Replace User::isAllowed with PermissionManager.

[lhc/web/wiklou.git] / includes / api / ApiQueryRevisions.php

diff --git a/includes/api/ApiQueryRevisions.php b/includes/api/ApiQueryRevisions.php
index ee6a264..3a06e36 100644 (file)
--- a/includes/api/ApiQueryRevisions.php
+++ b/includes/api/ApiQueryRevisions.php
@@ -76,7 +76,8 @@ class ApiQueryRevisions extends ApiQueryRevisionsBase {
         */
        public static function getRollbackToken( $pageid, $title, $rev ) {
                global $wgUser;
-               if ( !$wgUser->isAllowed( 'rollback' ) ) {
+               if ( !MediaWikiServices::getInstance()->getPermissionManager()
+                               ->userHasRight( $wgUser, 'rollback' ) ) {
                        return false;
                }
 
@@ -201,11 +202,12 @@ class ApiQueryRevisions extends ApiQueryRevisionsBase {
 
                if ( $resultPageSet === null && $this->fetchContent ) {
                        // For each page we will request, the user must have read rights for that page
-                       $user = $this->getUser();
                        $status = Status::newGood();
+                       $user = $this->getUser();
+
                        /** @var Title $title */
                        foreach ( $pageSet->getGoodTitles() as $title ) {
-                               if ( !$title->userCan( 'read', $user ) ) {
+                               if ( !$this->getPermissionManager()->userCan( 'read', $user, $title ) ) {
                                        $status->fatal( ApiMessage::create(
                                                [ 'apierror-cannotviewtitle', wfEscapeWikiText( $title->getPrefixedText() ) ],
                                                'accessdenied'
@@ -331,7 +333,7 @@ class ApiQueryRevisions extends ApiQueryRevisionsBase {
                        }
                        if ( $params['user'] !== null || $params['excludeuser'] !== null ) {
                                // Paranoia: avoid brute force searches (T19342)
-                               if ( !$this->getUser()->isAllowed( 'deletedhistory' ) ) {
+                               if ( !$this->getPermissionManager()->userHasRight( $this->getUser(), 'deletedhistory' ) ) {
                                        $bitmask = RevisionRecord::DELETED_USER;
                                } elseif ( !$this->getUser()->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
                                        $bitmask = RevisionRecord::DELETED_USER | RevisionRecord::DELETED_RESTRICTED;