* Instead of hiding read-restricted modules, throw an error when a user without read rights tries to use them
* Do the same for write modules when $wgEnableWriteAPI is false
* Indicate whether a module needs read or write rights in action=help and action=paraminfo
* BREAKING CHANGE: action=purge now requires write rights and, for anonymous users, a POST request
conversion rules
* (bug 17795) Don't report views count on meta=siteinfo if $wgDisableCounters
is set
+* (bug 17774) Don't hide read-restricted modules like action=query from users
+ without read rights, but throw an error when they try to use them.
+* Don't hide write modules when $wgEnableWriteAPI is false, but throw an error
+ when someone tries to use them
+* BREAKING CHANGE: action=purge requires write rights and, for anonymous users,
+ a POST request
=== Languages updated in 1.15 ===
);
$msg = $lnPrfx . implode($lnPrfx, $msg) . "\n";
+ if ($this->isReadMode())
+ $msg .= "\nThis module requires read rights.";
+ if ($this->isWriteMode())
+ $msg .= "\nThis module requires write rights.";
if ($this->mustBePosted())
- $msg .= "\nThis module only accepts POST requests.\n";
+ $msg .= "\nThis module only accepts POST requests.";
+ if ($this->isReadMode() || $this->isWriteMode() ||
+ $this->mustBePosted())
+ $msg .= "\n";
// Parameters
$paramsMsg = $this->makeHelpMsgParameters();
'movenotallowedfile' => array('code' => 'cantmovefile', 'info' => "You don't have permission to move files"),
// API-specific messages
+ 'readrequired' => array('code' => 'readapidenied', 'info' => "You need read permission to use this module"),
+ 'writedisabled' => array('code' => 'noapiwrite', 'info' => "Editing of this wiki through the API is disabled. Make sure the \$wgEnableWriteAPI=true; statement is included in the wiki's LocalSettings.php file"),
+ 'writerequired' => array('code' => 'writeapidenied', 'info' => "You're not allowed to edit this wiki through the API"),
'missingparam' => array('code' => 'no$1', 'info' => "The \$1 parameter must be set"),
'invalidtitle' => array('code' => 'invalidtitle', 'info' => "Bad title ``\$1''"),
'nosuchpageid' => array('code' => 'nosuchpageid', 'info' => "There is no page with ID \$1"),
}
/**
- * Indicates if this module requires edit mode
+ * Indicates whether this module requires read rights
* @return bool
*/
- public function isEditMode() {
+ public function isReadMode() {
+ return true;
+ }
+ /**
+ * Indicates whether this module requires write mode
+ * @return bool
+ */
+ public function isWriteMode() {
return false;
}
*/
public function execute() {
global $wgUser, $wgBlockAllowsUTEdit;
- $this->getMain()->requestWriteMode();
$params = $this->extractRequestParams();
if($params['gettoken'])
public function mustBePosted() { return true; }
+ public function isWriteMode() {
+ return true;
+ }
+
public function getAllowedParams() {
return array (
'user' => null,
*/
public function execute() {
global $wgUser;
- $this->getMain()->requestWriteMode();
$params = $this->extractRequestParams();
$this->requireOnlyOneParameter($params, 'title', 'pageid');
public function mustBePosted() { return true; }
+ public function isWriteMode() {
+ return true;
+ }
+
public function getAllowedParams() {
return array (
'title' => null,
$this->dieUsage("The ``{$this->getModuleName()}'' module has been disabled.", 'moduledisabled');
}
+ public function isReadMode() {
+ return false;
+ }
+
public function getAllowedParams() {
return array ();
}
public function execute() {
global $wgUser;
- $this->getMain()->requestWriteMode();
-
$params = $this->extractRequestParams();
if(is_null($params['title']))
$this->dieUsageMsg(array('missingparam', 'title'));
return true;
}
+ public function isWriteMode() {
+ return true;
+ }
+
protected function getDescription() {
return 'Create and edit pages.';
}
public function execute() {
global $wgUser;
-
// Check whether email is enabled
if ( !EmailUserForm::userEmailEnabled() )
$this->dieUsageMsg( array( 'usermaildisabled' ) );
-
- $this->getMain()->requestWriteMode();
+
$params = $this->extractRequestParams();
-
// Check required parameters
if ( !isset( $params['target'] ) )
$this->dieUsageMsg( array( 'missingparam', 'target' ) );
public function mustBePosted() { return true; }
+ public function isWriteMode() {
+ return true;
+ }
+
public function getAllowedParams() {
return array (
'target' => null,
return false;
}
+ public function isReadMode() {
+ return false;
+ }
+
public function getDescription() {
return array (
'Display this help screen.'
