Page MenuHomePhabricator

Improve support for read access restriction / access control
Closed, DuplicatePublic



There are a lot of extension using the userCan hook for access control. Yet there are still parts of the core where userCan is not considered. This is true in particular for read access. For example, afaik, QueryPages do not consider read access. Quite often, this is as simple as adding a userCan hook call. I'm not proposing to make Mediawiki read access bullet proof, but to fix the most obvious read access holes.

Who would benefit

Extension developers who need to implement access control for their mediawikis

Proposed solution

We can use this list as a basis: . It needs to be updated to the current state of MediaWiki. Then the open questions / issues can be addressed in the code. Ideally, at the end we have a positive list of which pages / actions consider read access.

Event Timeline

This proposal is selected for the Developer-Wishlist voting round and will be added to a MediaWiki page very soon. To the subscribers, or proposer of this task: please help modify the task description: add a brief summary (10-12 lines) of the problem that this proposal raises, topics discussed in the comments, and a proposed solution (if there is any yet). Remember to add a header with a title "Description," to your content. Please do so before February 5th, 12:00 pm UTC.

This is primarily of interest to third parties, but there are some Wikimedia use cases. Abuse filters are an example of a special page that makes a lot of effort to simulate page content behavior (edit history, diffs, deletion, etc) and still gets fairly crappy results, so it would make sense to turn filters into wiki pages. Except some filters are not supposed to be visible to all users, and currently wiki pages can't reliably do that. Also requiring a private wiki for every wiki that needs private discussion / documentation (like enwiki arbcom) is not so great.

The IntraACL patch list seems like a good starting point. Maybe the one for Lockdown too, although that seems less maintained.

Besides IntraACL, Lockdown/NSFileRepo and AccessControl look pretty well-maintained, those might be a good basis for reviewing what might or might not be supported today.