jenkins-bot has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/400619 )
Change subject: Clean up permission checks in special pages ...................................................................... Clean up permission checks in special pages This patch helps cleans up checks to reduce code duplication, by calling parent functions in most places, including: * checkPermissions() * requireLogin() For more fine-grained permissions, a new permission called 'populate-user-profiles' has been created. This is given to the 'staff' group by default. This also changes around checks to the proper order, which is: * check user permissions * check if database is in read-only * check if user is blocked * set headers This also sets header in a few special pages that didn't already set them, which included: * Special:ToggleUserPageType * Special:PopulateExistingUsersProfiles Change-Id: I88c2c91fbd6844a653ab96e49fb1224e9caa30d3 --- M SystemGifts/SpecialPopulateAwards.php M SystemGifts/SpecialRemoveMasterSystemGift.php M SystemGifts/SpecialSystemGiftManager.php M SystemGifts/SpecialSystemGiftManagerLogo.php M UserBoard/SpecialSendBoardBlast.php M UserBoard/i18n/en.json M UserBoard/i18n/qqq.json M UserGifts/SpecialGiftManager.php M UserGifts/SpecialGiftManagerLogo.php M UserGifts/SpecialRemoveMasterGift.php M UserProfile/SpecialEditProfile.php M UserProfile/SpecialPopulateExistingUsersProfiles.php M UserProfile/SpecialToggleUserPageType.php M UserProfile/SpecialUpdateProfile.php M UserProfile/UserProfile.php M UserProfile/i18n/en.json M UserProfile/i18n/qqq.json M UserRelationship/SpecialViewRelationshipRequests.php M UserRelationship/SpecialViewRelationships.php M UserRelationship/i18n/en.json M UserStats/GenerateTopUsersReport.php M UserStats/SpecialUpdateEditCounts.php 22 files changed, 124 insertions(+), 150 deletions(-) Approvals: Jack Phoenix: Looks good to me, approved jenkins-bot: Verified diff --git a/SystemGifts/SpecialPopulateAwards.php b/SystemGifts/SpecialPopulateAwards.php index 27a3399..17dc727 100644 --- a/SystemGifts/SpecialPopulateAwards.php +++ b/SystemGifts/SpecialPopulateAwards.php @@ -27,10 +27,8 @@ $out = $this->getOutput(); $user = $this->getUser(); - // If the user doesn't have the required 'awardsmanage' permission, display an error - if ( !$user->isAllowed( 'awardsmanage' ) ) { - throw new PermissionsError( 'awardsmanage' ); - } + // make sure user has the correct permissions + $this->checkPermissions(); // Show a message if the database is in read-only mode $this->checkReadOnly(); diff --git a/SystemGifts/SpecialRemoveMasterSystemGift.php b/SystemGifts/SpecialRemoveMasterSystemGift.php index 559537b..a68b07b 100644 --- a/SystemGifts/SpecialRemoveMasterSystemGift.php +++ b/SystemGifts/SpecialRemoveMasterSystemGift.php @@ -11,7 +11,7 @@ * Constructor */ public function __construct() { - parent::__construct( 'RemoveMasterSystemGift' ); + parent::__construct( 'RemoveMasterSystemGift', 'awardsmanage' ); } /** @@ -41,10 +41,8 @@ $request = $this->getRequest(); $user = $this->getUser(); - // If the user doesn't have the required 'awardsmanage' permission, display an error - if ( !$user->isAllowed( 'awardsmanage' ) ) { - throw new PermissionsError( 'awardsmanage' ); - } + // make sure user has the correct permissions + $this->checkPermissions(); // Show a message if the database is in read-only mode $this->checkReadOnly(); diff --git a/SystemGifts/SpecialSystemGiftManager.php b/SystemGifts/SpecialSystemGiftManager.php index f39c129..fce80de 100644 --- a/SystemGifts/SpecialSystemGiftManager.php +++ b/SystemGifts/SpecialSystemGiftManager.php @@ -30,13 +30,8 @@ $request = $this->getRequest(); $user = $this->getUser(); - // Set the page title, robot policies, etc. - $this->setHeaders(); - - // If the user doesn't have the required 'awardsmanage' permission, display an error - if ( !