diff -x '*~' -x LocalSettings.php -Naur ../mediawiki-1.4.0/includes/Article.php ./includes/Article.php --- ../mediawiki-1.4.0/includes/Article.php 2005-03-17 01:13:08.000000000 +0100 +++ ./includes/Article.php 2005-04-10 19:07:08.000000000 +0200 @@ -744,7 +744,12 @@ # Another whitelist check in case oldid or redirects are altering the title if ( !$this->mTitle->userCanRead() ) { - $wgOut->loginToUse(); + if ( $this->mTitle->isRestricted() ) { + $wgOut->restrictGroupRequired(); + } else { + $wgOut->loginToUse(); + } + $wgOut->output(); exit; } @@ -1317,7 +1322,7 @@ global $wgUser, $wgOut, $wgRequest; if ( ! $wgUser->isAllowed('protect') ) { - $wgOut->sysopRequired(); + $wgOut->restrictGroupRequired(); return; } if ( wfReadOnly() ) { @@ -1342,6 +1347,10 @@ if( !$moveonly ) { $restrictions .= ":edit=" . $limit; } + if(current($this->mTitle->getRestrictions('view'))) { + $restrictions .= ":view=1"; + } + if (wfRunHooks('ArticleProtect', array(&$this, &$wgUser, $limit == 'sysop', $reason, $moveonly))) { $dbw =& wfGetDB( DB_MASTER ); @@ -1459,6 +1468,149 @@ function unprotect() { return $this->protect( '' ); } + + + /** + * restrict a page + * (restrict-patch by Jerome Combaz) + */ + function restrict( $limit = true ) { + global $wgUser, $wgOut, $wgRequest, $wgEnableRestrict; + + if ( ! $wgEnableRestrict == true ) return; + + if ( ! $wgUser->isAllowed('restrict') ) { + $wgOut->sysopRequired(); + return; + } + if ( wfReadOnly() ) { + $wgOut->readOnlyPage(); + return; + } + $id = $this->mTitle->getArticleID(); + if ( 0 == $id ) { + $wgOut->fatalError( wfMsg( 'badarticleerror' ) ); + return; + } + + $confirm = $wgRequest->getBool( 'wpConfirmRestrict' ) && + $wgRequest->wasPosted() && + $wgUser->matchEditToken( $wgRequest->getVal( 'wpEditToken' ) ); + $reason = $wgRequest->getText( 'wpReasonRestrict' ); + + if ( $confirm ) { + + $edit = "edit=".current($this->mTitle->getRestrictions('edit')); + $move = "move=".current($this->mTitle->getRestrictions('move')); + $view = ($limit ? 'view=1' : 'view=0'); + $restrictions = implode(':', array($edit, $move, $view)); + + if (wfRunHooks('ArticleRestrict', array(&$this, &$wgUser, $limit == true, $reason))) { + + $dbw =& wfGetDB( DB_MASTER ); + $dbw->update( 'cur', + array( /* SET */ + 'cur_touched' => $dbw->timestamp(), + 'cur_restrictions' => $restrictions + ), array( /* WHERE */ + 'cur_id' => $id + ), 'Article::restrict' + ); + + wfRunHooks('ArticleRestrictComplete', array(&$this, &$wgUser, $limit == true, $reason)); + + $log = new LogPage( 'restrict' ); + if ( $limit == false ) { + $log->addEntry( 'unrestrict', $this->mTitle, $reason ); + } else { + $log->addEntry( 'restrict', $this->mTitle, $reason ); + } + $wgOut->redirect( $this->mTitle->getFullURL() ); + } + return; + } else { + $reason = htmlspecialchars( wfMsg( 'restrictreason' ) ); + return $this->confirmRestrict( '', $reason, $limit ); + } + } + + /** + * Output protection confirmation dialog + * (restrict-patch by Jerome Combaz) + */ + function confirmRestrict( $par, $reason, $limit = true ) { + global $wgOut, $wgUser; + + wfDebug( "Article::confirmRestrict\n" ); + + $sub = htmlspecialchars( $this->mTitle->getPrefixedText() ); + $wgOut->setRobotpolicy( 'noindex,nofollow' ); + + $check = ''; + $protcom = ''; + + if ( $limit == false ) { + $wgOut->setPageTitle( wfMsg( 'confirmunrestrict' ) ); + $wgOut->setSubtitle( wfMsg( 'unrestrictsub', $sub ) ); + $wgOut->addWikiText( wfMsg( 'confirmunrestricttext' ) ); + $check = htmlspecialchars( wfMsg( 'confirmunrestrict' ) ); + $protcom = htmlspecialchars( wfMsg( 'unrestrictcomment' ) ); + $formaction = $this->mTitle->escapeLocalURL( 'action=unrestrict' . $par ); + } else { + $wgOut->setPageTitle( wfMsg( 'confirmrestrict' ) ); + $wgOut->setSubtitle( wfMsg( 'restrictsub', $sub ) ); + $wgOut->addWikiText( wfMsg( 'confirmrestricttext' ) ); + $check = htmlspecialchars( wfMsg( 'confirmrestrict' ) ); + $protcom = htmlspecialchars( wfMsg( 'restrictcomment' ) ); + $formaction = $this->mTitle->escapeLocalURL( 'action=restrict' . $par ); + } + + $confirm = htmlspecialchars( wfMsg( 'confirm' ) ); + $token = htmlspecialchars( $wgUser->editToken() ); + + $wgOut->addHTML( " +
+ + + + + + + + + + + + " ); + $wgOut->addHTML( " + + + + +
+ + + +
 
+ + + +
  + +
+ +
