Sbisson has uploaded a new change for review.
https://gerrit.wikimedia.org/r/207854
Change subject: Check for history permission later rather than sooner
......................................................................
Check for history permission later rather than sooner
For topic history, permission was validated early against the
last revision. If the current user could not see the
last revision the entire history was considered
unauthorized.
Bug T96910
Change-Id: Ie81edc9590f33b828c4962a8d48db4f2b718fa7d
---
M includes/Block/Topic.php
1 file changed, 2 insertions(+), 2 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Flow
refs/changes/54/207854/1
diff --git a/includes/Block/Topic.php b/includes/Block/Topic.php
index 8e2b4c6..1b02d8c 100644
--- a/includes/Block/Topic.php
+++ b/includes/Block/Topic.php
@@ -468,7 +468,7 @@
public function renderApi( array $options ) {
$output = array( 'type' => $this->getName() );
- $topic = $this->loadTopicTitle( $this->action === 'history' ?
'history' : 'view' );
+ $topic = $this->loadTopicTitle();
if ( !$topic ) {
return $output + $this->finalizeApiOutput($options);
}
@@ -733,7 +733,7 @@
$revisions = array();
foreach ( $history as $row ) {
- $serialized = $serializer->formatApi( $row,
$this->context );
+ $serialized = $serializer->formatApi( $row,
$this->context, 'history' );
// if the user is not allowed to see this row it will
return empty
if ( $serialized ) {
$revisions[$serialized['revisionId']] =
$serialized;
--
To view, visit https://gerrit.wikimedia.org/r/207854
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie81edc9590f33b828c4962a8d48db4f2b718fa7d
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/Flow
Gerrit-Branch: master
Gerrit-Owner: Sbisson <sbis...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
