Matthias Mullie has uploaded a new change for review. https://gerrit.wikimedia.org/r/200854
Change subject: Disallow revisions in deleted boards ...................................................................... Disallow revisions in deleted boards Unless user has deletedhistory permissions This could have a performance impact: now every check will require workflow to be loaded. However, on "regular" pages, the workflow should've already been loaded anyway. In listings (contribs, RC, history, ...), these should be batchloaded & buffered cache will take care of this. Even though the performance hit should be negligable, if any, I originally wanted to do this differenty: I wanted to hook into WikiPageDeletionUpdates & delete every topic (and post?) in that board. However: * I don't want to create a bogus delete revision * If board gets restored, it could get weird to figure out if a topic was auto-deleted along with board (and should also be restored), or was previously genuinly deleted * Perhaps workflow could be deleted instead, but that's going to require some refactoring & we'd still need it to render the revisions in lists * Haven't even looked if there's a hook after restoring a board (though there probably is, or we could add one) Either way, that idea didn't look promising, but I'm open to other wild suggestions. Bug: T90969 Change-Id: I60b34868871ab17455cb2e03f6a44ac42e1c896e --- M includes/RevisionActionPermissions.php 1 file changed, 14 insertions(+), 5 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Flow refs/changes/54/200854/1 diff --git a/includes/RevisionActionPermissions.php b/includes/RevisionActionPermissions.php index a52784a..29b3a46 100644 --- a/includes/RevisionActionPermissions.php +++ b/includes/RevisionActionPermissions.php @@ -64,12 +64,12 @@ // if there was no revision object, it's pointless to find last revision // if we already fail, no need in checking most recent revision status - if ( $allowed && $revision !== null ) { + if ( $allowed && $revision !== null ) { try { - // Also check if the user would be allowed to perform this against + // Also check if the user would be allowed to perform this // against the most recent revision - the last revision is the - // current state of an object, so checking against a revision at one - // point in time alone isn't enough. + // current state of an object, so checking against a revision at + // one point in time alone isn't enough. /** @var CollectionCache $cache */ $cache = Container::get( 'collection.cache' ); $last = $cache->getLastRevisionFor( $revision ); @@ -79,6 +79,15 @@ // If data is not in storage, just return that revision's status } } + + if ( $allowed && $revision !== null ) { + $workflow = $revision->getCollection()->getWorkflow(); + $title = $workflow->getOwnerTitle(); + + // if the board is deleted, nothing is allowed + $allowed = !$title->isDeleted() || $this->user->isAllowed( 'deletedhistory' ); + } + return $allowed; } @@ -110,7 +119,7 @@ /** * Check if a user is allowed to perform a certain action, against the latest * root(topic) post related to the provided revision. This is required for - * things like preventing replys to locked topics. + * things like preventing replies to locked topics. * * @param PostRevision $revision * @param string $action -- To view, visit https://gerrit.wikimedia.org/r/200854 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I60b34868871ab17455cb2e03f6a44ac42e1c896e Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/Flow Gerrit-Branch: master Gerrit-Owner: Matthias Mullie <mmul...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits