Manual:Hooks/TitleQuickPermissions

From Linux Web Expert

TitleQuickPermissions
<translate> Available from <tvar name=1><translate> version <tvar (Gerrit change 52910)</tvar></translate>
Called from Title::checkQuickPermissions to allow skipping checking quick Title permissions (e.g., the 'delete' permission).
<translate> Define function:</translate>
public static function onTitleQuickPermissions( $title, $user, $action, &$errors, $doExpensiveQueries, $short ) { ... }
<translate> Attach hook:</translate> <translate> In <tvar name=1>extension.json</tvar>:</translate>
{
	"Hooks": {
		"TitleQuickPermissions": "MediaWiki\\Extension\\MyExtension\\Hooks::onTitleQuickPermissions"
	}
}
<translate> Called from:</translate> <translate> File(s):</translate> Permissions/PermissionManager.php
<translate> Interface:</translate> TitleQuickPermissionsHook.php

<translate> For more information about attaching hooks, see <tvar name=1>Manual:Hooks </tvar>.</translate>
<translate> For examples of extensions using this hook, see <tvar name=cat>Category:TitleQuickPermissions extensions</tvar>.</translate>


Details

The Title class has a number of functions for checking if a user has permissions to do a certain task on that Title. An outside caller will use the function Title::userCan, which then internally calls a series of permissions checks. Quick permissions are checked first in the Title::checkQuickPermissions function. Quick permissions are the most basic of permissions needed to perform an action. For example, if checking if a user can edit a page, seeing if they have the 'edit' permission is a quick permission check. Only after quick permissions are checked will the Title class proceed to more intensive checks, such as page protection.

This hook allows early abortion from the Title::checkQuickPermissions function. It can be used to either: do custom quick permission checks, and abort early if an extension determines the user is not allowed to perform the action; override the quick permissions checks, and allow a user who would normally not be allowed to do something, do something.

Parameters

The parameters are:

  • $title is the Title object being checked
  • $user is the User object performing the action
  • $action is the action being performed
  • &$errors is an array of permissions errors, each in the form of an array of a message key and parameters (e.g., array( 'my-message', 'param1' ))
  • $doExpensiveQueries is a boolean indicating whether the caller wants permissions checks that involve expensive queries to be performed, or if they should be skipped
  • $short is a boolean indicating whether the caller wants all permissions checks to be performed (meaning the caller wants a list of all the errors), or if the process should abort upon reaching the first error (meaning the caller just wants to know if the user can perform the action, and does not care why)

Returning false from this hook will cause the remainder of the quick permissions checks to not be evaluated.

See also