From: Gergő Tisza Date: Tue, 22 Apr 2014 01:45:42 +0000 (+0000) Subject: Make users API cache mode public if blockinfo is not queried X-Git-Tag: 1.31.0-rc.0~16061^2 X-Git-Url: https://git.cyclocoop.org/%242?a=commitdiff_plain;h=34bd462a778db82dc17ae9642f16f463d2165b80;p=lhc%2Fweb%2Fwiklou.git Make users API cache mode public if blockinfo is not queried Blockinfo is currently the only piece of information (apart from tokens) in the users API which might change depending on the permissions of the user making the query. There is no point in making the API request uncacheable if blockinfo is not requested. Change-Id: I533f622b7d9077589f148fbb6de98b15ef1c212a --- diff --git a/includes/api/ApiQueryUsers.php b/includes/api/ApiQueryUsers.php index 1511f78fce..ce92063c5c 100644 --- a/includes/api/ApiQueryUsers.php +++ b/includes/api/ApiQueryUsers.php @@ -33,6 +33,23 @@ class ApiQueryUsers extends ApiQueryBase { private $tokenFunctions, $prop; + /** + * Properties whose contents does not depend on who is looking at them. If the usprops field + * contains anything not listed here, the cache mode will never be public for logged-in users. + * @var array + */ + protected static $publicProps = array( + // everything except 'blockinfo' which might show hidden records if the user + // making the request has the appropriate permissions + 'groups', + 'implicitgroups', + 'rights', + 'editcount', + 'registration', + 'emailable', + 'gender', + ); + public function __construct( $query, $moduleName ) { parent::__construct( $query, $moduleName, 'us' ); } @@ -271,7 +288,13 @@ class ApiQueryUsers extends ApiQueryBase { } public function getCacheMode( $params ) { - return isset( $params['token'] ) ? 'private' : 'anon-public-user-private'; + if ( isset( $params['token'] ) ) { + return 'private'; + } elseif ( array_diff( (array)$params['prop'], static::$publicProps ) ) { + return 'anon-public-user-private'; + } else { + return 'public'; + } } public function getAllowedParams() {