* Special:Upload now uses 'upload' permission instead of hardcoding login check

* Add 'importupload' permission to disable direct uploads to Special:Import

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 454260e..4074311 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -300,6 +300,8 @@ Various bugfixes, small features, and a few experimental things:
 * badaccess/badaccesstext to supercede sysop*, developer* messages
 * Changed $wgGroupPermissions to more cut-n-paste-friendly format
 * 'developer' group deprecated by default
+* Special:Upload now uses 'upload' permission instead of hardcoding login check
+* Add 'importupload' permission to disable direct uploads to Special:Import
 
 
 === Caveats ===

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 2bba373..dd4895a 100644 (file)
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -686,6 +686,7 @@ $wgGroupPermissions['*'    ]['read']            = true;
 
 $wgGroupPermissions['user' ]['move']            = true;
 $wgGroupPermissions['user' ]['read']            = true;
+$wgGroupPermissions['user' ]['upload']          = true;
 
 $wgGroupPermissions['bot'  ]['bot']             = true;
 
@@ -694,10 +695,12 @@ $wgGroupPermissions['sysop']['createaccount']   = true;
 $wgGroupPermissions['sysop']['delete']          = true;
 $wgGroupPermissions['sysop']['editinterface']   = true;
 $wgGroupPermissions['sysop']['import']          = true;
-$wgGroupPermissions['sysop']['importraw']       = true;
+$wgGroupPermissions['sysop']['importupload']    = true;
+$wgGroupPermissions['user' ]['move']            = true;
 $wgGroupPermissions['sysop']['patrol']          = true;
 $wgGroupPermissions['sysop']['protect']         = true;
 $wgGroupPermissions['sysop']['rollback']        = true;
+$wgGroupPermissions['user' ]['upload']          = true;
 
 $wgGroupPermissions['bureaucrat']['userrights'] = true;
 
@@ -1130,8 +1133,11 @@ $wgCapitalLinks = true;
 
 /**
  * List of interwiki prefixes for wikis we'll accept as sources for
- * Special:Import (for sysops). Since complete page history# can be imported,
+ * Special:Import (for sysops). Since complete page history can be imported,
  * these should be 'trusted'.
+ *
+ * If a user has the 'import' permission but not the 'importupload' permission,
+ * they will only be able to run imports through this transwiki interface.
  */
 $wgImportSources = array();
 

diff --git a/includes/SpecialImport.php b/includes/SpecialImport.php
index 09bc312..ef27e6d 100644 (file)
--- a/includes/SpecialImport.php
+++ b/includes/SpecialImport.php
@@ -29,7 +29,7 @@ require_once( 'WikiError.php' );
  * Constructor
  */
 function wfSpecialImport( $page = '' ) {
-       global $wgOut, $wgLang, $wgRequest, $wgTitle;
+       global $wgUser, $wgOut, $wgLang, $wgRequest, $wgTitle;
        global $wgImportSources;
        
        ###
@@ -42,7 +42,11 @@ function wfSpecialImport( $page = '' ) {
                
                switch( $wgRequest->getVal( "source" ) ) {
                case "upload":
-                       $result = $importer->setupFromUpload( "xmlimport" );
+                       if( $wgUser->isAllowed( 'importupload' ) ) {
+                               $result = $importer->setupFromUpload( "xmlimport" );
+                       } else {
+                               return $wgOut->permissionRequired( 'importupload' );
+                       }
                        break;
                case "interwiki":
                        $result = $importer->setupFromInterwiki(
@@ -68,9 +72,11 @@ function wfSpecialImport( $page = '' ) {
                }
        }
        
-       $wgOut->addWikiText( "<p>" . wfMsg( "importtext" ) . "</p>" );
        $action = $wgTitle->escapeLocalUrl( 'action=submit' );
-       $wgOut->addHTML( "
+       
+       if( $wgUser->isAllowed( 'importupload' ) ) {
+               $wgOut->addWikiText( "<p>" . wfMsg( "importtext" ) . "</p>" );
+               $wgOut->addHTML( "
 <fieldset>
        <legend>Upload XML</legend>
        <form enctype='multipart/form-data' method='post' action=\"$action\">
@@ -82,7 +88,12 @@ function wfSpecialImport( $page = '' ) {
        </form>
 </fieldset>
 " );
-
+       } else {
+               if( empty( $wgImportSources ) ) {
+                       $wgOut->addWikiText( wfMsg( 'importnosources' ) );
+               }
+       }
+       
        if( !empty( $wgImportSources ) ) {
                $wgOut->addHTML( "
 <fieldset>

diff --git a/includes/SpecialUpload.php b/includes/SpecialUpload.php
index 93ae71f..b732874 100644 (file)
--- a/includes/SpecialUpload.php
+++ b/includes/SpecialUpload.php
@@ -99,8 +99,7 @@ class UploadForm {
                }
 
                /** Various rights checks */
-               if( ( $wgUser->isAnon() )
-                        OR $wgUser->isBlocked() ) {
+               if( !$wgUser->isAllowed( 'upload' ) || $wgUser->isBlocked() ) {
                        $wgOut->errorpage( 'uploadnologin', 'uploadnologintext' );
                        return;
                }

diff --git a/languages/Language.php b/languages/Language.php
index c95a22a..a5eaee3 100644 (file)
--- a/languages/Language.php
+++ b/languages/Language.php
@@ -1656,6 +1656,7 @@ article [[Train]].
 'importnotext' => 'Empty or no text',
 'importsuccess'        => 'Import succeeded!',
 'importhistoryconflict' => 'Conflicting history revision exists (may have imported this page before)',
+'importnosources' => 'No transwiki import sources have been defined and direct history uploads are disabled.',
 
 # Keyboard access keys for power users
 'accesskey-search' => 'f',