jenkins-bot has submitted this change and it was merged. Change subject: Make a method to check permissions against only the specific revision ......................................................................
Make a method to check permissions against only the specific revision While it's generally ok to check against both the given revision and the most recent, for history entries, we'll want to only check the given revision. Change-Id: Ia47fa864a0d85e06b0479810ba44c0f2562780a7 --- M includes/RevisionActionPermissions.php 1 file changed, 61 insertions(+), 20 deletions(-) Approvals: EBernhardson: Looks good to me, approved jenkins-bot: Verified diff --git a/includes/RevisionActionPermissions.php b/includes/RevisionActionPermissions.php index 3aaccd3..a581f3f 100644 --- a/includes/RevisionActionPermissions.php +++ b/includes/RevisionActionPermissions.php @@ -54,25 +54,7 @@ * @return bool */ public function isAllowed( AbstractRevision $revision = null, $action ) { - // Users must have the core 'edit' permission to perform any write action in flow - $performsWrites = $this->actions->getValue( $action, 'performs-writes' ); - if ( $performsWrites && ( !$this->user->isAllowed( 'edit' ) || $this->user->isBlocked() ) ) { - return false; - } - - $permission = $this->getPermission( $revision, $action ); - - // If no permission is defined for this state, then the action is not allowed - // check if permission is set for this action - if ( $permission === null ) { - return false; - } - - // Check if user is allowed to perform action against this revision - $allowed = call_user_func_array( - array( $this->user, 'isAllowedAny' ), - (array) $permission - ); + $allowed = $this->isRevisionAllowed( $revision, $action ); // if there was no revision object, it's pointless to find last revision if ( $revision === null ) { @@ -91,7 +73,7 @@ $isLastRevision = $last->getRevisionId()->equals( $revision->getRevisionId() ); return $allowed && ( $isLastRevision || $this->isAllowed( $last, $action ) ); - // If data is not in storage, just return that revision's status + // If data is not in storage, just return that revision's status } catch ( InvalidDataException $e ) { return $allowed; } @@ -124,6 +106,65 @@ } /** + * Check if a user is allowed to perform a certain action, only against 1 + * specific revision (whereas the default isAllowed() will check if the + * given $action is allowed for both given and the most current revision) + * + * @param AbstractRevision[optional] $revision + * @param string $action + * @return bool + */ + public function isRevisionAllowed( AbstractRevision $revision = null, $action ) { + // Users must have the core 'edit' permission to perform any write action in flow + $performsWrites = $this->actions->getValue( $action, 'performs-writes' ); + if ( $performsWrites && ( !$this->user->isAllowed( 'edit' ) || $this->user->isBlocked() ) ) { + return false; + } + + $permission = $this->getPermission( $revision, $action ); + + // If no permission is defined for this state, then the action is not allowed + // check if permission is set for this action + if ( $permission === null ) { + return false; + } + + // Check if user is allowed to perform action against this revision + return call_user_func_array( + array( $this->user, 'isAllowedAny' ), + (array) $permission + ); + } + + /** + * Check if a user is allowed to perform certain actions, only against 1 + * specific revision (whereas the default isAllowed() will check if the + * given $action is allowed for both given and the most current revision) + * + * @param AbstractRevision[optional] $revision + * @param string $action + * @param string[optional] $action2 Overloadable to check if either of the provided actions are allowed + * @return bool + */ + public function isRevisionAllowedAny( AbstractRevision $revision = null, $action /* [, $action2 [, ... ]] */ ) { + $actions = func_get_args(); + // Pull $revision out of the actions list + array_shift( $actions ); + $allowed = false; + + foreach ( $actions as $action ) { + $allowed |= $this->isRevisionAllowed( $revision, $action ); + + // as soon as we've found one that is allowed, break + if ( $allowed ) { + break; + } + } + + return $allowed; + } + + /** * Returns the permission specified in FlowActions for the given action * against the given revision's moderation state. * -- To view, visit https://gerrit.wikimedia.org/r/112162 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ia47fa864a0d85e06b0479810ba44c0f2562780a7 Gerrit-PatchSet: 5 Gerrit-Project: mediawiki/extensions/Flow Gerrit-Branch: master Gerrit-Owner: Matthias Mullie <mmul...@wikimedia.org> Gerrit-Reviewer: EBernhardson <ebernhard...@wikimedia.org> Gerrit-Reviewer: Matthias Mullie <mmul...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits