From: Brad Jorsch Date: Sun, 10 Aug 2014 20:23:28 +0000 (+0100) Subject: Do not allow a user to delete a page they can't edit X-Git-Tag: 1.31.0-rc.0~14480^2 X-Git-Url: http://git.cyclocoop.org/fichier?a=commitdiff_plain;h=002a27790137e91b124ffeed6efc8dbe833e1dab;p=lhc%2Fweb%2Fwiklou.git Do not allow a user to delete a page they can't edit This was probably overlooked in the past because usually the only users who can delete pages also have permission to edit the relevant protection levels. Change-Id: Ibe28a69c9fbab00b81c53b1643df722a3f1fbf19 --- diff --git a/includes/Title.php b/includes/Title.php index 8e0608705a..a1b2352f5e 100644 --- a/includes/Title.php +++ b/includes/Title.php @@ -2258,6 +2258,12 @@ class Title { $errors[] = array( 'immobile-target-page' ); } } elseif ( $action == 'delete' ) { + if ( count( $this->getUserPermissionsErrorsInternal( 'edit', + $user, $doExpensiveQueries, true ) ) + ) { + // If they can't edit, they shouldn't delete. + $errors[] = array( 'delete-cantedit' ); + } if ( $doExpensiveQueries && $wgDeleteRevisionsLimit && !$this->userCan( 'bigdelete', $user ) && $this->isBigDeletion() ) { diff --git a/includes/api/ApiBase.php b/includes/api/ApiBase.php index a3ada80f9e..a280ddf036 100644 --- a/includes/api/ApiBase.php +++ b/includes/api/ApiBase.php @@ -1411,6 +1411,10 @@ abstract class ApiBase extends ContextSource { 'code' => 'cantedit', 'info' => "You can't protect this page because you can't edit it" ), + 'delete-cantedit' => array( + 'code' => 'cantedit', + 'info' => "You can't delete this page because you can't edit it" + ), 'badaccess-group0' => array( 'code' => 'permissiondenied', 'info' => "Permission denied" diff --git a/languages/i18n/en.json b/languages/i18n/en.json index 8230d7f5a8..a43a7421a0 100644 --- a/languages/i18n/en.json +++ b/languages/i18n/en.json @@ -1876,6 +1876,7 @@ "delete-edit-reasonlist": "Edit deletion reasons", "delete-toobig": "This page has a large edit history, over $1 {{PLURAL:$1|revision|revisions}}.\nDeletion of such pages has been restricted to prevent accidental disruption of {{SITENAME}}.", "delete-warning-toobig": "This page has a large edit history, over $1 {{PLURAL:$1|revision|revisions}}.\nDeleting it may disrupt database operations of {{SITENAME}};\nproceed with caution.", + "delete-cantedit": "You cannot delete this page because you do not have permission to edit it.", "deleting-backlinks-warning": "'''Warning:''' [[Special:WhatLinksHere/{{FULLPAGENAME}}|Other pages]] link to or transclude the page you are about to delete.", "rollback": "Roll back edits", "rollback_short": "Rollback", diff --git a/languages/i18n/qqq.json b/languages/i18n/qqq.json index 9ac5b67f8d..1b98ee3c12 100644 --- a/languages/i18n/qqq.json +++ b/languages/i18n/qqq.json @@ -2038,6 +2038,7 @@ "delete-edit-reasonlist": "Shown beneath the page deletion form on the right side. It is a link to {{msg-mw|Deletereason-dropdown|notext=1}}.\n\nSee also:\n* {{msg-mw|Ipb-edit-dropdown}}\n* {{msg-mw|Protect-edit-reasonlist}}.\n{{Identical|Edit delete reasons}}", "delete-toobig": "Parameters:\n* $1 - the upper limit of number of revisions\nSee also:\n* {{msg-mw|Delete-warning-toobig}}", "delete-warning-toobig": "Parameters:\n* $1 - the upper limit of number of revisions\nSee also:\n* {{msg-mw|Delete-toobig}}", + "delete-cantedit": "Used as error message when deleting the page.", "deleting-backlinks-warning": "A warning shown when a page that is being deleted has at least one link to it or is transcluded in at least one page.", "rollback": "{{Identical|Rollback}}", "rollback_short": "{{Identical|Rollback}}",