Topic on Project:Support desk

I'm writing an extension to selectively enable access to the Special:CreateAccount page when a user submits a valid invite code on a wiki where self-registration is normally closed.

After a couple of false starts, I settled on what seems like a simple (possibly even functional and elegant?) solution of intercepting the userCan hook for the "read" action and setting $result to TRUE (and returning FALSE to prevent anything else from overriding it) when there's a valid invite.

I've confirmed that the hook is indeed being called (twice) and accurately detecting the invite code, but... the page still displays:

You do not have permission to do that, for the following reason:
You are not allowed to execute the action you have requested.

Am I going about this the wrong way? Is there some other hook I need to intercept, or something I need to set somewhere?

Thanks.

maybe you also need createaccount rights or something. Adding &uselang=qqx to the url might help you track down which message and thus which part oc code. Enabling debug logging might also have info about which check failed.

Note: the proper solution is probably a custom AuthManager class although that is way more complicated.

1. createaccount rights: I think I already tried bestowing that right, and it made no apparent difference.
2. The message involved ("You are not allowed...") is badaccess-group0, which is unfortunately used in many places. (I can probably track down the exact spot(s) by inserting debug code. Debug logging might also work but might also produce an overwhelming quantity of output to sift through.) The qqq.jsonfile says this message is "Shown when you are not allowed to do something.", which is at least consistent but gives no further clue as to why.
3. AuthManager: as far as I can tell, that's only for handling logins and creating accounts; I don't need to modify any of that behavior, just grant access to existing functionality.

you can use auth manager to have additional checks before creating an account without overriding everything. For example captcha extensions like ConfirmEdit do this.