Robert Vogel has uploaded a new change for review.
https://gerrit.wikimedia.org/r/270275
Change subject: ApiTasksBase: needToken by default + bs.api.tasks
......................................................................
ApiTasksBase: needToken by default + bs.api.tasks
To enhance security we've decided to enable 'needToken' on task APIs by
default. To ease development there is now a new method 'bs.api.tasks.exec'
that handles most details of the call. Including standard error handling.
Change-Id: I7547b713dd229bc997d66c1992399ef2f3cdf08c
---
M i18n/api/en.json
M i18n/api/qqq.json
M includes/api/BSApiTasksBase.php
M resources/Resources.php
A resources/bluespice/bluespice.api.js
5 files changed, 129 insertions(+), 2 deletions(-)
git pull
ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/BlueSpiceFoundation
refs/changes/75/270275/1
diff --git a/i18n/api/en.json b/i18n/api/en.json
index a6014c5..9a5dbb9 100644
--- a/i18n/api/en.json
+++ b/i18n/api/en.json
@@ -22,6 +22,8 @@
"apihelp-bs-task-param-taskdata": "JSON string encoded object with
arbitrary data for the task",
"apihelp-bs-task-param-format": "The format of the result",
"bs-wikipage-tasks-error-contentmodel" : "The task could not be
perfomed with the content model of the provided page.",
+ "apihelp-bs-task-param-format": "The format of the result",
+ "apihelp-bs-task-param-token": "The token required to access the API
module"
"bs-wikipage-tasks-error-page-not-valid" : "The provided page is not
valid.",
"bs-wikipage-tasks-setcategories-edit-summary": "Changed categories.",
"bs-wikipage-tasks-error-page-edit-not-allowed": "You are not allowed
to edit page '$1'.",
diff --git a/i18n/api/qqq.json b/i18n/api/qqq.json
index 7de7e4d..2a454d1 100644
--- a/i18n/api/qqq.json
+++ b/i18n/api/qqq.json
@@ -21,7 +21,9 @@
"apihelp-bs-task-param-task": "Describes the <var>task</var> parameter
of the API module",
"apihelp-bs-task-param-taskdata": "Describes the <var>taskData</var>
parameter of the API module",
"apihelp-bs-task-param-format": "Describes the <var>format</var>
parameter of the API module\n\n{{msg-mw|Bs-store-param-format}}",
+ "apihelp-bs-task-param-format": "Describes the <var>format</var>
parameter of the API module\n\n{{msg-mw|Bs-store-param-format}}",
"bs-wikipage-tasks-error-contentmodel" : "An error message in case that
the task was not supported by the content model of the provided page",
+ "apihelp-bs-task-param-token": "Describes the <var>token</var>
parameter of the API module"
"bs-wikipage-tasks-error-page-not-valid" : "An error message in case
that the provided page was not valid",
"bs-wikipage-tasks-setcategories-edit-summary": "The summary of an edit
made by the <code>bs-wikipage-tasks</code> API <code>setCategories</code> task",
"bs-wikipage-tasks-error-page-edit-not-allowed": "An error message that
occurs if a user is not allowed to edit page with name '$1'.\n\nParameters:\n*
$1 - a page title",
diff --git a/includes/api/BSApiTasksBase.php b/includes/api/BSApiTasksBase.php
index 3523871..e9f83ee 100644
--- a/includes/api/BSApiTasksBase.php
+++ b/includes/api/BSApiTasksBase.php
@@ -80,7 +80,10 @@
$oResult->message = wfMessage( 'bs-readonly',
$wgReadOnly )->plain();
}
else {
- $oResult = $this->$sMethod(
$this->getParameter('taskData'), $aParams );
+ $oTaskData = $this->getParameter('taskData');
+ Hooks::run( 'BSApiTasksBaseBeforeExecuteTask',
array( $this, $sTask, &$oTaskData , &$aParams ) );
+ $oResult = $this->$sMethod( $oTaskData ,
$aParams );
+ Hooks::run( 'BSApiTasksBaseAfterExecuteTask',
array( $this, $sTask, &$oResult, $oTaskData , $aParams ) );
}
}
@@ -206,6 +209,11 @@
ApiBase::PARAM_DFLT => 'json',
ApiBase::PARAM_TYPE => array( 'json', 'jsonfm'
),
10 /*ApiBase::PARAM_HELP_MSG*/ =>
'apihelp-bs-task-param-format',
+ ),
+ 'token' => array(
+ ApiBase::PARAM_TYPE => 'string',
+ ApiBase::PARAM_REQUIRED => true,
+ 10 /*ApiBase::PARAM_HELP_MSG*/ =>
'apihelp-bs-task-param-token',
)
);
}
@@ -276,4 +284,12 @@
protected function getRequiredTaskPermissions() {
return array();
}
+
+ /**
+ * General protection
+ * @return boolean
+ */
+ public function needsToken() {
+ return true;
+ }
}
diff --git a/resources/Resources.php b/resources/Resources.php
index ba2df32..69c58a5 100644
--- a/resources/Resources.php
+++ b/resources/Resources.php
@@ -19,7 +19,8 @@
'bluespice/bluespice.string.js',
'bluespice/bluespice.xhr.js',
'bluespice/bluespice.ping.js',
- 'bluespice/bluespice.tooltip.js'
+ 'bluespice/bluespice.tooltip.js',
+ 'bluespice/bluespice.api.js'
),
'messages' => array(
'largefileserver',
diff --git a/resources/bluespice/bluespice.api.js
b/resources/bluespice/bluespice.api.js
new file mode 100644
index 0000000..96e40bd
--- /dev/null
+++ b/resources/bluespice/bluespice.api.js
@@ -0,0 +1,106 @@
+/*
+ * Implementation for bs.api
+ */
+
+( function ( mw, bs, $, undefined ) {
+
+ /**
+ * e.g. bs.api.tasks.exec(
+ 'wikipage',
+ 'setCategories',
+ { categories: [ 'C1', 'C2' ] }
+ )
+ .done(...);
+ * @param string module
+ * @param string taskname
+ * @param object data
+ * @returns jQuery.Promise
+ */
+ function _execTask( module, task, data, cfg ) {
+ cfg = cfg || {};
+ cfg = $.extend( {
+ token: 'edit',
+ context: {}, //TODO: Implement context as in
CommonAjaxInterface
+ success: _msgSuccess,
+ failure: _msgFailure
+ }, cfg );
+
+ var $dfd = $.Deferred();
+
+ var api = new mw.Api();
+ api.postWithToken( cfg.token, {
+ action: 'bs-'+ module +'-tasks',
+ task: task,
+ taskData: JSON.stringify( data )
+ })
+ .done(function( response ){
+ if ( response.success === true ) {
+ cfg.success( response, module, task, $dfd, cfg
);
+ } else {
+ cfg.failure( response, module, task, $dfd, cfg
);
+ }
+ })
+ .fail( function( code, errResp ) { //Server error like FATAL
+ var dummyResp = {
+ success: false,
+ message: errResp.exception,
+ errors: [{
+ message: code
+ }]
+ };
+ cfg.failure( dummyResp, module, task, $dfd, cfg );
+ });
+ return $dfd.promise();
+ }
+
+ function _msgSuccess( response, module, task, $dfd, cfg ) {
+ if ( response.message.length ) {
+ //TODO: Dependency to 'ext.bluespice.extjs'?
+ bs.util.alert(
+ module + '-' + task + '-success',
+ {
+
+ titleMsg: 'bs-extjs-title-success',
+ text: response.message
+ },
+ {
+ ok: function() {
+ $dfd.resolve( response );
+ }
+ }
+ );
+ }
+ else {
+ $dfd.resolve( response );
+ }
+ }
+
+ function _msgFailure( response, module, task, $dfd, cfg ) {
+ var message = response.message || '';
+ if ( response.errors.length > 0 ) {
+ for ( var i in response.errors ) {
+ if ( typeof( response.errors[i].message ) !==
'string' ) continue;
+ message = message + '<br />' +
response.errors[i].message;
+ }
+ }
+ bs.util.alert(
+ module + '-' + task + '-fail',
+ {
+ titleMsg: 'bs-extjs-title-warning',
+ text: message
+ },
+ {
+ ok: function() {
+ $dfd.reject( response );
+ }
+ }
+ );
+ }
+
+ bs.api = {
+ tasks: {
+ exec: _execTask
+ }
+ };
+
+}( mediaWiki, blueSpice, jQuery ) );
--
To view, visit https://gerrit.wikimedia.org/r/270275
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I7547b713dd229bc997d66c1992399ef2f3cdf08c
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/BlueSpiceFoundation
Gerrit-Branch: master
Gerrit-Owner: Robert Vogel <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
