* Upgrade Sinon.JS to 1.10.3.
* Added the es5-shim polyfill for older or non-compliant javascript engines.
* Upgrade jQuery Cookie to v1.2.0.
+* (bug 20476) Add a "viewsuppressed" user right to be able to view
+ suppressed content but not suppress it ("suppressrevision" right).
=== Bug fixes in 1.24 ===
* (bug 49116) Footer copyright notice is now always displayed in user language
#$wgGroupPermissions['suppress']['hideuser'] = true;
// To hide revisions/log items from users and Sysops
#$wgGroupPermissions['suppress']['suppressrevision'] = true;
+// To view revisions/log items hidden from users and Sysops
+#$wgGroupPermissions['suppress']['viewsuppressed'] = true;
// For private suppression log access
#$wgGroupPermissions['suppress']['suppressionlog'] = true;
*/
public static function userCanBitfield( $bitfield, $field, User $user = null ) {
if ( $bitfield & $field ) { // aspect is deleted
- if ( $bitfield & self::DELETED_RESTRICTED ) {
- $permission = 'suppressrevision';
- } elseif ( $field & self::DELETED_TEXT ) {
- $permission = 'deletedtext';
- } else {
- $permission = 'deletedhistory';
- }
- wfDebug( "Checking for $permission due to $field match on $bitfield\n" );
if ( $user === null ) {
global $wgUser;
$user = $wgUser;
}
- return $user->isAllowed( $permission );
+ if ( $bitfield & self::DELETED_RESTRICTED ) {
+ $permissions = array( 'suppressrevision', 'viewsuppressed' );
+ } elseif ( $field & self::DELETED_TEXT ) {
+ $permissions = array( 'deletedtext' );
+ } else {
+ $permissions = array( 'deletedhistory' );
+ }
+ wfDebug( "Checking for " . implode( ', ', $permissions ) . " due to $field match on $bitfield\n" );
+ return call_user_func_array( array( $user, 'isAllowedAny' ), $permissions );
} else {
return true;
}
'userrights-interwiki',
'viewmyprivateinfo',
'viewmywatchlist',
+ 'viewsuppressed',
'writeapi',
);
* @return bool
*/
public function userCanSeeRevDel() {
- return $this->getUser()->isAllowedAny( 'deletedhistory', 'deletedtext', 'suppressrevision' );
+ return $this->getUser()->isAllowedAny(
+ 'deletedhistory',
+ 'deletedtext',
+ 'suppressrevision',
+ 'viewsuppressed'
+ );
}
}
// check it again just in case)
if ( !$user->isAllowed( 'deletedhistory' ) ) {
$bitmask = Revision::DELETED_USER;
- } elseif ( !$user->isAllowed( 'suppressrevision' ) ) {
+ } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
$bitmask = Revision::DELETED_USER | Revision::DELETED_RESTRICTED;
} else {
$bitmask = 0;
// Exclude files this user can't view.
if ( !$user->isAllowed( 'deletedtext' ) ) {
$bitmask = File::DELETED_FILE;
- } elseif ( !$user->isAllowed( 'suppressrevision' ) ) {
+ } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
$bitmask = File::DELETED_FILE | File::DELETED_RESTRICTED;
} else {
$bitmask = 0;
if ( !$this->getUser()->isAllowed( 'deletedhistory' ) ) {
$titleBits = LogPage::DELETED_ACTION;
$userBits = LogPage::DELETED_USER;
- } elseif ( !$this->getUser()->isAllowed( 'suppressrevision' ) ) {
+ } elseif ( !$this->getUser()->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
$titleBits = LogPage::DELETED_ACTION | LogPage::DELETED_RESTRICTED;
$userBits = LogPage::DELETED_USER | LogPage::DELETED_RESTRICTED;
} else {
if ( !is_null( $params['user'] ) || !is_null( $params['excludeuser'] ) ) {
if ( !$user->isAllowed( 'deletedhistory' ) ) {
$bitmask = Revision::DELETED_USER;
- } elseif ( !$user->isAllowed( 'suppressrevision' ) ) {
+ } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
$bitmask = Revision::DELETED_USER | Revision::DELETED_RESTRICTED;
} else {
$bitmask = 0;
// LogPage::DELETED_ACTION hides the affected page, too.
if ( !$user->isAllowed( 'deletedhistory' ) ) {
$bitmask = LogPage::DELETED_ACTION;
- } elseif ( !$user->isAllowed( 'suppressrevision' ) ) {
+ } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
$bitmask = LogPage::DELETED_ACTION | LogPage::DELETED_RESTRICTED;
} else {
$bitmask = 0;
// Paranoia: avoid brute force searches (bug 17342)
if ( !$this->getUser()->isAllowed( 'deletedhistory' ) ) {
$bitmask = Revision::DELETED_USER;
- } elseif ( !$this->getUser()->isAllowed( 'suppressrevision' ) ) {
+ } elseif ( !$this->getUser()->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
$bitmask = Revision::DELETED_USER | Revision::DELETED_RESTRICTED;
} else {
$bitmask = 0;
// see the username.
if ( !$user->isAllowed( 'deletedhistory' ) ) {
$bitmask = Revision::DELETED_USER;
- } elseif ( !$user->isAllowed( 'suppressrevision' ) ) {
+ } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
$bitmask = Revision::DELETED_USER | Revision::DELETED_RESTRICTED;
} else {
$bitmask = 0;
if ( !is_null( $params['user'] ) || !is_null( $params['excludeuser'] ) ) {
if ( !$user->isAllowed( 'deletedhistory' ) ) {
$bitmask = Revision::DELETED_USER;
- } elseif ( !$user->isAllowed( 'suppressrevision' ) ) {
+ } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
$bitmask = Revision::DELETED_USER | Revision::DELETED_RESTRICTED;
} else {
$bitmask = 0;
// entirely from the watchlist, or someone could guess the title.
if ( !$user->isAllowed( 'deletedhistory' ) ) {
$bitmask = LogPage::DELETED_ACTION;
- } elseif ( !$user->isAllowed( 'suppressrevision' ) ) {
+ } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
$bitmask = LogPage::DELETED_ACTION | LogPage::DELETED_RESTRICTED;
} else {
$bitmask = 0;
*/
public static function userCanBitfield( $bitfield, $field, User $user = null ) {
if ( $bitfield & $field ) {
- if ( $bitfield & LogPage::DELETED_RESTRICTED ) {
- $permission = 'suppressrevision';
- } else {
- $permission = 'deletedhistory';
- }
- wfDebug( "Checking for $permission due to $field match on $bitfield\n" );
if ( $user === null ) {
global $wgUser;
$user = $wgUser;
}
-
- return $user->isAllowed( $permission );
+ if ( $bitfield & LogPage::DELETED_RESTRICTED ) {
+ $permissions = array( 'suppressrevision', 'viewsuppressed' );
+ } else {
+ $permissions = array( 'deletedhistory' );
+ }
+ wfDebug( "Checking for " . implode( ', ', $permissions ) . " due to $field match on $bitfield\n" );
+ return call_user_func_array( array( $user, 'isAllowedAny' ), $permissions );
}
-
return true;
}
$user = $this->getUser();
if ( !$user->isAllowed( 'deletedhistory' ) ) {
$this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_USER ) . ' = 0';
- } elseif ( !$user->isAllowed( 'suppressrevision' ) ) {
+ } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
$this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_USER ) .
' != ' . LogPage::SUPPRESSED_USER;
}
// Paranoia: avoid brute force searches (bug 17342)
if ( !$user->isAllowed( 'deletedhistory' ) ) {
$conds[] = $this->mDb->bitAnd( 'rev_deleted', Revision::DELETED_USER ) . ' = 0';
- } elseif ( !$user->isAllowed( 'suppressrevision' ) ) {
+ } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
$conds[] = $this->mDb->bitAnd( 'rev_deleted', Revision::SUPPRESSED_USER ) .
' != ' . Revision::SUPPRESSED_USER;
}
// Paranoia: avoid brute force searches (bug 17792)
if ( !$user->isAllowed( 'deletedhistory' ) ) {
$conds[] = $this->mDb->bitAnd( 'ar_deleted', Revision::DELETED_USER ) . ' = 0';
- } elseif ( !$user->isAllowed( 'suppressrevision' ) ) {
+ } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
$conds[] = $this->mDb->bitAnd( 'ar_deleted', Revision::SUPPRESSED_USER ) .
