From 4eb1e2c7ee735d11261c620f1ceb4dadd29efa67 Mon Sep 17 00:00:00 2001 From: Roan Kattouw Date: Tue, 4 Dec 2007 20:32:04 +0000 Subject: [PATCH] * (bug 12195) Introducing 'undelete' right, which is required for restoring deleted revisions. Granted to sysops by default. * Fixing whacky indentation in ApiQueryDeletedrevs.php introduced in r28148 --- RELEASE-NOTES | 1 + includes/DefaultSettings.php | 1 + includes/SpecialUndelete.php | 2 +- includes/api/ApiQueryDeletedrevs.php | 318 +++++++++++++-------------- includes/api/ApiUndelete.php | 2 +- 5 files changed, 162 insertions(+), 162 deletions(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 02253ca352..4b59dc7cf6 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -87,6 +87,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN does not exists * (bug 8396) Ignore out-of-date serialised message caches * Add descriptive to revision difference page +* (bug 12195) Undeleting pages now requires 'undelete' permission === Bug fixes in 1.12 === diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index b45d2719ec..4f64314b8a 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -1085,6 +1085,7 @@ $wgGroupPermissions['sysop']['block'] = true; $wgGroupPermissions['sysop']['createaccount'] = true; $wgGroupPermissions['sysop']['delete'] = true; $wgGroupPermissions['sysop']['deletedhistory'] = true; // can view deleted history entries, but not see or restore the text +$wgGroupPermissions['sysop']['undelete'] = true; $wgGroupPermissions['sysop']['editinterface'] = true; $wgGroupPermissions['sysop']['editusercssjs'] = true; $wgGroupPermissions['sysop']['import'] = true; diff --git a/includes/SpecialUndelete.php b/includes/SpecialUndelete.php index 22ad961dca..06d66a2b85 100644 --- a/includes/SpecialUndelete.php +++ b/includes/SpecialUndelete.php @@ -544,7 +544,7 @@ class UndeleteForm { if( $par != "" ) { $this->mTarget = $par; } - if ( $wgUser->isAllowed( 'delete' ) && !$wgUser->isBlocked() ) { + if ( $wgUser->isAllowed( 'undelete' ) && !$wgUser->isBlocked() ) { $this->mAllowed = true; } else { $this->mAllowed = false; diff --git a/includes/api/ApiQueryDeletedrevs.php b/includes/api/ApiQueryDeletedrevs.php index f799e4d976..fd80823277 100644 --- a/includes/api/ApiQueryDeletedrevs.php +++ b/includes/api/ApiQueryDeletedrevs.php @@ -39,194 +39,192 @@ class ApiQueryDeletedrevs extends ApiQueryBase { parent :: __construct($query, $moduleName, 'dr'); } - public function execute() { - $this->run(); - } - - private function run() { + private function execute() { global $wgUser; // Before doing anything at all, let's check permissions if(!$wgUser->isAllowed('deletedhistory')) - $this->dieUsage('You don\'t have permission to view deleted revisions', 'permissiondenied'); - - $db = $this->getDB(); - $params = $this->extractRequestParams(); - $prop = array_flip($params['prop']); - $fld_revid = isset($prop['revid']); - $fld_user = isset($prop['user']); - $fld_comment = isset($prop['comment']); - $fld_minor = isset($prop['minor']); - $fld_len = isset($prop['len']); - $fld_content = isset($prop['content']); - $fld_token = isset($prop['token']); - - $result = $this->getResult(); - $pageSet = $this->getPageSet(); - $titles = $pageSet->getTitles(); - $data = array(); - - $this->addTables('archive'); - $this->addFields(array('ar_title', 'ar_namespace', 'ar_timestamp')); - if($fld_revid) - $this->addFields('ar_rev_id'); - if($fld_user) - $this->addFields('ar_user_text'); - if($fld_comment) - $this->addFields('ar_comment'); - if($fld_minor) - $this->addFields('ar_minor_edit'); - if($fld_len) - $this->addFields('ar_len'); - if($fld_content) - { - $this->addTables('text'); - $this->addFields(array('ar_text', 'ar_text_id', 'old_text', 'old_flags')); - $this->addWhere('ar_text_id = old_id'); - - // This also means stricter limits - $userMax = 50; - $botMax = 200; - $this->validateLimit('limit', $params['limit'], 1, $userMax, $botMax); - } - if($fld_token) - // Undelete tokens are identical for all pages, so we cache one here - $token = $wgUser->editToken(); - - // We need a custom WHERE clause that matches all titles. - if(count($titles) > 0) - { - $lb = new LinkBatch($titles); - $where = $lb->constructSet('ar', $db); - $this->addWhere($where); - } - - $this->addOption('LIMIT', $params['limit'] + 1); - $this->addWhereRange('ar_timestamp', $params['dir'], $params['start'], $params['end']); - if(isset($params['namespace'])) - $this->addWhereFld('ar_namespace', $params['namespace']); - $res = $this->select(__METHOD__); - $pages = array(); - $count = 0; - // First populate the $pages array - while($row = $db->fetchObject($res)) - { - if($count++ == $params['limit']) - { - // We've had enough - $this->setContinueEnumParameter('start', wfTimestamp(TS_ISO_8601, $row->ar_timestamp)); - break; - } - - $rev = array(); - $rev['timestamp'] = wfTimestamp(TS_ISO_8601, $row->ar_timestamp); + $this->dieUsage('You don\'t have permission to view deleted revision information', 'permissiondenied'); + + $db = $this->getDB(); + $params = $this->extractRequestParams(); + $prop = array_flip($params['prop']); + $fld_revid = isset($prop['revid']); + $fld_user = isset($prop['user']); + $fld_comment = isset($prop['comment']); + $fld_minor = isset($prop['minor']); + $fld_len = isset($prop['len']); + $fld_content = isset($prop['content']); + $fld_token = isset($prop['token']); + + $result = $this->getResult(); + $pageSet = $this->getPageSet(); + $titles = $pageSet->getTitles(); + $data = array(); + + $this->addTables('archive'); + $this->addFields(array('ar_title', 'ar_namespace', 'ar_timestamp')); if($fld_revid) - $rev['revid'] = $row->ar_rev_id; + $this->addFields('ar_rev_id'); if($fld_user) - $rev['user'] = $row->ar_user_text; + $this->addFields('ar_user_text'); if($fld_comment) - $rev['comment'] = $row->ar_comment; + $this->addFields('ar_comment'); if($fld_minor) - if($row->ar_minor_edit == 1) - $rev['minor'] = ''; + $this->addFields('ar_minor_edit'); if($fld_len) - $rev['len'] = $row->ar_len; + $this->addFields('ar_len'); if($fld_content) - ApiResult::setContent($rev, Revision::getRevisionText($row)); - - $t = Title::makeTitle($row->ar_namespace, $row->ar_title); - if(!isset($pages[$t->getPrefixedText()])) { - $pages[$t->getPrefixedText()] = array( - 'title' => $t->getPrefixedText(), - 'ns' => intval($row->ar_namespace), - 'revisions' => array($rev) - ); + $this->addTables('text'); + $this->addFields(array('ar_text', 'ar_text_id', 'old_text', 'old_flags')); + $this->addWhere('ar_text_id = old_id'); + + // This also means stricter limits and stricter restrictions + if(!$wgUser->isAllowed('undelete')) + $this->dieUsage('You don\'t have permission to view deleted revision content', 'permissiondenied'); + $userMax = 50; + $botMax = 200; + $this->validateLimit('limit', $params['limit'], 1, $userMax, $botMax); + } if($fld_token) - $pages[$t->getPrefixedText()]['token'] = $token; + // Undelete tokens are identical for all pages, so we cache one here + $token = $wgUser->editToken(); + + // We need a custom WHERE clause that matches all titles. + if(count($titles) > 0) + { + $lb = new LinkBatch($titles); + $where = $lb->constructSet('ar', $db); + $this->addWhere($where); } - else - $pages[$t->getPrefixedText()]['revisions'][] = $rev; - } - $db->freeResult($res); - // We don't want entire pagenames as keys, so let's make this array indexed - foreach($pages as $page) - { - $result->setIndexedTagName($page['revisions'], 'rev'); - $data[] = $page; - } - $result->setIndexedTagName($data, 'page'); - $result->addValue('query', $this->getModuleName(), $data); - } + $this->addOption('LIMIT', $params['limit'] + 1); + $this->addWhereRange('ar_timestamp', $params['dir'], $params['start'], $params['end']); + if(isset($params['namespace'])) + $this->addWhereFld('ar_namespace', $params['namespace']); + $res = $this->select(__METHOD__); + $pages = array(); + $count = 0; + // First populate the $pages array + while($row = $db->fetchObject($res)) + { + if($count++ == $params['limit']) + { + // We've had enough + $this->setContinueEnumParameter('start', wfTimestamp(TS_ISO_8601, $row->ar_timestamp)); + break; + } + + $rev = array(); + $rev['timestamp'] = wfTimestamp(TS_ISO_8601, $row->ar_timestamp); + if($fld_revid) + $rev['revid'] = $row->ar_rev_id; + if($fld_user) + $rev['user'] = $row->ar_user_text; + if($fld_comment) + $rev['comment'] = $row->ar_comment; + if($fld_minor) + if($row->ar_minor_edit == 1) + $rev['minor'] = ''; + if($fld_len) + $rev['len'] = $row->ar_len; + if($fld_content) + ApiResult::setContent($rev, Revision::getRevisionText($row)); + + $t = Title::makeTitle($row->ar_namespace, $row->ar_title); + if(!isset($pages[$t->getPrefixedText()])) + { + $pages[$t->getPrefixedText()] = array( + 'title' => $t->getPrefixedText(), + 'ns' => intval($row->ar_namespace), + 'revisions' => array($rev) + ); + if($fld_token) + $pages[$t->getPrefixedText()]['token'] = $token; + } + else + $pages[$t->getPrefixedText()]['revisions'][] = $rev; + } + $db->freeResult($res); + + // We don't want entire pagenames as keys, so let's make this array indexed + foreach($pages as $page) + { + $result->setIndexedTagName($page['revisions'], 'rev'); + $data[] = $page; + } + $result->setIndexedTagName($data, 'page'); + $result->addValue('query', $this->getModuleName(), $data); + } protected function getAllowedParams() { - return array ( - 'start' => array( - ApiBase :: PARAM_TYPE => 'timestamp' - ), - 'end' => array( - ApiBase :: PARAM_TYPE => 'timestamp', - ), - 'dir' => array( - ApiBase :: PARAM_TYPE => array( - 'newer', - 'older' - ), - ApiBase :: PARAM_DFLT => 'older' - ), - 'namespace' => array( - ApiBase :: PARAM_ISMULTI => true, - ApiBase :: PARAM_TYPE => 'namespace' - ), - 'limit' => array( - ApiBase :: PARAM_DFLT => 10, - ApiBase :: PARAM_TYPE => 'limit', - ApiBase :: PARAM_MIN => 1, - ApiBase :: PARAM_MAX => ApiBase :: LIMIT_BIG1, - ApiBase :: PARAM_MAX2 => ApiBase :: LIMIT_BIG2 - ), - 'prop' => array( - ApiBase :: PARAM_DFLT => 'user|comment', - ApiBase :: PARAM_TYPE => array( - 'revid', - 'user', - 'comment', - 'minor', - 'len', - 'content', - 'token' + return array ( + 'start' => array( + ApiBase :: PARAM_TYPE => 'timestamp' ), - ApiBase :: PARAM_ISMULTI => true - ) - ); + 'end' => array( + ApiBase :: PARAM_TYPE => 'timestamp', + ), + 'dir' => array( + ApiBase :: PARAM_TYPE => array( + 'newer', + 'older' + ), + ApiBase :: PARAM_DFLT => 'older' + ), + 'namespace' => array( + ApiBase :: PARAM_ISMULTI => true, + ApiBase :: PARAM_TYPE => 'namespace' + ), + 'limit' => array( + ApiBase :: PARAM_DFLT => 10, + ApiBase :: PARAM_TYPE => 'limit', + ApiBase :: PARAM_MIN => 1, + ApiBase :: PARAM_MAX => ApiBase :: LIMIT_BIG1, + ApiBase :: PARAM_MAX2 => ApiBase :: LIMIT_BIG2 + ), + 'prop' => array( + ApiBase :: PARAM_DFLT => 'user|comment', + ApiBase :: PARAM_TYPE => array( + 'revid', + 'user', + 'comment', + 'minor', + 'len', + 'content', + 'token' + ), + ApiBase :: PARAM_ISMULTI => true + ) + ); } protected function getParamDescription() { - return array ( - 'start' => 'The timestamp to start enumerating from', - 'end' => 'The timestamp to stop enumerating at', - 'dir' => 'The direction in which to enumerate', - 'namespace' => 'The namespaces to search in', - 'limit' => 'The maximum amount of revisions to list', - 'prop' => 'Which properties to get' - ); + return array ( + 'start' => 'The timestamp to start enumerating from', + 'end' => 'The timestamp to stop enumerating at', + 'dir' => 'The direction in which to enumerate', + 'namespace' => 'The namespaces to search in', + 'limit' => 'The maximum amount of revisions to list', + 'prop' => 'Which properties to get' + ); } protected function getDescription() { - return 'List deleted revisions.'; + return 'List deleted revisions.'; } protected function getExamples() { - return array ( - 'List the first 50 deleted revisions in the Category and Category talk namespaces', - ' api.php?action=query&list=deletedrevs&drdir=newer&drlimit=50&drnamespace=14|15', - 'List the last deleted revisions of Main Page and Talk:Main Page, with content:', - ' api.php?action=query&list=deletedrevs&titles=Main%20Page|Talk:Main%20Page&drprop=user|comment|content' - ); + return array ( + 'List the first 50 deleted revisions in the Category and Category talk namespaces', + ' api.php?action=query&list=deletedrevs&drdir=newer&drlimit=50&drnamespace=14|15', + 'List the last deleted revisions of Main Page and Talk:Main Page, with content:', + ' api.php?action=query&list=deletedrevs&titles=Main%20Page|Talk:Main%20Page&drprop=user|comment|content' + ); } public function getVersion() { - return __CLASS__ . ': $Id: ApiQueryDeletedrevs.php 23531 2007-06-30 01:19:14Z simetrical $'; + return __CLASS__ . ': $Id: ApiQueryDeletedrevs.php 23531 2007-06-30 01:19:14Z simetrical $'; } } diff --git a/includes/api/ApiUndelete.php b/includes/api/ApiUndelete.php index 1e7609e874..62497ccbb2 100644 --- a/includes/api/ApiUndelete.php +++ b/includes/api/ApiUndelete.php @@ -47,7 +47,7 @@ class ApiUndelete extends ApiBase { if(!isset($params['token'])) $this->dieUsage('The token parameter must be set', 'notoken'); - if(!$wgUser->isAllowed('delete')) + if(!$wgUser->isAllowed('undelete')) $this->dieUsage('You don\'t have permission to restore deleted revisions', 'permissiondenied'); if($wgUser->isBlocked()) $this->dieUsage('You have been blocked from editing', 'blocked'); -- 2.20.1