Anomie has uploaded a new change for review.
https://gerrit.wikimedia.org/r/67875
Change subject: Add user rights 'viewmywatchlist', 'editmywatchlist'
......................................................................
Add user rights 'viewmywatchlist', 'editmywatchlist'
These are needed for OAuth grants.
Note that, even if 'editmywatchlist' is not granted, various actions
will still allow for adding but not removing of pages.
Change-Id: Ie33446a228dd6ed0114730935c1bf65667f5ce01
---
M RELEASE-NOTES-1.22
M includes/Article.php
M includes/DefaultSettings.php
M includes/EditPage.php
M includes/FileDeleteForm.php
M includes/ProtectionForm.php
M includes/SkinTemplate.php
M includes/Title.php
M includes/User.php
M includes/WatchedItem.php
M includes/actions/WatchAction.php
M includes/api/ApiBase.php
M includes/api/ApiQueryInfo.php
M includes/api/ApiSetNotificationTimestamp.php
M includes/api/ApiWatch.php
M includes/specials/SpecialBlock.php
M includes/specials/SpecialEditWatchlist.php
M includes/specials/SpecialMovepage.php
M includes/specials/SpecialRecentchanges.php
M includes/specials/SpecialRecentchangeslinked.php
M includes/specials/SpecialWatchlist.php
M includes/upload/UploadBase.php
M languages/messages/MessagesEn.php
M languages/messages/MessagesQqq.php
M maintenance/dictionary/mediawiki.dic
M maintenance/language/messages.inc
26 files changed, 172 insertions(+), 73 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core
refs/changes/75/67875/1
diff --git a/RELEASE-NOTES-1.22 b/RELEASE-NOTES-1.22
index 6534215..d9f1e9c 100644
--- a/RELEASE-NOTES-1.22
+++ b/RELEASE-NOTES-1.22
@@ -31,9 +31,9 @@
* $wgLogAutopatrol added to allow disabling logging of autopatrol edits in the
logging table.
default for $wgLogAutopatrol is true.
* The 'edit' right no longer allows for editing a user's own CSS and JS.
-* New rights 'editmyusercss' and 'editmyuserjs' restrict actions that were
- formerly allowed by default. They have been added to the default for
- $wgGroupPermissions['*'].
+* New rights 'editmyusercss', 'editmyuserjs', 'viewmywatchlist',
+ and 'editmywatchlist' restrict actions that were formerly allowed by default.
+ They have been added to the default for $wgGroupPermissions['*'].
=== New features in 1.22 ===
* (bug 44525) mediawiki.jqueryMsg can now parse (whitelisted) HTML elements
and attributes.
@@ -109,6 +109,8 @@
for extensions such as OAuth:
** editmyusercss controls whether a user may edit their own CSS subpages.
** editmyuserjs controls whether a user may edit their own JS subpages.
+** viewmywatchlist controls whether a user may view their watchlist.
+** editmywatchlist controls whether a user may edit their watchlist.
