Mglaser has uploaded a new change for review.
https://gerrit.wikimedia.org/r/176201
Change subject: SECURITY: Require new right to change content model
......................................................................
SECURITY: Require new right to change content model
Add the user right 'editcontentmodel', which is required to change the
content model while editing a Page.
Bug: 70901
Change-Id: Ibb463a74a8aaee1731f72c520e48f7bc3b120e34
---
M includes/EditPage.php
M includes/User.php
M includes/api/ApiBase.php
M includes/api/ApiEditPage.php
M languages/i18n/en.json
M languages/i18n/qqq.json
6 files changed, 30 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core
refs/changes/01/176201/1
diff --git a/includes/EditPage.php b/includes/EditPage.php
index 7f24cbc..49faa9d 100644
--- a/includes/EditPage.php
+++ b/includes/EditPage.php
@@ -155,6 +155,12 @@
const AS_IMAGE_REDIRECT_LOGGED = 234;
/**
+ * Status: user tried to modify the content model, but is not allowed
to do that
+ * ( User::isAllowed('editcontentmodel') == false )
+ */
+ const AS_NO_CHANGE_CONTENT_MODEL = 235;
+
+ /**
* Status: can't parse content
*/
const AS_PARSE_ERROR = 240;
@@ -1329,6 +1335,9 @@
$permission = $this->mTitle->isTalkPage() ?
'createtalk' : 'createpage';
throw new PermissionsError( $permission );
+ case self::AS_NO_CHANGE_CONTENT_MODEL:
+ throw new PermissionsError( 'editcontentmodel'
);
+
default:
// We don't recognize $status->value. The only
way that can happen
// is if an extension hook aborted from inside
ArticleSave.
@@ -1543,6 +1552,15 @@
}
}
+ if ( $this->contentModel !== $this->mTitle->getContentModel()
+ && !$wgUser->isAllowed( 'editcontentmodel' )
+ ) {
+ $status->setResult( false,
self::AS_NO_CHANGE_CONTENT_MODEL );
+ wfProfileOut( __METHOD__ . '-checks' );
+ wfProfileOut( __METHOD__ );
+ return $status;
+ }
+
if ( wfReadOnly() ) {
$status->fatal( 'readonlytext' );
$status->value = self::AS_READ_ONLY_PAGE;
diff --git a/includes/User.php b/includes/User.php
index b6bf5bc..a0d0f0c 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -123,6 +123,7 @@
'deletelogentry',
'deleterevision',
'edit',
+ 'editcontentmodel',
'editinterface',
'editprotected',
'editmyoptions',
diff --git a/includes/api/ApiBase.php b/includes/api/ApiBase.php
index fc1bfd1..7b91952 100644
--- a/includes/api/ApiBase.php
+++ b/includes/api/ApiBase.php
@@ -1721,6 +1721,10 @@
'code' => 'missingtitle',
'info' => "The article you tried to edit doesn't exist"
),
+ 'cantchangecontentmodel' => array(
+ 'code' => 'cantchangecontentmodel',
+ 'info' => "You don't have permission to change the
content model of a page"
+ ),
'nosuchrcid' => array(
'code' => 'nosuchrcid',
'info' => "There is no change with rcid \"\$1\""
diff --git a/includes/api/ApiEditPage.php b/includes/api/ApiEditPage.php
index 73eebca..b27792c 100644
--- a/includes/api/ApiEditPage.php
+++ b/includes/api/ApiEditPage.php
@@ -440,6 +440,9 @@
case EditPage::AS_NO_CREATE_PERMISSION:
$this->dieUsageMsg( 'nocreate-loggedin' );
+ case EditPage::AS_NO_CHANGE_CONTENT_MODEL:
+ $this->dieUsageMsg( 'cantchangecontentmodel' );
+
case EditPage::AS_BLANK_ARTICLE:
$this->dieUsageMsg( 'blankpage' );
diff --git a/languages/i18n/en.json b/languages/i18n/en.json
index 68fe913..08d60e9 100644
--- a/languages/i18n/en.json
+++ b/languages/i18n/en.json
@@ -1117,6 +1117,7 @@
"right-protect": "Change protection levels and edit cascade-protected
pages",
"right-editprotected": "Edit pages protected as
\"{{int:protect-level-sysop}}\"",
"right-editsemiprotected": "Edit pages protected as
\"{{int:protect-level-autoconfirmed}}\"",
+ "right-editcontentmodel": "Edit the content model of a page",
"right-editinterface": "Edit the user interface",
"right-editusercssjs": "Edit other users' CSS and JavaScript files",
"right-editusercss": "Edit other users' CSS files",
@@ -1187,6 +1188,7 @@
"action-viewmywatchlist": "view your watchlist",
"action-viewmyprivateinfo": "view your private information",
"action-editmyprivateinfo": "edit your private information",
+ "action-editcontentmodel": "edit the content model of a page",
"nchanges": "$1 {{PLURAL:$1|change|changes}}",
"enhancedrc-since-last-visit": "$1 {{PLURAL:$1|since last visit}}",
"enhancedrc-history": "history",
diff --git a/languages/i18n/qqq.json b/languages/i18n/qqq.json
index f69669b..066d4c1 100644
--- a/languages/i18n/qqq.json
+++ b/languages/i18n/qqq.json
@@ -1280,6 +1280,7 @@
"right-protect": "{{doc-right|protect}}",
"right-editprotected": "{{doc-right|editprotected}}\nRefers to
{{msg-mw|Protect-level-sysop}}.\n\nSee also:\n*
{{msg-mw|Right-editsemiprotected}}",
"right-editsemiprotected": "{{doc-right|editsemiprotected}}\nRefers to
{{msg-mw|Protect-level-autoconfirmed}}.\n\nSee also:\n*
{{msg-mw|Right-editprotected}}",
+ "right-editcontentmodel": "{{doc-right|editcontentmodel}}",
"right-editinterface": "{{doc-right|editinterface}}",
"right-editusercssjs": "{{doc-right|editusercssjs}}",
"right-editusercss": "{{doc-right|editusercss}}\nSee also:\n*
{{msg-mw|Right-editmyusercss}}",
@@ -1350,6 +1351,7 @@
"action-viewmywatchlist":
"{{doc-action|viewmywatchlist}}\n{{Identical|View your watchlist}}",
"action-viewmyprivateinfo": "{{doc-action|viewmyprivateinfo}}",
"action-editmyprivateinfo": "{{doc-action|editmyprivateinfo}}",
+ "action-editcontentmodel": "{{doc-action|editcontentmodel}}",
"nchanges": "Appears on enhanced watchlist and recent changes when page
has more than one change on given date, linking to a diff of the
changes.\n\nParameters:\n* $1 - the number of changes on that day (2 or
more)\nThree messages are shown side-by-side: ({{msg-mw|Nchanges}} |
{{msg-mw|Enhancedrc-since-last-visit}} | {{msg-mw|Enhancedrc-history}}).",
"enhancedrc-since-last-visit": "Appears on enhanced watchlist and recent
changes when page has more than one change on given date and at least one that
the user hasn't seen yet, linking to a diff of the unviewed
changes.\n\nParameters:\n* $1 - the number of unviewed changes (1 or
more)\nThree messages are shown side-by-side: ({{msg-mw|nchanges}} |
{{msg-mw|enhancedrc-since-last-visit}} | {{msg-mw|enhancedrc-history}}).",
"enhancedrc-history": "Appears on enhanced watchlist and recent changes
when page has more than one change on given date, linking to its
history.\n\nThis is the same as {{msg-mw|hist}}, but not abbreviated.\n\nThree
messages are shown side-by-side: ({{msg-mw|nchanges}} |
{{msg-mw|enhancedrc-since-last-visit}} |
{{msg-mw|enhancedrc-history}}).\n{{Identical|History}}",
--
To view, visit https://gerrit.wikimedia.org/r/176201
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ibb463a74a8aaee1731f72c520e48f7bc3b120e34
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_23
Gerrit-Owner: Mglaser <gla...@hallowelt.biz>
Gerrit-Reviewer: CSteipp <cste...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
