r83390 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r83389‎ | r83390 | r83391 >
Date:17:59, 6 March 2011
Author:reedy
Status:ok (Comments)
Tags:
Comment:
* (bug 27897) list=allusers and list=users list hidden users

Refactored addition of block information, and also checked if user is allowed to view hidden user fields
Modified paths:
  • /trunk/phase3/RELEASE-NOTES (modified) (history)
  • /trunk/phase3/includes/api/ApiQueryAllUsers.php (modified) (history)
  • /trunk/phase3/includes/api/ApiQueryBase.php (modified) (history)
  • /trunk/phase3/includes/api/ApiQueryUsers.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/api/ApiQueryBase.php
@@ -466,6 +466,34 @@
467467 return null;
468468 }
469469
 470+ /**
 471+ * Filters hidden users (where the user doesn't have the right to view them)
 472+ * Also adds relevant block information
 473+ *
 474+ * @param bool $showBlockInfo
 475+ * @return void
 476+ */
 477+ public function showHiddenUsersAddBlockInfo( $showBlockInfo ) {
 478+ global $wgUser;
 479+ $userCanViewHiddenUsers = $wgUser->isAllowed( 'hideuser' );
 480+
 481+ if ( $showBlockInfo || !$userCanViewHiddenUsers ) {
 482+ $this->addTables( 'ipblocks' );
 483+ $this->addJoinConds( array(
 484+ 'ipblocks' => array( 'LEFT JOIN', 'ipb_user=user_id' ),
 485+ ) );
 486+
 487+ if ( $showBlockInfo ) {
 488+ $this->addFields( array( 'ipb_reason', 'ipb_by_text', 'ipb_expiry' ) );
 489+ }
 490+
 491+ // Don't show hidden names
 492+ if ( !$userCanViewHiddenUsers ) {
 493+ $this->addWhere( 'ipb_deleted IS NULL' );
 494+ }
 495+ }
 496+ }
 497+
470498 public function getPossibleErrors() {
471499 return array_merge( parent::getPossibleErrors(), array(
472500 array( 'invalidtitle', 'title' ),
Index: trunk/phase3/includes/api/ApiQueryAllUsers.php
@@ -112,13 +112,7 @@
113113 $sqlLimit = $limit + 1;
114114 }
115115
116 - if ( $fld_blockinfo ) {
117 - $this->addTables( 'ipblocks' );
118 - $this->addJoinConds( array(
119 - 'ipblocks' => array( 'LEFT JOIN', 'ipb_user=user_id' ),
120 - ) );
121 - $this->addFields( array( 'ipb_reason', 'ipb_by_text', 'ipb_expiry' ) );
122 - }
 116+ $this->showHiddenUsersAddBlockInfo( $fld_blockinfo );
123117
124118 $this->addOption( 'LIMIT', $sqlLimit );
125119
Index: trunk/phase3/includes/api/ApiQueryUsers.php
@@ -119,14 +119,9 @@
120120 $this->addJoinConds( array( 'user_groups' => array( 'LEFT JOIN', 'ug_user=user_id' ) ) );
121121 $this->addFields( 'ug_group' );
122122 }
123 - if ( isset( $this->prop['blockinfo'] ) ) {
124 - $this->addTables( 'ipblocks' );
125 - $this->addJoinConds( array(
126 - 'ipblocks' => array( 'LEFT JOIN', 'ipb_user=user_id' ),
127 - ) );
128 - $this->addFields( array( 'ipb_reason', 'ipb_by_text', 'ipb_expiry' ) );
129 - }
130123
 124+ $this->showHiddenUsersAddBlockInfo( isset( $this->prop['blockinfo'] ) );
 125+
131126 $data = array();
132127 $res = $this->select( __METHOD__ );
133128
Index: trunk/phase3/RELEASE-NOTES
@@ -214,7 +214,8 @@
215215 * (bug 27862) Useremail module didn't properly return success on success.
216216 * (bug 27590) prop=imageinfo now allows querying the media type
217217 * (bug 27587) list=filearchive now outputs full title info
218 -(bug 27018) Added action=filerevert to revert files to an old version
 218+* (bug 27018) Added action=filerevert to revert files to an old version
 219+* (bug 27897) list=allusers and list=users list hidden users
219220
220221 === Languages updated in 1.18 ===
221222

Sign-offs

UserFlagDate
Jarry1250tested20:01, 6 March 2011

Follow-up revisions

RevisionCommit summaryAuthorDate
r83392Followup r83390, change cache modesreedy18:16, 6 March 2011
r83402Fix where ipb_deleted from r83390reedy20:38, 6 March 2011
r83403Followup r83390...reedy20:51, 6 March 2011
r834871.17wmf1: MFT r82696, r83270, r83284, r83374, r83390, r83392, r83402, r83403,...catrope21:44, 7 March 2011
r83489Fix r83390, need to do where ipb_deleted IS NULL as we're left joining in the...reedy22:58, 7 March 2011
r85354MFT r82518, r82530, r82538, r82547, r82550, r82565, r82572, r82608, r82696, r...demon18:25, 4 April 2011

Comments

#Comment by MZMcBride (talk | contribs)   18:06, 6 March 2011

Looks good.

#Comment by Jarry1250 (talk | contribs)   20:04, 6 March 2011

Of course, if you are +hideuser, there's no indication from the API that you're looking at usernames the average user can't see. (By comparison, on the SpecialPage equivalent, they are struck through.) But that's a different issue, I think.

#Comment by Duplicatebug (talk | contribs)   20:25, 6 March 2011

Adding a hidden="" is better, list=blocks does that (with bkprop=flags).

list=users output missing="", but that is wrong because the user is not missing. When visit the user page of a hidden user than there is also no hint that the user account does not exist.

#Comment by Reedy (talk | contribs)   20:37, 6 March 2011

Allusers uses the username for query continue, so what if the last name is hidden? We have an issue.

This isn't so much of an issue for list=users though.

On list=blocks, hidden is displayed with the username

if ( !$wgUser->isAllowed( 'hideuser' ) ) { $this->addWhereFld( 'ipb_deleted', 0 ); }

So that actually filter them out, exactly the same. The only benefit it provides, if the user is allowed to view deleted users.

So I can add the hidden="" if the user is allowed to view hidden people


I've got a feeling the IS NULL is wrong. Probably wants to be ipb_deleted = 0, per "ipb_deleted bool NOT NULL default 0". Will fix that now

#Comment by Duplicatebug (talk | contribs)   20:41, 6 March 2011

The SQL does not select the hidden username, so the api cannot use it for continue. That should work.

Status & tagging log