Found out that UploadBase::isAllowed is a totally inappropriate name for what it is returning. That should perhaps be changed before 1.16 is released.
correct link
* (bug 23284) Times are now rounded correctly
* (bug 23375) Added ogv, oga, spx as extensions for ogg files
+* (bug 18408) All required permissions for uploading (upload, edit, create)
+ are now checked when loading Special:Upload. Toolbar link for Special:Upload
+ is no longer shown if the user does not have the required permissions.
=== API changes in 1.17 ===
* (bug 22738) Allow filtering by action type on query=logevent
$nav_urls['mainpage'] = array( 'href' => self::makeMainPageUrl() );
if( $wgUploadNavigationUrl ) {
$nav_urls['upload'] = array( 'href' => $wgUploadNavigationUrl );
- } elseif( $wgEnableUploads && $wgUser->isAllowed( 'upload' ) ) {
+ } elseif( UploadBase::isEnabled() && UploadBase::isAllowed( $wgUser ) === true ) {
$nav_urls['upload'] = array( 'href' => self::makeSpecialUrl( 'Upload' ) );
} else {
$nav_urls['upload'] = false;
# Check permissions
global $wgGroupPermissions;
- if( !$wgUser->isAllowed( 'upload' ) ) {
+ $permissionRequired = UploadBase::isAllowed( $wgUser );
+ if( $permissionRequired !== true ) {
if( !$wgUser->isLoggedIn() && ( $wgGroupPermissions['user']['upload']
|| $wgGroupPermissions['autoconfirmed']['upload'] ) ) {
// Custom message if logged-in users without any special rights can upload
$wgOut->showErrorPage( 'uploadnologin', 'uploadnologintext' );
} else {
- $wgOut->permissionRequired( 'upload' );
+ $wgOut->permissionRequired( $permissionRequired );
}
return;
}
return true;
}
+ /**
+ * Returns an array of permissions that is required to upload a file
+ *
+ * @return array
+ */
+ public static function getRequiredPermissions() {
+ return array( 'upload', 'create', 'edit' );
+ }
/**
* Returns true if the user can use this upload module or else a string
* identifying the missing permission.
* Can be overriden by subclasses.
*/
public static function isAllowed( $user ) {
- if( !$user->isAllowed( 'upload' ) ) {
- return 'upload';
+ foreach ( self::getRequiredPermissions as $permission ) {
+ if ( !$user->isAllowed( $permission ) ) {
+ return $permission;
+ }
}
return true;
}