[MediaWiki-commits] [Gerrit] Check for article edit permissions - change (mediawiki...Flow)

Sat, 18 Jan 2014 19:14:12 -0800 

EBernhardson has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/108295


Change subject: Check for article edit permissions
......................................................................

Check for article edit permissions

During the standard submit/commit process used by both
api and page action's for writes check Title::userCan
for permission.

Bug: 60218
Change-Id: Ic331595ddc1014657e9582b657b0351044ae327d
---
M includes/WorkflowLoader.php
1 file changed, 9 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Flow 
refs/changes/95/108295/1

diff --git a/includes/WorkflowLoader.php b/includes/WorkflowLoader.php
index d396f71..3d1e5d4 100644
--- a/includes/WorkflowLoader.php
+++ b/includes/WorkflowLoader.php
@@ -190,6 +190,15 @@
                        // All blocks returned null, nothing knows how to 
handle this action
                        throw new InvalidActionException( "No block accepted 
the '$action' action: " .  implode( ',', array_unique( $type ) ), 
'invalid-action' );
                }
+
+               // Check permissions before allowing any writes
+               if ( $user->isBlocked() ||
+                       !$this->workflow->getArticleTitle()->userCan( 'edit', 
$user )
+               ) {
+                       reset( $interestedBlocks )->addError( 'permissions', 
wfMessage( 'flow-error-not-allowed' ) );
+                       $success = false;
+               }
+
                return $success ? $interestedBlocks : array();
        }
 

-- 
To view, visit https://gerrit.wikimedia.org/r/108295
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ic331595ddc1014657e9582b657b0351044ae327d
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/Flow
Gerrit-Branch: master
Gerrit-Owner: EBernhardson <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to