Jump to content

Manual:Hooks/userCan

From mediawiki.org
userCan
Available from version 1.6.0
To interrupt/advise the "user can do X to Y article" check
Define function:
public static function onuserCan( $title, $user, $action, &$result ) { ... }
Attach hook: In extension.json:
{
	"Hooks": {
		"userCan": "MediaWiki\\Extension\\MyExtension\\Hooks::onuserCan"
	}
}
Called from: File(s): Permissions/PermissionManager.php
Interface: userCanHook.php

For more information about attaching hooks, see Manual:Hooks .
For examples of extensions using this hook, see Category:userCan extensions.

Details

[edit]

$title

[edit]

reference to the title in question (see the use in $IP/includes/Title.php)

$user

[edit]

reference to the current user (see the use in $IP/includes/Title.php)

$action

[edit]

action (string) concerning the title in question

$result

[edit]
  • reference to the result propagated along the chain of hooks (see $IP/includes/Hooks.php)
  • $result can be left untouched, or set to true or false, according to the opinion of the particular hook function
  • true means that the user is allowed, and false means that the $user is disallowed for the $action concerning the $title
  • leaving untouched means that the hook function has no opinion about the situation

return value of the hook function

[edit]
  • the individual hook functions of the possibly nested list of hooks are processed in order of their natural occurrence, from the beginning until either the end of the list is reached, or the current hook function doesn't return true
  • a particular hook function on the list will stop the processing, if it returns false.

intentional side effect of the chain of hook function

[edit]
  • $result given by reference to each hook function contains the resulting opinion of the hook functions processed so far
  • to be the first in the list of hooks has the disadvantage, that later hook functions have the opportunity to change the $result
  • to be the last in the list of hooks has the disadvantage, that the processing of the hooks will simply not reach that point, hence less chance to have an impact on the $result

The final decision concerning the $title - $user - $action triple is the value can be found in $result, when the processing of the list of hooks is finished.

Risk of returning a string value

[edit]
Unlike most other hooks, you cannot return a string value from the userCan hook. Normally, returning a string value will cause an error page to be displayed, containing the returned string. However, the process of displaying the error page calls the userCan hook to determine the available UI elements, and so returning a string from this function will cause an infinite recursion! This was tested on v1.6.10 and may have subsequently been fixed.

Limitations

[edit]
Warning Warning: Even if a user doesn't have access rights to read a given article, that article can still appear in lists (e.g. recent changes list, search lists, etc). See Security issues with authorization extensions .

Table of combinations

[edit]
return true return false
$result = true User should be allowed to proceed.

Later functions can override.

User should be allowed to proceed.

Later functions not consulted.

$result = false User should not be allowed to proceed.

Later functions can override.

User should not be allowed to proceed.

Later functions not consulted.

$result untouched Decision depends on the other hooks, or other internal decision.

Later functions can override.

Decision depends on the previous hooks, or other internal decision.

Later functions not consulted.
Check, whether $result has already a boolean value.

See also

[edit]