[MediaWiki-commits] [Gerrit] [RFC] User init & user rights overrides in BSF - change (mediawiki...BlueSpiceFoundation)

Mon, 28 Jul 2014 23:26:23 -0700 

Robert Vogel has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/150150

Change subject: [RFC] User init & user rights overrides in BSF
......................................................................

[RFC] User init & user rights overrides in BSF

I tried to clean up legacy code that caused an issue at a customer setup
but then stumbled upon some strange logic.

There are two implementations for an implicit user_id/user_token
authentication. Both seem to be at the wrong place (hook).

Please help me to figure out whether this code is still
needed/operational and if we can safely remove it.

Change-Id: I05af7c851d1143e352d2b66871598880854b6f9c
---
M includes/CoreHooks.php
1 file changed, 11 insertions(+), 17 deletions(-)


  git pull 
ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/BlueSpiceFoundation 
refs/changes/50/150150/1

diff --git a/includes/CoreHooks.php b/includes/CoreHooks.php
index da7f66d..841a123 100755
--- a/includes/CoreHooks.php
+++ b/includes/CoreHooks.php
@@ -1,8 +1,6 @@
 <?php
 class BsCoreHooks {
 
-       protected static $bUserFetchRights = false;
-
        protected static $loggedInByHash = false;
 
        public static function onSetupAfterCache() {
@@ -314,7 +312,7 @@
         */
        public static function LinkEnd( $skin, $target, $options, &$html, 
&$attribs, &$ret ) {
                //We add the original title to a link. This may be the same 
content as
-               //"title" attribute, but it doesn't have to. I.e. in rea links
+               //"title" attribute, but it doesn't have to. I.e. in red links
                $attribs['data-bs-title'] = $target->getPrefixedText();
 
                if( $target->getNamespace() == NS_USER && $target->isSubpage() 
=== false ) {
@@ -336,32 +334,30 @@
        }
 
        /**
+        * Enables login by userid/token instead of username/password. This is
+        * usefull to implicit authentication when calles by non-webbrowser 
clients,
+        * e.g. RSS readers
         * @param User $oUser
         * @param array $aRights
-        * @return boolean
+        * @return boolean Always true
         */
        public static function onUserGetRights( $oUser, &$aRights ) {
                wfProfileIn('BS::' . __METHOD__);
 
-               if ( $oUser->isAnon() ) {
-                       $oRequest = RequestContext::getMain()->getRequest();
+               if ( !$oUser->isAnon() ) {
+                       $oRequest = $oUser->getRequest();
                        $iUserId = $oRequest->getVal( 'u', '' );
                        $sUserHash = $oRequest->getVal( 'h', '' );
 
                        if ( !empty( $iUserId ) && !empty( $sUserHash ) ) {
-                               self::$loggedInByHash = true;
                                $_user = User::newFromName( $iUserId );
                                if ( $_user !== false && $sUserHash == 
$_user->getToken() ) {
                                        $oUser = $_user;
+                                       self::$loggedInByHash = true;
                                }
                        }
                }
 
-               if ( self::$bUserFetchRights == false ) {
-                       $aRights = User::getGroupPermissions( 
$oUser->getEffectiveGroups( true ) );
-                       # The flag is deactivated to prevent some bugs with the 
loading of the actual users rights.
-                       # $this->bUserFetchRights = true;
-               }
                wfProfileOut('BS::' . __METHOD__);
                return true;
        }
@@ -378,27 +374,25 @@
        public static function onUserCan( &$title, &$user, $action, &$result ) {
                wfProfileIn('BS::' . __METHOD__);
                if ( !self::$loggedInByHash ) {
-                       wfProfileIn('--BS::' . __METHOD__ . 'if 
!$this->loggedInByHash');
-                       $oRequest = RequestContext::getMain()->getRequest();
+                       $oRequest = $user->getRequest();
                        $iUserId = $oRequest->getVal( 'u', '' );
                        $sUserHash = $oRequest->getVal( 'h', '' );
 
                        if ( empty( $iUserId ) || empty( $sUserHash ) ) {
-                               wfProfileOut('--BS::' . __METHOD__ . 'if 
!self::$loggedInByHash');
+                               wfProfileOut('BS::' . __METHOD__);
                                return true;
                        }
 
                        $user->mGroups = array();
                        $user->getEffectiveGroups( true );
                        if ( $iUserId && $sUserHash ) {
-                               self::$loggedInByHash = true;
                                $_user = User::newFromName( $iUserId );
                                if ( $_user !== false && $sUserHash == 
$_user->getToken() ) {
                                        $result = $_user->isAllowed( 'read' );
                                        $user = $_user;
+                                       self::$loggedInByHash = true;
                                }
                        }
-                       wfProfileOut('--BS::' . __METHOD__ . 'if 
!self::$loggedInByHash');
                }
 
                if ( $action == 'read' ) {

-- 
To view, visit https://gerrit.wikimedia.org/r/150150
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I05af7c851d1143e352d2b66871598880854b6f9c
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/BlueSpiceFoundation
Gerrit-Branch: master
Gerrit-Owner: Robert Vogel <vo...@hallowelt.biz>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to