From 1271217ffd80f988ed4c691f273c2944b8f68cd4 Mon Sep 17 00:00:00 2001
From: aploe <andre.ploeger@outlook.com>
Date: Wed, 12 Sep 2018 11:00:50 +0200
Subject: [PATCH 1/3] Added permission (Lockdown) check on db query

---
 classes/Query.php | 35 +++++++++++++++++++++++++++++------
 1 file changed, 29 insertions(+), 6 deletions(-)

diff --git a/classes/Query.php b/classes/Query.php
index c30e534..4188a86 100644
--- a/classes/Query.php
+++ b/classes/Query.php
@@ -168,7 +168,11 @@ public function __construct(Parameters $parameters) {
 	 */
 	public function buildAndSelect($calcRows = false) {
 		global $wgNonincludableNamespaces;
-
+		// Get namespace permission from Lockdown extension
+		global $wgNamespacePermissionLockdown;
+		// Get user object from current logged in user
+		global $wgUser;
+		
 		$options = [];
 
 		$parameters = $this->parameters->getAllParameters();
@@ -199,11 +203,30 @@ public function buildAndSelect($calcRows = false) {
 		}
 		//Always add nonincludeable namespaces.
 		if (is_array($wgNonincludableNamespaces) && count($wgNonincludableNamespaces)) {
-			$this->addNotWhere(
-				[
-					$this->tableNames['page'] . '.page_namespace' => $wgNonincludableNamespaces
-				]
-			);
+			// Check if Lockdown installed
+			if(!empty($wgNamespacePermissionLockdown)) {
+				$addNotWhere = array();
+				// Check for each "NonincludableNamespace" if permission to read is granted for current user (group)
+				foreach($wgNonincludableNamespaces as $ns_id_i) {
+					if(array_key_exists($ns_id_i,$wgNamespacePermissionLockdown)) {
+						// Check for "read" permissions of current user on NonincludableNamespaces, not empty = read permissions!
+						$outp = array_intersect($wgNamespacePermissionLockdown[$ns_id_i]['read'],$wgUser->getGroups());
+						if(empty($outp)) $addNotWhere[] = $ns_id_i;
+					}
+				}
+			}
+			else {
+				// If Lockdown not installed take the normal NonincludableNamespaces
+				$addNotWhere = $wgNonincludableNamespaces;
+			}
+			// Recheck if still NS in (new) array, than kill all namespaces that shouldn't be included
+			if(is_array($addNotWhere) && count($addNotWhere)) {
+				$this->addNotWhere(
+					[
+						$this->tableNames['page'].'.page_namespace' => $addNotWhere // Changed var
+					]
+				);
+			}
 		}
 
 		if ($this->offset !== false) {

From 8d662d90f124dc82f556204d2f5ed07d339d5c26 Mon Sep 17 00:00:00 2001
From: "Alexia E. Smith" <washuu@gmail.com>
Date: Wed, 12 Sep 2018 11:10:21 -0500
Subject: [PATCH 2/3] Update Query.php

---
 classes/Query.php | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/classes/Query.php b/classes/Query.php
index 4188a86..8d4e75b 100644
--- a/classes/Query.php
+++ b/classes/Query.php
@@ -205,22 +205,23 @@ public function buildAndSelect($calcRows = false) {
 		if (is_array($wgNonincludableNamespaces) && count($wgNonincludableNamespaces)) {
 			// Check if Lockdown installed
 			if(!empty($wgNamespacePermissionLockdown)) {
-				$addNotWhere = array();
+				$addNotWhere = [];
 				// Check for each "NonincludableNamespace" if permission to read is granted for current user (group)
-				foreach($wgNonincludableNamespaces as $ns_id_i) {
-					if(array_key_exists($ns_id_i,$wgNamespacePermissionLockdown)) {
+				foreach ($wgNonincludableNamespaces as $ns_id_i) {
+					if (array_key_exists($ns_id_i, $wgNamespacePermissionLockdown)) {
 						// Check for "read" permissions of current user on NonincludableNamespaces, not empty = read permissions!
-						$outp = array_intersect($wgNamespacePermissionLockdown[$ns_id_i]['read'],$wgUser->getGroups());
-						if(empty($outp)) $addNotWhere[] = $ns_id_i;
+						$outp = array_intersect($wgNamespacePermissionLockdown[$ns_id_i]['read'], $wgUser->getGroups());
+						if (empty($outp)) {
+							$addNotWhere[] = $ns_id_i;
+						}
 					}
 				}
-			}
-			else {
+			} else {
 				// If Lockdown not installed take the normal NonincludableNamespaces
 				$addNotWhere = $wgNonincludableNamespaces;
 			}
 			// Recheck if still NS in (new) array, than kill all namespaces that shouldn't be included
-			if(is_array($addNotWhere) && count($addNotWhere)) {
+			if (is_array($addNotWhere) && count($addNotWhere)) {
 				$this->addNotWhere(
 					[
 						$this->tableNames['page'].'.page_namespace' => $addNotWhere // Changed var

From cae8c436221ba1b51c523932bc408bf591816d97 Mon Sep 17 00:00:00 2001
From: "Alexia E. Smith" <washuu@gmail.com>
Date: Wed, 12 Sep 2018 11:25:21 -0500
Subject: [PATCH 3/3] Change a couple more code style issues.

---
 classes/Query.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/classes/Query.php b/classes/Query.php
index 8d4e75b..660d9c4 100644
--- a/classes/Query.php
+++ b/classes/Query.php
@@ -204,15 +204,15 @@ public function buildAndSelect($calcRows = false) {
 		//Always add nonincludeable namespaces.
 		if (is_array($wgNonincludableNamespaces) && count($wgNonincludableNamespaces)) {
 			// Check if Lockdown installed
-			if(!empty($wgNamespacePermissionLockdown)) {
+			if (!empty($wgNamespacePermissionLockdown)) {
 				$addNotWhere = [];
 				// Check for each "NonincludableNamespace" if permission to read is granted for current user (group)
-				foreach ($wgNonincludableNamespaces as $ns_id_i) {
-					if (array_key_exists($ns_id_i, $wgNamespacePermissionLockdown)) {
+				foreach ($wgNonincludableNamespaces as $namespaceId) {
+					if (isset($wgNamespacePermissionLockdown[$namespaceId])) {
 						// Check for "read" permissions of current user on NonincludableNamespaces, not empty = read permissions!
-						$outp = array_intersect($wgNamespacePermissionLockdown[$ns_id_i]['read'], $wgUser->getGroups());
+						$outp = array_intersect($wgNamespacePermissionLockdown[$namespaceId]['read'], $wgUser->getGroups());
 						if (empty($outp)) {
-							$addNotWhere[] = $ns_id_i;
+							$addNotWhere[] = $namespaceId;
 						}
 					}
 				}