On 22/03/07, Gunter News2006@freenet.de wrote:
Surprisingly, the funciton article::doEdit does not check user rights. Any hints, or is it a bug?
No, it's not a bug; Article::doEdit() is a function which operates at a level below the editor - it's not intended to check user permissions, or block status, etc. This is left to the caller, e.g. EditPage.php (or maintenance scripts, which don't need to check these items).
To add a permission check, use the User::isAllowed() method, executing on the global $wgUser.
Rob Church