\n" ); + + $wgOut->returnToMain( false ); + } + + /** + * Unprotect the pages + * (restrict-patch by Jerome Combaz) + */ + function unrestrict() { + return $this->restrict( false ); + } /* * UI entry point for page deletion diff -x '*~' -x LocalSettings.php -Naur ../mediawiki-1.4.0/includes/DefaultSettings.php ./includes/DefaultSettings.php --- ../mediawiki-1.4.0/includes/DefaultSettings.php 2005-03-21 02:59:52.000000000 +0100 +++ ./includes/DefaultSettings.php 2005-04-11 18:46:34.000000000 +0200 @@ -963,6 +963,21 @@ */ $wgNoFollowLinks = true; +/** + * If true, a new menu action allows to restrict pages access to sysop + */ +$wgEnableRestrict = false; + +/** + * Group allowed to restrict and read restricted pages + */ +$wgRestrictGroup = 'sysop'; + +/** + * Hide restriction log entries for non-members users + */ +$wgHideRestrictLog = false; + } else { die("MEDIAWIKI not defined, this is not a valid entry point\n"); } diff -x '*~' -x LocalSettings.php -Naur ../mediawiki-1.4.0/includes/Defines.php ./includes/Defines.php --- ../mediawiki-1.4.0/includes/Defines.php 2005-01-20 15:45:35.000000000 +0100 +++ ./includes/Defines.php 2005-04-07 22:53:42.000000000 +0200 @@ -77,7 +77,7 @@ * database. */ $wgAvailableRights = array('read', 'edit', 'move', 'delete', 'undelete', -'protect', 'block', 'userrights', 'createaccount', 'upload', 'asksql', +'protect', 'restrict', 'block', 'userrights', 'createaccount', 'upload', 'asksql', 'rollback', 'patrol', 'editinterface', 'siteadmin', 'bot'); /** diff -x '*~' -x LocalSettings.php -Naur ../mediawiki-1.4.0/includes/LogPage.php ./includes/LogPage.php --- ../mediawiki-1.4.0/includes/LogPage.php 2005-01-14 14:46:04.000000000 +0100 +++ ./includes/LogPage.php 2005-04-08 16:05:18.000000000 +0200 @@ -36,7 +36,7 @@ var $updateRecentChanges = true; function LogPage( $type ) { - # Type is one of 'block', 'protect', 'rights', 'delete', 'upload' + # Type is one of 'block', 'protect', 'restrict', 'rights', 'delete', 'upload' $this->type = $type; } @@ -79,7 +79,7 @@ * @static */ function validTypes() { - static $types = array( '', 'block', 'protect', 'rights', 'delete', 'upload' ); + static $types = array( '', 'block', 'protect', 'restrict', 'rights', 'delete', 'upload' ); return $types; } @@ -91,6 +91,7 @@ '' => NULL, 'block' => array( 'block', 'unblock' ), 'protect' => array( 'protect', 'unprotect' ), + 'restrict'=> array( 'restrict', 'unrestrict' ), 'rights' => array( 'rights' ), 'delete' => array( 'delete', 'restore' ), 'upload' => array( 'upload' ) @@ -113,6 +114,7 @@ '' => 'log', 'block' => 'blocklogpage', 'protect' => 'protectlogpage', + 'restrict'=> 'restrictlogpage', 'rights' => 'bureaucratlog', 'delete' => 'dellogpage', 'upload' => 'uploadlogpage', @@ -128,6 +130,7 @@ '' => 'alllogstext', 'block' => 'blocklogtext', 'protect' => 'protectlogtext', + 'restrict'=> 'restrictlogtext', 'rights' => 'rightslogtext', 'delete' => 'dellogpagetext', 'upload' => 'uploadlogpagetext' @@ -144,6 +147,8 @@ 'block/unblock' => 'unblocklogentry', 'protect/protect' => 'protectedarticle', 'protect/unprotect' => 'unprotectedarticle', + 'restrict/restrict' => 'restrictedarticle', + 'restrict/unrestrict' => 'unrestrictedarticle', 'rights/rights' => 'bureaucratlogentry', 'delete/delete' => 'deletedarticle', 'delete/restore' => 'undeletedarticle', @@ -168,7 +173,7 @@ /** * Add a log entry - * @param string $action one of 'block', 'protect', 'rights', 'delete', 'upload' + * @param string $action one of 'block', 'protect', 'restrict', 'rights', 'delete', 'upload' * @param &$target * @param string $comment Description associated */ diff -x '*~' -x LocalSettings.php -Naur ../mediawiki-1.4.0/includes/OutputPage.php ./includes/OutputPage.php --- ../mediawiki-1.4.0/includes/OutputPage.php 2005-03-08 03:57:40.000000000 +0100 +++ ./includes/OutputPage.php 2005-04-10 19:20:38.000000000 +0200 @@ -135,6 +135,10 @@ return wfMsg('protect'); case 'unprotect': return wfMsg('unprotect'); + case 'restrict': + return wfMsg('restrict'); + case 'unrestrict': + return wfMsg('unrestrict'); case 'delete': return wfMsg('delete'); case 'watch': @@ -562,6 +566,21 @@ $this->returnToMain(); } + function restrictGroupRequired() { + global $wgUser, $wgTitle; + + $this->setPageTitle( wfMsg( 'restricttitle' ) ); + $this->setHTMLTitle( wfMsg( 'errorpagetitle' ) ); + $this->setRobotpolicy( 'noindex,nofollow' ); + $this->setArticleRelated( false ); + $this->mBodytext = ''; + + $sk = $wgUser->getSkin(); + $ap = $sk->makeKnownLink( wfMsgForContent( 'administrators' ), '' ); + $this->addHTML( wfMsg( 'restricttext', $ap ) ); + $this->returnToMain( false ); + } + function loginToUse() { global $wgUser, $wgTitle, $wgContLang; diff -x '*~' -x LocalSettings.php -Naur ../mediawiki-1.4.0/includes/SearchEngine.php ./includes/SearchEngine.php --- ../mediawiki-1.4.0/includes/SearchEngine.php 2005-02-01 08:42:52.000000000 +0100 +++ ./includes/SearchEngine.php 2005-04-10 16:54:54.000000000 +0200 @@ -176,6 +176,22 @@ return 'AND cur_namespace IN (' . $namespaces . ')'; } + /** + * Return a partial WHERE clause to limit the search to + * the unrestricted pages if user not in 'restrict' group + * (restrict-patch by Jerome Combaz) + * @return string + * @access private + */ + function queryRestricted() { + global $wgUser, $wgEnableRestrict; + + if ( $wgEnableRestrict == true and ! $wgUser->isAllowed('restrict') ) + return 'AND cur_restrictions NOT LIKE "%view=1%"'; + else + return ''; + } + /** * Return a LIMIT clause to limit results on the query. * @return string @@ -195,7 +211,8 @@ function getQuery( $filteredTerm, $fulltext ) { return $this->queryMain( $filteredTerm, $fulltext ) . ' ' . $this->queryRedirect() . ' ' . - $this->queryNamespaces() . ' ' . + $this->queryNamespaces() . ' ' . + $this->queryRestricted() . ' ' . $this->queryLimit(); } diff -x '*~' -x LocalSettings.php -Naur ../mediawiki-1.4.0/includes/Skin.php ./includes/Skin.php --- ../mediawiki-1.4.0/includes/Skin.php 2005-03-08 16:22:33.000000000 +0100 +++ ./includes/Skin.php 2005-04-10 19:28:55.000000000 +0200 @@ -796,7 +796,7 @@ } function bottomLinks() { - global $wgOut, $wgUser, $wgTitle; + global $wgOut, $wgUser, $wgTitle, $wgEnableRestrict; $sep = " |\n"; $s = ''; @@ -828,6 +828,8 @@ $s .= "\n
"; if($wgUser->isAllowed('delete')) { $s .= $this->deleteThisPage(); } if($wgUser->isAllowed('protect')) { $s .= $sep . $this->protectThisPage(); } + if( $wgEnableRestrict == true + && $wgUser->isAllowed('restrict')) { $s .= $sep . $this->restrictThisPage(); } if($wgUser->isAllowed('move')) { $s .= $sep . $this->moveThisPage(); } } $s .= "
\n" . $this->otherLanguages(); @@ -1086,6 +1088,31 @@ return $s; } + /** + * (restrict-patch by Jerome Combaz) + * @access private + */ + function restrictThisPage() { + global $wgUser, $wgOut, $wgTitle, $wgRequest; + + $diff = $wgRequest->getVal( 'diff' ); + if ( $wgTitle->getArticleId() && ( ! $diff ) && $wgUser->isAllowed('restrict') ) { + $n = $wgTitle->getPrefixedText(); + + if ( $wgTitle->isRestricted() ) { + $t = wfMsg( 'unrestrictthispage' ); + $q = 'action=unrestrict'; + } else { + $t = wfMsg( 'restrictthispage' ); + $q = 'action=restrict'; + } + $s = $this->makeKnownLink( $n, $t, $q ); + } else { + $s = ''; + } + return $s; + } + function watchThisPage() { global $wgUser, $wgOut, $wgTitle; diff -x '*~' -x LocalSettings.php -Naur ../mediawiki-1.4.0/includes/SkinTemplate.php ./includes/SkinTemplate.php --- ../mediawiki-1.4.0/includes/SkinTemplate.php 2005-03-18 09:01:05.000000000 +0100 +++ ./includes/SkinTemplate.php 2005-04-08 23:33:27.000000000 +0200 @@ -455,7 +455,7 @@ $fname = 'SkinTemplate::buildContentActionUrls'; wfProfileIn( $fname ); - global $wgTitle, $wgUser, $wgRequest, $wgUseValidation; + global $wgTitle, $wgUser, $wgRequest, $wgUseValidation, $wgEnableRestrict; $action = $wgRequest->getText( 'action' ); $section = $wgRequest->getText( 'section' ); $oldid = $wgRequest->getVal( 'oldid' ); @@ -560,6 +560,22 @@ ); } } + if( $wgEnableRestrict == true && $wgUser->isAllowed('restrict')){ + if(!$wgTitle->isRestricted()){ + $content_actions['restrict'] = array( + 'class' => ($action == 'restrict') ? 'selected' : false, + 'text' => wfMsg('restrict'), + 'href' => $wgTitle->getLocalUrl( 'action=restrict' ) + ); + + } else { + $content_actions['unrestrict'] = array( + 'class' => ($action == 'unrestrict') ? 'selected' : false, + 'text' => wfMsg('unrestrict'), + 'href' => $wgTitle->getLocalUrl( 'action=unrestrict' ) + ); + } + } if($wgUser->isAllowed('delete')){ $content_actions['delete'] = array( 'class' => ($action == 'delete') ? 'selected' : false, diff -x '*~' -x LocalSettings.php -Naur ../mediawiki-1.4.0/includes/SpecialAllpages.php ./includes/SpecialAllpages.php --- ../mediawiki-1.4.0/includes/SpecialAllpages.php 2005-03-02 17:38:46.000000000 +0100 +++ ./includes/SpecialAllpages.php 2005-04-10 19:42:50.000000000 +0200 @@ -59,7 +59,7 @@ } function indexShowToplevel ( $namespace = 0 ) { - global $wgOut, $indexMaxperpage, $toplevelMaxperpage, $wgContLang, $wgRequest, $wgUser; + global $wgOut, $indexMaxperpage, $toplevelMaxperpage, $wgContLang, $wgRequest, $wgUser, $wgEnableRestrict; $sk = $wgUser->getSkin(); $fname = "indexShowToplevel"; $namespace = intval ($namespace); @@ -70,6 +70,11 @@ $dbr =& wfGetDB( DB_SLAVE ); $cur = $dbr->tableName( 'cur' ); $fromwhere = "FROM $cur WHERE cur_namespace=$namespace"; + + if ( $wgEnableRestrict == true and ! $wgUser->isAllowed('restrict') ) { + $fromwhere .= " AND cur_restrictions NOT LIKE '%view=1%'"; + } + $order_arr = array ( 'ORDER BY' => 'cur_title' ); $order_str = 'ORDER BY cur_title'; $out = ""; @@ -179,7 +184,7 @@ } function indexShowChunk( $from, $namespace = 0 ) { - global $wgOut, $wgUser, $indexMaxperpage, $wgContLang; + global $wgOut, $wgUser, $indexMaxperpage, $wgContLang, $wgEnableRestrict; $sk = $wgUser->getSkin(); $maxPlusOne = $indexMaxperpage + 1; $namespacee = intval($namespace); @@ -192,8 +197,13 @@ $fromKey = is_null( $fromTitle ) ? '' : $fromTitle->getDBkey(); $sql = "SELECT cur_title FROM $cur WHERE cur_namespace=$namespacee" . - " AND cur_title >= ". $dbr->addQuotes( $fromKey ) . - " ORDER BY cur_title LIMIT " . $maxPlusOne; + " AND cur_title >= ". $dbr->addQuotes( $fromKey ); + + if ( $wgEnableRestrict == true and ! $wgUser->isAllowed('restrict') ) { + $sql .= " AND cur_restrictions NOT LIKE '%view=1%'"; + } + + $sql .