Mglaser has uploaded a new change for review. https://gerrit.wikimedia.org/r/176201
Change subject: SECURITY: Require new right to change content model ...................................................................... SECURITY: Require new right to change content model Add the user right 'editcontentmodel', which is required to change the content model while editing a Page. Bug: 70901 Change-Id: Ibb463a74a8aaee1731f72c520e48f7bc3b120e34 --- M includes/EditPage.php M includes/User.php M includes/api/ApiBase.php M includes/api/ApiEditPage.php M languages/i18n/en.json M languages/i18n/qqq.json 6 files changed, 30 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/01/176201/1 diff --git a/includes/EditPage.php b/includes/EditPage.php index 7f24cbc..49faa9d 100644 --- a/includes/EditPage.php +++ b/includes/EditPage.php @@ -155,6 +155,12 @@ const AS_IMAGE_REDIRECT_LOGGED = 234; /** + * Status: user tried to modify the content model, but is not allowed to do that + * ( User::isAllowed('editcontentmodel') == false ) + */ + const AS_NO_CHANGE_CONTENT_MODEL = 235; + + /** * Status: can't parse content */ const AS_PARSE_ERROR = 240; @@ -1329,6 +1335,9 @@ $permission = $this->mTitle->isTalkPage() ? 'createtalk' : 'createpage'; throw new PermissionsError( $permission ); + case self::AS_NO_CHANGE_CONTENT_MODEL: + throw new PermissionsError( 'editcontentmodel' ); + default: // We don't recognize $status->value. The only way that can happen // is if an extension hook aborted from inside ArticleSave. @@ -1543,6 +1552,15 @@ } } + if ( $this->contentModel !== $this->mTitle->getContentModel() + && !$wgUser->isAllowed( 'editcontentmodel' ) + ) { + $status->setResult( false, self::AS_NO_CHANGE_CONTENT_MODEL ); + wfProfileOut( __METHOD__ . '-checks' ); + wfProfileOut( __METHOD__ ); + return $status; + } + if ( wfReadOnly() ) { $status->fatal( 'readonlytext' ); $status->value = self::AS_READ_ONLY_PAGE; diff --git a/includes/User.php b/includes/User.php index b6bf5bc..a0d0f0c 100644 --- a/includes/User.php +++ b/includes/User.php @@ -123,6 +123,7 @@ 'deletelogentry', 'deleterevision', 'edit', + 'editcontentmodel', 'editinterface', 'editprotected', 'editmyoptions', diff --git a/includes/api/ApiBase.php b/includes/api/ApiBase.php index fc1bfd1..7b91952 100644 --- a/includes/api/ApiBase.php +++ b/includes/api/ApiBase.php @@ -1721,6 +1721,10 @@ 'code' => 'missingtitle', 'info' => "The article you tried to edit doesn't exist" ), + 'cantchangecontentmodel' => array( + 'code' => 'cantchangecontentmodel', + 'info' => "You don't have permission to change the content model of a page" + ), 'nosuchrcid' => array( 'code' => 'nosuchrcid', 'info' => "There is no change with rcid \"\$1\"" diff --git a/includes/api/ApiEditPage.php b/includes/api/ApiEditPage.php index 73eebca..b27792c 100644 --- a/includes/api/ApiEditPage.php +++ b/includes/api/ApiEditPage.php @@ -440,6 +440,9 @@ case EditPage::AS_NO_CREATE_PERMISSION: $this->dieUsageMsg( 'nocreate-loggedin' ); + case EditPage::AS_NO_CHANGE_CONTENT_MODEL: + $this->dieUsageMsg( 'cantchangecontentmodel' ); + case EditPage::AS_BLANK_ARTICLE: $this->dieUsageMsg( 'blankpage' ); diff --git a/languages/i18n/en.json b/languages/i18n/en.json index 68fe913..08d60e9 100644 --- a/languages/i18n/en.json +++ b/languages/i18n/en.json @@ -1117,6 +1117,7 @@ "right-protect": "Change protection levels and edit cascade-protected pages", "right-editprotected": "Edit pages protected as \"{{int:protect-level-sysop}}\"", "right-editsemiprotected": "Edit pages protected as \"{{int:protect-level-autoconfirmed}}\"", + "right-editcontentmodel": "Edit the content model of a page", "right-editinterface": "Edit the user interface", "right-editusercssjs": "Edit other users' CSS and JavaScript files", "right-editusercss": "Edit other users' CSS files", @@ -1187,6 +1188,7 @@ "action-viewmywatchlist": "view your watchlist", "action-viewmyprivateinfo": "view your private information", "action-editmyprivateinfo": "edit your private information", + "action-editcontentmodel": "edit the content model of a page", "nchanges": "$1 {{PLURAL:$1|change|changes}}", "enhancedrc-since-last-visit": "$1 {{PLURAL:$1|since last visit}}", "enhancedrc-history": "history", diff --git a/languages/i18n/qqq.json b/languages/i18n/qqq.json index f69669b..066d4c1 100644 --- a/languages/i18n/qqq.json +++ b/languages/i18n/qqq.json @@ -1280,6 +1280,7 @@ "right-protect": "{{doc-right|protect}}", "right-editprotected": "{{doc-right|editprotected}}\nRefers to {{msg-mw|Protect-level-sysop}}.\n\nSee also:\n* {{msg-mw|Right-editsemiprotected}}", "right-editsemiprotected": "{{doc-right|editsemiprotected}}\nRefers to {{msg-mw|Protect-level-autoconfirmed}}.\n\nSee also:\n* {{msg-mw|Right-editprotected}}", + "right-editcontentmodel": "{{doc-right|editcontentmodel}}", "right-editinterface": "{{doc-right|editinterface}}", "right-editusercssjs": "{{doc-right|editusercssjs}}", "right-editusercss": "{{doc-right|editusercss}}\nSee also:\n* {{msg-mw|Right-editmyusercss}}", @@ -1350,6 +1351,7 @@ "action-viewmywatchlist": "{{doc-action|viewmywatchlist}}\n{{Identical|View your watchlist}}", "action-viewmyprivateinfo": "{{doc-action|viewmyprivateinfo}}", "action-editmyprivateinfo": "{{doc-action|editmyprivateinfo}}", + "action-editcontentmodel": "{{doc-action|editcontentmodel}}", "nchanges": "Appears on enhanced watchlist and recent changes when page has more than one change on given date, linking to a diff of the changes.\n\nParameters:\n* $1 - the number of changes on that day (2 or more)\nThree messages are shown side-by-side: ({{msg-mw|Nchanges}} | {{msg-mw|Enhancedrc-since-last-visit}} | {{msg-mw|Enhancedrc-history}}).", "enhancedrc-since-last-visit": "Appears on enhanced watchlist and recent changes when page has more than one change on given date and at least one that the user hasn't seen yet, linking to a diff of the unviewed changes.\n\nParameters:\n* $1 - the number of unviewed changes (1 or more)\nThree messages are shown side-by-side: ({{msg-mw|nchanges}} | {{msg-mw|enhancedrc-since-last-visit}} | {{msg-mw|enhancedrc-history}}).", "enhancedrc-history": "Appears on enhanced watchlist and recent changes when page has more than one change on given date, linking to its history.\n\nThis is the same as {{msg-mw|hist}}, but not abbreviated.\n\nThree messages are shown side-by-side: ({{msg-mw|nchanges}} | {{msg-mw|enhancedrc-since-last-visit}} | {{msg-mw|enhancedrc-history}}).\n{{Identical|History}}", -- To view, visit https://gerrit.wikimedia.org/r/176201 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ibb463a74a8aaee1731f72c520e48f7bc3b120e34 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: REL1_23 Gerrit-Owner: Mglaser <gla...@hallowelt.biz> Gerrit-Reviewer: CSteipp <cste...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits