=== Action API changes in 1.34 ===
* The 'recenteditcount' response property from action=query list=allusers,
deprecated in 1.25, has been removed.
-* (T60993) action=query list=filearchive no longer requires the 'deletedhistory'
- user right.
+* (T60993) action=query list=filearchive, list=alldeletedrevisions and
+ prop=deletedrevisions no longer require the 'deletedhistory' user right.
=== Action API internal changes in 1.34 ===
* The exception thrown in ApiModuleManager::getModule has been changed
* @return void
*/
protected function run( ApiPageSet $resultPageSet = null ) {
- // Before doing anything at all, let's check permissions
- $this->checkUserRightsAny( 'deletedhistory' );
-
$user = $this->getUser();
$db = $this->getDB();
$params = $this->extractRequestParams( false );
}
// This means stricter restrictions
- if ( $this->fetchContent ) {
- $this->checkUserRightsAny( [ 'deletedtext', 'undelete' ] );
+ if ( ( $this->fld_comment || $this->fld_parsedcomment ) &&
+ !$this->getPermissionManager()->userHasRight( $user, 'deletedhistory' )
+ ) {
+ $this->dieWithError( 'apierror-cantview-deleted-comment', 'permissiondenied' );
+ }
+ if ( $this->fetchContent &&
+ !$this->getPermissionManager()->userHasAnyRight( $user, 'deletedtext', 'undelete' )
+ ) {
+ $this->dieWithError( 'apierror-cantview-deleted-revision-content', 'permissiondenied' );
}
$miser_ns = null;
if ( !is_null( $params['user'] ) || !is_null( $params['excludeuser'] ) ) {
// Paranoia: avoid brute force searches (T19342)
- // (shouldn't be able to get here without 'deletedhistory', but
- // check it again just in case)
if ( !$this->getPermissionManager()->userHasRight( $user, 'deletedhistory' ) ) {
$bitmask = RevisionRecord::DELETED_USER;
} elseif ( !$this->getPermissionManager()
protected function run( ApiPageSet $resultPageSet = null ) {
$user = $this->getUser();
- // Before doing anything at all, let's check permissions
- $this->checkUserRightsAny( 'deletedhistory' );
$pageSet = $this->getPageSet();
$pageMap = $pageSet->getGoodAndMissingTitlesByNamespace();
}
// This means stricter restrictions
- if ( $this->fetchContent ) {
- $this->checkUserRightsAny( [ 'deletedtext', 'undelete' ] );
+ if ( ( $this->fld_comment || $this->fld_parsedcomment ) &&
+ !$this->getPermissionManager()->userHasRight( $user, 'deletedhistory' )
+ ) {
+ $this->dieWithError( 'apierror-cantview-deleted-comment', 'permissiondenied' );
+ }
+ if ( $this->fetchContent &&
+ !$this->getPermissionManager()->userHasAnyRight( $user, 'deletedtext', 'undelete' )
+ ) {
+ $this->dieWithError( 'apierror-cantview-deleted-revision-content', 'permissiondenied' );
}
$dir = $params['dir'];
if ( !is_null( $params['user'] ) || !is_null( $params['excludeuser'] ) ) {
// Paranoia: avoid brute force searches (T19342)
- // (shouldn't be able to get here without 'deletedhistory', but
- // check it again just in case)
if ( !$this->getPermissionManager()->userHasRight( $user, 'deletedhistory' ) ) {
$bitmask = RevisionRecord::DELETED_USER;
} elseif ( !$this->getPermissionManager()
}
}
- private $propertyFilter = [
+ private static $propertyFilter = [
'user', 'userid', 'comment', 'parsedcomment',
'mediatype', 'archivename', 'uploadwarning',
];
+ /**
+ * Returns all possible parameters to siiprop
+ *
+ * @param array|null $filter List of properties to filter out
+ * @return array
+ */
+ public static function getPropertyNames( $filter = null ) {
+ if ( $filter === null ) {
+ $filter = self::$propertyFilter;
+ }
+ return parent::getPropertyNames( $filter );
+ }
+
+ /**
+ * Returns messages for all possible parameters to siiprop
+ *
+ * @param array|null $filter List of properties to filter out
+ * @return array
+ */
+ public static function getPropertyMessages( $filter = null ) {
+ if ( $filter === null ) {
+ $filter = self::$propertyFilter;
+ }
+ return parent::getPropertyMessages( $filter );
+ }
+
public function getAllowedParams() {
return [
'filekey' => [
'prop' => [
ApiBase::PARAM_ISMULTI => true,
ApiBase::PARAM_DFLT => 'timestamp|url',
- ApiBase::PARAM_TYPE => self::getPropertyNames( $this->propertyFilter ),
+ ApiBase::PARAM_TYPE => self::getPropertyNames(),
ApiBase::PARAM_HELP_MSG => 'apihelp-query+imageinfo-param-prop',
- ApiBase::PARAM_HELP_MSG_PER_VALUE => self::getPropertyMessages( $this->propertyFilter )
+ ApiBase::PARAM_HELP_MSG_PER_VALUE => self::getPropertyMessages()
],
'urlwidth' => [
ApiBase::PARAM_TYPE => 'integer',
"apierror-cantoverwrite-sharedfile": "The target file exists on a shared repository and you do not have permission to override it.",
"apierror-cantsend": "You are not logged in, you do not have a confirmed email address, or you are not allowed to send email to other users, so you cannot send email.",
"apierror-cantundelete": "Couldn't undelete: the requested revisions may not exist, or may have been undeleted already.",
+ "apierror-cantview-deleted-comment": "You don't have permission to view deleted comments.",
"apierror-cantview-deleted-description": "You don't have permission to view descriptions of deleted files.",
"apierror-cantview-deleted-metadata": "You don't have permission to view metadata of deleted files.",
+ "apierror-cantview-deleted-revision-content": "You don't have permission to view content of deleted revisions.",
"apierror-changeauth-norequest": "Failed to create change request.",
"apierror-chunk-too-small": "Minimum chunk size is $1 {{PLURAL:$1|byte|bytes}} for non-final chunks.",
"apierror-cidrtoobroad": "$1 CIDR ranges broader than /$2 are not accepted.",
"apierror-cantoverwrite-sharedfile": "{{doc-apierror}}",
"apierror-cantsend": "{{doc-apierror}}",
"apierror-cantundelete": "{{doc-apierror}}",
+ "apierror-cantview-deleted-comment": "{{doc-apierror}}",
"apierror-cantview-deleted-description": "{{doc-apierror}}",
"apierror-cantview-deleted-metadata": "{{doc-apierror}}",
+ "apierror-cantview-deleted-revision-content": "{{doc-apierror}}",
"apierror-changeauth-norequest": "{{doc-apierror}}",
"apierror-chunk-too-small": "{{doc-apierror}}\n\nParameters:\n* $1 - Minimum size in bytes.",
"apierror-cidrtoobroad": "{{doc-apierror}}\n\nParameters:\n* $1 - \"IPv4\" or \"IPv6\"\n* $2 - Minimum CIDR mask length.",