= " ORDER BY cur_title LIMIT " . $maxPlusOne; $res = $dbr->query( $sql, "indexShowChunk" ); ### FIXME: side link to previous diff -x '*~' -x LocalSettings.php -Naur ../mediawiki-1.4.0/includes/SpecialAncientpages.php ./includes/SpecialAncientpages.php --- ../mediawiki-1.4.0/includes/SpecialAncientpages.php 2004-11-13 21:40:28.000000000 +0100 +++ ./includes/SpecialAncientpages.php 2005-04-10 17:20:05.000000000 +0200 @@ -28,16 +28,24 @@ function isSyndicated() { return false; } function getSQL() { + global $wgEnableRestrict, $wgUser; + $db =& wfGetDB( DB_SLAVE ); $cur = $db->tableName( 'cur' ); $use_index = $db->useIndexClause( 'cur_timestamp' ); - return + $sql = "SELECT 'Ancientpages' as type, cur_namespace as namespace, cur_title as title, cur_timestamp as value FROM $cur $use_index WHERE cur_namespace=0 AND cur_is_redirect=0"; + + if ( $wgEnableRestrict == true and ! $wgUser->isAllowed('restrict') ) { + $sql .= " AND cur_restrictions NOT LIKE '%view=1%'"; + } + + return $sql; } function sortDescending() { diff -x '*~' -x LocalSettings.php -Naur ../mediawiki-1.4.0/includes/SpecialBrokenRedirects.php ./includes/SpecialBrokenRedirects.php --- ../mediawiki-1.4.0/includes/SpecialBrokenRedirects.php 2004-12-07 13:42:23.000000000 +0100 +++ ./includes/SpecialBrokenRedirects.php 2005-04-10 17:14:20.000000000 +0200 @@ -30,11 +30,18 @@ } function getSQL() { + global $wgEnableRestrict, $wgUser; + $dbr =& wfGetDB( DB_SLAVE ); extract( $dbr->tableNames( 'cur', 'brokenlinks' ) ); $sql = "SELECT bl_to,cur_title FROM $brokenlinks,$cur " . "WHERE cur_is_redirect=1 AND cur_namespace=0 AND bl_from=cur_id "; + + if ( $wgEnableRestrict == true and ! $wgUser->isAllowed('restrict') ) { + $sql .= " AND cur_restrictions NOT LIKE '%view=1%'"; + } + return $sql; } diff -x '*~' -x LocalSettings.php -Naur ../mediawiki-1.4.0/includes/SpecialContributions.php ./includes/SpecialContributions.php --- ../mediawiki-1.4.0/includes/SpecialContributions.php 2005-02-21 03:00:05.000000000 +0100 +++ ./includes/SpecialContributions.php 2005-04-10 17:25:59.000000000 +0200 @@ -13,7 +13,7 @@ * @param string $par (optional) user name of the user for which to show the contributions */ function wfSpecialContributions( $par = '' ) { - global $wgUser, $wgOut, $wgLang, $wgContLang, $wgRequest; + global $wgUser, $wgOut, $wgLang, $wgContLang, $wgRequest, $wgEnableRestrict; $fname = 'wfSpecialContributions'; if( $par ) @@ -26,6 +26,12 @@ return; } + if ( $wgEnableRestrict == true and ! $wgUser->isAllowed('restrict') ) { + $restrict = "AND cur_restrictions NOT LIKE '%view=1%'"; + } else { + $restrict = ''; + } + # FIXME: Change from numeric offsets to date offsets list( $limit, $offset ) = wfCheckLimits( 50, '' ); $offlimit = $limit + $offset; @@ -99,7 +105,7 @@ 'LIMIT' => $querylimit ) ); $sql = "SELECT cur_namespace,cur_title,cur_timestamp,cur_comment,cur_minor_edit,cur_is_new,cur_user_text FROM $cur $useIndex " . - "WHERE cur_user_text='" . $dbr->strencode( $nt->getText() ) . "' {$cmq} " . + "WHERE cur_user_text='" . $dbr->strencode( $nt->getText() ) . "' {$cmq} {$restrict} " . "ORDER BY inverse_timestamp $tailOpts"; $res1 = $dbr->query( $sql, $fname ); @@ -113,7 +119,7 @@ 'LIMIT' => $querylimit ) ); $sql = "SELECT cur_namespace,cur_title,cur_timestamp,cur_comment,cur_minor_edit,cur_is_new,cur_user_text FROM $cur $useIndex " . - "WHERE cur_user {$userCond} {$cmq} ORDER BY inverse_timestamp $tailOpts"; + "WHERE cur_user {$userCond} {$cmq} {$restrict} ORDER BY inverse_timestamp $tailOpts"; $res1 = $dbr->query( $sql, $fname ); $sql = "SELECT old_namespace,old_title,old_timestamp,old_comment,old_minor_edit,old_user_text,old_id FROM $old $useIndex " . diff -x '*~' -x LocalSettings.php -Naur ../mediawiki-1.4.0/includes/SpecialData.php ./includes/SpecialData.php --- ../mediawiki-1.4.0/includes/SpecialData.php 2005-01-16 01:59:51.000000000 +0100 +++ ./includes/SpecialData.php 2005-04-10 17:27:36.000000000 +0200 @@ -62,13 +62,17 @@ { if ( $dt == "" ) return ; global $wgParser, $wgTitle; - global $wgOut , $wgUser ; + global $wgOut , $wgUser, $wgEnableRestrict ; $nsdata = 20 ; $s = "

{$dt}

" ; # Read from source $dbr =& wfGetDB( DB_SLAVE ); $sql = "SELECT * FROM cur WHERE cur_namespace={$nsdata} AND cur_title=\"{$dt}\""; + if ( $wgEnableRestrict == true and ! $wgUser->isAllowed('restrict') ) { + $sql .= " AND cur_restrictions NOT LIKE '%view=1%'"; + } + $res1 = $dbr->query( $sql, "wfDataEdit" ); $data = $dbr->fetchObject( $res1 ) ; diff -x '*~' -x LocalSettings.php -Naur ../mediawiki-1.4.0/includes/SpecialDeadendpages.php ./includes/SpecialDeadendpages.php --- ../mediawiki-1.4.0/includes/SpecialDeadendpages.php 2004-11-13 21:40:28.000000000 +0100 +++ ./includes/SpecialDeadendpages.php 2005-04-10 19:34:21.000000000 +0200 @@ -43,13 +43,20 @@ * @return string an sqlquery */ function getSQL() { + global $wgEnableRestrict, $wgUser; + $dbr =& wfGetDB( DB_SLAVE ); extract( $dbr->tableNames( 'cur', 'links' ) ); - return "SELECT 'Deadendpages' as type, cur_namespace AS namespace, cur_title as title, cur_title AS value " . + $sql = "SELECT 'Deadendpages' as type, cur_namespace AS namespace, cur_title as title, cur_title AS value " . "FROM $cur LEFT JOIN $links ON cur_id = l_from " . "WHERE l_from IS NULL " . "AND cur_namespace = 0 " . "AND cur_is_redirect = 0"; + if ( $wgEnableRestrict == true and ! $wgUser->isAllowed('restrict') ) { + $sql .