checked 1.4 and it seems there is a new Title::userCan($action) that seem to be called by userCanRead/userCanEdit... A hook near the end maybe, before 'return true' ? It uses getRestrictions(), which seems to pull something out of the cur_restrictions field, but this is not really documented, what's the format of that column in 'cur', something like edit:user1,user2;move:user3,user2, etc ?
Thanks
-- Sebastien Barre
Sebastien BARRE <sebastien.barre <at> kitware.com> writes:
Hi,
OK, I know one of key feature of a Wiki is "unrestricted access to everyone", but there are some times when you definitely want to have a subpart of a Wiki to be more "private", or "read only", using a more sophisticated scheme than white-lists (no, I don't want to create a separate wiki).
I also am interested in developing ACL. We can collaborate together. You can send the information to me that you have on ACL in mediawiki.
Thank you very much
Actually I just checked 1.4 and it seems there is a new Title::userCan($action) that seem to be called by userCanRead/userCanEdit... A hook near the end maybe, before 'return true' ? It uses getRestrictions(), which seems to pull something out of the cur_restrictions field, but this is not really documented, what's the format of that column in 'cur', something like edit:user1,user2;move:user3,user2, etc ?
I think that the format of that column in 'cur' is
action1:group1,group2;action2:group3,group2
better than
edit:user1,user2;move:user3,user2
I have done a modification that just work. I have changed the function protect to prevent not just from edit, but also it allows to hide an article. In the file article.php
FILE --- includes/Article.php
@@ -745,6 +745,12 @@ exit; }
+ if ( !$this->mTitle->userCanHide () ) { + $wgOut->loginToUse (); + $wgOut->output (); + exit; + } +
# We're looking at an old revision
@@ -1330,6 +1336,7 @@ $restrictions = "move=" . $limit; if( !$moveonly ) { $restrictions .= ":edit=" . $limit; + $restrictions .= ":view=" . $limit; } if (wfRunHooks('ArticleProtect', $this, $wgUser, $limit == 'sysop', $reason, $moveonly)) {
FILE --- includes/Title.php
@@ -745,6 +745,13 @@ return false; }
+ function isHidden () { + $a = $this->getRestrictions ("view"); + $result = in_array ('sysop', $a); + + return $result; + } + /** * Is $wgUser is watching this page? * @return boolean @@ -815,6 +822,16 @@ }
/** + * Can $wgUser hide this page + * + * @return boolean + * @access public + */ + function userCanHide () { + return $this->userCan ('hide'); + } + + /** * Can $wgUser edit this page? * @return boolean * @access public @@ -840,11 +857,20 @@ function userCanRead() { global $wgUser; + if ($this->isHidden()) + { + if ($wgUser->isAllowed ('hide')) + return true; + else + return false; + } + if( $wgUser->isAllowed('read') ) { return true; } else { global $wgWhitelistRead; + /** If anon users can create an account, they need to reach the login page first! */ if( $wgUser->isAllowed( 'createaccount'
FILE --- includes/User.php
@@ -653,6 +653,7 @@ 'rollback' => 'sysop', 'block' => 'sysop', 'editinterface' => 'sysop', + 'hide' => 'sysop', 'move' => 'user', 'read' => empty( $wgWhitelistRead ) ? '*' : 'user', 'createaccount' => '*' );
wikitech-l@lists.wikimedia.org