Do not allow a user to delete a page they can't edit

This was probably overlooked in the past because usually the only users
who can delete pages also have permission to edit the relevant
protection levels.

Change-Id: Ibe28a69c9fbab00b81c53b1643df722a3f1fbf19

diff --git a/includes/Title.php b/includes/Title.php
index 8e06087..a1b2352 100644 (file)
--- a/includes/Title.php
+++ b/includes/Title.php
@@ -2258,6 +2258,12 @@ class Title {
                                $errors[] = array( 'immobile-target-page' );
                        }
                } elseif ( $action == 'delete' ) {
+                       if ( count( $this->getUserPermissionsErrorsInternal( 'edit',
+                               $user, $doExpensiveQueries, true ) )
+                       ) {
+                               // If they can't edit, they shouldn't delete.
+                               $errors[] = array( 'delete-cantedit' );
+                       }
                        if ( $doExpensiveQueries && $wgDeleteRevisionsLimit
                                && !$this->userCan( 'bigdelete', $user ) && $this->isBigDeletion()
                        ) {

diff --git a/includes/api/ApiBase.php b/includes/api/ApiBase.php
index a3ada80..a280ddf 100644 (file)
--- a/includes/api/ApiBase.php
+++ b/includes/api/ApiBase.php
@@ -1411,6 +1411,10 @@ abstract class ApiBase extends ContextSource {
                        'code' => 'cantedit',
                        'info' => "You can't protect this page because you can't edit it"
                ),
+               'delete-cantedit' => array(
+                       'code' => 'cantedit',
+                       'info' => "You can't delete this page because you can't edit it"
+               ),
                'badaccess-group0' => array(
                        'code' => 'permissiondenied',
                        'info' => "Permission denied"

diff --git a/languages/i18n/en.json b/languages/i18n/en.json
index 8230d7f..a43a742 100644 (file)
--- a/languages/i18n/en.json
+++ b/languages/i18n/en.json
@@ -1876,6 +1876,7 @@
        "delete-edit-reasonlist": "Edit deletion reasons",
        "delete-toobig": "This page has a large edit history, over $1 {{PLURAL:$1|revision|revisions}}.\nDeletion of such pages has been restricted to prevent accidental disruption of {{SITENAME}}.",
        "delete-warning-toobig": "This page has a large edit history, over $1 {{PLURAL:$1|revision|revisions}}.\nDeleting it may disrupt database operations of {{SITENAME}};\nproceed with caution.",
+       "delete-cantedit": "You cannot delete this page because you do not have permission to edit it.",
        "deleting-backlinks-warning": "'''Warning:''' [[Special:WhatLinksHere/{{FULLPAGENAME}}|Other pages]] link to or transclude the page you are about to delete.",
        "rollback": "Roll back edits",
        "rollback_short": "Rollback",

diff --git a/languages/i18n/qqq.json b/languages/i18n/qqq.json
index 9ac5b67..1b98ee3 100644 (file)
--- a/languages/i18n/qqq.json
+++ b/languages/i18n/qqq.json
@@ -2038,6 +2038,7 @@
        "delete-edit-reasonlist": "Shown beneath the page deletion form on the right side. It is a link to {{msg-mw|Deletereason-dropdown|notext=1}}.\n\nSee also:\n* {{msg-mw|Ipb-edit-dropdown}}\n* {{msg-mw|Protect-edit-reasonlist}}.\n{{Identical|Edit delete reasons}}",
        "delete-toobig": "Parameters:\n* $1 - the upper limit of number of revisions\nSee also:\n* {{msg-mw|Delete-warning-toobig}}",
        "delete-warning-toobig": "Parameters:\n* $1 - the upper limit of number of revisions\nSee also:\n* {{msg-mw|Delete-toobig}}",
+       "delete-cantedit": "Used as error message when deleting the page.",
        "deleting-backlinks-warning": "A warning shown when a page that is being deleted has at least one link to it or is transcluded in at least one page.",
        "rollback": "{{Identical|Rollback}}",
        "rollback_short": "{{Identical|Rollback}}",