// allowed and a valid edit token is not provided (T73111). However, MediaWiki
// does not currently provide logged-out users with CSRF protection; in that case,
// do not show the preview unless anonymous editing is allowed.
- if ( $user->isAnon() && !$user->isAllowed( 'edit' ) ) {
+ if ( $user->isAnon() && !MediaWikiServices::getInstance()
+ ->getPermissionManager()
+ ->userHasRight( $user, 'edit' )
+ ) {
$error = [ 'expand_templates_preview_fail_html_anon' ];
} elseif ( !$user->matchEditToken( $request->getVal( 'wpEditToken' ), '', $request ) ) {
$error = [ 'expand_templates_preview_fail_html' ];