From bdaca5751dd92d5fa1527e12a787cc7da8585226 Mon Sep 17 00:00:00 2001
From: kaldari <rkaldari@wikimedia.org>
Date: Fri, 12 Dec 2014 14:24:54 -0800
Subject: [PATCH] Explaining why user groups are sometimes returned by
 getRestrictions

Title::getRestrictions is assumed to return user rights, but in most
real contexts it actually returns user groups. This is super
confusing and has caused serious permission bugs. Adding an
explanation to the function comments.

Change-Id: I58013ba5e553d1feecacf6bfef066e1569fcc236
---
 includes/Title.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/includes/Title.php b/includes/Title.php
index cfdba5de12..4b60bcb6e4 100644
--- a/includes/Title.php
+++ b/includes/Title.php
@@ -2812,8 +2812,10 @@ class Title {
 	 * Accessor/initialisation for mRestrictions
 	 *
 	 * @param string $action Action that permission needs to be checked for
-	 * @return array Restriction levels needed to take the action. All levels
-	 *     are required.
+	 * @return array Restriction levels needed to take the action. All levels are
+	 *     required. Note that restriction levels are normally user rights, but 'sysop'
+	 *     and 'autoconfirmed' are also allowed for backwards compatibility. These should
+	 *     be mapped to 'editprotected' and 'editsemiprotected' respectively.
 	 */
 	public function getRestrictions( $action ) {
 		if ( !$this->mRestrictionsLoaded ) {
-- 
2.20.1