jenkins-bot has submitted this change and it was merged.
Change subject: Add user rights 'editmyuserjs' and 'editmyusercss'
......................................................................
Add user rights 'editmyuserjs' and 'editmyusercss'
These are needed for OAuth grants.
Change-Id: I52f8e4a5cb48573cb2dbc26fc508e61a95d748c3
---
M RELEASE-NOTES-1.22
M includes/DefaultSettings.php
M includes/Title.php
M includes/User.php
M languages/messages/MessagesEn.php
M languages/messages/MessagesQqq.php
M maintenance/dictionary/mediawiki.dic
M maintenance/language/messages.inc
M tests/phpunit/includes/TitlePermissionTest.php
9 files changed, 84 insertions(+), 42 deletions(-)
Approvals:
Aaron Schulz: Looks good to me, approved
jenkins-bot: Verified
diff --git a/RELEASE-NOTES-1.22 b/RELEASE-NOTES-1.22
index 1bdc9d9..6534215 100644
--- a/RELEASE-NOTES-1.22
+++ b/RELEASE-NOTES-1.22
@@ -30,6 +30,10 @@
* $wgDBOracleDRCP added. True enables persistent connection with DRCP on
Oracle.
* $wgLogAutopatrol added to allow disabling logging of autopatrol edits in the
logging table.
default for $wgLogAutopatrol is true.
+* The 'edit' right no longer allows for editing a user's own CSS and JS.
+* New rights 'editmyusercss' and 'editmyuserjs' restrict actions that were
+ formerly allowed by default. They have been added to the default for
+ $wgGroupPermissions['*'].
=== New features in 1.22 ===
* (bug 44525) mediawiki.jqueryMsg can now parse (whitelisted) HTML elements
and attributes.
@@ -101,6 +105,10 @@
* LinkCache singleton can now be altered or cleared, letting one to specify
another instance that does not rely on a database backend.
* MediaWiki's PHPUnit tests can now use PHPUnit installed using composer --dev.
+* New user rights have been added to increase granularity in rights management
+ for extensions such as OAuth:
+** editmyusercss controls whether a user may edit their own CSS subpages.
+** editmyuserjs controls whether a user may edit their own JS subpages.
=== Bug fixes in 1.22 ===
* Disable Special:PasswordReset when $wgEnableEmail is false. Previously one
@@ -211,6 +219,8 @@
sajax_do_call and wfSupportsAjax.
* BREAKING CHANGE: meta keywords are no longer supported. A <meta
name="keywords"
will no longer be output and OutputPage::addKeyword no longer exists.
+* Methods Title::userCanEditCssSubpage and Title::userCanEditJsSubpage,
+ deprecated since 1.19, have been removed.
== Compatibility ==
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 06eba95..b560baf 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -3888,6 +3888,8 @@
$wgGroupPermissions['*']['createpage'] = true;
$wgGroupPermissions['*']['createtalk'] = true;
$wgGroupPermissions['*']['writeapi'] = true;
+$wgGroupPermissions['*']['editmyusercss'] = true;
+$wgGroupPermissions['*']['editmyuserjs'] = true;
#$wgGroupPermissions['*']['patrolmarks'] = false; // let anons see what was
patrolled
// Implicit group for all logged-in accounts
diff --git a/includes/Title.php b/includes/Title.php
index a543126..d40d923 100644
--- a/includes/Title.php
+++ b/includes/Title.php
@@ -1891,12 +1891,19 @@
# Protect css/js subpages of user pages
# XXX: this might be better using restrictions
# XXX: right 'editusercssjs' is deprecated, for backward
compatibility only
