r48777 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r48776‎ | r48777 | r48778 >
Date:01:26, 25 March 2009
Author:aaron
Status:ok
Tags:
Comment:
Follow up to r48538: check permissions for api
Modified paths:
  • /trunk/extensions/CodeReview/ApiCodeComments.php (modified) (history)
  • /trunk/extensions/CodeReview/ApiCodeDiff.php (modified) (history)
  • /trunk/extensions/CodeReview/ApiCodeUpdate.php (modified) (history)

Diff [purge]

Index: trunk/extensions/CodeReview/ApiCodeComments.php
@@ -29,6 +29,11 @@
3030 }
3131
3232 public function execute() {
 33+ global $wgUser;
 34+ // Before doing anything at all, let's check permissions
 35+ if( !$wgUser->isAllowed('codereview-use') ) {
 36+ $this->dieUsage('You don\'t have permission to view code comments','permissiondenied');
 37+ }
3338 $params = $this->extractRequestParams();
3439 if ( is_null( $params['repo'] ) )
3540 $this->dieUsageMsg( array( 'missingparam', 'repo' ) );
Index: trunk/extensions/CodeReview/ApiCodeDiff.php
@@ -3,6 +3,11 @@
44 class ApiCodeDiff extends ApiBase {
55
66 public function execute() {
 7+ global $wgUser;
 8+ // Before doing anything at all, let's check permissions
 9+ if( !$wgUser->isAllowed('codereview-use') ) {
 10+ $this->dieUsage('You don\'t have permission to view code diffs','permissiondenied');
 11+ }
712 $params = $this->extractRequestParams();
813
914 if ( !isset( $params['repo'] ) ) {
Index: trunk/extensions/CodeReview/ApiCodeUpdate.php
@@ -3,6 +3,11 @@
44 class ApiCodeUpdate extends ApiBase {
55
66 public function execute() {
 7+ global $wgUser;
 8+ // Before doing anything at all, let's check permissions
 9+ if( !$wgUser->isAllowed('codereview-use') ) {
 10+ $this->dieUsage('You don\'t have permission update code','permissiondenied');
 11+ }
712 $params = $this->extractRequestParams();
813
914 if ( !isset( $params['repo'] ) ) {

Past revisions this follows-up on

RevisionCommit summaryAuthorDate
r48538(bug 17984) Allow restriction of access to Special:Codeaaron21:14, 18 March 2009

Status & tagging log