Tobias Gritschacher has submitted this change and it was merged.
Change subject: (Bug 41882) Followup for restrictions for special pages
......................................................................
(Bug 41882) Followup for restrictions for special pages
This adds restrictions for special pages that creates items and properties,
and for special pages that changes labels, descriptions and aliases.
It is also a minor change to an API-module for aliases to use only one
permission as it is only possible to use one restriction in the special
page.
There should be better tests for the restrictions, not only that the
pages passes if the permissions are set for the user.
Change-Id: I137187981ff4cc12864717583d0af6129aebfbc3
---
M repo/Wikibase.hooks.php
M repo/Wikibase.i18n.php
M repo/Wikibase.php
M repo/config/Wikibase.example.php
M repo/includes/api/SetAliases.php
M repo/includes/specials/SpecialNewItem.php
M repo/includes/specials/SpecialNewProperty.php
M repo/includes/specials/SpecialSetAliases.php
M repo/includes/specials/SpecialSetDescription.php
M repo/includes/specials/SpecialSetLabel.php
M repo/tests/phpunit/includes/specials/SpecialNewItemTest.php
A repo/tests/phpunit/includes/specials/SpecialNewPropertyTest.php
A repo/tests/phpunit/includes/specials/SpecialSetAliasesTest.php
A repo/tests/phpunit/includes/specials/SpecialSetDescriptionTest.php
A repo/tests/phpunit/includes/specials/SpecialSetLabelTest.php
15 files changed, 316 insertions(+), 15 deletions(-)
Approvals:
Tobias Gritschacher: Verified; Looks good to me, approved
jenkins-bot: Verified
diff --git a/repo/Wikibase.hooks.php b/repo/Wikibase.hooks.php
index 8c1c3df..c8a89df 100644
--- a/repo/Wikibase.hooks.php
+++ b/repo/Wikibase.hooks.php
@@ -193,8 +193,12 @@
'content/PropertyHandler',
'specials/SpecialNewItem',
+ 'specials/SpecialNewProperty',
'specials/SpecialItemDisambiguation',
'specials/SpecialItemByTitle',
+ 'specials/SpecialSetDescription',
+ 'specials/SpecialSetLabel',
+ 'specials/SpecialSetAliases',
'store/IdGenerator',
'store/StoreFactory',
diff --git a/repo/Wikibase.i18n.php b/repo/Wikibase.i18n.php
index 8449c28..5e4f229 100644
--- a/repo/Wikibase.i18n.php
+++ b/repo/Wikibase.i18n.php
@@ -342,6 +342,9 @@
'right-item-override' => 'Override items',
'right-item-create' => 'Create items',
'right-item-remove' => 'Remove items',
+ 'right-property-override' => 'Override properties',
+ 'right-property-create' => 'Create properties',
+ 'right-property-remove' => 'Remove properties',
'right-alias-add' => 'Add aliases',
'right-alias-set' => 'Set aliases',
'right-alias-remove' => 'Remove aliases',
@@ -352,6 +355,23 @@
'right-label-update' => 'Update labels',
'right-description-remove' => 'Remove descriptions',
'right-description-update' => 'Update descriptions',
+
+ // User actions
+ 'action-item-override' => 'override items',
+ 'action-item-create' => 'create items',
+ 'action-item-remove' => 'remove items',
+ 'action-property-override' => 'override properties',
+ 'action-property-create' => 'create properties',
+ 'action-property-remove' => 'remove properties',
+ 'action-alias-update' => 'update aliases',
+ 'action-alias-remove' => 'remove aliases',
+ 'action-sitelink-remove' => 'remove site links',
+ 'action-sitelink-update' => 'update site links',
+ 'action-linktitles-update' => 'update link titles',
+ 'action-label-remove' => 'remove labels',
+ 'action-label-update' => 'update labels',
+ 'action-description-remove' => 'remove descriptions',
+ 'action-description-update' => 'update descriptions',
);
/** Message documentation (Message documentation)
@@ -850,8 +870,10 @@
'right-item-override' => '{{doc-right|item-override}}',
'right-item-create' => '{{doc-right|item-create}}',
'right-item-remove' => '{{doc-right|item-remove}}',
- 'right-alias-add' => '{{doc-right|alias-add}}',
- 'right-alias-set' => '{{doc-right|alias-set}}',
+ 'right-property-override' => '{{doc-right|property-override}}',
+ 'right-property-create' => '{{doc-right|property-create}}',
+ 'right-property-remove' => '{{doc-right|property-remove}}',
+ 'right-alias-update' => '{{doc-right|alias-update}}',
'right-alias-remove' => '{{doc-right|alias-remove}}',
'right-sitelink-remove' => '{{doc-right|sitelink-remove}}',
'right-sitelink-update' => '{{doc-right|sitelink-update}}',
@@ -860,6 +882,21 @@
'right-label-update' => '{{doc-right|label-update}}',
'right-description-remove' => '{{doc-right|description-remove}}',
'right-description-update' => '{{doc-right|description-update}}',
+ 'action-item-override' => '{{doc-action|item-override}}',
+ 'action-item-create' => '{{doc-action|item-create}}',
+ 'action-item-remove' => '{{doc-action|item-remove}}',
+ 'action-property-override' => '{{doc-action|property-override}}',
+ 'action-property-create' => '{{doc-action|property-create}}',
+ 'action-property-remove' => '{{doc-action|property-remove}}',
+ 'action-alias-update' => '{{doc-action|alias-update}}',
+ 'action-alias-remove' => '{{doc-action|alias-remove}}',
+ 'action-sitelink-remove' => '{{doc-action|sitelink-remove}}',
+ 'action-sitelink-update' => '{{doc-action|sitelink-update}}',
+ 'action-linktitles-update' => '{{doc-action|linktitles-update}}',
+ 'action-label-remove' => '{{doc-action|label-remove}}',
+ 'action-label-update' => '{{doc-action|label-update}}',
+ 'action-description-remove' => '{{doc-action|description-remove}}',
+ 'action-description-update' => '{{doc-action|description-update}}',
);
/** Achinese (Acèh)
diff --git a/repo/Wikibase.php b/repo/Wikibase.php
index 5276af4..47b7488 100644
--- a/repo/Wikibase.php
+++ b/repo/Wikibase.php
@@ -72,8 +72,10 @@
$wgGroupPermissions['*']['item-override'] = true;
$wgGroupPermissions['*']['item-create'] = true;
$wgGroupPermissions['*']['item-remove'] = true;
-$wgGroupPermissions['*']['alias-add'] = true;
-$wgGroupPermissions['*']['alias-set'] = true;
+$wgGroupPermissions['*']['property-override'] = true;
+$wgGroupPermissions['*']['property-create'] = true;
+$wgGroupPermissions['*']['property-remove'] = true;
+$wgGroupPermissions['*']['alias-update'] = true;
$wgGroupPermissions['*']['alias-remove'] = true;
$wgGroupPermissions['*']['sitelink-remove'] = true;
$wgGroupPermissions['*']['sitelink-update'] = true;
diff --git a/repo/config/Wikibase.example.php b/repo/config/Wikibase.example.php
index 7cb9513..7103f4b 100644
--- a/repo/config/Wikibase.example.php
+++ b/repo/config/Wikibase.example.php
@@ -106,4 +106,41 @@
$wgWBRepoSettings['entityNamespaces'][CONTENT_MODEL_WIKIBASE_QUERY] =
WB_NS_QUERY; // use custom namespace
// No need to mess with $wgNamespacesToBeSearchedDefault, the main namespace
will be searched per default.
+
+// Alternate setup for rights so editing of entities by default is off, while
a logged in
+// user can edit everything. An other interesting alternative is to let the
anonymous user
+// do everything except creating items and properties and setting rank.
+// First block sets all rights for anonymous to false, that is they have no
rights.
