Mglaser has uploaded a new change for review. https://gerrit.wikimedia.org/r/176164
Change subject: SECURITY: Require new right to change content model ...................................................................... SECURITY: Require new right to change content model Add the user right 'editcontentmodel', which is required to change the content model while editing a Page. Bug: 70901 Change-Id: I54f59539f1045092ec0de76c31cb47ca19c56874 --- M includes/EditPage.php M includes/User.php M includes/api/ApiBase.php M includes/api/ApiEditPage.php M languages/i18n/en.json M languages/i18n/qqq.json 6 files changed, 30 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/64/176164/1 diff --git a/includes/EditPage.php b/includes/EditPage.php index a9925ff..128244a 100644 --- a/includes/EditPage.php +++ b/includes/EditPage.php @@ -145,6 +145,12 @@ const AS_IMAGE_REDIRECT_LOGGED = 234; /** + * Status: user tried to modify the content model, but is not allowed to do that + * ( User::isAllowed('editcontentmodel') == false ) + */ + const AS_NO_CHANGE_CONTENT_MODEL = 235; + + /** * Status: can't parse content */ const AS_PARSE_ERROR = 240; @@ -1383,6 +1389,9 @@ $permission = $this->mTitle->isTalkPage() ? 'createtalk' : 'createpage'; throw new PermissionsError( $permission ); + case self::AS_NO_CHANGE_CONTENT_MODEL: + throw new PermissionsError( 'editcontentmodel' ); + default: // We don't recognize $status->value. The only way that can happen // is if an extension hook aborted from inside ArticleSave. @@ -1644,6 +1653,15 @@ } } + if ( $this->contentModel !== $this->mTitle->getContentModel() + && !$wgUser->isAllowed( 'editcontentmodel' ) + ) { + $status->setResult( false, self::AS_NO_CHANGE_CONTENT_MODEL ); + wfProfileOut( __METHOD__ . '-checks' ); + wfProfileOut( __METHOD__ ); + return $status; + } + if ( wfReadOnly() ) { $status->fatal( 'readonlytext' ); $status->value = self::AS_READ_ONLY_PAGE; diff --git a/includes/User.php b/includes/User.php index 635b1e9..5e5d3ee 100644 --- a/includes/User.php +++ b/includes/User.php @@ -112,6 +112,7 @@ 'deletelogentry', 'deleterevision', 'edit', + 'editcontentmodel', 'editinterface', 'editprotected', 'editmyoptions', diff --git a/includes/api/ApiBase.php b/includes/api/ApiBase.php index 7bc3f71..944e489 100644 --- a/includes/api/ApiBase.php +++ b/includes/api/ApiBase.php @@ -1522,6 +1522,10 @@ 'code' => 'missingtitle', 'info' => "The article you tried to edit doesn't exist" ), + 'cantchangecontentmodel' => array( + 'code' => 'cantchangecontentmodel', + 'info' => "You don't have permission to change the content model of a page" + ), 'nosuchrcid' => array( 'code' => 'nosuchrcid', 'info' => "There is no change with rcid \"\$1\"" diff --git a/includes/api/ApiEditPage.php b/includes/api/ApiEditPage.php index 8a76271..a423b56 100644 --- a/includes/api/ApiEditPage.php +++ b/includes/api/ApiEditPage.php @@ -445,6 +445,9 @@ case EditPage::AS_NO_CREATE_PERMISSION: $this->dieUsageMsg( 'nocreate-loggedin' ); + case EditPage::AS_NO_CHANGE_CONTENT_MODEL: + $this->dieUsageMsg( 'cantchangecontentmodel' ); + case EditPage::AS_BLANK_ARTICLE: $this->dieUsageMsg( 'blankpage' ); diff --git a/languages/i18n/en.json b/languages/i18n/en.json index 476f6e5..c245bd4 100644 --- a/languages/i18n/en.json +++ b/languages/i18n/en.json @@ -1105,6 +1105,7 @@ "right-protect": "Change protection levels and edit cascade-protected