Rob Church schrieb:
On 22/03/07, Gunter News2006@freenet.de wrote:
Surprisingly, the funciton article::doEdit does not check user rights. Any hints, or is it a bug?
No, it's not a bug; Article::doEdit() is a function which operates at a level below the editor - it's not intended to check user permissions, or block status, etc. This is left to the caller, e.g. EditPage.php (or maintenance scripts, which don't need to check these items).
My question was misleading, I found
$allowed = $x_title->userCan('edit');
returning true could be considered a bug, if $wgUser->isAllowed('edit') returns false.
function userCan could be expanded by something like this
// will also fix bug 5391, so user which can not edit will be presented with a "view sourcecode" message. Especially helpful on wikis where a user can not be acquired. if( $action == 'edit' && !( $wgUser->isAllowed( 'edit' ) ) ) { wfProfileOut( $fname ); return false; }
if( $action == 'create' && !( $wgUser->isAllowed( 'create' ) ) ) { wfProfileOut( $fname ); return false; }
// global database lock if( $wgReadOnly ) { wfProfileOut( $fname ); return false; }
This would make it easier for developers, because checking userCan will be used for namespace protection also, so checking User::isAllowed does not seem to be suffiant anymore.
GunterS