r58079 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r58078‎ \| r58079 \| r58080 >
Date:	04:36, 24 October 2009
Author:	mrzman
Status:	resolved (Comments)
Tags:
Comment:	(bug 18019) Warn users when moving a file to a name in use on a shared repo. Allow only users with the 'reupload-shared' right to complete the move.
Modified paths:	/trunk/phase3/RELEASE-NOTES (modified) (history) /trunk/phase3/includes/api/ApiBase.php (modified) (history) /trunk/phase3/includes/api/ApiMove.php (modified) (history) /trunk/phase3/includes/specials/SpecialMovepage.php (modified) (history) /trunk/phase3/languages/messages/MessagesEn.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/api/ApiMove.php
—	—	@@ -71,7 +71,18 @@
72	72	if(!$toTitle)
73	73	$this->dieUsageMsg(array('invalidtitle', $params['to']));
74	74	$toTalk = $toTitle->getTalkPage();
75		-
	75	+
	76	+ if ( $toTitle->getNamespace() == NS_FILE
	77	+ && !RepoGroup::singleton()->getLocalRepo()->findFile( $toTitle )
	78	+ && wfFindFile( $toTitle ) )
	79	+ {
	80	+ if ( !$params['ignorewarnings'] && $wgUser->isAllowed( 'reupload-shared' ) ) {
	81	+ $this->dieUsageMsg(array('sharedfile-exists'));
	82	+ } elseif ( !$wgUser->isAllowed( 'reupload-shared' ) ) {
	83	+ $this->dieUsageMsg(array('cantoverwrite-sharedfile'));
	84	+ }
	85	+ }
	86	+
76	87	# Move the page
77	88	$hookErr = null;
78	89	$retval = $fromTitle->moveTo($toTitle, true, $params['reason'], !$params['noredirect']);
—	—	@@ -171,7 +182,8 @@
172	183	'movesubpages' => false,
173	184	'noredirect' => false,
174	185	'watch' => false,
175		~~- 'unwatch' => false~~
	186	+ 'unwatch' => false,
	187	+ 'ignorewarnings' => false
176	188	);
177	189	}
178	190
—	—	@@ -186,7 +198,8 @@
187	199	'movesubpages' => 'Move subpages, if applicable',
188	200	'noredirect' => 'Don\'t create a redirect',
189	201	'watch' => 'Add the page and the redirect to your watchlist',
190		~~- 'unwatch' => 'Remove the page and the redirect from your watchlist'~~
	202	+ 'unwatch' => 'Remove the page and the redirect from your watchlist',
	203	+ 'ignorewarnings' => 'Ignore any warnings'
191	204	);
192	205	}
193	206
Index: trunk/phase3/includes/api/ApiBase.php
—	—	@@ -846,6 +846,8 @@
847	847	'import-noarticle' => array('code' => 'badinterwiki', 'info' => 'Invalid interwiki title specified'),
848	848	'importbadinterwiki' => array('code' => 'badinterwiki', 'info' => 'Invalid interwiki title specified'),
849	849	'import-unknownerror' => array('code' => 'import-unknownerror', 'info' => "Unknown error on import: ``\$1''"),
	850	+ 'cantoverwrite-sharedfile' => array('code' => 'cantoverwrite-sharedfile', 'info' => 'The target file exists on a shared repository and you do not have permission to override it'),
	851	+ 'sharedfile-exists' => array('code' => 'fileexists-sharedrepo-perm', 'info' => 'The target file exists on a shared repository. Use the ignorewarnings parameter to override it.'),
850	852
851	853	// ApiEditPage messages
852	854	'noimageredirect-anon' => array('code' => 'noimageredirect-anon', 'info' => "Anonymous users can't create image redirects"),
Index: trunk/phase3/includes/specials/SpecialMovepage.php
—	—	@@ -58,7 +58,7 @@
59	59	class MovePageForm {
60	60	var $oldTitle, $newTitle; # Objects
61	61	var $reason; # Text input
62		~~- var $moveTalk, $deleteAndMove, $moveSubpages, $fixRedirects, $leaveRedirect; # Checks~~
	62	+ var $moveTalk, $deleteAndMove, $moveSubpages, $fixRedirects, $leaveRedirect, $moveOverShared; # Checks
63	63
64	64	private $watch = false;
65	65
—	—	@@ -79,6 +79,7 @@
80	80	}
81	81	$this->moveSubpages = $wgRequest->getBool( 'wpMovesubpages', false );
82	82	$this->deleteAndMove = $wgRequest->getBool( 'wpDeleteAndMove' ) && $wgRequest->getBool( 'wpConfirm' );
	83	+ $this->moveOverShared = $wgRequest->getBool( 'wpMoveOverSharedFile', false );
83	84	$this->watch = $wgRequest->getCheck( 'wpWatch' );
84	85	}
85	86
—	—	@@ -136,6 +137,12 @@
137	138	$confirm = false;
138	139	}
139	140
	141	+ if ( !empty($err) && $err[0] == 'file-exists-sharedrepo' && $wgUser->isAllowed( 'reupload-shared' ) ) {
	142	+ $wgOut->addWikiMsg( 'move-over-sharedrepo', $newTitle->getPrefixedText() );
	143	+ $submitVar = 'wpMoveOverSharedFile';
	144	+ $err = '';
	145	+ }
	146	+
140	147	$oldTalk = $this->oldTitle->getTalkPage();
141	148	$considerTalk = ( !$this->oldTitle->isTalkPage() && $oldTalk->exists() );
142	149
—	—	@@ -351,6 +358,17 @@
352	359	return;
353	360	}
354	361
	362	+ # Show a warning if the target file exists on a shared repo
	363	+ if ( $nt->getNamespace() == NS_FILE
	364	+ && !( $this->moveOverShared && $wgUser->isAllowed( 'reupload-shared' ) )
	365	+ && !RepoGroup::singleton()->getLocalRepo()->findFile( $nt )
	366	+ && wfFindFile( $nt ) )
	367	+ {
	368	+ $this->showForm( array('file-exists-sharedrepo') );
	369	+ return;
	370	+
	371	+ }
	372	+
355	373	if ( $wgUser->isAllowed( 'suppressredirect' ) ) {
356	374	$createRedirect = $this->leaveRedirect;
357	375	} else {
Index: trunk/phase3/languages/messages/MessagesEn.php
—	—	@@ -3109,6 +3109,10 @@
3110	3110	'move-leave-redirect' => 'Leave a redirect behind',
3111	3111	'protectedpagemovewarning' => "'''Warning:''' This page has been locked so that only users with administrator privileges can move it.",
3112	3112	'semiprotectedpagemovewarning' => "'''Note:''' This page has been locked so that only registered users can move it.",
	3113	+'move-over-sharedrepo' => '==File exists==
	3114	+[[:$1]] exists on a shared repository. Moving a file to this title will override the shared file.',
	3115	+'file-exists-sharedrepo' => 'The file name chosen is already in use on a shared repository.
	3116	+Please choose another name.',
3113	3117
3114	3118	# Export
3115	3119	'export' => 'Export pages',
Index: trunk/phase3/RELEASE-NOTES
—	—	@@ -591,6 +591,9 @@
592	592	* (bug 21006) maintenance/updateArticleCount.php now works again on PostgreSQL
593	593	* (bug 19319) Add activeusers-intro message at top of SpecialActiveUsers page
594	594	* (bug 21255) Fixed hostname construction for DNSBL checking
	595	+* (bug 18019) Users are now warned when moving a file to a name in use on a
	596	+ shared repository and only users with the 'reupload-shared' permission can
	597	+ complete the move.
595	598
596	599	== API changes in 1.16 ==
597	600

Follow-up revisions

Revision	Commit summary	Author	Date
r58080	Follow-up r58079: Add new messages to maintenance scripts	raymond	06:24, 24 October 2009
r60418	Per CR on r58079, add a permission check for 'reupload-shared' to...	mrzman	21:56, 26 December 2009

Comments

#Comment by Bryan (talk | contribs) 22:05, 28 October 2009

Permissions checking should be down on a lower level, i.e. in Title::isValidMoveOperation.

#Comment by Mr.Z-man (talk | contribs) 17:14, 30 October 2009

I can add a permission check to Title::isValidMoveOperation, but it will mainly just increase code duplication. For it to be able to provide a different warning with the option to override to users who can move it, versus a "you can't do this" warning to users who can't, it still needs to do the permission check in SpecialMovepage/ApiMove.

#Comment by Bryan (talk | contribs) 22:02, 21 December 2009

Title::isValidMoveOperation can return detailed error information, so supplying whether or not the user is actually allowed to complete the move can be supplied by it.

#Comment by Mr.Z-man (talk | contribs) 00:23, 22 December 2009

The issue is that it needs to be overridden for users who do have permission, but it still needs to give a warning on the initial attempt, which means it needs to be able to distinguish between the initial attempt, and the attempt after the warning. Title::isValidMoveOperation is only called directly in SpecialMovepage.php in rare situations, normally its only called in Title::moveTo, where its too late to modify the submit button on the form.

#Comment by Tim Starling (talk | contribs) 04:27, 23 December 2009

I think it's OK to duplicate these few lines of code in this case, to be on the safe side. The file object cache in RepoGroup should prevent a second DB query from being generated, so it's just an extra few microseconds. You can avoid a second check for the file on the local repo, the equivalent of your

&& !RepoGroup::singleton()->getLocalRepo()->findFile( $nt )

by reusing the results from the following code in isValidMoveOperation():

$file = wfLocalFile( $this );
if( $file->exists() ) {

They have the same effect.

#Comment by Bryan (talk | contribs) 21:14, 24 December 2009

I'm not quire concerned about performance, but about the fact that having a permissions check outside a place where you actually suspect all permission checking to be done is error-prone. That said, seeing that it is very hard to fix this a proper way, I do not think this is a blocking bug.

#Comment by Mr.Z-man (talk | contribs) 22:05, 26 December 2009

Added permission check in Title::isValidMoveOperation in r60418/r60420.

Status & tagging log

06:47, 30 December 2009 Tim Starling (talk | contribs) changed the status of r58079 [removed: fixme added: resolved]
22:05, 28 October 2009 Bryan (talk | contribs) changed the status of r58079 [removed: new added: fixme]