From: Bryan Tong Minh Date: Thu, 14 Apr 2011 21:09:16 +0000 (+0000) Subject: Follow-up r83302: Check permissions X-Git-Tag: 1.31.0-rc.0~30832 X-Git-Url: http://git.cyclocoop.org/%22.%24info%5B?a=commitdiff_plain;h=e04879cf897e16b75f43ff07199136cb908a668d;p=lhc%2Fweb%2Fwiklou.git Follow-up r83302: Check permissions --- diff --git a/includes/api/ApiFileRevert.php b/includes/api/ApiFileRevert.php index b330e2b2d8..bd20c059cb 100644 --- a/includes/api/ApiFileRevert.php +++ b/includes/api/ApiFileRevert.php @@ -49,12 +49,13 @@ class ApiFileRevert extends ApiBase { public function execute() { global $wgUser; - // First check permission to upload/revert - $this->checkPermissions( $wgUser ); - $this->params = $this->extractRequestParams(); + // Extract the file and archiveName from the request parameters $this->validateParameters(); + // Check whether we're allowed to revert this file + $this->checkPermissions( $wgUser ); + $sourceUrl = $this->file->getArchiveVirtualUrl( $this->archiveName ); $status = $this->file->upload( $sourceUrl, $this->params['comment'], $this->params['comment'] ); @@ -77,15 +78,16 @@ class ApiFileRevert extends ApiBase { * @param $user User The user to check. */ protected function checkPermissions( $user ) { - $permission = $user->isAllowedAll( 'edit', 'upload' ); - - if ( $permission !== true ) { - if ( !$user->isLoggedIn() ) { - $this->dieUsageMsg( array( 'mustbeloggedin', 'upload' ) ); - } else { - $this->dieUsageMsg( array( 'badaccess-groups' ) ); - } + $permissionErrors = array_merge( + $this->file->getTitle()->getUserPermissionsErrors( 'edit' , $user ), + $this->file->getTitle()->getUserPermissionsErrors( 'upload' , $user ) + ); + + if ( $permissionErrors ) { + $this->dieUsageMsg( $permissionErrors[0] ); } + + } /**