MinuteElectron wrote:
vasilvv at gmail.com https://lists.wikimedia.org/mailman/listinfo/wikitech-l wrote: It is for displaying (or not displaying) tabs, I think. Yes, I thought about this as I was going to bed last night (already switched the computer off). That's the only logical explanation, and there are no tabs on special pages which explains the reduced number of calls. It is still odd why the hook is not called on any special pages while logged out though.
MinuteElectron.
Fixed in r32324 -- a hack was circumventing checks on read locked wikis.
Can this fix be backported to stable version ? This feature is important for us and we can't upgrade without this.
In other way is it possible, in the future, to add feature to wgnamespaceprotection system (such as read access) protection directly in core ? I i look down the code for the lockdown extension it seems that it is not very intrusive and such a feature are very simple to implement and don't need a lot of lines of code.
In a second way it would be perfect if we can "hide the existence of pages" too (don't list the page from search or list query where user don't have read access) like this: http://www.mediawiki.org/wiki/Extension:Lockdown/hiding_pages (as an example of simple implementation)
Other question : Is there possible to checkout a svn "stable" branche (if exist) who follow stable release of mediawiki to update more easily our installation ?
Regards
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
okparanoid wrote:
Can this fix be backported to stable version ? This feature is important for us and we can't upgrade without this.
Unfortunately it was reverted, I'm in a similar situation to you -- in the end I just manually made the change I committed to subversion on my wiki. Duesentrieb says that he might be able to rewrite his extension to work with the hack in place, but can't do this for a few months. Maybe Brion might make a comment about this, we'll have to wait and see.
MinuteElectron.
MinuteElectron wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
okparanoid wrote:
Can this fix be backported to stable version ? This feature is important for us and we can't upgrade without this.
Unfortunately it was reverted, I'm in a similar situation to you -- in the end I just manually made the change I committed to subversion on my wiki. Duesentrieb says that he might be able to rewrite his extension to work with the hack in place, but can't do this for a few months. Maybe Brion might make a comment about this, we'll have to wait and see.
MinuteElectron.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkflkwEACgkQkJvUlhoE3wQ/PwCZAfcu3Jt/KCTn1IyXdW/7ErG1 ypcAn2CTJBdDz3kc2aXMzJg0OZUxsR1F =efQe -----END PGP SIGNATURE-----
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Don't understand why this was reverted without any explanation and consensus finding...
isn't Usercan an official hook of mediawiki ?
Doing this is simply bypass this documented hook !?
Don't know how duesentrieb can rewrite extension since the hook is bypassed.
Perhaps i have missing something...
regards
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
okparanoid wrote:
Don't understand why this was reverted without any explanation and consensus finding...
isn't Usercan an official hook of mediawiki ?
Doing this is simply bypass this documented hook !?
Don't know how duesentrieb can rewrite extension since the hook is
bypassed.
Perhaps i have missing something...
The full story.
A few months ago in r29725 http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=29725 Domas introduced a "shortcut" that bypassed the userCan hook when $wgGroupPermissions['*']['read'] = true; as a performance enhancement. This circumvented any further logic inside the userCan hook that may apply read restriction so I reverted it (it had broke an extension -- and possibly others, made the behavior of the hook unintuitive, wasn't documented, etc.). Apparently (according to Domas) he had asked both Tim and Brion about it and they agreed upon it, so he reverted it back.
There isn't much more that can be done, maybe Brion will make a definitive decision next time he is here -- but this is a major regression so one would hope it is fixed somehow.
MinuteElectron.
On Sun, Mar 23, 2008 at 10:53 AM, MinuteElectron minuteelectron@googlemail.com wrote:
There isn't much more that can be done, maybe Brion will make a definitive decision next time he is here -- but this is a major regression so one would hope it is fixed somehow.
Perhaps the bypass should be conditional on $wgMiserMode as well?
MinuteElectron wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
okparanoid wrote:
Don't understand why this was reverted without any explanation and consensus finding...
isn't Usercan an official hook of mediawiki ?
Doing this is simply bypass this documented hook !?
Don't know how duesentrieb can rewrite extension since the hook is
bypassed.
Perhaps i have missing something...
The full story.