=== Bug fixes in 1.22 ===
* Disable Special:PasswordReset when $wgEnableEmail is false. Previously one
diff --git a/includes/Article.php b/includes/Article.php
index f0eb568..6add3e0 100644
--- a/includes/Article.php
+++ b/includes/Article.php
@@ -1588,13 +1588,7 @@
$this->doDelete( $reason, $suppress );
- if ( $user->isLoggedIn() && $request->getCheck(
'wpWatch' ) != $user->isWatched( $title ) ) {
- if ( $request->getCheck( 'wpWatch' ) ) {
- WatchAction::doWatch( $title, $user );
- } else {
- WatchAction::doUnwatch( $title, $user );
- }
- }
+ WatchAction::doWatchOrUnwatch( $request->getCheck(
'wpWatch' ), $title, $user );
return;
}
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index b560baf..652dfc2 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -3890,6 +3890,8 @@
$wgGroupPermissions['*']['writeapi'] = true;
$wgGroupPermissions['*']['editmyusercss'] = true;
$wgGroupPermissions['*']['editmyuserjs'] = true;
+$wgGroupPermissions['*']['viewmywatchlist'] = true;
+$wgGroupPermissions['*']['editmywatchlist'] = true;
#$wgGroupPermissions['*']['patrolmarks'] = false; // let anons see what was
patrolled
// Implicit group for all logged-in accounts
diff --git a/includes/EditPage.php b/includes/EditPage.php
index 27f4556..59ac2c6 100644
--- a/includes/EditPage.php
+++ b/includes/EditPage.php
@@ -1743,7 +1743,9 @@
protected function updateWatchlist() {
global $wgUser;
- if ( $wgUser->isLoggedIn() && $this->watchthis !=
$wgUser->isWatched( $this->mTitle ) ) {
+ if ( $wgUser->isLoggedIn()
+ && $this->watchthis != $wgUser->isWatched(
$this->mTitle, WatchedItem::IGNORE_USER_RIGHTS )
+ ) {
$fname = __METHOD__;
$title = $this->mTitle;
$watch = $this->watchthis;
@@ -1752,8 +1754,10 @@
$dbw = wfGetDB( DB_MASTER );
$dbw->onTransactionIdle( function() use ( $dbw, $title,
$watch, $wgUser, $fname ) {
$dbw->begin( $fname );
+ // If the user doesn't have editmywatchlist, we
want to allow
+ // adding based on the checkbox but not
removing.
if ( $watch ) {
- WatchAction::doWatch( $title, $wgUser );
+ WatchAction::doWatch( $title, $wgUser,
WatchedItem::IGNORE_USER_RIGHTS );
} else {
WatchAction::doUnwatch( $title, $wgUser
);
}
diff --git a/includes/FileDeleteForm.php b/includes/FileDeleteForm.php
index 9fc70eb..65d82b8 100644
--- a/includes/FileDeleteForm.php
+++ b/includes/FileDeleteForm.php
@@ -120,13 +120,7 @@
// file, otherwise go back to the description
page
$wgOut->addReturnTo( $this->oldimage ?
$this->title : Title::newMainPage() );
- if ( $wgUser->isLoggedIn() &&
$wgRequest->getCheck( 'wpWatch' ) != $wgUser->isWatched( $this->title ) ) {
- if ( $wgRequest->getCheck( 'wpWatch' )
) {
- WatchAction::doWatch(
$this->title, $wgUser );
- } else {
- WatchAction::doUnwatch(
$this->title, $wgUser );
- }
- }
+ WatchAction::doWatchOrUnwatch(
$wgRequest->getCheck( 'wpWatch' ), $this->title, $wgUser );
}
return;
}
diff --git a/includes/ProtectionForm.php b/includes/ProtectionForm.php
index 6f444ee..2f6b65d 100644
--- a/includes/ProtectionForm.php
+++ b/includes/ProtectionForm.php
@@ -330,13 +330,8 @@
return false;
}
- if ( $wgUser->isLoggedIn() && $wgRequest->getCheck(
'mwProtectWatch' ) != $wgUser->isWatched( $this->mTitle ) ) {
- if ( $wgRequest->getCheck( 'mwProtectWatch' ) ) {
- WatchAction::doWatch( $this->mTitle, $wgUser );
- } else {
- WatchAction::doUnwatch( $this->mTitle, $wgUser
);
- }
- }
+ WatchAction::doWatchOrUnwatch( $wgRequest->getCheck(
'mwProtectWatch' ), $this->mTitle, $wgUser );
+
return true;
}
diff --git a/includes/SkinTemplate.php b/includes/SkinTemplate.php