- if ( $action != 'patrol' && !$user->isAllowed( 'editusercssjs' )
- && !preg_match( '/^' . preg_quote(
$user->getName(), '/' ) . '\//', $this->mTextform ) ) {
- if ( $this->isCssSubpage() && !$user->isAllowed(
'editusercss' ) ) {
- $errors[] = array( 'customcssprotected' );
- } elseif ( $this->isJsSubpage() && !$user->isAllowed(
'edituserjs' ) ) {
- $errors[] = array( 'customjsprotected' );
+ if ( $action != 'patrol' && !$user->isAllowed( 'editusercssjs'
) ) {
+ if ( preg_match( '/^' . preg_quote( $user->getName(),
'/' ) . '\//', $this->mTextform ) ) {
+ if ( $this->isCssSubpage() &&
!$user->isAllowedAny( 'editmyusercss', 'editusercss' ) ) {
+ $errors[] = array(
'mycustomcssprotected' );
+ } elseif ( $this->isJsSubpage() &&
!$user->isAllowedAny( 'editmyuserjs', 'edituserjs' ) ) {
+ $errors[] = array(
'mycustomjsprotected' );
+ }
+ } else {
+ if ( $this->isCssSubpage() &&
!$user->isAllowed( 'editusercss' ) ) {
+ $errors[] = array( 'customcssprotected'
);
+ } elseif ( $this->isJsSubpage() &&
!$user->isAllowed( 'edituserjs' ) ) {
+ $errors[] = array( 'customjsprotected'
);
+ }
}
}
@@ -2240,36 +2247,6 @@
wfProfileOut( __METHOD__ );
return $errors;
- }
-
- /**
- * Protect css subpages of user pages: can $wgUser edit
- * this page?
- *
- * @deprecated in 1.19; use getUserPermissionsErrors() instead.
- * @return Bool
- */
- public function userCanEditCssSubpage() {
- global $wgUser;
- wfDeprecated( __METHOD__, '1.19' );
- return ( ( $wgUser->isAllowedAll( 'editusercssjs',
'editusercss' ) )
- || preg_match( '/^' . preg_quote( $wgUser->getName(),
'/' ) . '\//', $this->mTextform ) );
- }
-
- /**
- * Protect js subpages of user pages: can $wgUser edit
- * this page?
- *
- * @deprecated in 1.19; use getUserPermissionsErrors() instead.
- * @return Bool
- */
- public function userCanEditJsSubpage() {
- global $wgUser;
- wfDeprecated( __METHOD__, '1.19' );
- return (
- ( $wgUser->isAllowedAll( 'editusercssjs', 'edituserjs'
) )
- || preg_match( '/^' . preg_quote( $wgUser->getName(),
'/' ) . '\//', $this->mTextform )
- );
}
/**
diff --git a/includes/User.php b/includes/User.php
index ef3f9ac..1c13211 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -124,6 +124,8 @@
'edit',
'editinterface',
'editprotected',
+ 'editmyusercss',
+ 'editmyuserjs',
'editusercssjs', #deprecated
'editusercss',
'edituserjs',
diff --git a/languages/messages/MessagesEn.php
b/languages/messages/MessagesEn.php
index c539dba..0707b9b 100644
--- a/languages/messages/MessagesEn.php
+++ b/languages/messages/MessagesEn.php
@@ -1070,6 +1070,8 @@
'namespaceprotected' => "You do not have permission to edit pages
in the '''$1''' namespace.",
'customcssprotected' => "You do not have permission to edit this
CSS page because it contains another user's personal settings.",
'customjsprotected' => "You do not have permission to edit this
JavaScript page because it contains another user's personal settings.",
+'mycustomcssprotected' => "You do not have permission to edit this
CSS page.",
+'mycustomjsprotected' => "You do not have permission to edit this
JavaScript page.",
'ns-specialprotected' => 'Special pages cannot be edited.',
'titleprotected' => 'This title has been protected from
creation by [[User:$1|$1]].
