Robert Vogel has uploaded a new change for review. https://gerrit.wikimedia.org/r/270275
Change subject: ApiTasksBase: needToken by default + bs.api.tasks ...................................................................... ApiTasksBase: needToken by default + bs.api.tasks To enhance security we've decided to enable 'needToken' on task APIs by default. To ease development there is now a new method 'bs.api.tasks.exec' that handles most details of the call. Including standard error handling. Change-Id: I7547b713dd229bc997d66c1992399ef2f3cdf08c --- M i18n/api/en.json M i18n/api/qqq.json M includes/api/BSApiTasksBase.php M resources/Resources.php A resources/bluespice/bluespice.api.js 5 files changed, 129 insertions(+), 2 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/BlueSpiceFoundation refs/changes/75/270275/1 diff --git a/i18n/api/en.json b/i18n/api/en.json index a6014c5..9a5dbb9 100644 --- a/i18n/api/en.json +++ b/i18n/api/en.json @@ -22,6 +22,8 @@ "apihelp-bs-task-param-taskdata": "JSON string encoded object with arbitrary data for the task", "apihelp-bs-task-param-format": "The format of the result", "bs-wikipage-tasks-error-contentmodel" : "The task could not be perfomed with the content model of the provided page.", + "apihelp-bs-task-param-format": "The format of the result", + "apihelp-bs-task-param-token": "The token required to access the API module" "bs-wikipage-tasks-error-page-not-valid" : "The provided page is not valid.", "bs-wikipage-tasks-setcategories-edit-summary": "Changed categories.", "bs-wikipage-tasks-error-page-edit-not-allowed": "You are not allowed to edit page '$1'.", diff --git a/i18n/api/qqq.json b/i18n/api/qqq.json index 7de7e4d..2a454d1 100644 --- a/i18n/api/qqq.json +++ b/i18n/api/qqq.json @@ -21,7 +21,9 @@ "apihelp-bs-task-param-task": "Describes the <var>task</var> parameter of the API module", "apihelp-bs-task-param-taskdata": "Describes the <var>taskData</var> parameter of the API module", "apihelp-bs-task-param-format": "Describes the <var>format</var> parameter of the API module\n\n{{msg-mw|Bs-store-param-format}}", + "apihelp-bs-task-param-format": "Describes the <var>format</var> parameter of the API module\n\n{{msg-mw|Bs-store-param-format}}", "bs-wikipage-tasks-error-contentmodel" : "An error message in case that the task was not supported by the content model of the provided page", + "apihelp-bs-task-param-token": "Describes the <var>token</var> parameter of the API module" "bs-wikipage-tasks-error-page-not-valid" : "An error message in case that the provided page was not valid", "bs-wikipage-tasks-setcategories-edit-summary": "The summary of an edit made by the <code>bs-wikipage-tasks</code> API <code>setCategories</code> task", "bs-wikipage-tasks-error-page-edit-not-allowed": "An error message that occurs if a user is not allowed to edit page with name '$1'.\n\nParameters:\n* $1 - a page title", diff --git a/includes/api/BSApiTasksBase.php b/includes/api/BSApiTasksBase.php index 3523871..e9f83ee 100644 --- a/includes/api/BSApiTasksBase.php +++ b/includes/api/BSApiTasksBase.php @@ -80,7 +80,10 @@ $oResult->message = wfMessage( 'bs-readonly', $wgReadOnly )->plain(); } else { - $oResult = $this->$sMethod( $this->getParameter('taskData'), $aParams ); + $oTaskData = $this->getParameter('taskData'); + Hooks::run( 'BSApiTasksBaseBeforeExecuteTask', array( $this, $sTask, &$oTaskData , &$aParams ) ); + $oResult = $this->$sMethod( $oTaskData , $aParams ); + Hooks::run( 'BSApiTasksBaseAfterExecuteTask', array( $this, $sTask, &$oResult, $oTaskData , $aParams ) ); } } @@ -206,6 +209,11 @@ ApiBase::PARAM_DFLT => 'json', ApiBase::PARAM_TYPE => array( 'json', 'jsonfm' ), 10 /*ApiBase::PARAM_HELP_MSG*/ => 'apihelp-bs-task-param-format', + ), + 'token' => array( + ApiBase::PARAM_TYPE => 'string', + ApiBase::PARAM_REQUIRED => true, + 10 /*ApiBase::PARAM_HELP_MSG*/ => 'apihelp-bs-task-param-token', ) ); } @@ -276,4 +284,12 @@ protected function getRequiredTaskPermissions() { return array(); } + + /** + * General protection + * @return boolean + */ + public function needsToken() { + return true; + } } diff --git a/resources/Resources.php b/resources/Resources.php index ba2df32..69c58a5 100644 --- a/resources/Resources.php +++ b/resources/Resources.php @@ -19,7 +19,8 @@ 'bluespice/bluespice.string.js', 'bluespice/bluespice.xhr.js', 'bluespice/bluespice.ping.js', - 'bluespice/bluespice.tooltip.js' + 'bluespice/bluespice.tooltip.js', + 'bluespice/bluespice.api.js' ), 'messages' => array( 'largefileserver', diff --git a/resources/bluespice/bluespice.api.js b/resources/bluespice/bluespice.api.js new file mode 100644 index 0000000..96e40bd --- /dev/null +++ b/resources/bluespice/bluespice.api.js @@ -0,0 +1,106 @@ +/* + * Implementation for bs.api + */ + +( function ( mw, bs, $, undefined ) { + + /** + * e.g. bs.api.tasks.exec( + 'wikipage', + 'setCategories', + { categories: [ 'C1', 'C2' ] } + ) + .done(...); + * @param string module + * @param string taskname + * @param object data + * @returns jQuery.Promise + */ + function _execTask( module, task, data, cfg ) { + cfg = cfg || {}; + cfg = $.extend( { + token: 'edit', + context: {}, //TODO: Implement context as in CommonAjaxInterface + success: _msgSuccess, + failure: _msgFailure + }, cfg ); + + var $dfd = $.Deferred(); + + var api = new mw.Api(); + api.postWithToken( cfg.token, { + action: 'bs-'+ module +'-tasks', + task: task, + taskData: JSON.stringify( data ) + }) + .done(function( response ){ + if ( response.success === true ) { + cfg.success( response, module, task, $dfd, cfg ); + } else { + cfg.failure( response, module, task, $dfd, cfg ); + } + }) + .fail( function( code, errResp ) { //Server error like FATAL + var dummyResp = { + success: false, + message: errResp.exception, + errors: [{ + message: code + }] + }; + cfg.failure( dummyResp, module, task, $dfd, cfg ); + }); + return $dfd.promise(); + } + + function _msgSuccess( response, module, task, $dfd, cfg ) { + if ( response.message.length ) { + //TODO: Dependency to 'ext.bluespice.extjs'? + bs.util.alert( + module + '-' + task + '-success', + { + + titleMsg: 'bs-extjs-title-success', + text: response.message + }, + { + ok: function() { + $dfd.resolve( response ); + } + } + ); + } + else { + $dfd.resolve( response ); + } + } + + function _msgFailure( response, module, task, $dfd, cfg ) { + var message = response.message || ''; + if ( response.errors.length > 0 ) { + for ( var i in response.errors ) { + if ( typeof( response.errors[i].message ) !== 'string' ) continue; + message = message + '<br />' + response.errors[i].message; + } + } + bs.util.alert( + module + '-' + task + '-fail', + { + titleMsg: 'bs-extjs-title-warning', + text: message + }, + { + ok: function() { + $dfd.reject( response ); + } + } + ); + } + + bs.api = { + tasks: { + exec: _execTask + } + }; + +}( mediaWiki, blueSpice, jQuery ) ); -- To view, visit https://gerrit.wikimedia.org/r/270275 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I7547b713dd229bc997d66c1992399ef2f3cdf08c Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/BlueSpiceFoundation Gerrit-Branch: master Gerrit-Owner: Robert Vogel <vo...@hallowelt.biz> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits