From 7d0d041b428b1bcefc08933c09684fbdda604814 Mon Sep 17 00:00:00 2001 From: Kunal Mehta Date: Mon, 18 Aug 2014 11:13:25 -0700 Subject: [PATCH] SpecialUndelete: Check permissions on a per-page basis This will allow for hooks related to Title::userCan to grant or revoke permissions based on the specific page or namespace. Bug: 14801 Change-Id: I02d8eb91cc5daff6e70b0dea3d2f58ed5fbfcf81 --- includes/filerepo/file/ArchivedFile.php | 3 +- includes/specialpage/SpecialPage.php | 2 +- includes/specials/SpecialUndelete.php | 39 ++++++++++++++++++++----- 3 files changed, 34 insertions(+), 10 deletions(-) diff --git a/includes/filerepo/file/ArchivedFile.php b/includes/filerepo/file/ArchivedFile.php index effa3eeb70..5b0d8e2baa 100644 --- a/includes/filerepo/file/ArchivedFile.php +++ b/includes/filerepo/file/ArchivedFile.php @@ -578,6 +578,7 @@ class ArchivedFile { public function userCan( $field, User $user = null ) { $this->load(); - return Revision::userCanBitfield( $this->deleted, $field, $user ); + $title = $this->getTitle(); + return Revision::userCanBitfield( $this->deleted, $field, $user, $title ? : null ); } } diff --git a/includes/specialpage/SpecialPage.php b/includes/specialpage/SpecialPage.php index 8fc28f88ce..c0a94af1a0 100644 --- a/includes/specialpage/SpecialPage.php +++ b/includes/specialpage/SpecialPage.php @@ -39,7 +39,7 @@ class SpecialPage { // Minimum user level required to access this page, or "" for anyone. // Also used to categorise the pages in Special:Specialpages - private $mRestriction; + protected $mRestriction; // Listed in Special:Specialpages? private $mListed; diff --git a/includes/specials/SpecialUndelete.php b/includes/specials/SpecialUndelete.php index 8acf8a2bc9..cfadddb292 100644 --- a/includes/specials/SpecialUndelete.php +++ b/includes/specials/SpecialUndelete.php @@ -720,10 +720,10 @@ class SpecialUndelete extends SpecialPage { $this->mUnsuppress = $request->getVal( 'wpUnsuppress' ) && $user->isAllowed( 'suppressrevision' ); $this->mToken = $request->getVal( 'token' ); - if ( $user->isAllowed( 'undelete' ) && !$user->isBlocked() ) { + if ( $this->isAllowed( 'undelete' ) && !$user->isBlocked() ) { $this->mAllowed = true; // user can restore $this->mCanView = true; // user can view content - } elseif ( $user->isAllowed( 'deletedtext' ) ) { + } elseif ( $this->isAllowed( 'deletedtext' ) ) { $this->mAllowed = false; // user cannot restore $this->mCanView = true; // user can view content $this->mRestore = false; @@ -752,14 +752,35 @@ class SpecialUndelete extends SpecialPage { } } + /** + * Checks whether a user is allowed the permission for the + * specific title if one is set. + * + * @param string $permission + * @param User $user + * @return bool + */ + private function isAllowed( $permission, User $user = null ) { + $user = $user ? : $this->getUser(); + if ( $this->mTargetObj !== null ) { + return $this->mTargetObj->userCan( $permission, $user ); + } else { + return $user->isAllowed( $permission ); + } + } + + function userCanExecute( User $user ) { + return $this->isAllowed( $this->mRestriction, $user ); + } + function execute( $par ) { - $this->checkPermissions(); $user = $this->getUser(); $this->setHeaders(); $this->outputHeader(); $this->loadRequest( $par ); + $this->checkPermissions(); // Needs to be after mTargetObj is set $out = $this->getOutput(); @@ -1458,12 +1479,14 @@ class SpecialUndelete extends SpecialPage { $ts = wfTimestamp( TS_MW, $row->fa_timestamp ); $user = $this->getUser(); - if ( $this->mAllowed && $row->fa_storage_key ) { - $checkBox = Xml::check( 'fileid' . $row->fa_id ); + $checkBox = ''; + if ( $this->mCanView && $row->fa_storage_key ) { + if ( $this->mAllowed ) { + $checkBox = Xml::check( 'fileid' . $row->fa_id ); + } $key = urlencode( $row->fa_storage_key ); $pageLink = $this->getFileLink( $file, $this->getPageTitle(), $ts, $key ); } else { - $checkBox = ''; $pageLink = $this->getLanguage()->userTimeAndDate( $ts, $user ); } $userLink = $this->getFileUser( $file ); @@ -1475,8 +1498,8 @@ class SpecialUndelete extends SpecialPage { $comment = $this->getFileComment( $file ); // Add show/hide deletion links if available - $canHide = $user->isAllowed( 'deleterevision' ); - if ( $canHide || ( $file->getVisibility() && $user->isAllowed( 'deletedhistory' ) ) ) { + $canHide = $this->isAllowed( 'deleterevision' ); + if ( $canHide || ( $file->getVisibility() && $this->isAllowed( 'deletedhistory' ) ) ) { if ( !$file->userCan( File::DELETED_RESTRICTED, $user ) ) { // Revision was hidden from sysops $revdlink = Linker::revDeleteLinkDisabled( $canHide ); -- 2.20.1