Merge "Allow users who are partially blocked to delete revisions."

diff --git a/includes/api/ApiRevisionDelete.php b/includes/api/ApiRevisionDelete.php
index 1ee91c2..60b24f0 100644 (file)
--- a/includes/api/ApiRevisionDelete.php
+++ b/includes/api/ApiRevisionDelete.php
@@ -38,12 +38,6 @@ class ApiRevisionDelete extends ApiBase {
                $user = $this->getUser();
                $this->checkUserRightsAny( RevisionDeleter::getRestriction( $params['type'] ) );
 
-               // @TODO Use PermissionManager::isBlockedFrom() instead.
-               $block = $user->getBlock();
-               if ( $block ) {
-                       $this->dieBlocked( $block );
-               }
-
                if ( !$params['ids'] ) {
                        $this->dieWithError( [ 'apierror-paramempty', 'ids' ], 'paramempty_ids' );
                }
@@ -97,6 +91,10 @@ class ApiRevisionDelete extends ApiBase {
                        $this->dieWithError( [ 'apierror-revdel-needtarget' ], 'needtarget' );
                }
 
+               if ( $this->getPermissionManager()->isBlockedFrom( $user, $targetObj ) ) {
+                       $this->dieBlocked( $user->getBlock() );
+               }
+
                $list = RevisionDeleter::createList(
                        $params['type'], $this->getContext(), $targetObj, $params['ids']
                );

diff --git a/includes/specialpage/SpecialPageFactory.php b/includes/specialpage/SpecialPageFactory.php
index 5ac5f82..b83be91 100644 (file)
--- a/includes/specialpage/SpecialPageFactory.php
+++ b/includes/specialpage/SpecialPageFactory.php
@@ -209,7 +209,12 @@ class SpecialPageFactory {
                'NewSection' => \SpecialNewSection::class,
                'PermanentLink' => \SpecialPermanentLink::class,
                'Redirect' => \SpecialRedirect::class,
-               'Revisiondelete' => \SpecialRevisionDelete::class,
+               'Revisiondelete' => [
+                       'class' => \SpecialRevisionDelete::class,
+                       'services' => [
+                               'PermissionManager',
+                       ],
+               ],
                'RunJobs' => \SpecialRunJobs::class,
                'Specialpages' => \SpecialSpecialpages::class,
                'PageData' => \SpecialPageData::class,

diff --git a/includes/specials/SpecialRevisionDelete.php b/includes/specials/SpecialRevisionDelete.php
index 7444225..437263f 100644 (file)
--- a/includes/specials/SpecialRevisionDelete.php
+++ b/includes/specials/SpecialRevisionDelete.php
@@ -22,6 +22,7 @@
  */
 
 use MediaWiki\Storage\RevisionRecord;
+use MediaWiki\Permissions\PermissionManager;
 
 /**
  * Special page allowing users with the appropriate permissions to view
@@ -66,6 +67,9 @@ class SpecialRevisionDelete extends UnlistedSpecialPage {
        /** @var string */
        private $otherReason;
 
+       /** @var PermissionManager */
+       private $permissionManager;
+
        /**
         * UI labels for each type.
         */
@@ -107,8 +111,15 @@ class SpecialRevisionDelete extends UnlistedSpecialPage {
                ],
        ];
 
-       public function __construct() {
+       /**
+        * @inheritDoc
+        *
+        * @param PermissionManager $permissionManager
+        */
+       public function __construct( PermissionManager $permissionManager ) {
                parent::__construct( 'Revisiondelete', 'deleterevision' );
+
+               $this->permissionManager = $permissionManager;
        }
 
        public function doesWrites() {
@@ -124,13 +135,6 @@ class SpecialRevisionDelete extends UnlistedSpecialPage {
                $output = $this->getOutput();
                $user = $this->getUser();
 
-               // Check blocks
-               // @TODO Use PermissionManager::isBlockedFrom() instead.
-               $block = $user->getBlock();
-               if ( $block ) {
-                       throw new UserBlockedError( $block );
-               }
-
                $this->setHeaders();
                $this->outputHeader();
                $request = $this->getRequest();
@@ -180,6 +184,11 @@ class SpecialRevisionDelete extends UnlistedSpecialPage {
                        return;
                }
 
+               // Check blocks
+               if ( $this->permissionManager->isBlockedFrom( $user, $this->targetObj ) ) {
+                       throw new UserBlockedError( $user->getBlock() );
+               }
+
                $this->typeLabels = self::$UILabels[$this->typeName];
                $list = $this->getList();
                $list->reset();

diff --git a/tests/phpunit/includes/api/ApiRevisionDeleteTest.php b/tests/phpunit/includes/api/ApiRevisionDeleteTest.php
index 5dcea65..7dc63fb 100644 (file)
--- a/tests/phpunit/includes/api/ApiRevisionDeleteTest.php
+++ b/tests/phpunit/includes/api/ApiRevisionDeleteTest.php
@@ -1,5 +1,8 @@
 <?php
 
+use MediaWiki\Block\DatabaseBlock;
+use MediaWiki\Block\Restriction\PageRestriction;
+
 /**
  * Tests for action=revisiondelete
  * @covers APIRevisionDelete
@@ -113,4 +116,32 @@ class ApiRevisionDeleteTest extends ApiTestCase {
                $this->assertTrue( $item['texthidden'], 'texthidden' );
                $this->assertEquals( $item['id'], $revid );
        }
+
+       public function testPartiallyBlockedPage() {
+               $this->setExpectedApiException( 'apierror-blocked-partial' );
+
+               $user = static::getTestSysop()->getUser();
+
+               $block = new DatabaseBlock( [
+                       'address' => $user,
+                       'by' => static::getTestSysop()->getUser()->getId(),
+                       'sitewide' => false,
+               ] );
+
+               $block->setRestrictions( [
+                       new PageRestriction( 0, Title::newFromText( self::$page )->getArticleID() )
+               ] );
+               $block->insert();
+
+               $revid = array_shift( $this->revs );
+
+               $this->doApiRequest( [
+                       'action' => 'revisiondelete',
+                       'type' => 'revision',
+                       'target' => self::$page,
+                       'ids' => $revid,
+                       'hide' => 'content|user|comment',
+                       'token' => $user->getEditToken(),
+               ] );
+       }
 }