jenkins-bot has submitted this change and it was merged.
Change subject: Perform checks before thanking via API
......................................................................
Perform checks before thanking via API
If the user attempts to thank an anonymous
user, a bot (when $wgThanksSendToBots is not true),
or him/herself, return an error. This is consistent
with the restrictions imposed in insertThankLink().
Bug: 56954
Change-Id: I9e8ae030a8ff1cc312bf98671e593c7367ca0ea2
---
M ApiThank.php
M tests/ApiThankTest.php
2 files changed, 24 insertions(+), 6 deletions(-)
Approvals:
Legoktm: Looks good to me, approved
jenkins-bot: Verified
diff --git a/ApiThank.php b/ApiThank.php
index bb2b93c..5568ef6 100644
--- a/ApiThank.php
+++ b/ApiThank.php
@@ -18,9 +18,12 @@
if ( $this->userAlreadySentThanksForRevision( $user, $revision
) ) {
$this->markResultSuccess();
} else {
+ $recipient = $this->getUserFromRevision( $revision );
+ $this->dieOnBadRecipient( $user, $recipient );
$this->sendThanks(
$user,
$revision,
+ $recipient,
$this->getSourceFromParams( $params )
);
}
@@ -75,22 +78,31 @@
}
}
- private function getUserIdFromRevision( Revision $revision ) {
+ private function getUserFromRevision( Revision $revision ) {
$recipient = $revision->getUser();
if ( !$recipient ) {
$this->dieUsage( 'No valid recipient found',
'invalidrecipient' );
}
- return $recipient;
+ return User::newFromId( $recipient );
}
private function markResultSuccess(){
$this->getResult()->addValue( null, 'result', array( 'success'
=> 1 ) );
}
- private function sendThanks( User $user, Revision $revision, $source )
{
+ private function dieOnBadRecipient( User $agent, User $recipient ) {
+ global $wgThanksSendToBots;
+
+ if ( $agent->getId() === $recipient->getId() ) {
+ $this->dieUsage( 'You cannot thank yourself',
'invalidrecipient' );
+ } elseif ( !$wgThanksSendToBots && in_array( 'bot',
$recipient->getGroups() ) ) {
+ $this->dieUsage( 'Bots cannot be thanked',
'invalidrecipient' );
+ }
+ }
+
+ private function sendThanks( User $user, Revision $revision, User
$recipient, $source ) {
global $wgThanksLogging;
$title = $this->getTitleFromRevision( $revision );
- $recipient = $this->getUserIdFromRevision( $revision );
// Create the notification via Echo extension
EchoEvent::create( array(
@@ -98,7 +110,7 @@
'title' => $title,
'extra' => array(
'revid' => $revision->getId(),
- 'thanked-user-id' => $recipient,
+ 'thanked-user-id' => $recipient->getId(),
'source' => $source,
),
'user' => $user,
@@ -112,7 +124,7 @@
if ( $wgThanksLogging ) {
$logEntry = new ManualLogEntry( 'thanks', 'thank' );
$logEntry->setPerformer( $user );
- $target = User::newFromId( $recipient )->getUserPage();
+ $target = $recipient->getUserPage();
$logEntry->setTarget( $target );
$logEntry->insert();
}
diff --git a/tests/ApiThankTest.php b/tests/ApiThankTest.php
index e92efc6..5b4f3bc 100644
--- a/tests/ApiThankTest.php
+++ b/tests/ApiThankTest.php
@@ -44,11 +44,17 @@
}
protected function newRevId(){
+ // You can't thank yourself, kind of hacky
+ $this->setMwGlobals( 'wgUser' , self::$users['uploader']->user
);
+
/** @var Status $result */
$result = $this->editPage( 'thanks' . rand( 0, 100 ), 'thanks'
. rand( 0, 100 ), 'thanksSummary' );
$result = $result->getValue();
/** @var Revision $revision */
$revision = $result['revision'];
+
+ $this->setMwGlobals( 'wgUser' , self::$users['sysop']->user );
+
return $revision->getId();
}
--
To view, visit https://gerrit.wikimedia.org/r/97358
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I9e8ae030a8ff1cc312bf98671e593c7367ca0ea2
Gerrit-PatchSet: 7
Gerrit-Project: mediawiki/extensions/Thanks
Gerrit-Branch: master
Gerrit-Owner: Theopolisme <[email protected]>
Gerrit-Reviewer: Legoktm <[email protected]>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
