From f87054a2f6e8bf0bc75e0d10d6fbe4a0f2a27472 Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@users.mediawiki.org>
Date: Sun, 19 Jun 2005 08:03:40 +0000
Subject: [PATCH] * Special:Upload now uses 'upload' permission instead of
 hardcoding login check * Add 'importupload' permission to disable direct
 uploads to Special:Import

---
 RELEASE-NOTES                |  2 ++
 includes/DefaultSettings.php | 10 ++++++++--
 includes/SpecialImport.php   | 21 ++++++++++++++++-----
 includes/SpecialUpload.php   |  3 +--
 languages/Language.php       |  1 +
 5 files changed, 28 insertions(+), 9 deletions(-)

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 454260e8c4..4074311ac8 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -300,6 +300,8 @@ Various bugfixes, small features, and a few experimental things:
 * badaccess/badaccesstext to supercede sysop*, developer* messages
 * Changed $wgGroupPermissions to more cut-n-paste-friendly format
 * 'developer' group deprecated by default
+* Special:Upload now uses 'upload' permission instead of hardcoding login check
+* Add 'importupload' permission to disable direct uploads to Special:Import
 
 
 === Caveats ===
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 2bba373cdc..dd4895a010 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -686,6 +686,7 @@ $wgGroupPermissions['*'    ]['read']            = true;
 
 $wgGroupPermissions['user' ]['move']            = true;
 $wgGroupPermissions['user' ]['read']            = true;
+$wgGroupPermissions['user' ]['upload']          = true;
 
 $wgGroupPermissions['bot'  ]['bot']             = true;
 
@@ -694,10 +695,12 @@ $wgGroupPermissions['sysop']['createaccount']   = true;
 $wgGroupPermissions['sysop']['delete']          = true;
 $wgGroupPermissions['sysop']['editinterface']   = true;
 $wgGroupPermissions['sysop']['import']          = true;
-$wgGroupPermissions['sysop']['importraw']       = true;
+$wgGroupPermissions['sysop']['importupload']    = true;
+$wgGroupPermissions['user' ]['move']            = true;
 $wgGroupPermissions['sysop']['patrol']          = true;
 $wgGroupPermissions['sysop']['protect']         = true;
 $wgGroupPermissions['sysop']['rollback']        = true;
+$wgGroupPermissions['user' ]['upload']          = true;
 
 $wgGroupPermissions['bureaucrat']['userrights'] = true;
 
@@ -1130,8 +1133,11 @@ $wgCapitalLinks = true;
 
 /**
  * List of interwiki prefixes for wikis we'll accept as sources for
- * Special:Import (for sysops). Since complete page history# can be imported,
+ * Special:Import (for sysops). Since complete page history can be imported,
  * these should be 'trusted'.
+ *
+ * If a user has the 'import' permission but not the 'importupload' permission,
+ * they will only be able to run imports through this transwiki interface.
  */
 $wgImportSources = array();
 
diff --git a/includes/SpecialImport.php b/includes/SpecialImport.php
index 09bc312319..ef27e6d89c 100644
--- a/includes/SpecialImport.php
+++ b/includes/SpecialImport.php
@@ -29,7 +29,7 @@ require_once( 'WikiError.php' );
  * Constructor
  */
 function wfSpecialImport( $page = '' ) {
-	global $wgOut, $wgLang, $wgRequest, $wgTitle;
+	global $wgUser, $wgOut, $wgLang, $wgRequest, $wgTitle;
 	global $wgImportSources;
 	
 	###
@@ -42,7 +42,11 @@ function wfSpecialImport( $page = '' ) {
 		
 		switch( $wgRequest->getVal( "source" ) ) {
 		case "upload":
-			$result = $importer->setupFromUpload( "xmlimport" );
+			if( $wgUser->isAllowed( 'importupload' ) ) {
+				$result = $importer->setupFromUpload( "xmlimport" );
+			} else {
+				return $wgOut->permissionRequired( 'importupload' );
+			}
 			break;
 		case "interwiki":
 			$result = $importer->setupFromInterwiki(
@@ -68,9 +72,11 @@ function wfSpecialImport( $page = '' ) {
 		}
 	}
 	
-	$wgOut->addWikiText( "<p>" . wfMsg( "importtext" ) . "</p>" );
 	$action = $wgTitle->escapeLocalUrl( 'action=submit' );
-	$wgOut->addHTML( "
+	
+	if( $wgUser->isAllowed( 'importupload' ) ) {
+		$wgOut->addWikiText( "<p>" . wfMsg( "importtext" ) . "</p>" );
+		$wgOut->addHTML( "
 <fieldset>
 	<legend>Upload XML</legend>
 	<form enctype='multipart/form-data' method='post' action=\"$action\">
@@ -82,7 +88,12 @@ function wfSpecialImport( $page = '' ) {
 	</form>
 </fieldset>
 " );
-
+	} else {
+		if( empty( $wgImportSources ) ) {
+			$wgOut->addWikiText( wfMsg( 'importnosources' ) );
+		}
+	}
+	
 	if( !empty( $wgImportSources ) ) {
 		$wgOut->addHTML( "
 <fieldset>
diff --git a/includes/SpecialUpload.php b/includes/SpecialUpload.php
index 93ae71f91b..b732874676 100644
--- a/includes/SpecialUpload.php
+++ b/includes/SpecialUpload.php
@@ -99,8 +99,7 @@ class UploadForm {
 		}
 
 		/** Various rights checks */
-		if( ( $wgUser->isAnon() )
-			 OR $wgUser->isBlocked() ) {
+		if( !$wgUser->isAllowed( 'upload' ) || $wgUser->isBlocked() ) {
 			$wgOut->errorpage( 'uploadnologin', 'uploadnologintext' );
 			return;
 		}
diff --git a/languages/Language.php b/languages/Language.php
index c95a22a2c0..a5eaee3639 100644
--- a/languages/Language.php
+++ b/languages/Language.php
@@ -1656,6 +1656,7 @@ article [[Train]].
 'importnotext'	=> 'Empty or no text',
 'importsuccess'	=> 'Import succeeded!',
 'importhistoryconflict' => 'Conflicting history revision exists (may have imported this page before)',
+'importnosources' => 'No transwiki import sources have been defined and direct history uploads are disabled.',
 
 # Keyboard access keys for power users
 'accesskey-search' => 'f',
-- 
2.20.1