Do not insert page titles into querycache.qc_value

[lhc/web/wiklou.git] / includes / watcheditem / WatchedItemQueryService.php

diff --git a/includes/watcheditem/WatchedItemQueryService.php b/includes/watcheditem/WatchedItemQueryService.php
index f6ad623..d8e4985 100644 (file)
--- a/includes/watcheditem/WatchedItemQueryService.php
+++ b/includes/watcheditem/WatchedItemQueryService.php
@@ -1,6 +1,8 @@
 <?php
 
 use MediaWiki\Linker\LinkTarget;
+use MediaWiki\Permissions\PermissionManager;
+use MediaWiki\Revision\RevisionRecord;
 use MediaWiki\User\UserIdentity;
 use Wikimedia\Assert\Assert;
 use Wikimedia\Rdbms\IDatabase;
@@ -69,16 +71,21 @@ class WatchedItemQueryService {
        /** @var WatchedItemStoreInterface */
        private $watchedItemStore;
 
+       /** @var PermissionManager */
+       private $permissionManager;
+
        public function __construct(
                ILoadBalancer $loadBalancer,
                CommentStore $commentStore,
                ActorMigration $actorMigration,
-               WatchedItemStoreInterface $watchedItemStore
+               WatchedItemStoreInterface $watchedItemStore,
+               PermissionManager $permissionManager
        ) {
                $this->loadBalancer = $loadBalancer;
                $this->commentStore = $commentStore;
                $this->actorMigration = $actorMigration;
                $this->watchedItemStore = $watchedItemStore;
+               $this->permissionManager = $permissionManager;
        }
 
        /**
@@ -548,7 +555,7 @@ class WatchedItemQueryService {
                return $conds;
        }
 
-       private function getUserRelatedConds( IDatabase $db, User $user, array $options ) {
+       private function getUserRelatedConds( IDatabase $db, UserIdentity $user, array $options ) {
                if ( !array_key_exists( 'onlyByUser', $options ) && !array_key_exists( 'notByUser', $options ) ) {
                        return [];
                }
@@ -565,10 +572,12 @@ class WatchedItemQueryService {
 
                // Avoid brute force searches (T19342)
                $bitmask = 0;
-               if ( !$user->isAllowed( 'deletedhistory' ) ) {
-                       $bitmask = Revision::DELETED_USER;
-               } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
-                       $bitmask = Revision::DELETED_USER | Revision::DELETED_RESTRICTED;
+               if ( !$this->permissionManager->userHasRight( $user, 'deletedhistory' ) ) {
+                       $bitmask = RevisionRecord::DELETED_USER;
+               } elseif ( !$this->permissionManager
+                       ->userHasAnyRight( $user, 'suppressrevision', 'viewsuppressed' )
+               ) {
+                       $bitmask = RevisionRecord::DELETED_USER | RevisionRecord::DELETED_RESTRICTED;
                }
                if ( $bitmask ) {
                        $conds[] = $db->bitAnd( 'rc_deleted', $bitmask ) . " != $bitmask";
@@ -577,13 +586,15 @@ class WatchedItemQueryService {
                return $conds;
        }
 
-       private function getExtraDeletedPageLogEntryRelatedCond( IDatabase $db, User $user ) {
+       private function getExtraDeletedPageLogEntryRelatedCond( IDatabase $db, UserIdentity $user ) {
                // LogPage::DELETED_ACTION hides the affected page, too. So hide those
                // entirely from the watchlist, or someone could guess the title.
                $bitmask = 0;
-               if ( !$user->isAllowed( 'deletedhistory' ) ) {
+               if ( !$this->permissionManager->userHasRight( $user, 'deletedhistory' ) ) {
                        $bitmask = LogPage::DELETED_ACTION;
-               } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
+               } elseif ( !$this->permissionManager
+                       ->userHasAnyRight( $user, 'suppressrevision', 'viewsuppressed' )
+               ) {
                        $bitmask = LogPage::DELETED_ACTION | LogPage::DELETED_RESTRICTED;
                }
                if ( $bitmask ) {