Matthias Mullie has uploaded a new change for review. https://gerrit.wikimedia.org/r/112162
Change subject: Make a method to check permissions against only the specific revision ...................................................................... Make a method to check permissions against only the specific revision While it's generally ok to check against both the given revision and the most recent, for history entries, we'll want to only check the given revision. Change-Id: Ia47fa864a0d85e06b0479810ba44c0f2562780a7 --- M includes/RevisionActionPermissions.php 1 file changed, 67 insertions(+), 21 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Flow refs/changes/62/112162/1 diff --git a/includes/RevisionActionPermissions.php b/includes/RevisionActionPermissions.php index c55c4d3..eda6e19 100644 --- a/includes/RevisionActionPermissions.php +++ b/includes/RevisionActionPermissions.php @@ -53,25 +53,12 @@ * @return bool */ public function isAllowed( AbstractRevision $revision = null, $action ) { - // Users must have the core 'edit' permission to perform any write action in flow - $performsWrites = $this->actions->getValue( $action, 'performs-writes' ); - if ( $performsWrites && ( !$this->user->isAllowed( 'edit' ) || $this->user->isBlocked() ) ) { - return false; + $allowed = $this->isRevisionAllowed( $revision, $action ); + + // if there was no revision object, it's pointless to find last revision + if ( !$revision instanceof AbstractRevision ) { + return $allowed; } - - $permission = $this->getPermission( $revision, $action ); - - // If no permission is defined for this state, then the action is not allowed - // check if permission is set for this action - if ( $permission === null ) { - return false; - } - - // Check if user is allowed to perform action against this revision - $allowed = call_user_func_array( - array( $this->user, 'isAllowedAny' ), - (array) $permission - ); // Also check if the user would be allowed to perform this against // against the most recent revision (unless it's already the most recent @@ -79,10 +66,10 @@ // checking against a revision at one point in time alone isn't enough. $last = $revision->getRevisionable()->getLastRevision(); - // check if $revision is not already the most recent, to prevent - // infinite recursion in this method + // check if $revision is not already the most recent, in which case the + // additional check is pointless $isLastRevision = $last->getRevisionId()->getHex() == $revision->getRevisionId()->getHex(); - return $allowed && ( $isLastRevision || $this->isAllowed( $last, $action ) ); + return $allowed && ( $isLastRevision || $this->isRevisionAllowed( $last, $action ) ); } /** @@ -112,6 +99,65 @@ } /** + * Check if a user is allowed to perform a certain action, only against 1 + * specific revision (whereas the default isAllowed() will check if the + * given $action is allowed for both given and the most current revision) + * + * @param AbstractRevision[optional] $revision + * @param string $action + * @return bool + */ + public function isRevisionAllowed( AbstractRevision $revision = null, $action ) { + // Users must have the core 'edit' permission to perform any write action in flow + $performsWrites = $this->actions->getValue( $action, 'performs-writes' ); + if ( $performsWrites && ( !$this->user->isAllowed( 'edit' ) || $this->user->isBlocked() ) ) { + return false; + } + + $permission = $this->getPermission( $revision, $action ); + + // If no permission is defined for this state, then the action is not allowed + // check if permission is set for this action + if ( $permission === null ) { + return false; + } + + // Check if user is allowed to perform action against this revision + return call_user_func_array( + array( $this->user, 'isAllowedAny' ), + (array) $permission + ); + } + + /** + * Check if a user is allowed to perform certain actions, only against 1 + * specific revision (whereas the default isAllowed() will check if the + * given $action is allowed for both given and the most current revision) + * + * @param AbstractRevision[optional] $revision + * @param string $action + * @param string[optional] $action2 Overloadable to check if either of the provided actions are allowed + * @return bool + */ + public function isRevisionAllowedAny( AbstractRevision $revision = null, $action /* [, $action2 [, ... ]] */ ) { + $actions = func_get_args(); + // Pull $revision out of the actions list + array_shift( $actions ); + $allowed = false; + + foreach ( $actions as $action ) { + $allowed |= $this->isRevisionAllowed( $revision, $action ); + + // as soon as we've found one that is allowed, break + if ( $allowed ) { + break; + } + } + + return $allowed; + } + + /** * Returns the permission specified in FlowActions for the given action * against the given revision's moderation state. * -- To view, visit https://gerrit.wikimedia.org/r/112162 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ia47fa864a0d85e06b0479810ba44c0f2562780a7 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/Flow Gerrit-Branch: master Gerrit-Owner: Matthias Mullie <mmul...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits