From fc989b468d06093b5c5c2626f458de14cbefb570 Mon Sep 17 00:00:00 2001 From: Brad Jorsch Date: Mon, 10 Jun 2013 13:33:48 -0400 Subject: [PATCH] Add user rights 'editmyuserjs' and 'editmyusercss' These are needed for OAuth grants. Change-Id: I52f8e4a5cb48573cb2dbc26fc508e61a95d748c3 --- RELEASE-NOTES-1.22 | 10 ++++ includes/DefaultSettings.php | 2 + includes/Title.php | 49 +++++-------------- includes/User.php | 2 + languages/messages/MessagesEn.php | 4 ++ languages/messages/MessagesQqq.php | 4 ++ maintenance/dictionary/mediawiki.dic | 2 + maintenance/language/messages.inc | 4 ++ .../phpunit/includes/TitlePermissionTest.php | 49 ++++++++++++++++--- 9 files changed, 84 insertions(+), 42 deletions(-) diff --git a/RELEASE-NOTES-1.22 b/RELEASE-NOTES-1.22 index 1bdc9d9960..653421557f 100644 --- a/RELEASE-NOTES-1.22 +++ b/RELEASE-NOTES-1.22 @@ -30,6 +30,10 @@ production. * $wgDBOracleDRCP added. True enables persistent connection with DRCP on Oracle. * $wgLogAutopatrol added to allow disabling logging of autopatrol edits in the logging table. default for $wgLogAutopatrol is true. +* The 'edit' right no longer allows for editing a user's own CSS and JS. +* New rights 'editmyusercss' and 'editmyuserjs' restrict actions that were + formerly allowed by default. They have been added to the default for + $wgGroupPermissions['*']. === New features in 1.22 === * (bug 44525) mediawiki.jqueryMsg can now parse (whitelisted) HTML elements and attributes. @@ -101,6 +105,10 @@ production. * LinkCache singleton can now be altered or cleared, letting one to specify another instance that does not rely on a database backend. * MediaWiki's PHPUnit tests can now use PHPUnit installed using composer --dev. +* New user rights have been added to increase granularity in rights management + for extensions such as OAuth: +** editmyusercss controls whether a user may edit their own CSS subpages. +** editmyuserjs controls whether a user may edit their own JS subpages. === Bug fixes in 1.22 === * Disable Special:PasswordReset when $wgEnableEmail is false. Previously one @@ -211,6 +219,8 @@ changes to languages because of Bugzilla reports. sajax_do_call and wfSupportsAjax. * BREAKING CHANGE: meta keywords are no longer supported. A isAllowed( 'editusercssjs' ) - && !preg_match( '/^' . preg_quote( $user->getName(), '/' ) . '\//', $this->mTextform ) ) { - if ( $this->isCssSubpage() && !$user->isAllowed( 'editusercss' ) ) { - $errors[] = array( 'customcssprotected' ); - } elseif ( $this->isJsSubpage() && !$user->isAllowed( 'edituserjs' ) ) { - $errors[] = array( 'customjsprotected' ); + if ( $action != 'patrol' && !$user->isAllowed( 'editusercssjs' ) ) { + if ( preg_match( '/^' . preg_quote( $user->getName(), '/' ) . '\//', $this->mTextform ) ) { + if ( $this->isCssSubpage() && !$user->isAllowedAny( 'editmyusercss', 'editusercss' ) ) { + $errors[] = array( 'mycustomcssprotected' ); + } elseif ( $this->isJsSubpage() && !$user->isAllowedAny( 'editmyuserjs', 'edituserjs' ) ) { + $errors[] = array( 'mycustomjsprotected' ); + } + } else { + if ( $this->isCssSubpage() && !$user->isAllowed( 'editusercss' ) ) { + $errors[] = array( 'customcssprotected' ); + } elseif ( $this->isJsSubpage() && !$user->isAllowed( 'edituserjs' ) ) { + $errors[] = array( 'customjsprotected' ); + } } } @@ -2242,36 +2249,6 @@ class Title { return $errors; } - /** - * Protect css subpages of user pages: can $wgUser edit - * this page? - * - * @deprecated in 1.19; use getUserPermissionsErrors() instead. - * @return Bool - */ - public function userCanEditCssSubpage() { - global $wgUser; - wfDeprecated( __METHOD__, '1.19' ); - return ( ( $wgUser->isAllowedAll( 'editusercssjs', 'editusercss' ) ) - || preg_match( '/^' . preg_quote( $wgUser->getName(), '/' ) . '\//', $this->mTextform ) ); - } - - /** - * Protect js subpages of user pages: can $wgUser edit - * this page? - * - * @deprecated in 1.19; use getUserPermissionsErrors() instead. - * @return Bool - */ - public function