= " AND cur_restrictions NOT LIKE '%view=1%'"; + } + + return $sql; } } diff -x '*~' -x LocalSettings.php -Naur ../mediawiki-1.4.0/includes/SpecialExport.php ./includes/SpecialExport.php --- ../mediawiki-1.4.0/includes/SpecialExport.php 2004-11-24 10:57:03.000000000 +0100 +++ ./includes/SpecialExport.php 2005-04-10 19:43:58.000000000 +0200 @@ -79,12 +79,14 @@ } function page2xml( $page, $curonly, $full = false ) { - global $wgLang; + global $wgLang, $wgUser; $fname = 'page2xml'; wfProfileIn( $fname ); $title = Title::NewFromText( $page ); - if( !$title ) { + if( !$title + || ( $title->isRestricted() + && ! $wgUser->isAllowed('restrict') ) ) { wfProfileOut( $fname ); return ""; } diff -x '*~' -x LocalSettings.php -Naur ../mediawiki-1.4.0/includes/SpecialLog.php ./includes/SpecialLog.php --- ../mediawiki-1.4.0/includes/SpecialLog.php 2005-02-05 12:32:58.000000000 +0100 +++ ./includes/SpecialLog.php 2005-04-11 18:38:07.000000000 +0200 @@ -59,11 +59,16 @@ * @private */ function setupQuery( $request ) { + global $wgUser, $wgEnableRestrict, $wgHideRestrictLog; $cur = $this->db->tableName( 'cur' ); $user = $this->db->tableName( 'user' ); $this->joinClauses = array( "LEFT OUTER JOIN $cur ON log_namespace=cur_namespace AND log_title=cur_title" ); $this->whereClauses = array( 'user_id=log_user' ); - + + if ( ($wgEnableRestrict and $wgHideRestrictLog and ! $wgUser->isAllowed('restrict')) + or ! $wgEnableRestrict ) + $this->whereClauses[] = 'log_type != "restrict"'; + $this->limitType( $request->getVal( 'type' ) ); $this->limitUser( $request->getText( 'user' ) ); $this->limitTitle( $request->getText( 'page' ) ); diff -x '*~' -x LocalSettings.php -Naur ../mediawiki-1.4.0/includes/SpecialLonelypages.php ./includes/SpecialLonelypages.php --- ../mediawiki-1.4.0/includes/SpecialLonelypages.php 2004-11-13 21:40:28.000000000 +0100 +++ ./includes/SpecialLonelypages.php 2005-04-10 17:35:03.000000000 +0200 @@ -31,12 +31,20 @@ function isSyndicated() { return false; } function getSQL() { + global $wgEnableRestrict, $wgUser; + $dbr =& wfGetDB( DB_SLAVE ); extract( $dbr->tableNames( 'cur', 'links' ) ); - return "SELECT 'Lonelypages' as type, cur_namespace AS namespace, cur_title AS title, cur_title AS value " . + $sql = "SELECT 'Lonelypages' as type, cur_namespace AS namespace, cur_title AS title, cur_title AS value " . "FROM $cur LEFT JOIN $links ON cur_id=l_to ". "WHERE l_to IS NULL AND cur_namespace=0 AND cur_is_redirect=0"; + + if ( $wgEnableRestrict == true and ! $wgUser->isAllowed('restrict') ) { + $sql .= " AND cur_restrictions NOT LIKE '%view=1%'"; + } + + return $sql; } } diff -x '*~' -x LocalSettings.php -Naur ../mediawiki-1.4.0/includes/SpecialPage.php ./includes/SpecialPage.php --- ../mediawiki-1.4.0/includes/SpecialPage.php 2004-12-25 21:46:08.000000000 +0100 +++ ./includes/SpecialPage.php 2005-04-09 19:27:40.000000000 +0200 @@ -45,6 +45,11 @@ 'Unusedimages' => new SpecialPage( 'Unusedimages' ) ); +global $wgEnableRestrict, $wgRestrictGroup; +if( $wgEnableRestrict == true ) { + $wgSpecialPages['Restrictedpages'] = new SpecialPage( 'Restrictedpages', 'restrict' ); +} + global $wgDisableCounters; if( !$wgDisableCounters ) { $wgSpecialPages['Popularpages'] = new SpecialPage( 'Popularpages' ); diff -x '*~' -x LocalSettings.php -Naur ../mediawiki-1.4.0/includes/SpecialPopularpages.php ./includes/SpecialPopularpages.php --- ../mediawiki-1.4.0/includes/SpecialPopularpages.php 2004-11-13 21:40:28.000000000 +0100 +++ ./includes/SpecialPopularpages.php 2005-04-10 17:37:55.000000000 +0200 @@ -28,16 +28,24 @@ function isSyndicated() { return false; } function getSQL() { + global $wgEnableRestrict, $wgUser; + $dbr =& wfGetDB( DB_SLAVE ); $cur = $dbr->tableName( 'cur' ); - return + $sql = "SELECT 'Popularpages' as type, cur_namespace as namespace, cur_title as title, cur_counter as value FROM $cur WHERE cur_namespace=0 AND cur_is_redirect=0"; + + if ( $wgEnableRestrict == true and ! $wgUser->isAllowed('restrict') ) { + $sql .= " AND cur_restrictions NOT LIKE '%view=1%'"; + } + + return $sql; } function formatResult( $skin, $result ) { diff -x '*~' -x LocalSettings.php -Naur ../mediawiki-1.4.0/includes/SpecialRandompage.php ./includes/SpecialRandompage.php --- ../mediawiki-1.4.0/includes/SpecialRandompage.php 2004-11-29 19:25:13.000000000 +0100 +++ ./includes/SpecialRandompage.php 2005-04-10 19:36:33.000000000 +0200 @@ -8,7 +8,7 @@ * Constructor */ function wfSpecialRandompage() { - global $wgOut, $wgTitle, $wgArticle, $wgExtraRandompageSQL; + global $wgOut, $wgTitle, $wgArticle, $wgExtraRandompageSQL, $wgEnableRestrict, $wgUser; $fname = 'wfSpecialRandompage'; # NOTE! We use a literal constant in the SQL instead of the RAND() @@ -35,7 +35,13 @@ $sqlget = "SELECT cur_id,cur_title FROM $cur $use_index WHERE cur_namespace=0 AND cur_is_redirect=0 $extra - AND cur_random>$randstr + AND cur_random>$randstr"; + + if ( $wgEnableRestrict == true and ! $wgUser->isAllowed('restrict') ) { + $sqlget .