These are needed for OAuth grants.
Change-Id: I52f8e4a5cb48573cb2dbc26fc508e61a95d748c3
* $wgDBOracleDRCP added. True enables persistent connection with DRCP on Oracle.
* $wgLogAutopatrol added to allow disabling logging of autopatrol edits in the logging table.
default for $wgLogAutopatrol is true.
+* The 'edit' right no longer allows for editing a user's own CSS and JS.
+* New rights 'editmyusercss' and 'editmyuserjs' restrict actions that were
+ formerly allowed by default. They have been added to the default for
+ $wgGroupPermissions['*'].
=== New features in 1.22 ===
* (bug 44525) mediawiki.jqueryMsg can now parse (whitelisted) HTML elements and attributes.
* LinkCache singleton can now be altered or cleared, letting one to specify
another instance that does not rely on a database backend.
* MediaWiki's PHPUnit tests can now use PHPUnit installed using composer --dev.
+* New user rights have been added to increase granularity in rights management
+ for extensions such as OAuth:
+** editmyusercss controls whether a user may edit their own CSS subpages.
+** editmyuserjs controls whether a user may edit their own JS subpages.
=== Bug fixes in 1.22 ===
* Disable Special:PasswordReset when $wgEnableEmail is false. Previously one
sajax_do_call and wfSupportsAjax.
* BREAKING CHANGE: meta keywords are no longer supported. A <meta name="keywords"
will no longer be output and OutputPage::addKeyword no longer exists.
+* Methods Title::userCanEditCssSubpage and Title::userCanEditJsSubpage,
+ deprecated since 1.19, have been removed.
== Compatibility ==
$wgGroupPermissions['*']['createpage'] = true;
$wgGroupPermissions['*']['createtalk'] = true;
$wgGroupPermissions['*']['writeapi'] = true;
+$wgGroupPermissions['*']['editmyusercss'] = true;
+$wgGroupPermissions['*']['editmyuserjs'] = true;
#$wgGroupPermissions['*']['patrolmarks'] = false; // let anons see what was patrolled
// Implicit group for all logged-in accounts
# Protect css/js subpages of user pages
# XXX: this might be better using restrictions
# XXX: right 'editusercssjs' is deprecated, for backward compatibility only
- if ( $action != 'patrol' && !$user->isAllowed( 'editusercssjs' )
- && !preg_match( '/^' . preg_quote( $user->getName(), '/' ) . '\//', $this->mTextform ) ) {
- if ( $this->isCssSubpage() && !$user->isAllowed( 'editusercss' ) ) {
- $errors[] = array( 'customcssprotected' );
- } elseif ( $this->isJsSubpage() && !$user->isAllowed( 'edituserjs' ) ) {
- $errors[] = array( 'customjsprotected' );
+ if ( $action != 'patrol' && !$user->isAllowed( 'editusercssjs' ) ) {
+ if ( preg_match( '/^' . preg_quote( $user->getName(), '/' ) . '\//', $this->mTextform ) ) {
+ if ( $this->isCssSubpage() && !$user->isAllowedAny( 'editmyusercss', 'editusercss' ) ) {
+ $errors[] = array( 'mycustomcssprotected' );
+ } elseif ( $this->isJsSubpage() && !$user->isAllowedAny( 'editmyuserjs', 'edituserjs' ) ) {
+ $errors[] = array( 'mycustomjsprotected' );
+ }
+ } else {
+ if ( $this->isCssSubpage() && !$user->isAllowed( 'editusercss' ) ) {
+ $errors[] = array( 'customcssprotected' );
+ } elseif ( $this->isJsSubpage() && !$user->isAllowed( 'edituserjs' ) ) {
+ $errors[] = array( 'customjsprotected' );
+ }
}
}
return $errors;
}
- /**
- * Protect css subpages of user pages: can $wgUser edit
- * this page?
- *
- * @deprecated in 1.19; use getUserPermissionsErrors() instead.
