On 7/17/2011 6:15 AM, Dmitriy Sintsov wrote:
> Hi!
> I am trying to port my old user rights restriction extension (which is
> not in SVN) to be used with 1.17. As I know, when
> $wgGroupPermissions['*']['read'] is true (so-called "public read wiki"),
> since v1.12 there is so-called shortcut path when Title::userCanRead()
> is performed. Once it was a hard-coded codepath, now there is method's
> static property $useShortcut (unfortunately local and not externally
> accessible).
>
> I have public-read wiki, which should restrict 'read' anonymous access
> to NS_MAIN but allow anonymous 'read' to NS_PROJECT. I've set up my
> extension in such way (worked with very old MW years before). When I use
> my extension unmodified with 1.17, it skips extensions checks.
>
> Now, I am trying to fix it. In my extension I use the following hook
> handler:
>
> static function BeforeInitialize(&$title,&$article,&$output,
> &$user, $request, $mediaWiki ) {
> global $wgGroupPermissions;
> global $wgUser;
> $saveWgUser = $wgUser;
> $wgUser = new User();
> # begin of set evil Title::$useShortcut to false
> $saveAnonRead = $wgGroupPermissions['*']['read'];
> $wgGroupPermissions['*']['read'] = false;
> $Title = Title::newFromText( 'Version', NS_SPECIAL );
> $Title->userCanRead();
> $wgUser->clearInstanceCache( 'defaults' );
> unset( $Title );
> $wgUser = $saveWgUser;
> $wgGroupPermissions['*']['read'] = $saveAnonRead;
> # end of set evil Title::$useShortcut to false
> return true;
> }
>
> It initialized $useShortcut static property in Title::userCanRead() to
> false value successfully. However, extension does not work anyway. My
> expectation that is because I temporarily make
> $wgGroupPermissions['*']['read'] = false; before performing
> $Title->useCanRead() in 'BeforeInitialize' hook handler. Also this is a
> kind of hacky and not safe code. Why cant there be a method of Title
> class which would allow to set $useShortcut, so the user access
> extensions may work normally? Also, I've noticed that Extension:Lockdown
> does not use this method. Will it work with public wiki, or it cannot
> restrict anonymous access to "public read wikis" as well?
>
> Dmitriy
The userCan hook fires off before the shortcut, so you should be using that
$result = null;
wfRunHooks( 'userCan', array( &$this, &$wgUser, 'read',
&$result ) );
if ( $result !== null ) {
return $result;
}
# Shortcut for public wikis, allows skipping quite a bit of code
if ( $useShortcut ) {
return true;
}
By setting $result in userCan, you can basically do whatever you want
(Extension:Lockdown uses userCan, I believe, which is why it works
properly). If for some reason you really can't or don't want to use the
userCan hook, set something like $wgRevokePermissions['invalid']['read']
= true; and $wgImplicitGroups[] = 'invalid'; (so that it won't show up
in group name dropdowns), but this is a really hacky workaround that
abuses an implementation detail, so it might change in the future.
Ryan
_______________________________________________
Wikitech-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
