Simetrical wrote:
On Wed, May 28, 2008 at 12:25 PM, Brion Vibber
<brion(a)wikimedia.org> wrote:
Because it's easier to whitelist a few known
actions than to blacklist
quadrillions of possible character combinations?
Not sure what you're getting at... :)
My question is why we *do* blacklist things. If the core software
doesn't know that 'squizzle' is a prohibited action for special pages,
why should it assume that it is? It should default to permitting it,
as the default is to permit all actions. If whatever extension adds
that action decides that it should be prohibited for special pages, it
can explicitly use a hook to prohibit it. This is the same as how it
works for all other (non-special) pages.
Also, this particular case seems to illustrate why we should have made
getUserPermissionsErrors() a User method, not a Title method, IMO, as
I suggested when this was all being reworked. Permissions errors are
always related to a user, but (as in this case) not necessarily to any
particular page.
Just use $wgUser->getBlockedStatus(), all he wants to do is check if the
user is blocked. But I would disagree with the quoted code on another
level. It's a little principle I've been developing but have yet to preach
to the list.
+ // We expect at least one permissions error,
because we're trying to do an action on a specialpage.
+ return count($this->getTitle()->getUserPermissionsErrors(
'centralauth-merge', $user ))<=1;
Write what you mean, don't take shortcuts. Treat programming like a an
expressive natural language, and put the algorithm that's in your head
precisely down into the code. Typing is quick, debugging is slow.
$errors = $this->getTitle()->getUserPermissionsErrors(
'centralauth-merge', $user );
foreach ( $errors as $i => $error ) {
if ( $error[0] == 'ns-specialprotected' ) {
unset( $errors[$i] );
}
}
return (bool)$errors;
If that's too long, you can always refactor.
-- Tim Starling