$user->isAllowed( 'awardsmanage' ) ) { - throw new PermissionsError( 'awardsmanage' ); - } + // make sure user has the correct permissions + $this->checkPermissions(); // Show a message if the database is in read-only mode $this->checkReadOnly(); @@ -46,6 +41,10 @@ throw new UserBlockedError( $user->getBlock() ); } + // Set the page title, robot policies, etc. + $out->setArticleRelated( false ); + $out->setRobotPolicy( 'noindex,nofollow' ); + // Add CSS $out->addModuleStyles( 'ext.socialprofile.special.systemgiftmanager.css' ); diff --git a/SystemGifts/SpecialSystemGiftManagerLogo.php b/SystemGifts/SpecialSystemGiftManagerLogo.php index ebad268..38bbdd4 100644 --- a/SystemGifts/SpecialSystemGiftManagerLogo.php +++ b/SystemGifts/SpecialSystemGiftManagerLogo.php @@ -22,7 +22,7 @@ * Constructor -- set up the new special page */ public function __construct() { - parent::__construct( 'SystemGiftManagerLogo' ); + parent::__construct( 'SystemGiftManagerLogo', 'awardsmanage' ); } /** @@ -35,14 +35,8 @@ $request = $this->getRequest(); $user = $this->getUser(); - // Set the robot policies, etc. - $out->setArticleRelated( false ); - $out->setRobotPolicy( 'noindex,nofollow' ); - - // If the user doesn't have the required 'awardsmanage' permission, display an error - if ( !$user->isAllowed( 'awardsmanage' ) ) { - throw new PermissionsError( 'awardsmanage' ); - } + // make sure user has the correct permissions + $this->checkPermissions(); // Show a message if the database is in read-only mode $this->checkReadOnly(); @@ -52,6 +46,10 @@ throw new UserBlockedError( $user->getBlock() ); } + // Set the robot policies, etc. + $out->setArticleRelated( false ); + $out->setRobotPolicy( 'noindex,nofollow' ); + // Add CSS $out->addModuleStyles( 'ext.socialprofile.special.systemgiftmanagerlogo.css' ); diff --git a/UserBoard/SpecialSendBoardBlast.php b/UserBoard/SpecialSendBoardBlast.php index a1e67c9..986b0e7 100644 --- a/UserBoard/SpecialSendBoardBlast.php +++ b/UserBoard/SpecialSendBoardBlast.php @@ -29,15 +29,8 @@ $request = $this->getRequest(); $user = $this->getUser(); - // Set the page title, robot policies, etc. - $this->setHeaders(); - // This feature is available only to logged-in users. - if ( !$user->isLoggedIn() ) { - $out->setPageTitle( $this->msg( 'boardblastlogintitle' )->plain() ); - $out->addWikiMsg( 'boardblastlogintext' ); - return ''; - } + $this->requireLogin(); // Is the database locked? $this->checkReadOnly(); @@ -47,6 +40,9 @@ throw new UserBlockedError( $user->getBlock() ); } + // Set the page title, robot policies, etc. + $this->setHeaders(); + // Add CSS & JS $out->addModuleStyles( array( 'ext.socialprofile.userboard.boardblast.css' diff --git a/UserBoard/i18n/en.json b/UserBoard/i18n/en.json index 8cde24f..a0b7f4f 100644 --- a/UserBoard/i18n/en.json +++ b/UserBoard/i18n/en.json @@ -7,8 +7,6 @@ ] }, "userboard-desc": "Allows for sending board-to-board messages", - "boardblastlogintitle": "You must be logged in to send board blasts", - "boardblastlogintext": "In order to send board blasts, you must be [[Special:UserLogin|logged in]].", "messagesenttitle": "Messages sent", "boardblasttitle": "Send board blast", "boardblaststep1": "Step 1 - Write your message", diff --git a/UserBoard/i18n/qqq.json b/UserBoard/i18n/qqq.json index 200f75f..999580b 100644 --- a/UserBoard/i18n/qqq.json +++ b/UserBoard/i18n/qqq.json @@ -10,7 +10,6 @@ ] }, "userboard-desc": "{{desc|name=UserBoard|url=https://www.mediawiki.org/wiki/Extension:SocialProfile}}", - "boardblastlogintitle": "As I understand it, it is a sort of board tool to leave messages. Is it?