https://bugzilla.wikimedia.org/show_bug.cgi?id=33380
Nikola Kovacs <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #9771|0 |1 is obsolete| | --- Comment #13 from Nikola Kovacs <[email protected]> 2011-12-28 14:26:41 UTC --- Created attachment 9776 --> https://bugzilla.wikimedia.org/attachment.cgi?id=9776 Proposed patch 2 Ok, this patch makes log entries belonging to private/hidden filters behave as if the user did not have abusefilter-log-detail. I've added a parameter, $filter_id, to SpecialAbuseLog::canSeeDetails. If it's not null, the function checks if the filter is hidden (by calling AbuseFilter::filterHidden), and in that case returns true only if AbuseFilterView::canViewPrivate() (i.e. the user is allowed to view private filters) is true (in addition to requiring abusefilter-log-detail). I've made the methods canViewPrivate() and canEdit() of AbuseFilterView static, to avoid code duplication in the above. I hope that doesn't break anything, though it shouldn't since it already used a static variable. Since the abuse log may contain entries generated by global filters, I've modified AbuseFilter::filterHidden to handle global filters as well. I wasn't able to test this though. Whenever SpecialAbuseLog::canSeeDetails is called for a specific log entry, it is called with a filter id. However, it's called without a filter id for determining whether a user should be able to search for log entries belonging to a specific filter. This is allowed for public filters, but is disallowed for private ones. If the user tries to search for log entries belonging to a private filter, and canViewPrivate is false, the condition is not added to the query so it returns all log entries. In addition, I hid the hitcount from the filter list for private filters from users who cannot see details of the filter. The link would search for log entries created by the filter, but if the user can't view the details then that doesn't work (even before this patch, the links would be displayed but not work for users who didn't have abusefilter-log-detail). I don't know if the hitcount itself should be displayed without the link though, I opted not to. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
