mirror of https://gitlab.crans.org/nounous/nixos
Ajout category lockdown
Pyjacpp
parent
a4b467362d
commit
98259437f0
|
|
@ -0,0 +1,90 @@
|
||||||
|
diff --git a/CategoryLockdown.php b/CategoryLockdown.php
|
||||||
|
index 1e17ec7..caa13c1 100644
|
||||||
|
--- a/CategoryLockdown.php
|
||||||
|
+++ b/CategoryLockdown.php
|
||||||
|
@@ -16,6 +16,8 @@ class CategoryLockdown {
|
||||||
|
*/
|
||||||
|
public static function onGetUserPermissionsErrors( $title, $user, $action, &$result ) {
|
||||||
|
global $wgCategoryLockdown;
|
||||||
|
+ global $wgCategoryGroupLockdown;
|
||||||
|
+ global $wgCategoryLockdownWhitelist;
|
||||||
|
|
||||||
|
$explicitGroups = MediaWikiServices::getInstance()->getUserGroupManager()->getUserGroups( $user );
|
||||||
|
$implicitGroups = MediaWikiServices::getInstance()->getUserGroupManager()->getUserImplicitGroups( $user );
|
||||||
|
@@ -26,6 +28,11 @@ class CategoryLockdown {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ // Rules doesn’t apply to the whitelist
|
||||||
|
+ if ( in_array( $title, $wgCategoryLockdownWhitelist ) ) {
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
$categories = array_keys( $title->getParentCategories() );
|
||||||
|
|
||||||
|
// Apply rules to the category page itself
|
||||||
|
@@ -33,16 +40,11 @@ class CategoryLockdown {
|
||||||
|
$categories[] = $title->getFullText();
|
||||||
|
}
|
||||||
|
|
||||||
|
+ // Support "Category:Top_secret", "Category:Top secret", "Top_secret" and "Top secret"
|
||||||
|
+ $categories = array_map( fn($c) => str_replace( '_', ' ', substr( $c, strpos( $c, ':' ) + 1 ) ), $categories );
|
||||||
|
$combinedGroups = [];
|
||||||
|
foreach ( $categories as $category ) {
|
||||||
|
- // Support "Category:Top_secret", "Category:Top secret", "Top_secret" and "Top secret"
|
||||||
|
- $category = substr( $category, strpos( $category, ':' ) + 1 );
|
||||||
|
- $category = str_replace( '_', ' ', $category );
|
||||||
|
$permissions = $wgCategoryLockdown[ $category ] ?? null;
|
||||||
|
- if ( !$permissions ) {
|
||||||
|
- $category = str_replace( ' ', '_', $category );
|
||||||
|
- $permissions = $wgCategoryLockdown[ $category ] ?? null;
|
||||||
|
- }
|
||||||
|
if ( !$permissions ) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
@@ -57,15 +59,40 @@ class CategoryLockdown {
|
||||||
|
$combinedGroups[] = $allowedGroup;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
- if ( $combinedGroups ) {
|
||||||
|
- foreach ( $userGroups as $userGroup ) {
|
||||||
|
- if ( in_array( $userGroup, $combinedGroups ) ) {
|
||||||
|
- return;
|
||||||
|
- }
|
||||||
|
+
|
||||||
|
+ $allow = false;
|
||||||
|
+ foreach ( $userGroups as $userGroup ) {
|
||||||
|
+ if ( in_array( $userGroup, $combinedGroups ) ) {
|
||||||
|
+ $allow = true;
|
||||||
|
+ break;
|
||||||
|
}
|
||||||
|
+ }
|
||||||
|
+ if ( $combinedGroups && !$allow ) {
|
||||||
|
$result = [ 'categorylockdown-error', implode( ', ', $combinedGroups ) ];
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+ $allow = true;
|
||||||
|
+ foreach ( $wgCategoryGroupLockdown as $group => $groupCategories ) {
|
||||||
|
+ if ( str_starts_with( $group, "!") ?
|
||||||
|
+ in_array( substr($group, 1), $userGroups ) :
|
||||||
|
+ !in_array( $group, $userGroups ) ) {
|
||||||
|
+ continue; # Skip if this group rule doesn’t match the user
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ $requiredCat = $groupCategories[$action] ?? [];
|
||||||
|
+ $groupLocked = true;
|
||||||
|
+ foreach ( $requiredCat as $c ) {
|
||||||
|
+ if ( in_array( $c, $categories ) ) {
|
||||||
|
+ $groupLocked = false;
|
||||||
|
+ break; # One of the category is present, we can grant this action.