index fa90954..a774fa3 100644
--- a/includes/SkinTemplate.php
+++ b/includes/SkinTemplate.php
@@ -613,12 +613,15 @@
'href' => $href,
'active' => ( $href == $pageurl )
);
- $href = self::makeSpecialUrl( 'Watchlist' );
- $personal_urls['watchlist'] = array(
- 'text' => $this->msg( 'mywatchlist' )->text(),
- 'href' => $href,
- 'active' => ( $href == $pageurl )
- );
+
+ if ( $this->getUser()->isAllowedAll( 'viewmywatchlist',
'editmywatchlist' ) ) {
+ $href = self::makeSpecialUrl( 'Watchlist' );
+ $personal_urls['watchlist'] = array(
+ 'text' => $this->msg( 'mywatchlist'
)->text(),
+ 'href' => $href,
+ 'active' => ( $href == $pageurl )
+ );
+ }
# We need to do an explicit check for
Special:Contributions, as we
# have to match both the title, and the target, which
could come
@@ -992,7 +995,7 @@
wfProfileOut( __METHOD__ . '-live' );
// Checks if the user is logged in
- if ( $this->loggedin ) {
+ if ( $this->loggedin && $user->isAllowedAll(
'viewmywatchlist', 'editmywatchlist' ) ) {
/**
* The following actions use messages
which, if made particular to
* the any specific skins, would break
the Ajax code which makes this
diff --git a/includes/Title.php b/includes/Title.php
index d40d923..f0b1066 100644
--- a/includes/Title.php
+++ b/includes/Title.php
@@ -4533,7 +4533,7 @@
if ( array_key_exists( $uid, $this->mNotificationTimestamp ) ) {
return $this->mNotificationTimestamp[$uid];
}
- if ( !$uid || !$wgShowUpdatedMarker ) {
+ if ( !$uid || !$wgShowUpdatedMarker || !$user->isAllowed(
'viewmywatchlist' ) ) {
return $this->mNotificationTimestamp[$uid] = false;
}
// Don't cache too much!
diff --git a/includes/User.php b/includes/User.php
index 1c13211..8ce44a8 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -126,6 +126,7 @@
'editprotected',
'editmyusercss',
'editmyuserjs',
+ 'editmywatchlist',
'editusercssjs', #deprecated
'editusercss',
'edituserjs',
@@ -166,6 +167,7 @@
'upload_by_url',
'userrights',
'userrights-interwiki',
+ 'viewmywatchlist',
'writeapi',
);
/**
@@ -2860,11 +2862,14 @@
/**
* Get a WatchedItem for this user and $title.
*
+ * @since 1.22 $checkRights parameter added
* @param $title Title
+ * @param $checkRights int Whether to check
'viewmywatchlist'/'editmywatchlist' rights.
+ * Pass WatchedItem::CHECK_USER_RIGHTS or
WatchedItem::IGNORE_USER_RIGHTS.
* @return WatchedItem
*/
- public function getWatchedItem( $title ) {
- $key = $title->getNamespace() . ':' . $title->getDBkey();
+ public function getWatchedItem( $title, $checkRights =
WatchedItem::CHECK_USER_RIGHTS ) {
+ $key = $checkRights . ':' . $title->getNamespace() . ':' .
$title->getDBkey();
if ( isset( $this->mWatchedItems[$key] ) ) {
return $this->mWatchedItems[$key];
@@ -2874,34 +2879,43 @@
$this->mWatchedItems = array();
}
- $this->mWatchedItems[$key] = WatchedItem::fromUserTitle( $this,
$title );
+ $this->mWatchedItems[$key] = WatchedItem::fromUserTitle( $this,
$title, $checkRights );
return $this->mWatchedItems[$key];
}
/**
* Check the watched status of an article.
+ * @since 1.22 $checkRights parameter added
* @param $title Title of the article to look at
+ * @param $checkRights int Whether to check
'viewmywatchlist'/'editmywatchlist' rights.
+ * Pass WatchedItem::CHECK_USER_RIGHTS or
WatchedItem::IGNORE_USER_RIGHTS.
* @return bool
*/
- public function isWatched( $title ) {
- return $this->getWatchedItem( $title )->isWatched();
+ public function isWatched( $title, $checkRights =
WatchedItem::CHECK_USER_RIGHTS ) {
+ return $this->getWatchedItem( $title, $checkRights
)->isWatched();
}
/**
* Watch an article.
