jenkins-bot has submitted this change and it was merged.
Change subject: Added the permissions plugin
......................................................................
Added the permissions plugin
The username and id are stored in the annotation_json column and restricted the
users to update and delete their own annotations only. This patch also changes
the column name from user_id to annotation_user_id due to the error arising
while
using INNER JOIN.
Change-Id: Idefe71b7f0a991f32db94d3ee26e77943320a6b2
---
M AnnotationRepository.php
M api/ApiAnnotatorCreate.php
M api/ApiAnnotatorDestroy.php
M api/ApiAnnotatorUpdate.php
M modules/Annotator.js
M sql/annotator.sql
6 files changed, 81 insertions(+), 16 deletions(-)
Approvals:
Parent5446: Looks good to me, approved
jenkins-bot: Verified
diff --git a/AnnotationRepository.php b/AnnotationRepository.php
index 68b87ac..770570d 100644
--- a/AnnotationRepository.php
+++ b/AnnotationRepository.php
@@ -4,19 +4,34 @@
$dbr = wfGetDB( DB_SLAVE );
//select the annotation object from the database
- $annotation_json = $dbr->selectField(
- 'annotator',
- 'annotation_json',
+ $res = $dbr->select(
+ array('annotator', 'user'),
+ array(
+ 'annotation_json',
+ 'annotation_user_id',
+ 'user_name'
+ ),
array(
'annotation_id' => $annotation_id
+ ),
+ __METHOD__,
+ array(),
+ array(
+ 'user' => array(
+ 'INNER JOIN',
+ array(
+ 'user_id = annotation_user_id'
+ )
+ )
)
);
- if( $annotation_json === false ) {
+ $result = $dbr->fetchObject( $res );
+ if( !$result ) {
return null;
}
- $annotation = AnnotationRepository::populateAnnotation(
$annotation_json, $annotation_id );
+ $annotation = AnnotationRepository::populateAnnotation(
$result->annotation_json, $annotation_id, $result->annotation_user_id,
$result->user_name );
return $annotation;
}
@@ -24,13 +39,25 @@
//selects annotations of a particular revision ID
$dbr = wfGetDB( DB_SLAVE );
$res = $dbr->select(
- 'annotator',
+ array('annotator', 'user'),
array(
'annotation' => 'annotation_json',
- 'id' => 'annotation_id'
+ 'id' => 'annotation_id',
+ 'userId' => 'annotation_user_id',
+ 'userName' => 'user_name'
),
array(
'rev_id' => $revid
+ ),
+ __METHOD__,
+ array(),
+ array(
+ 'user' => array(
+ 'INNER JOIN',
+ array(
+ 'user_id = annotation_user_id'
+ )
+ )
)
);
@@ -38,16 +65,18 @@
$annotations['rows'] = array();
$total = 0;
foreach($res as $result) {
- $annotations['rows'][] =
AnnotationRepository::populateAnnotation( $result->annotation, $result->id );
+ $annotations['rows'][] =
AnnotationRepository::populateAnnotation( $result->annotation, $result->id,
$result->userId, $result->userName );
$total = $total + 1;
}
$annotations['total'] = $total;
return $annotations;
}
- protected function populateAnnotation( $annotation_json, $annotation_id
) {
+ protected function populateAnnotation( $annotation_json,
$annotation_id, $userId, $userName ) {
$annotation = json_decode($annotation_json);
$annotation->id = $annotation_id; //update the annotation
object with the ID
+ $annotation->user->id = $userId;
+ $annotation->user->username = $userName;
return $annotation;
}
}
\ No newline at end of file
diff --git a/api/ApiAnnotatorCreate.php b/api/ApiAnnotatorCreate.php
index e4847d8..8a0fbda 100755
--- a/api/ApiAnnotatorCreate.php
+++ b/api/ApiAnnotatorCreate.php
@@ -30,6 +30,10 @@
$this->dieUsage( "The revision ID is not valid",
'invalid_revision_id', 404 );
}
+ $annotation = json_decode($annotation);
+ unset($annotation->user); //strip out the user object
