On 08/27/2013 10:27 AM, vita...@yourcmc.ru wrote: > Actually, the first and the basic step is much simpler - MediaWiki > should perform userCanRead() checks everywhere it displays information > about any page. > > It would be very good if such changes are accepted into the core - it > will work as a base for all possible ACL extensions. > > I'm now trying to improve API protection in IntraACL (before today it > was provided only by "Title hack" which returned "Access denied" instead > of any real inaccessible Title object) - and it seems userCanRead() must > be added in almost every ApiQuery*.php file :-X (ApiPageSet isn't used > everywhere)
Do you have gerrit access? If you submit userCanRead() additions, I'll help you get them into core. I agree that this is a good start. -- Mark A. Hershberger NicheWork LLC 717-271-1084 _______________________________________________ Mediawiki-enterprise mailing list Mediawiki-enterprise@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-enterprise
