* Change tag lists (shown on recent changes, watchlist, user contributions,
history pages, diff pages) now include a link to Special:Tags to distinguish
them from edit summaries.
+* Added a new method and hook, User::isEveryoneAllowed() and
+ UserIsEveryoneAllowed, for use in situations where a "does everyone have this
+ right?" check is used to avoid more expensive checks.
=== Bug fixes in 1.22 ===
* Disable Special:PasswordReset when $wgEnableEmail is false. Previously one
$ip: User's IP address
&$blocked: Whether the user is blocked, to be modified by the hook
+'UserIsEveryoneAllowed': Check if all users are allowed some user right; return
+false if a UserGetRights hook might remove the named right.
+$right: The user right being checked
+
'UserLoadAfterLoadFromSession': Called to authenticate users on external or
environmental means; occurs after session is loaded.
$user: user object being loaded
'Bad Request',
"unknown function " . (string) $this->func_name
);
- } elseif ( !in_array( 'read', User::getGroupPermissions( array( '*' ) ), true )
- && !$wgUser->isAllowed( 'read' ) )
- {
+ } elseif ( !User::isEveryoneAllowed( 'read' ) && !$wgUser->isAllowed( 'read' ) ) {
wfHttpError(
403,
'Forbidden',
- 'You must log in to view pages.' );
+ 'You are not allowed to view pages.' );
} else {
wfDebug( __METHOD__ . ' dispatching ' . $this->func_name . "\n" );
* pages?
*/
public function isRestricted() {
- // DWIM: If all anons can do something, then it is not restricted
- return $this->mRestriction != '' && !User::groupHasPermission( '*', $this->mRestriction );
+ // DWIM: If everyone can do something, then it is not restricted
+ return $this->mRestriction != '' && !User::isEveryoneAllowed( $this->mRestriction );
}
/**
*/
private function checkReadPermissions( $action, $user, $errors, $doExpensiveQueries, $short ) {
global $wgWhitelistRead, $wgWhitelistReadRegexp, $wgRevokePermissions;
- static $useShortcut = null;
-
- # Initialize the $useShortcut boolean, to determine if we can skip quite a bit of code below
- if ( is_null( $useShortcut ) ) {
- $useShortcut = true;
- if ( !User::groupHasPermission( '*', 'read' ) ) {
- # Not a public wiki, so no shortcut
- $useShortcut = false;
- } elseif ( !empty( $wgRevokePermissions ) ) {
- /**
- * Iterate through each group with permissions being revoked (key not included since we don't care
- * what the group name is), then check if the read permission is being revoked. If it is, then
- * we don't use the shortcut below since the user might not be able to read, even though anon
- * reading is allowed.
- */
- foreach ( $wgRevokePermissions as $perms ) {
- if ( !empty( $perms['read'] ) ) {
- # We might be removing the read right from the user, so no shortcut
- $useShortcut = false;
- break;
- }
- }
- }
- }
$whitelisted = false;
- if ( $useShortcut ) {
+ if ( User::isEveryoneAllowed( 'read' ) ) {
# Shortcut for public wikis, allows skipping quite a bit of code
$whitelisted = true;
} elseif ( $user->isAllowed( 'read' ) ) {
/**
* Check, if the given group has the given permission
*
+ * If you're wanting to check whether all users have a permission, use
+ * User::isEveryoneAllowed() instead. That properly checks if it's revoked
+ * from anyone.
+ *
* @since 1.21
* @param string $group Group to check
* @param string $role Role to check
&& !( isset( $wgRevokePermissions[$group][$role] ) && $wgRevokePermissions[$group][$role] );
}
+ /**
+ * Check if all users have the given permission
+ *
+ * @since 1.22
+ * @param string $right Right to check
+ * @return bool
+ */
+ public static function isEveryoneAllowed( $right ) {
+ global $wgGroupPermissions, $wgRevokePermissions;
+ static $cache = array();
+
+ if ( isset( $cache[$right] ) ) {
+ return $cache[$right];
+ }
+
+ if ( !isset( $wgGroupPermissions['*'][$right] ) || !$wgGroupPermissions['*'][$right] ) {
+ $cache[$right] = false;
+ return false;
+ }
+
+ // If it's revoked anywhere, then everyone doesn't have it
+ foreach ( $wgRevokePermissions as $rights ) {
+ if ( isset( $rights[$right] ) && $rights[$right] ) {
+ $cache[$right] = false;
+ return false;
+ }
+ }
+
+ // Allow extensions (e.g. OAuth) to say false
+ if ( !wfRunHooks( 'UserIsEveryoneAllowed', array( $right ) ) ) {
+ $cache[$right] = false;
+ return false;
+ }
+
+ $cache[$right] = true;
+ return true;
+ }
+
/**
* Get the localized descriptive name for a group, if it exists
*
*/
protected function checkExecutePermissions( $module ) {
$user = $this->getUser();
- if ( $module->isReadMode() && !User::groupHasPermission( '*', 'read' ) &&
+ if ( $module->isReadMode() && !User::isEveryoneAllowed( 'read' ) &&
!$user->isAllowed( 'read' ) )
{
$this->dieUsageMsg( 'readrequired' );