Check if API enabled before loading dependent JS modules

Affects whether these modules are loaded:

* mediawiki.searchSuggest ($wgEnableAPI only)
* mediawiki.page.watch.ajax ($wgEnableAPI, $wgEnableWriteAPI,
  'writeapi' right)
* mediawiki.page.patrol.ajax (same as above)

Checking of $wgUseAjax has not been removed where it was
already present, in case some users have set the variable
to false to disable these specific features.

Bug: 30213
Change-Id: If2ec219cfbb94e7c9718c58b9b54a508d0e0c656

diff --git a/RELEASE-NOTES-1.22 b/RELEASE-NOTES-1.22
index 4e04940..f3905e4 100644 (file)
--- a/RELEASE-NOTES-1.22
+++ b/RELEASE-NOTES-1.22
@@ -112,6 +112,9 @@ production.
 * (bug 36641) Patrol page links no longer show on non-existent revisions.
 * (bug 35810) Pages not linked from Special:RecentChanges or Special:NewPages
   are patrollable now.
+* (bug 30213) JavaScript for search suggestions is now disabled when the API
+  is disabled, and AJAX patrolling and watching are now disabled when use of
+  the write API is not allowed.
 
 === API changes in 1.22 ===
 * (bug 46626) xmldoublequote parameter was removed. Because of a bug, the

diff --git a/includes/Article.php b/includes/Article.php
index c4b0835..da24a98 100644 (file)
--- a/includes/Article.php
+++ b/includes/Article.php
@@ -1052,7 +1052,7 @@ class Article implements Page {
         * OutputPage::preventClickjacking() and load mediawiki.page.patrol.ajax.
         */
        public function showPatrolFooter() {
-               global $wgUseRCPatrol, $wgUseNPPatrol, $wgRCMaxAge;
+               global $wgUseRCPatrol, $wgUseNPPatrol, $wgRCMaxAge, $wgEnableAPI, $wgEnableWriteAPI;
 
                $request = $this->getContext()->getRequest();
                $outputPage = $this->getContext()->getOutput();
@@ -1167,7 +1167,9 @@ class Article implements Page {
                $token = $user->getEditToken( $rcid );
 
                $outputPage->preventClickjacking();
-               $outputPage->addModules( 'mediawiki.page.patrol.ajax' );
+               if ( $wgEnableAPI && $wgEnableWriteAPI && $user->isAllowed( 'writeapi' ) ) {
+                       $outputPage->addModules( 'mediawiki.page.patrol.ajax' );
+               }
 
                $link = Linker::linkKnown(
                        $this->getTitle(),

diff --git a/includes/Skin.php b/includes/Skin.php
index 07abcb5..53003c6 100644 (file)
--- a/includes/Skin.php
+++ b/includes/Skin.php
@@ -205,7 +205,7 @@ abstract class Skin extends ContextSource {
         */
        public function getDefaultModules() {
                global $wgIncludeLegacyJavaScript, $wgPreloadJavaScriptMwUtil, $wgUseAjax,
-                       $wgAjaxWatch;
+                       $wgAjaxWatch, $wgEnableAPI, $wgEnableWriteAPI;
 
                $out = $this->getOutput();
                $user = $out->getUser();
@@ -235,12 +235,16 @@ abstract class Skin extends ContextSource {
                if ( $wgUseAjax ) {
                        $modules['legacy'][] = 'mediawiki.legacy.ajax';
 
-                       if ( $wgAjaxWatch && $user->isLoggedIn() ) {
-                               $modules['watch'][] = 'mediawiki.page.watch.ajax';
-                       }
+                       if ( $wgEnableAPI ) {
+                               if ( $wgEnableWriteAPI && $wgAjaxWatch && $user->isLoggedIn()
+                                       && $user->isAllowed( 'writeapi' )
+                               ) {
+                                       $modules['watch'][] = 'mediawiki.page.watch.ajax';
+                               }
 
-                       if ( !$user->getOption( 'disablesuggest', false ) ) {
-                               $modules['search'][] =  'mediawiki.searchSuggest';
+                               if ( !$user->getOption( 'disablesuggest', false ) ) {
+                                       $modules['search'][] = 'mediawiki.searchSuggest';
+                               }
                        }
                }
 

diff --git a/includes/diff/DifferenceEngine.php b/includes/diff/DifferenceEngine.php
index c551107..5cdc0b6 100644 (file)
--- a/includes/diff/DifferenceEngine.php
+++ b/includes/diff/DifferenceEngine.php
@@ -410,7 +410,7 @@ class DifferenceEngine extends ContextSource {
         * @return String
         */
        protected function markPatrolledLink() {
-               global $wgUseRCPatrol, $wgRCMaxAge;
+               global $wgUseRCPatrol, $wgRCMaxAge, $wgEnableAPI, $wgEnableWriteAPI;
                $cache = wfGetMainCache();
 
                if ( $this->mMarkPatrolledLink === null ) {
@@ -447,7 +447,11 @@ class DifferenceEngine extends ContextSource {
                                // Build the link
                                if ( $rcid ) {
                                        $this->getOutput()->preventClickjacking();
-                                       $this->getOutput()->addModules( 'mediawiki.page.patrol.ajax' );
+                                       if ( $wgEnableAPI && $wgEnableWriteAPI
+                                               && $this->getUser()->isAllowed( 'writeapi' )
+                                       ) {
+                                               $this->getOutput()->addModules( 'mediawiki.page.patrol.ajax' );
+                                       }
 
                                        $token = $this->getUser()->getEditToken( $rcid );
                                        $this->mMarkPatrolledLink = ' <span class="patrollink">[' . Linker::linkKnown(