Index: includes/SpecialAllpages.php
===================================================================
--- includes/SpecialAllpages.php (revision 13537)
+++ includes/SpecialAllpages.php (working copy)
@@ -19,7 +19,9 @@
$indexPage = new SpecialAllpages();
- if( !in_array($namespace, array_keys($namespaces)) )
+ #If namespace does not exist or the user is not allowed to access it
+ #return him to the main namespace.
+ if( !in_array($namespace, array_keys($namespaces)) || !$wgUser->canAccessNamespace( $namespace))
$namespace = 0;
$wgOut->setPagetitle( $namespace > 0 ?
Index: includes/SpecialRecentchangeslinked.php
===================================================================
--- includes/SpecialRecentchangeslinked.php (revision 13537)
+++ includes/SpecialRecentchangeslinked.php (working copy)
@@ -62,6 +62,16 @@
$cmq = 'AND rc_minor=0';
} else { $cmq = ''; }
+ # Exclude all namespaces that are restricted to this user
+ global $wgRestrictedNamespaces;
+ if( is_array( $wgRestrictedNamespaces )) {
+ foreach( $wgRestrictedNamespaces as $key => $value ) {
+ if( ! $wgUser->canAccessNamespace( $key )) {
+ $cmq .= ' AND page_namespace <>' . $key;
+ }
+ }
+ }
+
extract( $dbr->tableNames( 'recentchanges', 'categorylinks', 'pagelinks', 'revision', 'page' , "watchlist" ) );
$uid = $wgUser->getID();
Index: includes/CategoryPage.php
===================================================================
--- includes/CategoryPage.php (revision 13537)
+++ includes/CategoryPage.php (working copy)
@@ -115,6 +115,11 @@
$title = Title::makeTitle( $x->page_namespace, $x->page_title );
+ # If this page is inside a restricted namespace, skip the result...
+ if(!$wgUser->canAccessNamespace($title->getNamespace())) {
+ continue;
+ }
+
if( $title->getNamespace() == NS_CATEGORY ) {
// Subcategory; strip the 'Category' namespace from the link text.
array_push( $children, $sk->makeKnownLinkObj( $title, $wgContLang->convertHtml( $title->getText() ) ) );
Index: includes/User.php
===================================================================
--- includes/User.php (revision 13537)
+++ includes/User.php (working copy)
@@ -1171,18 +1171,159 @@
/**
* Check if user is allowed to access a feature / make an action
* @param string $action Action to be checked (see $wgAvailableRights in Defines.php for possible actions).
+ * @param string $title Title of the article (so we can check if it's namespace is restricted to the user).
* @return boolean True: action is allowed, False: action should not be allowed
*/
- function isAllowed($action='') {
+ function isAllowed($action='',$title=NULL) {
+ global $wgRestrictedNamespaces, $wgReadOnlyNSes;
if ( $action === '' )
// In the spirit of DWIM
return true;
$this->loadFromDatabase();
+
+ if( $title == NULL ) {
+ global $wgTitle;
+ $title = $wgTitle;
+ }
+
+ $ns = $title->getNamespace();
+ // If user wants to read a page, that page is in a read only namespace
+ // and the user has the 'roread' right, allow him to read it. If it has
+ // the 'roedit' right allow him to edit it.
+ if( is_array($wgReadOnlyNSes)) {
+ if( $action == 'read' && in_array($ns, $wgReadOnlyNSes) && in_array('roread', $this->mRights) && !$this->isBlocked() ) {
+ return true;
+ }
+ if( $action == 'edit' && !$title->isProtected() && in_array($ns, $wgReadOnlyNSes) && in_array('roedit', $this->mRights) && !$this->isBlocked()) {
+ return true;
+ }
+ }
+
+ // Prevent access to restricted namespaces if the user does not have all
+ // required rights.
+ if( !$this->canAccessNamespace($ns) ) {
+ return false;
+ }
+
+ // If we are in user's page, allow him to do everything...
+ if ( $action == 'edit' && ($ns == NS_USER_TALK || $ns == NS_USER) && $title->getText() == $this->getName() && !$this->isBlocked() && !$title->isProtected() ) {
+ return true;
+ }
+
+ if ( $action == 'protect' && ($ns == NS_USER_TALK || $ns == NS_USER) && $title->getText() == $this->getName() && !$this->isBlocked() ){
+ return true;
+ }
+
+ // If user wants to edit a talk page and has the talk right, allow him to do so...
+ if( $title->isTalkPage() && $action == 'edit' && in_array('talk', $this->mRights) && !$this->isBlocked() && !$title->isProtected() ){
+ return true;
+ }
+
+ // If user wants to leave a mesage on another's user talk page and that page is unprotected, allow him to do so...
+ if( $action == 'edit' && $ns == NS_USER_TALK && !$this->isBlocked() && !$title->isProtected() ){
+ return true;
+ }
+
+ // If user has the sedit right, allow him to edit pages in the restricted namespaces
+ // he has access.
+ if( is_array($wgRestrictedNamespaces) && array_key_exists($ns, $wgRestrictedNamespaces)
+ && $this->canAccessNamespace($ns) && !$this->isBlocked() ){
+
+ if( $action == 'edit' && in_array('sedit', $this->mRights) && !$title->isProtected() ) {
+ return true;
+ }
+
+ // If user has the sprotect right, allow him to edit pages in the in the restricted namespaces
+ // he has access.
+ if(($action == 'protect' || $action == 'unprotect') && in_array('sprotect', $this->mRights)) {
+ return true;
+ }
+
+
+ // If user has the sdelete right, allow him to edit pages in the in the restricted namespaces
+ // he has access.
+ if( !$title->isProtected() && ($action == 'delete' || $action == 'undelete') && (in_array('sdelete', $this->mRights)) ) {
+ return true;
+ }
+ }
+
+ //If the user wants to delete or undelete a page and it's blocked don't allow him to do so.
+ if( ($action == 'delete' || $action == 'undelete') && ($title->isProtected() || $this->isBlocked()) ){
+ return false;
+ }
+
+
+ //If the user wants to protect or unprotect a page and it's blocked don't allow him to do so.
+ if( ($action == 'protect' || $action == 'unprotect') && $this->isBlocked() ){
+ return false;
+ }
return in_array( $action , $this->mRights );
}
/**
+ * Check if user is allowed to access a given namespace
+ * @param string $namespace ID of the namespace that needs to be checked.
+ * @return boolean True: access is allowed, False: access is denied
+ */
+ function canAccessNamespace( $namespace='' ) {
+ global $wgRestrictedNamespaces;
+ $this->loadFromDatabase();
+
+ if( is_array( $wgRestrictedNamespaces )) {
+ if( array_key_exists( $namespace, $wgRestrictedNamespaces ) ) {
+ if( in_array($wgRestrictedNamespaces[$namespace], $this->mRights)){
+ return true;
+ }
+ return false;
+ }
+ }
+
+ return true;
+
+ }
+
+ /**
+ * Get the restricted namespaces the user has access to (talk namespaces not included).
+ * @return string with the namespace names seperated by the "\n" character/
+ */
+ function getAllowedRNSes() {
+ global $wgRestrictedNamespaces;
+ $this->loadFromDatabase();
+ $names = NULL;
+
+ if( is_array( $wgRestrictedNamespaces ) ) {
+ foreach ($wgRestrictedNamespaces as $nsid => $ugroup) {
+ if( $this->canAccessNamespace($nsid) && !($nsid %2) ) {
+ $names .= Namespace::getCanonicalName($nsid)."\n";
+ }
+ }
+ }
+ return $names;
+ }
+
+ /**
+ * Get the main page title of each restricted namespace (talk namespaces not included)
+ * the user has access to.
+ * @return string: The titles seperated by the "\n" character.
+ */
+ function getRMainPages() {
+ global $wgRestrictedNamespaces;
+ $titles = NULL;
+
+ if( is_array( $wgRestrictedNamespaces ) ) {
+ $namespaces = $this->getAllowedRNSes();
+ $nsarray = explode("\n",$namespaces);
+ foreach ($nsarray as $index => $nsname) {
+ if($nsname != ""){
+ $titles .= "[[".$nsname.":".wfMsgForContent( 'mainpage' )."|".$nsname."]]"." \n";
+ }
+ }
+ }
+ return $titles;
+ }
+
+ /**
* Load a skin if it doesn't exist or return it
* @todo FIXME : need to check the old failback system [AV]
*/
Index: includes/SpecialUserlogin.php
===================================================================
--- includes/SpecialUserlogin.php (revision 13537)
+++ includes/SpecialUserlogin.php (working copy)
@@ -411,6 +411,7 @@
function successfulLogin( $msg, $auto = true ) {
global $wgUser;
global $wgOut;
+ global $wgLinkWarn;
# Run any hooks; ignore results
@@ -420,7 +421,18 @@
$wgOut->setRobotpolicy( 'noindex,nofollow' );
$wgOut->setArticleRelated( false );
$wgOut->addWikiText( $msg );
- $wgOut->returnToMain( $auto );
+
+ if($wgUser->getRMainPages() != NULL) {
+
+ # We are going to put some links to restricted namespaces
+ # that the user has access to, so we disable the warning.