+ * @since 1.22 $checkRights parameter added
* @param $title Title of the article to look at
+ * @param $checkRights int Whether to check
'viewmywatchlist'/'editmywatchlist' rights.
+ * Pass WatchedItem::CHECK_USER_RIGHTS or
WatchedItem::IGNORE_USER_RIGHTS.
*/
- public function addWatch( $title ) {
- $this->getWatchedItem( $title )->addWatch();
+ public function addWatch( $title, $checkRights =
WatchedItem::CHECK_USER_RIGHTS ) {
+ $this->getWatchedItem( $title, $checkRights )->addWatch();
$this->invalidateCache();
}
/**
* Stop watching an article.
+ * @since 1.22 $checkRights parameter added
* @param $title Title of the article to look at
+ * @param $checkRights int Whether to check
'viewmywatchlist'/'editmywatchlist' rights.
+ * Pass WatchedItem::CHECK_USER_RIGHTS or
WatchedItem::IGNORE_USER_RIGHTS.
*/
- public function removeWatch( $title ) {
- $this->getWatchedItem( $title )->removeWatch();
+ public function removeWatch( $title, $checkRights =
WatchedItem::CHECK_USER_RIGHTS ) {
+ $this->getWatchedItem( $title, $checkRights )->removeWatch();
$this->invalidateCache();
}
@@ -2909,6 +2923,7 @@
* Clear the user's notification timestamp for the given title.
* If e-notif e-mails are on, they will receive notification mails on
* the next change of the page if it's watched etc.
+ * @note If the user doesn't have 'editmywatchlist', this will do
nothing.
* @param $title Title of the article to look at
*/
public function clearNotification( &$title ) {
@@ -2916,6 +2931,11 @@
// Do nothing if the database is locked to writes
if ( wfReadOnly() ) {
+ return;
+ }
+
+ // Do nothing if not allowed to edit the watchlist
+ if ( !$this->isAllowed( 'editmywatchlist' ) ) {
return;
}
@@ -2954,9 +2974,10 @@
* Resets all of the given user's page-change notification timestamps.
* If e-notif e-mails are on, they will receive notification mails on
* the next change of any watched page.
+ * @note If the user doesn't have 'editmywatchlist', this will do
nothing.
*/
public function clearAllNotifications() {
- if ( wfReadOnly() ) {
+ if ( wfReadOnly() || $this->isAllowed( 'editmywatchlist' ) ) {
return;
}
diff --git a/includes/WatchedItem.php b/includes/WatchedItem.php
index 45aa822..16f2692 100644
--- a/includes/WatchedItem.php
+++ b/includes/WatchedItem.php
@@ -27,19 +27,37 @@
* @ingroup Watchlist
*/
class WatchedItem {
- var $mTitle, $mUser;
+ /**
+ * Constant to specify that user rights 'editmywatchlist' and
+ * 'viewmywatchlist' should not be checked.
+ * @since 1.22
+ */
+ const IGNORE_USER_RIGHTS = 0;
+
+ /**
+ * Constant to specify that user rights 'editmywatchlist' and
+ * 'viewmywatchlist' should be checked.
+ * @since 1.22
+ */
+ const CHECK_USER_RIGHTS = 1;
+
+ var $mTitle, $mUser, $mCheckRights;
private $loaded = false, $watched, $timestamp;
/**
* Create a WatchedItem object with the given user and title
+ * @since 1.22 $checkRights parameter added
* @param $user User: the user to use for (un)watching
* @param $title Title: the title we're going to (un)watch
+ * @param $checkRights int: Whether to check the 'viewmywatchlist' and
'editmywatchlist' rights.
+ * Pass either WatchedItem::IGNORE_USER_RIGHTS or
WatchedItem::CHECK_USER_RIGHTS.