\nhttp://www.mediawiki.org/wiki/Extension:SocialProfile#Board_Blast", "userboard_private": "{{Identical|Private}}", "userboard_public": "{{Identical|Public}}", "userboard_sendbutton": "{{Identical|Send}}", diff --git a/UserGifts/SpecialGiftManager.php b/UserGifts/SpecialGiftManager.php index 39a6a6f..bac7bb8 100644 --- a/UserGifts/SpecialGiftManager.php +++ b/UserGifts/SpecialGiftManager.php @@ -36,19 +36,24 @@ $request = $this->getRequest(); $user = $this->getUser(); - // Set the page title, robot policies, etc. - $this->setHeaders(); - - $out->setPageTitle( $this->msg( 'giftmanager' )->plain() ); - // Make sure that the user is logged in and that they can use this // special page - if ( $user->isAnon() || !$this->canUserManage() ) { + $this->requireLogin(); + + if ( !$this->canUserManage() ) { throw new ErrorPageError( 'error', 'badaccess' ); } // Show a message if the database is in read-only mode $this->checkReadOnly(); + + // If the user is blocked, don't allow access to them + if ( $user->isBlocked() ) { + throw new UserBlockedError( $user->getBlock() ); + } + + // Set the page title, robot policies, etc. + $this->setHeaders(); // Add CSS $out->addModuleStyles( [ @@ -107,27 +112,19 @@ /** * Function to check if the user can manage created gifts * - * @return Boolean: true if user has 'giftadmin' permission or is - * a member of the giftadmin group, otherwise false + * @return bool true if - + * - the user has the 'giftadmin' permission + * - ..or the max amount of custom user gifts is above zero */ function canUserManage() { global $wgMaxCustomUserGiftCount; $user = $this->getUser(); - if ( $user->isBlocked() ) { - return false; - } - - if ( $wgMaxCustomUserGiftCount > 0 ) { - return true; - } - if ( $user->isAllowed( 'giftadmin' ) || - in_array( 'giftadmin', $user->getGroups() ) - ) - { + $wgMaxCustomUserGiftCount > 0 + ) { return true; } diff --git a/UserGifts/SpecialGiftManagerLogo.php b/UserGifts/SpecialGiftManagerLogo.php index c64ab27..e9169e8 100644 --- a/UserGifts/SpecialGiftManagerLogo.php +++ b/UserGifts/SpecialGiftManagerLogo.php @@ -47,14 +47,10 @@ function canUserManage() { $user = $this->getUser(); - if ( $user->isBlocked() || $user->isAnon() ) { - return false; - } - $gift = Gifts::getGift( $this->gift_id ); if ( - $user->getID() == $gift['creator_user_id'] || - in_array( 'giftadmin', $user->getGroups() ) + $user->getId() == $gift['creator_user_id'] || + $user->isAllowed( 'giftadmin' ) ) { return true; @@ -122,22 +118,31 @@ $this->avatarUploadDirectory = $wgUploadDirectory . '/awards'; - // Set the robot policies, etc. - $out->setArticleRelated( false ); - $out->setRobotPolicy( 'noindex,nofollow' ); - /** Show an error message if file upload is disabled */ if ( !$wgEnableUploads ) { $out->addWikiMsg( 'uploaddisabled' ); return; } + // user needs to be logged in to access + $this->requireLogin(); + /** Various rights checks */ if ( !