父节点
a2c2d2223d
当前提交
ea5d29b34c
|
|
@ -60,14 +60,12 @@ class PermissionsHook implements
|
|||
$rnrssalt = $this->config->get('RNRSSalt');
|
||||
$lookup = MediaWikiServices::getInstance()->getCentralIdLookup();
|
||||
$rnrsverifyhash = $this->userOptionsLookup->getOption($user, 'rnrsverifyhash');
|
||||
$rnrsverifyuserid = $this->userOptionsLookup->getOption($user, 'rnrsverifyuserid');
|
||||
$localuserid = (string)RequestContext::getMain()->getUser()->getID();
|
||||
$centralid = (string)$lookup->centralIdFromLocalUser($user);
|
||||
$rnrsverifytime = $this->userOptionsLookup->getOption($user, 'rnrsverifytime');
|
||||
|
||||
// Mode 1: user ID + verify time + salt
|
||||
$rnrsverified_mode1 = (
|
||||
// $rnrsverifyhash === hash('sha3-256', $rnrsverifyuserid . $rnrsverifytime . hash('sha3-256', $rnrssalt)) ||
|
||||
$rnrsverifyhash === hash('sha3-256', $localuserid . $rnrsverifytime . hash('sha3-256', $rnrssalt)) ||
|
||||
$rnrsverifyhash === hash('sha3-256', $centralid . $rnrsverifytime . hash('sha3-256', $rnrssalt))
|
||||
);
|
||||
|
|
@ -84,11 +82,30 @@ class PermissionsHook implements
|
|||
*
|
||||
* @return bool
|
||||
*/
|
||||
private function checkUserGroupAndRights(UserIdentity $user)
|
||||
private function checkUserRights(UserIdentity $user)
|
||||
{
|
||||
// Mode3: exempted from verification
|
||||
// Mode2: has right to exempt from verification
|
||||
$rnrsverified_mode2 = (
|
||||
$this->permissionManager->userHasRight($user, 'rnrsverify-confirmed') ||
|
||||
$this->permissionManager->userHasRight($user, 'rnrsverify-exempt')
|
||||
);
|
||||
|
||||
if ($rnrsverified_mode2) {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param UserIdentity $user
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
private function checkUserGroup(UserIdentity $user)
|
||||
{
|
||||
// Mode3: in group(s) that exempted from verification
|
||||
$rnrsverified_mode3 = (
|
||||
$this->permissionManager->userHasRight($user, 'rnrsverify-exempt') ||
|
||||
in_array($this->config->get('RNRSExemptGroup'), $this->permissionManager->getUserPermissions($user)) ||
|
||||
in_array('bot', $this->permissionManager->getUserPermissions($user))
|
||||
);
|
||||
|
|
@ -111,7 +128,8 @@ class PermissionsHook implements
|
|||
public function onGetUserPermissionsErrors($title, $user, $action, &$result)
|
||||
{
|
||||
$rnrsverified_mode1 = $this->checkUserVerifyHash($user);
|
||||
$rnrsverified_mode3 = $this->checkUserGroupAndRights($user);
|
||||
$rnrsverified_mode2 = $this->checkUserRights($user);
|
||||
$rnrsverified_mode3 = $this->checkUserGroup($user);
|
||||
$rnrsverified_enabled_confirmed_group = in_array(
|
||||
$this->config->get('RNRSConfirmedGroup'),
|
||||
array_merge(
|
||||
|
|
@ -125,12 +143,7 @@ class PermissionsHook implements
|
|||
!$this->config->has('RNRSSalt')
|
||||
) {
|
||||
return true;
|
||||
} else if (
|
||||
$this->permissionManager->userHasRight($user, 'rnrsverify-confirmed') ||
|
||||
$this->permissionManager->userHasRight($user, 'rnrsverify-exempt')
|
||||
) {
|
||||
return true;
|
||||
} else if ($rnrsverified_mode1) {
|
||||
} else if ($rnrsverified_mode1 || $rnrsverified_mode2 || $rnrsverified_mode3) {
|
||||
if (
|
||||
$rnrsverified_enabled_confirmed_group &&
|
||||
!in_array($this->config->get('RNRSConfirmedGroup'), $this->permissionManager->getUserPermissions($user))
|
||||
|
|
@ -138,15 +151,15 @@ class PermissionsHook implements
|
|||
$this->userGroupManager->addUserToGroup($user, 'rnrsverify-confirmed');
|
||||
}
|
||||
return true;
|
||||
} else if ($rnrsverified_mode3) {
|
||||
return true;
|
||||
} else if (
|
||||
!$rnrsverified_mode1 && !$rnrsverified_mode3 &&
|
||||
!$rnrsverified_mode1 && !$rnrsverified_mode2 && !$rnrsverified_mode3 &&
|
||||
in_array($action, $this->config->get('RNRSExclusiveRights'))
|
||||
) {
|
||||
$result = 'rnrshook-action-restricted';
|
||||
return false;
|
||||
};
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -159,16 +172,17 @@ class PermissionsHook implements
|
|||
public function onSpecialContributionsBeforeMainOutput($userId, $user, $special)
|
||||
{
|
||||
$rnrsverified_mode1 = $this->checkUserVerifyHash($user);
|
||||
$rnrsverified_mode2 = $this->checkUserRights($user);
|
||||
$rnrsverified_mode3 = $this->checkUserGroup($user);
|
||||
$rnrsverified_enabled_confirmed_group = in_array(
|
||||
$this->config->get('RNRSConfirmedGroup'),
|
||||
array_merge(
|
||||
$this->userGroupManager->listAllImplicitGroups(),
|
||||
$this->userGroupManager->listAllGroups()
|
||||
)
|
||||
);
|
||||
|
||||
if ($rnrsverified_mode1) {
|
||||
$rnrsverified_enabled_confirmed_group = in_array(
|
||||
$this->config->get('RNRSConfirmedGroup'),
|
||||
array_merge(
|
||||
$this->userGroupManager->listAllImplicitGroups(),
|
||||
$this->userGroupManager->listAllGroups()
|
||||
)
|
||||
);
|
||||
|
||||
if ($rnrsverified_mode1 || $rnrsverified_mode2 || $rnrsverified_mode3) {
|
||||
if (
|
||||
$rnrsverified_enabled_confirmed_group &&
|
||||
!in_array($this->config->get('RNRSConfirmedGroup'), $this->permissionManager->getUserPermissions($user))
|
||||
|
|
|
|||
正在加载...
在新工单中引用