pages", "right-editprotected": "Edit pages protected as \"{{int:protect-level-sysop}}\"", "right-editsemiprotected": "Edit pages protected as \"{{int:protect-level-autoconfirmed}}\"", + "right-editcontentmodel": "Edit the content model of a page", "right-editinterface": "Edit the user interface", "right-editusercssjs": "Edit other users' CSS and JavaScript files", "right-editusercss": "Edit other users' CSS files", @@ -1177,6 +1178,7 @@ "action-viewmywatchlist": "view your watchlist", "action-viewmyprivateinfo": "view your private information", "action-editmyprivateinfo": "edit your private information", + "action-editcontentmodel": "edit the content model of a page", "nchanges": "$1 {{PLURAL:$1|change|changes}}", "enhancedrc-since-last-visit": "$1 {{PLURAL:$1|since last visit}}", "enhancedrc-history": "history", diff --git a/languages/i18n/qqq.json b/languages/i18n/qqq.json index dee8d66..9562e45 100644 --- a/languages/i18n/qqq.json +++ b/languages/i18n/qqq.json @@ -1265,6 +1265,7 @@ "right-protect": "{{doc-right|protect}}", "right-editprotected": "{{doc-right|editprotected}}\nRefers to {{msg-mw|Protect-level-sysop}}.\n\nSee also:\n* {{msg-mw|Right-editsemiprotected}}", "right-editsemiprotected": "{{doc-right|editsemiprotected}}\nRefers to {{msg-mw|Protect-level-autoconfirmed}}.\n\nSee also:\n* {{msg-mw|Right-editprotected}}", + "right-editcontentmodel": "{{doc-right|editcontentmodel}}", "right-editinterface": "{{doc-right|editinterface}}", "right-editusercssjs": "{{doc-right|editusercssjs}}", "right-editusercss": "{{doc-right|editusercss}}\nSee also:\n* {{msg-mw|Right-editmyusercss}}", @@ -1337,6 +1338,7 @@ "action-viewmywatchlist": "{{doc-action|viewmywatchlist}}\n{{Identical|View your watchlist}}", "action-viewmyprivateinfo": "{{doc-action|viewmyprivateinfo}}", "action-editmyprivateinfo": "{{doc-action|editmyprivateinfo}}", + "action-editcontentmodel": "{{doc-action|editcontentmodel}}", "nchanges": "Appears on enhanced watchlist and recent changes when page has more than one change on given date, linking to a diff of the changes.\n\nParameters:\n* $1 - the number of changes on that day (2 or more)\nThree messages are shown side-by-side: ({{msg-mw|Nchanges}} | {{msg-mw|Enhancedrc-since-last-visit}} | {{msg-mw|Enhancedrc-history}}).", "enhancedrc-since-last-visit": "Appears on enhanced watchlist and recent changes when page has more than one change on given date and at least one that the user hasn't seen yet, linking to a diff of the unviewed changes.\n\nParameters:\n* $1 - the number of unviewed changes (1 or more)\nThree messages are shown side-by-side: ({{msg-mw|nchanges}} | {{msg-mw|enhancedrc-since-last-visit}} | {{msg-mw|enhancedrc-history}}).", "enhancedrc-history": "Appears on enhanced watchlist and recent changes when page has more than one change on given date, linking to its history.\n\nThis is the same as {{msg-mw|hist}}, but not abbreviated.\n\nThree messages are shown side-by-side: ({{msg-mw|nchanges}} | {{msg-mw|enhancedrc-since-last-visit}} | {{msg-mw|enhancedrc-history}}).\n{{Identical|History}}", -- To view, visit https://gerrit.wikimedia.org/r/176164 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I54f59539f1045092ec0de76c31cb47ca19c56874 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: REL1_24 Gerrit-Owner: Mglaser <gla...@hallowelt.biz> Gerrit-Reviewer: CSteipp <cste...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits