- if ( is_null( $this->mRights ) ) {
- $this->mRights = self::getGroupPermissions( $this->getEffectiveGroups() );
- Hooks::run( 'UserGetRights', [ $this, &$this->mRights ] );
-
- // Deny any rights denied by the user's session, unless this
- // endpoint has no sessions.
- if ( !defined( 'MW_NO_SESSION' ) ) {
- $allowedRights = $this->getRequest()->getSession()->getAllowedUserRights();
- if ( $allowedRights !== null ) {
- $this->mRights = array_intersect( $this->mRights, $allowedRights );
- }
- }
-
- Hooks::run( 'UserGetRightsRemove', [ $this, &$this->mRights ] );
- // Force reindexation of rights when a hook has unset one of them
- $this->mRights = array_values( array_unique( $this->mRights ) );
-
- // If block disables login, we should also remove any
- // extra rights blocked users might have, in case the
- // blocked user has a pre-existing session (T129738).
- // This is checked here for cases where people only call
- // $user->isAllowed(). It is also checked in Title::checkUserBlock()
- // to give a better error message in the common case.
- $config = RequestContext::getMain()->getConfig();
- // @TODO Partial blocks should not prevent the user from logging in.
- // see: https://phabricator.wikimedia.org/T208895
- if (
- $this->isLoggedIn() &&
- $config->get( 'BlockDisablesLogin' ) &&
- $this->getBlock()
- ) {
- $anon = new User;
- $this->mRights = array_intersect( $this->mRights, $anon->getRights() );
- }
- }
- return $this->mRights;