Jhernandez has uploaded a new change for review.
https://gerrit.wikimedia.org/r/191600
Change subject: Protect storage json pages for collections
......................................................................
Protect storage json pages for collections
Change-Id: I095d3a2dad71560584dc2382778fa14eb8a490bf
---
M Gather.php
M includes/Gather.hooks.php
A tests/phpunit/GatherHooksTest.php
3 files changed, 58 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Gather
refs/changes/00/191600/1
diff --git a/Gather.php b/Gather.php
index c6f7762..76953ab 100644
--- a/Gather.php
+++ b/Gather.php
@@ -77,6 +77,7 @@
// Hooks
$wgHooks['MobilePersonalTools'][] = 'Gather\Hooks::onMobilePersonalTools';
+$wgHooks['GetUserPermissionsErrors'][] =
'Gather\Hooks::onGetUserPermissionsErrors';
// ResourceLoader modules
require_once __DIR__ . "/includes/Resources.php";
diff --git a/includes/Gather.hooks.php b/includes/Gather.hooks.php
index 14f0fa0..8c2feb7 100644
--- a/includes/Gather.hooks.php
+++ b/includes/Gather.hooks.php
@@ -42,4 +42,27 @@
$items = $itemArray;
}
}
+
+
+ /**
+ * Disallow moving or editing gather page json files
+ */
+ public static function onGetUserPermissionsErrors( $title, $user,
$action, &$result ) {
+ $manifest = "/GatherCollections.json";
+ $isProtectedAction = $action === 'edit' || $action === 'move';
+ $titleText = $title->getText();
+ if ( $title->getNamespace() === NS_USER && $isProtectedAction &&
+ preg_match( "/\/GatherCollections\.json$/",
$titleText ) === 1
+ ) {
+ // we have a collection definition so check the user
matches the title.
+ if ( preg_match( "/^" . $user->getName() .
"\/GatherCollections.json$/", $titleText ) === 1 ) {
+ return true;
+ } else {
+ $result = false;
+ return false;
+ }
+ } else {
+ return true;
+ }
+ }
}
diff --git a/tests/phpunit/GatherHooksTest.php
b/tests/phpunit/GatherHooksTest.php
new file mode 100644
index 0000000..45ad759
--- /dev/null
+++ b/tests/phpunit/GatherHooksTest.php
@@ -0,0 +1,34 @@
+<?php
+
+/**
+ * @group Gather
+ */
+class GatherHooksTest extends MediaWikiTestCase {
+ public function provideGetUserPermissionsErrors() {
+ return array(
+ array( true,
'User:Jdlrobson/MobileWebCollections.json', 'Jdlrobson', 'edit' ),
+ array( true,
'User:Jdlrobson/MobileWebCollections/0.json', 'Jdlrobson', 'move' ),
+ array( true,
'User:Jdlrobson/MobileWebCollections/0.json', 'Jdlrobson', 'edit' ),
+ array( false,
'User:Jdlrobson/MobileWebCollections.json', 'phuedx', 'edit' ),
+ array( false,
'User:Jdlrobson/MobileWebCollections/0.json', 'phuedx', 'edit' ),
+ array( false,
'User:Jdlrobson/MobileWebCollections/0.json', 'phuedx', 'move' ),
+ array( true,
'User:Jdlrobson/MobileWebCollections/0.json', 'phuedx', 'view' ),
+ array( false,
'User:Jdlrobson/MobileWebCollections/0.json', 'RJdlrobson', 'edit' ),
+ array( false,
'User:Jdlrobson/MobileWebCollections.json', 'RJdlrobson', 'edit' ),
+ array( false, 'User:JDLR/MobileWebCollections.json',
'JdLr', 'edit' ),
+ // Normal page editing is not disrupted
+ array( true, 'User:JDLR', 'Jdlrobson', 'edit' ),
+ array( true, 'User:JDLR/Foo', 'Jdlrobson', 'edit' ),
+ );
+ }
+
+ /**
+ * @dataProvider provideGetUserPermissionsErrors
+ *
+ */
+ public function testOnGetUserPermissionsErrors( $expected, $title,
$user, $action ) {
+ $canEdit = MobileFrontendHooks::onGetUserPermissionsErrors(
Title::newFromText( $title ),
+ User::newFromName( $user ), $action, '' );
+ $this->assertEquals( $expected, $canEdit );
+ }
+}
--
To view, visit https://gerrit.wikimedia.org/r/191600
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I095d3a2dad71560584dc2382778fa14eb8a490bf
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/Gather
Gerrit-Branch: master
Gerrit-Owner: Jhernandez <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