A few months ago in r29725 http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=29725 Domas introduced a "shortcut" that bypassed the userCan hook when $wgGroupPermissions['*']['read'] = true; as a performance enhancement. This circumvented any further logic inside the userCan hook that may apply read restriction so I reverted it (it had broke an extension -- and possibly others, made the behavior of the hook unintuitive, wasn't documented, etc.). Apparently (according to Domas) he had asked both Tim and Brion about it and they agreed upon it, so he reverted it back.
There isn't much more that can be done, maybe Brion will make a definitive decision next time he is here -- but this is a major regression so one would hope it is fixed somehow.
MinuteElectron.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkflm/sACgkQkJvUlhoE3wTDOgCfX/s8qmO5zFen0yCqPrNxz486 rxUAnj3LmrCPh/NhGx0n1h+GJwDWw6QG =efoJ -----END PGP SIGNATURE-----
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
So is it possible to add an condition to the line ?
if ($wgGroupPermissions['*']['read']) && "usercan hook not activated"
perhaps any boolean can store if the hook is to be activated, why not set this boolean in LocalSettings.php and use it to any other place of the code to not penalize perfomance of wiki which dont use the user can hook ???!
okparanoid wrote:
MinuteElectron wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
okparanoid wrote:
Don't understand why this was reverted without any explanation and consensus finding...
isn't Usercan an official hook of mediawiki ?
Doing this is simply bypass this documented hook !?
Don't know how duesentrieb can rewrite extension since the hook is
bypassed.
Perhaps i have missing something...
The full story.
A few months ago in r29725 http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=29725 Domas introduced a "shortcut" that bypassed the userCan hook when $wgGroupPermissions['*']['read'] = true; as a performance enhancement. This circumvented any further logic inside the userCan hook that may apply read restriction so I reverted it (it had broke an extension -- and possibly others, made the behavior of the hook unintuitive, wasn't documented, etc.). Apparently (according to Domas) he had asked both Tim and Brion about it and they agreed upon it, so he reverted it back.
There isn't much more that can be done, maybe Brion will make a definitive decision next time he is here -- but this is a major regression so one would hope it is fixed somehow.
MinuteElectron.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkflm/sACgkQkJvUlhoE3wTDOgCfX/s8qmO5zFen0yCqPrNxz486 rxUAnj3LmrCPh/NhGx0n1h+GJwDWw6QG =efoJ -----END PGP SIGNATURE-----
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
So is it possible to add an condition to the line ?
if ($wgGroupPermissions['*']['read']) && "usercan hook not activated"
perhaps any boolean can store if the hook is to be activated, why not set this boolean in LocalSettings.php and use it to any other place of the code to not penalize perfomance of wiki which dont use the user can hook ???!
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Much better ?!
Perhaps more quicker than the initial shortcut commit (compare $wgGroupPermissions['*']['read'] to true only) : Just add a $wgBypassUsercan boolean in conf file and compare it to true where you want in the code to create shortcuts for public wikis.
So wiki whos need such feature can continue to profite of the hook and we can continue to improve the code for us by using it more often. And public wikis are not annoyed with that.
Regards
MinuteElectron wrote:
The full story.
A few months ago in r29725 http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=29725 Domas introduced a "shortcut" that bypassed the userCan hook when $wgGroupPermissions['*']['read'] = true; as a performance enhancement. This circumvented any further logic inside the userCan hook that may apply read restriction so I reverted it (it had broke an extension -- and possibly others, made the behavior of the hook unintuitive, wasn't documented, etc.). Apparently (according to Domas) he had asked both Tim and Brion about it and they agreed upon it, so he reverted it back.
There isn't much more that can be done, maybe Brion will make a definitive decision next time he is here -- but this is a major regression so one would hope it is fixed somehow.
MinuteElectron.
Is calling wfRunHooks that expenseive? It returns almost immediately if no hooks are registered as "userCan"; and Title::userCanRead returns anyway after the hook if the user is allowed to read. I can't see why is the quick "shortcut" necessary, when many other hooks get called during every request.
On Sun, Mar 23, 2008 at 10:49 AM, Rotem Liss rotemliss@gmail.com wrote:
Is calling wfRunHooks that expenseive? It returns almost immediately if no hooks are registered as "userCan"; and Title::userCanRead returns anyway after the hook if the user is allowed to read. I can't see why is the quick "shortcut" necessary, when many other hooks get called during every request.