The reason given is "\'\'$2\'\'".',
@@ -2092,6 +2094,8 @@
'right-editusercssjs' => "Edit other users' CSS and JavaScript files",
'right-editusercss' => "Edit other users' CSS files",
'right-edituserjs' => "Edit other users' JavaScript files",
+'right-editmyusercss' => "Edit your own user CSS files",
+'right-editmyuserjs' => "Edit your own user JavaScript files",
'right-rollback' => 'Quickly rollback the edits of the last user
who edited a particular page',
'right-markbotedits' => 'Mark rolled-back edits as bot edits',
'right-noratelimit' => 'Not be affected by rate limits',
diff --git a/languages/messages/MessagesQqq.php
b/languages/messages/MessagesQqq.php
index d3f8012..03039bb 100644
--- a/languages/messages/MessagesQqq.php
+++ b/languages/messages/MessagesQqq.php
@@ -1025,6 +1025,8 @@
'namespaceprotected' => '* $1 - namespace name',
'customcssprotected' => 'Used as error message.',
'customjsprotected' => 'Used as error message.',
+'mycustomcssprotected' => 'Used as error message.',
+'mycustomjsprotected' => 'Used as error message.',
'ns-specialprotected' => 'Error message displayed when trying to edit a page
in the Special namespace',
'titleprotected' => 'Use $1 for GENDER.',
'filereadonlyerror' => 'Parameters:
@@ -2903,6 +2905,8 @@
'right-editusercssjs' => '{{doc-right|editusercssjs}}',
'right-editusercss' => '{{doc-right|editusercss}}',
'right-edituserjs' => '{{doc-right|edituserjs}}',
+'right-editmyusercss' => '{{doc-right|editmyusercss}}',
+'right-editmyuserjs' => '{{doc-right|editmyuserjs}}',
'right-rollback' => '{{doc-right|rollback}}
{{Identical|Rollback}}',
'right-markbotedits' => '{{doc-right|markbotedits}}
diff --git a/maintenance/dictionary/mediawiki.dic
b/maintenance/dictionary/mediawiki.dic
index 22452fd..663012f 100644
--- a/maintenance/dictionary/mediawiki.dic
+++ b/maintenance/dictionary/mediawiki.dic
@@ -1284,6 +1284,8 @@
editintro
edititis
editlink
+editmyusercss
+editmyuserjs
editnotice
editnotsupported
editondblclick
diff --git a/maintenance/language/messages.inc
b/maintenance/language/messages.inc
index 3a07553..ee52a3f 100644
--- a/maintenance/language/messages.inc
+++ b/maintenance/language/messages.inc
@@ -424,6 +424,8 @@
'namespaceprotected',
'customcssprotected',
'customjsprotected',
+ 'mycustomcssprotected',
+ 'mycustomjsprotected',
'ns-specialprotected',
'titleprotected',
'filereadonlyerror',
@@ -1219,6 +1221,8 @@
'right-editusercssjs',
'right-editusercss',
'right-edituserjs',
+ 'right-editmyusercss',
+ 'right-editmyuserjs',
'right-rollback',
'right-markbotedits',
'right-noratelimit',
diff --git a/tests/phpunit/includes/TitlePermissionTest.php
b/tests/phpunit/includes/TitlePermissionTest.php
index f0eb76f..6ae995e 100644
--- a/tests/phpunit/includes/TitlePermissionTest.php
+++ b/tests/phpunit/includes/TitlePermissionTest.php
@@ -402,41 +402,78 @@
function testCssAndJavascriptPermissions() {
$this->setUser( $this->userName );
+ $this->setTitle( NS_USER, $this->userName . '/test.js' );
+ $this->runCSSandJSPermissions(
+ array( array( 'badaccess-group0' ), array(
'mycustomjsprotected' ) ),
+ array( array( 'badaccess-group0' ), array(
'mycustomjsprotected' ) ),
+ array( array( 'badaccess-group0' ) ),
+ array( array( 'badaccess-group0' ), array(
'mycustomjsprotected' ) ),
