$user = $this->context->getUser();
$title = Title::newFromText( $preload );
+
# Check for existence to avoid getting MediaWiki:Noarticletext
- if ( $title === null || !$title->exists() || !$title->userCan( 'read', $user ) ) {
+ if ( !$this->isPageExistingAndViewable( $title, $user ) ) {
// TODO: somehow show a warning to the user!
return $handler->makeEmptyContent();
}
if ( $page->isRedirect() ) {
$title = $page->getRedirectTarget();
# Same as before
- if ( $title === null || !$title->exists() || !$title->userCan( 'read', $user ) ) {
+ if ( !$this->isPageExistingAndViewable( $title, $user ) ) {
// TODO: somehow show a warning to the user!
return $handler->makeEmptyContent();
}
return $content->preloadTransform( $title, $parserOptions, $params );
}
+ /**
+ * Verify if a given title exists and the given user is allowed to view it
+ *
+ * @see EditPage::getPreloadedContent()
+ * @param Title|null $title
+ * @param User $user
+ * @return bool
+ * @throws Exception
+ */
+ private function isPageExistingAndViewable( $title, User $user ) {
+ $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
+
+ return $title && $title->exists() && $permissionManager->userCan( 'read', $user, $title );
+ }
+
/**
* Make sure the form isn't faking a user's credentials.
*
}
}
+ $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
+
$changingContentModel = false;
if ( $this->contentModel !== $this->mTitle->getContentModel() ) {
if ( !$config->get( 'ContentHandlerUseDB' ) ) {
// Make sure the user can edit the page under the new content model too
$titleWithNewContentModel = clone $this->mTitle;
$titleWithNewContentModel->setContentModel( $this->contentModel );
- if ( !$titleWithNewContentModel->userCan( 'editcontentmodel', $user )
- || !$titleWithNewContentModel->userCan( 'edit', $user )
+
+ $canEditModel = $permissionManager->userCan(
+ 'editcontentmodel',
+ $user,
+ $titleWithNewContentModel
+ );
+
+ if (
+ !$canEditModel
+ || !$permissionManager->userCan( 'edit', $user, $titleWithNewContentModel )
) {
$status->setResult( false, self::AS_NO_CHANGE_CONTENT_MODEL );
+
return $status;
}
if ( $new ) {
// Late check for create permission, just in case *PARANOIA*
- if ( !$this->mTitle->userCan( 'create', $user ) ) {
+ if ( !$permissionManager->userCan( 'create', $user, $this->mTitle ) ) {
$status->fatal( 'nocreatetext' );
$status->value = self::AS_NO_CREATE_PERMISSION;
wfDebug( __METHOD__ . ": no create permission\n" );
protected function showCustomIntro() {
if ( $this->editintro ) {
$title = Title::newFromText( $this->editintro );
- if ( $title instanceof Title && $title->exists() && $title->userCan( 'read' ) ) {
+ if ( $this->isPageExistingAndViewable( $title, $this->context->getUser() ) ) {
// Added using template syntax, to take <noinclude>'s into account.
$this->context->getOutput()->addWikiTextAsContent(
'<div class="mw-editintro">{{:' . $title->getFullText() . '}}</div>',
* @covers EditPage
*/
public function testCheckDirectEditingDisallowed_forNonTextContent() {
- $title = Title::newFromText( 'Dummy:NonTextPageForEditPage' );
- $page = WikiPage::factory( $title );
-
- $article = new Article( $title );
- $article->getContext()->setTitle( $title );
- $ep = new EditPage( $article );
- $ep->setContextTitle( $title );
-
$user = $GLOBALS['wgUser'];
$edit = [
'wpUnicodeCheck' => EditPage::UNICODE_CHECK,
];
- $req = new FauxRequest( $edit, true );
- $ep->importFormData( $req );
-
$this->setExpectedException(
MWException::class,
'This content model is not supported: testing'
);
- $ep->internalAttemptSave( $result, false );
+ $this->doEditDummyNonTextPage( $edit );
+ }
+
+ /** @covers EditPage */
+ public function testShouldPreventChangingContentModelWhenUserCannotChangeModelForTitle() {
+ $this->setTemporaryHook( 'getUserPermissionsErrors',
+ function ( Title $page, $user, $action, &$result ) {
+ if ( $action === 'editcontentmodel' &&
+ $page->getContentModel() === CONTENT_MODEL_WIKITEXT ) {
+ $result = false;
+
+ return false;
+ }
+ } );
+
+ $user = $GLOBALS['wgUser'];
+
+ $status = $this->doEditDummyNonTextPage( [
+ 'wpTextbox1' => 'some text',
+ 'wpEditToken' => $user->getEditToken(),
+ 'wpEdittime' => '',
+ 'wpStarttime' => wfTimestampNow(),
+ 'wpUnicodeCheck' => EditPage::UNICODE_CHECK,
+ 'model' => CONTENT_MODEL_WIKITEXT,
+ 'format' => CONTENT_FORMAT_WIKITEXT,
+ ] );
+
+ $this->assertFalse( $status->isOK() );
+ $this->assertEquals( EditPage::AS_NO_CHANGE_CONTENT_MODEL, $status->getValue() );
}
+ /** @covers EditPage */
+ public function testShouldPreventChangingContentModelWhenUserCannotEditTargetTitle() {
+ $this->setTemporaryHook( 'getUserPermissionsErrors',
+ function ( Title $page, $user, $action, &$result ) {
+ if ( $action === 'edit' && $page->getContentModel() === CONTENT_MODEL_WIKITEXT ) {
+ $result = false;
+ return false;
+ }
+ } );
+
+ $user = $GLOBALS['wgUser'];
+
+ $status = $this->doEditDummyNonTextPage( [
+ 'wpTextbox1' => 'some text',
+ 'wpEditToken' => $user->getEditToken(),
+ 'wpEdittime' => '',
+ 'wpStarttime' => wfTimestampNow(),
+ 'wpUnicodeCheck' => EditPage::UNICODE_CHECK,
+ 'model' => CONTENT_MODEL_WIKITEXT,
+ 'format' => CONTENT_FORMAT_WIKITEXT,
+ ] );
+
+ $this->assertFalse( $status->isOK() );
+ $this->assertEquals( EditPage::AS_NO_CHANGE_CONTENT_MODEL, $status->getValue() );
+ }
+
+ private function doEditDummyNonTextPage( array $edit ): Status {
+ $title = Title::newFromText( 'Dummy:NonTextPageForEditPage' );
+
+ $article = new Article( $title );
+ $article->getContext()->setTitle( $title );
+ $ep = new EditPage( $article );
+ $ep->setContextTitle( $title );
+
+ $req = new FauxRequest( $edit, true );
+ $ep->importFormData( $req );
+
+ return $ep->internalAttemptSave( $result, false );
+ }
}