I moved the shortcut below the hook execution in r32354. If a hook is running too slowly, it should be fixed, not the call to wfRunHooks. Actually, though, I can't see what code is skipped anyway. If $wgGroupPermissions['*']['read'] is true, it seems like you're just skipping a call to $wgUser->isAllowed, which basically does nothing but check $wgGroupPermissions. Domas, could you explain? Or someone?
Hi!
I moved the shortcut below the hook execution in r32354. If a hook is running too slowly, it should be fixed, not the call to wfRunHooks.
Well, the major issue then is to check for 'read' condition in any extension that uses userCan hook, and do fast execution without unstubbing too many objects.
but check $wgGroupPermissions. Domas, could you explain? Or someone?
and unstubs the User object, which can be skipped in quite many code executions :)
Domas Mituzas wrote:
Hi!
I moved the shortcut below the hook execution in r32354. If a hook is running too slowly, it should be fixed, not the call to wfRunHooks.
Well, the major issue then is to check for 'read' condition in any extension that uses userCan hook, and do fast execution without unstubbing too many objects.
Are "public wiki " using such extensions ?
Best regards
Hi!
Are "public wiki " using such extensions ?
maybe. we used to have some, that used - got nuked, then fixed :) I can't tell for every wikis out there - needs review of all extension hook usages.
BR,
On Mon, Mar 24, 2008 at 5:24 AM, Domas Mituzas midom.lists@gmail.com wrote:
I moved the shortcut below the hook execution in r32354. If a hook is running too slowly, it should be fixed, not the call to wfRunHooks.
Well, the major issue then is to check for 'read' condition in any extension that uses userCan hook, and do fast execution without unstubbing too many objects.
Yup, sure. Title.php is not the best place to address those issues.
but check $wgGroupPermissions. Domas, could you explain? Or someone?
and unstubs the User object, which can be skipped in quite many code executions :)
Ah, so that's it. The problem with this kind of thing is that it does break flexibility somewhat. In this case it still breaks the UserGetRights hook for one particular use. The solution might be to have isAllowed not call getRights at all, or not hit the getRights hook anyway, and give it a separate hook. It would be nice if your optimization could be moved into User::isAllowed, but that breaks UserGetRights even further.
Hello,
Is calling wfRunHooks that expenseive? It returns almost immediately if no hooks are registered as "userCan"; and Title::userCanRead returns anyway after the hook if the user is allowed to read. I can't see why is the quick "shortcut" necessary, when many other hooks get called during every request.
well, if hook exists, $wgUser object is unstubbed - and thats already expensive. there is no need of having stub handlers, if we start unstubbing everything at the beginning of every code path.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
MinuteElectron wrote:
A few months ago in r29725 http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=29725 Domas introduced a "shortcut" that bypassed the userCan hook when $wgGroupPermissions['*']['read'] = true; as a performance enhancement. This circumvented any further logic inside the userCan hook that may apply read restriction so I reverted it (it had broke an extension -- and possibly others, made the behavior of the hook unintuitive, wasn't documented, etc.). Apparently (according to Domas) he had asked both Tim and Brion about it and they agreed upon it, so he reverted it back.
The order of permissions configurations in MediaWiki's security model goes from 'deny' to 'allow'.
That is, a general setting of 'allow' will shortcut anything else, because the blanket permission will always apply.
A general setting 'deny' means that further, finer-grained checks can be done to see if another group or per-user permission will activate the 'allow'.
Now, if LockDown is following that model -- denying all access by default, then allowing access conditionally -- then as far as I know it should work just fine. This means that you need to set the default restrictions correctly in $wgGroupPermissions.
If it's not -- say by allowing all access by default, then trying to deny it conditionally -- then indeed it will break. By not following MediaWiki's security model, you end up with unexpected behavior. If this is the case, then LockDown should be fixed to follow MediaWiki's permission model correctly.
- -- brion vibber (brion @ wikimedia.org)
Brion Vibber wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
MinuteElectron wrote:
A few months ago in r29725 http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=29725 Domas introduced a "shortcut" that bypassed the userCan hook when $wgGroupPermissions['*']['read'] = true; as a performance enhancement. This circumvented any further logic inside the userCan hook that may apply read restriction so I reverted it (it had broke an extension -- and possibly others, made the behavior of the hook unintuitive, wasn't documented, etc.). Apparently (according to Domas) he had asked both Tim and Brion about it and they agreed upon it, so he reverted it back.