+$wgGroupPermissions['*']['item-override'] = false;
+$wgGroupPermissions['*']['item-create'] = false;
+$wgGroupPermissions['*']['item-remove'] = false;
+$wgGroupPermissions['*']['property-override'] = false;
+$wgGroupPermissions['*']['property-create'] = false;
+$wgGroupPermissions['*']['property-remove'] = false;
+$wgGroupPermissions['*']['alias-update'] = false;
+$wgGroupPermissions['*']['alias-remove'] = false;
+$wgGroupPermissions['*']['sitelink-remove'] = false;
+$wgGroupPermissions['*']['sitelink-update'] = false;
+$wgGroupPermissions['*']['linktitles-update'] = false;
+$wgGroupPermissions['*']['label-remove'] = false;
+$wgGroupPermissions['*']['label-update'] = false;
+$wgGroupPermissions['*']['description-remove'] = false;
+$wgGroupPermissions['*']['description-update'] = false;
+// Second block sets all rights for anonymous to true, that is they hold the
rights.
+$wgGroupPermissions['user']['item-override'] = true;
+$wgGroupPermissions['user']['item-create'] = true;
+$wgGroupPermissions['user']['item-remove'] = true;
+$wgGroupPermissions['user']['property-override'] = true;
+$wgGroupPermissions['user']['property-create'] = true;
+$wgGroupPermissions['user']['property-remove'] = true;
+$wgGroupPermissions['user']['alias-update'] = true;
+$wgGroupPermissions['user']['alias-remove'] = true;
+$wgGroupPermissions['user']['sitelink-remove'] = true;
+$wgGroupPermissions['user']['sitelink-update'] = true;
+$wgGroupPermissions['user']['linktitles-update'] = true;
+$wgGroupPermissions['user']['label-remove'] = true;
+$wgGroupPermissions['user']['label-update'] = true;
+$wgGroupPermissions['user']['description-remove'] = true;
+$wgGroupPermissions['user']['description-update'] = true;
+
*/
diff --git a/repo/includes/api/SetAliases.php b/repo/includes/api/SetAliases.php
index 83b7e9b..7bbe1bd 100644
--- a/repo/includes/api/SetAliases.php
+++ b/repo/includes/api/SetAliases.php
@@ -31,11 +31,9 @@
protected function getRequiredPermissions( Entity $entity, array
$params ) {
$permissions = parent::getRequiredPermissions( $entity, $params
);
- if ( isset( $params['add'] ) ) {
- $permissions[] = 'alias-add';
- }
- if ( isset( $params['set'] ) ) {
- $permissions[] = 'alias-set';
+ if ( isset( $params['add'] ) || isset( $params['set'] ) ) {
+ // add and set has a common permission due to the
special page SetAliases
+ $permissions[] = 'alias-update';
}
if ( isset( $params['remove'] ) ) {
$permissions[] = 'alias-remove';
diff --git a/repo/includes/specials/SpecialNewItem.php
b/repo/includes/specials/SpecialNewItem.php
index 3b88e27..e8526a8 100644
--- a/repo/includes/specials/SpecialNewItem.php
+++ b/repo/includes/specials/SpecialNewItem.php
@@ -44,7 +44,7 @@
* @since 0.1
*/
public function __construct() {
- parent::__construct( 'NewItem' );
+ parent::__construct( 'NewItem', 'item-create' );
}
/**
diff --git a/repo/includes/specials/SpecialNewProperty.php
b/repo/includes/specials/SpecialNewProperty.php
index dcca532..ede9789 100644
--- a/repo/includes/specials/SpecialNewProperty.php
+++ b/repo/includes/specials/SpecialNewProperty.php
@@ -44,7 +44,7 @@
* @since 0.2
*/
public function __construct() {
- parent::__construct( 'NewProperty' );
+ parent::__construct( 'NewProperty', 'property-create' );
}
/**
diff --git a/repo/includes/specials/SpecialSetAliases.php
b/repo/includes/specials/SpecialSetAliases.php
index 3cb1da3..4d20b64 100644
--- a/repo/includes/specials/SpecialSetAliases.php
+++ b/repo/includes/specials/SpecialSetAliases.php
@@ -34,7 +34,7 @@
* @since 0.4
*/
public function __construct() {
- parent::__construct( 'SetAliases' );
+ parent::__construct( 'SetAliases', 'alias-update' );
}
/**
diff --git a/repo/includes/specials/SpecialSetDescription.php
b/repo/includes/specials/SpecialSetDescription.php
index 0ab9d8d..cb99ee8 100644
--- a/repo/includes/specials/SpecialSetDescription.php
+++ b/repo/includes/specials/SpecialSetDescription.php
@@ -34,7 +34,7 @@
* @since 0.4
*/
public function __construct() {
- parent::__construct( 'SetDescription' );
+ parent::__construct( 'SetDescription', 'description-update' );
}
/**
diff --git a/repo/includes/specials/SpecialSetLabel.php
b/repo/includes/specials/SpecialSetLabel.php
index 683996c..8074065 100644
--- a/repo/includes/specials/SpecialSetLabel.php
+++ b/repo/includes/specials/SpecialSetLabel.php
@@ -34,7 +34,7 @@
* @since 0.4
*/
public function __construct() {
- parent::__construct( 'SetLabel' );
+ parent::__construct( 'SetLabel', 'label-update' );
}
/**
diff --git a/repo/tests/phpunit/includes/specials/SpecialNewItemTest.php
b/repo/tests/phpunit/includes/specials/SpecialNewItemTest.php
index 0ffa316..371ca4e 100644
--- a/repo/tests/phpunit/includes/specials/SpecialNewItemTest.php
+++ b/repo/tests/phpunit/includes/specials/SpecialNewItemTest.php
@@ -42,7 +42,10 @@
public function testExecute() {
//TODO: Actually verify that the output is correct.
