X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2Fapi%2FApiQueryUsers.php;h=d0d0f08223091b723ce8eb8904a7e314562f4986;hb=3b658a2dd3339dce93ad74984eb0120f6c50ccd9;hp=1511f78fcef17fcb9395f836da15eb9816f76907;hpb=27ca77bdd2512a27c58547d810a5206cc4c12b22;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/api/ApiQueryUsers.php b/includes/api/ApiQueryUsers.php
index 1511f78fce..d0d0f08223 100644
--- a/includes/api/ApiQueryUsers.php
+++ b/includes/api/ApiQueryUsers.php
@@ -33,7 +33,24 @@ class ApiQueryUsers extends ApiQueryBase {
 
 	private $tokenFunctions, $prop;
 
-	public function __construct( $query, $moduleName ) {
+	/**
+	 * Properties whose contents does not depend on who is looking at them. If the usprops field
+	 * contains anything not listed here, the cache mode will never be public for logged-in users.
+	 * @var array
+	 */
+	protected static $publicProps = array(
+		// everything except 'blockinfo' which might show hidden records if the user
+		// making the request has the appropriate permissions
+		'groups',
+		'implicitgroups',
+		'rights',
+		'editcount',
+		'registration',
+		'emailable',
+		'gender',
+	);
+
+	public function __construct( ApiQuery $query, $moduleName ) {
 		parent::__construct( $query, $moduleName, 'us' );
 	}
 
@@ -271,7 +288,13 @@ class ApiQueryUsers extends ApiQueryBase {
 	}
 
 	public function getCacheMode( $params ) {
-		return isset( $params['token'] ) ? 'private' : 'anon-public-user-private';
+		if ( isset( $params['token'] ) ) {
+			return 'private';
+		} elseif ( array_diff( (array)$params['prop'], static::$publicProps ) ) {
+			return 'anon-public-user-private';
+		} else {
+			return 'public';
+		}
 	}
 
 	public function getAllowedParams() {