[MediaWiki-commits] [Gerrit] BSTasksAPI: Added permission check - change (mediawiki...BlueSpiceFoundation)

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged.

Change subject: BSTasksAPI: Added permission check
......................................................................


BSTasksAPI: Added permission check

Change-Id: Ieae7ac714f4713eb62e8504e1fef8c7ce338ff0d
---
M includes/api/BSApiTasksBase.php
1 file changed, 24 insertions(+), 0 deletions(-)

Approvals:
  Robert Vogel: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/includes/api/BSApiTasksBase.php b/includes/api/BSApiTasksBase.php
index 986a7d3..bf3a955 100644
--- a/includes/api/BSApiTasksBase.php
+++ b/includes/api/BSApiTasksBase.php
@@ -59,6 +59,7 @@
                        $oResult->errors['task'] = 'Task '.$aParams['task'].' 
not implemented';
                }
                else {
+                       $this->checkTaskPermission( $aParams['task'] );
                        $oResult = $this->$sMethod( 
$this->getParameter('taskData'), $aParams );
                }
 
@@ -144,4 +145,27 @@
                        
'api.php?action='.$this->getModuleName().'&task='.$this->aTasks[0].'&taskData={someKey:"someValue",isFalse:true}',
                );
        }
+
+       public function checkTaskPermission( $sTask ) {
+               $aTaskPermissions = $this->getRequiredTaskPermissions();
+               if( empty($aTaskPermissions[$sTask]) ) {
+                       return;
+               }
+               foreach( $aTaskPermissions[$sTask] as $sPermission ) {
+                       if( $this->getUser()->isAllowed( $sPermission ) ) {
+                               continue;
+                       }
+                       //TODO: Reflect permission in error message
+                       $this->dieUsageMsg( 'badaccess-groups' );
+               }
+       }
+
+       /**
+        * Returns an array of tasks and their required permissions
+        * array('taskname' => array('read', 'edit'))
+        * @return type
+        */
+       protected function getRequiredTaskPermissions() {
+               return array();
+       }
 }
\ No newline at end of file

-- 
To view, visit https://gerrit.wikimedia.org/r/267229
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ieae7ac714f4713eb62e8504e1fef8c7ce338ff0d
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/BlueSpiceFoundation
Gerrit-Branch: master
Gerrit-Owner: Pwirth <wi...@hallowelt.biz>
Gerrit-Reviewer: Dvogel hallowelt <daniel.vo...@hallowelt.com>
Gerrit-Reviewer: Ljonka <l.verhovs...@gmail.com>
Gerrit-Reviewer: Mglaser <gla...@hallowelt.biz>
Gerrit-Reviewer: Robert Vogel <vo...@hallowelt.biz>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits