Allow site config to be overridden by trusted users

Fixes #19

Author: edg2s

LocalSettings.txt

@@ -63,3 +63,6 @@ $wgGENewcomerTasksRemoteApiUrl = 'https://en.wikipedia.org/w/api.php';
 $wgGENewcomerTasksTopicType = 'ores';
 $wgWelcomeSurveyExperimentalGroups['exp2_target_specialpage']['range'] = '0-9';
 $wgGEHomepageMentorsList = 'Project:GrowthExperiments_mentors';
+
+// Apply config.php
+include( 'config.php' );

config.default.php

@@ -2,6 +2,8 @@
 $config = [
 	// Allow any user to delete wikis, e.g. on a private installation
 	'allowDelete' => false,
+	// Allow any user to add site config, e.g. on a private installation
+	'allowSiteConfig' => false,
 	// Require that patches are V+2 before building the wiki
 	'requireVerified' => true,
 	// OAuth config. When enabled only authenticated users can create
@@ -12,6 +14,11 @@
 		'key' => null,
 		'secret' => null,
 		// OAuth admins can delete any wiki
-		'admins' => []
+		'admins' => [],
+		// These users can override site configs. This is the same level of trust as V+2,
+		// as those users can also execute arbitrary code.
+		'configurers' => [],
+		// Same as above, but regexes e.g. / \(WMF\)$/
+		'configurersMatch' => [],
 	]
 ];

createwiki.sh

@@ -49,6 +49,10 @@ date +%s > $PATCHDEMO/wikis/$NAME/created.txt
 # apply our default settings
 cat $PATCHDEMO/LocalSettings.txt >> $PATCHDEMO/wikis/$NAME/w/LocalSettings.php
 
+# add site config
+echo "$SITECONFIG" >> $PATCHDEMO/wikis/$NAME/w/config.txt
+echo $'<?php\n'"$SITECONFIG" >> $PATCHDEMO/wikis/$NAME/w/config.php
+
 # update Main_Page
 sleep 1 # Ensure edit appears after creation in history
 echo "$MAINPAGE" | php $PATCHDEMO/wikis/$NAME/w/maintenance/edit.php "Main_Page"

includes.php

@@ -11,6 +11,7 @@
 include 'config.default.php';
 if ( file_exists( 'config.php' ) ) {
 	include 'config.php';
+	// TODO: Make this recursive
 	$config = array_merge( $config, $localConfig );
 }
 
@@ -114,10 +115,31 @@ function can_delete( $creator = null ) {
 	global $config, $user;
 	$username = $user ? $user->username : null;
 	$admins = $config[ 'oauth' ] ? $config[ 'oauth' ][ 'admins' ] : [];
-	return $config[ 'allowDelete' ] || ( $username && $username === $creator ) ||
+	return $config[ 'allowDelete' ] ||
+		( $username && $username === $creator ) ||
 		( $username && in_array( $username, $admins, true ) );
 }
 
+function can_configure() {
+	global $config, $user;
+	$username = $user ? $user->username : null;
+	$admins = $config[ 'oauth' ] ? $config[ 'oauth' ][ 'admins' ] : [];
+	$configurers = $config[ 'oauth' ] ? $config[ 'oauth' ][ 'configurers' ] : [];
+	if (
+		$config[ 'allowSiteConfig' ] ||
+		( $username && in_array( $username, $admins, true ) )
+	) {
+		return true;
+	}
+	$configurersMatch = $config[ 'oauth' ] ? $config[ 'oauth' ][ 'configurersMatch' ] : [];
+	foreach ( $configurersMatch as $pattern ) {
+		if ( preg_match( $pattern, $username ) ) {
+			return true;
+		}
+	}
+	return false;
+}
+
 function user_link( $username ) {
 	global $config;
 	$base = preg_replace( '/(.*\/index.php).*/i', '$1', $config[ 'oauth' ][ 'url' ] );

index.php

@@ -68,14 +68,33 @@
 						'align' => 'left',
 					]
 				),
+				new OOUI\FieldLayout(
+					can_configure() ?
+						new OOUI\MultilineTextInputWidget( [
+							'name' => 'siteConfig',
+							'placeholder' => "\$wgSitename = 'Test wiki';",
+							'rows' => 4,
+						] ) :
+						new OOUI\MessageWidget( [
+							'label' => 'Only trusted users can modify site config.',
+						] ),
+					[
+						'label' => 'Site config:',
+						'help' => new OOUI\HtmlSnippet( 'This file will be <strong>public</strong>.' ),
+						'helpInline' => true,
+						'align' => 'left',
+					]
+				),
 				new DetailsFieldLayout(
 					new OOUI\CheckboxMultiselectInputWidget( [
 						'name' => 'repos[]',
 						'options' => $repoOptions,
 						'value' => array_keys( $repoData ),
 					] ),
 					[
-						'label' => 'Choose extensions to enable (default: all):',
+						'label' => 'Choose extensions to enable:',
+						'help' => new OOUI\HtmlSnippet( '<br/>Defaults to all' ),
+						'helpInline' => true,
 						'align' => 'left',
 					]
 				),
@@ -157,6 +176,8 @@
 				}
 				$creator = get_creator( $dir );
 				$created = get_created( $dir );
+				$siteConfig = get_if_file_exists( 'wikis/' . $dir . '/w/config.txt' );
+				$hasConfig = $siteConfig && strlen( trim( $siteConfig ) );
 
 				if ( !$created ) {
 					// Add created.txt to old wikis
@@ -169,7 +190,8 @@
 				$wikis[ $dir ] = [
 					'mtime' => $created,
 					'title' => $title,
-					'creator' => $creator
+					'creator' => $creator,
+					'hasConfig' => $hasConfig,
 				];
 			}
 		}
@@ -190,7 +212,13 @@
 		$anyCanDelete = $anyCanDelete || $canDelete;
 		$rows .= '<tr' . ( $creator !== $username ? ' class="other"' : '' ) . '>' .
 			'<td class="title">' . ( $title ?: '<em>No patches</em>' ) . '</td>' .
-			'<td><a href="wikis/' . $wiki . '/w">' . $wiki . '</a></td>' .
+			'<td>' .
+				( !empty( $data[ 'hasConfig' ] ) ?
+					'<a href="wikis/' . $wiki . '/w/config.txt">Config</a>' :
+					''
+				) .
+			'</td>' .
+			'<td><a href="wikis/' . $wiki . '/w">' . substr( $wiki, 0, 20 ) . '&hellip;</a></td>' .
 			'<td class="date">' . date( 'c', $data[ 'mtime' ] ) . '</td>' .
 			( $useOAuth ? '<td>' . ( $creator ? user_link( $creator ) : '?' ) . '</td>' : '' ) .
 			( $canDelete ?
@@ -202,6 +230,7 @@
 
 	echo '<tr>' .
 			'<th>Patches</th>' .
+			'<th>Config</th>' .
 			'<th>Link</th>' .
 			'<th>Time</th>' .
 			( $useOAuth ? '<th>Creator</th>' : '' ) .

new.php

@@ -6,6 +6,7 @@
 
 $branch = trim( $_POST['branch'] );
 $patches = trim( $_POST['patches'] );
+$siteConfig = can_configure() ? trim( $_POST['siteConfig'] ) : '';
 
 $namePath = md5( $branch . $patches . time() );
 $server = ( isset( $_SERVER['HTTPS'] ) ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'];
@@ -180,6 +181,7 @@
 	'WIKINAME' => $wikiName,
 	'CREATOR' => $user ? $user->username : '',
 	'MAINPAGE' => $mainPage,
+	'SITECONFIG' => $siteConfig,
 	'SERVER' => $server,
 	'SERVERPATH' => $serverPath,
 	'COMPOSER_HOME' => __DIR__ . '/composer',