- // Currently this just tests that there is no fatal error.
+ // Currently this just tests that there is no fatal error,
+ // and that the restriction handling is working and doesn't
+ // block. That is, the default should let the user execute
+ // the page.
//TODO: Verify that item creation works via a faux post request
diff --git a/repo/tests/phpunit/includes/specials/SpecialNewPropertyTest.php
b/repo/tests/phpunit/includes/specials/SpecialNewPropertyTest.php
new file mode 100644
index 0000000..5063ab1
--- /dev/null
+++ b/repo/tests/phpunit/includes/specials/SpecialNewPropertyTest.php
@@ -0,0 +1,55 @@
+<?php
+
+namespace Wikibase\Test;
+
+/**
+ * Tests for the SpecialNewProperty class.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * http://www.gnu.org/copyleft/gpl.html
+ *
+ * @file
+ * @since 0.1
+ *
+ * @ingroup WikibaseRepoTest
+ * @ingroup Test
+ *
+ * @group Wikibase
+ * @group SpecialPage
+ * @group WikibaseSpecialPage
+ *
+ * @licence GNU GPL v2+
+ * @author John Erling Blad < jeb...@gmail.com >
+ */
+class SpecialNewPropertyTest extends SpecialPageTestBase {
+
+ protected function newSpecialPage() {
+ return new \SpecialNewProperty();
+ }
+
+ public function testExecute() {
+ //TODO: Actually verify that the output is correct.
+ // Currently this just tests that there is no fatal error,
+ // and that the restriction handling is working and doesn't
+ // block. That is, the default should let the user execute
+ // the page.
+
+ //TODO: Verify that item creation works via a faux post request
+
+ list( $output, ) = $this->executeSpecialPage( '' );
+ $this->assertTrue( true, 'Calling execute without any subpage
value' );
+ }
+
+}
\ No newline at end of file
diff --git a/repo/tests/phpunit/includes/specials/SpecialSetAliasesTest.php
b/repo/tests/phpunit/includes/specials/SpecialSetAliasesTest.php
new file mode 100644
index 0000000..2307e95
--- /dev/null
+++ b/repo/tests/phpunit/includes/specials/SpecialSetAliasesTest.php
@@ -0,0 +1,55 @@
+<?php
+
+namespace Wikibase\Test;
+
+/**
+ * Tests for the SpecialSetAliases class.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * http://www.gnu.org/copyleft/gpl.html
+ *
+ * @file
+ * @since 0.1
+ *
+ * @ingroup WikibaseRepoTest
+ * @ingroup Test
+ *
+ * @group Wikibase
+ * @group SpecialPage
+ * @group WikibaseSpecialPage
+ *
+ * @licence GNU GPL v2+
+ * @author John Erling Blad < jeb...@gmail.com >
+ */
+class SpecialSetAliasesTest extends SpecialPageTestBase {
+
+ protected function newSpecialPage() {
+ return new \SpecialSetAliases();
+ }
+
+ public function testExecute() {
+ //TODO: Actually verify that the output is correct.
