From 92ee13b6280292102d97f888406a58097b6fbe21 Mon Sep 17 00:00:00 2001
From: Yuri Astrakhan <yurik@users.mediawiki.org>
Date: Thu, 12 Jul 2007 06:54:08 +0000
Subject: [PATCH] API: Per IRC discussion with brion and co, now API only works
 if the user has the right to read

---
 includes/api/ApiMain.php | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php
index ae1e98f217..a03b50317f 100644
--- a/includes/api/ApiMain.php
+++ b/includes/api/ApiMain.php
@@ -92,6 +92,20 @@ class ApiMain extends ApiBase {
 		// Special handling for the main module: $parent === $this
 		parent :: __construct($this, $this->mInternalMode ? 'main_int' : 'main');
 
+		if (!$this->mInternalMode) {
+			
+			// Impose module restrictions.
+			// If the current user cannot read, 
+			// Remove all modules other than login & help
+			global $wgUser, $wgWhitelistRead;
+			if (!$wgUser->isAllowed('read')) {
+				self::$Modules = array(
+					'login' => self::$Modules['login'],
+					'help' => self::$Modules['help']
+					); 
+			}
+		}
+
 		$this->mModules = self :: $Modules;
 		$this->mModuleNames = array_keys($this->mModules); // todo: optimize
 		$this->mFormats = self :: $Formats;
-- 
2.20.1