From: rxy Date: Fri, 31 May 2019 20:04:09 +0000 (+0000) Subject: Add permission check for user is permitted to view the log type X-Git-Tag: 1.34.0-rc.0~880^2 X-Git-Url: https://git.cyclocoop.org/admin/?a=commitdiff_plain;h=0b91327754153e066a01c552d2704d7954447f7d;p=lhc%2Fweb%2Fwiklou.git Add permission check for user is permitted to view the log type Note: formatter patch only Note: cherry-picked I064f563cb here as well Bug: T222038 Change-Id: I1c4e57a513e3a0e616b862a5b9d684f463ad9981 --- diff --git a/includes/logging/LogFormatter.php b/includes/logging/LogFormatter.php index e8dd8982b5..9e63ffee64 100644 --- a/includes/logging/LogFormatter.php +++ b/includes/logging/LogFormatter.php @@ -153,6 +153,19 @@ class LogFormatter { : self::FOR_PUBLIC; } + /** + * Check if a log item type can be displayed + * @return bool + */ + public function canViewLogType() { + // If the user doesn't have the right permission to view the specific + // log type, return false + $logRestrictions = $this->context->getConfig()->get( 'LogRestrictions' ); + $type = $this->entry->getType(); + return !isset( $logRestrictions[$type] ) + || $this->context->getUser()->isAllowed( $logRestrictions[$type] ); + } + /** * Check if a log item can be displayed * @param int $field LogPage::DELETED_* constant @@ -161,9 +174,10 @@ class LogFormatter { protected function canView( $field ) { if ( $this->audience == self::FOR_THIS_USER ) { return LogEventsList::userCanBitfield( - $this->entry->getDeleted(), $field, $this->context->getUser() ); + $this->entry->getDeleted(), $field, $this->context->getUser() ) && + self::canViewLogType(); } else { - return !$this->entry->isDeleted( $field ); + return !$this->entry->isDeleted( $field ) && self::canViewLogType(); } } diff --git a/tests/phpunit/includes/logging/BlockLogFormatterTest.php b/tests/phpunit/includes/logging/BlockLogFormatterTest.php index b6f8f9cc37..71cf5588f2 100644 --- a/tests/phpunit/includes/logging/BlockLogFormatterTest.php +++ b/tests/phpunit/includes/logging/BlockLogFormatterTest.php @@ -331,6 +331,81 @@ class BlockLogFormatterTest extends LogFormatterTestCase { * @dataProvider provideSuppressBlockLogDatabaseRows */ public function testSuppressBlockLogDatabaseRows( $row, $extra ) { + $this->setMwGlobals( + 'wgGroupPermissions', + [ + 'oversight' => [ + 'viewsuppressed' => true, + 'suppressionlog' => true, + ], + ] + ); + $this->doTestLogFormatter( $row, $extra, [ 'oversight' ] ); + } + + /** + * Provide different rows from the logging table to test + * for backward compatibility. + * Do not change the existing data, just add a new database row + */ + public static function provideSuppressBlockLogDatabaseRowsNonPrivileged() { + return [ + // Current log format + [ + [ + 'type' => 'suppress', + 'action' => 'block', + 'comment' => 'Block comment', + 'user' => 0, + 'user_text' => 'Sysop', + 'namespace' => NS_USER, + 'title' => 'Logtestuser', + 'params' => [ + '5::duration' => 'infinite', + '6::flags' => 'anononly', + ], + ], + [ + 'text' => '(username removed) (log details removed)', + 'api' => [ + 'duration' => 'infinite', + 'flags' => [ 'anononly' ], + ], + ], + ], + + // legacy log + [ + [ + 'type' => 'suppress', + 'action' => 'block', + 'comment' => 'Block comment', + 'user' => 0, + 'user_text' => 'Sysop', + 'namespace' => NS_USER, + 'title' => 'Logtestuser', + 'params' => [ + 'infinite', + 'anononly', + ], + ], + [ + 'legacy' => true, + 'text' => '(username removed) (log details removed)', + 'api' => [ + 'duration' => 'infinite', + 'flags' => [ 'anononly' ], + ], + ], + ], + ]; + } + + /** + * @dataProvider provideSuppressBlockLogDatabaseRowsNonPrivileged + */ + public function testSuppressBlockLogDatabaseRowsNonPrivileged( $row, $extra ) { + $this->user = $this->getTestUser()->getUser(); $this->doTestLogFormatter( $row, $extra ); } @@ -398,6 +473,81 @@ class BlockLogFormatterTest extends LogFormatterTestCase { * @dataProvider provideSuppressReblockLogDatabaseRows */ public function testSuppressReblockLogDatabaseRows( $row, $extra ) { + $this->setMwGlobals( + 'wgGroupPermissions', + [ + 'oversight' => [ + 'viewsuppressed' => true, + 'suppressionlog' => true, + ], + ] + ); + $this->doTestLogFormatter( $row, $extra, [ 'oversight' ] ); + } + + /** + * Provide different rows from the logging table to test + * for backward compatibility. + * Do not change the existing data, just add a new database row + */ + public static function provideSuppressReblockLogDatabaseRowsNonPrivileged() { + return [ + // Current log format + [ + [ + 'type' => 'suppress', + 'action' => 'reblock', + 'comment' => 'Block comment', + 'user' => 0, + 'user_text' => 'Sysop', + 'namespace' => NS_USER, + 'title' => 'Logtestuser', + 'params' => [ + '5::duration' => 'infinite', + '6::flags' => 'anononly', + ], + ], + [ + 'text' => '(username removed) (log details removed)', + 'api' => [ + 'duration' => 'infinite', + 'flags' => [ 'anononly' ], + ], + ], + ], + + // Legacy format + [ + [ + 'type' => 'suppress', + 'action' => 'reblock', + 'comment' => 'Block comment', + 'user' => 0, + 'user_text' => 'Sysop', + 'namespace' => NS_USER, + 'title' => 'Logtestuser', + 'params' => [ + 'infinite', + 'anononly', + ], + ], + [ + 'legacy' => true, + 'text' => '(username removed) (log details removed)', + 'api' => [ + 'duration' => 'infinite', + 'flags' => [ 'anononly' ], + ], + ], + ], + ]; + } + + /** + * @dataProvider provideSuppressReblockLogDatabaseRowsNonPrivileged + */ + public function testSuppressReblockLogDatabaseRowsNonPrivileged( $row, $extra ) { + $this->user = $this->getTestUser()->getUser(); $this->doTestLogFormatter( $row, $extra ); } diff --git a/tests/phpunit/includes/logging/DeleteLogFormatterTest.php b/tests/phpunit/includes/logging/DeleteLogFormatterTest.php index 6648c31c25..f1d58fdf09 100644 --- a/tests/phpunit/includes/logging/DeleteLogFormatterTest.php +++ b/tests/phpunit/includes/logging/DeleteLogFormatterTest.php @@ -409,6 +409,109 @@ class DeleteLogFormatterTest extends LogFormatterTestCase { * @dataProvider provideSuppressRevisionLogDatabaseRows */ public function testSuppressRevisionLogDatabaseRows( $row, $extra ) { + $this->setMwGlobals( + 'wgGroupPermissions', + [ + 'oversight' => [ + 'viewsuppressed' => true, + 'suppressionlog' => true, + ], + ] + ); + $this->doTestLogFormatter( $row, $extra, [ 'oversight' ] ); + } + + /** + * Provide different rows from the logging table to test + * for backward compatibility. + * Do not change the existing data, just add a new database row + */ + public static function provideSuppressRevisionLogDatabaseRowsNonPrivileged() { + return [ + // Current format + [ + [ + 'type' => 'suppress', + 'action' => 'revision', + 'comment' => 'Suppress comment', + 'namespace' => NS_MAIN, + 'title' => 'Page', + 'params' => [ + '4::type' => 'archive', + '5::ids' => [ '1', '3', '4' ], + '6::ofield' => '1', + '7::nfield' => '10', + ], + ], + [ + 'text' => '(username removed) (log details removed)', + 'api' => [ + 'type' => 'archive', + 'ids' => [ '1', '3', '4' ], + 'old' => [ + 'bitmask' => 1, + 'content' => true, + 'comment' => false, + 'user' => false, + 'restricted' => false, + ], + 'new' => [ + 'bitmask' => 10, + 'content' => false, + 'comment' => true, + 'user' => false, + 'restricted' => true, + ], + ], + ], + ], + + // Legacy format + [ + [ + 'type' => 'suppress', + 'action' => 'revision', + 'comment' => 'Suppress comment', + 'namespace' => NS_MAIN, + 'title' => 'Page', + 'params' => [ + 'archive', + '1,3,4', + 'ofield=1', + 'nfield=10', + ], + ], + [ + 'legacy' => true, + 'text' => '(username removed) (log details removed)', + 'api' => [ + 'type' => 'archive', + 'ids' => [ '1', '3', '4' ], + 'old' => [ + 'bitmask' => 1, + 'content' => true, + 'comment' => false, + 'user' => false, + 'restricted' => false, + ], + 'new' => [ + 'bitmask' => 10, + 'content' => false, + 'comment' => true, + 'user' => false, + 'restricted' => true, + ], + ], + ], + ], + ]; + } + + /** + * @dataProvider provideSuppressRevisionLogDatabaseRowsNonPrivileged + */ + public function testSuppressRevisionLogDatabaseRowsNonPrivileged( $row, $extra ) { + $this->user = $this->getTestUser()->getUser(); $this->doTestLogFormatter( $row, $extra ); } @@ -523,6 +626,107 @@ class DeleteLogFormatterTest extends LogFormatterTestCase { * @dataProvider provideSuppressEventLogDatabaseRows */ public function testSuppressEventLogDatabaseRows( $row, $extra ) { + $this->setMwGlobals( + 'wgGroupPermissions', + [ + 'oversight' => [ + 'viewsuppressed' => true, + 'suppressionlog' => true, + ], + ] + ); + $this->doTestLogFormatter( $row, $extra, [ 'oversight' ] ); + } + + /** + * Provide different rows from the logging table to test + * for backward compatibility. + * Do not change the existing data, just add a new database row + */ + public static function provideSuppressEventLogDatabaseRowsNonPrivileged() { + return [ + // Current format + [ + [ + 'type' => 'suppress', + 'action' => 'event', + 'comment' => 'Suppress comment', + 'namespace' => NS_MAIN, + 'title' => 'Page', + 'params' => [ + '4::ids' => [ '1', '3', '4' ], + '5::ofield' => '1', + '6::nfield' => '10', + ], + ], + [ + 'text' => '(username removed) (log details removed)', + 'api' => [ + 'type' => 'logging', + 'ids' => [ '1', '3', '4' ], + 'old' => [ + 'bitmask' => 1, + 'content' => true, + 'comment' => false, + 'user' => false, + 'restricted' => false, + ], + 'new' => [ + 'bitmask' => 10, + 'content' => false, + 'comment' => true, + 'user' => false, + 'restricted' => true, + ], + ], + ], + ], + + // Legacy format + [ + [ + 'type' => 'suppress', + 'action' => 'event', + 'comment' => 'Suppress comment', + 'namespace' => NS_MAIN, + 'title' => 'Page', + 'params' => [ + '1,3,4', + 'ofield=1', + 'nfield=10', + ], + ], + [ + 'legacy' => true, + 'text' => '(username removed) (log details removed)', + 'api' => [ + 'type' => 'logging', + 'ids' => [ '1', '3', '4' ], + 'old' => [ + 'bitmask' => 1, + 'content' => true, + 'comment' => false, + 'user' => false, + 'restricted' => false, + ], + 'new' => [ + 'bitmask' => 10, + 'content' => false, + 'comment' => true, + 'user' => false, + 'restricted' => true, + ], + ], + ], + ], + ]; + } + + /** + * @dataProvider provideSuppressEventLogDatabaseRowsNonPrivileged + */ + public function testSuppressEventLogDatabaseRowsNonPrivileged( $row, $extra ) { + $this->user = $this->getTestUser()->getUser(); $this->doTestLogFormatter( $row, $extra ); } @@ -572,6 +776,65 @@ class DeleteLogFormatterTest extends LogFormatterTestCase { * @dataProvider provideSuppressDeleteLogDatabaseRows */ public function testSuppressDeleteLogDatabaseRows( $row, $extra ) { + $this->setMwGlobals( + 'wgGroupPermissions', + [ + 'oversight' => [ + 'viewsuppressed' => true, + 'suppressionlog' => true, + ], + ] + ); + $this->doTestLogFormatter( $row, $extra, [ 'oversight' ] ); + } + + /** + * Provide different rows from the logging table to test + * for backward compatibility. + * Do not change the existing data, just add a new database row + */ + public static function provideSuppressDeleteLogDatabaseRowsNonPrivileged() { + return [ + // Current format + [ + [ + 'type' => 'suppress', + 'action' => 'delete', + 'comment' => 'delete comment', + 'namespace' => NS_MAIN, + 'title' => 'Page', + 'params' => [], + ], + [ + 'text' => '(username removed) (log details removed)', + 'api' => [], + ], + ], + + // Legacy format + [ + [ + 'type' => 'suppress', + 'action' => 'delete', + 'comment' => 'delete comment', + 'namespace' => NS_MAIN, + 'title' => 'Page', + 'params' => [], + ], + [ + 'legacy' => true, + 'text' => '(username removed) (log details removed)', + 'api' => [], + ], + ], + ]; + } + + /** + * @dataProvider provideSuppressDeleteLogDatabaseRowsNonPrivileged + */ + public function testSuppressDeleteLogDatabaseRowsNonPrivileged( $row, $extra ) { + $this->user = $this->getTestUser()->getUser(); $this->doTestLogFormatter( $row, $extra ); } } diff --git a/tests/phpunit/includes/logging/LogFormatterTestCase.php b/tests/phpunit/includes/logging/LogFormatterTestCase.php index fc2ab916cb..a24065ec50 100644 --- a/tests/phpunit/includes/logging/LogFormatterTestCase.php +++ b/tests/phpunit/includes/logging/LogFormatterTestCase.php @@ -6,11 +6,15 @@ use MediaWiki\Linker\LinkTarget; */ abstract class LogFormatterTestCase extends MediaWikiLangTestCase { - public function doTestLogFormatter( $row, $extra ) { + public function doTestLogFormatter( $row, $extra, $userGroups = [] ) { RequestContext::resetMain(); $row = $this->expandDatabaseRow( $row, $this->isLegacy( $extra ) ); + $context = new RequestContext(); + $context->setUser( $this->getTestUser( $userGroups )->getUser() ); + $formatter = LogFormatter::newFromRow( $row ); + $formatter->setContext( $context ); $this->assertEquals( $extra['text'],