+ array( array( 'badaccess-group0' ) )
+ );
+
+ $this->setTitle( NS_USER, $this->userName . '/test.css' );
+ $this->runCSSandJSPermissions(
+ array( array( 'badaccess-group0' ), array(
'mycustomcssprotected' ) ),
+ array( array( 'badaccess-group0' ) ),
+ array( array( 'badaccess-group0' ), array(
'mycustomcssprotected' ) ),
+ array( array( 'badaccess-group0' ) ),
+ array( array( 'badaccess-group0' ), array(
'mycustomcssprotected' ) )
+ );
+
$this->setTitle( NS_USER, $this->altUserName . '/test.js' );
$this->runCSSandJSPermissions(
array( array( 'badaccess-group0' ), array(
'customjsprotected' ) ),
array( array( 'badaccess-group0' ), array(
'customjsprotected' ) ),
- array( array( 'badaccess-group0' ) ) );
+ array( array( 'badaccess-group0' ), array(
'customjsprotected' ) ),
+ array( array( 'badaccess-group0' ), array(
'customjsprotected' ) ),
+ array( array( 'badaccess-group0' ) )
+ );
$this->setTitle( NS_USER, $this->altUserName . '/test.css' );
$this->runCSSandJSPermissions(
array( array( 'badaccess-group0' ), array(
'customcssprotected' ) ),
+ array( array( 'badaccess-group0' ), array(
'customcssprotected' ) ),
+ array( array( 'badaccess-group0' ), array(
'customcssprotected' ) ),
array( array( 'badaccess-group0' ) ),
- array( array( 'badaccess-group0' ), array(
'customcssprotected' ) ) );
+ array( array( 'badaccess-group0' ), array(
'customcssprotected' ) )
+ );
$this->setTitle( NS_USER, $this->altUserName . '/tempo' );
$this->runCSSandJSPermissions(
array( array( 'badaccess-group0' ) ),
array( array( 'badaccess-group0' ) ),
- array( array( 'badaccess-group0' ) ) );
+ array( array( 'badaccess-group0' ) ),
+ array( array( 'badaccess-group0' ) ),
+ array( array( 'badaccess-group0' ) )
+ );
}
- function runCSSandJSPermissions( $result0, $result1, $result2 ) {
+ function runCSSandJSPermissions( $result0, $result1, $result2,
$result3, $result4 ) {
$this->setUserPerm( '' );
$this->assertEquals( $result0,
$this->title->getUserPermissionsErrors( 'bogus',
$this->user ) );
- $this->setUserPerm( 'editusercss' );
+ $this->setUserPerm( 'editmyusercss' );
$this->assertEquals( $result1,
$this->title->getUserPermissionsErrors( 'bogus',
$this->user ) );
- $this->setUserPerm( 'edituserjs' );
+ $this->setUserPerm( 'editmyuserjs' );
$this->assertEquals( $result2,
$this->title->getUserPermissionsErrors( 'bogus',
$this->user ) );
+ $this->setUserPerm( 'editusercss' );
+ $this->assertEquals( $result3,
+ $this->title->getUserPermissionsErrors( 'bogus',
+ $this->user ) );
+
+ $this->setUserPerm( 'edituserjs' );
+ $this->assertEquals( $result4,
+ $this->title->getUserPermissionsErrors( 'bogus',
+ $this->user ) );
+
$this->setUserPerm( 'editusercssjs' );
$this->assertEquals( array( array( 'badaccess-group0' ) ),
$this->title->getUserPermissionsErrors( 'bogus',
--
To view, visit https://gerrit.wikimedia.org/r/67874
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I52f8e4a5cb48573cb2dbc26fc508e61a95d748c3
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Anomie <[email protected]>
Gerrit-Reviewer: Aaron Schulz <[email protected]>
Gerrit-Reviewer: CSteipp <[email protected]>
Gerrit-Reviewer: Siebrand <[email protected]>
Gerrit-Reviewer: Tim Starling <[email protected]>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
