From db3d429036eab1d71673f9f66d1017948f083ea2 Mon Sep 17 00:00:00 2001
From: "This, that and the other" <at.light@live.com.au>
Date: Thu, 8 Oct 2015 18:34:27 +1100
Subject: [PATCH] Allow change tags to be added via API action=delete

ApiDelete::delete() and ApiDelete::deleteFile() are altered from public
to protected visibility. This is not believed to affect any extensions.

Also get rid of the token variables, as they are not doing anything useful.

Bug: T108564
Change-Id: I6143043dafa6425a0df4baefe970620cbe69466c
---
 includes/api/ApiDelete.php | 56 ++++++++++++++++++++------------------
 includes/api/i18n/en.json  |  1 +
 includes/api/i18n/qqq.json |  1 +
 3 files changed, 31 insertions(+), 27 deletions(-)

diff --git a/includes/api/ApiDelete.php b/includes/api/ApiDelete.php
index bdf02bf1cc..acb260c50e 100644
--- a/includes/api/ApiDelete.php
+++ b/includes/api/ApiDelete.php
@@ -32,7 +32,7 @@
  */
 class ApiDelete extends ApiBase {
 	/**
-	 * Extracts the title, token, and reason from the request parameters and invokes
+	 * Extracts the title and reason from the request parameters and invokes
 	 * the local delete() function with these as arguments. It does not make use of
 	 * the delete function specified by Article.php. If the deletion succeeds, the
 	 * details of the article deleted and the reason for deletion are added to the
@@ -52,17 +52,31 @@ class ApiDelete extends ApiBase {
 		$reason = $params['reason'];
 		$user = $this->getUser();
 
+		// Check that the user is allowed to carry out the deletion
+		$errors = $titleObj->getUserPermissionsErrors( 'delete', $user );
+		if ( count( $errors ) ) {
+			$this->dieUsageMsg( $errors[0] );
+		}
+
+		// If change tagging was requested, check that the user is allowed to tag,
+		// and the tags are valid
+		if ( count( $params['tags'] ) ) {
+			$tagStatus = ChangeTags::canAddTagsAccompanyingChange( $params['tags'], $user );
+			if ( !$tagStatus->isOK() ) {
+				$this->dieStatus( $tagStatus );
+			}
+		}
+
 		if ( $titleObj->getNamespace() == NS_FILE ) {
 			$status = self::deleteFile(
 				$pageObj,
 				$user,
-				$params['token'],
 				$params['oldimage'],
 				$reason,
 				false
 			);
 		} else {
-			$status = self::delete( $pageObj, $user, $params['token'], $reason );
+			$status = self::delete( $pageObj, $user, $reason );
 		}
 
 		if ( is_array( $status ) ) {
@@ -84,6 +98,11 @@ class ApiDelete extends ApiBase {
 		}
 		$this->setWatch( $watch, $titleObj, 'watchdeletion' );
 
+		// Apply change tags to the log entry, if requested
+		if ( count( $params['tags'] ) ) {
+			ChangeTags::addTags( $params['tags'], null, null, $status->value, null, $user );
+		}
+
 		$r = array(
 			'title' => $titleObj->getPrefixedText(),
 			'reason' => $reason,
@@ -92,32 +111,16 @@ class ApiDelete extends ApiBase {
 		$this->getResult()->addValue( null, $this->getModuleName(), $r );
 	}
 
-	/**
-	 * @param Title $title
-	 * @param User $user User doing the action
-	 * @param string $token
-	 * @return array
-	 */
-	private static function getPermissionsError( $title, $user, $token ) {
-		// Check permissions
-		return $title->getUserPermissionsErrors( 'delete', $user );
-	}
-
 	/**
 	 * We have our own delete() function, since Article.php's implementation is split in two phases
 	 *
 	 * @param Page|WikiPage $page Page or WikiPage object to work on
 	 * @param User $user User doing the action
-	 * @param string $token Delete token (same as edit token)
 	 * @param string|null $reason Reason for the deletion. Autogenerated if null
 	 * @return Status|array
 	 */
-	public static function delete( Page $page, User $user, $token, &$reason = null ) {
+	protected static function delete( Page $page, User $user, &$reason = null ) {
 		$title = $page->getTitle();
-		$errors = self::getPermissionsError( $title, $user, $token );
-		if ( count( $errors ) ) {
-			return $errors;
-		}
 
 		// Auto-generate a summary, if necessary
 		if ( is_null( $reason ) ) {
@@ -139,24 +142,19 @@ class ApiDelete extends ApiBase {
 	/**
 	 * @param Page $page Object to work on
 	 * @param User $user User doing the action
-	 * @param string $token Delete token (same as edit token)
 	 * @param string $oldimage Archive name
 	 * @param string $reason Reason for the deletion. Autogenerated if null.
 	 * @param bool $suppress Whether to mark all deleted versions as restricted
 	 * @return Status|array
 	 */
-	public static function deleteFile( Page $page, User $user, $token, $oldimage,
+	protected static function deleteFile( Page $page, User $user, $oldimage,
 		&$reason = null, $suppress = false
 	) {
 		$title = $page->getTitle();
-		$errors = self::getPermissionsError( $title, $user, $token );
-		if ( count( $errors ) ) {
-			return $errors;
-		}
 
 		$file = $page->getFile();
 		if ( !$file->exists() || !$file->isLocal() || $file->getRedirected() ) {
-			return self::delete( $page, $user, $token, $reason );
+			return self::delete( $page, $user, $reason );
 		}
 
 		if ( $oldimage ) {
@@ -191,6 +189,10 @@ class ApiDelete extends ApiBase {
 				ApiBase::PARAM_TYPE => 'integer'
 			),
 			'reason' => null,
+			'tags' => array(
+				ApiBase::PARAM_TYPE => ChangeTags::listExplicitlyDefinedTags(),
+				ApiBase::PARAM_ISMULTI => true,
+			),
 			'watch' => array(
 				ApiBase::PARAM_DFLT => false,
 				ApiBase::PARAM_DEPRECATED => true,
diff --git a/includes/api/i18n/en.json b/includes/api/i18n/en.json
index 5127f478ec..90d7fa7b9d 100644
--- a/includes/api/i18n/en.json
+++ b/includes/api/i18n/en.json
@@ -69,6 +69,7 @@
 	"apihelp-delete-param-title": "Title of the page to delete. Cannot be used together with <var>$1pageid</var>.",
 	"apihelp-delete-param-pageid": "Page ID of the page to delete. Cannot be used together with <var>$1title</var>.",
 	"apihelp-delete-param-reason": "Reason for the deletion. If not set, an automatically generated reason will be used.",
+	"apihelp-delete-param-tags": "Change tags to apply to the entry in the deletion log.",
 	"apihelp-delete-param-watch": "Add the page to the current user's watchlist.",
 	"apihelp-delete-param-watchlist": "Unconditionally add or remove the page from the current user's watchlist, use preferences or do not change watch.",
 	"apihelp-delete-param-unwatch": "Remove the page from the current user's watchlist.",
diff --git a/includes/api/i18n/qqq.json b/includes/api/i18n/qqq.json
index e2b09ea778..d89fa014a1 100644
--- a/includes/api/i18n/qqq.json
+++ b/includes/api/i18n/qqq.json
@@ -71,6 +71,7 @@
 	"apihelp-delete-param-title": "{{doc-apihelp-param|delete|title}}",
 	"apihelp-delete-param-pageid": "{{doc-apihelp-param|delete|pageid}}",
 	"apihelp-delete-param-reason": "{{doc-apihelp-param|delete|reason}}",
+	"apihelp-delete-param-tags": "{{doc-apihelp-param|delete|tags}}",
 	"apihelp-delete-param-watch": "{{doc-apihelp-param|delete|watch}}",
 	"apihelp-delete-param-watchlist": "{{doc-apihelp-param|delete|watchlist}}",
 	"apihelp-delete-param-unwatch": "{{doc-apihelp-param|delete|unwatch}}",
-- 
2.20.1