After Authority is available from IContextSource T271460 we can try converting a ApiBase and action API modules to using it instead of PermissionManager.
Description
Details
Project | Branch | Lines +/- | Subject | |
---|---|---|---|---|
mediawiki/core | master | +141 -182 | Use Authority and GroupPermissionLookup in Action API |
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Open | None | T218674 User::getRights() applies session rights restrictions to non-session users | |||
Open | None | T180888 All permission checks should be able to return a custom error message | |||
Open | None | T231930 Introduce Authority objects to represent the user performing a given action | |||
Resolved | CCicalese_WMF | T271462 Experiment with converting action API modules to Authority | |||
Open | None | T271854 Convert Action API tests in core to use authority directly |
Event Timeline
Change 655438 had a related patch set uploaded (by Cicalese; owner: Cicalese):
[mediawiki/core@master] EXPERIMENT Use Authority in Action API
An experimental patch (https://gerrit.wikimedia.org/r/c/mediawiki/core/+/655438) converts the bulk of the Action API code to use Authority rather than PermissionManager.
The ApiCheckCanExecute hook still needs to be converted to use Authority rather than User.
The remaining usages of PermissionManager in the Action API code are calls to the following functions: isBlockedFrom(), isEveryoneAllowed( 'read' ), getAllPermissions(), and getUserPermissions(). In addition, in the tests, addTemporaryUserRights() and invalidateUserRightsCache() are called.
There are also calls to a couple of other core functions external to the Action API that should take Authority rather then User eventually: ChangeTags::canAddTagsAccompanyingChange() and MovePage::checkPermissions().
Change 655438 merged by jenkins-bot:
[mediawiki/core@master] Use Authority and GroupPermissionLookup in Action API