[Mediawiki-l] [quickhack] require a specific user to view a page

Moritz Karbach mailinglist at karba.ch
Thu Feb 3 10:04:29 UTC 2005


Hi Rowan,

> > That's one thing I can tolerate.
>
> Funny, I figured that would be the worst part. But I guess if you've
> got total control over who has editing rights anyway (a CMS-style
> environment, rather than a truly wiki-ish one), this isn't such a big
> deal after all.

If it turns out, that I'm using the whole day on removing malicious category 
links, I'll think about another solution :-)

> I'm pretty sure it's the other way around - the "parser" has to go
> through the wikitext, and pick out any category links it finds; these
> are then plonked in the database for other use if the page is being
> saved. On preview, they're just added in the little box at the bottom
> of the page, without the database being updated.

I guess it works more like 1. grabbing all the wiki text, from DB _and_ from 
the user's edit form, then 2. pass it to the parser. That's why a check of 
the access rights in a function that only grabs from DB isn't sufficient...

> $wgOut (the instance of OutputPage.php)

Yes, that's the key. The very last action of index.php is to call 
$wgOut->output(), so I copied my (slightly modified) quickhack code to this 
function and it seems to work. 

So we got three places to modify:

includes/Title.php  prevent access for default view, editing, diff
includes/OutpuPage.php  prevent access in case of preview of templates
LocalSettings.php  define access rights

------------------------
includes/OutputPage.php, line 370 (function output() at the beginning):

# inserted by m:o
global $wgRequireUser;

// get categories as array
$parentCategories = $this->getCategoryLinks();

if( !empty($parentCategories) ) //prevents php warning for uncategorized pages
{
 // go through all categories wich have restrictions
 foreach(  $wgRequireUser as $category => $requiredUser )
 {
  // go through all categories to which a page belongs to
  foreach( $parentCategories as $key => $siteCategoryLink )
  {
   // is the page in a category that is restricted?
   // strip_tags gets rid of the <a href...>
   if( $category==strip_tags($siteCategoryLink) )
   {
    // ...then check, whether the user is the right one!
    $user = $wgUser->getName();
    $isUsrAllowed = preg_match("/\b$user\b/", "$requiredUser");

    // not the right one? -> go away!
    if( $isUsrAllowed!=1 )
    {
     // don't show any categories on the 'login required'-page
     $this->mCategoryLinks = array();

     $this->loginToUse();
     $this->mBodytext .= '<br><br>Wenn du von einer Bearbeiten-Seite hier 
gelandet bist, hast du versucht, ein geschuetztes template einzubinden. 
Benutze den Zurueck-Button in deinem Browser!<br><br>If you ended up here 
coming from an editing site, you have tried to use a protected template. 
Please use the back button of your browser!';
    }
   }
  }
 }
}
# /inserted by m:o


------------------------
includes/OutputPage.php, line 623 (function loginToUse()):

//comment the following:
$this->returnToMain();                # Flip back to the main page after 10 
seconds.


Cheers,

- Moritz



More information about the MediaWiki-l mailing list