+ /**
+ * Check that the user is allowed to read this page.
+ *
+ * @param $action String the action to check
+ * @param $user User to check
+ * @param $errors Array list of current errors
+ * @param $doExpensiveQueries Boolean whether or not to perform expensive queries
+ * @param $short Boolean short circuit on first error
+ *
+ * @return Array list of errors
+ */
+ private function checkReadPermissions( $action, $user, $errors, $doExpensiveQueries, $short ) {
+ static $useShortcut = null;
+
+ # Initialize the $useShortcut boolean, to determine if we can skip quite a bit of code below
+ if ( is_null( $useShortcut ) ) {
+ global $wgGroupPermissions, $wgRevokePermissions;
+ $useShortcut = true;
+ if ( empty( $wgGroupPermissions['*']['read'] ) ) {
+ # Not a public wiki, so no shortcut
+ $useShortcut = false;
+ } elseif ( !empty( $wgRevokePermissions ) ) {
+ /**
+ * Iterate through each group with permissions being revoked (key not included since we don't care
+ * what the group name is), then check if the read permission is being revoked. If it is, then
+ * we don't use the shortcut below since the user might not be able to read, even though anon
+ * reading is allowed.
+ */
+ foreach ( $wgRevokePermissions as $perms ) {
+ if ( !empty( $perms['read'] ) ) {
+ # We might be removing the read right from the user, so no shortcut
+ $useShortcut = false;
+ break;
+ }
+ }
+ }
+ }
+
+ # Shortcut for public wikis, allows skipping quite a bit of code
+ if ( $useShortcut ) {
+ return $errors;
+ }
+
+ # If the user is allowed to read pages, he is allowed to read all pages
+ if ( $user->isAllowed( 'read', $this->mNamespace ) ) {
+ return $errors;
+ }
+
+ # Always grant access to the login page.
+ # Even anons need to be able to log in.
+ if ( $this->isSpecial( 'Userlogin' ) || $this->isSpecial( 'ChangePassword' ) ) {
+ return $errors;
+ }
+
+ # Time to check the whitelist
+ global $wgWhitelistRead;
+
+ # Only to these checks is there's something to check against
+ if ( is_array( $wgWhitelistRead ) && count( $wgWhitelistRead ) ) {
+ # Check for explicit whitelisting
+ $name = $this->getPrefixedText();
+ $dbName = $this->getPrefixedDBKey();
+
+ // Check with and without underscores
+ if ( in_array( $name, $wgWhitelistRead, true ) || in_array( $dbName, $wgWhitelistRead, true ) ) {
+ return $errors;
+ }
+
+ # Old settings might have the title prefixed with
+ # a colon for main-namespace pages
+ if ( $this->getNamespace() == NS_MAIN ) {
+ if ( in_array( ':' . $name, $wgWhitelistRead ) ) {
+ return $errors;
+ }
+ }
+
+ # If it's a special page, ditch the subpage bit and check again
+ if ( $this->isSpecialPage() ) {
+ $name = $this->getDBkey();
+ list( $name, /* $subpage */ ) = SpecialPageFactory::resolveAlias( $name );
+ if ( $name !== false ) {
+ $pure = SpecialPage::getTitleFor( $name )->getPrefixedText();
+ if ( in_array( $pure, $wgWhitelistRead, true ) ) {
+ return $errors;
+ }
+ }
+ }
+ }
+
+ $errors[] = $this->missingPermissionError( $action, $short );
+ return $errors;
+ }
+
+ /**
+ * Get a description array when the user doesn't have the right to perform
+ * $action (i.e. when User::isAllowed() returns false)
+ *
+ * @param $action String the action to check
+ * @param $short Boolean short circuit on first error
+ * @return Array list of errors
+ */
+ private function missingPermissionError( $action, $short ) {
+ // We avoid expensive display logic for quickUserCan's and such
+ if ( $short ) {
+ return array( 'badaccess-group0' );
+ }
+
+ $groups = array_map( array( 'User', 'makeGroupLinkWiki' ),
+ User::getGroupsWithPermission( $action, $this->mNamespace ) );
+
+ if ( count( $groups ) ) {
+ global $wgLang;
+ return array(
+ 'badaccess-groups',
+ $wgLang->commaList( $groups ),
+ count( $groups )
+ );
+ } else {
+ return array( 'badaccess-group0' );
+ }
+ }
+