On 08/27/2013 10:27 AM, vitalif(a)yourcmc.ru wrote:
Actually, the first and the basic step is much simpler
- MediaWiki
should perform userCanRead() checks everywhere it displays information
about any page.
It would be very good if such changes are accepted into the core - it
will work as a base for all possible ACL extensions.
I'm now trying to improve API protection in IntraACL (before today it
was provided only by "Title hack" which returned "Access denied"
instead
of any real inaccessible Title object) - and it seems userCanRead() must
be added in almost every ApiQuery*.php file :-X (ApiPageSet isn't used
everywhere)
Do you have gerrit access? If you submit userCanRead() additions, I'll
help you get them into core.
I agree that this is a good start.
--
Mark A. Hershberger
NicheWork LLC
717-271-1084