+ $wgLinkWarn = false;
+
+ $wgOut->addWikiText(wfMsg('RNSlist').str_replace( '_', ' ',$wgUser->getRMainPages()));
+ $wgOut->returnToMain(false);
+ }else{
+ $wgOut->returnToMain( $auto );
+ }
}
/** */
Index: includes/SpecialWhatlinkshere.php
===================================================================
--- includes/SpecialWhatlinkshere.php (revision 13537)
+++ includes/SpecialWhatlinkshere.php (working copy)
@@ -199,6 +199,11 @@
$wgOut->addHTML( '
' );
foreach ( $rows as $row ) {
+ #If the linking page is located in a secured namespace, skip it.
+ if(!$wgUser->canAccessNamespace($row->page_namespace)) {
+ continue;
+ }
+
$nt = Title::makeTitle( $row->page_namespace, $row->page_title );
if ( $row->page_is_redirect ) {
Index: includes/SpecialRecentchanges.php
===================================================================
--- includes/SpecialRecentchanges.php (revision 13537)
+++ includes/SpecialRecentchanges.php (working copy)
@@ -19,6 +19,7 @@
global $wgUser, $wgOut, $wgRequest, $wgUseRCPatrol;
global $wgRCShowWatchingUsers, $wgShowUpdatedMarker;
global $wgAllowCategorizedRecentChanges ;
+ global $wgRestrictedNamespaces, $wgHideCategoriesinRC, $wgHidenLogs, $wgHideLogs, $wgHideUtalk;
$fname = 'wfSpecialRecentchanges';
# Get query parameters
@@ -126,8 +127,9 @@
# Get last modified date, for client caching
# Don't use this if we are using the patrol feature, patrol changes don't update the timestamp
+ # Don't use it if there are hidden namespaces, as the feed must be different for the users
$lastmod = $dbr->selectField( 'recentchanges', 'MAX(rc_timestamp)', false, $fname );
- if ( $feedFormat || !$wgUseRCPatrol ) {
+ if ( !is_array( $wgRestrictedNamespaces ) && ($feedFormat || !$wgUseRCPatrol) ) {
if( $lastmod && $wgOut->checkLastModified( $lastmod ) ){
# Client cache fresh and headers sent, nothing more to do.
return;
@@ -154,6 +156,32 @@
}
}
+ # Hide all categories if $wgHideCategoriesinRC is set
+ $hidem .= $wgHideCategoriesinRC ? ' AND rc_namespace <> 14':'';
+ # Hide all User_talk pages if $wgHideUtalk is set
+ $hidem .= $wgHideUtalk ? ' AND rc_namespace <> 3':'';
+ # Hide all logs if $wgHideRCLogs is set
+ $hidem .= $wgHideLogs ? ' AND rc_type <> 3':'';
+ # Hide all logs or the log types in $wgHidenLogs.
+ if(!$wgHideLogs && is_array($wgHidenLogs)){
+ # Block and rights are namespace independed.
+ $hidem .= in_array('block', $wgHidenLogs) ? ' AND rc_title <> "Log/block"':'';
+ $hidem .= in_array('rights', $wgHidenLogs) ? ' AND rc_title <> "Log/rights"':'';
+ # Hide the log types set in $wgHidenLogs
+ $hidem .= in_array('protect', $wgHidenLogs) ? ' AND rc_title <> "Log/protect"':'';
+ $hidem .= in_array('delete', $wgHidenLogs) ? ' AND rc_title <> "Log/delete"':'';
+ $hidem .= in_array('upload', $wgHidenLogs) ? ' AND rc_title <> "Log/upload"':'';
+ $hidem .= in_array('move', $wgHidenLogs) ? ' AND rc_title <> "Log/move"':'';
+ }
+ # Exclude all namespaces that are restricted to this user
+ if( is_array( $wgRestrictedNamespaces )) {
+ foreach( $wgRestrictedNamespaces as $key => $value ) {
+ if( ! $wgUser->canAccessNamespace( $key )) {
+ $hidem .= ' AND rc_namespace <>' . $key;
+ }
+ }
+ }
+
# Namespace filtering
$hidem .= is_null( $namespace ) ? '' : ' AND rc_namespace' . ($invert ? '!=' : '=') . $namespace;
@@ -350,11 +378,18 @@
* go ahead and use it even if there have been edits made
* since it was rendered. This keeps a swarm of requests
* from being too bad on a super-frequently edited wiki.
