Mglaser has submitted this change and it was merged.
Change subject: SECURITY: Require new right to change content model
......................................................................
SECURITY: Require new right to change content model
Add the user right 'editcontentmodel', which is required to change the
content model while editing a Page.
Bug: 70901
Change-Id: I54f59539f1045092ec0de76c31cb47ca19c56874
---
M includes/EditPage.php
M includes/User.php
M includes/api/ApiBase.php
M includes/api/ApiEditPage.php
M languages/i18n/en.json
M languages/i18n/qqq.json
6 files changed, 30 insertions(+), 0 deletions(-)
Approvals:
Mglaser: Verified; Looks good to me, approved
diff --git a/includes/EditPage.php b/includes/EditPage.php
index d106da2..e51999d 100644
--- a/includes/EditPage.php
+++ b/includes/EditPage.php
@@ -145,6 +145,12 @@
const AS_IMAGE_REDIRECT_LOGGED = 234;
/**
+ * Status: user tried to modify the content model, but is not allowed
to do that
+ * ( User::isAllowed('editcontentmodel') == false )
+ */
+ const AS_NO_CHANGE_CONTENT_MODEL = 235;
+
+ /**
* Status: can't parse content
*/
const AS_PARSE_ERROR = 240;
@@ -1384,6 +1390,9 @@
$permission = $this->mTitle->isTalkPage() ?
'createtalk' : 'createpage';
throw new PermissionsError( $permission );
+ case self::AS_NO_CHANGE_CONTENT_MODEL:
+ throw new PermissionsError( 'editcontentmodel'
);
+
default:
// We don't recognize $status->value. The only
way that can happen
// is if an extension hook aborted from inside
ArticleSave.
@@ -1645,6 +1654,15 @@
}
}
+ if ( $this->contentModel !== $this->mTitle->getContentModel()
+ && !$wgUser->isAllowed( 'editcontentmodel' )
+ ) {
+ $status->setResult( false,
self::AS_NO_CHANGE_CONTENT_MODEL );
+ wfProfileOut( __METHOD__ . '-checks' );
+ wfProfileOut( __METHOD__ );
+ return $status;
+ }
+
if ( wfReadOnly() ) {
$status->fatal( 'readonlytext' );
$status->value = self::AS_READ_ONLY_PAGE;
diff --git a/includes/User.php b/includes/User.php
index c4a6127..16a78f6 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -112,6 +112,7 @@
'deletelogentry',
'deleterevision',
'edit',
+ 'editcontentmodel',
'editinterface',
'editprotected',
'editmyoptions',
diff --git a/includes/api/ApiBase.php b/includes/api/ApiBase.php
index 99c0fb4..ee5861d 100644
--- a/includes/api/ApiBase.php
+++ b/includes/api/ApiBase.php
@@ -1638,6 +1638,10 @@
'code' => 'missingtitle',
'info' => "The article you tried to edit doesn't exist"
),
+ 'cantchangecontentmodel' => array(
+ 'code' => 'cantchangecontentmodel',
+ 'info' => "You don't have permission to change the
content model of a page"
+ ),
'nosuchrcid' => array(
'code' => 'nosuchrcid',
'info' => "There is no change with rcid \"\$1\""
diff --git a/includes/api/ApiEditPage.php b/includes/api/ApiEditPage.php
index 269b016..c1598c8 100644
--- a/includes/api/ApiEditPage.php
+++ b/includes/api/ApiEditPage.php
@@ -445,6 +445,9 @@
case EditPage::AS_NO_CREATE_PERMISSION:
$this->dieUsageMsg( 'nocreate-loggedin' );
+ case EditPage::AS_NO_CHANGE_CONTENT_MODEL:
+ $this->dieUsageMsg( 'cantchangecontentmodel' );
+
case EditPage::AS_BLANK_ARTICLE:
$this->dieUsageMsg( 'blankpage' );
diff --git a/languages/i18n/en.json b/languages/i18n/en.json
index a6b20b5..0c47fb8 100644
--- a/languages/i18n/en.json
+++ b/languages/i18n/en.json
@@ -1108,6 +1108,7 @@
"right-protect": "Change protection levels and edit cascade-protected
pages",
"right-editprotected": "Edit pages protected as
\"{{int:protect-level-sysop}}\"",
"right-editsemiprotected": "Edit pages protected as
