forked from Sen-Sai/SourceProtection
-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathSourceProtection.class.php
More file actions
115 lines (102 loc) · 2.51 KB
/
SourceProtection.class.php
File metadata and controls
115 lines (102 loc) · 2.51 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
<?php
/**
* sourceProtection
*
*
* @license https://www.gnu.org/copyleft/gpl.html GNU General Public License 2.0 or later
*
*/
class SourceProtection {
/**
* Dive into the skin. Check if a user may edit. If not, remove tabs.
* @param SkinTemplate $sktemplate
* @param array $links
*
* @return bool
*/
public static function hideSource( SkinTemplate &$sktemplate, array &$links ) {
// always remove viewsource tab
$removeUs = array( 'viewsource' );
foreach ( $removeUs as $view ) {
if ( isset( $links['views'][ $view ] ) ) {
unset( $links['views'][ $view ] );
}
}
// grab user permissions
if ( method_exists( $sktemplate, 'getTitle' ) ) {
$title = $sktemplate->getTitle();
} else {
$title = $sktemplate->mTitle;
}
$user_can_edit = $title->userCan( 'edit' );
//remove form_edit and history when edit is disabled
if ( $user_can_edit === false ) {
$rem = array( 'form_edit', 'history' );
foreach ( $rem as $v ) {
if ( isset( $links['views'][ $v ] ) ) {
unset( $links['views'][ $v ] );
}
}
}
return true;
}
/**
* If a user has no edit rights, then make sure it is hard for them to view the source of a document
* @param $title
* @param $wgUser
* @param $action
* @param $result
*
* @return bool
*/
public static function disableActions( &$title, &$wgUser, $action, &$result ) {
if ( in_array( 'edit', $wgUser->getRights(), true ) ) {
return true;
} else {
// define the actions to be blocked
$actionNotAllowed = array(
'edit',
'move',
'history',
'info',
'raw',
'delete',
'revert',
'revisiondelete',
'rollback',
'markpatrolled'
);
// Also disable the version difference options
if ( isset( $_GET['diff'] ) ) {
return false;
}
if ( isset( $_GET['action'] ) ) {
$actie = $_GET['action'];
if ( in_array( $actie, $actionNotAllowed ) ) {
return false;
}
}
// Any other action is fine
return true;
}
}
/**
* Prevent ShowReadOnly form to be shown. We should never get here anymore, but just in case.
* @param EditPage $editPage
* @param OutputPage $output
*
* @return OutputPage
*/
public static function doNotShowReadOnlyForm( EditPage $editPage, OutputPage $output ) {
if ( method_exists( $editPage, 'getTitle' ) ) {
$title = $editPage->getTitle();
} else {
$title = $editPage->mTitle;
}
$user_can_edit = $title->userCan( 'edit' );
if ( ! $user_can_edit ) {
$output->redirect( $editPage->getContextTitle() );
}
return $output;
}
}