+ *
+ * Using restricted namespaces forbids caching the feed,
+ * however, since it must be rendered according to user
+ * rights.
+ *
*/
- if( time() - wfTimestamp( TS_UNIX, $feedLastmod )
+
+ if( !is_array( $wgRestrictedNamespaces )
+ && (time() - wfTimestamp( TS_UNIX, $feedLastmod )
< $wgFeedCacheTimeout
|| wfTimestamp( TS_UNIX, $feedLastmod )
- > wfTimestamp( TS_UNIX, $lastmod ) ) {
+ > wfTimestamp( TS_UNIX, $lastmod ) ) ) {
wfDebug( "RC: loading feed from cache ($key; $feedLastmod; $lastmod)...\n" );
$cachedFeed = $messageMemc->get( $key );
} else {
Index: includes/SearchEngine.php
===================================================================
--- includes/SearchEngine.php (revision 13537)
+++ includes/SearchEngine.php (working copy)
@@ -162,10 +162,10 @@
* @access public
*/
function searchableNamespaces() {
- global $wgContLang;
+ global $wgContLang, $wgUser;
$arr = array();
foreach( $wgContLang->getNamespaces() as $ns => $name ) {
- if( $ns >= NS_MAIN ) {
+ if( $ns >= NS_MAIN && $wgUser->canAccessNamespace( $ns )) {
$arr[$ns] = $name;
}
}
Index: includes/Parser.php
===================================================================
--- includes/Parser.php (revision 13537)
+++ includes/Parser.php (working copy)
@@ -1482,6 +1482,16 @@
$ns = $nt->getNamespace();
$iw = $nt->getInterWiki();
+ #If the link points to a restricted namespace outside the
+ #parent namespace warn the user.
+ global $wgRestrictedNamespaces, $wgLinkWarn ;
+ if( $wgLinkWarn && is_array( $wgRestrictedNamespaces )) {
+ if( array_key_exists( $ns, $wgRestrictedNamespaces ) && ($this->mTitle->getNamespace() != $ns)) {
+ $s .=wfMsg( 'restrlink' ). $trail;
+ continue;
+ }
+ }
+
if ($might_be_img) { # if this is actually an invalid link
if ($ns == NS_IMAGE && $noforce) { #but might be an image
$found = false;
@@ -2520,6 +2530,10 @@
if ( !$found ) {
# Check for NS: (namespace expansion)
$mwNs = MagicWord::get( MAG_NS );
+ if ( $part1 == 'ns' ) {
+ $text = $linestart . $wgContLang->getNsText( $this->mTitle->getNamespace() );
+ $found = true;
+ }
if ( $mwNs->matchStartAndRemove( $part1 ) ) {
if ( intval( $part1 ) || $part1 == "0" ) {
$text = $linestart . $wgContLang->getNsText( intval( $part1 ) );
@@ -2671,6 +2685,16 @@
# Check for excessive inclusion
$dbk = $title->getPrefixedDBkey();
if ( $this->incrementIncludeCount( $dbk ) ) {
+ # Articles from restricted namespaces can't be used in templates.
+ # They would appear or disappear based on the rights of the user
+ # that refreshes the cache...
+ if( is_array( $wgRestrictedNamespaces ) ) {
+ if( array_key_exists( $title->getNamespace(), $wgRestrictedNamespaces ) ) {
+ $found = true;
+ $text = $linestart . wfMsg( 'templatenotincluded' );
+ }
+ }
+
if ( $title->getNamespace() == NS_SPECIAL && $this->mOptions->getAllowSpecialInclusion() ) {
# Capture special page output
$text = SpecialPage::capturePath( $title );
Index: includes/SpecialContributions.php
===================================================================
--- includes/SpecialContributions.php (revision 13537)
+++ includes/SpecialContributions.php (working copy)
@@ -16,7 +16,14 @@
}
function set_namespace($ns) {
- $this->namespace = $ns;
+ global $wgUser;
+ # If the namespace asked is restricted return
+ # to the main namespace.