userCanEditJsSubpage() { - global $wgUser; - wfDeprecated( __METHOD__, '1.19' ); - return ( - ( $wgUser->isAllowedAll( 'editusercssjs', 'edituserjs' ) ) - || preg_match( '/^' . preg_quote( $wgUser->getName(), '/' ) . '\//', $this->mTextform ) - ); - } - /** * Get a filtered list of all restriction types supported by this wiki. * @param bool $exists True to get all restriction types that apply to diff --git a/includes/User.php b/includes/User.php index ef3f9ac7ac..1c13211cd7 100644 --- a/includes/User.php +++ b/includes/User.php @@ -124,6 +124,8 @@ class User { 'edit', 'editinterface', 'editprotected', + 'editmyusercss', + 'editmyuserjs', 'editusercssjs', #deprecated 'editusercss', 'edituserjs', diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php index c539dbaa8d..0707b9bbda 100644 --- a/languages/messages/MessagesEn.php +++ b/languages/messages/MessagesEn.php @@ -1070,6 +1070,8 @@ $2', 'namespaceprotected' => "You do not have permission to edit pages in the '''$1''' namespace.", 'customcssprotected' => "You do not have permission to edit this CSS page because it contains another user's personal settings.", 'customjsprotected' => "You do not have permission to edit this JavaScript page because it contains another user's personal settings.", +'mycustomcssprotected' => "You do not have permission to edit this CSS page.", +'mycustomjsprotected' => "You do not have permission to edit this JavaScript page.", 'ns-specialprotected' => 'Special pages cannot be edited.', 'titleprotected' => 'This title has been protected from creation by [[User:$1|$1]]. The reason given is "\'\'$2\'\'".', @@ -2092,6 +2094,8 @@ Your email address is not revealed when other users contact you.', 'right-editusercssjs' => "Edit other users' CSS and JavaScript files", 'right-editusercss' => "Edit other users' CSS files", 'right-edituserjs' => "Edit other users' JavaScript files", +'right-editmyusercss' => "Edit your own user CSS files", +'right-editmyuserjs' => "Edit your own user JavaScript files", 'right-rollback' => 'Quickly rollback the edits of the last user who edited a particular page', 'right-markbotedits' => 'Mark rolled-back edits as bot edits', 'right-noratelimit' => 'Not be affected by rate limits', diff --git a/languages/messages/MessagesQqq.php b/languages/messages/MessagesQqq.php index d3f8012c6b..03039bbfa4 100644 --- a/languages/messages/MessagesQqq.php +++ b/languages/messages/MessagesQqq.php @@ -1025,6 +1025,8 @@ See also {{msg-mw|protectedinterface}}.', 'namespaceprotected' => '* $1 - namespace name', 'customcssprotected' => 'Used as error message.', 'customjsprotected' => 'Used as error message.', +'mycustomcssprotected' => 'Used as error message.', +'mycustomjsprotected' => 'Used as error message.', 'ns-specialprotected' => 'Error message displayed when trying to edit a page in the Special namespace', 'titleprotected' => 'Use $1 for GENDER.', 'filereadonlyerror' => 'Parameters: @@ -2903,6 +2905,8 @@ This user automatically bypasses IP blocks, auto-blocks and range blocks - so I 'right-editusercssjs' => '{{doc-right|editusercssjs}}', 'right-editusercss' => '{{doc-right|editusercss}}', 'right-edituserjs' => '{{doc-right|edituserjs}}', +'right-editmyusercss' => '{{doc-right|editmyusercss}}', +'right-editmyuserjs' => '{{doc-right|editmyuserjs}}', 'right-rollback' => '{{doc-right|rollback}} {{Identical|Rollback}}', 'right-markbotedits' => '{{doc-right|markbotedits}} diff --git a/maintenance/dictionary/mediawiki.dic b/maintenance/dictionary/mediawiki.dic index 22452fd4fd..663012fc9d 100644 --- a/maintenance/dictionary/mediawiki.dic +++ b/maintenance/dictionary/mediawiki.dic @@ -1284,6 +1284,8 @@ editinterface editintro edititis editlink +editmyusercss +editmyuserjs editnotice editnotsupported editondblclick diff --git a/maintenance/language/messages.inc b/maintenance/language/messages.inc index 3a0755311c..ee52a3fde4 100644 --- a/maintenance/language/messages.inc +++ b/maintenance/language/messages.inc @@ -424,6 +424,8 @@ $wgMessageStructure = array( 'namespaceprotected', 'customcssprotected', 'customjsprotected', + 'mycustomcssprotected', + 'mycustomjsprotected', 'ns-specialprotected', 'titleprotected', 'filereadonlyerror', @@ -1219,6 +1221,8 @@ $wgMessageStructure = array( 'right-editusercssjs', 'right-editusercss', 'right-edituserjs', + 'right-editmyusercss', + 'right-editmyuserjs', 'right-rollback', 'right-markbotedits', 'right-noratelimit', diff --git a/tests/phpunit/includes/TitlePermissionTest.php b/tests/phpunit/includes/TitlePermissionTest.php index f0eb76f2da..6ae995e19c 100644 --- a/tests/phpunit/includes/TitlePermissionTest.php +++ b/tests/phpunit/includes/TitlePermissionTest.php @@ -402,41 +402,78 @@ class TitlePermissionTest extends MediaWikiLangTestCase { function testCssAndJavascriptPermissions() { $this->setUser( $this->userName ); + $this->setTitle( NS_USER, $this->userName . '/test.js' ); + $this->runCSSandJSPermissions( + array( array( 'badaccess-group0' ), array( 'mycustomjsprotected' ) ), + array( array( 'badaccess-group0' ), array( 'mycustomjsprotected' ) ), + array( array( 'badaccess-group0' ) ), + array( array( 'badaccess-group0' ), array( 'mycustomjsprotected' ) ), + array( array( 'badaccess-group0' ) ) + ); + + $this->setTitle( NS_USER, $this->userName . '/test.css' ); + $this->runCSSandJSPermissions( + array( array( 'badaccess-group0' ), array( 'mycustomcssprotected' ) ), + array( array( 'badaccess-group0' ) ), + array( array( 'badaccess-group0' ), array( 'mycustomcssprotected' ) ), + array( array( 'badaccess-group0' ) ), + array( array( 'badaccess-group0' ), array( 'mycustomcssprotected' ) ) + ); + $this->setTitle( NS_USER, $this->altUserName . '/test.js' ); $this->runCSSandJSPermissions( array( array( 'badaccess-group0' ), array( 'customjsprotected' ) ), array( array( 'badaccess-group0' ), array( 'customjsprotected' ) ), - array( array( 'badaccess-group0' ) ) ); + array( array( 'badaccess-group0' ), array( 'customjsprotected' ) ), + array( array( 'badaccess-group0' ), array( 'customjsprotected' ) ), + array( array( 'badaccess-group0' ) ) + ); $this->setTitle( NS_USER, $this->altUserName . '/test.css' ); $this->runCSSandJSPermissions( + array( array( 'badaccess-group0' ), array( 'customcssprotected' ) ), + array( array( 'badaccess-group0' ), array( 'customcssprotected' ) ), array( array( 'badaccess-group0' ), array( 'customcssprotected' ) ), array( array( 'badaccess-group0' ) ), - array( array( 'badaccess-group0' ), array( 'customcssprotected' ) ) ); + array( array( 'badaccess-group0' ), array( 'customcssprotected' ) ) + ); $this->setTitle( NS_USER, $this->altUserName . '/tempo' ); $this->runCSSandJSPermissions( array( array( 'badaccess-group0' ) ), array( array( 'badaccess-group0' ) ), - array( array( 'badaccess-group0' ) ) ); + array( array( 'badaccess-group0' ) ), + array( array( 'badaccess-group0' ) ), + array( array( 'badaccess-group0' ) ) + ); } - function runCSSandJSPermissions( $result0, $result1, $result2 ) { + function runCSSandJSPermissions( $result0, $result1, $result2, $result3, $result4 ) { $this->setUserPerm( '' ); $this->assertEquals( $result0, $this->title->getUserPermissionsErrors( 'bogus', $this->user ) ); - $this->setUserPerm( 'editusercss' ); + $this->setUserPerm( 'editmyusercss' ); $this->assertEquals( $result1, $this->title->getUserPermissionsErrors( 'bogus', $this->user ) ); - $this->setUserPerm( 'edituserjs' ); + $this->setUserPerm( 'editmyuserjs' ); $this->assertEquals( $result2, $this->title->getUserPermissionsErrors( 'bogus', $this->user ) ); + $this->setUserPerm( 'editusercss' ); + $this->assertEquals( $result3, + $this->title->getUserPermissionsErrors( 'bogus', + $this->user ) ); + + $this->setUserPerm( 'edituserjs' ); + $this->assertEquals( $result4, + $this->title->getUserPermissionsErrors( 'bogus', + $this->user ) ); + $this->setUserPerm( 'editusercssjs' ); $this->assertEquals( array( array( 'badaccess-group0' ) ), $this->title->getUserPermissionsErrors( 'bogus', -- 2.20.1