Manual:Hooks/userCan
File:OOjs UI icon alert-destructive.svg | <translate>
This deprecated feature should no longer be used, but is still available for reasons of backwards compatibility. This feature was deprecated in version <tvar name=ver>1.37.0</tvar>.</translate> <translate> Please see <tvar name=page>getUserPermissionsErrors</tvar> for an alternative way to use this feature.</translate> |
userCan | |
---|---|
<translate> Available from <tvar name=1><translate> version <tvar </tvar></translate> To interrupt/advise the "user can do X to Y article" check | |
<translate> Define function:</translate> | public static function onuserCan( $title, $user, $action, &$result ) { ... }
|
<translate> Attach hook:</translate> | <translate> In <tvar name=1>extension.json</tvar>:</translate>
{
"Hooks": {
"userCan": "MediaWiki\\Extension\\MyExtension\\Hooks::onuserCan"
}
}
|
<translate> Called from:</translate> | <translate> File(s):</translate> Permissions/PermissionManager.php |
<translate> Interface:</translate> | userCanHook.php |
<translate> For more information about attaching hooks, see <tvar name=1>Manual:Hooks </tvar>.</translate>
<translate> For examples of extensions using this hook, see <tvar name=cat>Category:userCan extensions</tvar>.</translate>
Details
$title
reference to the title in question (see the use in $IP/includes/Title.php)
$user
reference to the current user (see the use in $IP/includes/Title.php)
$action
action (string) concerning the title in question
$result
- reference to the result propagated along the chain of hooks (see $IP/includes/Hooks.php)
- $result can be left untouched, or set to
true
orfalse
, according to the opinion of the particular hook function - true means that the user is allowed, and false means that the $user is disallowed for the $action concerning the $title
- leaving untouched means that the hook function has no opinion about the situation
return value of the hook function
- the individual hook functions of the possibly nested list of hooks are processed in order of their natural occurrence, from the beginning until either the end of the list is reached, or the current hook function doesn't return
true
- a particular hook function on the list will stop the processing, if it returns
false
.
intentional side effect of the chain of hook function
- $result given by reference to each hook function contains the resulting opinion of the hook functions processed so far
- to be the first in the list of hooks has the disadvantage, that later hook functions have the opportunity to change the $result
- to be the last in the list of hooks has the disadvantage, that the processing of the hooks will simply not reach that point, hence less chance to have an impact on the $result
The final decision concerning the $title - $user - $action triple is the value can be found in $result, when the processing of the list of hooks is finished.
Risk of returning a string value
Limitations
Table of combinations
return true | return false | |
---|---|---|
$result = true | User should be allowed to proceed. Later functions can override. |
User should be allowed to proceed. Later functions not consulted. |
$result = false | User should not be allowed to proceed. Later functions can override. |
User should not be allowed to proceed. Later functions not consulted. |
$result untouched | Decision depends on the other hooks, or other internal decision. Later functions can override. |
Decision depends on the previous hooks, or other internal decision. Later functions not consulted. |
See also
- UserCanSendEmail
- TitleReadWhitelist - to allow user to read specific pages
- UserGetRights - for hooking into non-title-specific permission checks
- getUserPermissionsErrors - for a similar hook that can also return a message