+ if($wgUser->canAccessNamespace($ns)) {
+ $this->namespace = $ns;
+ }else{
+ $this->namespace = 0;
+ }
}
function set_limit($limit) {
@@ -69,15 +76,30 @@
}
function get_namespace_cond() {
- if ($this->namespace !== false)
+ global $wgUser;
+ # Include the namespace in the querry only if it's not restricted to the user.
+ if (($this->namespace !== false) && ($wgUser->canAccessNamespace($this->namespace))) {
return ' AND page_namespace = ' . (int)$this->namespace;
- return '';
+ }else {
+ return '';
+ }
}
function get_previous_offset_for_paging() {
list($index, $usercond) = $this->get_user_cond();
$nscond = $this->get_namespace_cond();
+ # Exclude all namespaces that are restricted to this user
+ global $wgRestrictedNamespaces;
+ global $wgUser;
+ if( is_array( $wgRestrictedNamespaces )) {
+ foreach( $wgRestrictedNamespaces as $key => $value ) {
+ if( ! $wgUser->canAccessNamespace( $key )) {
+ $nscond .= ' AND page_namespace <>' . $key;
+ }
+ }
+ }
+
$use_index = $this->dbr->useIndexClause($index);
extract($this->dbr->tableNames('page', 'revision'));
@@ -123,6 +145,16 @@
$offsetQuery = "AND rev_timestamp <= '{$this->offset}'";
$nscond = $this->get_namespace_cond();
+ # Exclude all namespaces that are restricted to this user
+ global $wgRestrictedNamespaces;
+ global $wgUser;
+ if( is_array( $wgRestrictedNamespaces )) {
+ foreach( $wgRestrictedNamespaces as $key => $value ) {
+ if( ! $wgUser->canAccessNamespace( $key )) {
+ $nscond .= ' AND page_namespace <>' . $key;
+ }
+ }
+ }
$use_index = $this->dbr->useIndexClause($index);
$sql = "SELECT
page_namespace,page_title,page_is_new,page_latest,
Index: includes/Export.php
===================================================================
--- includes/Export.php (revision 13537)
+++ includes/Export.php (working copy)
@@ -239,7 +239,13 @@
*/
function outputStream( $resultset ) {
$last = null;
+ global $wgUser;
while( $row = $resultset->fetchObject() ) {
+ #If page is in a secured namespace, skip the row.
+ if(!$wgUser->canAccessNamespace($row->page_namespace) ){
+ continue;
+ }
+
if( is_null( $last ) ||
$last->page_namespace != $row->page_namespace ||
$last->page_title != $row->page_title ) {
@@ -332,9 +338,13 @@
}
function namespaces() {
- global $wgContLang;
- $spaces = " \n";
- foreach( $wgContLang->getFormattedNamespaces() as $ns => $title ) {
+ global $wgContLang, $wgUser;
+ $spaces = "\n";
+ # Don't display restricted namespaces.
+ foreach( $wgContLang->getNamespaces() as $ns => $title ) {
+ if(!$wgUser->canAccessNamespace($ns) ){
+ continue;
+ }
$spaces .= ' ' . wfElement( 'namespace', array( 'key' => $ns ), $title ) . "\n";
}
$spaces .= " ";
Index: includes/Title.php
===================================================================
--- includes/Title.php (revision 13537)
+++ includes/Title.php (working copy)
@@ -977,6 +977,12 @@
wfProfileOut( $fname );
return false;
}
+
+ if( !$wgUser->canAccessNamespace( $this->mNamespace )) {
+ wfProfileOut( $fname );
+ return false;
+ }
+
// XXX: This is the code that prevents unprotecting a page in NS_MEDIAWIKI
// from taking effect -ævar
if( NS_MEDIAWIKI == $this->mNamespace &&
@@ -1082,7 +1088,7 @@
return $result;
}
- if( $wgUser->isAllowed('read') ) {
+ if( $wgUser->isAllowed('read',$this )){
return true;
} else {
global $wgWhitelistRead;
@@ -1096,17 +1102,19 @@
}
/** some pages are explicitly allowed */
+ if( is_array( $wgWhitelistRead )) {
$name = $this->getPrefixedText();
- if( $wgWhitelistRead && in_array( $name, $wgWhitelistRead ) ) {
+ if( in_array( $name, $wgWhitelistRead ) ) {
return true;
}
# Compatibility with old settings
- if( $wgWhitelistRead && $this->getNamespace() == NS_MAIN ) {
+ if( $this->getNamespace() == NS_MAIN ) {
if( in_array( ':' . $name, $wgWhitelistRead ) ) {
return true;
}
}
+ }
}
return false;
}
Index: includes/SpecialLog.php
===================================================================
--- includes/SpecialLog.php (revision 13537)
+++ includes/SpecialLog.php (working copy)
@@ -297,11 +297,41 @@
* @access private
*/
function logLine( $s ) {
- global $wgLang;
+ global $wgLang, $wgUser;
+ global $wgHideLogs, $wgHidenLogs;
$title = Title::makeTitle( $s->log_namespace, $s->log_title );
$user = Title::makeTitleSafe( NS_USER, $s->user_name );
$time = $wgLang->timeanddate( wfTimestamp(TS_MW, $s->log_timestamp), true );
+ # Hide all logs or the log types in $wgHidenLogs.
