MGChecker has uploaded a new change for review.
https://gerrit.wikimedia.org/r/286282
Change subject: Split off permission to delete tags from managechangetags
permission
......................................................................
Split off permission to delete tags from managechangetags permission
Every permission included in managechangetags is really harmless and can be
reverted
in short time, except of the permission to irriversibly delete tags. That's why
this should be excluded in an additional permission that other wikis can
restrict
deletechangetags more than other tag management actions.
Bug: T133811
Change-Id: Ieb9199f2c6997316ae3468ff5a92b2d2456c012f
---
M includes/DefaultSettings.php
M includes/api/ApiManageTags.php
M includes/changetags/ChangeTags.php
M includes/specials/SpecialTags.php
M includes/user/User.php
5 files changed, 30 insertions(+), 18 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core
refs/changes/82/286282/1
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 5b3684b..0835466 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -4903,6 +4903,7 @@
# $wgGroupPermissions['sysop']['upload_by_url'] = true;
$wgGroupPermissions['sysop']['mergehistory'] = true;
$wgGroupPermissions['sysop']['managechangetags'] = true;
+$wgGroupPermissions['sysop']['deletechangetags'] = true;
// Permission to change users' group assignments
$wgGroupPermissions['bureaucrat']['userrights'] = true;
diff --git a/includes/api/ApiManageTags.php b/includes/api/ApiManageTags.php
index 60fb4dc..3efaf6c 100644
--- a/includes/api/ApiManageTags.php
+++ b/includes/api/ApiManageTags.php
@@ -29,8 +29,8 @@
$params = $this->extractRequestParams();
// make sure the user is allowed
- if ( !$this->getUser()->isAllowed( 'managechangetags' ) ) {
- $this->dieUsage( "You don't have permission to manage
change tags", 'permissiondenied' );
+ if ( !$this->getUser()->isAllowed( 'managechangetags' ) &&
!$this->getUser()->isAllowed( 'deletechangetags' ) ) {
+ $this->dieUsage( "You don't have permission to manage
or delete change tags", 'permissiondenied' );
}
$result = $this->getResult();
@@ -65,6 +65,14 @@
}
public function getAllowedParams() {
+ $operationTypes = [ 'create', 'activate', 'deactivate' ];
+ if ( $this->getUser()->isAllowed( 'deletechangetags' ) &&
$this->getUser()->isAllowed( 'managechangetags' ) ) {
+ $operationTypes = [ 'create', 'delete', 'activate',
'deactivate' ];
+ } else if ( $this->getUser()->isAllowed( 'managechangetags' ) )
{
+ $operationTypes = [ 'create', 'activate', 'deactivate'
];
+ } else {
+ $operationTypes = [ 'delete']
+ }
return [
'operation' => [
ApiBase::PARAM_TYPE => [ 'create', 'delete',
'activate', 'deactivate' ],
diff --git a/includes/changetags/ChangeTags.php
b/includes/changetags/ChangeTags.php
index 9db1697..590b341 100644
--- a/includes/changetags/ChangeTags.php
+++ b/includes/changetags/ChangeTags.php
@@ -1055,8 +1055,8 @@
$tagUsage = self::tagUsageStatistics();
if ( !is_null( $user ) ) {
- if ( !$user->isAllowed( 'managechangetags' ) ) {
- return Status::newFatal(
'tags-manage-no-permission' );
+ if ( !$user->isAllowed( 'deletechangetags' ) ) {
+ return Status::newFatal(
'tags-delete-no-permission' );
} elseif ( $user->isBlocked() ) {
return Status::newFatal( 'tags-manage-blocked'
);
}
diff --git a/includes/specials/SpecialTags.php
b/includes/specials/SpecialTags.php
index e79fd6e..7aeb51b 100644
--- a/includes/specials/SpecialTags.php
+++ b/includes/specials/SpecialTags.php
@@ -77,6 +77,7 @@
$user = $this->getUser();
$userCanManage = $user->isAllowed( 'managechangetags' );
+ $userCanDelete = $user->isAllowed( 'deletechangetags' );
$userCanEditInterface = $user->isAllowed( 'editinterface' );
// Show form to create a tag
@@ -154,12 +155,12 @@
// Insert tags that have been applied at least once
foreach ( $tagStats as $tag => $hitcount ) {
- $html .= $this->doTagRow( $tag, $hitcount,
$userCanManage, $userCanEditInterface );
+ $html .= $this->doTagRow( $tag, $hitcount,
$userCanManage, $userCanDelete, $userCanEditInterface );
}
// Insert tags defined somewhere but never applied
foreach ( $definedTags as $tag ) {
if ( !isset( $tagStats[$tag] ) ) {
- $html .= $this->doTagRow( $tag, 0,
$userCanManage, $userCanEditInterface );
+ $html .= $this->doTagRow( $tag, 0,
$userCanManage, $userCanDelete, $userCanEditInterface );
}
}
@@ -170,7 +171,7 @@
) );
}
- function doTagRow( $tag, $hitcount, $showActions, $showEditLinks ) {
+ function doTagRow( $tag, $hitcount, $showManageActions,
$showDeleteActions, $showEditLinks ) {
$newRow = '';
$newRow .= Xml::tags( 'td', null, Xml::element( 'code', null,
$tag ) );
@@ -229,16 +230,17 @@
$newRow .= Xml::tags( 'td', [ 'data-sort-value' => $hitcount ],
$hitcountLabel );
// actions
- if ( $showActions ) { // we've already checked that the user
had the requisite userright
- $actionLinks = [];
+ $actionLinks = [];
+
+ // delete
+ if ( $showDeleteActions && ChangeTags::canDeleteTag( $tag
)->isOK() ) {
+ $actionLinks[] = Linker::linkKnown(
$this->getPageTitle( 'delete' ),
+ $this->msg( 'tags-delete' )->escaped(),
+ [],
+ [ 'tag' => $tag ] );
+ }
- // delete
- if ( ChangeTags::canDeleteTag( $tag )->isOK() ) {
- $actionLinks[] = Linker::linkKnown(
$this->getPageTitle( 'delete' ),
- $this->msg( 'tags-delete' )->escaped(),
- [],
- [ 'tag' => $tag ] );
- }
+ if ( $showActions ) { // we've already checked that the user
had the requisite userright
// activate
if ( ChangeTags::canActivateTag( $tag )->isOK() ) {
@@ -319,8 +321,8 @@
protected function showDeleteTagForm( $tag ) {
$user = $this->getUser();
- if ( !$user->isAllowed( 'managechangetags' ) ) {
- throw new PermissionsError( 'managechangetags' );
+ if ( !$user->isAllowed( 'deletechangetags' ) ) {
+ throw new PermissionsError( 'deletechangetags' );
}
$out = $this->getOutput();
diff --git a/includes/user/User.php b/includes/user/User.php
index 7c32c3b..c480e5b 100644
--- a/includes/user/User.php
+++ b/includes/user/User.php
@@ -127,6 +127,7 @@
'createpage',
'createtalk',
'delete',
+ 'deletechangetags',
'deletedhistory',
'deletedtext',
'deletelogentry',
--
To view, visit https://gerrit.wikimedia.org/r/286282
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ieb9199f2c6997316ae3468ff5a92b2d2456c012f
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: MGChecker <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
