Manual:Hooks/UserGetRights
UserGetRights | |
---|---|
Available from version 1.11.0 Dynamically adds to or removes from a user the rights implied by their group membership | |
Define function: | public static function onUserGetRights( User $user, array &$aRights ) { ... }
|
Attach hook: | In extension.json:
{
"Hooks": {
"UserGetRights": "MediaWiki\\Extension\\MyExtension\\Hooks::onUserGetRights"
}
}
|
Called from: | File(s): Permissions/PermissionManager.php Function(s): getUserPermissions |
Interface: | UserGetRightsHook.php |
For more information about attaching hooks, see Manual:Hooks .
For examples of extensions using this hook, see Category:UserGetRights extensions/en.
Details
- $user - User object
- $aRights - array of user rights
Use cases
The UserGetRights
hook permits the implementation of a user rights scheme along side of MediaWiki's built-in group-based permissions architecture.
It can be used to create extensions that
- implement a hierarchical group system where groups can inherit rights from a collection of groups.
- implement an exclude rights rule - users are associated with groups whose rights the do not have.
- add or exclude rights associated with a user rather than a group
- define context based rights - e.g. the same user might have different rights depending on whether they are accessing the wiki via :localhost:, via a VPN, or via the public internet.
- any other scheme available to the programmer's imagination
Background
MediaWiki's built-in permissions architecture uses group-based permissions. Users are assigned to groups; groups are assigned rights; users inherit rights from every group to which they are assigned. This hook can be used to override or supplement the core permissions architecture.
Usage
Hooks modify the rights available to the user by adding or removing elements to $aRights
.
The hook should always return true
so that other functions attached to this hook will have a chance to run.
Removing rights with this hook can be problematic as there is no guarantee another hook handler won't re-add them. The UserGetRightsRemove hook, called immediately after UserGetRights, can be used for that.
See also
- UserGetRightsRemove - for removing rights
- userCan - for more fine-grained permission checks