r65818 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r65817‎ | r65818 | r65819 >
Date:20:34, 2 May 2010
Author:btongminh
Status:resolved (Comments)
Tags:
Comment:
(bug 18408) All required permissions for uploading (upload, edit, create) are now checked when loading Special:Upload. Toolbar link for Special:Upload is no longer shown if the user does not have the required permissions.

Found out that UploadBase::isAllowed is a totally inappropriate name for what it is returning. That should perhaps be changed before 1.16 is released.
Modified paths:
  • /trunk/phase3/RELEASE-NOTES (modified) (history)
  • /trunk/phase3/includes/SkinTemplate.php (modified) (history)
  • /trunk/phase3/includes/specials/SpecialUpload.php (modified) (history)
  • /trunk/phase3/includes/upload/UploadBase.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/upload/UploadBase.php
@@ -78,13 +78,23 @@
7979 }
8080
8181 /**
 82+ * Returns an array of permissions that is required to upload a file
 83+ *
 84+ * @return array
 85+ */
 86+ public static function getRequiredPermissions() {
 87+ return array( 'upload', 'create', 'edit' );
 88+ }
 89+ /**
8290 * Returns true if the user can use this upload module or else a string
8391 * identifying the missing permission.
8492 * Can be overriden by subclasses.
8593 */
8694 public static function isAllowed( $user ) {
87 - if( !$user->isAllowed( 'upload' ) ) {
88 - return 'upload';
 95+ foreach ( self::getRequiredPermissions as $permission ) {
 96+ if ( !$user->isAllowed( $permission ) ) {
 97+ return $permission;
 98+ }
8999 }
90100 return true;
91101 }
Index: trunk/phase3/includes/SkinTemplate.php
@@ -877,7 +877,7 @@
878878 $nav_urls['mainpage'] = array( 'href' => self::makeMainPageUrl() );
879879 if( $wgUploadNavigationUrl ) {
880880 $nav_urls['upload'] = array( 'href' => $wgUploadNavigationUrl );
881 - } elseif( $wgEnableUploads && $wgUser->isAllowed( 'upload' ) ) {
 881+ } elseif( UploadBase::isEnabled() && UploadBase::isAllowed( $wgUser ) === true ) {
882882 $nav_urls['upload'] = array( 'href' => self::makeSpecialUrl( 'Upload' ) );
883883 } else {
884884 $nav_urls['upload'] = false;
Index: trunk/phase3/includes/specials/SpecialUpload.php
@@ -130,13 +130,14 @@
131131
132132 # Check permissions
133133 global $wgGroupPermissions;
134 - if( !$wgUser->isAllowed( 'upload' ) ) {
 134+ $permissionRequired = UploadBase::isAllowed( $wgUser );
 135+ if( $permissionRequired !== true ) {
135136 if( !$wgUser->isLoggedIn() && ( $wgGroupPermissions['user']['upload']
136137 || $wgGroupPermissions['autoconfirmed']['upload'] ) ) {
137138 // Custom message if logged-in users without any special rights can upload
138139 $wgOut->showErrorPage( 'uploadnologin', 'uploadnologintext' );
139140 } else {
140 - $wgOut->permissionRequired( 'upload' );
 141+ $wgOut->permissionRequired( $permissionRequired );
141142 }
142143 return;
143144 }
Index: trunk/phase3/RELEASE-NOTES
@@ -142,6 +142,9 @@
143143 correct link
144144 * (bug 23284) Times are now rounded correctly
145145 * (bug 23375) Added ogv, oga, spx as extensions for ogg files
 146+* (bug 18408) All required permissions for uploading (upload, edit, create)
 147+ are now checked when loading Special:Upload. Toolbar link for Special:Upload
 148+ is no longer shown if the user does not have the required permissions.
146149
147150 === API changes in 1.17 ===
148151 * (bug 22738) Allow filtering by action type on query=logevent

Follow-up revisions

RevisionCommit summaryAuthorDate
r65821Fix for r65818.btongminh20:53, 2 May 2010
r65898Fix for r65818: the proper permission is 'createpage', not 'create'. Skip che...btongminh14:48, 4 May 2010
r79710Fixup FIXME on r65818reedy03:27, 6 January 2011

Comments

#Comment by Platonides (talk | contribs)   21:24, 2 May 2010

I don't think create should always be required. The user could have the reupload right but not create.

#Comment by Bryan (talk | contribs)   07:57, 3 May 2010

True, create should then only be required for images that are new.

#Comment by Happy-melon (talk | contribs)   18:48, 17 December 2010

You're creating a static function to return a list of rights which are only accessed by one other function, and which (as or r65898) isn't even a complete list? That level of abstraction is not necessary; just put the array in the foreach in isAllowed().

#Comment by Happy-melon (talk | contribs)   12:42, 6 January 2011

Done in r79710.

#Comment by Reedy (talk | contribs)   21:20, 21 March 2011

Status & tagging log