https://bugzilla.wikimedia.org/show_bug.cgi?id=56975
--- Comment #2 from Chris Steipp <cste...@wikimedia.org> --- Yeah, "public" seems to have always been defined as "'*' is allowed 'read'". I just didn't fully understand the impact of not having it. Looking more at it yesterday, I think the performance hit would be pretty bad if we flipped it on as is. It seems like there are a couple ways to fix it, but Brad, since you did a lot of that work I want to make sure it sounds sane to you. All uses of isEveryoneAllowed() in core and extensions that I could find, are to check 'read', basically to decide if the wiki is public or not. So we could either: 1) Change those back to checking if '*' has read directly. 2) Change the OAuth hook to only return false if the right isn't one of the basic rights, since we mostly assume that will always be available. 3) Remove the hook from OAuth, under the reasoning that if * is allowed a right, then the OAuth app can make an anonymous call just as easily. I actually like having the hook-- it solves some of the issues that a lot of the access control extensions have struggled with, and I think it's useful. For the second two options, 3 seems like it would simplify the system overall, but maybe there are some rights (other than read) we would want to pull out? -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l