https://bugzilla.wikimedia.org/show_bug.cgi?id=30821
Web browser: ---
Bug #: 30821
Summary: Question about Title::checkPermissionHooks
Product: MediaWiki
Version: 1.17.0
Platform: All
OS/Version: All
Status: NEW
Severity: minor
Priority: Unprioritized
Component: Page protection
AssignedTo: [email protected]
ReportedBy: [email protected]
Classification: Unclassified
I had some suprising results with 'userCan' hook: user was allowed to edit a
page although the $result value returned by the function hooked was false. So I
took a look at the code. Title::UserCan calls
Title::getUserPermissionErrorsInternal which calls Title::checkPermissionHooks,
which runs 'UserCan' hook. Here is a piece of this code :
private function checkPermissionHooks( $action, $user, $errors,
$doExpensiveQueries, $short ) {
...
if ( !wfRunHooks( 'userCan', array( &$this, &$user, $action, &$result ) ) )
{
return $result ? array() : array( array( 'badaccess-group0' ) );
}
...
}
If the function called by hook 'userCan' (or 'getUserPermissionsErrors' or
'getUserPermissionsErrorsExpensive') returns true, the value of $result is
never considered. That means that a false "$result" will have no effect on the
result of Title::UserCan. Is this conscious ? Should my hook return $result
instead of true ?
--
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
