jenkins-bot has submitted this change and it was merged.
Change subject: Check for article edit permissions
......................................................................
Check for article edit permissions
During the standard submit/commit process used by both
api and page action's for writes check Title::userCan
for permission.
Bug: 60218
Change-Id: Ic331595ddc1014657e9582b657b0351044ae327d
(cherry picked from commit fc500dc7c476fed3fa42b53fa4088de5ac64fa3f)
---
M includes/WorkflowLoader.php
1 file changed, 9 insertions(+), 0 deletions(-)
Approvals:
EBernhardson: Looks good to me, approved
jenkins-bot: Verified
diff --git a/includes/WorkflowLoader.php b/includes/WorkflowLoader.php
index d396f71..3d1e5d4 100644
--- a/includes/WorkflowLoader.php
+++ b/includes/WorkflowLoader.php
@@ -190,6 +190,15 @@
// All blocks returned null, nothing knows how to
handle this action
throw new InvalidActionException( "No block accepted
the '$action' action: " . implode( ',', array_unique( $type ) ),
'invalid-action' );
}
+
+ // Check permissions before allowing any writes
+ if ( $user->isBlocked() ||
+ !$this->workflow->getArticleTitle()->userCan( 'edit',
$user )
+ ) {
+ reset( $interestedBlocks )->addError( 'permissions',
wfMessage( 'flow-error-not-allowed' ) );
+ $success = false;
+ }
+
return $success ? $interestedBlocks : array();
}
--
To view, visit https://gerrit.wikimedia.org/r/108297
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ic331595ddc1014657e9582b657b0351044ae327d
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/Flow
Gerrit-Branch: wmf/1.23wmf11
Gerrit-Owner: EBernhardson <[email protected]>
Gerrit-Reviewer: EBernhardson <[email protected]>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