* @return WatchedItem object
*/
- public static function fromUserTitle( $user, $title ) {
+ public static function fromUserTitle( $user, $title, $checkRights =
WatchedItem::CHECK_USER_RIGHTS ) {
$wl = new WatchedItem;
$wl->mUser = $user;
$wl->mTitle = $title;
+ $wl->mCheckRights = $checkRights;
return $wl;
}
@@ -111,10 +129,22 @@
}
/**
+ * Check permissions
+ * @param $what string: 'view' or 'edit'
+ */
+ private function isAllowed( $what ) {
+ return !$this->mCheckRights || $this->mUser->isAllowed( $what .
'mywatchlist' );
+ }
+
+ /**
* Is mTitle being watched by mUser?
* @return bool
*/
public function isWatched() {
+ if ( !$this->isAllowed( 'view' ) ) {
+ return false;
+ }
+
$this->load();
return $this->watched;
}
@@ -126,6 +156,10 @@
* the wl_notificationtimestamp field otherwise
*/
public function getNotificationTimestamp() {
+ if ( !$this->isAllowed( 'view' ) ) {
+ return false;
+ }
+
$this->load();
if ( $this->watched ) {
return $this->timestamp;
@@ -142,7 +176,7 @@
*/
public function resetNotificationTimestamp( $force = '' ) {
// Only loggedin user can have a watchlist
- if ( wfReadOnly() || $this->mUser->isAnon() ) {
+ if ( wfReadOnly() || $this->mUser->isAnon() ||
!$this->isAllowed( 'edit' ) ) {
return;
}
@@ -170,7 +204,7 @@
wfProfileIn( __METHOD__ );
// Only loggedin user can have a watchlist
- if ( wfReadOnly() || $this->mUser->isAnon() ) {
+ if ( wfReadOnly() || $this->mUser->isAnon() ||
!$this->isAllowed( 'edit' ) ) {
wfProfileOut( __METHOD__ );
return false;
}
@@ -210,7 +244,7 @@
wfProfileIn( __METHOD__ );
// Only loggedin user can have a watchlist
- if ( wfReadOnly() || $this->mUser->isAnon() ) {
+ if ( wfReadOnly() || $this->mUser->isAnon() ||
!$this->isAllowed( 'edit' ) ) {
wfProfileOut( __METHOD__ );
return false;
}
diff --git a/includes/actions/WatchAction.php b/includes/actions/WatchAction.php
index de9e1d6..8382eaf 100644
--- a/includes/actions/WatchAction.php
+++ b/includes/actions/WatchAction.php
@@ -87,17 +87,58 @@
return parent::checkCanExecute( $user );
}
- public static function doWatch( Title $title, User $user ) {
+ /**
+ * Watch or unwatch a page
+ * @since 1.22
+ * @param bool $watch Whether to watch or unwatch the page
+ * @param Title $title Page to watch/unwatch
+ * @param User $user User who is watching/unwatching
+ */
+ public static function doWatchOrUnwatch( $watch, Title $title, User
$user ) {
+ if ( $user->isLoggedIn() && $user->getWatchedItem( $title, true
)->isWatched() != $watch ) {
+ // If the user doesn't have 'editmywatchlist', we still
want to
+ // allow them to add but not remove items via edits and
such.
