User "Catrope" posted a comment on MediaWiki.r92364. Full URL: https://secure.wikimedia.org/wikipedia/mediawiki/wiki/Special:Code/MediaWiki/92364#c21623 Commit summary:
First steps for bug 14801: add backend support for per-namespace permissions to core. This extends $wgGroupPermissions syntax from $wgGroupPermissions[$group][$right] = bool to $wgGroupPermissions[$group][$right] = array( NS_X => bool ). This is safely backwards compatible; the booleans are still fully supported, and any unset namespace will default to false. * User::getRights(), User::isAllowed() and User::getGroupPermissions now optionally accept a namespace parameter. If not set, it will check whether the user has the right for all namespaces. * Anything that uses Title::getUserPermissionsErrorsInternal() automatically supports per-namespace permissions. This includes Title::getUserPermissionsErrors and Title::(quick)UserCan. * Fix tests that set User::mRights The next step would be to change all User::isAllowed() to Title::quickUserCan or pass the namespace to User::isAllowed(). Comment: So what happens if I want to add a namespace restriction in my extension? I can't set <code>$wgGroupPermissions['*']['delete'][NS_BLAH] = false;</code> because # I don't know if <code>$wgGroupPermissions['*']['delete'] is an array, it might be a boolean. But I can check for that # Someone might set <code>['*']['delete'] = true;</code> in LocalSettings.php, obliterating my restriction # It might inadvertently disable deletes for other namespaces as well, because there is no good way to say "delete is allowed, except for this namespace" The first two can be worked around by having extensions use userCan/getUserPermissionsErrors hooks as they currently do, but the third issue is kind of nasty: how do you specify that deleting is not OK in one specific namespace, but OK in all others? _______________________________________________ MediaWiki-CodeReview mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
