(bug 18408) All required permissions for uploading (upload, edit, create) are now...

Found out that UploadBase::isAllowed is a totally inappropriate name for what it is returning. That should perhaps be changed before 1.16 is released.

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index a53c88d..287fbd1 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -142,6 +142,9 @@ in a negative namespace (which is invalid).
   correct link
 * (bug 23284) Times are now rounded correctly
 * (bug 23375) Added ogv, oga, spx as extensions for ogg files 
+* (bug 18408) All required permissions for uploading (upload, edit, create) 
+  are now checked when loading Special:Upload. Toolbar link for Special:Upload
+  is no longer shown if the user does not have the required permissions.
 
 === API changes in 1.17 ===
 * (bug 22738) Allow filtering by action type on query=logevent

diff --git a/includes/SkinTemplate.php b/includes/SkinTemplate.php
index 32b6474..e049f57 100644 (file)
--- a/includes/SkinTemplate.php
+++ b/includes/SkinTemplate.php
@@ -877,7 +877,7 @@ class SkinTemplate extends Skin {
                $nav_urls['mainpage'] = array( 'href' => self::makeMainPageUrl() );
                if( $wgUploadNavigationUrl ) {
                        $nav_urls['upload'] = array( 'href' => $wgUploadNavigationUrl );
-               } elseif( $wgEnableUploads && $wgUser->isAllowed( 'upload' ) ) {
+               } elseif( UploadBase::isEnabled() && UploadBase::isAllowed( $wgUser ) === true ) {
                        $nav_urls['upload'] = array( 'href' => self::makeSpecialUrl( 'Upload' ) );
                } else {
                        $nav_urls['upload'] = false;

diff --git a/includes/specials/SpecialUpload.php b/includes/specials/SpecialUpload.php
index 2679a57..6a54294 100644 (file)
--- a/includes/specials/SpecialUpload.php
+++ b/includes/specials/SpecialUpload.php
@@ -130,13 +130,14 @@ class SpecialUpload extends SpecialPage {
 
                # Check permissions
                global $wgGroupPermissions;
-               if( !$wgUser->isAllowed( 'upload' ) ) {
+               $permissionRequired = UploadBase::isAllowed( $wgUser );
+               if( $permissionRequired !== true ) {
                        if( !$wgUser->isLoggedIn() && ( $wgGroupPermissions['user']['upload']
                                || $wgGroupPermissions['autoconfirmed']['upload'] ) ) {
                                // Custom message if logged-in users without any special rights can upload
                                $wgOut->showErrorPage( 'uploadnologin', 'uploadnologintext' );
                        } else {
-                               $wgOut->permissionRequired( 'upload' );
+                               $wgOut->permissionRequired( $permissionRequired );
                        }
                        return;
                }

diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php
index bf88de5..5518883 100644 (file)
--- a/includes/upload/UploadBase.php
+++ b/includes/upload/UploadBase.php
@@ -77,14 +77,24 @@ abstract class UploadBase {
                return true;
        }
 
+       /**
+        * Returns an array of permissions that is required to upload a file
+        * 
+        * @return array
+        */
+       public static function getRequiredPermissions() {
+               return array( 'upload', 'create', 'edit' );
+       }
        /**
         * Returns true if the user can use this upload module or else a string
         * identifying the missing permission.
         * Can be overriden by subclasses.
         */
        public static function isAllowed( $user ) {
-               if( !$user->isAllowed( 'upload' ) ) {
-                       return 'upload';
+               foreach ( self::getRequiredPermissions as $permission ) {
+                       if ( !$user->isAllowed( $permission ) ) {
+                               return $permission;
+                       }
                }
                return true;
        }