The 'rollback' permission now only affects whether rollback is made available through...

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 4f3ba94..0e6a9e4 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -35,6 +35,11 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
 * New permission userrights-interwiki for changing user rights on foreign wikis.
 * $wgImplictGroups for groups that are hidden from Special:Listusers, etc.
 * $wgAutopromote: automatically promote users who match specified criteria
+* The 'rollback' permission now only affects whether rollback is made available
+  through the interface.  Users without the rollback permission can still use
+  it by generating the proper token through, e.g., a script.  This does nothing
+  but allow automated rollback scripts to operate more efficiently, without al-
+  lowing them to do anything extra.
 
 === New features in 1.12 ===
 * (bug 10735) Add a warning for non-descriptive filenames at Special:Upload

diff --git a/includes/Article.php b/includes/Article.php
index 37a836e..34ea259 100644 (file)
--- a/includes/Article.php
+++ b/includes/Article.php
@@ -2265,9 +2265,13 @@ class Article {
        }
 
        /**
-        * Roll back the most recent consecutive set of edits to a page
-        * from the same user; fails if there are no eligible edits to
-        * roll back to, e.g. user is the sole contributor
+        * Roll back the most recent consecutive set of edits to a page from the
+        * same user; fails if there are no eligible edits to roll back to, e.g.
+        * user is the sole contributor.
+        *
+        * FIXME: We shouldn't do permissions checking here; that should be done in
+        * a wrapper so that server-side scripts can use this if they know what
+        * they're doing.
         *
         * @param string $fromP - Name of the user whose edits to rollback. 
         * @param string $summary - Custom summary. Set to default summary if empty.
@@ -2286,7 +2290,7 @@ class Article {
 
                # Just in case it's being called from elsewhere         
 
-               if( $wgUser->isAllowed( 'rollback' ) && $this->mTitle->userCan( 'edit' ) ) {
+               if( $this->mTitle->userCan( 'edit' ) ) {
                        if( $wgUser->isBlocked() ) {
                                return self::BLOCKED;
                        }
@@ -2391,10 +2395,8 @@ class Article {
 
                $details = null;
 
-               # Skip the permissions-checking in doRollback() itself, by checking permissions here.
-
-               $perm_errors = array_merge( $this->mTitle->getUserPermissionsErrors( 'edit', $wgUser ),
-                                               $this->mTitle->getUserPermissionsErrors( 'rollback', $wgUser ) );
+               # We do permissions checking twice, for some reason . . .
+               $perm_errors = $this->mTitle->getUserPermissionsErrors( 'edit', $wgUser );
 
                if (count($perm_errors)) {
                        $wgOut->showPermissionsErrorPage( $perm_errors );
@@ -2414,7 +2416,7 @@ class Article {
                                $wgOut->blockedPage();
                                break;
                        case self::PERM_DENIED:
-                               $wgOut->permissionRequired( 'rollback' );
+                               $wgOut->permissionRequired( 'edit' );
                                break;
                        case self::READONLY:
                                $wgOut->readOnlyPage( $this->getContent() );