=== Action API changes in 1.34 ===
* The 'recenteditcount' response property from action=query list=allusers,
deprecated in 1.25, has been removed.
-* (T60993) action=query list=filearchive no longer requires the 'deletedhistory'
- user right.
+* (T60993) action=query list=filearchive, list=alldeletedrevisions and
+ prop=deletedrevisions no longer require the 'deletedhistory' user right.
=== Action API internal changes in 1.34 ===
* The exception thrown in ApiModuleManager::getModule has been changed
* @return void
*/
protected function run( ApiPageSet $resultPageSet = null ) {
- // Before doing anything at all, let's check permissions
- $this->checkUserRightsAny( 'deletedhistory' );
-
$user = $this->getUser();
$db = $this->getDB();
$params = $this->extractRequestParams( false );
}
// This means stricter restrictions
- if ( $this->fetchContent ) {
- $this->checkUserRightsAny( [ 'deletedtext', 'undelete' ] );
+ if ( ( $this->fld_comment || $this->fld_parsedcomment ) &&
+ !$this->getPermissionManager()->userHasRight( $user, 'deletedhistory' )
+ ) {
+ $this->dieWithError( 'apierror-cantview-deleted-comment', 'permissiondenied' );
+ }
+ if ( $this->fetchContent &&
+ !$this->getPermissionManager()->userHasAnyRight( $user, 'deletedtext', 'undelete' )
+ ) {
+ $this->dieWithError( 'apierror-cantview-deleted-revision-content', 'permissiondenied' );
}
$miser_ns = null;
if ( !is_null( $params['user'] ) || !is_null( $params['excludeuser'] ) ) {
// Paranoia: avoid brute force searches (T19342)
- // (shouldn't be able to get here without 'deletedhistory', but
- // check it again just in case)
if ( !$this->getPermissionManager()->userHasRight( $user, 'deletedhistory' ) ) {
$bitmask = RevisionRecord::DELETED_USER;
} elseif ( !$this->getPermissionManager()
protected function run( ApiPageSet $resultPageSet = null ) {
$user = $this->getUser();
- // Before doing anything at all, let's check permissions
- $this->checkUserRightsAny( 'deletedhistory' );
$pageSet = $this->getPageSet();
$pageMap = $pageSet->getGoodAndMissingTitlesByNamespace();
}
// This means stricter restrictions
- if ( $this->fetchContent ) {
- $this->checkUserRightsAny( [ 'deletedtext', 'undelete' ] );
+ if ( ( $this->fld_comment || $this->fld_parsedcomment ) &&
+ !$this->getPermissionManager()->userHasRight( $user, 'deletedhistory' )
+ ) {
+ $this->dieWithError( 'apierror-cantview-deleted-comment', 'permissiondenied' );
+ }
+ if ( $this->fetchContent &&
+ !$this->getPermissionManager()->userHasAnyRight( $user, 'deletedtext', 'undelete' )
+ ) {
+ $this->dieWithError( 'apierror-cantview-deleted-revision-content', 'permissiondenied' );
}
$dir = $params['dir'];
if ( !is_null( $params['user'] ) || !is_null( $params['excludeuser'] ) ) {
// Paranoia: avoid brute force searches (T19342)
- // (shouldn't be able to get here without 'deletedhistory', but
- // check it again just in case)
if ( !$this->getPermissionManager()->userHasRight( $user, 'deletedhistory' ) ) {
$bitmask = RevisionRecord::DELETED_USER;
} elseif ( !$this->getPermissionManager()
"apierror-cantoverwrite-sharedfile": "The target file exists on a shared repository and you do not have permission to override it.",
"apierror-cantsend": "You are not logged in, you do not have a confirmed email address, or you are not allowed to send email to other users, so you cannot send email.",
"apierror-cantundelete": "Couldn't undelete: the requested revisions may not exist, or may have been undeleted already.",
+ "apierror-cantview-deleted-comment": "You don't have permission to view deleted comments.",
"apierror-cantview-deleted-description": "You don't have permission to view descriptions of deleted files.",
"apierror-cantview-deleted-metadata": "You don't have permission to view metadata of deleted files.",
+ "apierror-cantview-deleted-revision-content": "You don't have permission to view content of deleted revisions.",
"apierror-changeauth-norequest": "Failed to create change request.",
"apierror-chunk-too-small": "Minimum chunk size is $1 {{PLURAL:$1|byte|bytes}} for non-final chunks.",
"apierror-cidrtoobroad": "$1 CIDR ranges broader than /$2 are not accepted.",
"apierror-cantoverwrite-sharedfile": "{{doc-apierror}}",
"apierror-cantsend": "{{doc-apierror}}",
"apierror-cantundelete": "{{doc-apierror}}",
+ "apierror-cantview-deleted-comment": "{{doc-apierror}}",
"apierror-cantview-deleted-description": "{{doc-apierror}}",
"apierror-cantview-deleted-metadata": "{{doc-apierror}}",
+ "apierror-cantview-deleted-revision-content": "{{doc-apierror}}",
"apierror-changeauth-norequest": "{{doc-apierror}}",
"apierror-chunk-too-small": "{{doc-apierror}}\n\nParameters:\n* $1 - Minimum size in bytes.",
"apierror-cidrtoobroad": "{{doc-apierror}}\n\nParameters:\n* $1 - \"IPv4\" or \"IPv6\"\n* $2 - Minimum CIDR mask length.",