= " AND cur_restrictions NOT LIKE '%view=1%'"; + } + + $sqlget .= " ORDER BY cur_random LIMIT 1"; $res = $db->query( $sqlget, $fname ); diff -x '*~' -x LocalSettings.php -Naur ../mediawiki-1.4.0/includes/SpecialRestrictedpages.php ./includes/SpecialRestrictedpages.php --- ../mediawiki-1.4.0/includes/SpecialRestrictedpages.php 1970-01-01 01:00:00.000000000 +0100 +++ ./includes/SpecialRestrictedpages.php 2005-04-09 19:03:04.000000000 +0200 @@ -0,0 +1,64 @@ +tableName( 'cur' ); + $use_index = $db->useIndexClause( 'cur_timestamp' ); + return + "SELECT 'Restrictedpages' as type, + cur_namespace as namespace, + cur_title as title, + cur_timestamp as value + FROM $cur $use_index + WHERE cur_namespace=0 AND cur_restrictions LIKE '%view=1%'"; + } + + function sortDescending() { + return false; + } + + function formatResult( $skin, $result ) { + global $wgLang, $wgContLang; + + $d = $wgLang->timeanddate( wfTimestamp( TS_MW, $result->value ), true ); + $link = $skin->makeKnownLink( $result->title, $wgContLang->convert( $result->title) ); + return "{$link} ({$d})"; + } +} + +function wfSpecialRestrictedpages() { + list( $limit, $offset ) = wfCheckLimits(); + + $app = new RestrictedPagesPage(); + + $app->doQuery( $offset, $limit ); +} + +?> diff -x '*~' -x LocalSettings.php -Naur ../mediawiki-1.4.0/includes/SpecialShortpages.php ./includes/SpecialShortpages.php --- ../mediawiki-1.4.0/includes/SpecialShortpages.php 2004-11-13 21:40:28.000000000 +0100 +++ ./includes/SpecialShortpages.php 2005-04-10 17:30:03.000000000 +0200 @@ -28,17 +28,25 @@ function isSyndicated() { return false; } function getSQL() { + global $wgEnableRestrict, $wgUser; + $dbr =& wfGetDB( DB_SLAVE ); $cur = $dbr->tableName( 'cur' ); $name = $dbr->addQuotes( $this->getName() ); - return + $sql = "SELECT $name as type, cur_namespace as namespace, cur_title as title, LENGTH(cur_text) AS value FROM $cur WHERE cur_namespace=0 AND cur_is_redirect=0"; + + if ( $wgEnableRestrict == true and ! $wgUser->isAllowed('restrict') ) { + $sql .= " AND cur_restrictions NOT LIKE '%view=1%'"; + } + + return $sql; } function sortDescending() { diff -x '*~' -x LocalSettings.php -Naur ../mediawiki-1.4.0/includes/SpecialUncategorizedpages.php ./includes/SpecialUncategorizedpages.php --- ../mediawiki-1.4.0/includes/SpecialUncategorizedpages.php 2004-12-01 15:19:57.000000000 +0100 +++ ./includes/SpecialUncategorizedpages.php 2005-04-10 17:47:47.000000000 +0200 @@ -32,12 +32,20 @@ function isSyndicated() { return false; } function getSQL() { + global $wgEnableRestrict, $wgUser; + $dbr =& wfGetDB( DB_SLAVE ); extract( $dbr->tableNames( 'cur', 'categorylinks' ) ); - return "SELECT 'Uncategorizedpages' as type, cur_namespace AS namespace, cur_title AS title, cur_title AS value " . + $sql = "SELECT 'Uncategorizedpages' as type, cur_namespace AS namespace, cur_title AS title, cur_title AS value " . "FROM $cur LEFT JOIN $categorylinks ON cur_id=cl_from ". "WHERE cl_from IS NULL AND cur_namespace=$this->requestedNamespace AND cur_is_redirect=0"; + + if ( $wgEnableRestrict == true and ! $wgUser->isAllowed('restrict') ) { + $sql .= " AND cur_restrictions NOT LIKE '%view=1%'"; + } + + return $sql; } } diff -x '*~' -x LocalSettings.php -Naur ../mediawiki-1.4.0/includes/Title.php ./includes/Title.php --- ../mediawiki-1.4.0/includes/Title.php 2005-03-17 01:13:26.000000000 +0100 +++ ./includes/Title.php 2005-04-10 19:37:31.000000000 +0200 @@ -746,6 +746,23 @@ } /** + * Does the title correspond to a restricted article? + * (restrict-patch by Jerome Combaz) + * @return boolean + * @access public + */ + function isRestricted() { + global $wgEnableRestrict; + + if ( $wgEnableRestrict == true ) { + $a = $this->getRestrictions("view"); + if ( !empty($a) && $a[0] == true ) return true; + } + + return false; + } + + /** * Is $wgUser is watching this page? * @return boolean * @access public @@ -840,6 +857,14 @@ function userCanRead() { global $wgUser; + if ( $this->isRestricted() ) { + if ( $wgUser->isAllowed('restrict') ) { + return true; + } else { + return false; + } + } + if( $wgUser->isAllowed('read') ) { return true; } else { @@ -918,6 +943,7 @@ // old format should be treated as edit/move restriction $this->mRestrictions["edit"] = explode( ',', trim( $temp[0] ) ); $this->mRestrictions["move"] = explode( ',', trim( $temp[0] ) ); + $this->mRestrictions["view"] = explode( ',', trim( $temp[0] ) ); } else { $this->mRestrictions[$temp[0]] = explode( ',', trim( $temp[1] ) ); } diff -x '*~' -x LocalSettings.php -Naur ../mediawiki-1.4.0/includes/User.php ./includes/User.php --- ../mediawiki-1.4.0/includes/User.php 2005-03-16 