Last modified: 2010-05-15 15:38:55 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 5391 - Problems with userCan function
Problems with userCan function
Status: RESOLVED DUPLICATE of bug 1859
Product: MediaWiki
Classification: Unclassified
Page editing (Other open bugs)
1.5.x
PC Linux
: Normal normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-03-29 19:50 UTC by trantor
Modified: 2010-05-15 15:38 UTC (History)
0 users

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description trantor 2006-03-29 19:50:46 UTC
I found out that in the version 1.5.7 when I am logout the label ‘edit’ does not
change from ‘edit’ to ‘source view’. After digging on the code I realize that
the function ‘userCan(action)’ defined on Title.php was not given the right
answer about if a user can or cannot edit a page.

From the line 941 on Title.php you have:

		foreach( $this->getRestrictions($action) as $right ) {
			// Backwards compatibility, rewrite sysop -> protect
			if ( $right == 'sysop' ) {
				$right = 'protect';
			}
			if( '' != $right && !$wgUser->isAllowed( $right ) ) {
				wfProfileOut( $fname );
				return false;
			}
		}

		if( $action == 'move' &&
			!( $this->isMovable() && $wgUser->isAllowed( 'move' ) ) ) {
			wfProfileOut( $fname );
			return false;
		}

		wfProfileOut( $fname );
		return true;
	}

The problem was in the foreach section where the program asks for those groups
can execute the action. In the case user belongs sysop group the action is
changed to protect. But the rest of the loop no make sense due to the fact that
the function isAllowed is call with different group names but that function only
accepts actions. Therefore for other action to be verified like edit the
function always is going to return true. 

I sugest this change:

                # VEB
		foreach( $this->getRestrictions($action) as $right ) {
			// Backwards compatibility, rewrite sysop -> protect
			if ( $right == 'sysop' ) {
				$right = 'protect';
                                if( '' != $right && !$wgUser->isAllowed( $right
) ) {
				          wfProfileOut( $fname );
                                          return false;
                                }
			}
		}

		if( $action == 'move' &&
			!( $this->isMovable() && $wgUser->isAllowed( 'move' ) ) ) {
			wfProfileOut( $fname );
			return false;
		}

                # VEB 
                if( !$wgUser->isAllowed( $action ) ) {
                        wfProfileOut( $fname );
                        return false;
                }

		wfProfileOut( $fname );
		return true;
	}

Where the block with mark VEB verifies for the remaining actions.

Victor

PS: by the way my full name is Victor E. Bazterra.
Comment 1 Brion Vibber 2006-03-29 20:01:57 UTC

*** This bug has been marked as a duplicate of 1859 ***

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links