From: Yuri Astrakhan Date: Thu, 12 Jul 2007 06:54:08 +0000 (+0000) Subject: API: Per IRC discussion with brion and co, now API only works if the user has the... X-Git-Tag: 1.31.0-rc.0~52125 X-Git-Url: http://git.cyclocoop.org/url?a=commitdiff_plain;h=92ee13b6280292102d97f888406a58097b6fbe21;p=lhc%2Fweb%2Fwiklou.git API: Per IRC discussion with brion and co, now API only works if the user has the right to read --- diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php index ae1e98f217..a03b50317f 100644 --- a/includes/api/ApiMain.php +++ b/includes/api/ApiMain.php @@ -92,6 +92,20 @@ class ApiMain extends ApiBase { // Special handling for the main module: $parent === $this parent :: __construct($this, $this->mInternalMode ? 'main_int' : 'main'); + if (!$this->mInternalMode) { + + // Impose module restrictions. + // If the current user cannot read, + // Remove all modules other than login & help + global $wgUser, $wgWhitelistRead; + if (!$wgUser->isAllowed('read')) { + self::$Modules = array( + 'login' => self::$Modules['login'], + 'help' => self::$Modules['help'] + ); + } + } + $this->mModules = self :: $Modules; $this->mModuleNames = array_keys($this->mModules); // todo: optimize $this->mFormats = self :: $Formats;