From: cenarium <cenarium.sysop@gmail.com>
Date: Mon, 25 Jan 2016 21:35:22 +0000 (+0100)
Subject: logging: Abstract LogPager enforcing of action and performer restrictions
X-Git-Tag: 1.31.0-rc.0~1388^2
X-Git-Url: http://git.cyclocoop.org/data/%24oldEdit?a=commitdiff_plain;h=ce881e02e8d6;p=lhc%2Fweb%2Fwiklou.git

logging: Abstract LogPager enforcing of action and performer restrictions

This avoids duplicating the code in the future, such as proposed for
I3ea2c050b6dd6c (T16711).

Change-Id: Ic53b074f542014f156b006864d91a138ba5fb22b
---

diff --git a/includes/logging/LogPager.php b/includes/logging/LogPager.php
index df432e1517..05e55de75d 100644
--- a/includes/logging/LogPager.php
+++ b/includes/logging/LogPager.php
@@ -45,6 +45,12 @@ class LogPager extends ReverseChronologicalPager {
 	/** @var string */
 	private $action = '';
 
+	/** @var bool */
+	private $performerRestrictionsEnforced = false;
+
+	/** @var bool */
+	private $actionRestrictionsEnforced = false;
+
 	/** @var LogEventsList */
 	public $mLogEventsList;
 
@@ -177,14 +183,7 @@ class LogPager extends ReverseChronologicalPager {
 		} else {
 			$this->mConds['log_user'] = $userid;
 		}
-		// Paranoia: avoid brute force searches (T19342)
-		$user = $this->getUser();
-		if ( !$user->isAllowed( 'deletedhistory' ) ) {
-			$this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_USER ) . ' = 0';
-		} elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
-			$this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_USER ) .
-				' != ' . LogPage::SUPPRESSED_USER;
-		}
+		$this->enforcePerformerRestrictions();
 
 		$this->performer = $name;
 	}
@@ -252,14 +251,7 @@ class LogPager extends ReverseChronologicalPager {
 		} else {
 			$this->mConds['log_title'] = $title->getDBkey();
 		}
-		// Paranoia: avoid brute force searches (T19342)
-		$user = $this->getUser();
-		if ( !$user->isAllowed( 'deletedhistory' ) ) {
-			$this->mConds[] = $db->bitAnd( 'log_deleted', LogPage::DELETED_ACTION ) . ' = 0';
-		} elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
-			$this->mConds[] = $db->bitAnd( 'log_deleted', LogPage::SUPPRESSED_ACTION ) .
-				' != ' . LogPage::SUPPRESSED_ACTION;
-		}
+		$this->enforceActionRestrictions();
 	}
 
 	/**
@@ -420,4 +412,39 @@ class LogPager extends ReverseChronologicalPager {
 		parent::doQuery();
 		$this->mDb->setBigSelects( 'default' );
 	}
+
+	/**
+	 * Paranoia: avoid brute force searches (T19342)
+	 */
+	private function enforceActionRestrictions() {
+		if ( $this->actionRestrictionsEnforced ) {
+			return;
+		}
+		$this->actionRestrictionsEnforced = true;
+		$user = $this->getUser();
+		if ( !$user->isAllowed( 'deletedhistory' ) ) {
+			$this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_USER ) . ' = 0';
+		} elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
+			$this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_USER ) .
+				' != ' . LogPage::SUPPRESSED_USER;
+		}
+	}
+
+	/**
+	 * Paranoia: avoid brute force searches (T19342)
+	 */
+	private function enforcePerformerRestrictions() {
+		// Same as enforceActionRestrictions(), except for _USER instead of _ACTION bits.
+		if ( $this->performerRestrictionsEnforced ) {
+			return;
+		}
+		$this->performerRestrictionsEnforced = true;
+		$user = $this->getUser();
+		if ( !$user->isAllowed( 'deletedhistory' ) ) {
+			$this->mConds[] = $db->bitAnd( 'log_deleted', LogPage::DELETED_ACTION ) . ' = 0';
+		} elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
+			$this->mConds[] = $db->bitAnd( 'log_deleted', LogPage::SUPPRESSED_ACTION ) .
+				' != ' . LogPage::SUPPRESSED_ACTION;
+		}
+	}
 }