+ if ( $watch ) {
+ self::doWatch( $title, $user,
WatchedItem::IGNORE_USER_RIGHTS );
+ } else {
+ self::doUnwatch( $title, $user );
+ }
+ }
+ }
+
+ /**
+ * Watch a page
+ * @since 1.22 $checkRights parameter added
+ * @param Title $title Page to watch/unwatch
+ * @param User $user User who is watching/unwatching
+ * @param int $checkRights Passed through to $user->addWatch()
+ * @return true
+ */
+ public static function doWatch( Title $title, User $user, $checkRights
= WatchedItem::CHECK_USER_RIGHTS ) {
+ if ( $checkRights !== WatchedItem::CHECK_USER_RIGHTS &&
!$user->isAllowed( 'editmywatchlist' ) ) {
+ return true;
+ }
+
$page = WikiPage::factory( $title );
if ( wfRunHooks( 'WatchArticle', array( &$user, &$page ) ) ) {
- $user->addWatch( $title );
+ $user->addWatch( $title, $checkRights );
wfRunHooks( 'WatchArticleComplete', array( &$user,
&$page ) );
}
return true;
}
+ /**
+ * Unwatch a page
+ * @param Title $title Page to watch/unwatch
+ * @param User $user User who is watching/unwatching
+ * @return true
+ */
public static function doUnwatch( Title $title, User $user ) {
+ if ( !$user->isAllowed( 'editmywatchlist' ) ) {
+ return true;
+ }
+
$page = WikiPage::factory( $title );
if ( wfRunHooks( 'UnwatchArticle', array( &$user, &$page ) ) ) {
diff --git a/includes/api/ApiBase.php b/includes/api/ApiBase.php
index fdf3b76..188516d 100644
--- a/includes/api/ApiBase.php
+++ b/includes/api/ApiBase.php
@@ -823,7 +823,7 @@
*/
protected function getWatchlistValue( $watchlist, $titleObj,
$userOption = null ) {
- $userWatching = $this->getUser()->isWatched( $titleObj );
+ $userWatching = $this->getUser()->isWatched( $titleObj,
WatchedItem::IGNORE_USER_RIGHTS );
switch ( $watchlist ) {
case 'watch':
@@ -865,12 +865,7 @@
return;
}
- $user = $this->getUser();
- if ( $value ) {
- WatchAction::doWatch( $titleObj, $user );
- } else {
- WatchAction::doUnwatch( $titleObj, $user );
- }
+ WatchAction::doWatchOrUnwatch( $value, $titleObj, $user );
}
/**
@@ -1545,6 +1540,9 @@
if ( !$this->getUser()->isLoggedIn() ) {
$this->dieUsage( 'You must be logged-in to have
a watchlist', 'notloggedin' );
}
+ if ( !$this->getUser()->isAllowed( 'viewmywatchlist' )
) {
+ $this->dieUsage( 'You don\'t have permission to
view your watchlist', 'permissiondenied' );
+ }
$user = $this->getUser();
}
return $user;
diff --git a/includes/api/ApiQueryInfo.php b/includes/api/ApiQueryInfo.php
index 5f8c497..017684e 100644
--- a/includes/api/ApiQueryInfo.php
+++ b/includes/api/ApiQueryInfo.php
@@ -669,7 +669,9 @@
private function getWatchedInfo() {
$user = $this->getUser();
- if ( $user->isAnon() || count( $this->everything ) == 0 ) {
+ if ( $user->isAnon() || count( $this->everything ) == 0
+ || !$user->isAllowed( 'viewmywatchlist' )
+ ) {
return;
}
diff --git a/includes/api/ApiSetNotificationTimestamp.php
b/includes/api/ApiSetNotificationTimestamp.php
index 53affbd..53a68fd 100644
--- a/includes/api/ApiSetNotificationTimestamp.php
+++ b/includes/api/ApiSetNotificationTimestamp.php
@@ -39,6 +39,9 @@
if ( $user->isAnon() ) {
$this->dieUsage( 'Anonymous users cannot use watchlist
change notifications', 'notloggedin' );
}
+ if ( !$user->isAllowed( 'editmywatchlist' ) ) {
+ $this->dieUsage( 'You don\'t have permission to edit
your watchlist', 'permissiondenied' );
+ }
$params = $this->extractRequestParams();
$this->requireMaxOneParameter( $params, 'timestamp', 'torevid',
'newerthanrevid' );
diff --git a/includes/api/ApiWatch.php b/includes/api/ApiWatch.php
index 3e51299..ee25b41 100644
--- a/includes/api/ApiWatch.php
+++ b/includes/api/ApiWatch.php
@@ -36,6 +36,9 @@
if ( !$user->isLoggedIn() ) {
$this->dieUsage( 'You must be logged-in to have a
watchlist', 'notloggedin' );
}
+ if ( !$user->isAllowed( 'editmywatchlist' ) ) {
+ $this->dieUsage( 'You don\'t have permission to edit
your watchlist', 'permissiondenied' );
+ }
$params = $this->extractRequestParams();
$title = Title::newFromText( $params['title'] );
diff --git a/includes/specials/SpecialBlock.php
b/includes/specials/SpecialBlock.php
index 5a2ad62..6ba009a 100644
--- a/includes/specials/SpecialBlock.php
+++ b/includes/specials/SpecialBlock.php
@@ -753,7 +753,7 @@
# Can't watch a rangeblock
if ( $type != Block::TYPE_RANGE && $data['Watch'] ) {
- $performer->addWatch( Title::makeTitle( NS_USER,
$target ) );
+ WatchAction::doWatch( Title::makeTitle( NS_USER,
$target ), $performer, WatchedItem::IGNORE_USER_RIGHTS );
}
# Block constructor sanitizes certain block options on insert
diff --git a/includes/specials/SpecialEditWatchlist.php
b/includes/specials/SpecialEditWatchlist.php
index f297039..b6005de 100644
--- a/includes/specials/SpecialEditWatchlist.php
+++ b/includes/specials/SpecialEditWatchlist.php
@@ -49,7 +49,7 @@
private $badItems = array();
public function __construct() {
- parent::__construct( 'EditWatchlist' );
+ parent::__construct( 'EditWatchlist', 'editmywatchlist' );
}
/**
diff --git a/includes/specials/SpecialMovepage.php
b/includes/specials/SpecialMovepage.php
index 2ba3c06..5923570 100644
--- a/includes/specials/SpecialMovepage.php
+++ b/includes/specials/SpecialMovepage.php
@@ -690,13 +690,8 @@
}
# Deal with watches (we don't watch subpages)
- if ( $this->watch && $user->isLoggedIn() ) {
- $user->addWatch( $ot );
- $user->addWatch( $nt );
- } else {
- $user->removeWatch( $ot );
- $user->removeWatch( $nt );
- }
+ WatchAction::doWatchOrUnwatch( $this->watch, $ot, $user );
+ WatchAction::doWatchOrUnwatch( $this->watch, $nt, $user );
# Re-clear the file redirect cache, which may have been
polluted by
# parsing in messages above. See CR r56745.
diff --git a/includes/specials/SpecialRecentchanges.php
b/includes/specials/SpecialRecentchanges.php
index 1b406d1..cee11fa 100644
--- a/includes/specials/SpecialRecentchanges.php
+++ b/includes/specials/SpecialRecentchanges.php
@@ -393,7 +393,7 @@
$fields = RecentChange::selectFields();
// JOIN on watchlist for users
- if ( $uid ) {
+ if ( $uid && $this->getUser()->isAllowed( 'viewmywatchlist' ) )
{
$tables[] = 'watchlist';
$fields[] = 'wl_user';
$fields[] = 'wl_notificationtimestamp';
diff --git a/includes/specials/SpecialRecentchangeslinked.php
b/includes/specials/SpecialRecentchangeslinked.php
index 062e09d..d9add54 100644
--- a/includes/specials/SpecialRecentchangeslinked.php
+++ b/includes/specials/SpecialRecentchangeslinked.php
@@ -99,7 +99,7 @@
// left join with watchlist table to highlight watched rows
$uid = $this->getUser()->getId();
- if ( $uid ) {
+ if ( $uid && $this->getUser()->isAllowed( 'viewmywatchlist' ) )
{
$tables[] = 'watchlist';
$select[] = 'wl_user';
$join_conds['watchlist'] = array( 'LEFT JOIN', array(
diff --git a/includes/specials/SpecialWatchlist.php
b/includes/specials/SpecialWatchlist.php
