r45262 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r45261‎ \| r45262 \| r45263 >
Date:	22:42, 31 December 2008
Author:	brion
Status:	ok
Tags:
Comment:	Revert r45225 "Make access to Special:GlobalGroupPermissions and Special:GlobalGroupMembership a local permission. Making it global is bad, since then anybody with it can change permissions on some wuuwiki, and nobody will ever notice it." Current code goes to some trouble to ensure that access to the global groups control is attached to the global auth & permissions. Probably not wise to just undo it without asking why first?
Modified paths:	/trunk/extensions/CentralAuth/CentralAuth.php (modified) (history) /trunk/extensions/CentralAuth/SpecialGlobalGroupMembership.php (modified) (history) /trunk/extensions/CentralAuth/SpecialGlobalGroupPermissions.php (modified) (history)

Diff [purge]

Index: trunk/extensions/CentralAuth/SpecialGlobalGroupMembership.php
—	—	@@ -7,9 +7,13 @@
8	8	*/
9	9
10	10	class SpecialGlobalGroupMembership extends UserrightsPage {
	11	+ var $mGlobalUser;
11	12	function SpecialGlobalGroupMembership() {
12	13	SpecialPage::SpecialPage( 'GlobalGroupMembership' );
13	14	wfLoadExtensionMessages('SpecialCentralAuth');
	15	+
	16	+ global $wgUser;
	17	+ $this->mGlobalUser = CentralAuthUser::getInstance( $wgUser );
14	18	}
15	19
16	20	/**
—	—	@@ -44,10 +48,16 @@
45	49
46	50	function changeableGroups() {
47	51	global $wgUser;
48		-
	52	+
	53	+ ## Should be a global user
	54	+ if (!$this->mGlobalUser->exists() \|\| !$this->mGlobalUser->isAttached()) {
	55	+ return array();
	56	+ }
	57	+
49	58	$allGroups = CentralAuthUser::availableGlobalGroups();
50		-
51		~~- if ( $wgUser->isAllowed( 'globalgroupmembership' ) ) {~~
	59	+
	60	+ ## Permission MUST be gained from global rights.
	61	+ if ( $this->mGlobalUser->hasGlobalPermission( 'globalgroupmembership' ) ) {
52	62	#specify addself and removeself as empty arrays -- bug 16098
53	63	return array( 'add' => $allGroups, 'remove' => $allGroups, 'add-self' => array(), 'remove-self' => array() );
54	64	} else {
Index: trunk/extensions/CentralAuth/SpecialGlobalGroupPermissions.php
—	—	@@ -31,8 +31,16 @@
32	32	wfLoadExtensionMessages('SpecialCentralAuth');
33	33	}
34	34
35		~~- function userCanExecute( $user ) {~~
36		~~- return $user->isAllowed( 'globalgrouppermissions' );~~
	35	+ function userCanExecute($user) {
	36	+ $globalUser = CentralAuthUser::getInstance( $user );
	37	+
	38	+ ## Should be a global user
	39	+ if (!$globalUser->exists() \|\| !$globalUser->isAttached()) {
	40	+ return false;
	41	+ }
	42	+
	43	+ ## Permission MUST be gained from global rights.
	44	+ return $globalUser->hasGlobalPermission( 'globalgrouppermissions' );
37	45	}
38	46
39	47	function execute( $subpage ) {
Index: trunk/extensions/CentralAuth/CentralAuth.php
—	—	@@ -182,8 +182,6 @@
183	183	$wgAvailableRights[] = 'globalgrouppermissions';
184	184	$wgAvailableRights[] = 'globalgroupmembership';
185	185	$wgGroupPermissions['steward']['centralauth-admin'] = true;
186		~~-$wgGroupPermissions['steward']['globalgrouppermissions'] = true;~~
187		~~-$wgGroupPermissions['steward']['globalgroupmembership'] = true;~~
188	186	$wgGroupPermissions['*']['centralauth-merge'] = true;
189	187
190	188	$wgSpecialPages['CentralAuth'] = 'SpecialCentralAuth';

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r45225	Make access to Special:GlobalGroupPermissions and Special:GlobalGroupMembersh...	vasilievvv	16:06, 31 December 2008

Status & tagging log

22:55, 31 December 2008 Brion VIBBER (talk | contribs) changed the status of r45262 [removed: new added: ok]