[MediaWiki-commits] [Gerrit] Added logged-in check to some special pages and fixed others - change (mediawiki...OAuth)

Aaron Schulz (Code Review) Mon, 05 Aug 2013 13:54:52 -0700

Aaron Schulz has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/77822



Change subject: Added logged-in check to some special pages and fixed others
......................................................................

Added logged-in check to some special pages and fixed others

bug: 52423
Change-Id: Id827814a462e1126ebd0b318362748f20203bb41
---
M frontend/language/MWOAuth.i18n.php
M frontend/specialpages/SpecialMWOAuthConsumerRegistration.php
M frontend/specialpages/SpecialMWOAuthManageConsumers.php
M frontend/specialpages/SpecialMWOAuthManageMyGrants.php
4 files changed, 27 insertions(+), 19 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OAuth 
refs/changes/22/77822/1

diff --git a/frontend/language/MWOAuth.i18n.php 
b/frontend/language/MWOAuth.i18n.php
index 125cf71..0193d11 100644
--- a/frontend/language/MWOAuth.i18n.php
+++ b/frontend/language/MWOAuth.i18n.php
@@ -55,6 +55,7 @@
        'mwoauth-consumer-stage-suppressed' => 'suppressed',
 
        'mwoauthconsumerregistration' => 'OAuth consumer registration',
+       'mwoauthconsumerregistration-notloggedin' => 'You have to be logged in 
to access this page.',
        'mwoauthconsumerregistration-navigation' => 'Navigation:',
        'mwoauthconsumerregistration-propose' => 'Propose new consumer',
        'mwoauthconsumerregistration-list' => 'My consumer list',
@@ -94,6 +95,7 @@
        'mwoauthconsumerregistration-secretreset' => 'You have been assigned a 
consumer secret token of \'\'\'$1\'\'\'. \'\'Please record this for future 
reference.\'\'',
 
        'mwoauthmanageconsumers' => 'Manage OAuth consumers',
+       'mwoauthmanageconsumers-notloggedin' => 'You have to be logged in to 
access this page.',
        'mwoauthmanageconsumers-type' => 'Queues:',
        'mwoauthmanageconsumers-showproposed' => 'Proposed requests',
        'mwoauthmanageconsumers-showrejected' => 'Rejected requests',
@@ -137,6 +139,7 @@
        'mwoauthmanageconsumers-success-reanable' => 'Consumer has been 
re-enabled.',
 
        'mwoauthmanagemygrants' => 'Manage account OAuth grants',
+       'mwoauthmanagemygrants-notloggedin' => 'You have to be logged in to 
access this page.',
        'mwoauthmanagemygrants-navigation' => 'Navigation:',
        'mwoauthmanagemygrants-showlist' => 'Accepted consumer list',
        'mwoauthmanagemygrants-none' => 'No consumers have access on behalf of 
your account.',
diff --git a/frontend/specialpages/SpecialMWOAuthConsumerRegistration.php 
b/frontend/specialpages/SpecialMWOAuthConsumerRegistration.php
index 9107886..d893aa9 100644
--- a/frontend/specialpages/SpecialMWOAuthConsumerRegistration.php
+++ b/frontend/specialpages/SpecialMWOAuthConsumerRegistration.php
@@ -37,6 +37,11 @@
        public function execute( $par ) {
                global $wgMWOAuthSecureTokenTransfer;
 
+               $user = $this->getUser();
+               $request = $this->getRequest();
+               $lang = $this->getLanguage();
+               $centralUserId = MWOAuthUtils::getCentralIdFromLocalUser( $user 
);
+
                // Redirect to HTTPs if attempting to access this page via HTTP.
                // Proposals and updates to consumers can involve sending new 
secrets.
                if ( $wgMWOAuthSecureTokenTransfer && 
WebRequest::detectProtocol() !== 'https' ) {
@@ -45,20 +50,18 @@
                        return;
                }
 
-               $user = $this->getUser();
-               $request = $this->getRequest();
-               $lang = $this->getLanguage();
-               $centralUserId = MWOAuthUtils::getCentralIdFromLocalUser( $user 
);
+               $this->setHeaders();
+               $this->getOutput()->disallowUserJs();
 
                $block = $user->getBlock();
                if ( $block ) {
                        throw new UserBlockedError( $block );
                } elseif ( wfReadOnly() ) {
                        throw new ReadOnlyError();
+               } elseif ( !$this->getUser()->isLoggedIn() ) {
+                       $this->getOutput()->addWikiMsg( 
'mwoauthconsumerregistration-notloggedin' );
+                       return;
                }
-
-               $this->setHeaders();
-               $this->getOutput()->disallowUserJs();
 
                // Format is 
Special:MWOAuthConsumerRegistration[/propose|/list|/update/<consumer key>]
                $navigation = explode( '/', $par );
diff --git a/frontend/specialpages/SpecialMWOAuthManageConsumers.php 
b/frontend/specialpages/SpecialMWOAuthManageConsumers.php
index 4269e8a..1bab15f 100644
--- a/frontend/specialpages/SpecialMWOAuthManageConsumers.php
+++ b/frontend/specialpages/SpecialMWOAuthManageConsumers.php
@@ -42,15 +42,16 @@
                $user = $this->getUser();
                $request = $this->getRequest();
 
-               if ( !$user->isAllowed( 'mwoauthmanageconsumer' ) ) {
-                       throw new PermissionsError( 'mwoauthmanageconsumer' );
-               } elseif ( !$user->getID() ) {
-                       throw new PermissionsError( 'user' );
-               }
-
                $this->setHeaders();
                $this->getOutput()->disallowUserJs();
 
+               if ( !$user->isAllowed( 'mwoauthmanageconsumer' ) ) {
+                       throw new PermissionsError( 'mwoauthmanageconsumer' );
+               } elseif ( !$this->getUser()->isLoggedIn() ) {
+                       $this->getOutput()->addWikiMsg( 
'mwoauthmanageconsumers-notloggedin' );
+                       return;
+               }
+
                // Format is Special:MWOAuthManageConsumers[/<stage>[/<consumer 
key>]]
                $navigation = explode( '/', $par );
                $stageKey = isset( $navigation[0] ) ? $navigation[0] : null;
diff --git a/frontend/specialpages/SpecialMWOAuthManageMyGrants.php 
b/frontend/specialpages/SpecialMWOAuthManageMyGrants.php
index 35ac272..56a7fab 100644
--- a/frontend/specialpages/SpecialMWOAuthManageMyGrants.php
+++ b/frontend/specialpages/SpecialMWOAuthManageMyGrants.php
@@ -39,15 +39,16 @@
                $user = $this->getUser();
                $request = $this->getRequest();
 
-               if ( !$user->isAllowed( 'mwoauthmanagemygrants' ) ) {
-                       throw new PermissionsError( 'mwoauthmanagemygrants' );
-               } elseif ( !$user->getID() ) {
-                       throw new PermissionsError( 'user' );
-               }
-
                $this->setHeaders();
                $this->getOutput()->disallowUserJs();
 
+               if ( !$user->isAllowed( 'mwoauthmanagemygrants' ) ) {
+                       throw new PermissionsError( 'mwoauthmanagemygrants' );
+               } elseif ( !$this->getUser()->isLoggedIn() ) {
+                       $this->getOutput()->addWikiMsg( 
'mwoauthmanagemygrants-notloggedin' );
+                       return;
+               }
+
                // Format is 
Special:MWOAuthManageMyGrants[/list|/manage/<accesstoken>]
                $navigation = explode( '/', $par );
                $typeKey = isset( $navigation[0] ) ? $navigation[0] : null;

-- 
To view, visit https://gerrit.wikimedia.org/r/77822
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Id827814a462e1126ebd0b318362748f20203bb41
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/OAuth
Gerrit-Branch: master
Gerrit-Owner: Aaron Schulz <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Added logged-in check to some special pages and fixed others - change (mediawiki...OAuth)

Reply via email to