From 34bd462a778db82dc17ae9642f16f463d2165b80 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Gerg=C5=91=20Tisza?= Date: Tue, 22 Apr 2014 01:45:42 +0000 Subject: [PATCH] Make users API cache mode public if blockinfo is not queried Blockinfo is currently the only piece of information (apart from tokens) in the users API which might change depending on the permissions of the user making the query. There is no point in making the API request uncacheable if blockinfo is not requested. Change-Id: I533f622b7d9077589f148fbb6de98b15ef1c212a --- includes/api/ApiQueryUsers.php | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/includes/api/ApiQueryUsers.php b/includes/api/ApiQueryUsers.php index 1511f78fce..ce92063c5c 100644 --- a/includes/api/ApiQueryUsers.php +++ b/includes/api/ApiQueryUsers.php @@ -33,6 +33,23 @@ class ApiQueryUsers extends ApiQueryBase { private $tokenFunctions, $prop; + /** + * Properties whose contents does not depend on who is looking at them. If the usprops field + * contains anything not listed here, the cache mode will never be public for logged-in users. + * @var array + */ + protected static $publicProps = array( + // everything except 'blockinfo' which might show hidden records if the user + // making the request has the appropriate permissions + 'groups', + 'implicitgroups', + 'rights', + 'editcount', + 'registration', + 'emailable', + 'gender', + ); + public function __construct( $query, $moduleName ) { parent::__construct( $query, $moduleName, 'us' ); } @@ -271,7 +288,13 @@ class ApiQueryUsers extends ApiQueryBase { } public function getCacheMode( $params ) { - return isset( $params['token'] ) ? 'private' : 'anon-public-user-private'; + if ( isset( $params['token'] ) ) { + return 'private'; + } elseif ( array_diff( (array)$params['prop'], static::$publicProps ) ) { + return 'anon-public-user-private'; + } else { + return 'public'; + } } public function getAllowedParams() { -- 2.20.1