Matthias Mullie has uploaded a new change for review.
https://gerrit.wikimedia.org/r/102154
Change subject: Use FlowAction permissions in AbstractRevision
......................................................................
Use FlowAction permissions in AbstractRevision
... instead of the hard-coded permissions, which make it impossible to have
different permissions per action (e.g. to hide posts, users must have flow-hide
permission, but they don't need that permission to see hidden posts)
Meanwhile also changed permissions for hidden posts; logged-in users can now see
them (as requested in mingle 421)
Mingle: 421
Change-Id: Iaca064314cca91b66ab9064e5c7ecaff73fda508
---
M FlowActions.php
M includes/Model/AbstractRevision.php
2 files changed, 28 insertions(+), 33 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Flow
refs/changes/54/102154/1
diff --git a/FlowActions.php b/FlowActions.php
index 35114aa..fba00fe 100644
--- a/FlowActions.php
+++ b/FlowActions.php
@@ -472,7 +472,10 @@
'log_type' => false, // don't log views
'permissions' => array(
PostRevision::MODERATED_NONE => '',
- PostRevision::MODERATED_HIDDEN => array( 'flow-hide',
'flow-delete', 'flow-suppress' ),
+ PostRevision::MODERATED_HIDDEN => function(
PostRevision $post, RevisionActionPermissions $permissions ) {
+ // visible for logged in users (or
anyone with hide permission)
+ return
$permissions->getUser()->isLoggedIn() ? '' : 'flow-hide';
+ },
PostRevision::MODERATED_DELETED => array(
'flow-delete', 'flow-suppress' ),
PostRevision::MODERATED_SUPPRESSED => 'flow-suppress',
),
diff --git a/includes/Model/AbstractRevision.php
b/includes/Model/AbstractRevision.php
index e9c4ea6..e1df3ed 100644
--- a/includes/Model/AbstractRevision.php
+++ b/includes/Model/AbstractRevision.php
@@ -2,6 +2,8 @@
namespace Flow\Model;
+use Flow\Container;
+use Flow\RevisionActionPermissions;
use MWTimestamp;
use User;
use Flow\ParsoidUtils;
@@ -18,26 +20,18 @@
**/
static public $perms = array(
self::MODERATED_NONE => array(
- // The permission needed from User::isAllowed to see
and create new revisions
- 'perm' => null,
// Whether or not to apply transition to this
moderation state to historical revisions
'historical' => true,
),
self::MODERATED_HIDDEN => array(
- // The permission needed from User::isAllowed to see
and create new revisions
- 'perm' => 'flow-hide',
// Whether or not to apply transition to this
moderation state to historical revisions
'historical' => false,
),
self::MODERATED_DELETED => array(
- // The permission needed from User::isAllowed to see
and create new revisions
- 'perm' => 'flow-delete',
// Whether or not to apply transition to this
moderation state to historical revisions
'historical' => true,
),
self::MODERATED_SUPPRESSED => array(
- // The permission needed from User::isAllowed to see
and create new revisions
- 'perm' => 'flow-suppress',
// Whether or not to apply transition to this
moderation state to historical revisions
'historical' => true,
),
@@ -176,18 +170,6 @@
return $obj;
}
- protected function mostRestrictivePermission( $a, $b ) {
- $keys = array_keys( self::$perms );
- $aPos = array_search( $a, $keys );
- $bPos = array_search( $b, $keys );
- if ( $aPos === false || $bPos === false ) {
- wfWarn( __METHOD__ . ": Invalid permissions provided:
'$a' '$b'" );
- // err on the side of safety, most restrictive
- return end( $keys );
- }
- return $keys[max( $aPos, $bPos )];
- }
-
/**
* $historical revisions must be provided when
self::needsModerateHistorical
* returns true.
@@ -198,8 +180,8 @@
return null;
}
- $mostRestrictive = self::mostRestrictivePermission( $state,
$this->moderationState );
- if ( !$this->isAllowed( $user, $mostRestrictive ) ) {
+ // doublecheck if user has permissions for but moderation
action & last action
+ if ( !$this->isAllowed( $user, array( $changeType,
$this->changeType ) ) ) {
return null;
}
if ( !$historical && $this->needsModerateHistorical( $state ) )
{
@@ -257,21 +239,31 @@
/**
* Is the user allowed to see this revision?
*
+ * Used permissions defined in FlowActions.
+ *
* @param User $user The user requesting access. When null assumes a
user with no permissions.
- * @param int $state One of the self::MODERATED_* constants. When null
the internal moderation state is used.
+ * @param string|array $action Action (or array of multiple actions) to
check if allowed.
* @return boolean True when the user is allowed to see the current
revision
*/
- public function isAllowed( $user = null, $state = null ) {
- // allowing a $state to be passed is a bit hackish
- if ( $state === null ) {
- $state = $this->moderationState;
- }
- if ( !isset( self::$perms[$state] ) ) {
- throw new \MWException( 'Unknown stored moderation
state' );
+ public function isAllowed( $user = null, $action = null ) {
+ // allowing an $action to be passed is a bit hackish
+ if ( $action === null ) {
+ // unless a specific action has been passed in, assume
we're checking user wants to view the post
+ $action = 'view';
}
- $perm = self::$perms[$state]['perm'];
- return $perm === null || ( $user && $user->isAllowed( $perm ) );
+ // if no user specified, assume anonymous user
+ if ( !$user instanceof User ) {
+ $user = new User;
+ }
+
+ $actions = Container::get( 'flow_actions' );
+ $permissions = new RevisionActionPermissions( $actions, $user );
+
+ return call_user_func_array(
+ array( $permissions, 'isAllowedAny' ),
+ array_merge( array( $this ), (array) $action )
+ );
}
public function hasHiddenContent() {
--
To view, visit https://gerrit.wikimedia.org/r/102154
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Iaca064314cca91b66ab9064e5c7ecaff73fda508
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/Flow
Gerrit-Branch: master
Gerrit-Owner: Matthias Mullie <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