+
+ # Block and rights are namespace independed.
+ if((is_array($wgHidenLogs) &&
+ ((in_array('block', $wgHidenLogs) && $s->log_type =='block' )
+ ||(in_array('rights', $wgHidenLogs) && $s->log_type=='rights'))
+ ||($wgHideLogs && ($s->log_type=='block' ||$s->log_type=='rights')))){
+ return;
+ }
+
+ # Upload namespaces are public.
+ if(is_array($wgHidenLogs) && (in_array('upload', $wgHidenLogs) && $s->log_type=='upload') || ($wgHideLogs && $s->log_type=='upload')) {
+ return;
+ }
+
+ # We hide the rest only for the restricted namespaces.
+ if(!$wgUser->canAccessNamespace($s->log_namespace)){
+ if($wgHideLogs){
+ return;
+ }
+ if(is_array($wgHidenLogs)){
+ if((in_array('protect', $wgHidenLogs) && $s->log_type=='protect')
+ ||(in_array('delete', $wgHidenLogs) && $s->log_type=='delete')
+ ||(in_array('move', $wgHidenLogs) && $s->log_type=='move')){
+ return;
+ }
+ }
+ }
+
// Enter the existence or non-existence of this page into the link cache,
// for faster makeLinkObj() in LogPage::actionText()
$linkCache =& LinkCache::singleton();
Index: includes/SpecialPreferences.php
===================================================================
--- includes/SpecialPreferences.php (revision 13537)
+++ includes/SpecialPreferences.php (working copy)
@@ -86,7 +86,7 @@
if ( $this->mPosted ) {
$namespaces = $wgContLang->getNamespaces();
foreach ( $namespaces as $i => $namespace ) {
- if ( $i >= 0 ) {
+ if ( $i >= 0 && $wgUser->canAccessNamespace( $i) ) {
$this->mSearchNs[$i] = $request->getCheck( "wpNs$i" ) ? 1 : 0;
}
}
@@ -360,7 +360,7 @@
$namespaces = $wgContLang->getNamespaces();
foreach ( $namespaces as $i => $namespace ) {
- if ( $i >= NS_MAIN ) {
+ if ( $i >= NS_MAIN && $wgUser->canAccessNamespace( $i)) {
$this->mSearchNs[$i] = $wgUser->getOption( 'searchNs'.$i );
}
}
@@ -377,7 +377,7 @@
$r1 = null;
foreach ( $namespaces as $i => $name ) {
- if ($i < 0)
+ if ($i < 0 || !$wgUser->canAccessNamespace( $i))
continue;
$checked = $this->mSearchNs[$i] ? "checked='checked'" : '';
$name = str_replace( '_', ' ', $namespaces[$i] );
Index: includes/DefaultSettings.php
===================================================================
--- includes/DefaultSettings.php (revision 13537)
+++ includes/DefaultSettings.php (working copy)
@@ -1554,7 +1554,97 @@
# );
$wgExtraNamespaces = NULL;
+ /**
+ * Hidden namespaces. If you include a namespace in this array, only users with
+ * the matching priviledges will be able to see and edit pages in this
+ * namespace.
+ *
+ * The form is " namespace => 'priviledge' " e.g.
+ *
+ * $wgRestrictedNamespaces =
+ * array(100 => 'coolguy',
+ * 101 => 'coolguy'
+ * );
+ *
+ * where 100 is the namespace id and 'coolguy' is the priviledge.
+ *
+ * Each priv. is a string in an array, you can add as many as you like
+ * in the $wgGroupPermitions array e.g.
+ *
+ *$wgGroupPermissions['allowed']['coolguy'] = true;
+ *
+ * In this example you asigned the 'coolguy' priviledge to the 'allowed' group.
+ *
+ */
+$wgRestrictedNamespaces = NULL;
+
/**
+ * In case you want only to deny the edit right on a namespace, you may put it
+ * in this array. You also need to asign the 'roread' right to the usergroup you
+ * want to be able to read and the 'roedit' right to the usergroup you want to be
+ * able to edit. Read only namespaces are not hiden (nor their logs etc).
+ *
+ * Example: $wgReadOnlyNSes = array(100,101);
+ *
+ */
+$wgReadOnlyNSes = NULL;
+
+/**
+ * In case you have categories of pages located on a restricted namespaces
+ * those categories will appear empty and might be comfusing. Setting this
+ * var to true, (all) categories will be hidden in the Recent changes.
+ */
+$wgHideCategoriesinRC = false;
+
+/**
+ * Logs in Recent Changes are treated all the same, so normaly users will be able
+ * to see moves, protects and deletes of pages in restricted namespaces. Setting
+ * this var to true will hide all logs in Recent Changes and only those for restricted
+ * namespaces in Special:Log.
+ */
+$wgHideLogs = false;
+
+/**
+ * In case you want to customize what logs the user can see both in Recent Changes
+ * and Special:Log, modify this array to include the log types you want to hide. This is
+ * overriden by $wgHideLogs for Recent Changes and those logs for restricted
+ * namespaces in Special:Log. This feature lets you hide also the 'block' and 'rights'
+ * log types that are namespace independed in Special:Log, or show them in RC while
+ * hiding the rest.
+ *
+ * This example shows how to hide all log types in RC, and (block/rights) in Special:Log
+ * (the others in Special:Log are are filtered based on namespace access rights so they
+ * apply only for restricted namespaces).
+ *
+ *$wgHidenLogs = array('block','protect', 'rights', 'delete','upload', 'move');
+ */
+$wgHidenLogs = NULL;
+
+/**
+ * In case some user tries to create a link from some namespace to an other restricted
+ * namespace, while the page gets parsed, instead of the link, a warning message will appear
+ * ('restrlink') to let the user know. If the link is in the same namespace as the edited page,
+ * no check will be done.
+ */
+$wgLinkWarn = true;
+
+/**
+ * In case you want to hide logs about User Talk pages (namespace 3) fromnrecent changes
+ * set this to true.
+ *
+ */
+$wgHideUtalk = false;
+
+/**
+ * You can use this array to alter wiki's upper left logo depending on the namespace
+ * you are in.
+ *
+ * Example:
+ * $wgNamespaceLogos = array ( 100 => '/url_path_to/logo.gif');
+**/
+$wgNamespaceLogos = NULL;
+
+/**
* Limit images on image description pages to a user-selectable limit. In order
* to reduce disk usage, limits can only be selected from a list. This is the
* list of settings the user can choose from:
Index: includes/QueryPage.php
===================================================================
--- includes/QueryPage.php (revision 13537)
+++ includes/QueryPage.php (working copy)
@@ -435,8 +435,14 @@
class PageQueryPage extends QueryPage {
function formatResult( $skin, $result ) {
- global $wgContLang;
+ global $wgContLang, $wgUser;
$nt = Title::makeTitle( $result->namespace, $result->title );
+
+ # Don't show wanted pages in restricted namespaces
+ if( !$wgUser->canAccessNamespace( $nt->getNamespace() ) ) {
+ return "";
+ }
+
return $skin->makeKnownLinkObj( $nt, htmlspecialchars( $wgContLang->convert( $nt->getPrefixedText() ) ) );
}
}
Index: includes/SpecialListusers.php
===================================================================
--- includes/SpecialListusers.php (revision 13537)
+++ includes/SpecialListusers.php (working copy)
@@ -76,7 +76,7 @@
* @todo localize
*/
function getPageHeader( ) {
- global $wgScript;
+ global $wgScript, $wgUser;
// Various variables used for the form
$action = htmlspecialchars( $wgScript );
@@ -89,7 +89,8 @@
wfMsgHtml( 'groups-editgroup-name' ) . '