indicated by a 'fromencoded' boolean alongside the existing 'from' parameter.
* (T28680) action=paraminfo can now return info about all submodules of a
module without listing them all explicitly.
+* (T146770) It is now possible to assert that the current user is a specific
+ named user, using the 'assertuser' parameter.
=== Action API internal changes in 1.28 ===
* Added a new hook, 'ApiMakeParserOptions', to allow extensions to better
break;
}
}
+ if ( isset( $params['assertuser'] ) ) {
+ $assertUser = User::newFromName( $params['assertuser'], false );
+ if ( !$assertUser || !$this->getUser()->equals( $assertUser ) ) {
+ $this->dieUsage(
+ 'Assertion that the user is "' . $params['assertuser'] . '" failed',
+ 'assertnameduserfailed'
+ );
+ }
+ }
}
/**
'assert' => [
ApiBase::PARAM_TYPE => [ 'user', 'bot' ]
],
+ 'assertuser' => [
+ ApiBase::PARAM_TYPE => 'user',
+ ],
'requestid' => null,
'servedby' => false,
'curtimestamp' => false,
"apihelp-main-param-smaxage": "Set the <code>s-maxage</code> HTTP cache control header to this many seconds. Errors are never cached.",
"apihelp-main-param-maxage": "Set the <code>max-age</code> HTTP cache control header to this many seconds. Errors are never cached.",
"apihelp-main-param-assert": "Verify the user is logged in if set to <kbd>user</kbd>, or has the bot user right if <kbd>bot</kbd>.",
+ "apihelp-main-param-assertuser": "Verify the current user is the named user.",
"apihelp-main-param-requestid": "Any value given here will be included in the response. May be used to distinguish requests.",
"apihelp-main-param-servedby": "Include the hostname that served the request in the results.",
"apihelp-main-param-curtimestamp": "Include the current timestamp in the result.",
"apihelp-main-param-smaxage": "{{doc-apihelp-param|main|smaxage}}",
"apihelp-main-param-maxage": "{{doc-apihelp-param|main|maxage}}",
"apihelp-main-param-assert": "{{doc-apihelp-param|main|assert}}",
+ "apihelp-main-param-assertuser": "{{doc-apihelp-param|main|assertuser}}",
"apihelp-main-param-requestid": "{{doc-apihelp-param|main|requestid}}",
"apihelp-main-param-servedby": "{{doc-apihelp-param|main|servedby}}",
"apihelp-main-param-curtimestamp": "{{doc-apihelp-param|main|curtimestamp}}",
}
}
+ /**
+ * Tests the assertuser= functionality
+ *
+ * @covers ApiMain::checkAsserts
+ */
+ public function testAssertUser() {
+ $user = $this->getTestUser()->getUser();
+ $this->doApiRequest( [
+ 'action' => 'query',
+ 'assertuser' => $user->getName(),
+ ], null, null, $user );
+
+ try {
+ $this->doApiRequest( [
+ 'action' => 'query',
+ 'assertuser' => $user->getName() . 'X',
+ ], null, null, $user );
+ $this->fail( 'Expected exception not thrown' );
+ } catch ( UsageException $e ) {
+ $this->assertEquals( $e->getCodeString(), 'assertnameduserfailed' );
+ }
+ }
+
/**
* Test if all classes in the main module manager exists
*/