Manual:Hooks/UserGetRights

UserGetRights
Available from version 1.11.0
Dynamically adds to or removes from a user the rights implied by their group membership
Define function:
public static function onUserGetRights( User $user, array &$aRights ) { ... }
Attach hook: In extension.json:
{
	"Hooks": {
		"UserGetRights": "MediaWiki\\Extension\\MyExtension\\Hooks::onUserGetRights"
	}
}
Called from: File(s): Permissions/PermissionManager.php
Function(s): getUserPermissions
Interface: UserGetRightsHook.php

For more information about attaching hooks, see Manual:Hooks .
For examples of extensions using this hook, see Category:UserGetRights extensions/en.

Details

  • $user - User object
  • $aRights - array of user rights

Use cases

The UserGetRights hook permits the implementation of a user rights scheme along side of MediaWiki's built-in group-based permissions architecture. It can be used to create extensions that

  • implement a hierarchical group system where groups can inherit rights from a collection of groups.
  • implement an exclude rights rule - users are associated with groups whose rights the do not have.
  • add or exclude rights associated with a user rather than a group
  • define context based rights - e.g. the same user might have different rights depending on whether they are accessing the wiki via :localhost:, via a VPN, or via the public internet.
  • any other scheme available to the programmer's imagination

Background

MediaWiki's built-in permissions architecture uses group-based permissions. Users are assigned to groups; groups are assigned rights; users inherit rights from every group to which they are assigned. This hook can be used to override or supplement the core permissions architecture.

Usage

Hooks modify the rights available to the user by adding or removing elements to $aRights. The hook should always return true so that other functions attached to this hook will have a chance to run.

Removing rights with this hook can be problematic as there is no guarantee another hook handler won't re-add them. The UserGetRightsRemove hook, called immediately after UserGetRights, can be used for that.

See also