SECURITY: Add permission check for user is permitted to view the log type

[lhc/web/wiklou.git] / includes / logging / LogEventsList.php

diff --git a/includes/logging/LogEventsList.php b/includes/logging/LogEventsList.php
index 93a81cf..d97ddfd 100644 (file)
--- a/includes/logging/LogEventsList.php
+++ b/includes/logging/LogEventsList.php
@@ -520,7 +520,7 @@ class LogEventsList extends ContextSource {
 
        /**
         * Determine if the current user is allowed to view a particular
-        * field of this log row, if it's marked as deleted.
+        * field of this log row, if it's marked as deleted and/or restricted log type.
         *
         * @param stdClass $row
         * @param int $field
@@ -528,7 +528,8 @@ class LogEventsList extends ContextSource {
         * @return bool
         */
        public static function userCan( $row, $field, User $user = null ) {
-               return self::userCanBitfield( $row->log_deleted, $field, $user );
+               return self::userCanBitfield( $row->log_deleted, $field, $user ) &&
+                       self::userCanViewLogType( $row->log_type, $user );
        }
 
        /**
@@ -558,6 +559,26 @@ class LogEventsList extends ContextSource {
                return true;
        }
 
+       /**
+        * Determine if the current user is allowed to view a particular
+        * field of this log row, if it's marked as restricted log type.
+        *
+        * @param stdClass $type
+        * @param User|null $user User to check, or null to use $wgUser
+        * @return bool
+        */
+       public static function userCanViewLogType( $type, User $user = null ) {
+               if ( $user === null ) {
+                       global $wgUser;
+                       $user = $wgUser;
+               }
+               $logRestrictions = MediaWikiServices::getInstance()->getMainConfig()->get( 'LogRestrictions' );
+               if ( isset( $logRestrictions[$type] ) && !$user->isAllowed( $logRestrictions[$type] ) ) {
+                       return false;
+               }
+               return true;
+       }
+
        /**
         * @param stdClass $row
         * @param int $field One of DELETED_* bitfield constants