From b1b49af536fe4f78dfed4f33aba76a163df259bf Mon Sep 17 00:00:00 2001
From: Kunal Mehta <legoktm@gmail.com>
Date: Wed, 16 Oct 2013 15:27:59 -0700
Subject: [PATCH] Merge AssertEdit extension into core

Added &assert=user and &assert=bot for all API modules.

Some functionality was dropped:
* assert='exists': the edit API already has &nocreate/&createonly
* nassert parameter: there is no usecase for checking that your
  account is logged out or not flagged
* assert=true/false: If you want to test a failing assertion, log out
* assert=test: Not useful
* Checking edits via index.php

The error format was changed from:
{"edit": {"assert": "bot", "result": "Failure"}}
to the standard format of API errors in an 'errors' array
using the codes: 'assertuserfailed' and 'assertbotfailed'.

Bug: 27841
Bug: 53106
Change-Id: Ia4815168548fea3dbf1c305792a451374f2a3b7e
---
 RELEASE-NOTES-1.23       |  6 ++++++
 includes/api/ApiMain.php | 30 ++++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+)

diff --git a/RELEASE-NOTES-1.23 b/RELEASE-NOTES-1.23
index 2a0f673c96..afa7efd111 100644
--- a/RELEASE-NOTES-1.23
+++ b/RELEASE-NOTES-1.23
@@ -65,6 +65,10 @@ production.
   its #test method when strings are used in the browser map: version '1.10' is
   now correctly considered larger than '1.2'. Using numbers in the version map
   is not affected.
+* All API modules now support an assert parameter, which can either be
+  'user' or 'bot'. The API will throw an error if the user is not logged
+  in (user) or does not have the 'bot' userright (bot). Based off of the
+  AssertEdit extension by Steve Sanbeg.
 
 === Bug fixes in 1.23 ===
 * (bug 41759) The "updated since last visit" markers (on history pages, recent
@@ -104,6 +108,8 @@ production.
 * ApiQueryBase::titlePartToKey allows an extra parameter that indicates the
   namespace in order to properly capitalize the title part.
 * (bug 57874) action=feedcontributions no longer has one item more than limit.
+* All API modules now support an assert parameter. See the new features section
+  for more details.
 
 === Languages updated in 1.23 ===
 
diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php
index 829ba6f4d6..f69d3ffaa1 100644
--- a/includes/api/ApiMain.php
+++ b/includes/api/ApiMain.php
@@ -815,6 +815,28 @@ class ApiMain extends ApiBase {
 		}
 	}
 
+	/**
+	 * Check asserts of the user's rights
+	 * @param $params array
+	 */
+	protected function checkAsserts( $params ) {
+		if ( isset( $params['assert'] ) ) {
+			$user = $this->getUser();
+			switch ( $params['assert'] ) {
+				case 'user':
+					if ( $user->isAnon() ) {
+						$this->dieUsage( 'Assertion that the user is logged in failed', 'assertuserfailed' );
+					}
+					break;
+				case 'bot':
+					if ( !$user->isAllowed( 'bot' ) ) {
+						$this->dieUsage( 'Assertion that the user has the bot right failed', 'assertbotfailed' );
+					}
+					break;
+			}
+		}
+	}
+
 	/**
 	 * Check POST for external response and setup result printer
 	 * @param $module ApiBase An Api module
@@ -857,6 +879,8 @@ class ApiMain extends ApiBase {
 			$this->setupExternalResponse( $module, $params );
 		}
 
+		$this->checkAsserts( $params );
+
 		// Execute
 		$module->profileIn();
 		$module->execute();
@@ -1046,6 +1070,9 @@ class ApiMain extends ApiBase {
 				ApiBase::PARAM_TYPE => 'integer',
 				ApiBase::PARAM_DFLT => 0
 			),
+			'assert' => array(
+				ApiBase::PARAM_TYPE => array( 'user', 'bot' )
+			),
 			'requestid' => null,
 			'servedby' => false,
 			'origin' => null,
@@ -1071,6 +1098,7 @@ class ApiMain extends ApiBase {
 			),
 			'smaxage' => 'Set the s-maxage header to this many seconds. Errors are never cached',
 			'maxage' => 'Set the max-age header to this many seconds. Errors are never cached',
+			'assert' => 'Verify the user is logged in if set to "user", or has the bot userright if "bot"',
 			'requestid' => 'Request ID to distinguish requests. This will just be output back to you',
 			'servedby' => 'Include the hostname that served the request in the ' .
 				'results. Unconditionally shown on error',
@@ -1143,6 +1171,8 @@ class ApiMain extends ApiBase {
 			array( 'code' => 'unknown_action', 'info' => 'The API requires a valid action parameter' ),
 			array( 'code' => 'maxlag', 'info' => 'Waiting for host: x seconds lagged' ),
 			array( 'code' => 'maxlag', 'info' => 'Waiting for a database server: x seconds lagged' ),
+			array( 'code' => 'assertuserfailed', 'info' => 'Assertion that the user is logged in failed' ),
+			array( 'code' => 'assertbotfailed', 'info' => 'Assertion that the user has the bot right failed' ),
 		) );
 	}
 
-- 
2.20.1