08:49:03.000000000 +0100 +++ ./includes/User.php 2005-04-08 23:08:32.000000000 +0200 @@ -640,6 +640,8 @@ * @return boolean True: action is allowed, False: action should not be allowed */ function isAllowed($action='') { + global $wgRestrictGroup; + $this->loadFromDatabase(); if( in_array( $action , $this->mRights ) ) { return true; @@ -653,6 +655,7 @@ 'userrights' => 'bureaucrat', 'patrol' => 'sysop', 'protect' => 'sysop', + 'restrict' => $wgRestrictGroup, 'delete' => 'sysop', 'rollback' => 'sysop', 'block' => 'sysop', diff -x '*~' -x LocalSettings.php -Naur ../mediawiki-1.4.0/index.php ./index.php --- ../mediawiki-1.4.0/index.php 2005-03-08 03:07:16.000000000 +0100 +++ ./index.php 2005-04-10 19:06:56.000000000 +0200 @@ -54,7 +54,11 @@ # the Read array in order for the user to see it. (We have to check here to # catch special pages etc. We check again in Article::view()) if ( !is_null( $wgTitle ) && !$wgTitle->userCanRead() ) { - $wgOut->loginToUse(); + if ( $wgTitle->isRestricted() ) { + $wgOut->restrictGroupRequired(); + } else { + $wgOut->loginToUse(); + } $wgOut->output(); exit; } @@ -133,6 +137,8 @@ case 'rollback': case 'protect': case 'unprotect': + case 'restrict': + case 'unrestrict': case 'validate': case 'info': case 'markpatrolled': diff -x '*~' -x LocalSettings.php -Naur ../mediawiki-1.4.0/languages/LanguageFr.php ./languages/LanguageFr.php --- ../mediawiki-1.4.0/languages/LanguageFr.php 2005-01-20 01:19:04.000000000 +0100 +++ ./languages/LanguageFr.php 2005-04-10 19:15:44.000000000 +0200 @@ -237,6 +237,10 @@ "subjectpage" => "Page sujet", 'talk' => 'Discussion', 'toolbox' => 'Boîte à outils', +'restrict' => 'Restreindre', +'restrictthispage' => 'Restreindre cette page', +"unrestrict" => "Autoriser", +"unrestrictthispage" => "Autoriser cette page", "userpage" => "Page utilisateur", "wikipediapage" => "Page méta", "imagepage" => "Page image", @@ -258,6 +262,8 @@ Voir $1.", "bureaucrattitle" => "Un accès de 'Bureaucrate' est requis", "bureaucrattext" => "Cette action ne peut être réalisée que par des administrateurs ayant le statut de 'Bureaucrate'.", +'restricttitle' => "Page restreinte", +"restricttext" => "L'accès à cette page a été restreint. Pour pouvoir y accéder vous devez être membre du groupe 'restrict'", "nbytes" => "$1 octets", "go" => "Consulter", "ok" => "OK", @@ -897,11 +903,11 @@ "revertpage" => "restitution de la dernière modification de $1", "protectlogpage" => "Log_de_protection", "protectlogtext" => "Voir les [[{{ns:4}}:Page protégée|directives concernant les pages protégées]].", -"protectedarticle" => "a protégée $1", +"protectedarticle" => "a protégé $1", "unprotectedarticle" => "a déprotégé $1", "protectsub" => "(Bloque \"$1\")", -"confirmprotect" => "Confimer le bloquage", +"confirmprotect" => "Confirmer le bloquage", "confirmprotecttext" => "Voulez vous vraiment bloquer cette page ?", "protectcomment" => "Raison du bloquage", @@ -911,6 +917,22 @@ "unprotectcomment" => "Raison du débloquage", "protectreason" => "(indiquez une raison)", +"restrictlogpage" => "Log_de_restriction", +"restrictlogtext" => "Voir les [[{{ns:4}}:Page restreinte|directives concernant les pages restreintes]].", +"restrictedarticle" => "a restreint $1", +"unrestrictedarticle" => "a autorisé $1", + +"restrictsub" => "(Restreint \"$1\")", +"confirmrestrict" => "Confirmer la restriction", +"confirmrestricttext" => "Voulez vous vraiment restreindre l'accès à cette page ?", +"restrictcomment" => "Raison de la restriction", + +"unrestrictsub" => "(Autorise \"$1\")", +"confirmunrestricttext" => "Voulez-vous vraiment autoriser l'accès à cette page ?", +"confirmunrestrict" => "Confirmer l'autorisation", +"unrestrictcomment" => "Raison de l'autorisation", +"restrictreason" => "(indiquez une raison)", + # Undelete # "undelete" => "Restaurer la page effacée", @@ -1186,6 +1208,7 @@ 'tooltip-randompage' => 'Aller à une page au hasard [alt-x]', 'tooltip-recentchanges' => 'La liste des modifications récentes dans le wiki. [alt-r]', 'tooltip-recentchangeslinked' => 'Modifications récentes des pages liant à cette page [alt-c]', +'tooltip-restrict' => 'Restreindre cette page', 'tooltip-rss' => 'Flux RSS pour cette page', 'tooltip-save' => 'Sauvegarder vos modifications [alt-s]', 'tooltip-search' => 'Rechercher dans ce wiki', diff -x '*~' -x LocalSettings.php -Naur ../mediawiki-1.4.0/languages/Language.php ./languages/Language.php --- ../mediawiki-1.4.0/languages/Language.php 2005-03-14 03:13:39.000000000 +0100 +++ ./languages/Language.php 2005-04-10 19:15:33.000000000 +0200 @@ -371,6 +371,10 @@ 'subjectpage' => 'View subject', # For compatibility 'talk' => 'Discussion', 'toolbox' => 'Toolbox', +'restrict' => 'Restrict', +'restrictthispage' => 'Restrict this page', +'unrestrict' => "Unrestrict", +'unrestrictthispage' => "Unrestrict this page", 'userpage' => 'View user page', 'wikipediapage' => 'View project page', 'imagepage' => 'View image page', @@ -395,6 +399,8 @@ 'bureaucrattitle' => 'Bureaucrat access required', "bureaucrattext" => "The action you have requested can only be performed by sysops with \"bureaucrat\" status.", +'restricttitle' => 'Restricted page', +"restricttext" => "This page is restricted. To view it you have to be member of the \"restrict\" group.", 'nbytes' => '$1 bytes', 'go' => 'Go', 'ok' => 'OK', @@ -1049,6 +1055,7 @@ 'deletepheading' => 'delete level', 'userrightspheading' => 'userrights level', 'siteadminpheading' => 'siteadmin level', +'restrictpheading' => 'restrict level', /** obsoletes 'sysopspheading' => 'For sysop use only', @@ -1070,6 +1077,7 @@ 'categoriespagetext' => 'The following categories exist in the wiki.', 'data' => 'Data', 'userlevels' => 'User levels management', +'restrictedpages' => 'Restricted pages', # FIXME: Other sites, of course, may have affiliate relations with the booksellers list 'booksourcetext' => "Below is a list of links to other sites that @@ -1223,6 +1231,21 @@ 'unprotectcomment' => 'Reason for unprotecting', 'protectreason' => '(give a reason)', +"restrictlogpage" => "Restriction_log", +"restrictlogtext" => "Below is a list of page restrictions. +See [[Project:Restricted page]] for more information.", +"restrictedarticle" => "restricted $1", +"unrestrictedarticle" => "unrestricted $1", +"restrictsub" => "(Restrict \"$1\")", +"confirmrestrict" => "Confirm the restriction", +"confirmrestricttext" => "Do you really want to restrict this page?", +"restrictcomment" => "Reason for restricting", +"unrestrictsub" => "(Unrestrict \"$1\")", +"confirmunrestricttext" => "Do you really want to unrestrict this page?", +"confirmunrestrict" => "Confirm unrestriction", +"unrestrictcomment" => "Reason for unrestricting", +"restrictreason" => "(give a reason)", + # Undelete 'undelete' => 'Restore deleted page', 'undeletepage' => 'View and restore deleted pages', diff -x '*~' -x LocalSettings.php -Naur ../mediawiki-1.4.0/README.restriction-patch ./README.restriction-patch --- ../mediawiki-1.4.0/README.restriction-patch 1970-01-01 01:00:00.000000000 +0100 +++ ./README.restriction-patch 2005-04-11 21:03:32.000000000 +0200 @@ -0,0 +1,42 @@ + +Article restriction patch for MediaWiki +------------------------------------ + +Here is a patch to enable article restriction under MediaWiki. Pages can be articles or categories. It adds a new |restrict| tab link allowing to restrict access to members of the group ''restrict''. Others users cannot see, search, export, etc, the restricted pages. You can still |protect| them for editing. A restricted page is sticked by a red background tab, and you have a special page (Special:RestrictedPages) to list the restricted pages. All restriction/unrestriction actions are loggued in the wiki log. Actually it is localized in english and french. + +This feature is mainly useful for intranet relying on WikiMedia as a non-encyclopedic content management system, like e-learning platforms or informational systems. Try to don't use it to restrict public places ! + +To install restriction-patch, download MediaWiki version 1.4.0 (do a security backup if you patch your own 1.4.0 installation). + +- Apply patch : + + mv restriction-beta-0.3.mediawiki-1.4.0.patch ./mediawiki-1.4.0 + cd ./mediawiki-1.4.0 + patch -p0 < restriction-beta-0.3.mediawiki-1.4.0.patch + +- Configure : + +Restriction is disabled by default. Add in your ''./LocalSettings.php'' file : + + + // Enable the restriction feature. + // If set to false, all protected pages are accessible. + $wgEnableRestrict = true; + + // sysop users can use restrict feature + $wgRestrictGroup = 'sysop'; + + // Hide restriction log entries for non-members users + $wgHideRestrictLog = true; + + +You can change the members allowed to restrict : 'bureaucrat', 'developer', or 'user' to allow only the registred users. + +Don't write sensible information in page titles, they can be retrieved in some cases. I have not looked for RSS feeds now, probably need to be patched as well. This is beta and GPL, test and feedback welcome ! + + +jerome combaz (restrict-patch /at/ velay.greta.fr) + + + Download patch, updates, screenshots and comments here : + http://conseil-recherche-innovation.net/index.php/1974/04/10/31-restrict-pages-under-mediawiki diff -x '*~' -x LocalSettings.php -Naur ../mediawiki-1.4.0/skins/monobook/main.css ./skins/monobook/main.css --- ../mediawiki-1.4.0/skins/monobook/main.css 2005-02-18 01:51:16.000000000 +0100 +++ ./skins/monobook/main.css 2005-04-08 16:34:31.000000000 +0200 @@ -751,7 +751,6 @@ padding: 0 0 0.2em 0; } #p-cactions li a { - background-color: White; color: #002bb8; border: none; padding: 0 0.8em 0.3em 0.8em; @@ -778,6 +777,8 @@ li#ca-talk { margin-right: 1.6em; } li#ca-watch, li#ca-watch, li#ca-varlang-0 { margin-left: 1.6em; } +li#ca-unrestrict { background-color: #ba0000; } +li#ca-unrestrict a { color: white; } /* ** the remaining portlets