The order of permissions configurations in MediaWiki's security model goes from 'deny' to 'allow'.
That is, a general setting of 'allow' will shortcut anything else, because the blanket permission will always apply.
A general setting 'deny' means that further, finer-grained checks can be done to see if another group or per-user permission will activate the 'allow'.
Now, if LockDown is following that model -- denying all access by default, then allowing access conditionally -- then as far as I know it should work just fine. This means that you need to set the default restrictions correctly in $wgGroupPermissions.
If it's not -- say by allowing all access by default, then trying to deny it conditionally -- then indeed it will break. By not following MediaWiki's security model, you end up with unexpected behavior. If this is the case, then LockDown should be fixed to follow MediaWiki's permission model correctly.
- -- brion vibber (brion @ wikimedia.org)
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkfn3q8ACgkQwRnhpk1wk44wAACgjtkEiJSUGbzLgN16W1tap9J0 ExQAoJd5/HsrQek+sswGfW6yvIFqsPB+ =65tc -----END PGP SIGNATURE-----
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
ok
It makes senses.
Thanks for you and daumas for explanation.
Regards
Brion Vibber wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
MinuteElectron wrote:
A few months ago in r29725 http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=29725 Domas introduced a "shortcut" that bypassed the userCan hook when $wgGroupPermissions['*']['read'] = true; as a performance enhancement. This circumvented any further logic inside the userCan hook that may apply read restriction so I reverted it (it had broke an extension -- and possibly others, made the behavior of the hook unintuitive, wasn't documented, etc.). Apparently (according to Domas) he had asked both Tim and Brion about it and they agreed upon it, so he reverted it back.
The order of permissions configurations in MediaWiki's security model goes from 'deny' to 'allow'.
That is, a general setting of 'allow' will shortcut anything else, because the blanket permission will always apply.
A general setting 'deny' means that further, finer-grained checks can be done to see if another group or per-user permission will activate the 'allow'.
Now, if LockDown is following that model -- denying all access by default, then allowing access conditionally -- then as far as I know it should work just fine. This means that you need to set the default restrictions correctly in $wgGroupPermissions.
If it's not -- say by allowing all access by default, then trying to deny it conditionally -- then indeed it will break. By not following MediaWiki's security model, you end up with unexpected behavior. If this is the case, then LockDown should be fixed to follow MediaWiki's permission model correctly.
- -- brion vibber (brion @ wikimedia.org)
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkfn3q8ACgkQwRnhpk1wk44wAACgjtkEiJSUGbzLgN16W1tap9J0 ExQAoJd5/HsrQek+sswGfW6yvIFqsPB+ =65tc -----END PGP SIGNATURE-----
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Hello
I have tried to correct Lockdown to being compatible with this model. I haved to let Lockdown grant access of specific group, which change a little the initial "philosophy" of the extension. To work with 1.12 $wgGroupPermissions['*']['read'] need to be set to false in LocalSettings.php
I'm not a php developper (don't know the language and don't know the api of mediawiki) so this has to be tested and certainly contains mistake. Don't use this in production !!! Please take a look at this and let me know the issues/mistakes.
Regards
P.S : Someone can contact the inital author of Lockdown, Daniel Kinzler alias Duesentrieb, i dont have found his email. I would like to propose him the patch.
okparanoid wrote:
Hello
I have tried to correct Lockdown to being compatible with this model. I haved to let Lockdown grant access of specific group, which change a little the initial "philosophy" of the extension. To work with 1.12 $wgGroupPermissions['*']['read'] need to be set to false in LocalSettings.php
I'm not a php developper (don't know the language and don't know the api of mediawiki) so this has to be tested and certainly contains mistake. Don't use this in production !!! Please take a look at this and let me know the issues/mistakes.
Regards
P.S : Someone can contact the inital author of Lockdown, Daniel Kinzler alias Duesentrieb, i dont have found his email. I would like to propose him the patch.
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Here is the script can't attach file with the mailing list :
<?php
/** * Lockdown extension - implements restrictions on individual namespaces and special pages. * * @package MediaWiki * @subpackage Extensions * @author Daniel Kinzler, brightbyte.de * @copyright © 2007 Daniel Kinzler * @licence GNU General Public Licence 2.0 or later */
/* * WARNING: you can use this extension to deny read access to some namespaces. Keep in mind that this * may be circumvented in several ways. This extension doesn't try to * plug such holes. Also note that pages that are not readable will still be shown in listings, * such as the search page, categories, etc. * * Known ways to access "hidden" pages: * - transcluding as template (can't really be fixed without disabling inclusion for specific namespaces; * that could be done by adding a hook to Parser::fetchTemplate) * - Special:export (easily fixed using $wgSpecialPageLockdown) * - the search page may show excerpts from hidden pages. * - supplying oldid=<revisionfromhiddenpage> may work in somve versions of mediawiki. Same with diff, etc. * * NOTE: you cannot GRANT access to things forbidden by $wgGroupPermissions. You can only DENY access * granted there. */
if( !defined( 'MEDIAWIKI' ) ) { echo( "This file is an extension to the MediaWiki software and cannot be used standalone.\n" ); die( 1 ); }
$wgExtensionCredits['other'][] = array( 'name' => 'Lockdown', 'author' => 'Daniel Kinzler', 'url' => 'http://mediawiki.org/wiki/Extension:Lockdown', 'description' => 'per-namespace group permissions', );
$wgNamespacePermissionLockdown = array(); $wgSpecialPageLockdown = array();
$wgHooks['userCan'][] = 'lockdownUserCan';
function lockdownUserCan($title, $user, $action, &$result) { global $wgNamespacePermissionLockdown, $wgSpecialPageLockdown, $wgWhitelistRead; #print "<br />nsAccessUserCan(".$title->getPrefixedDBkey().", ".$user->getName().", $action)<br />\n";
$result = NULL;
//don't impose extra restrictions on UI pages if ($title->isCssJsSubpage()) return true;
if ($action == 'read' && $wgWhitelistRead) { //don't impose read restrictions on whitelisted pages if (in_array($title->getPrefixedText(), $wgWhitelistRead)) { return true; } }
$groups = NULL; $ns = $title->getNamespace(); if( NS_SPECIAL == $ns ) { if ($action != 'read') { $result = false; return true; } else { foreach ($wgSpecialPageLockdown as $page => $g) { if (!$title->isSpecial($page)) continue; $groups = $g; break; } } }
if (!$groups) $groups = @$wgNamespacePermissionLockdown[$ns][$action]; if (!$groups) $groups = @$wgNamespacePermissionLockdown['*'][$action]; if (!$groups) $groups = @$wgNamespacePermissionLockdown[$ns]['*'];
#this namespace has not specific configuration #continue processing without taking any decision if (!$groups) return true;
#print "<br />nsAccessUserCan(".$title->getPrefixedDBkey().", ".$user->getName().", $action)<br />\n"; #print_r($groups);
$ugroups = $user->getEffectiveGroups(); #print_r($ugroups);
$match = array_intersect($ugroups, $groups); #print_r($match);
if ($match) { #group is specifically allowed by lockdown - stop processing $result = true; return false; } else { #print "<br />DENY<br />\n"; #user is not member of a group specially restriced via lockdown #deny access and abort processing $result = false; return false; } }
Helloes!
Don't understand why this was reverted without any explanation and consensus finding...
See, it was an experiment "what will happen if I revert Domas". If people lack understanding of code flow, reverting someone who does without going into explanation and consensus finding is bad too ;-)
isn't Usercan an official hook of mediawiki ?
So is configuration option, telling that wiki is read-for-all :) 0
Doing this is simply bypass this documented hook !?
For completely-read-all wikis, yes.
Don't know how duesentrieb can rewrite extension since the hook is bypassed
Probably by allowing userCan to provide with access, in case default access is false. See, whitelisting pages doesn't work too if access is allowed to everyone by default.
Perhaps i have missing something...
Yup, you're missing the fact, that someone is making mediawiki not suck performance wise. For example Tim made delayed optimization of objects, but that gets broken by very start of code tree. The idea, that even with bytecode cache installed, one can set multiple tweaks to make mediawiki much faster than default deployment, is already quite bad. It should be fastest out of the box already, cause not everyone goes googling around for 'making mediawiki faster' (and landing in http://dammit.lt/2007/01/26/ mediawiki-performance-tuning/ ;-)
BR,
wikitech-l@lists.wikimedia.org