Last modified: 2010-05-15 15:38:55 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T7391, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 5391 - Problems with userCan function
Problems with userCan function
Status: RESOLVED DUPLICATE of bug 1859
Product: MediaWiki
Classification: Unclassified
Page editing (Other open bugs)
1.5.x
PC Linux
: Normal normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-03-29 19:50 UTC by trantor
Modified: 2010-05-15 15:38 UTC (History)
0 users

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description trantor 2006-03-29 19:50:46 UTC
I found out that in the version 1.5.7 when I am logout the label ‘edit’ does not
change from ‘edit’ to ‘source view’. After digging on the code I realize that
the function ‘userCan(action)’ defined on Title.php was not given the right
answer about if a user can or cannot edit a page.

From the line 941 on Title.php you have:

		foreach( $this->getRestrictions($action) as $right ) {
			// Backwards compatibility, rewrite sysop -> protect
			if ( $right == 'sysop' ) {
				$right = 'protect';
			}
			if( '' != $right && !$wgUser->isAllowed( $right ) ) {
				wfProfileOut( $fname );
				return false;
			}
		}

		if( $action == 'move' &&
			!( $this->isMovable() && $wgUser->isAllowed( 'move' ) ) ) {
			wfProfileOut( $fname );
			return false;
		}

		wfProfileOut( $fname );
		return true;
	}

The problem was in the foreach section where the program asks for those groups
can execute the action. In the case user belongs sysop group the action is
changed to protect. But the rest of the loop no make sense due to the fact that
the function isAllowed is call with different group names but that function only
accepts actions. Therefore for other action to be verified like edit the
function always is going to return true. 

I sugest this change:

                # VEB
		foreach( $this->getRestrictions($action) as $right ) {
			// Backwards compatibility, rewrite sysop -> protect
			if ( $right == 'sysop' ) {
				$right = 'protect';
                                if( '' != $right && !$wgUser->isAllowed( $right
) ) {
				          wfProfileOut( $fname );
                                          return false;
                                }
			}
		}

		if( $action == 'move' &&
			!( $this->isMovable() && $wgUser->isAllowed( 'move' ) ) ) {
			wfProfileOut( $fname );
			return false;
		}

                # VEB 
                if( !$wgUser->isAllowed( $action ) ) {
                        wfProfileOut( $fname );
                        return false;
                }

		wfProfileOut( $fname );
		return true;
	}

Where the block with mark VEB verifies for the remaining actions.

Victor

PS: by the way my full name is Victor E. Bazterra.
Comment 1 Brion Vibber 2006-03-29 20:01:57 UTC

*** This bug has been marked as a duplicate of 1859 ***

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links