* @return void
*/
protected function run( ApiPageSet $resultPageSet = null ) {
- // Before doing anything at all, let's check permissions
- $this->checkUserRightsAny( 'deletedhistory' );
-
$user = $this->getUser();
$db = $this->getDB();
$params = $this->extractRequestParams( false );
}
// This means stricter restrictions
- if ( $this->fetchContent ) {
- $this->checkUserRightsAny( [ 'deletedtext', 'undelete' ] );
+ if ( ( $this->fld_comment || $this->fld_parsedcomment ) &&
+ !$this->getPermissionManager()->userHasRight( $user, 'deletedhistory' )
+ ) {
+ $this->dieWithError( 'apierror-cantview-deleted-comment', 'permissiondenied' );
+ }
+ if ( $this->fetchContent &&
+ !$this->getPermissionManager()->userHasAnyRight( $user, 'deletedtext', 'undelete' )
+ ) {
+ $this->dieWithError( 'apierror-cantview-deleted-revision-content', 'permissiondenied' );
}
$miser_ns = null;
if ( !is_null( $params['user'] ) || !is_null( $params['excludeuser'] ) ) {
// Paranoia: avoid brute force searches (T19342)
- // (shouldn't be able to get here without 'deletedhistory', but
- // check it again just in case)
if ( !$this->getPermissionManager()->userHasRight( $user, 'deletedhistory' ) ) {
$bitmask = RevisionRecord::DELETED_USER;
} elseif ( !$this->getPermissionManager()