Index: SpecialGlobalGroupMembership.php
===================================================================
--- SpecialGlobalGroupMembership.php (revision 33833)
+++ SpecialGlobalGroupMembership.php (working copy)
@@ -10,6 +10,7 @@
var $mGlobalUser;
function SpecialGlobalGroupMembership() {
SpecialPage::SpecialPage( 'GlobalGroupMembership' );
+ wfLoadExtensionMessages('SpecialCentralAuth');
global $wgUser;
$this->mGlobalUser = CentralAuthUser::getInstance( $wgUser );
Index: central-auth.sql
===================================================================
--- central-auth.sql (revision 33833)
+++ central-auth.sql (working copy)
@@ -113,3 +113,24 @@
primary key (lu_dbname, lu_name),
key (lu_name, lu_dbname)
) /*$wgDBTableOptions*/;
+
+
+-- Global user groups.
+CREATE TABLE global_user_groups (
+ gug_user int(11) not null,
+ gug_group varchar(255) not null,
+
+ PRIMARY KEY (gug_user,gug_group),
+ KEY (gug_user),
+ key (gug_group)
+) /*$wgDBTableOptions*/;
+
+-- Global group permissions.
+CREATE TABLE global_group_permissions (
+ ggp_group varchar(255) not null,
+ ggp_permission varchar(255) not null,
+
+ PRIMARY KEY (ggp_group, ggp_permission),
+ KEY (ggp_group),
+ KEY (ggp_permission)
+) /*$wgDBTableOptions*/;
\ No newline at end of file
Index: CentralAuthGroupMembershipProxy.php
===================================================================
--- CentralAuthGroupMembershipProxy.php (revision 33833)
+++ CentralAuthGroupMembershipProxy.php (working copy)
@@ -0,0 +1,63 @@
+name = $user->getName();
+ $this->mGlobalUser = $user;
+ }
+
+ public static function whoIs( $database, $id ) {
+ $user = self::newFromId( $database, $id );
+ if( $user ) {
+ return $user->name;
+ } else {
+ return false;
+ }
+ }
+
+ public static function newFromName( $name ) {
+ $globalUser = new CentralAuthUser( $name );
+ return $globalUser->exists() ? new CentralAuthGroupMembershipProxy( $globalUser ) : null;
+ }
+
+ public function getId() {
+ return $this->mGlobalUser->getId();
+ }
+
+ public function isAnon() {
+ return $this->getId() == 0;
+ }
+
+ public function getName() {
+ return $this->name;
+ }
+
+ public function getUserPage() {
+ return Title::makeTitle( NS_USER, $this->getName() );
+ }
+
+ // Replaces getUserGroups()
+ function getGroups() {
+ return $this->mGlobalUser->getGlobalGroups();
+ }
+
+ // replaces addUserGroup
+ function addGroup( $group ) {
+ $this->mGlobalUser->addToGlobalGroups( $group );
+ }
+
+ // replaces removeUserGroup
+ function removeGroup( $group ) {
+ $this->mGlobalUser->removeFromGlobalGroups( $group );
+ }
+
+ // replaces touchUser
+ function invalidateCache() {
+ # What should I do here?
+ }
+}
Index: db_patches/patch-globalgroups.sql
===================================================================
--- db_patches/patch-globalgroups.sql (revision 33833)
+++ db_patches/patch-globalgroups.sql (working copy)
@@ -0,0 +1,25 @@
+-- This patch allows storing global groups in the database.
+-- Andrew Garrett (Werdna), April 2008.
+
+-- Global user groups.
+CREATE TABLE global_user_groups (
+ gug_user int(11) not null,
+ gug_group varchar(255) not null,
+
+ PRIMARY KEY (gug_user,gug_group),
+ KEY (gug_user),
+ key (gug_group)
+) /*$wgDBTableOptions*/;
+
+-- Global group permissions.
+CREATE TABLE global_group_permissions (
+ ggp_group varchar(255) not null,
+ ggp_permission varchar(255) not null,
+
+ PRIMARY KEY (ggp_group, ggp_permission),
+ KEY (ggp_group),
+ KEY (ggp_permission)
+) /*$wgDBTableOptions*/;
+
+-- Create a starter group, which users can be added to.
