The UserGroupManager service does not validate that the given UserIdentity instances are for the same wiki as the database the UserGroupManager is set up for.
At the moment all UserIdentity instances given to the UserGroupManager must have the LOCAL wiki id (happens when create UserIdentityValue without the third parameter) or the implementation of UserIdentity::getId does not validate the wiki id (like happens for UserRightsProxy).
The first patch set with assertion (b565ab8) fails on CentralAuth (T337194).
To allow the transition the idea is:
- Call UserIdentity::getId with the wiki id of the identity itself (UserIdentity::getId( UserIdentity::getWikiId() )) to avoid breaking the code when caller starts to provide correct identities
- Convert the callers to provide correct user identites (only known is CentralAuth)
- Replace the code from 1. with a proper call to UserIdentity::assertWiki and use the wiki id of the UserGroupManager for it (as done in the first patch set for assertion).
The UserGroupManager was created in 1.35 (40b88d6), while UserIdentity are wiki aware since 1.36 (5576727)