- * @return Bool
- */
- public function userCanEditCssSubpage() {
- global $wgUser;
- wfDeprecated( __METHOD__, '1.19' );
- return ( ( $wgUser->isAllowedAll( 'editusercssjs', 'editusercss' ) )
- || preg_match( '/^' . preg_quote( $wgUser->getName(), '/' ) . '\//', $this->mTextform ) );
- }
-
- /**
- * Protect js subpages of user pages: can $wgUser edit
- * this page?
- *
- * @deprecated in 1.19; use getUserPermissionsErrors() instead.
- * @return Bool
- */
- public function userCanEditJsSubpage() {
- global $wgUser;
- wfDeprecated( __METHOD__, '1.19' );
- return (
- ( $wgUser->isAllowedAll( 'editusercssjs', 'edituserjs' ) )
- || preg_match( '/^' . preg_quote( $wgUser->getName(), '/' ) . '\//', $this->mTextform )
- );
- }
-
/**
* Get a filtered list of all restriction types supported by this wiki.
* @param bool $exists True to get all restriction types that apply to
'edit',
'editinterface',
'editprotected',
+ 'editmyusercss',
+ 'editmyuserjs',
'editusercssjs', #deprecated
'editusercss',
'edituserjs',
'namespaceprotected' => "You do not have permission to edit pages in the '''$1''' namespace.",
'customcssprotected' => "You do not have permission to edit this CSS page because it contains another user's personal settings.",
'customjsprotected' => "You do not have permission to edit this JavaScript page because it contains another user's personal settings.",
+'mycustomcssprotected' => "You do not have permission to edit this CSS page.",
+'mycustomjsprotected' => "You do not have permission to edit this JavaScript page.",
'ns-specialprotected' => 'Special pages cannot be edited.',
'titleprotected' => 'This title has been protected from creation by [[User:$1|$1]].
The reason given is "\'\'$2\'\'".',
'right-editusercssjs' => "Edit other users' CSS and JavaScript files",
'right-editusercss' => "Edit other users' CSS files",
'right-edituserjs' => "Edit other users' JavaScript files",
+'right-editmyusercss' => "Edit your own user CSS files",
+'right-editmyuserjs' => "Edit your own user JavaScript files",
'right-rollback' => 'Quickly rollback the edits of the last user who edited a particular page',
'right-markbotedits' => 'Mark rolled-back edits as bot edits',
'right-noratelimit' => 'Not be affected by rate limits',
'namespaceprotected' => '* $1 - namespace name',
'customcssprotected' => 'Used as error message.',
'customjsprotected' => 'Used as error message.',
+'mycustomcssprotected' => 'Used as error message.',
+'mycustomjsprotected' => 'Used as error message.',
'ns-specialprotected' => 'Error message displayed when trying to edit a page in the Special namespace',
'titleprotected' => 'Use $1 for GENDER.',
'filereadonlyerror' => 'Parameters:
'right-editusercssjs' => '{{doc-right|editusercssjs}}',
'right-editusercss' => '{{doc-right|editusercss}}',
'right-edituserjs' => '{{doc-right|edituserjs}}',
+'right-editmyusercss' => '{{doc-right|editmyusercss}}',
+'right-editmyuserjs' => '{{doc-right|editmyuserjs}}',
'right-rollback' => '{{doc-right|rollback}}
{{Identical|Rollback}}',
'right-markbotedits' => '{{doc-right|markbotedits}}
editintro
edititis
editlink
+editmyusercss
+editmyuserjs
editnotice
editnotsupported
editondblclick
'namespaceprotected',
'customcssprotected',
'customjsprotected',
+ 'mycustomcssprotected',
+ 'mycustomjsprotected',
'ns-specialprotected',
'titleprotected',
'filereadonlyerror',
'right-editusercssjs',