+INSERT INTO global_group_permissions (ggp_group,ggp_permission) VALUES ('steward','globalgrouppermissions'),('steward','globalgroupmembership');
Index: CentralAuthUser.php
===================================================================
--- CentralAuthUser.php (revision 33833)
+++ CentralAuthUser.php (working copy)
@@ -135,6 +135,13 @@
$this->loadState();
return $this->mGlobalId;
}
+
+ /**
+ * Return the global account's name, whether it exists or not.
+ */
+ public function getName() {
+ return $this->mName;
+ }
/**
* @return bool True if the account is attached on the local wiki
@@ -1352,4 +1359,105 @@
__METHOD__
);
}
+
+ function getGlobalGroups() {
+ $dbr = self::getCentralSlaveDB();
+
+ $res = $dbr->select( 'global_user_groups', 'gug_group', array( 'gug_user' => $this->getId() ), __METHOD__ );
+
+ $groups = array();
+
+ while ($row = $dbr->fetchObject( $res ))
+ {
+ $groups[] = $row->gug_group;
+ }
+
+ return $groups;
+ }
+
+ function getGlobalRights() {
+ # Select rights the user has.
+ $dbr = self::getCentralSlaveDB();
+
+ $res = $dbr->select( array( 'global_group_permissions', 'global_user_groups' ),
+ array( 'ggp_permission' ), array( 'ggp_group=gug_group', 'gug_user' => $this->getId() ), __METHOD__ );
+
+ $rights = array();
+
+ while ($row = $dbr->fetchObject( $res ) ) {
+ $rights[] = $row->ggp_permission;
+ }
+
+ return $rights;
+ }
+
+ function removeFromGlobalGroups( $groups ) {
+ $dbw = self::getCentralDB();
+
+ # Delete from the DB
+ $dbw->delete( 'global_user_groups', array( 'gug_user' => $this->getId(), 'gug_group' => $groups ), __METHOD__ );
+ }
+
+ function addToGlobalGroups( $groups ) {
+ $dbw = self::getCentralDB();
+
+ if (!is_array($groups)) {
+ $groups = array($groups);
+ }
+
+ $insert_rows = array();
+ foreach( $groups as $group ) {
+ $insert_rows[] = array( 'gug_user' => $this->getId(), 'gug_group' => $group );
+ }
+
+ # Replace into the DB
+ $dbw->replace( 'global_user_groups', array( 'gug_user', 'gug_group' ), $insert_rows, __METHOD__ );
+ }
+
+ static function availableGlobalGroups() {
+ $dbr = self::getCentralSlaveDB();
+
+ $res = $dbr->select( 'global_group_permissions', 'distinct ggp_group', array(), __METHOD__ );
+
+ $groups = array();
+
+ while ($row = $dbr->fetchObject( $res ) )
+ $groups[] = $row->ggp_group;
+
+ return $groups;
+ }
+
+ static function globalGroupPermissions( $group ) {
+ $dbr = self::getCentralSlaveDB();
+
+ $res = $dbr->select( array( 'global_group_permissions' ),
+ array( 'ggp_permission' ), array( 'ggp_group' => $group), __METHOD__ );
+
+ $rights = array();
+
+ while ($row = $dbr->fetchObject( $res ) ) {
+ $rights[] = $row->ggp_permission;
+ }
+
+ return $rights;
+ }
+
+ function hasGlobalPermission( $perm ) {
+ $perms = $this->getGlobalRights();
+
+ return in_array( $perm, $perms );
+ }
+
+ static function getUsedRights() {
+ $dbr = self::getCentralSlaveDB();
+
+ $res = $dbr->select( 'global_group_permissions', 'distinct ggp_permission', array(), __METHOD__ );
+
+ $rights = array();
+
+ while ($row = $dbr->fetchObject( $res ) )
+ $rights[] = $row->ggp_permission;
+
+ return $rights;
+ }
}
Index: CentralAuth.php
===================================================================
--- CentralAuth.php (revision 33833)
+++ CentralAuth.php (working copy)
@@ -98,6 +98,9 @@
$wgAutoloadClasses['SpecialAutoLogin'] = "$caBase/SpecialAutoLogin.php";
$wgAutoloadClasses['CentralAuthUserArray'] = "$caBase/CentralAuthUserArray.php";
$wgAutoloadClasses['CentralAuthUserArrayFromResult'] = "$caBase/CentralAuthUserArray.php";
+$wgAutoloadClasses['SpecialGlobalGroupMembership'] = "$caBase/SpecialGlobalGroupMembership.php";
+$wgAutoloadClasses['CentralAuthGroupMembershipProxy'] = "$caBase/CentralAuthGroupMembershipProxy.php";
+$wgAutoloadClasses['SpecialGlobalGroupPermissions'] = "$caBase/SpecialGlobalGroupPermissions.php";
$wgExtensionMessagesFiles['SpecialCentralAuth'] = "$caBase/CentralAuth.i18n.php";
@@ -116,6 +119,8 @@
$wgHooks['UserSetEmail'][] = 'CentralAuthHooks::onUserSetEmail';
$wgHooks['UserSaveSettings'][] = 'CentralAuthHooks::onUserSaveSettings';
$wgHooks['UserSetEmailAuthenticationTimestamp'][] = 'CentralAuthHooks::onUserSetEmailAuthenticationTimestamp';
+$wgHooks['UserGetRights'][] = 'CentralAuthHooks::onUserGetRights';
+$wgHooks['GetAvailableRights'][] = 'CentralAuthHooks::onGetAvailableRights';
// For interaction with the Special:Renameuser extension
$wgHooks['RenameUserAbort'][] = 'CentralAuthHooks::onRenameUserAbort';
@@ -127,6 +132,8 @@
$wgSpecialPages['CentralAuth'] = 'SpecialCentralAuth';
$wgSpecialPages['AutoLogin'] = 'SpecialAutoLogin';
$wgSpecialPages['MergeAccount'] = 'SpecialMergeAccount';
+$wgSpecialPages['GlobalGroupMembership'] = 'SpecialGlobalGroupMembership';
+$wgSpecialPages['GlobalGroupPermissions'] = 'SpecialGlobalGroupPermissions';
$wgSpecialPages['GlobalUsers'] = 'SpecialGlobalUsers';
$wgLogTypes[] = 'globalauth';
@@ -136,3 +143,8 @@
$wgLogActions['globalauth/lock'] = 'centralauth-log-entry-lock';
$wgLogActions['globalauth/unlock'] = 'centralauth-log-entry-unlock';
+$wgLogTypes[] = 'gblrights';
+$wgLogNames['gblrights'] = 'centralauth-rightslog-name';
+$wgLogHeaders['gblrights'] = 'centralauth-rightslog-header';
+$wgLogActions['gblrights/usergroups'] = 'centralauth-rightslog-entry-usergroups';
+$wgLogActions['gblrights/groupperms'] = 'centralauth-rightslog-entry-groupperms';
\ No newline at end of file
Index: SpecialGlobalGroupPermissions.php
===================================================================
--- SpecialGlobalGroupPermissions.php (revision 33833)
+++ SpecialGlobalGroupPermissions.php (working copy)
@@ -70,7 +70,7 @@
}
function buildMainView() {
- global $wgOut,$wgUser,$wgInvitationTypes;
+ global $wgOut,$wgUser,$wgScript;
$sk = $wgUser->getSkin();
$groups = CentralAuthUser::availableGlobalGroups();
@@ -82,7 +82,7 @@
$wgOut->addHtml( $html );
if (count($groups)) {
- $wgOut->addWikitext( wfMsg( 'centralauth-globalgroupperms-grouplist' ) );
+ $wgOut->addWikiMsg( 'centralauth-globalgroupperms-grouplist' );
$wgOut->addHTML( '
' );
foreach ($groups as $group) {
@@ -91,7 +91,7 @@
$wgOut->addHTML( "- $text
" );
}
} else {
- $wgOut->addWikitext( wfMsg( 'centralauth-globalgroupperms-nogroups' ) );
+ $wgOut->addWikiMsg( 'centralauth-globalgroupperms-nogroups' );
}
$wgOut->addHtml( Xml::closeElement( 'fieldset' ) );
@@ -101,24 +101,24 @@
$html .= wfMsgExt( 'centralauth-newgroup-intro', array( 'parse' ) );
$html .= Xml::openElement( 'form', array( 'method' => 'post', 'action' => $wgScript, 'name' => 'centralauth-globalgroups-newgroup' ) );
$html .= Xml::hidden( 'title', SpecialPage::getTitleFor('GlobalGroupPermissions')->getPrefixedText() );
- $html .= Xml::hidden( 'wpEditToken', $wgUser->editToken() );
$fields = array( 'centralauth-globalgroupperms-newgroupname' => wfInput( 'wpGroup' ) );
$html .= wfBuildForm( $fields, 'centralauth-globalgroupperms-creategroup-submit' );
+ $html .= Xml::closeElement( 'form' );
$html .= Xml::closeElement( 'fieldset' );
$wgOut->addHtml( $html );
}
function buildGroupView( $group ) {
- global $wgOut, $wgUser;
+ global $wgOut, $wgUser,$wgScript;
$wgOut->setSubtitle( wfMsg( 'centralauth-editgroup-subtitle', $group ) );
$html = Xml::openElement( 'fieldset' ) . Xml::element( 'legend', null, wfMsg( 'centralauth-editgroup-fieldset', $group ) );
$html .= Xml::openElement( 'form', array( 'method' => 'post', 'action' => $wgScript, 'name' => 'centralauth-globalgroups-newgroup' ) );
- $html .= Xml::hidden( 'title', SpecialPage::getTitleFor('GlobalGroupPermissions')->getPrefixedText() );
+ $html .= Xml::hidden( 'title', SpecialPage::getTitleFor('GlobalGroupPermissions', $group)->getPrefixedText() );
$html .= Xml::hidden( 'wpGroup', $group );
$html .= Xml::hidden( 'wpEditToken', $wgUser->editToken() );
@@ -142,279 +142,46 @@
}
function buildCheckboxes( $group ) {
- $html = '';
$rights = wfGetAvailableRights();
$assignedRights = $this->getAssignedRights( $group );
+ sort($rights);
+
+ $checkboxes = array();
+
+
+
foreach( $rights as $right ) {
# Build a checkbox.
$checked = in_array( $right, $assignedRights );
$checkbox = wfCheckLabel( wfMsg( "right-$right" ), "wpRightAssigned-$right", "wpRightAssigned-$right", $checked );
- $html .= "- $checkbox
";
+ $checkboxes[] = "- $checkbox
";
}
- $html .= '
';
+ $count = count($checkboxes);
- return $html;
- }
-
- function getAssignedRights( $group ) {
- return CentralAuthUser::globalGroupPermissions( $group );
- }
-
- function doSubmit( $group ) {
- global $wgRequest,$wgOut;
+ $firstcol = round($count/2);
- $newRights = array();
- $addRights = array();
- $removeRights = array();
- $oldRights = $this->getAssignedRights( $group );
- $allRights = wfGetAvailableRights();
+ $checkboxes1 = array_slice($checkboxes, 0, $firstcol);
+ $checkboxes2 = array_slice($checkboxes, $firstcol );
- $reason = $wgRequest->getVal( 'wpReason', '' );
+ $html = '';
- foreach ($allRights as $right) {
- $alreadyAssigned = in_array( $right, $oldRights );
-
- if ($wgRequest->getCheck( "wpRightAssigned-$right" )) {
- $newGroups[] = $right;
- }
-
- if (!$alreadyAssigned && $wgRequest->getCheck( "wpRightAssigned-$right" )) {
- $addRights[] = $right;
- } else if ($alreadyAssigned && !$wgRequest->getCheck( "wpRightAssigned-$right" ) ) {
- $removeRights[] = $right;
- } # Otherwise, do nothing.
+ foreach( $checkboxes1 as $cb ) {
+ $html .= $cb;
}
- // Assign the rights.
- if (count($addRights)>0)
- $this->grantRightsToGroup( $group, $addRights );
- if (count($removeRights)>0)
- $this->revokeRightsFromGroup( $group, $removeRights );
+ $html .= ' | ';
- // Log it
- if (!(count($addRights)==0 && count($removeRights)==0))
- $this->addLogEntry( $group, $oldRights, $newRights, $reason );
-
- // Display success
- $wgOut->setSubTitle( wfMsg( 'centralauth-editgroup-success' ) );
- $wgOut->addWikitext( wfMsg( 'centralauth-editgroup-success-text' ) );
- }
-
- function revokeRightsFromGroup( $group, $rights ) {
- $dbw = CentralAuthUser::getCentralDB();
-
- # Delete from the DB
- $dbw->delete( 'global_group_permissions', array( 'ggp_group' => $group, 'ggp_permission' => $rights), __METHOD__ );
- }
-
- function grantRightsToGroup( $group, $rights ) {
- $dbw = CentralAuthUser::getCentralDB();
-
- if (!is_array($rights)) {
- $rights = array($rights);
+ foreach( $checkboxes2 as $cb ) {
+ $html .= $cb;
}
- $insert_rows = array();
- foreach( $rights as $right ) {
- $insert_rows[] = array( 'ggp_group' => $group, 'ggp_permission' => $right );
- }
+ $html .= ' |
';
- # Replace into the DB
- $dbw->replace( 'global_group_permissions', array( 'ggp_group', 'ggp_permission' ), $insert_rows, __METHOD__ );
- }
-
- protected function showLogFragment( $group, $output ) {
- $title = SpecialPage::getTitleFor( 'ListUsers', $group );
- $output->addHtml( Xml::element( 'h2', null, LogPage::logName( 'gblrights' ) . "\n" ) );
- LogEventsList::showLogExtract( $output, 'globalrights', $title->getPrefixedText() );
- }
-
- function addLogEntry( $group, $oldRights, $newRights, $reason ) {
- global $wgRequest;
-
- $log = new LogPage( 'gblrights' );
-
- $log->addEntry( 'groupperms',
- SpecialPage::getTitleFor( 'ListUsers', $group ),
- $reason,
- array(
- $this->makeRightsList( $oldRights ),
- $this->makeRightsList( $newRights )
- )
- );
- }
-
- function makeRightsList( $ids ) {
- return implode( ', ', $ids );
- }
-}
-exists() || !$globalUser->isAttached()) {
- return false;
- }
-
- ## Permission MUST be gained from global rights.
- return $globalUser->hasGlobalPermission( 'globalgrouppermissions' );
- }
-
- function execute( $subpage ) {
- global $wgRequest,$wgOut,$wgUser;
-
- if (!$this->userCanExecute($wgUser)) {
- $this->displayRestrictionError();
- return;
- }
-
- $wgOut->setPageTitle( wfMsg( 'globalgrouppermissions' ) );
- $wgOut->setRobotpolicy( "noindex,nofollow" );
- $wgOut->setArticleRelated( false );
- $wgOut->enableClientCache( false );
-
- if ($subpage == '' ) {
- $subpage = $wgRequest->getVal( 'wpGroup' );
- }
-
- if ($subpage != '' && $wgUser->matchEditToken( $wgRequest->getVal( 'wpEditToken' ) )) {
- $this->doSubmit($subpage);
- } else if ($subpage != '') {
- $this->buildGroupView($subpage);
- } else {
- $this->buildMainView();
- }
- }
-
- function buildMainView() {
- global $wgOut,$wgUser,$wgInvitationTypes;
- $sk = $wgUser->getSkin();
-
- $groups = CentralAuthUser::availableGlobalGroups();
-
- // Existing groups
- $html = Xml::openElement( 'fieldset' );
- $html .= Xml::element( 'legend', null, wfMsg( 'centralauth-existinggroup-legend' ) );
-
- $wgOut->addHtml( $html );
-
- if (count($groups)) {
- $wgOut->addWikitext( wfMsg( 'centralauth-globalgroupperms-grouplist' ) );
- $wgOut->addHTML( '' );
-
- foreach ($groups as $group) {
- $text = wfMsgExt( 'centralauth-globalgroupperms-grouplistitem', array( 'parseinline' ), User::getGroupName($group), $group );
-
- $wgOut->addHTML( "- $text
" );
- }
-
- $wgOut->addHTML( '
' );
- } else {
- $wgOut->addWikitext( wfMsg( 'centralauth-globalgroupperms-nogroups' ) );
- }
-
- $wgOut->addHtml( Xml::closeElement( 'fieldset' ) );
-
- // "Create a group" prompt
- $html = Xml::openElement( 'fieldset' ) . Xml::element( 'legend', null, wfMsg( 'centralauth-newgroup-legend' ) );
- $html .= wfMsgExt( 'centralauth-newgroup-intro', array( 'parse' ) );
- $html .= Xml::openElement( 'form', array( 'method' => 'post', 'action' => $wgScript, 'name' => 'centralauth-globalgroups-newgroup' ) );
- $html .= Xml::hidden( 'title', SpecialPage::getTitleFor('GlobalGroupPermissions')->getPrefixedText() );
- $html .= Xml::hidden( 'wpEditToken', $wgUser->editToken() );
-
- $fields = array( 'centralauth-globalgroupperms-newgroupname' => wfInput( 'wpGroup' ) );
-
- $html .= wfBuildForm( $fields, 'centralauth-globalgroupperms-creategroup-submit' );
- $html .= Xml::closeElement( 'fieldset' );
-
- $wgOut->addHtml( $html );
- }
-
- function buildGroupView( $group ) {
- global $wgOut, $wgUser;
-
- $wgOut->setSubtitle( wfMsg( 'centralauth-editgroup-subtitle', $group ) );
-
- $html = Xml::openElement( 'fieldset' ) . Xml::element( 'legend', null, wfMsg( 'centralauth-editgroup-fieldset', $group ) );
- $html .= Xml::openElement( 'form', array( 'method' => 'post', 'action' => $wgScript, 'name' => 'centralauth-globalgroups-newgroup' ) );
- $html .= Xml::hidden( 'title', SpecialPage::getTitleFor('GlobalGroupPermissions')->getPrefixedText() );
- $html .= Xml::hidden( 'wpGroup', $group );
- $html .= Xml::hidden( 'wpEditToken', $wgUser->editToken() );
-
- $fields = array();
-
- $fields['centralauth-editgroup-name'] = $group;
- $fields['centralauth-editgroup-display'] = wfMsgExt( 'centralauth-editgroup-display-edit', array( 'parseinline' ), $group, User::getGroupName( $group ) );
- $fields['centralauth-editgroup-member'] = wfMsgExt( 'centralauth-editgroup-member-edit', array( 'parseinline' ), $group, User::getGroupMember( $group ) );
- $fields['centralauth-editgroup-members'] = wfMsgExt( 'centralauth-editgroup-members-link', array( 'parseinline' ), $group, User::getGroupMember( $group ) );
- $fields['centralauth-editgroup-perms'] = $this->buildCheckboxes($group);
- $fields['centralauth-editgroup-reason'] = wfInput( 'wpReason' );
-
- $html .= wfBuildForm( $fields, 'centralauth-editgroup-submit' );
-
- $html .= Xml::closeElement( 'form' );
- $html .= Xml::closeElement( 'fieldset' );
-
- $wgOut->addHtml( $html );
-
- $this->showLogFragment( $group, $wgOut );
- }
-
- function buildCheckboxes( $group ) {
- $html = '';
-
- $rights = wfGetAvailableRights();
- $assignedRights = $this->getAssignedRights( $group );
-
- foreach( $rights as $right ) {
- # Build a checkbox.
- $checked = in_array( $right, $assignedRights );
-
- $checkbox = wfCheckLabel( wfMsg( "right-$right" ), "wpRightAssigned-$right", "wpRightAssigned-$right", $checked );
-
- $html .= "- $checkbox
";
- }
-
- $html .= '
';
-
return $html;
}
@@ -423,7 +190,7 @@
}
function doSubmit( $group ) {
- global $wgRequest,$wgOut;
+ global $wgRequest,$wgOut,$wgScript;
$newRights = array();
$addRights = array();
@@ -459,7 +226,7 @@
// Display success
$wgOut->setSubTitle( wfMsg( 'centralauth-editgroup-success' ) );
- $wgOut->addWikitext( wfMsg( 'centralauth-editgroup-success-text' ) );
+ $wgOut->addWikiMsg( 'centralauth-editgroup-success-text', $group );
}
function revokeRightsFromGroup( $group, $rights ) {
@@ -488,7 +255,7 @@
protected function showLogFragment( $group, $output ) {
$title = SpecialPage::getTitleFor( 'ListUsers', $group );
$output->addHtml( Xml::element( 'h2', null, LogPage::logName( 'gblrights' ) . "\n" ) );
- LogEventsList::showLogExtract( $output, 'globalrights', $title->getPrefixedText() );
+ LogEventsList::showLogExtract( $output, 'gblrights', $title->getPrefixedText() );
}
function addLogEntry( $group, $oldRights, $newRights, $reason ) {
@@ -509,4 +276,4 @@
function makeRightsList( $ids ) {
return implode( ', ', $ids );
}
-}
\ No newline at end of file
+}
Index: CentralAuthHooks.php
===================================================================
--- CentralAuthHooks.php (revision 33833)
+++ CentralAuthHooks.php (working copy)
@@ -345,4 +345,20 @@
}
return true;
}
+
+ static function onUserGetRights( $user, &$rights ) {
+ $centralUser = CentralAuthUser::getInstance( $user );
+
+ if ($centralUser->exists()) {
+ $extraRights = $centralUser->getGlobalRights();
+
