Aaron Schulz has uploaded a new change for review.
https://gerrit.wikimedia.org/r/95735
Change subject: Enforce that all consumers have basic rights
......................................................................
Enforce that all consumers have basic rights
Change-Id: Iaf25f3ac7a2105261aa999cfd0bff5b447863941
---
M OAuth.config.php
M control/MWOAuthConsumerAcceptanceSubmitControl.php
M control/MWOAuthConsumerSubmitControl.php
M frontend/specialpages/SpecialMWOAuthConsumerRegistration.php
4 files changed, 17 insertions(+), 3 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OAuth
refs/changes/35/95735/1
diff --git a/OAuth.config.php b/OAuth.config.php
index 5f5c526..dd230f5 100644
--- a/OAuth.config.php
+++ b/OAuth.config.php
@@ -132,6 +132,7 @@
/** @var Array Map of grants to their UI grouping */
$wgMWOAuthGrantPermissionGroups = array(
+ // Hidden grants are implicitly present
'useoauth' => 'hidden',
'editpage' => 'page-interaction',
diff --git a/control/MWOAuthConsumerAcceptanceSubmitControl.php
b/control/MWOAuthConsumerAcceptanceSubmitControl.php
index 3946461..de0f6e0 100644
--- a/control/MWOAuthConsumerAcceptanceSubmitControl.php
+++ b/control/MWOAuthConsumerAcceptanceSubmitControl.php
@@ -117,7 +117,12 @@
}
$cmr = MWOAuthConsumer::newFromId( $dbw, $cmra->get(
'consumerId' ) );
- $grants = FormatJSON::decode( $this->vals['grants'],
true );
+ $grants = FormatJSON::decode( $this->vals['grants'],
true ); // requested grants
+ $grants = array_unique( array_merge(
+ MWOAuthUtils::getHiddenGrants(), // implied
grants
+ array_intersect( $grants, $cmr->get( 'grants' )
) // applicable requested grants
+ ) );
+
$cmra->setFields( array(
'grants' => array_intersect( $grants,
$cmr->get( 'grants' ) ) // sanity
) );
diff --git a/control/MWOAuthConsumerSubmitControl.php
b/control/MWOAuthConsumerSubmitControl.php
index 9f9b222..72ecfe4 100644
--- a/control/MWOAuthConsumerSubmitControl.php
+++ b/control/MWOAuthConsumerSubmitControl.php
@@ -190,7 +190,10 @@
'registration' => $now,
'stage' =>
MWOAuthConsumer::STAGE_PROPOSED,
'stageTimestamp' => $now,
- 'grants' =>
FormatJSON::decode( $this->vals['grants'], true ),
+ 'grants' => array_unique(
array_merge(
+
MWOAuthUtils::getHiddenGrants(), // implied grants
+ FormatJSON::decode(
$this->vals['grants'], true )
+ ) ),
'restrictions' =>
FormatJSON::decode( $this->vals['restrictions'], true ),
'deleted' => 0
) + $this->vals
diff --git a/frontend/specialpages/SpecialMWOAuthConsumerRegistration.php
b/frontend/specialpages/SpecialMWOAuthConsumerRegistration.php
index 5ff69f5..52c6986 100644
--- a/frontend/specialpages/SpecialMWOAuthConsumerRegistration.php
+++ b/frontend/specialpages/SpecialMWOAuthConsumerRegistration.php
@@ -57,7 +57,8 @@
$this->setHeaders();
$this->getOutput()->disallowUserJs();
$this->getOutput()->addModules( 'ext.MWOAuth.WikiSelect' );
- $this->getOutput()->addJsConfigVars( 'wgOAuthWikiList',
array_values( MWOAuthUtils::getAllWikiNames() ) );
+ $this->getOutput()->addJsConfigVars( 'wgOAuthWikiList',
+ array_values( MWOAuthUtils::getAllWikiNames() ) );
$block = $user->getBlock();
if ( $block ) {
@@ -144,6 +145,10 @@
MWOAuthUtils::getRightsByGrant()
)
),
+ 'force-options-on' => array_map(
+ function( $g ) { return
"grant-$g"; },
+
MWOAuthUtils::getHiddenGrants()
+ ),
'validation-callback' => null
// different format
),
'restrictions' => array(
--
To view, visit https://gerrit.wikimedia.org/r/95735
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Iaf25f3ac7a2105261aa999cfd0bff5b447863941
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/OAuth
Gerrit-Branch: master
Gerrit-Owner: Aaron Schulz <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
