[Mediawiki-l] UserRightsList 0.3 Announcement

Jim Hu jimhu at tamu.edu
Sat May 17 00:29:36 UTC 2008


For version 0.4...
On May 16, 2008, at 12:56 PM, DanTMan wrote:
<extensive snipping below>
>>> The extension does not handle user rights permissions correctly.
>>> For 1.12> it won't work correctly because it does not handle
>>> $wgAddGroups, $wgRemoveGroups, $wgGroupsAddToSelf, and
>>> $wgGroupsRemoveFromSelf.

should be fixed via indirect use of changeableGroups()
>>>
>>> And for 1.11 it is a security issue, because for $wgAddGroups and
>>> $wgRemoveGroups to work a user needs the userrights permission...

should be fixed via per previous message

> Yup... Your setup of the special page is to. 'createuser' isn't a good
> permission to base on.

won't change due to Vampire considerations described previously,  
unless there's an alternative solution.
>
>>> And there's some hardcoding of group names, and it's likely that
>>> checkboxes are not going to be rendered correctly when anything  
>>> other
>>> than the default groups are used.

fixed, again taking advantage of changeableGroups

>>> The handling of time also appears to be done in a way which is not
>>> cross-database compatible,...

I think this is improved, but user_registration is in the schema as a  
string, not a date

>>> and there is raw use of DISTINCT which I
>>> believe we have as a select option.
>>>

now moot
>>> ps: in_array('userrights',$wgUser->getRights()); would best be  
>>> written
>>> as $wgUser->isAllowed('userrights');

fixed.

=====================================
Jim Hu
Associate Professor
Dept. of Biochemistry and Biophysics
2128 TAMU
Texas A&M Univ.
College Station, TX 77843-2128
979-862-4054




More information about the MediaWiki-l mailing list