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ if ( $groupLocked ) {
|
||||||
|
+ $result = [ 'categorylockdown-error', implode( ', ', $requiredCat ) ];
|
||||||
|
+ return false; # This group of users need a category from groupCategories on this page to perform $action
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
|
@ -133,11 +133,20 @@ in
|
||||||
$wgLocaltimezone = 'Europe/Paris';
|
$wgLocaltimezone = 'Europe/Paris';
|
||||||
$wgDefaultUserOptions['timecorrection'] = 'ZoneInfo|0|' . $wgLocaltimezone;
|
$wgDefaultUserOptions['timecorrection'] = 'ZoneInfo|0|' . $wgLocaltimezone;
|
||||||
|
|
||||||
# Disable anonymous editing
|
# Access Control
|
||||||
$wgGroupPermissions['*']['edit'] = false;
|
$wgGroupPermissions['*']['edit'] = false; # Restrict edition for anonymous user
|
||||||
$wgGroupPermissions['*']['read'] = false;
|
$wgGroupPermissions['*']['createaccount'] = false; # Restrict the creation of account to sysop only
|
||||||
|
|
||||||
# Extensions
|
$wgCategoryLockdownWhitelist = [
|
||||||
|
"Spécial:Connexion",
|
||||||
|
"Spécial:Connexion/return",
|
||||||
|
"Spécial:PluggableAuthLogin",
|
||||||
|
"Spécial:Recherche",
|
||||||
|
"MediaWiki:Common.css",
|
||||||
|
"MediaWiki:Common.js"
|
||||||
|
];
|
||||||
|
|
||||||
|
$wgCategoryGroupLockdown["!user"]["read"] = [ "Page Publique" ]; # Restrict read for non-user (i.e. anonymous) on execpt for Page Publique # Extensions
|
||||||
$wgWikiEditorRealtimePreview = true;
|
$wgWikiEditorRealtimePreview = true;
|
||||||
$wgCiteBookReferencing = true;
|
$wgCiteBookReferencing = true;
|
||||||
$wgPdfProcessor = '${ pkgs.ghostscript }/bin/gs';
|
$wgPdfProcessor = '${ pkgs.ghostscript }/bin/gs';
|
||||||
|
|
@ -216,7 +225,24 @@ in
|
||||||
VisualEditor = null; # pour éditer visuellement les pages
|
VisualEditor = null; # pour éditer visuellement les pages
|
||||||
WikiEditor = null; # pour éditer le code wiki des pages
|
WikiEditor = null; # pour éditer le code wiki des pages
|
||||||
|
|
||||||
# Bundled with next version, put as null in the next update
|
CategoryLockdown = pkgs.applyPatches {
|
||||||
|
src = pkgs.fetchFromGitHub {
|
||||||
|
name = "CategoryLockdown";
|
||||||
|
owner = "wikimedia";
|
||||||
|
repo = "mediawiki-extensions-CategoryLockdown";
|
||||||
|
rev = "REL" + major + "_" + minor;
|
||||||
|
# Le SHA doit être changé à chaque nouveau commit de traduction.
|
||||||
|
# Pas de meilleure solution à ma connaissance pour suivre les releases.
|
||||||
|
sha256 = "sha256-WEg0QP4QXt89uvZCZvkfpycoZGBP640aTpaxbl5jsZs=";
|
||||||
|
};
|
||||||
|
patches = [
|
||||||
|
# Cette extension s’occupe des du contrôle d’accès du Wiki
|
||||||
|
# et a été beaucoup patché. Pensez à vérifier les changements
|
||||||
|
# et révisez le patch le cas échéant.
|
||||||
|
"${./category-lockdown.patch}"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
TemplateStyles = pkgs.fetchFromGitHub {
|
TemplateStyles = pkgs.fetchFromGitHub {
|
||||||
name = "TemplateStyles";
|
name = "TemplateStyles";
|
||||||
owner = "wikimedia";
|
owner = "wikimedia";
|
||||||
|
|
@ -266,14 +292,15 @@ in
|
||||||
# Pas de meilleure solution à ma connaissance pour suivre les releases.
|
# Pas de meilleure solution à ma connaissance pour suivre les releases.
|
||||||
sha256 = "sha256-oi5rliHb4KnLbvQxO7MGuLp/FEucoGR/Z0NP1gmbgMc=";
|
sha256 = "sha256-oi5rliHb4KnLbvQxO7MGuLp/FEucoGR/Z0NP1gmbgMc=";
|
||||||
};
|
};
|
||||||
WSOAuth = pkgs.fetchFromGitHub {
|
WSOAuth = pkgs.fetctFromGitlab {
|
||||||
|
domain = "gitlab.crans.org";
|
||||||
name = "WSOAuth";
|
name = "WSOAuth";
|
||||||
owner = "pyjacpp";
|
owner = "pyjacpp";
|
||||||
repo = "WSOAuth";
|
repo = "wsoauth";
|
||||||
rev = "REL" + major + "_" + minor;
|
rev = "master";
|
||||||
# Le SHA doit être changé à chaque nouveau commit de traduction.
|
# Le SHA doit être changé à chaque nouveau commit de traduction.
|
||||||
# Pas de meilleure solution à ma connaissance pour suivre les releases.
|
# Pas de meilleure solution à ma connaissance pour suivre les releases.
|
||||||
sha256 = "sha256-G2C/KuSgfWWftpHHhOABwFcOEb1zB8qmHi9KgrC6Jrc=";
|
sha256 = "sha256-8jrRuHcJZc+YNnfyYkNLwF4PEIiHfd27YnTVAZcxgoc=";
|
||||||
};
|
};
|
||||||
WSONoteKfetAuth = "${./WSONoteKfetAuth}";
|
WSONoteKfetAuth = "${./WSONoteKfetAuth}";
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue