api: Make ApiQuery(All)DeletedRevisions accessible to everyone

Effectively removes the 'deletedhistory' requirement, as this API does
not expose more information than the public toolforge database replica.

Bug: T232389
Change-Id: I84dc138aa310b601423161d1140891d47f8c64d8

diff --git a/RELEASE-NOTES-1.34 b/RELEASE-NOTES-1.34
index 2e220af..47d4d2b 100644 (file)
--- a/RELEASE-NOTES-1.34
+++ b/RELEASE-NOTES-1.34
@@ -162,8 +162,8 @@ $wgPasswordPolicy['policies']['default']['PasswordNotInLargeBlacklist'] = false;
 === Action API changes in 1.34 ===
 * The 'recenteditcount' response property from action=query list=allusers,
   deprecated in 1.25, has been removed.
-* (T60993) action=query list=filearchive no longer requires the 'deletedhistory'
-  user right.
+* (T60993) action=query list=filearchive, list=alldeletedrevisions and
+  prop=deletedrevisions no longer require the 'deletedhistory' user right.
 
 === Action API internal changes in 1.34 ===
 * The exception thrown in ApiModuleManager::getModule has been changed

diff --git a/includes/api/ApiQueryAllDeletedRevisions.php b/includes/api/ApiQueryAllDeletedRevisions.php
index 7d6d342..2a49984 100644 (file)
--- a/includes/api/ApiQueryAllDeletedRevisions.php
+++ b/includes/api/ApiQueryAllDeletedRevisions.php
@@ -43,9 +43,6 @@ class ApiQueryAllDeletedRevisions extends ApiQueryRevisionsBase {
         * @return void
         */
        protected function run( ApiPageSet $resultPageSet = null ) {
-               // Before doing anything at all, let's check permissions
-               $this->checkUserRightsAny( 'deletedhistory' );
-
                $user = $this->getUser();
                $db = $this->getDB();
                $params = $this->extractRequestParams( false );
@@ -144,8 +141,15 @@ class ApiQueryAllDeletedRevisions extends ApiQueryRevisionsBase {
                }
 
                // This means stricter restrictions
-               if ( $this->fetchContent ) {
-                       $this->checkUserRightsAny( [ 'deletedtext', 'undelete' ] );
+               if ( ( $this->fld_comment || $this->fld_parsedcomment ) &&
+                       !$this->getPermissionManager()->userHasRight( $user, 'deletedhistory' )
+               ) {
+                       $this->dieWithError( 'apierror-cantview-deleted-comment', 'permissiondenied' );
+               }
+               if ( $this->fetchContent &&
+                       !$this->getPermissionManager()->userHasAnyRight( $user, 'deletedtext', 'undelete' )
+               ) {
+                       $this->dieWithError( 'apierror-cantview-deleted-revision-content', 'permissiondenied' );
                }
 
                $miser_ns = null;
@@ -235,8 +239,6 @@ class ApiQueryAllDeletedRevisions extends ApiQueryRevisionsBase {
 
                if ( !is_null( $params['user'] ) || !is_null( $params['excludeuser'] ) ) {
                        // Paranoia: avoid brute force searches (T19342)
-                       // (shouldn't be able to get here without 'deletedhistory', but
-                       // check it again just in case)
                        if ( !$this->getPermissionManager()->userHasRight( $user, 'deletedhistory' ) ) {
                                $bitmask = RevisionRecord::DELETED_USER;
                        } elseif ( !$this->getPermissionManager()

diff --git a/includes/api/ApiQueryDeletedRevisions.php b/includes/api/ApiQueryDeletedRevisions.php
index fc88499..12fd20a 100644 (file)
--- a/includes/api/ApiQueryDeletedRevisions.php
+++ b/includes/api/ApiQueryDeletedRevisions.php
@@ -40,8 +40,6 @@ class ApiQueryDeletedRevisions extends ApiQueryRevisionsBase {
 
        protected function run( ApiPageSet $resultPageSet = null ) {
                $user = $this->getUser();
-               // Before doing anything at all, let's check permissions
-               $this->checkUserRightsAny( 'deletedhistory' );
 
                $pageSet = $this->getPageSet();
                $pageMap = $pageSet->getGoodAndMissingTitlesByNamespace();
@@ -95,8 +93,15 @@ class ApiQueryDeletedRevisions extends ApiQueryRevisionsBase {
                }
 
                // This means stricter restrictions
-               if ( $this->fetchContent ) {
-                       $this->checkUserRightsAny( [ 'deletedtext', 'undelete' ] );
+               if ( ( $this->fld_comment || $this->fld_parsedcomment ) &&
+                       !$this->getPermissionManager()->userHasRight( $user, 'deletedhistory' )
+               ) {
+                       $this->dieWithError( 'apierror-cantview-deleted-comment', 'permissiondenied' );
+               }
+               if ( $this->fetchContent &&
+                       !$this->getPermissionManager()->userHasAnyRight( $user, 'deletedtext', 'undelete' )
+               ) {
+                       $this->dieWithError( 'apierror-cantview-deleted-revision-content', 'permissiondenied' );
                }
 
                $dir = $params['dir'];
@@ -130,8 +135,6 @@ class ApiQueryDeletedRevisions extends ApiQueryRevisionsBase {
 
                if ( !is_null( $params['user'] ) || !is_null( $params['excludeuser'] ) ) {
                        // Paranoia: avoid brute force searches (T19342)
-                       // (shouldn't be able to get here without 'deletedhistory', but
-                       // check it again just in case)
                        if ( !$this->getPermissionManager()->userHasRight( $user, 'deletedhistory' ) ) {
                                $bitmask = RevisionRecord::DELETED_USER;
                        } elseif ( !$this->getPermissionManager()

diff --git a/includes/api/i18n/en.json b/includes/api/i18n/en.json
index 35e45f1..cc5e872 100644 (file)
--- a/includes/api/i18n/en.json
+++ b/includes/api/i18n/en.json
@@ -1727,8 +1727,10 @@
        "apierror-cantoverwrite-sharedfile": "The target file exists on a shared repository and you do not have permission to override it.",
        "apierror-cantsend": "You are not logged in, you do not have a confirmed email address, or you are not allowed to send email to other users, so you cannot send email.",
        "apierror-cantundelete": "Couldn't undelete: the requested revisions may not exist, or may have been undeleted already.",
+       "apierror-cantview-deleted-comment": "You don't have permission to view deleted comments.",
        "apierror-cantview-deleted-description": "You don't have permission to view descriptions of deleted files.",
        "apierror-cantview-deleted-metadata": "You don't have permission to view metadata of deleted files.",
+       "apierror-cantview-deleted-revision-content": "You don't have permission to view content of deleted revisions.",
        "apierror-changeauth-norequest": "Failed to create change request.",
        "apierror-chunk-too-small": "Minimum chunk size is $1 {{PLURAL:$1|byte|bytes}} for non-final chunks.",
        "apierror-cidrtoobroad": "$1 CIDR ranges broader than /$2 are not accepted.",

diff --git a/includes/api/i18n/qqq.json b/includes/api/i18n/qqq.json
index e796d25..b648443 100644 (file)
--- a/includes/api/i18n/qqq.json
+++ b/includes/api/i18n/qqq.json
@@ -1615,8 +1615,10 @@
        "apierror-cantoverwrite-sharedfile": "{{doc-apierror}}",
        "apierror-cantsend": "{{doc-apierror}}",
        "apierror-cantundelete": "{{doc-apierror}}",
+       "apierror-cantview-deleted-comment": "{{doc-apierror}}",
        "apierror-cantview-deleted-description": "{{doc-apierror}}",
        "apierror-cantview-deleted-metadata": "{{doc-apierror}}",
+       "apierror-cantview-deleted-revision-content": "{{doc-apierror}}",
        "apierror-changeauth-norequest": "{{doc-apierror}}",
        "apierror-chunk-too-small": "{{doc-apierror}}\n\nParameters:\n* $1 - Minimum size in bytes.",
        "apierror-cidrtoobroad": "{{doc-apierror}}\n\nParameters:\n* $1 - \"IPv4\" or \"IPv6\"\n* $2 - Minimum CIDR mask length.",