http://www.mediawiki.org/wiki/Special:Code/MediaWiki/88574
Revision: 88574
Author: werdna
Date: 2011-05-22 13:31:30 +0000 (Sun, 22 May 2011)
Log Message:
-----------
LiquidThreads: permissions checks for some API actions were missing
Modified Paths:
--------------
trunk/extensions/LiquidThreads/api/ApiThreadAction.php
trunk/extensions/LiquidThreads/classes/View.php
trunk/extensions/LiquidThreads/lqt.js
Modified: trunk/extensions/LiquidThreads/api/ApiThreadAction.php
===================================================================
--- trunk/extensions/LiquidThreads/api/ApiThreadAction.php 2011-05-22
12:57:42 UTC (rev 88573)
+++ trunk/extensions/LiquidThreads/api/ApiThreadAction.php 2011-05-22
13:31:30 UTC (rev 88574)
@@ -108,6 +108,13 @@
}
$thread = array_pop( $threads );
+
+ global $wgUser;
+ $errors = $thread->title()->getUserPermissionsErrors(
'lqt-split', $wgUser );
+ if ( $errors ) {
+ // We don't care about multiple errors, just report one
of them
+ $this->dieUsageMsg( reset( $errors ) );
+ }
if ( $thread->isTopmostThread() ) {
$this->dieUsage( 'This thread is already a top-level
thread.',
@@ -175,6 +182,13 @@
$article = new Article( $title, 0 );
$newParent = Threads::withRoot( $article );
}
+
+ global $wgUser;
+ $errors = $newParent->title()->getUserPermissionsErrors(
'lqt-merge', $wgUser );
+ if ( $errors ) {
+ // We don't care about multiple errors, just report one
of them
+ $this->dieUsageMsg( reset( $errors ) );
+ }
if ( !$newParent ) {
$this->dieUsage( 'The parent thread you specified was
neither the title ' .
@@ -605,6 +619,13 @@
'no-specified-threads' );
}
$thread = array_pop( $threads );
+
+ global $wgUser;
+ $errors = $thread->title()->getUserPermissionsErrors( 'edit',
$wgUser );
+ if ( $errors ) {
+ // We don't care about multiple errors, just report one
of them
+ $this->dieUsageMsg( reset( $errors ) );
+ }
// Validate subject
if ( empty( $params['subject'] ) ) {
@@ -677,6 +698,14 @@
}
$thread = array_pop( $threads );
+
+ global $wgUser;
+ $errors = $thread->title()->getUserPermissionsErrors( 'edit',
$wgUser );
+ if ( $errors ) {
+ // We don't care about multiple errors, just report one
of them
+ $this->dieUsageMsg( reset( $errors ) );
+ }
+
$thread->setSortkey( $ts );
$thread->commitRevision( Threads::CHANGE_ADJUSTED_SORTKEY,
null, $reason );
Modified: trunk/extensions/LiquidThreads/classes/View.php
===================================================================
--- trunk/extensions/LiquidThreads/classes/View.php 2011-05-22 12:57:42 UTC
(rev 88573)
+++ trunk/extensions/LiquidThreads/classes/View.php 2011-05-22 13:31:30 UTC
(rev 88574)
@@ -354,7 +354,7 @@
}
/**
- * Workaround for bugs caused by r82686
+ * Workaround for bug 27887 caused by r82686
* @param $request FauxRequest object to have session data injected
into.
*/
static function fixFauxRequestSession( $request ) {
@@ -1876,6 +1876,10 @@
} else {
$class .= ' lqt-thread-no-subthreads';
}
+
+ if ( ! $thread->title()->userCan('edit') ) {
+ $class .= ' lqt-thread-uneditable';
+ }
$class .= ' lqt-thread-wrapper';
Modified: trunk/extensions/LiquidThreads/lqt.js
===================================================================
--- trunk/extensions/LiquidThreads/lqt.js 2011-05-22 12:57:42 UTC (rev
88573)
+++ trunk/extensions/LiquidThreads/lqt.js 2011-05-22 13:31:30 UTC (rev
88574)
@@ -378,7 +378,9 @@
},
'setupThreadMenu' : function( menu, id ) {
- if ( menu.find('.lqt-command-edit-subject').length ) {
+ if ( menu.find('.lqt-command-edit-subject').length ||
+ menu.closest('.lqt_thread').is('.lqt-thread-uneditable')
+ ) {
return;
}
_______________________________________________
MediaWiki-CVS mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs
