Manual:Hooks/UserGetRights

From mediawiki.org
UserGetRights
Available from version 1.11.0
Dynamically adds to or removes from a user the rights implied by their group membership
Define function:
public static function onUserGetRights( User $user, array &$aRights ) { ... }
Attach hook: In extension.json:
{
	"Hooks": {
		"UserGetRights": "MediaWiki\\Extension\\MyExtension\\Hooks::onUserGetRights"
	}
}
Called from: File(s): Permissions/PermissionManager.php
Function(s): getUserPermissions
Interface: UserGetRightsHook.php

For more information about attaching hooks, see Manual:Hooks .
For examples of extensions using this hook, see Category:UserGetRights extensions.

Details[edit]

  • $user - User object
  • $aRights - array of user rights

Use cases[edit]

The UserGetRights hook permits the implementation of a user rights scheme along side of MediaWiki's built-in group-based permissions architecture. It can be used to create extensions that

  • implement a hierarchical group system where groups can inherit rights from a collection of groups.
  • implement an exclude rights rule - users are associated with groups whose rights the do not have.
  • add or exclude rights associated with a user rather than a group
  • define context based rights - e.g. the same user might have different rights depending on whether they are accessing the wiki via :localhost:, via a VPN, or via the public internet.
  • any other scheme available to the programmer's imagination

Background[edit]

MediaWiki's built-in permissions architecture uses group-based permissions. Users are assigned to groups; groups are assigned rights; users inherit rights from every group to which they are assigned. This hook can be used to override or supplement the core permissions architecture.

Usage[edit]

Hooks modify the rights available to the user by adding or removing elements to $aRights. The hook should always return true so that other functions attached to this hook will have a chance to run.

Removing rights with this hook can be problematic as there is no guarantee another hook handler won't re-add them. The UserGetRightsRemove hook, called immediately after UserGetRights, can be used for that.

See also[edit]