$user->isAllowed( 'upload' ) || $user->isBlocked() ) { throw new ErrorPageError( 'uploadnologin', 'uploadnologintext' ); } + $this->checkReadOnly(); + // If user is blocked, s/he doesn't need to access this page + if ( $user->isBlocked() ) { + throw new UserBlockedError( $user->getBlock() ); + } + + // Set the robot policies, etc. + $out->setArticleRelated( false ); + $out->setRobotPolicy( 'noindex,nofollow' ); + /** Check if the image directory is writeable, this is a common mistake */ if ( !is_writeable( $wgUploadDirectory ) ) { $out->addWikiMsg( 'upload_directory_read_only', $wgUploadDirectory ); diff --git a/UserGifts/SpecialRemoveMasterGift.php b/UserGifts/SpecialRemoveMasterGift.php index efe28ae..191b669 100644 --- a/UserGifts/SpecialRemoveMasterGift.php +++ b/UserGifts/SpecialRemoveMasterGift.php @@ -6,7 +6,7 @@ * Constructor */ public function __construct() { - parent::__construct( 'RemoveMasterGift' ); + parent::__construct( 'RemoveMasterGift', 'giftadmin' ); } /** @@ -37,18 +37,17 @@ /** * Checks if a user is allowed to remove gifts. * - * @return Boolean: false by default or if the user is blocked, true if - * user has 'delete' permission or is a member of the - * giftadmin group + * @return Boolean: false by default or true if + * - has'delete' permission or.. + * - has the 'giftadmin' permission */ function canUserManage() { $user = $this->getUser(); - if ( $user->isBlocked() ) { - return false; - } - - if ( $user->isAllowed( 'delete' ) || in_array( 'giftadmin', $user->getGroups() ) ) { + if ( + $user->isAllowed( 'delete' ) || + $user->isAllowed( 'giftadmin' ) + ) { return true; } @@ -64,16 +63,24 @@ $out = $this->getOutput(); $request = $this->getRequest(); + // user needs to be logged in to access + $this->requireLogin(); + + // Check for permissions + if ( !$this->canUserManage() ) { + throw new ErrorPageError( 'error', 'badaccess' ); + } + + // If user is blocked, s/he doesn't need to access this page + if ( $user->isBlocked() ) { + throw new UserBlockedError( $user->getBlock() ); + } + // Set the page title, robot policies, etc. $this->setHeaders(); // Add CSS $out->addModuleStyles( 'ext.socialprofile.usergifts.css' ); - - // Check for permissions - if ( $this->getUser()->isAnon() || !$this->canUserManage() ) { - throw new ErrorPageError( 'error', 'badaccess' ); - } $this->gift_id = $request->getInt( 'gift_id' ); diff --git a/UserProfile/SpecialEditProfile.php b/UserProfile/SpecialEditProfile.php index b4d68a2..2f9f206 100644 --- a/UserProfile/SpecialEditProfile.php +++ b/UserProfile/SpecialEditProfile.php @@ -29,30 +29,24 @@ $request = $this->getRequest(); $user = $this->getUser(); - // Set the page title, robot policies, etc. - $this->setHeaders(); - $out->setHTMLTitle( $this->msg( 'pagetitle', - $this->msg( 'edit-profiles-title' )->plain() )->parse() ); - // This feature is only available for logged-in users. - if ( !$user->isLoggedIn() ) { - $out->setPageTitle( $this->msg( 'user-profile-update-notloggedin-title' )->plain() ); - $out->addWikiMsg( 'user-profile-update-notloggedin-text' ); - return; - } + $this->requireLogin(); + + // make sure user has the correct permissions + $this->checkPermissions(); + + // Database operations require write mode + $this->checkReadOnly(); // No need to allow blocked users to access this page, they could abuse it, y'know. if ( $user->isBlocked() ) { throw new UserBlockedError( $user->getBlock() ); } - // Database operations require write mode - $this->checkReadOnly(); - - // Are we even allowed to do this? - if ( !