+ // Currently this just tests that there is no fatal error,
+ // and that the restriction handling is working and doesn't
+ // block. That is, the default should let the user execute
+ // the page.
+
+ //TODO: Verify that item creation works via a faux post request
+
+ list( $output, ) = $this->executeSpecialPage( '' );
+ $this->assertTrue( true, 'Calling execute without any subpage
value' );
+ }
+
+}
\ No newline at end of file
diff --git a/repo/tests/phpunit/includes/specials/SpecialSetDescriptionTest.php
b/repo/tests/phpunit/includes/specials/SpecialSetDescriptionTest.php
new file mode 100644
index 0000000..7751712
--- /dev/null
+++ b/repo/tests/phpunit/includes/specials/SpecialSetDescriptionTest.php
@@ -0,0 +1,55 @@
+<?php
+
+namespace Wikibase\Test;
+
+/**
+ * Tests for the SpecialSetDescription class.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * http://www.gnu.org/copyleft/gpl.html
+ *
+ * @file
+ * @since 0.1
+ *
+ * @ingroup WikibaseRepoTest
+ * @ingroup Test
+ *
+ * @group Wikibase
+ * @group SpecialPage
+ * @group WikibaseSpecialPage
+ *
+ * @licence GNU GPL v2+
+ * @author John Erling Blad < jeb...@gmail.com >
+ */
+class SpecialSetDescriptionTest extends SpecialPageTestBase {
+
+ protected function newSpecialPage() {
+ return new \SpecialSetDescription();
+ }
+
+ public function testExecute() {
+ //TODO: Actually verify that the output is correct.
+ // Currently this just tests that there is no fatal error,
+ // and that the restriction handling is working and doesn't
+ // block. That is, the default should let the user execute
+ // the page.
+
+ //TODO: Verify that item creation works via a faux post request
+
+ list( $output, ) = $this->executeSpecialPage( '' );
+ $this->assertTrue( true, 'Calling execute without any subpage
value' );
+ }
+
+}
\ No newline at end of file
diff --git a/repo/tests/phpunit/includes/specials/SpecialSetLabelTest.php
b/repo/tests/phpunit/includes/specials/SpecialSetLabelTest.php
new file mode 100644
index 0000000..762e69a
--- /dev/null
+++ b/repo/tests/phpunit/includes/specials/SpecialSetLabelTest.php
@@ -0,0 +1,55 @@
+<?php
+
+namespace Wikibase\Test;
+
+/**
+ * Tests for the SpecialSetLabel class.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * http://www.gnu.org/copyleft/gpl.html
+ *
+ * @file
+ * @since 0.1
+ *
+ * @ingroup WikibaseRepoTest
+ * @ingroup Test
+ *
+ * @group Wikibase
+ * @group SpecialPage
+ * @group WikibaseSpecialPage
+ *
+ * @licence GNU GPL v2+
+ * @author John Erling Blad < jeb...@gmail.com >
+ */
+class SpecialSetLabelTest extends SpecialPageTestBase {
+
+ protected function newSpecialPage() {
+ return new \SpecialSetLabel();
+ }
+
+ public function testExecute() {
+ //TODO: Actually verify that the output is correct.
+ // Currently this just tests that there is no fatal error,
+ // and that the restriction handling is working and doesn't
+ // block. That is, the default should let the user execute
+ // the page.
+
+ //TODO: Verify that item creation works via a faux post request
+
+ list( $output, ) = $this->executeSpecialPage( '' );
+ $this->assertTrue( true, 'Calling execute without any subpage
value' );
+ }
+
+}
\ No newline at end of file
--
To view, visit https://gerrit.wikimedia.org/r/49641
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I137187981ff4cc12864717583d0af6129aebfbc3
Gerrit-PatchSet: 6
Gerrit-Project: mediawiki/extensions/Wikibase
Gerrit-Branch: master
Gerrit-Owner: John Erling Blad <john.b...@wikimedia.de>
Gerrit-Reviewer: Anja Jentzsch <anja.jentz...@wikimedia.de>
Gerrit-Reviewer: John Erling Blad <john.b...@wikimedia.de>
Gerrit-Reviewer: Tobias Gritschacher <tobias.gritschac...@wikimedia.de>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