' != ' . Revision::SUPPRESSED_USER;
}
throw new ErrorPageError( 'revdelete-nooldid-title', 'revdelete-nooldid-text' );
}
$this->typeLabels = self::$UILabels[$this->typeName];
+ $list = $this->getList();
+ $list->reset();
+ $bitfield = $list->current()->getBits();
$this->mIsAllowed = $user->isAllowed( RevisionDeleter::getRestriction( $this->typeName ) );
+ $canViewSuppressedOnly = $this->getUser()->isAllowed( 'viewsuppressed' ) &&
+ !$this->getUser()->isAllowed( 'suppressrevision' );
+ $pageIsSuppressed = $bitfield & Revision::DELETED_RESTRICTED;
+ $this->mIsAllowed = $this->mIsAllowed && !( $canViewSuppressedOnly && $pageIsSuppressed );
# Allow the list type to adjust the passed target
$this->targetObj = RevisionDeleter::suggestTarget(
Html::hidden( 'target', $this->targetObj->getPrefixedText() ) .
Html::hidden( 'type', $this->typeName ) .
Html::hidden( 'ids', implode( ',', $this->ids ) ) .
- Xml::closeElement( 'fieldset' ) . "\n";
- } else {
- $out = '';
- }
- if ( $this->mIsAllowed ) {
- $out .= Xml::closeElement( 'form' ) . "\n";
+ Xml::closeElement( 'fieldset' ) . "\n" .
+ Xml::closeElement( 'form' ) . "\n";
// Show link to edit the dropdown reasons
if ( $this->getUser()->isAllowed( 'editinterface' ) ) {
$title = Title::makeTitle( NS_MEDIAWIKI, 'Revdelete-reason-dropdown' );
);
$out .= Xml::tags( 'p', array( 'class' => 'mw-revdel-editreasons' ), $link ) . "\n";
}
+ } else {
+ $out = '';
}
$this->getOutput()->addHTML( $out );
}
// the necessary rights.
if ( !$user->isAllowed( 'deletedhistory' ) ) {
$bitmask = LogPage::DELETED_ACTION;
- } elseif ( !$user->isAllowed( 'suppressrevision' ) ) {
+ } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
$bitmask = LogPage::DELETED_ACTION | LogPage::DELETED_RESTRICTED;
} else {
$bitmask = 0;
"right-deletedtext": "View deleted text and changes between deleted revisions",
"right-browsearchive": "Search deleted pages",
"right-undelete": "Undelete a page",
- "right-suppressrevision": "Review and restore revisions hidden from administrators",
+ "right-suppressrevision": "View, hide and unhide specific revisions of pages from any user",
+ "right-viewsuppressed": "View revisions hidden from any user",
"right-suppressionlog": "View private logs",
"right-block": "Block other users from editing",
"right-blockemail": "Block a user from sending email",
"right-deletedtext": "{{doc-right|deletedtext}}",
"right-browsearchive": "{{doc-right|browsearchive}}",
"right-undelete": "{{doc-right|undelete}}",
- "right-suppressrevision": "{{doc-right|suppressrevision}}\nThis user right is part of the [[mw:RevisionDelete|RevisionDelete]] feature.\nIt can be given to the group {{msg-mw|group-suppress}}, although that group is disabled by default.\n\nSee also:\n* {{msg-mw|right-suppressionlog}}\n* {{msg-mw|right-hideuser}}\n* {{msg-mw|right-deletelogentry}}\n* {{msg-mw|right-deleterevision}}",
+ "right-suppressrevision": "{{doc-right|suppressrevision}}\nThis user right is part of the [[mw:RevisionDelete|RevisionDelete]] feature.\nIt can be given to the group {{msg-mw|group-suppress}}, although that group is disabled by default.\n\nSee also:\n* {{msg-mw|right-suppressionlog}}\n* {{msg-mw|right-viewsuppressed}}\n* {{msg-mw|right-hideuser}}\n* {{msg-mw|right-deletelogentry}}\n* {{msg-mw|right-deleterevision}}",
+ "right-viewsuppressed": "{{doc-right|viewsuppressed}}\nThis user right is part of the [[mw:RevisionDelete|RevisionDelete]] feature.\nIt can be given to any group for observation of suppression activities.\n\nSee also:\n* {{msg-mw|right-suppressrevision}}",
"right-suppressionlog": "{{doc-right|suppressionlog}}\nThis user right is part of the [[mw:RevisionDelete|RevisionDelete]] feature.\nIt can be given to the group {{msg-mw|group-suppress}}, although that group is disabled by default.\n\nSee also\n* {{msg-mw|right-suppressrevision}}\n* {{msg-mw|right-hideuser}}\n* {{msg-mw|right-deletelogentry}}\n* {{msg-mw|right-deleterevision}}",
"right-block": "{{doc-right|block}}",
"right-blockemail": "{{doc-right|blockemail}}",