'right-editusercss',
'right-edituserjs',
+ 'right-editmyusercss',
+ 'right-editmyuserjs',
'right-rollback',
'right-markbotedits',
'right-noratelimit',
function testCssAndJavascriptPermissions() {
$this->setUser( $this->userName );
+ $this->setTitle( NS_USER, $this->userName . '/test.js' );
+ $this->runCSSandJSPermissions(
+ array( array( 'badaccess-group0' ), array( 'mycustomjsprotected' ) ),
+ array( array( 'badaccess-group0' ), array( 'mycustomjsprotected' ) ),
+ array( array( 'badaccess-group0' ) ),
+ array( array( 'badaccess-group0' ), array( 'mycustomjsprotected' ) ),
+ array( array( 'badaccess-group0' ) )
+ );
+
+ $this->setTitle( NS_USER, $this->userName . '/test.css' );
+ $this->runCSSandJSPermissions(
+ array( array( 'badaccess-group0' ), array( 'mycustomcssprotected' ) ),
+ array( array( 'badaccess-group0' ) ),
+ array( array( 'badaccess-group0' ), array( 'mycustomcssprotected' ) ),
+ array( array( 'badaccess-group0' ) ),
+ array( array( 'badaccess-group0' ), array( 'mycustomcssprotected' ) )
+ );
+
$this->setTitle( NS_USER, $this->altUserName . '/test.js' );
$this->runCSSandJSPermissions(
array( array( 'badaccess-group0' ), array( 'customjsprotected' ) ),
array( array( 'badaccess-group0' ), array( 'customjsprotected' ) ),
- array( array( 'badaccess-group0' ) ) );
+ array( array( 'badaccess-group0' ), array( 'customjsprotected' ) ),
+ array( array( 'badaccess-group0' ), array( 'customjsprotected' ) ),
+ array( array( 'badaccess-group0' ) )
+ );
$this->setTitle( NS_USER, $this->altUserName . '/test.css' );
$this->runCSSandJSPermissions(
+ array( array( 'badaccess-group0' ), array( 'customcssprotected' ) ),
+ array( array( 'badaccess-group0' ), array( 'customcssprotected' ) ),
array( array( 'badaccess-group0' ), array( 'customcssprotected' ) ),
array( array( 'badaccess-group0' ) ),
- array( array( 'badaccess-group0' ), array( 'customcssprotected' ) ) );
+ array( array( 'badaccess-group0' ), array( 'customcssprotected' ) )
+ );
$this->setTitle( NS_USER, $this->altUserName . '/tempo' );
$this->runCSSandJSPermissions(
array( array( 'badaccess-group0' ) ),
array( array( 'badaccess-group0' ) ),
- array( array( 'badaccess-group0' ) ) );
+ array( array( 'badaccess-group0' ) ),
+ array( array( 'badaccess-group0' ) ),
+ array( array( 'badaccess-group0' ) )
+ );
}
- function runCSSandJSPermissions( $result0, $result1, $result2 ) {
+ function runCSSandJSPermissions( $result0, $result1, $result2, $result3, $result4 ) {
$this->setUserPerm( '' );
$this->assertEquals( $result0,
$this->title->getUserPermissionsErrors( 'bogus',
$this->user ) );
- $this->setUserPerm( 'editusercss' );
+ $this->setUserPerm( 'editmyusercss' );
$this->assertEquals( $result1,
$this->title->getUserPermissionsErrors( 'bogus',
$this->user ) );
- $this->setUserPerm( 'edituserjs' );
+ $this->setUserPerm( 'editmyuserjs' );
$this->assertEquals( $result2,
$this->title->getUserPermissionsErrors( 'bogus',
$this->user ) );
+ $this->setUserPerm( 'editusercss' );
+ $this->assertEquals( $result3,
+ $this->title->getUserPermissionsErrors( 'bogus',
+ $this->user ) );
+
+ $this->setUserPerm( 'edituserjs' );
+ $this->assertEquals( $result4,
+ $this->title->getUserPermissionsErrors( 'bogus',
+ $this->user ) );
+
$this->setUserPerm( 'editusercssjs' );
$this->assertEquals( array( array( 'badaccess-group0' ) ),
$this->title->getUserPermissionsErrors( 'bogus',