Dominic.sauer has uploaded a new change for review. https://gerrit.wikimedia.org/r/215305
Change subject: Add permission check for mark as exception ...................................................................... Add permission check for mark as exception Change-Id: I210f16346f51f7e806ef009c01627ff104bcc721 --- M api/GetViolations.php M includes/Violations/DispatchingViolationContext.php M includes/Violations/ViolationContext.php 3 files changed, 48 insertions(+), 6 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/WikidataQuality refs/changes/05/215305/1 diff --git a/api/GetViolations.php b/api/GetViolations.php index 8563686..71192a6 100755 --- a/api/GetViolations.php +++ b/api/GetViolations.php @@ -6,8 +6,12 @@ use DataValues\Serializers; use Doctrine\Instantiator\Exception\UnexpectedValueException; use Wikibase\Api\ApiWikibase; +use Wikibase\DataModel\Entity\EntityId; use Wikibase\DataModel\Entity\EntityIdParser; +use Wikibase\Lib\Store\EntityRevisionLookup; +use Wikibase\Lib\Store\StorageException; use Wikibase\Repo\WikibaseRepo; +use Wikibase\Repo\Store\EntityPermissionChecker; use WikibaseQuality\Violations\DispatchingViolationContext; use WikibaseQuality\Violations\Violation; use WikibaseQuality\Violations\ViolationQuery; @@ -47,6 +51,11 @@ */ private $violationContext; + /** + * @var EntityPermissionChecker + */ + private $permissionChecker; + /** * @param ApiMain $main * @param string $name @@ -59,6 +68,7 @@ $this->violationSerializer = WikibaseQualityFactory::getDefaultInstance()->getViolationSerializer(); $this->entityIdParser = WikibaseRepo::getDefaultInstance()->getEntityIdParser(); $this->violationContext = WikibaseQualityFactory::getDefaultInstance()->getDispatchingViolationContext(); + $this->permissionChecker = WikibaseRepo::getDefaultInstance()->getEntityPermissionChecker(); } /** @@ -72,7 +82,10 @@ $entityId = $this->entityIdParser->parse( $params['entityId'] ); $violations = $this->getViolationsOfEntity( $entityId ); - $this->writeResultOutput( $violations ); + + $permissionStatus = $this->checkExceptionPermission( $entityId ); + + $this->writeResultOutput( $violations, $permissionStatus ); } /** @@ -91,14 +104,15 @@ /** * @param Violation[] $violations + * @param bool $permissionStatus */ - private function writeResultOutput( array $violations ) { + private function writeResultOutput( array $violations, $permissionStatus ) { $output = array(); if ( count( $violations ) > 0 ) { foreach ( $violations as $violation ) { try { $shortMessage = $this->violationContext->getShortMessage( $violation ); - $longMessage = $this->violationContext->getLongMessage( $violation ); + $longMessage = $this->violationContext->getLongMessage( $violation, $permissionStatus ); $iconPath = $this->violationContext->getIconPath( $violation ); } catch( UnexpectedValueException $e ) { @@ -151,4 +165,30 @@ 'action=wdqagetviolations&entityId=Q76' => 'apihelp-wdqagetviolations-examples-1' ); } + + + /** + * Checks the permission for marking an violation as exception + * + * @param EntityId $entityId + * + * @return bool + * @codeCoverageIgnore + */ + private function checkExceptionPermission( EntityId $entityId ) { + $user = \RequestContext::getMain()->getUser(); + $baseRevisionId = EntityRevisionLookup::LATEST_FROM_MASTER; + $status = false; + try { + $entityRev = $this->getEntityRevisionLookup()->getEntityRevision( $entityId, $baseRevisionId ); + $entity = $entityRev->getEntity(); + // At this point only change/edit rights should be checked + $status = $this->permissionChecker->getPermissionStatusForEntity( $user, 'wikibase-violation-exception', $entity ); + } catch ( StorageException $ex ) { + $this->dieException( $ex, 'no-such-entity' ); + } + + return $status->isOK(); + } + } \ No newline at end of file diff --git a/includes/Violations/DispatchingViolationContext.php b/includes/Violations/DispatchingViolationContext.php index b01f167..e8c5f87 100755 --- a/includes/Violations/DispatchingViolationContext.php +++ b/includes/Violations/DispatchingViolationContext.php @@ -86,11 +86,12 @@ * Returns human readable message for given violation of this context. * * @param Violation $violation + * @param bool $permissionStatus * @return string */ - public function getLongMessage( Violation $violation ) { + public function getLongMessage( Violation $violation, $permissionStatus ) { - return $this->getContextOf( $violation )->getLongMessage( $violation ); + return $this->getContextOf( $violation )->getLongMessage( $violation, $permissionStatus ); } /** diff --git a/includes/Violations/ViolationContext.php b/includes/Violations/ViolationContext.php index 180ebb2..5ee486b 100755 --- a/includes/Violations/ViolationContext.php +++ b/includes/Violations/ViolationContext.php @@ -68,7 +68,8 @@ * Returns human readable long message for given violation of this context. * * @param Violation $violation + * @param bool $permissionStatus * @return string */ - public function getLongMessage( Violation $violation ); + public function getLongMessage( Violation $violation, $permissionStatus ); } \ No newline at end of file -- To view, visit https://gerrit.wikimedia.org/r/215305 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I210f16346f51f7e806ef009c01627ff104bcc721 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/WikidataQuality Gerrit-Branch: master Gerrit-Owner: Dominic.sauer <dominic.sa...@yahoo.de> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits