r46915 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r46914‎ | r46915 | r46916 >
Date:14:35, 6 February 2009
Author:aaron
Status:deferred
Tags:
Comment:
Move cascade below page_restrictions check
Modified paths:
  • /trunk/phase3/includes/Title.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/Title.php
@@ -1204,12 +1204,14 @@
12051205 return $errors;
12061206 }
12071207
1208 - // TODO: document
 1208+ # Only 'createaccount' and 'execute' can be performed on
 1209+ # special pages, which don't actually exist in the DB.
12091210 $specialOKActions = array( 'createaccount', 'execute' );
12101211 if( NS_SPECIAL == $this->mNamespace && !in_array( $action, $specialOKActions) ) {
12111212 $errors[] = array('ns-specialprotected');
12121213 }
12131214
 1215+ # Check $wgNamespaceProtection for restricted namespaces
12141216 if( $this->isNamespaceProtected() ) {
12151217 $ns = $this->getNamespace() == NS_MAIN ?
12161218 wfMsg( 'nstab-main' ) : $this->getNsText();
@@ -1217,7 +1219,7 @@
12181220 array('protectedinterface') : array( 'namespaceprotected', $ns );
12191221 }
12201222
1221 - # protect css/js subpages of user pages
 1223+ # Protect css/js subpages of user pages
12221224 # XXX: this might be better using restrictions
12231225 # XXX: Find a way to work around the php bug that prevents using $this->userCanEditCssJsSubpage() from working
12241226 if( $this->isCssJsSubpage() && !$user->isAllowed('editusercssjs')
@@ -1226,6 +1228,32 @@
12271229 $errors[] = array('customcssjsprotected');
12281230 }
12291231
 1232+ # Check against page_restrictions table requirements on this
 1233+ # page. The user must possess all required rights for this action.
 1234+ foreach( $this->getRestrictions($action) as $right ) {
 1235+ // Backwards compatibility, rewrite sysop -> protect
 1236+ if( $right == 'sysop' ) {
 1237+ $right = 'protect';
 1238+ }
 1239+ if( '' != $right && !$user->isAllowed( $right ) ) {
 1240+ // Users with 'editprotected' permission can edit protected pages
 1241+ if( $action=='edit' && $user->isAllowed( 'editprotected' ) ) {
 1242+ // Users with 'editprotected' permission cannot edit protected pages
 1243+ // with cascading option turned on.
 1244+ if( $this->mCascadeRestriction ) {
 1245+ $errors[] = array( 'protectedpagetext', $right );
 1246+ }
 1247+ } else {
 1248+ $errors[] = array( 'protectedpagetext', $right );
 1249+ }
 1250+ }
 1251+ }
 1252+ # Short-circuit point
 1253+ if( $short && count($errors) > 0 ) {
 1254+ wfProfileOut( __METHOD__ );
 1255+ return $errors;
 1256+ }
 1257+
12301258 if( $doExpensiveQueries && !$this->isCssJsSubpage() ) {
12311259 # We /could/ use the protection level on the source page, but it's fairly ugly
12321260 # as we have to establish a precedence hierarchy for pages included by multiple
@@ -1254,30 +1282,6 @@
12551283 return $errors;
12561284 }
12571285
1258 - foreach( $this->getRestrictions($action) as $right ) {
1259 - // Backwards compatibility, rewrite sysop -> protect
1260 - if( $right == 'sysop' ) {
1261 - $right = 'protect';
1262 - }
1263 - if( '' != $right && !$user->isAllowed( $right ) ) {
1264 - // Users with 'editprotected' permission can edit protected pages
1265 - if( $action=='edit' && $user->isAllowed( 'editprotected' ) ) {
1266 - // Users with 'editprotected' permission cannot edit protected pages
1267 - // with cascading option turned on.
1268 - if( $this->mCascadeRestriction ) {
1269 - $errors[] = array( 'protectedpagetext', $right );
1270 - }
1271 - } else {
1272 - $errors[] = array( 'protectedpagetext', $right );
1273 - }
1274 - }
1275 - }
1276 - # Short-circuit point
1277 - if( $short && count($errors) > 0 ) {
1278 - wfProfileOut( __METHOD__ );
1279 - return $errors;
1280 - }
1281 -
12821286 if( $action == 'protect' ) {
12831287 if( $this->getUserPermissionsErrors('edit', $user) != array() ) {
12841288 $errors[] = array( 'protect-cantedit' ); // If they can't edit, they shouldn't protect.

Status & tagging log