public function execute() {
global $wgUser;
- $this->getMain()->requestWriteMode();
if(!$wgUser->isAllowed('import'))
$this->dieUsageMsg(array('cantimport'));
$params = $this->extractRequestParams();
public function mustBePosted() { return true; }
+ public function isWriteMode() {
+ return true;
+ }
+
public function getAllowedParams() {
global $wgImportSources;
return array (
public function mustBePosted() { return true; }
+ public function isReadMode() {
+ return false;
+ }
+
public function getAllowedParams() {
return array (
'name' => null,
wfRunHooks( 'UserLogoutComplete', array(&$wgUser, &$injected_html, $oldName) );
}
+ public function isReadMode() {
+ return false;
+ }
+
public function getAllowedParams() {
return array ();
}
'feedwatchlist' => 'ApiFeedWatchlist',
'help' => 'ApiHelp',
'paraminfo' => 'ApiParamInfo',
- 'purge' => 'ApiPurge',
- );
- private static $WriteModules = array (
+ // Write modules
+ 'purge' => 'ApiPurge',
'rollback' => 'ApiRollback',
'delete' => 'ApiDelete',
'undelete' => 'ApiUndelete',
wfDebug( "API: stripping user credentials for JSON callback\n" );
$wgUser = new User();
}
-
- if (!$wgUser->isAllowed('read')) {
- self::$Modules = array(
- 'login' => self::$Modules['login'],
- 'logout' => self::$Modules['logout'],
- 'help' => self::$Modules['help'],
- );
- }
}
- global $wgAPIModules, $wgEnableWriteAPI; // extension modules
+ global $wgAPIModules; // extension modules
$this->mModules = $wgAPIModules + self :: $Modules;
- if($wgEnableWriteAPI)
- $this->mModules += self::$WriteModules;
$this->mModuleNames = array_keys($this->mModules);
$this->mFormats = self :: $Formats;
return $this->mResult;
}
- /**
- * This method will simply cause an error if the write mode was disabled
- * or if the current user doesn't have the right to use it
- */
- public function requestWriteMode() {
- global $wgUser;
- if (!$this->mEnableWrite)
- $this->dieUsage('Editing of this wiki through the API' .
- ' is disabled. Make sure the $wgEnableWriteAPI=true; ' .
- 'statement is included in the wiki\'s ' .
- 'LocalSettings.php file', 'noapiwrite');
- if (!$wgUser->isAllowed('writeapi'))
- $this->dieUsage('You\'re not allowed to edit this ' .
- 'wiki through the API', 'writeapidenied');
- if (wfReadOnly())
- $this->dieUsageMsg(array('readonlytext'));
- }
-
/**
* Set how long the response should be cached.
*/
}
}
+ global $wgUser;
+ if ($module->isReadMode() && !$wgUser->isAllowed('read'))
+ $this->dieUsageMsg(array('readrequired'));
+ if ($module->isWriteMode()) {
+ if (!$this->mEnableWrite)
+ $this->dieUsageMsg(array('writedisabled'));
+ if (!$wgUser->isAllowed('writeapi'))
+ $this->dieUsageMsg(array('writerequired'));
+ if (wfReadOnly())
+ $this->dieUsageMsg(array('readonlytext'));
+ }
+
if (!$this->mInternalMode) {
// Ignore mustBePosted() for internal calls
if($module->mustBePosted() && !$this->mRequest->wasPosted())
$printer->closePrinter();
$printer->profileOut();
}
+
+ public function isReadMode() {
+ return false;
+ }
/**
* See ApiBase for description.
public function execute() {
global $wgUser;
- $this->getMain()->requestWriteMode();
$params = $this->extractRequestParams();
if(is_null($params['reason']))
$params['reason'] = '';
public function mustBePosted() { return true; }
+ public function isWriteMode() {
+ return true;
+ }
+
public function getAllowedParams() {
return array (
'from' => null,
$retval['classname'] = get_class($obj);
$retval['description'] = (is_array($obj->getDescription()) ? implode("\n", $obj->getDescription()) : $obj->getDescription());
$retval['prefix'] = $obj->getModulePrefix();
+ if($obj->isReadMode())
+ $retval['readrights'] = '';
+ if($obj->isWriteMode())
+ $retval['writerights'] = '';
+ if($obj->mustBePosted())
+ $retval['mustbeposted'] = '';
$allowedParams = $obj->getFinalParams();
if(!is_array($allowedParams))
return $retval;
return $retval;
}
+ public function isReadMode() {
+ return false;
+ }
+
public function getAllowedParams() {
return array (
'modules' => array(
*/
public function execute() {
global $wgUser, $wgUseRCPatrol, $wgUseNPPatrol;
- $this->getMain()->requestWriteMode();
$params = $this->extractRequestParams();
if(!isset($params['token']))
$this->getResult()->addValue(null, $this->getModuleName(), $result);
}
+ public function getWriteMode() {
+ return true;
+ }
+
public function getAllowedParams() {
return array (
'token' => null,
public function execute() {
global $wgUser, $wgRestrictionTypes, $wgRestrictionLevels;
- $this->getMain()->requestWriteMode();
$params = $this->extractRequestParams();
$titleObj = NULL;
public function mustBePosted() { return true; }
+ public function isWriteMode() {
+ return true;
+ }
+
public function getAllowedParams() {
return array (
'title' => null,
$this->getResult()->addValue(null, $this->getModuleName(), $result);
}
+ public function mustBePosted() {
+ global $wgUser;
+ return $wgUser->isAnon();
+ }
+
+ public function isWriteMode() {
+ return true;
+ }
+
public function getAllowedParams() {
return array (
'titles' => array(
}
public function execute() {
- $this->getMain()->requestWriteMode();
$params = $this->extractRequestParams();
$titleObj = NULL;
public function mustBePosted() { return true; }
+ public function isWriteMode() {
+ return true;
+ }
+
public function getAllowedParams() {
return array (
'title' => null,
*/
public function execute() {
global $wgUser;
- $this->getMain()->requestWriteMode();
$params = $this->extractRequestParams();
if($params['gettoken'])
public function mustBePosted() { return true; }
+ public function isWriteMode() {
+ return true;
+ }
+
public function getAllowedParams() {
return array (
'id' => null,
public function execute() {
global $wgUser;
- $this->getMain()->requestWriteMode();
$params = $this->extractRequestParams();
$titleObj = NULL;
public function mustBePosted() { return true; }
+ public function isWriteMode() {
+ return true;
+ }
+
public function getAllowedParams() {
return array (
'title' => null,
public function execute() {
global $wgUser;
- $this->getMain()->requestWriteMode();
if(!$wgUser->isLoggedIn())
$this->dieUsage('You must be logged-in to have a watchlist', 'notloggedin');
$params = $this->extractRequestParams();
$this->getResult()->addValue(null, $this->getModuleName(), $res);
}
+ public function isWriteMode() {
+ return true;
+ }
+
public function getAllowedParams() {
return array (
'title' => null,