* Added 'writeapi' right that controls access to the write API. Users who don't have...

author Roan Kattouw <catrope@users.mediawiki.org>

Tue, 27 May 2008 15:43:07 +0000 (15:43 +0000)

committer Roan Kattouw <catrope@users.mediawiki.org>

Tue, 27 May 2008 15:43:07 +0000 (15:43 +0000)
author Roan Kattouw <catrope@users.mediawiki.org>
Tue, 27 May 2008 15:43:07 +0000 (15:43 +0000)
committer Roan Kattouw <catrope@users.mediawiki.org>
Tue, 27 May 2008 15:43:07 +0000 (15:43 +0000)
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php

index 869cdbf..992be45 100644 (file)
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -1083,6 +1083,7 @@ $wgGroupPermissions['*'    ]['read']             = true;
  $wgGroupPermissions['*'    ]['edit']             = true;
  $wgGroupPermissions['*'    ]['createpage']       = true;
  $wgGroupPermissions['*'    ]['createtalk']       = true;
+$wgGroupPermissions['*'    ]['writeapi']         = true;
  
  // Implicit group for all logged-in accounts
  $wgGroupPermissions['user' ]['move']             = true;
@@ -1090,6 +1091,7 @@ $wgGroupPermissions['user' ]['read']             = true;
  $wgGroupPermissions['user' ]['edit']             = true;
  $wgGroupPermissions['user' ]['createpage']       = true;
  $wgGroupPermissions['user' ]['createtalk']       = true;
+$wgGroupPermissions['user' ]['writeapi']         = true;
  $wgGroupPermissions['user' ]['upload']           = true;
  $wgGroupPermissions['user' ]['reupload']         = true;
  $wgGroupPermissions['user' ]['reupload-shared']  = true;
@@ -1107,6 +1109,7 @@ $wgGroupPermissions['bot'  ]['nominornewtalk']   = true;
  $wgGroupPermissions['bot'  ]['autopatrol']       = true;
  $wgGroupPermissions['bot'  ]['suppressredirect'] = true;
  $wgGroupPermissions['bot'  ]['apihighlimits']    = true;
+$wgGroupPermissions['bot'  ]['writeapi']         = true;
  #$wgGroupPermissions['bot'  ]['editprotected']    = true; // can edit all protected pages without cascade protection enabled
  
  // Most extra permission abilities go to this group
diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php

index 56bdb27..421ef17 100644 (file)
--- a/includes/api/ApiMain.php
+++ b/includes/api/ApiMain.php
@@ -179,12 +179,19 @@ class ApiMain extends ApiBase {
         }
  
         /**
-        * This method will simply cause an error if the write mode was disabled for this api.
+        * This method will simply cause an error if the write mode was disabled
+        * or if the current user doesn't have the right to use it
          */
         public function requestWriteMode() {
+               global $wgUser;
                 if (!$this->mEnableWrite)
-                       $this->dieUsage('Editing of this site is disabled. Make sure the $wgEnableWriteAPI=true; ' .
-                       'statement is included in the site\'s LocalSettings.php file', 'noapiwrite');
+                       $this->dieUsage('Editing of this wiki through the API' .
+                       ' is disabled. Make sure the $wgEnableWriteAPI=true; ' .
+                       'statement is included in the wiki\'s ' .
+                       'LocalSettings.php file', 'noapiwrite');
+               if (!$wgUser->isAllowed('writeapi'))
+                       $this->dieUsage('You\'re not allowed to edit this ' .
+                       'wiki through the API', 'writeapidenied');
         }
  
         /**
author	Roan Kattouw <catrope@users.mediawiki.org>
	Tue, 27 May 2008 15:43:07 +0000 (15:43 +0000)
committer	Roan Kattouw <catrope@users.mediawiki.org>
	Tue, 27 May 2008 15:43:07 +0000 (15:43 +0000)
includes/DefaultSettings.php		patch \| blob \| history
includes/api/ApiMain.php		patch \| blob \| history