$this->useTransactionalTimeLimit();
$params = $this->extractRequestParams();
- $this->checkUserRightsAny( 'undelete' );
$user = $this->getUser();
if ( $user->isBlocked() ) {
$this->dieWithError( [ 'apierror-invalidtitle', wfEscapeWikiText( $params['title'] ) ] );
}
+ if ( !$titleObj->userCan( 'undelete', $user, 'secure' ) ) {
+ $this->dieWithError( 'permdenied-undelete' );
+ }
+
// Check if user can add tags
if ( !is_null( $params['tags'] ) ) {
$ableToTag = ChangeTags::canAddTagsAccompanyingChange( $params['tags'], $user );