From da3464badaf9c067a4c3d98448ca72a8324e1e19 Mon Sep 17 00:00:00 2001 From: MGChecker Date: Tue, 3 May 2016 19:07:53 +0200 Subject: [PATCH] Split editcascadeprotected permission from protect permission Currently, both permissions are summarised in the protect permission. This is unadvantageous for wikis that want to split this permission, for example for the main page: They don't want protection changes by non-sysop users there, but on transcluded pages some less privileged users are allowed to edit. Currently, it is impossible to divide these permissions in a clean way (they can add a hack depnding on action parameter in LocalSettings.php right now). Furthermore, an additional permission is no pain, because by default it is handled the same as protect until now. Note that for sakes of backwards compability I decided to handle editcascadeprotected as a subset of protect instead of removing all permissions to edit cascadeprotected pages (and change the cascade protection state of a page) for users who only have got the protect permission. Furthermore a different model would raise some strange questions about the behaivour of the protection form for users with protect, but no editcascadeprotected. Bug: T101309 Change-Id: I0734d6c26e75d7d7c01cf9750ad0315dd2c85bef --- includes/DefaultSettings.php | 2 ++ includes/Title.php | 8 ++++++-- includes/user/User.php | 1 + languages/i18n/en.json | 3 ++- languages/i18n/qqq.json | 1 + tests/phpunit/includes/TitlePermissionTest.php | 2 +- 6 files changed, 13 insertions(+), 4 deletions(-) diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 5b3684b336..0bc8ad727d 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -4882,6 +4882,7 @@ $wgGroupPermissions['sysop']['move-categorypages'] = true; $wgGroupPermissions['sysop']['patrol'] = true; $wgGroupPermissions['sysop']['autopatrol'] = true; $wgGroupPermissions['sysop']['protect'] = true; +$wgGroupPermissions['sysop']['editcascadeprotected'] = true; $wgGroupPermissions['sysop']['editprotected'] = true; $wgGroupPermissions['sysop']['rollback'] = true; $wgGroupPermissions['sysop']['upload'] = true; @@ -5478,6 +5479,7 @@ $wgGrantPermissions['delete']['undelete'] = true; $wgGrantPermissions['protect'] = $wgGrantPermissions['editprotected']; $wgGrantPermissions['protect']['protect'] = true; +$wgGrantPermissions['protect']['editcascadeprotected'] = true; $wgGrantPermissions['viewmywatchlist']['viewmywatchlist'] = true; diff --git a/includes/Title.php b/includes/Title.php index 7887890474..9c9917aad4 100644 --- a/includes/Title.php +++ b/includes/Title.php @@ -2156,7 +2156,9 @@ class Title implements LinkTarget { } if ( !$user->isAllowed( $right ) ) { $errors[] = [ 'protectedpagetext', $right, $action ]; - } elseif ( $this->mCascadeRestriction && !$user->isAllowed( 'protect' ) ) { + } elseif ( $this->mCascadeRestriction && + !$user->isAllowedAny( 'editcascadeprotected', 'protect' ) ) + { $errors[] = [ 'protectedpagetext', 'protect', $action ]; } } @@ -2197,7 +2199,9 @@ class Title implements LinkTarget { if ( $right == 'autoconfirmed' ) { $right = 'editsemiprotected'; } - if ( $right != '' && !$user->isAllowedAll( 'protect', $right ) ) { + if ( $right != '' && !$user->isAllowed( $right ) && + !$user->isAllowedAny( 'editcascadeprotected', 'protect' ) ) + { $pages = ''; foreach ( $cascadingSources as $page ) { $pages .= '* [[:' . $page->getPrefixedText() . "]]\n"; diff --git a/includes/user/User.php b/includes/user/User.php index 7c32c3b5a2..d473e709f5 100644 --- a/includes/user/User.php +++ b/includes/user/User.php @@ -132,6 +132,7 @@ class User implements IDBAccessObject { 'deletelogentry', 'deleterevision', 'edit', + 'editcascadeprotected', 'editcontentmodel', 'editinterface', 'editprotected', diff --git a/languages/i18n/en.json b/languages/i18n/en.json index aacf623bdb..21088bd8cc 100644 --- a/languages/i18n/en.json +++ b/languages/i18n/en.json @@ -1193,7 +1193,8 @@ "right-hideuser": "Block a username, hiding it from the public", "right-ipblock-exempt": "Bypass IP blocks, auto-blocks and range blocks", "right-unblockself": "Unblock oneself", - "right-protect": "Change protection levels and edit cascade-protected pages", + "right-protect": "Change protection levels", + "right-editcascadeprotected": "Edit cascade-protected pages", "right-editprotected": "Edit pages protected as \"{{int:protect-level-sysop}}\"", "right-editsemiprotected": "Edit pages protected as \"{{int:protect-level-autoconfirmed}}\"", "right-editcontentmodel": "Edit the content model of a page", diff --git a/languages/i18n/qqq.json b/languages/i18n/qqq.json index ddf544bce7..cbcfbfd7d5 100644 --- a/languages/i18n/qqq.json +++ b/languages/i18n/qqq.json @@ -1372,6 +1372,7 @@ "right-ipblock-exempt": "{{doc-right|ipblock-exempt}}\nThis user automatically bypasses IP blocks, auto-blocks and range blocks - so I presume - but I am uncertain", "right-unblockself": "{{doc-right|unblockself}}", "right-protect": "{{doc-right|protect}}", + "right-editcascadeprotected": "{{doc-right|editcascadeprotected}}", "right-editprotected": "{{doc-right|editprotected}}\nRefers to {{msg-mw|Protect-level-sysop}}.\n\nSee also:\n* {{msg-mw|Right-editsemiprotected}}", "right-editsemiprotected": "{{doc-right|editsemiprotected}}\nRefers to {{msg-mw|Protect-level-autoconfirmed}}.\n\nSee also:\n* {{msg-mw|Right-editprotected}}", "right-editcontentmodel": "{{doc-right|editcontentmodel}}", diff --git a/tests/phpunit/includes/TitlePermissionTest.php b/tests/phpunit/includes/TitlePermissionTest.php index 5ecdf56134..18c6ee2219 100644 --- a/tests/phpunit/includes/TitlePermissionTest.php +++ b/tests/phpunit/includes/TitlePermissionTest.php @@ -633,7 +633,7 @@ class TitlePermissionTest extends MediaWikiLangTestCase { Title::makeTitle( NS_MAIN, "UnBogus" ) ]; $this->title->mCascadingRestrictions = [ - "bogus" => [ 'bogus', "sysop", "protect", "" ] + "bogus" => [ 'bogus', "sysop", "editcascadeprotected", "protect", "" ] ]; $this->assertEquals( false, -- 2.20.1