puhelin09 wrote:

Report to MW Support desk with details and code.

This attachment contains full (I hope!) details of the problem and the relevant code.

Attached:

puhelin09 wrote:

What appears to be the same problem has been reported just below my submission to the Support Desk at http://www.mediawiki.org/wiki/Project:Support_desk/Sections/Extension#Help_please.21_Sysop_users_dont_have_permissions.21. I have asked for further information and will also go now and do some more digging.

puhelin09 wrote:

I've just installed the NamespacePermissions extension and the groups required for that are similarly affected. i.e. I (as Sam.Sexton) am in the ns100RW group, but can't create a page in that namespace. As SS I can do so. So, it looks to be a general group permission problem rather than specific to Sysops and Bureaucrats - as expected, but I thought it best to verify.

puhelin09 wrote:

I've added some debug code to getRights() in User.php and am getting close to the problem:

this->effectiveGroup: *
this->effectiveGroup: user
this->effectiveGroup: autoconfirmed

but I'm now in oodles of groups (as Sam.Sexton):

(first | last) View (previous 50) (next 50) (20 | 50 | 100 | 250 | 500)

• SS ‎(bureaucrat, nsIGRW, sysop)
• Sam.Sexton ‎(bureaucrat, nsARCHRW, nsARCH_TalkRW, nsD3PRIVRW, nsD3PRIV_TalkRW, nsDEVRW, nsDEV_TalkRW, nsDOCRW, nsDOC_TalkRW, nsIGRW, nsIG_TalkRW, sysop)
• West.Sst-noreply
• WikiSysop ‎(bureaucrat, sysop)

(first | last) View (previous 50) (next 50) (20 | 50 | 100 | 250 | 500)

Hmm - I have had a problem with phpMyAdmin reporting the absence of mcrypt (due to build problems which I reported many weeks ago, but have had no response - I'll go back and try again or see if there's a later version). I would be a little surprised if this were related to the problem, but would feel guilty not mentioning it.

puhelin09 wrote:

I've now added some additional code to my hook, to show the real name and groups after loading the user from the database. I really a PHP novice, so it's possible I'm not doing this properly, but the relevant code is:

// Load the existing or newly-created user from the database ...

if ( !$user->loadFromDatabase() ) {
  logTGST("loadFromDatabase failed for user ID $user->mId");
} else { // Additional debugging ...
  logTGST("loadFromDatabase succeeded for user ID $user->mId");
  logTGST("  real name: $user->mRealName");
  logTGST("  groups: $user->mGroups");
}
return $user

and the logged output is:

2009-01-20 15:33:37 loadFromDatabase succeeded for user ID 1004
2009-01-20 15:33:37 real name: Sam Sexton
2009-01-20 15:33:37 groups:

So it would _appear_ that either I'm interpreting what getGroups() does incorrectly, or the group membership is not being recognised correctly. Any suggestions?!

puhelin09 wrote:

I've finally solved this myself - the crucial clue was finding out that in loadFromDatabase(), mGroups is nullified and the assignment of the groups deferred to loadGroups(), which is called by saveToCache() - this in turn is called from loadFromId(), so I added a call to saveToCache() to my hook and at long last, I can see the restricted groups. I will sanitise my code and add it to the discussion page at http://www.mediawiki.org/wiki/Manual:Hooks/UserLoadFromSession so that it can serve as an example of what's needed - adding the call wasn't really too obvious! ;-)

• Bug 17339 has been marked as a duplicate of this bug. ***