index f5e3660..428c470 100644
--- a/includes/specials/SpecialWatchlist.php
+++ b/includes/specials/SpecialWatchlist.php
@@ -26,8 +26,8 @@
/**
* Constructor
*/
- public function __construct( $page = 'Watchlist' ) {
- parent::__construct( $page );
+ public function __construct( $page = 'Watchlist', $restriction =
'viewmywatchlist' ) {
+ parent::__construct( $page, $restriction );
}
/**
diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php
index 2ed20c5..36e4252 100644
--- a/includes/upload/UploadBase.php
+++ b/includes/upload/UploadBase.php
@@ -688,7 +688,7 @@
if ( $status->isGood() ) {
if ( $watch ) {
- $user->addWatch(
$this->getLocalFile()->getTitle() );
+ WatchAction::doWatch(
$this->getLocalFile()->getTitle(), $user, WatchedItem::IGNORE_USER_RIGHTS );
}
wfRunHooks( 'UploadComplete', array( &$this ) );
}
diff --git a/languages/messages/MessagesEn.php
b/languages/messages/MessagesEn.php
index 0707b9b..f03e2ee 100644
--- a/languages/messages/MessagesEn.php
+++ b/languages/messages/MessagesEn.php
@@ -2096,6 +2096,8 @@
'right-edituserjs' => "Edit other users' JavaScript files",
'right-editmyusercss' => "Edit your own user CSS files",
'right-editmyuserjs' => "Edit your own user JavaScript files",
+'right-viewmywatchlist' => "View your own watchlist",
+'right-editmywatchlist' => "Edit your own watchlist. Note some actions
will still add pages even without this right.",
'right-rollback' => 'Quickly rollback the edits of the last user
who edited a particular page',
'right-markbotedits' => 'Mark rolled-back edits as bot edits',
'right-noratelimit' => 'Not be affected by rate limits',
diff --git a/languages/messages/MessagesQqq.php
b/languages/messages/MessagesQqq.php
index 03039bb..fe09960 100644
--- a/languages/messages/MessagesQqq.php
+++ b/languages/messages/MessagesQqq.php
@@ -2907,6 +2907,8 @@
'right-edituserjs' => '{{doc-right|edituserjs}}',
'right-editmyusercss' => '{{doc-right|editmyusercss}}',
'right-editmyuserjs' => '{{doc-right|editmyuserjs}}',
+'right-viewmywatchlist' => '{{doc-right|viewmywatchlist}}',
+'right-editmywatchlist' => '{{doc-right|editmywatchlist}}',
'right-rollback' => '{{doc-right|rollback}}
{{Identical|Rollback}}',
'right-markbotedits' => '{{doc-right|markbotedits}}
diff --git a/maintenance/dictionary/mediawiki.dic
b/maintenance/dictionary/mediawiki.dic
index 663012f..f73dfc1 100644
--- a/maintenance/dictionary/mediawiki.dic
+++ b/maintenance/dictionary/mediawiki.dic
@@ -1286,6 +1286,7 @@
editlink
editmyusercss
editmyuserjs
+editmywatchlist
editnotice
editnotsupported
editondblclick
@@ -4342,6 +4343,7 @@
viewcount
viewdeleted
viewhelppage
+viewmywatchlist
viewprevnext
viewsource
viewsourcelink
diff --git a/maintenance/language/messages.inc
b/maintenance/language/messages.inc
index ee52a3f..be9273c 100644
--- a/maintenance/language/messages.inc
+++ b/maintenance/language/messages.inc
@@ -1223,6 +1223,8 @@
'right-edituserjs',
'right-editmyusercss',
'right-editmyuserjs',
+ 'right-viewmywatchlist',
+ 'right-editmywatchlist',
'right-rollback',
'right-markbotedits',
'right-noratelimit',
--
To view, visit https://gerrit.wikimedia.org/r/67875
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie33446a228dd6ed0114730935c1bf65667f5ce01
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Anomie <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
