Matthias Mullie has uploaded a new change for review.
https://gerrit.wikimedia.org/r/200854
Change subject: Disallow revisions in deleted boards
......................................................................
Disallow revisions in deleted boards
Unless user has deletedhistory permissions
This could have a performance impact: now every check will
require workflow to be loaded.
However, on "regular" pages, the workflow should've already
been loaded anyway. In listings (contribs, RC, history, ...),
these should be batchloaded & buffered cache will take care
of this.
Even though the performance hit should be negligable, if any,
I originally wanted to do this differenty: I wanted to hook
into WikiPageDeletionUpdates & delete every topic (and post?)
in that board. However:
* I don't want to create a bogus delete revision
* If board gets restored, it could get weird to figure out if
a topic was auto-deleted along with board (and should also
be restored), or was previously genuinly deleted
* Perhaps workflow could be deleted instead, but that's going
to require some refactoring & we'd still need it to render
the revisions in lists
* Haven't even looked if there's a hook after restoring a
board (though there probably is, or we could add one)
Either way, that idea didn't look promising, but I'm open to
other wild suggestions.
Bug: T90969
Change-Id: I60b34868871ab17455cb2e03f6a44ac42e1c896e
---
M includes/RevisionActionPermissions.php
1 file changed, 14 insertions(+), 5 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Flow
refs/changes/54/200854/1
diff --git a/includes/RevisionActionPermissions.php
b/includes/RevisionActionPermissions.php
index a52784a..29b3a46 100644
--- a/includes/RevisionActionPermissions.php
+++ b/includes/RevisionActionPermissions.php
@@ -64,12 +64,12 @@
// if there was no revision object, it's pointless to find last
revision
// if we already fail, no need in checking most recent revision
status
- if ( $allowed && $revision !== null ) {
+ if ( $allowed && $revision !== null ) {
try {
- // Also check if the user would be allowed to
perform this against
+ // Also check if the user would be allowed to
perform this
// against the most recent revision - the last
revision is the
- // current state of an object, so checking
against a revision at one
- // point in time alone isn't enough.
+ // current state of an object, so checking
against a revision at
+ // one point in time alone isn't enough.
/** @var CollectionCache $cache */
$cache = Container::get( 'collection.cache' );
$last = $cache->getLastRevisionFor( $revision );
@@ -79,6 +79,15 @@
// If data is not in storage, just return that
revision's status
}
}
+
+ if ( $allowed && $revision !== null ) {
+ $workflow = $revision->getCollection()->getWorkflow();
+ $title = $workflow->getOwnerTitle();
+
+ // if the board is deleted, nothing is allowed
+ $allowed = !$title->isDeleted() ||
$this->user->isAllowed( 'deletedhistory' );
+ }
+
return $allowed;
}
@@ -110,7 +119,7 @@
/**
* Check if a user is allowed to perform a certain action, against the
latest
* root(topic) post related to the provided revision. This is required
for
- * things like preventing replys to locked topics.
+ * things like preventing replies to locked topics.
*
* @param PostRevision $revision
* @param string $action
--
To view, visit https://gerrit.wikimedia.org/r/200854
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I60b34868871ab17455cb2e03f6a44ac42e1c896e
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/Flow
Gerrit-Branch: master
Gerrit-Owner: Matthias Mullie <mmul...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
