Jeroen De Dauw has submitted this change and it was merged.
Change subject: Check permissions in MergeItems..
......................................................................
Check permissions in MergeItems..
Change-Id: I6ed988023fedf872a9620fbed1bee342bd80155c
---
M repo/Wikibase.php
M repo/config/Wikibase.example.php
M repo/includes/api/MergeItems.php
M repo/tests/phpunit/includes/api/PermissionsTest.php
4 files changed, 38 insertions(+), 2 deletions(-)
Approvals:
Jeroen De Dauw: Looks good to me, approved
jenkins-bot: Verified
diff --git a/repo/Wikibase.php b/repo/Wikibase.php
index f1932dc..5667e41 100644
--- a/repo/Wikibase.php
+++ b/repo/Wikibase.php
@@ -85,6 +85,7 @@
$wgGroupPermissions['*']['item-override'] = true;
$wgGroupPermissions['*']['item-create'] = true;
$wgGroupPermissions['*']['item-remove'] = true;
+ $wgGroupPermissions['*']['item-merge'] = true;
$wgGroupPermissions['*']['property-override'] = true;
$wgGroupPermissions['*']['property-create'] = true;
$wgGroupPermissions['*']['property-remove'] = true;
diff --git a/repo/config/Wikibase.example.php b/repo/config/Wikibase.example.php
index dae4b53..7d84391 100644
--- a/repo/config/Wikibase.example.php
+++ b/repo/config/Wikibase.example.php
@@ -114,6 +114,7 @@
$wgGroupPermissions['*']['item-override'] = false;
$wgGroupPermissions['*']['item-create'] = false;
$wgGroupPermissions['*']['item-remove'] = false;
+$wgGroupPermissions['*']['item-merge'] = false;
$wgGroupPermissions['*']['property-override'] = false;
$wgGroupPermissions['*']['property-create'] = false;
$wgGroupPermissions['*']['property-remove'] = false;
@@ -130,6 +131,7 @@
$wgGroupPermissions['user']['item-override'] = true;
$wgGroupPermissions['user']['item-create'] = true;
$wgGroupPermissions['user']['item-remove'] = true;
+$wgGroupPermissions['user']['item-merge'] = true;
$wgGroupPermissions['user']['property-override'] = true;
$wgGroupPermissions['user']['property-create'] = true;
$wgGroupPermissions['user']['property-remove'] = true;
diff --git a/repo/includes/api/MergeItems.php b/repo/includes/api/MergeItems.php
index 1756d24..0a3c846 100644
--- a/repo/includes/api/MergeItems.php
+++ b/repo/includes/api/MergeItems.php
@@ -45,7 +45,7 @@
* @see \ApiBase::execute()
*/
public function execute() {
- $this->getUser();
+ $user = $this->getUser();
$params = $this->extractRequestParams();
$this->validateParams( $params );
@@ -53,6 +53,13 @@
$toEntityContent = $this->getEntityContentFromIdString(
$params['toid'] );
$this->validateEntityContents( $fromEntityContent,
$toEntityContent );
+ $status = Status::newGood();
+ $status->merge( $this->checkPermissions( $fromEntityContent,
$user, $params ) );
+ $status->merge( $this->checkPermissions( $toEntityContent,
$user, $params ) );
+ if( !$status->isGood() ){
+ $this->dieUsage( $status->getMessage(),
'permissiondenied');
+ }
+
/**
* @var ItemContent $fromEntityContent
* @var ItemContent $toEntityContent
diff --git a/repo/tests/phpunit/includes/api/PermissionsTest.php
b/repo/tests/phpunit/includes/api/PermissionsTest.php
index 15a5811..9021cbf 100644
--- a/repo/tests/phpunit/includes/api/PermissionsTest.php
+++ b/repo/tests/phpunit/includes/api/PermissionsTest.php
@@ -43,7 +43,7 @@
parent::setUp();
if( !isset( self::$hasSetup ) ){
- $this->initTestEntities( array( 'Oslo' ) );
+ $this->initTestEntities( array( 'Oslo', 'Empty' ) );
}
self::$hasSetup = true;
@@ -278,4 +278,30 @@
$this->doPermissionsTest( 'wbsetdescription', $params,
$permissions, $expectedError, array( "Oslo" ) );
}
+ function provideMergeItemsPermissions() {
+ $permissions = $this->provideEditPermissions();
+
+ $permissions[] = array( #5
+ array( # permissions
+ '*' => array( 'item-merge' => false ),
+ 'user' => array( 'item-merge' => false )
+ ),
+ 'permissiondenied' # error
+ );
+
+ return $permissions;
+ }
+
+ /**
+ * @dataProvider provideMergeItemsPermissions
+ */
+ function testMergeItems( $permissions, $expectedError ) {
+ $params = array(
+ 'fromid' => EntityTestHelper::getId( 'Oslo' ),
+ 'toid' => EntityTestHelper::getId( 'Empty' ),
+ );
+
+ $this->doPermissionsTest( 'wbmergeitems', $params,
$permissions, $expectedError, array( "Oslo" , "Empty" ) );
+ }
+
}
--
To view, visit https://gerrit.wikimedia.org/r/87669
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I6ed988023fedf872a9620fbed1bee342bd80155c
Gerrit-PatchSet: 3
Gerrit-Project: mediawiki/extensions/Wikibase
Gerrit-Branch: master
Gerrit-Owner: Addshore <[email protected]>
Gerrit-Reviewer: Aude <[email protected]>
Gerrit-Reviewer: Daniel Kinzler <[email protected]>
Gerrit-Reviewer: Jeroen De Dauw <[email protected]>
Gerrit-Reviewer: Tobias Gritschacher <[email protected]>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