\"{{int:protect-level-autoconfirmed}}\"",
+ "right-editcontentmodel": "Edit the content model of a page",
"right-editinterface": "Edit the user interface",
"right-editusercssjs": "Edit other users' CSS and JavaScript files",
"right-editusercss": "Edit other users' CSS files",
@@ -1180,6 +1181,7 @@
"action-viewmywatchlist": "view your watchlist",
"action-viewmyprivateinfo": "view your private information",
"action-editmyprivateinfo": "edit your private information",
+ "action-editcontentmodel": "edit the content model of a page",
"nchanges": "$1 {{PLURAL:$1|change|changes}}",
"enhancedrc-since-last-visit": "$1 {{PLURAL:$1|since last visit}}",
"enhancedrc-history": "history",
diff --git a/languages/i18n/qqq.json b/languages/i18n/qqq.json
index 5a181c7..e4e47dc 100644
--- a/languages/i18n/qqq.json
+++ b/languages/i18n/qqq.json
@@ -1272,6 +1272,7 @@
"right-protect": "{{doc-right|protect}}",
"right-editprotected": "{{doc-right|editprotected}}\nRefers to
{{msg-mw|Protect-level-sysop}}.\n\nSee also:\n*
{{msg-mw|Right-editsemiprotected}}",
"right-editsemiprotected": "{{doc-right|editsemiprotected}}\nRefers to
{{msg-mw|Protect-level-autoconfirmed}}.\n\nSee also:\n*
{{msg-mw|Right-editprotected}}",
+ "right-editcontentmodel": "{{doc-right|editcontentmodel}}",
"right-editinterface": "{{doc-right|editinterface}}",
"right-editusercssjs": "{{doc-right|editusercssjs}}",
"right-editusercss": "{{doc-right|editusercss}}\nSee also:\n*
{{msg-mw|Right-editmyusercss}}",
@@ -1344,6 +1345,7 @@
"action-viewmywatchlist":
"{{doc-action|viewmywatchlist}}\n{{Identical|View your watchlist}}",
"action-viewmyprivateinfo": "{{doc-action|viewmyprivateinfo}}",
"action-editmyprivateinfo": "{{doc-action|editmyprivateinfo}}",
+ "action-editcontentmodel": "{{doc-action|editcontentmodel}}",
"nchanges": "Appears on enhanced watchlist and recent changes when page
has more than one change on given date, linking to a diff of the
changes.\n\nParameters:\n* $1 - the number of changes on that day (2 or
more)\nThree messages are shown side-by-side: ({{msg-mw|Nchanges}} |
{{msg-mw|Enhancedrc-since-last-visit}} | {{msg-mw|Enhancedrc-history}}).",
"enhancedrc-since-last-visit": "Appears on enhanced watchlist and
recent changes when page has more than one change on given date and at least
one that the user hasn't seen yet, linking to a diff of the unviewed
changes.\n\nParameters:\n* $1 - the number of unviewed changes (1 or
more)\nThree messages are shown side-by-side: ({{msg-mw|nchanges}} |
{{msg-mw|enhancedrc-since-last-visit}} | {{msg-mw|enhancedrc-history}}).",
"enhancedrc-history": "Appears on enhanced watchlist and recent changes
when page has more than one change on given date, linking to its
history.\n\nThis is the same as {{msg-mw|hist}}, but not abbreviated.\n\nThree
messages are shown side-by-side: ({{msg-mw|nchanges}} |
{{msg-mw|enhancedrc-since-last-visit}} |
{{msg-mw|enhancedrc-history}}).\n{{Identical|History}}",
--
To view, visit https://gerrit.wikimedia.org/r/176160
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I54f59539f1045092ec0de76c31cb47ca19c56874
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Mglaser <[email protected]>
Gerrit-Reviewer: Anomie <[email protected]>
Gerrit-Reviewer: CSteipp <[email protected]>
Gerrit-Reviewer: Jackmcbarn <[email protected]>
Gerrit-Reviewer: Mglaser <[email protected]>
Gerrit-Reviewer: Siebrand <[email protected]>
Gerrit-Reviewer: Tpt <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