$user->isAllowed( 'editothersprofiles' ) ) { - throw new PermissionsError( 'editothersprofiles' ); - } + // Set the page title, robot policies, etc. + $this->setHeaders(); + $out->setHTMLTitle( $this->msg( 'pagetitle', + $this->msg( 'edit-profiles-title' )->plain() )->parse() ); // Add CSS & JS $out->addModuleStyles( array( diff --git a/UserProfile/SpecialPopulateExistingUsersProfiles.php b/UserProfile/SpecialPopulateExistingUsersProfiles.php index c7799ae..a41bad6 100644 --- a/UserProfile/SpecialPopulateExistingUsersProfiles.php +++ b/UserProfile/SpecialPopulateExistingUsersProfiles.php @@ -17,7 +17,7 @@ * Constructor -- set up the new special page */ public function __construct() { - parent::__construct( 'PopulateUserProfiles' ); + parent::__construct( 'PopulateUserProfiles', 'populate-user-profiles' ); } public function doesWrites() { @@ -33,10 +33,8 @@ $out = $this->getOutput(); $user = $this->getUser(); - // Check permissions - if ( !in_array( 'staff', $user->getEffectiveGroups() ) ) { - throw new ErrorPageError( 'error', 'badaccess' ); - } + // Make sure user has the correct permissions + $this->checkPermissions(); // Show a message if the database is in read-only mode $this->checkReadOnly(); @@ -46,6 +44,9 @@ throw new UserBlockedError( $user->getBlock() ); } + // set headers + $this->setHeaders(); + $dbw = wfGetDB( DB_MASTER ); $res = $dbw->select( 'page', diff --git a/UserProfile/SpecialToggleUserPageType.php b/UserProfile/SpecialToggleUserPageType.php index d6f9aa5..2075b7a 100644 --- a/UserProfile/SpecialToggleUserPageType.php +++ b/UserProfile/SpecialToggleUserPageType.php @@ -32,13 +32,14 @@ $user = $this->getUser(); // This feature is only available to logged-in users. - if ( !$user->isLoggedIn() ) { - throw new ErrorPageError( 'error', 'badaccess' ); - } + $this->requireLogin(); // Show a message if the database is in read-only mode $this->checkReadOnly(); + // set header (robot policy, page title, etc) + $this->setHeaders(); + $dbw = wfGetDB( DB_MASTER ); $s = $dbw->selectRow( 'user_profile', diff --git a/UserProfile/SpecialUpdateProfile.php b/UserProfile/SpecialUpdateProfile.php index 9cdb2af..82ec7d8 100644 --- a/UserProfile/SpecialUpdateProfile.php +++ b/UserProfile/SpecialUpdateProfile.php @@ -57,24 +57,20 @@ $request = $this->getRequest(); $user = $this->getUser(); - // Set the page title, robot policies, etc. - $this->setHeaders(); - $out->setHTMLTitle( $this->msg( 'pagetitle', $this->msg( 'edit-profile-title' )->plain() )->parse() ); - // This feature is only available for logged-in users. - if ( !$user->isLoggedIn() ) { - $out->setPageTitle( $this->msg( 'user-profile-update-notloggedin-title' )->plain() ); - $out->addWikiMsg( 'user-profile-update-notloggedin-text' ); - return; - } + $this->requireLogin(); + + // Database operations require write mode + $this->checkReadOnly(); // No need to allow blocked users to access this page, they could abuse it, y'know. if ( $user->isBlocked() ) { throw new UserBlockedError( $user->getBlock() ); } - // Database operations require write mode - $this->checkReadOnly(); + // Set the page title, robot policies, etc. + $this->setHeaders(); + $out->setHTMLTitle( $this->msg( 'pagetitle', $this->msg( 'edit-profile-title' )->plain() )->parse() ); /** * Create thresholds based on user stats diff --git a/UserProfile/UserProfile.php b/UserProfile/UserProfile.php index 1420d1e..07fb04c 100644 --- a/UserProfile/UserProfile.php +++ b/UserProfile/UserProfile.php @@ -67,8 +67,10 @@ $wgAvailableRights[] = 'avatarremove'; $wgAvailableRights[] = 'editothersprofiles'; +$wgAvailableRights[] = 'populate-user-profiles'; $wgGroupPermissions['sysop']['avatarremove'] = true; $wgGroupPermissions['staff']['editothersprofiles'] = true; +$wgGroupPermissions['staff']['populate-user-profiles'] = true; // ResourceLoader support for MediaWiki 1.17+ $wgResourceModules['ext.socialprofile.userprofile.css'] = array( diff --git a/UserProfile/i18n/en.json b/UserProfile/i18n/en.json index 7c635fd..91e06fd 100644 --- a/UserProfile/i18n/en.json +++ b/UserProfile/i18n/en.json @@ -83,8 +83,6 @@ "user-recent-activity-user-message": "Sent a message to", "user-recent-activity-network-update": "Has posted a thought", "user-recent-system-gift": "Received an award", - "user-profile-update-notloggedin-title": "Cannot edit your profile without being logged in", - "user-profile-update-notloggedin-text": "You cannot edit your profile without being logged in.