For OAuth, we added a hook to User::isEveryoneAllowed() to remove rights on OAuth wikis, since "everyone" (including an api request by an OAuth consumer) may not be able to do everything.
However, lots of places in the code, we use User::isEveryoneAllowed( 'read' ) to decide if this is a private wiki, and if so, disable caching (ApiMain, RawAction) or do more extensive checks (Title).
I'm worried enabling OAuth may have larger performance impact in general. Should onUserIsEveryoneAllowed return true for 'read' if the wiki is public?
Version: master
Severity: blocker