This is a static dump of issues in the old "Flyspray" bugtracker for DokuWiki. Bugs and feature requests
are now tracked at the issue tracker at Github.
Closed
Fixed
FS#2919 authmysql plugin "retrieveusers" limit behaves differently from authplain
ACL & Authentication
2014-01-21pscs
With the standard authplain authenticator, the 'retrieveUsers' function returns all matching users if the limit parameter is set to 0
With the authmysql plugin, the function returns zero users if the limit parameter is set to 0
To fix this, I added the following code to the start of the retrieveUsers function in authmysql\auth.php
The retrieveUsers method is supposed to implement:
public function retrieveUsers($start = 0, $limit = -1, $filter = null);
And each of the auth plugins are like this:
authad/auth.php: public function retrieveUsers($start = 0, $limit = -1, $filter = array()) {
authldap/auth.php: function retrieveUsers($start = 0, $limit = -1, $filter = array()) {
authmysql/auth.php: public function retrieveUsers($first = 0, $limit = 10, $filter = array()) {
authpgsql/auth.php: public function retrieveUsers($first = 0, $limit = 10, $filter = array()) {
authplain/auth.php: public function retrieveUsers($start = 0, $limit = 0, $filter = array()) {
Should all of these have the same default value for $limit? I would think that -1 should mean 'no limit', but 0 should mean 'actually return zero items' (which, yes, is perhaps a bit silly). Does that make sense?
Anyway, with regard to the issue at hand: should the LIMIT clause only be added if $limit is an integer greater than -1? That seems to make sense.
2014-02-15pscs
I would agree with the concept that '-1 means unlimited'. However, the reason I encountered the problem was because another plugin called the retrieveUsers function with a limit of 0 - which worked fine with the default authplain authenticator. Then, when I switched to authmysql, it stopped working. I suspect other plugins will have the same issue, since (I suspect) most will have been tested only against authplain. So, there is an argument that 'authplain's behaviour should be considered the correct behaviour (or risk breaking lots of other plugins).
Given that a limit of 0 doesn't really make sense, and the authplain behaviour is to treat that as unlimited, it may be less likely to break existing code if <=0 means unlimited. It could potentially break some code which pages through the users, and doesn't correctly check for the end condition, but that would currently break with the default authenticator anyway.
It's not my decision - just making an observation :-)
2014-02-15andi
Yeah I think it makes sense to treat <=0 as unlimited.
2014-02-15andi
Correctly implemented the LIMIT clause should be omitted when <=0 instead of trying to come up with a huge number ;-). When doing, keep in mind that authpgsql inherits from authmysql and might need slightly different LIMIT handling.