protected function run( ApiPageSet $resultPageSet = null ) {
$user = $this->getUser();
- // Before doing anything at all, let's check permissions
- $this->checkUserRightsAny( 'deletedhistory' );
$pageSet = $this->getPageSet();
$pageMap = $pageSet->getGoodAndMissingTitlesByNamespace();
}
}
- if ( $this->fetchContent ) {
- $this->addTables( 'text' );
- $this->addJoinConds(
- [ 'text' => [ 'LEFT JOIN', [ 'ar_text_id=old_id' ] ] ]
- );
- $this->addFields( [ 'old_text', 'old_flags' ] );
-
- // This also means stricter restrictions
- $this->checkUserRightsAny( [ 'deletedtext', 'undelete' ] );
+ // This means stricter restrictions
+ if ( ( $this->fld_comment || $this->fld_parsedcomment ) &&
+ !$this->getPermissionManager()->userHasRight( $user, 'deletedhistory' )
+ ) {
+ $this->dieWithError( 'apierror-cantview-deleted-comment', 'permissiondenied' );
+ }
+ if ( $this->fetchContent &&
+ !$this->getPermissionManager()->userHasAnyRight( $user, 'deletedtext', 'undelete' )
+ ) {
+ $this->dieWithError( 'apierror-cantview-deleted-revision-content', 'permissiondenied' );
}
$dir = $params['dir'];
if ( !is_null( $params['user'] ) || !is_null( $params['excludeuser'] ) ) {
// Paranoia: avoid brute force searches (T19342)
- // (shouldn't be able to get here without 'deletedhistory', but
- // check it again just in case)
- if ( !$user->isAllowed( 'deletedhistory' ) ) {
+ if ( !$this->getPermissionManager()->userHasRight( $user, 'deletedhistory' ) ) {
$bitmask = RevisionRecord::DELETED_USER;
- } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
+ } elseif ( !$this->getPermissionManager()
+ ->userHasAnyRight( $this->getUser(), 'suppressrevision', 'viewsuppressed' )
+ ) {
$bitmask = RevisionRecord::DELETED_USER | RevisionRecord::DELETED_RESTRICTED;
} else {
$bitmask = 0;
dépôts / lhc / web / wiklou.git / blobdiff