\nClick [[Special:UserLogin|here]] to login or click [[Special:UserLogin/signup|here]] to register.", "user-profile-update-saved": "Your profile has been saved", "user-profile-edit-profile-update-saved": "The user's profile was successfully saved", "user-profile-update-log-section": "changed section", @@ -219,6 +217,8 @@ "right-editothersprofiles": "Update other users' social profiles", "action-avatarremove": "remove user's avatars", "action-editothersprofiles": "update other users' social profiles", + "right-populate-user-profiles": "Allows populating other users' profiles for existing wikis", + "action-populate-user-profiles": "Allows populating other users' profiles for existing wikis", "apihelp-socialprofile-userprofileprivacy-description": "API module for setting the visibility (\"privacy\") of a profile field", "apihelp-socialprofile-userprofileprivacy-summary": "API module for setting the visibility (\"privacy\") of a profile field", "apihelp-socialprofile-userprofileprivacy-param-method": "Action (either \"get\" or \"set\")", diff --git a/UserProfile/i18n/qqq.json b/UserProfile/i18n/qqq.json index 2e0753b..dc80be4 100644 --- a/UserProfile/i18n/qqq.json +++ b/UserProfile/i18n/qqq.json @@ -65,6 +65,8 @@ "user-page-link": "{{Identical|User page}}", "right-avatarremove": "{{doc-right|avatarremove}}", "right-editothersprofiles": "{{doc-right|editothersprofiles}}", + "right-populate-user-profiles": "{{doc-right|populate-user-profiles}}", + "action-populate-user-profiles": "{{doc-action|populate-user-profiles}}", "apihelp-socialprofile-userprofileprivacy-description": "{{doc-apihelp-description|socialprofile-userprofileprivacy}}", "apihelp-socialprofile-userprofileprivacy-summary": "{{doc-apihelp-summary|socialprofile-userprofileprivacy}}", "apihelp-socialprofile-userprofileprivacy-param-method": "{{doc-apihelp-param|socialprofile-userprofileprivacy|method}}", diff --git a/UserRelationship/SpecialViewRelationshipRequests.php b/UserRelationship/SpecialViewRelationshipRequests.php index 8b9cdff..f2178c1 100644 --- a/UserRelationship/SpecialViewRelationshipRequests.php +++ b/UserRelationship/SpecialViewRelationshipRequests.php @@ -50,21 +50,14 @@ $out = $this->getOutput(); $user = $this->getUser(); - // Set the page title, robot policies, etc. - $this->setHeaders(); - /** * Redirect anonymous users to the login page * It will automatically return them to the ViewRelationshipRequests page */ - if ( !$user->isLoggedIn() ) { - $out->setPageTitle( $this->msg( 'ur-error-page-title' )->plain() ); - $login = SpecialPage::getTitleFor( 'Userlogin' ); - $out->redirect( - $login->getFullURL( 'returnto=Special:ViewRelationshipRequests' ) - ); - return false; - } + $this->requireLogin(); + + // Set the page title, robot policies, etc. + $this->setHeaders(); // Add CSS & JS $out->addModuleStyles( array( diff --git a/UserRelationship/SpecialViewRelationships.php b/UserRelationship/SpecialViewRelationships.php index b7a5366..dd33fd6 100644 --- a/UserRelationship/SpecialViewRelationships.php +++ b/UserRelationship/SpecialViewRelationships.php @@ -50,6 +50,12 @@ $user = $this->getUser(); $linkRenderer = $this->getLinkRenderer(); + /** + * Redirect Non-logged in users to Login Page + * It will automatically return them to the ViewRelationships page + */ + $this->requireLogin(); + // Set the page title, robot policies, etc. $this->setHeaders(); @@ -66,17 +72,6 @@ $user_name = $request->getVal( 'user' ); $rel_type = $request->getInt( 'rel_type' ); $page = $request->getInt( 'page' ); - - /** - * Redirect Non-logged in users to Login Page - * It will automatically return them to the ViewRelationships page - */ - if ( !$user->isLoggedIn() && $user_name == '' ) { - $out->setPageTitle( $this->msg( 'ur-error-page-title' )->plain() ); - $login = SpecialPage::getTitleFor( 'Userlogin' ); - $out->redirect( htmlspecialchars( $login->getFullURL( 'returnto=Special:ViewRelationships' ) ) ); - return false; - } /** * Set up config for page / default values diff --git a/UserRelationship/i18n/en.json b/UserRelationship/i18n/en.json index 4ddceff..ebb3f62 100644 --- a/UserRelationship/i18n/en.json +++ b/UserRelationship/i18n/en.json @@ -8,7 +8,6 @@ "viewrelationships": "View relationship", "viewrelationshiprequests": "View relationship requests", "ur-already-submitted": "Your request has been sent", - "ur-error-page-title": "Woops!", "ur-error-title": "Whoops, you took a wrong turn!", "ur-error-message-no-user": "We cannot complete your request, because no user with this name exists.", "ur-your-profile": "Your profile", diff --git a/UserStats/GenerateTopUsersReport.php b/UserStats/GenerateTopUsersReport.php index 598ef31..de3b6d2 100644 --- a/UserStats/GenerateTopUsersReport.php +++ b/UserStats/GenerateTopUsersReport.php @@ -40,17 +40,15 @@ $request = $this->getRequest(); $user = $this->getUser(); - // Blocked through Special:Block? Tough luck. - if ( $user->isBlocked() ) { - throw new UserBlockedError( $user->getBlock() ); - } + // Check for the correct permission + $this->checkPermissions(); // Is the database locked or not? $this->checkReadOnly(); - // Check for the correct permission - if ( !$user->isAllowed( 'generatetopusersreport' ) ) { - throw new PermissionsError( 'generatetopusersreport' ); + // Blocked through Special:Block? Tough luck. + if ( $user->isBlocked() ) { + throw new UserBlockedError( $user->getBlock() ); } // Set the page title, robot policy, etc. diff --git a/UserStats/SpecialUpdateEditCounts.php b/UserStats/SpecialUpdateEditCounts.php index 39f549b..a9fbbc3 100644 --- a/UserStats/SpecialUpdateEditCounts.php +++ b/UserStats/SpecialUpdateEditCounts.php @@ -106,9 +106,7 @@ // Check permissions -- we must be allowed to access this special page // before we can run any database queries - if ( !$this->getUser()->isAllowed( 'updatepoints' ) ) { - throw new ErrorPageError( 'error', 'badaccess' ); - } + $this->checkPermissions(); // And obviously the database needs to be writable before we start // running INSERT/UPDATE queries against it... -- To view, visit https://gerrit.wikimedia.org/r/400619 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I88c2c91fbd6844a653ab96e49fb1224e9caa30d3 Gerrit-PatchSet: 4 Gerrit-Project: mediawiki/extensions/SocialProfile Gerrit-Branch: master Gerrit-Owner: SamanthaNguyen <samanthanguyen1...@gmail.com> Gerrit-Reviewer: Jack Phoenix <ash...@uncyclomedia.co> Gerrit-Reviewer: Lewis Cawte <le...@lewiscawte.me> Gerrit-Reviewer: SamanthaNguyen <samanthanguyen1...@gmail.com> Gerrit-Reviewer: Siebrand <siebr...@kitano.nl> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits