Mglaser has uploaded a new change for review. https://gerrit.wikimedia.org/r/318533
Change subject: PageAccess: fix bug where tag would lead to a complete block ...................................................................... PageAccess: fix bug where tag would lead to a complete block Any usage of the tag would lead to a complete block of the page. This was due to User::getEffectiveGroups, which returns empty sets instead of the expected list of groups. Now using getGroups as well as getImplicitGroups to get the wanted result. Change-Id: Ie755a53f5790233f83a9c2da4aa6682d716923b7 --- M PageAccess/PageAccess.class.php 1 file changed, 35 insertions(+), 10 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/BlueSpiceExtensions refs/changes/33/318533/1 diff --git a/PageAccess/PageAccess.class.php b/PageAccess/PageAccess.class.php index 2bbbc0b..08b865e 100644 --- a/PageAccess/PageAccess.class.php +++ b/PageAccess/PageAccess.class.php @@ -38,6 +38,9 @@ * Separate multiple groups by commas. */ class PageAccess extends BsExtensionMW { + + private static $aAllowedPairs = array(); // <page_id>-<user_id> + protected function initExt() { wfProfileIn( 'BS::'.__METHOD__ ); $this->setHook( 'PageContentSave' ); @@ -114,7 +117,7 @@ /** * Checks if user is in one of the given user groups - * @param object $oUser the current user + * @param User $oUser the current user * @param string $sAccessGroups a comma separated list of user groups * @return bool */ @@ -122,11 +125,9 @@ if ( !$sAccessGroups ) return true; $aAccessGroups = array_map("trim", explode( ',', $sAccessGroups ) ); wfRunHooks( 'BSPageAccessAddAdditionalAccessGroups', array( &$aAccessGroups ) ); - $aUserGroups = $oUser->getEffectiveGroups(); + $aUserGroups = array_merge( $oUser->getGroups(), $oUser->getImplicitGroups() ); return (bool) array_intersect( $aAccessGroups, $aUserGroups ); } - - private static $aAllowedPairs = array(); // <page_id>-<user_id> /** * Checks if user is allowed to view page @@ -136,17 +137,35 @@ */ public function isUserAllowed( $oPage, $oUser ) { $oPage = ( $oPage instanceof Article ) ? $oPage->getTitle() : $oPage; + // if this is not a valid article or there is no user, + // this is none of our business. + if ( $oPage->getArticleId() == 0 ) { + return true; + } + $sPair = $oPage->getArticleId().'-'.$oUser->getId(); - if( isset( self::$aAllowedPairs[$sPair] ) ) return self::$aAllowedPairs[$sPair]; + + if( isset( self::$aAllowedPairs[$sPair] ) ) { + return self::$aAllowedPairs[$sPair]; + } $dbr = wfGetDB( DB_SLAVE ); $bHasAccess = true; $aAllTitles = $oPage->getTemplateLinksFrom(); $aAllTitles[] = $oPage; foreach ( $aAllTitles as $oTitleToCheck ) { - $sAccessGroups = $dbr->selectField( 'page_props', 'pp_value', - array( 'pp_page' => $oTitleToCheck->getArticleID(), 'pp_propname' => 'bs-page-access' ), __METHOD__ ); - if ( !$this->checkAccessGroups( $oUser, $sAccessGroups ) ) $bHasAccess = false; + $sAccessGroups = $dbr->selectField( + 'page_props', + 'pp_value', + array( + 'pp_page' => $oTitleToCheck->getArticleID(), + 'pp_propname' => 'bs-page-access' + ), + __METHOD__ + ); + if ( !$this->checkAccessGroups( $oUser, $sAccessGroups ) ) { + $bHasAccess = false; + } } self::$aAllowedPairs[$sPair] = $bHasAccess; return $bHasAccess; @@ -159,8 +178,14 @@ public function onUserCan( $title, $user, $action, &$result ) { // TODO MRG: Is this list really exhaustive enough? - if( !in_array($action, array('read', 'edit', 'delete', 'move')) ) return true; - if ( $this->isUserAllowed( $title, $user ) ) return true; + if( !in_array($action, array('read', 'edit', 'delete', 'move')) ) { + $result = true; + return true; + } + if ( $this->isUserAllowed( $title, $user ) ) { + $result = true; + return true; + } $result = false; return false; } -- To view, visit https://gerrit.wikimedia.org/r/318533 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ie755a53f5790233f83a9c2da4aa6682d716923b7 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/BlueSpiceExtensions Gerrit-Branch: master Gerrit-Owner: Mglaser <gla...@hallowelt.biz> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits