From: Andrew Garrett <werdna@users.mediawiki.org>
Date: Sat, 1 Dec 2007 09:08:43 +0000 (+0000)
Subject: * (bug 11346) Prevent users who cannot edit a page from changing its restrictions.
X-Git-Tag: 1.31.0-rc.0~50646
X-Git-Url: http://git.cyclocoop.org/%7B%24admin_url%7Dmes_infos.php?a=commitdiff_plain;h=a94424d59c51a7d3869fd2cf54a9007222056b3b;p=lhc%2Fweb%2Fwiklou.git

* (bug 11346) Prevent users who cannot edit a page from changing its restrictions.
---

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 77c55c9129..768e9063f7 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -202,6 +202,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
 * namespaceDupes.php no longer dies when coming across an illegal title
 * (bug 12143) Do not show a link to patrol new pages for non existent pages
 * (bug 12166) Fix XHTML validity for Special:Emailuser
+* (bug 11346) Users who cannot edit a page can now no longer unprotect it.
 
 == Parser changes in 1.12 ==
 
diff --git a/includes/Article.php b/includes/Article.php
index 96ff213487..d3383dde51 100644
--- a/includes/Article.php
+++ b/includes/Article.php
@@ -1709,7 +1709,7 @@ class Article {
 		global $wgUser, $wgRestrictionTypes, $wgContLang;
 
 		$id = $this->mTitle->getArticleID();
-		if( !$wgUser->isAllowed( 'protect' ) || wfReadOnly() || $id == 0 ) {
+		if( array() != $this->mTitle->getUserPermissionsErrors( 'protect', $wgUser ) || wfReadOnly() || $id == 0 ) {
 			return false;
 		}
 
diff --git a/includes/ProtectionForm.php b/includes/ProtectionForm.php
index e2c8db7e3e..3bfd03347d 100644
--- a/includes/ProtectionForm.php
+++ b/includes/ProtectionForm.php
@@ -28,6 +28,7 @@ class ProtectionForm {
 	var $mReason = '';
 	var $mCascade = false;
 	var $mExpiry = null;
+	var $mPermErrors = array();
 
 	function __construct( &$article ) {
 		global $wgRequest, $wgUser;
@@ -56,7 +57,7 @@ class ProtectionForm {
 		}
 
 		// The form will be available in read-only to show levels.
-		$this->disabled = !$wgUser->isAllowed( 'protect' ) || wfReadOnly() || $wgUser->isBlocked();
+		$this->disabled = ($this->mPermErrors = $this->mTitle->getUserPermissionsErrors('protect',$wgUser)) != array();
 		$this->disabledAttrib = $this->disabled
 			? array( 'disabled' => 'disabled' )
 			: array();
@@ -125,22 +126,11 @@ class ProtectionForm {
 		# Show an appropriate message if the user isn't allowed or able to change
 		# the protection settings at this time
 		if( $this->disabled ) {
-			if( $wgUser->isAllowed( 'protect' ) ) {
-				if( $wgUser->isBlocked() ) {
-					# Blocked
-					$message = 'protect-locked-blocked';
-				} else {
-					# Database lock
-					$message = 'protect-locked-dblock';
-				}
-			} else {
-				# Permission error
-				$message = 'protect-locked-access';
-			}
+			$message = $wgOut->formatPermissionsErrorMessage( $this->mPermErrors );
 		} else {
-			$message = 'protect-text';
+			$message = wfMsg( 'protect-text', wfEscapeWikiText( $this->mTitle->getPrefixedText() ) );
 		}
-		$wgOut->addWikiText( wfMsg( $message, wfEscapeWikiText( $this->mTitle->getPrefixedText() ) ) );
+		$wgOut->addWikiText( $message );
 
 		$wgOut->addHTML( $this->buildForm() );
 
@@ -394,4 +384,4 @@ class ProtectionForm {
 		$logViewer->showList( $out );
 	}
 
-}
\ No newline at end of file
+}
diff --git a/includes/Title.php b/includes/Title.php
index 567e18acaa..9e361e233f 100644
--- a/includes/Title.php
+++ b/includes/Title.php
@@ -1188,6 +1188,13 @@ class Title {
 			}
 		}
 
+		if ($action == 'protect')
+		{
+			if ($this->getUserPermissionsErrors('edit', $user) != array()) {
+				$errors[] = array( 'protect-cantedit' ); // If they can't edit, they shouldn't protect.
+			}
+		}
+
 		if( $action == 'create' ) {
 			if( (  $this->isTalkPage() && !$user->isAllowed( 'createtalk' ) ) ||
 				( !$this->isTalkPage() && !$user->isAllowed( 'createpage' ) ) ) {
@@ -1195,9 +1202,9 @@ class Title {
 			}
 		} elseif( $action == 'move' && !( $this->isMovable() && $user->isAllowed( 'move' ) ) ) {
 			$errors[] = $user->isAnon() ? array ( 'movenologintext' ) : array ('movenotallowed');
-        } else if ( !$user->isAllowed( $action ) ) {
+       		} else if ( !$user->isAllowed( $action ) ) {
 			$return = null;
-		    $groups = array();
+			$groups = array();
 			global $wgGroupPermissions;
 		        foreach( $wgGroupPermissions as $key => $value ) {
 		            if( isset( $value[$action] ) && $value[$action] == true ) {
diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php
index a9d43de6ee..c0c0140137 100644
--- a/languages/messages/MessagesEn.php
+++ b/languages/messages/MessagesEn.php
@@ -1941,6 +1941,7 @@ Here are the current settings for the page <strong>$1</strong>:',
 'protect-summary-cascade'     => 'cascading',
 'protect-expiring'            => 'expires $1 (UTC)',
 'protect-cascade'             => 'Protect pages included in this page (cascading protection)',
+'protect-cantedit'	      => 'You cannot change the protection levels of this page, because you do not have permission to edit it.',
 'restriction-type'            => 'Permission:',
 'restriction-level'           => 'Restriction level:',
 'minimum-size'                => 'Min size',