+ $rights = array_merge( $extraRights, $rights );
+ }
+ return true;
+ }
+
+ static function onGetAvailableRights( &$rights ) {
+ $rights = array_unique( array_merge( $rights, CentralAuthUser::getUsedRights() ));
+ return true;
+ }
}
Index: CentralAuth.i18n.php
===================================================================
--- CentralAuth.i18n.php (revision 33833)
+++ CentralAuth.i18n.php (working copy)
@@ -194,11 +194,49 @@
'centralauth-account-exists' => 'Cannot create account: the requested username is already taken in the unified login system.',
// Logging
- 'centralauth-log-name' => 'Global account management log',
- 'centralauth-log-header' => 'This log contains operations under global accounts: deletions, locking and unlocking.',
- 'centralauth-log-entry-delete' => 'deleted global account "$1"',
- 'centralauth-log-entry-lock' => 'locked global account "$1"',
- 'centralauth-log-entry-unlock' => 'unlocked global account "$1"',
+ 'centralauth-log-name' => 'Global account management log',
+ 'centralauth-log-header' => 'This log contains operations under global accounts: deletions, locking and unlocking.',
+ 'centralauth-log-entry-delete' => 'deleted global account "$1"',
+ 'centralauth-log-entry-lock' => 'locked global account "$1"',
+ 'centralauth-log-entry-unlock' => 'unlocked global account "$1"',
+
+ 'centralauth-rightslog-name' => 'Global rights log',
+ 'centralauth-rightslog-entry-usergroups' => 'changed global group membership for $1 from $2 to $3',
+ 'centralauth-rightslog-entry-groupperms' => 'changed group permissions for $1 from $2 to $3',
+ 'centralauth-rightslog-header' => 'This log contains operations on global groups: membership and permissions changes',
+
+ // Global group membership
+ 'globalgroupmembership' => 'Membership in global groups',
+
+ // Global group permissions
+ 'globalgrouppermissions' => 'Global group management',
+ 'centralauth-globalgroupperms-grouplist' => 'The following global groups have been configured. You may view and edit the permissions assigned to any group.',
+ 'centralauth-globalgroupperms-grouplistitem' => '$1 ([[Special:GlobalGroupPermissions/$2|View and edit permissions]])',
+ 'centralauth-existinggroup-legend' => 'Existing groups',
+ 'centralauth-newgroup-legend' => 'Create a new group',
+ 'centralauth-newgroup-intro' => 'You can use this form to assign permissions to a new group. Note that a group does not exist unless it has permissions assigned to it.',
+ 'centralauth-globalgroupperms-newgroupname' => 'New group name:',
+ 'centralauth-globalgroupperms-creategroup-submit' => 'Assign permissions',
+ 'centralauth-editgroup-subtitle' => 'Editing $1',
+ 'centralauth-editgroup-fieldset' => 'Permissions for $1',
+ 'centralauth-editgroup-name' => 'Name of group:',
+ 'centralauth-editgroup-display' => 'Localised name of group:',
+ 'centralauth-editgroup-display-edit' => '$2 ([[MediaWiki:group-$1|edit]])',
+ 'centralauth-editgroup-member' => 'Localised name of group members:',
+ 'centralauth-editgroup-member-edit' => '$2 ([[MediaWiki:group-$1-member|edit]])',
+ 'centralauth-editgroup-members' => 'Member list:',
+ 'centralauth-editgroup-members-link' => '[[Special:Listusers/$1|List of users with $2 rights]]',
+ 'centralauth-editgroup-submit' => 'Save changes to group permissions',
+ 'centralauth-editgroup-perms' => 'Assigned permissions:',
+ 'centralauth-editgroup-reason' => 'Reason for change:',
+ 'centralauth-editgroup-success' => 'Group permissions changed',
+ 'centralauth-editgroup-success-text' => 'You have successfully changed the group permissions for the $1 group. [[Special:GlobalGroupPermissions|Return to group management]]',
+
+ // User rights
+ 'right-globalgroupmembership' => 'Edit membership to global groups',
+ 'right-centralauth-admin' => 'Administrate global accounts',
+ 'right-centralauth-merge' => 'Merge their account',
+ 'right-globalgrouppermissions' => 'Manage global groups',
);
/** Afrikaans (Afrikaans)