* New permission userrights-interwiki for changing user rights on foreign wikis.
* $wgImplictGroups for groups that are hidden from Special:Listusers, etc.
* $wgAutopromote: automatically promote users who match specified criteria
-* The 'rollback' permission now only affects whether rollback is made available
- through the interface. Users without the rollback permission can still use
- it by generating the proper token through, e.g., a script. This does nothing
- but allow automated rollback scripts to operate more efficiently, without al-
- lowing them to do anything extra.
=== New features in 1.12 ===
* (bug 10735) Add a warning for non-descriptive filenames at Special:Upload
}
/**
- * Roll back the most recent consecutive set of edits to a page from the
- * same user; fails if there are no eligible edits to roll back to, e.g.
- * user is the sole contributor.
- *
- * FIXME: We shouldn't do permissions checking here; that should be done in
- * a wrapper so that server-side scripts can use this if they know what
- * they're doing.
+ * Roll back the most recent consecutive set of edits to a page
+ * from the same user; fails if there are no eligible edits to
+ * roll back to, e.g. user is the sole contributor
*
* @param string $fromP - Name of the user whose edits to rollback.
* @param string $summary - Custom summary. Set to default summary if empty.
# Just in case it's being called from elsewhere
- if( $this->mTitle->userCan( 'edit' ) ) {
+ if( $wgUser->isAllowed( 'rollback' ) && $this->mTitle->userCan( 'edit' ) ) {
if( $wgUser->isBlocked() ) {
return self::BLOCKED;
}
$details = null;
- # We do permissions checking twice, for some reason . . .
- $perm_errors = $this->mTitle->getUserPermissionsErrors( 'edit', $wgUser );
+ # Skip the permissions-checking in doRollback() itself, by checking permissions here.
+
+ $perm_errors = array_merge( $this->mTitle->getUserPermissionsErrors( 'edit', $wgUser ),
+ $this->mTitle->getUserPermissionsErrors( 'rollback', $wgUser ) );
if (count($perm_errors)) {
$wgOut->showPermissionsErrorPage( $perm_errors );
$wgOut->blockedPage();
break;
case self::PERM_DENIED:
- $wgOut->permissionRequired( 'edit' );
+ $wgOut->permissionRequired( 'rollback' );
break;
case self::READONLY:
$wgOut->readOnlyPage( $this->getContent() );