From 3e394b5bdcc8fd5aca43184b1821e58ac4ab1ee5 Mon Sep 17 00:00:00 2001
From: Bryan Tong Minh <btongminh@users.mediawiki.org>
Date: Sun, 2 May 2010 20:34:16 +0000
Subject: [PATCH] (bug 18408) All required permissions for uploading (upload,
 edit, create) are now checked when loading Special:Upload. Toolbar link for
 Special:Upload is no longer shown if the user does not have the required
 permissions.

Found out that UploadBase::isAllowed is a totally inappropriate name for what it is returning. That should perhaps be changed before 1.16 is released.
---
 RELEASE-NOTES                       |  3 +++
 includes/SkinTemplate.php           |  2 +-
 includes/specials/SpecialUpload.php |  5 +++--
 includes/upload/UploadBase.php      | 14 ++++++++++++--
 4 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index a53c88dc56..287fbd1bbc 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -142,6 +142,9 @@ in a negative namespace (which is invalid).
   correct link
 * (bug 23284) Times are now rounded correctly
 * (bug 23375) Added ogv, oga, spx as extensions for ogg files 
+* (bug 18408) All required permissions for uploading (upload, edit, create) 
+  are now checked when loading Special:Upload. Toolbar link for Special:Upload
+  is no longer shown if the user does not have the required permissions.
 
 === API changes in 1.17 ===
 * (bug 22738) Allow filtering by action type on query=logevent
diff --git a/includes/SkinTemplate.php b/includes/SkinTemplate.php
index 32b64748cd..e049f57f23 100644
--- a/includes/SkinTemplate.php
+++ b/includes/SkinTemplate.php
@@ -877,7 +877,7 @@ class SkinTemplate extends Skin {
 		$nav_urls['mainpage'] = array( 'href' => self::makeMainPageUrl() );
 		if( $wgUploadNavigationUrl ) {
 			$nav_urls['upload'] = array( 'href' => $wgUploadNavigationUrl );
-		} elseif( $wgEnableUploads && $wgUser->isAllowed( 'upload' ) ) {
+		} elseif( UploadBase::isEnabled() && UploadBase::isAllowed( $wgUser ) === true ) {
 			$nav_urls['upload'] = array( 'href' => self::makeSpecialUrl( 'Upload' ) );
 		} else {
 			$nav_urls['upload'] = false;
diff --git a/includes/specials/SpecialUpload.php b/includes/specials/SpecialUpload.php
index 2679a57504..6a54294aaf 100644
--- a/includes/specials/SpecialUpload.php
+++ b/includes/specials/SpecialUpload.php
@@ -130,13 +130,14 @@ class SpecialUpload extends SpecialPage {
 
 		# Check permissions
 		global $wgGroupPermissions;
-		if( !$wgUser->isAllowed( 'upload' ) ) {
+		$permissionRequired = UploadBase::isAllowed( $wgUser );
+		if( $permissionRequired !== true ) {
 			if( !$wgUser->isLoggedIn() && ( $wgGroupPermissions['user']['upload']
 				|| $wgGroupPermissions['autoconfirmed']['upload'] ) ) {
 				// Custom message if logged-in users without any special rights can upload
 				$wgOut->showErrorPage( 'uploadnologin', 'uploadnologintext' );
 			} else {
-				$wgOut->permissionRequired( 'upload' );
+				$wgOut->permissionRequired( $permissionRequired );
 			}
 			return;
 		}
diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php
index bf88de513a..5518883030 100644
--- a/includes/upload/UploadBase.php
+++ b/includes/upload/UploadBase.php
@@ -77,14 +77,24 @@ abstract class UploadBase {
 		return true;
 	}
 
+	/**
+	 * Returns an array of permissions that is required to upload a file
+	 * 
+	 * @return array
+	 */
+	public static function getRequiredPermissions() {
+		return array( 'upload', 'create', 'edit' );
+	}
 	/**
 	 * Returns true if the user can use this upload module or else a string
 	 * identifying the missing permission.
 	 * Can be overriden by subclasses.
 	 */
 	public static function isAllowed( $user ) {
-		if( !$user->isAllowed( 'upload' ) ) {
-			return 'upload';
+		foreach ( self::getRequiredPermissions as $permission ) {
+			if ( !$user->isAllowed( $permission ) ) {
+				return $permission;
+			}
 		}
 		return true;
 	}
-- 
2.20.1