+ $annotation = json_encode($annotation);
+
//insert the annotations into the database
$dbw = wfGetDB( DB_MASTER );
$dbw->insert(
@@ -37,7 +41,7 @@
array(
'annotation_json' => $annotation,
'rev_id' => $revid,
- 'user_id' => $user_id
+ 'annotation_user_id' => $user_id
)
);
$annotation_id = $dbw->insertId(); //get the annotation ID
diff --git a/api/ApiAnnotatorDestroy.php b/api/ApiAnnotatorDestroy.php
index a1dc882..39c0fcd 100644
--- a/api/ApiAnnotatorDestroy.php
+++ b/api/ApiAnnotatorDestroy.php
@@ -19,7 +19,7 @@
$res = $dbw->select(
'annotator',
array(
- 'user_id'
+ 'annotation_user_id'
),
array(
'annotation_id' => $id
@@ -33,7 +33,7 @@
}
//checks if the user_id is of the same user who created the
annotation
- if( $userId !== intval( $row->user_id ) ) {
+ if( $userId !== intval( $row->annotation_user_id ) ) {
$this->dieUsage( "You don't have permissions to destroy
this annotation", 'user_not_authorized', 401 );
}
diff --git a/api/ApiAnnotatorUpdate.php b/api/ApiAnnotatorUpdate.php
index 743c676..f604c60 100644
--- a/api/ApiAnnotatorUpdate.php
+++ b/api/ApiAnnotatorUpdate.php
@@ -25,13 +25,15 @@
$annotation_json = json_decode($annotation_json);
unset($annotation_json->id); //strip out the id element
+ unset($annotation_json->user); //strip out the user object
+
$annotation_json = json_encode($annotation_json);
$dbw = wfGetDB( DB_MASTER );
$dbw->begin(); //lock the annotation in the db
$user_id = $dbw->selectField(
'annotator',
- 'user_id',
+ 'annotation_user_id',
array(
'annotation_id' => $id
),
diff --git a/modules/Annotator.js b/modules/Annotator.js
index 5bce970..b4ab400 100755
--- a/modules/Annotator.js
+++ b/modules/Annotator.js
@@ -3,10 +3,12 @@
*/
( function( mw, $ ) {
$( function( $ ) {
- var revid, annotations;
+ var revid, annotations, userId;
//Get the Revision Id of the page
revid = mw.config.get( 'wgCurRevisionId' );
+ //Get the userId
+ userId = mw.config.get( 'wgUserId' );
//Call the annotations
annotations = $( '#mw-content-text' ).annotator();
//Add the store plugin and modify the urls according to
mediawiki api
@@ -23,5 +25,33 @@
revid: revid
}
} );
- } );
+
+ //add the permissions plugin
+ annotations.annotator('addPlugin', 'Permissions', {
+
+ user: {
+ id: userId,
+ username: mw.user.getName()
+ },
+ permissions: {
+ 'read': [],
+ 'update': [ userId ],
+ 'delete': [ userId ]
+ },
+ userId: function (user) {
+ if( user && user.id ) {
+ return user.id;
+ }
+ return user;
+ },
+ userString: function (user) {
+ if( user && user.username ) {
+ return user.username;
+ }
+ return user;
+ },
+ showViewPermissionsCheckbox: false,
+ showEditPermissionsCheckbox: false
+ });
+ } )
}( mediaWiki, jQuery ) );
diff --git a/sql/annotator.sql b/sql/annotator.sql
index 551d8b3..47ee692 100644
--- a/sql/annotator.sql
+++ b/sql/annotator.sql
@@ -6,6 +6,6 @@
annotation_id int(10) unsigned NOT NULL PRIMARY KEY AUTO_INCREMENT,
annotation_json text NOT NULL,
rev_id int(10) unsigned NOT NULL,
- user_id int(10) unsigned NOT NULL
+ annotation_user_id int(10) unsigned NOT NULL
) /*$wgDBTableOptions*/;
--
To view, visit https://gerrit.wikimedia.org/r/75645
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Idefe71b7f0a991f32db94d3ee26e77943320a6b2
Gerrit-PatchSet: 12
Gerrit-Project: mediawiki/extensions/Annotator
Gerrit-Branch: master
Gerrit-Owner: Rjain <[email protected]>
Gerrit-Reviewer: Mattflaschen <[email protected]>
Gerrit-Reviewer: Parent5446 <[email protected]>
Gerrit-Reviewer: Rjain <[email protected]>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
