Manual:フック/userCan

From mediawiki.org
Jump to navigation Jump to search
This page is a translated version of the page Manual:Hooks/userCan and the translation is 11% complete.
Other languages:
English • ‎Türkçe • ‎español • ‎čeština • ‎日本語
userCan
バージョン 1.6.0 から利用可能
To interrupt/advise the "user can do X to Y article" check
関数の定義:
public static function onuserCan( $title, $user, $action, &$result ) { ... }
フックのアタッチ:

extension.json 内:

{
	"Hooks": {
		"userCan": "MyExtensionHooks::onuserCan"
	}
}
呼び出し元:ファイル: Permissions/PermissionManager.php
インターフェイス:userCanHook.php

フックの設定についての詳細情報は Manual:フック を参照してください。
このフックを使用する拡張機能の例については、Category:userCan extensions/ja を参照してください。

詳細

$title

reference to the title in question (see the use in $IP/includes/Title.php)

$user

reference to the current user (see the use in $IP/includes/Title.php)

$action

action (string) concerning the title in question

$result

  • reference to the result propagated along the chain of hooks (see $IP/includes/Hooks.php)
  • $result can be left untouched, or set to true or false, according to the opinion of the particular hook function
  • true means that the user is allowed, and false means that the $user is disallowed for the $action concerning the $title
  • leaving untouched means that the hook function has no opinion about the situation

return value of the hook function

  • the individual hook functions of the possibly nested list of hooks are processed in order of their natural occurrence, from the beginning until either the end of the list is reached, or the current hook function doesn't return true
  • a particular hook function on the list will stop the processing, if it returns false.

intentional side effect of the chain of hook function

  • $result given by reference to each hook function contains the resulting opinion of the hook functions processed so far
  • to be the first in the list of hooks has the disadvantage, that later hook functions have the opportunity to change the $result
  • to be the last in the list of hooks has the disadvantage, that the processing of the hooks will simply not reach that point, hence less chance to have an impact on the $result

The final decision concerning the $title - $user - $action triple is the value can be found in $result, when the processing of the list of hooks is finished.

Risk of returning a string value

Unlike most other hooks, you cannot return a string value from the userCan hook. Normally, returning a string value will cause an error page to be displayed, containing the returned string. However, the process of displaying the error page calls the userCan hook to determine the available UI elements, and so returning a string from this function will cause an infinite recursion! This was tested on v1.6.10 and may have subsequently been fixed.

制限

警告 警告: Even if a user doesn't have access rights to read a given article, that article can still appear in lists (e.g. recent changes list, search lists, etc). Security issues with authorization extensions を参照してください。

Table of combinations

return true return false
$result = true User should be allowed to proceed.

Later functions can override.

User should be allowed to proceed.

Later functions not consulted.

$result = false User should not be allowed to proceed.

Later functions can override.

User should not be allowed to proceed.

Later functions not consulted.

$result untouched Decision depends on the other hooks, or other internal decision.

Later functions can override.

Decision depends on the previous hooks, or other internal decision.

Later functions not consulted.
Check, whether $result has already a boolean value.

関連項目