Merge AssertEdit extension into core

Added &assert=user and &assert=bot for all API modules.

Some functionality was dropped:
* assert='exists': the edit API already has &nocreate/&createonly
* nassert parameter: there is no usecase for checking that your
  account is logged out or not flagged
* assert=true/false: If you want to test a failing assertion, log out
* assert=test: Not useful
* Checking edits via index.php

The error format was changed from:
{"edit": {"assert": "bot", "result": "Failure"}}
to the standard format of API errors in an 'errors' array
using the codes: 'assertuserfailed' and 'assertbotfailed'.

Bug: 27841
Bug: 53106
Change-Id: Ia4815168548fea3dbf1c305792a451374f2a3b7e

diff --git a/RELEASE-NOTES-1.23 b/RELEASE-NOTES-1.23
index 2a0f673..afa7efd 100644 (file)
--- a/RELEASE-NOTES-1.23
+++ b/RELEASE-NOTES-1.23
@@ -65,6 +65,10 @@ production.
   its #test method when strings are used in the browser map: version '1.10' is
   now correctly considered larger than '1.2'. Using numbers in the version map
   is not affected.
+* All API modules now support an assert parameter, which can either be
+  'user' or 'bot'. The API will throw an error if the user is not logged
+  in (user) or does not have the 'bot' userright (bot). Based off of the
+  AssertEdit extension by Steve Sanbeg.
 
 === Bug fixes in 1.23 ===
 * (bug 41759) The "updated since last visit" markers (on history pages, recent
@@ -104,6 +108,8 @@ production.
 * ApiQueryBase::titlePartToKey allows an extra parameter that indicates the
   namespace in order to properly capitalize the title part.
 * (bug 57874) action=feedcontributions no longer has one item more than limit.
+* All API modules now support an assert parameter. See the new features section
+  for more details.
 
 === Languages updated in 1.23 ===
 

diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php
index 829ba6f..f69d3ff 100644 (file)
--- a/includes/api/ApiMain.php
+++ b/includes/api/ApiMain.php
@@ -815,6 +815,28 @@ class ApiMain extends ApiBase {
                }
        }
 
+       /**
+        * Check asserts of the user's rights
+        * @param $params array
+        */
+       protected function checkAsserts( $params ) {
+               if ( isset( $params['assert'] ) ) {
+                       $user = $this->getUser();
+                       switch ( $params['assert'] ) {
+                               case 'user':
+                                       if ( $user->isAnon() ) {
+                                               $this->dieUsage( 'Assertion that the user is logged in failed', 'assertuserfailed' );
+                                       }
+                                       break;
+                               case 'bot':
+                                       if ( !$user->isAllowed( 'bot' ) ) {
+                                               $this->dieUsage( 'Assertion that the user has the bot right failed', 'assertbotfailed' );
+                                       }
+                                       break;
+                       }
+               }
+       }
+
        /**
         * Check POST for external response and setup result printer
         * @param $module ApiBase An Api module
@@ -857,6 +879,8 @@ class ApiMain extends ApiBase {
                        $this->setupExternalResponse( $module, $params );
                }
 
+               $this->checkAsserts( $params );
+
                // Execute
                $module->profileIn();
                $module->execute();
@@ -1046,6 +1070,9 @@ class ApiMain extends ApiBase {
                                ApiBase::PARAM_TYPE => 'integer',
                                ApiBase::PARAM_DFLT => 0
                        ),
+                       'assert' => array(
+                               ApiBase::PARAM_TYPE => array( 'user', 'bot' )
+                       ),
                        'requestid' => null,
                        'servedby' => false,
                        'origin' => null,
@@ -1071,6 +1098,7 @@ class ApiMain extends ApiBase {
                        ),
                        'smaxage' => 'Set the s-maxage header to this many seconds. Errors are never cached',
                        'maxage' => 'Set the max-age header to this many seconds. Errors are never cached',
+                       'assert' => 'Verify the user is logged in if set to "user", or has the bot userright if "bot"',
                        'requestid' => 'Request ID to distinguish requests. This will just be output back to you',
                        'servedby' => 'Include the hostname that served the request in the ' .
                                'results. Unconditionally shown on error',
@@ -1143,6 +1171,8 @@ class ApiMain extends ApiBase {
                        array( 'code' => 'unknown_action', 'info' => 'The API requires a valid action parameter' ),
                        array( 'code' => 'maxlag', 'info' => 'Waiting for host: x seconds lagged' ),
                        array( 'code' => 'maxlag', 'info' => 'Waiting for a database server: x seconds lagged' ),
+                       array( 'code' => 'assertuserfailed', 'info' => 'Assertion that the user is logged in failed' ),
+                       array( 'code' => 'assertbotfailed', 'info' => 'Assertion that the user has the bot right failed' ),
                ) );
        }