Sbisson has uploaded a new change for review. https://gerrit.wikimedia.org/r/207854
Change subject: Check for history permission later rather than sooner ...................................................................... Check for history permission later rather than sooner For topic history, permission was validated early against the last revision. If the current user could not see the last revision the entire history was considered unauthorized. Bug T96910 Change-Id: Ie81edc9590f33b828c4962a8d48db4f2b718fa7d --- M includes/Block/Topic.php 1 file changed, 2 insertions(+), 2 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Flow refs/changes/54/207854/1 diff --git a/includes/Block/Topic.php b/includes/Block/Topic.php index 8e2b4c6..1b02d8c 100644 --- a/includes/Block/Topic.php +++ b/includes/Block/Topic.php @@ -468,7 +468,7 @@ public function renderApi( array $options ) { $output = array( 'type' => $this->getName() ); - $topic = $this->loadTopicTitle( $this->action === 'history' ? 'history' : 'view' ); + $topic = $this->loadTopicTitle(); if ( !$topic ) { return $output + $this->finalizeApiOutput($options); } @@ -733,7 +733,7 @@ $revisions = array(); foreach ( $history as $row ) { - $serialized = $serializer->formatApi( $row, $this->context ); + $serialized = $serializer->formatApi( $row, $this->context, 'history' ); // if the user is not allowed to see this row it will return empty if ( $serialized ) { $revisions[$serialized['revisionId']] = $serialized; -- To view, visit https://gerrit.wikimedia.org/r/207854 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ie81edc9590f33b828c4962a8d48db4f2b718fa7d Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/Flow Gerrit-Branch: master Gerrit-Owner: Sbisson <sbis...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits