Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wiki.techinc.nl/includes/actions/WatchAction.php

180 lines
4.9 KiB
PHP
Raw Normal View History

r86001, now with less scariness :P I took out the delete action and did purge instead, which is a much more self-contained action-with-a-form. Also implement a few changes suggested by Brion on IRC last night.
2011-04-14 10:38:29 +00:00
<?php
/**
Split UnwatchAction into own class Change-Id: Ief650c115237214345bef7733d33967f0e042521
2014-08-07 00:40:35 +00:00
* Performs the watch actions on a page
r86001, now with less scariness :P I took out the delete action and did purge instead, which is a much more self-contained action-with-a-form. Also implement a few changes suggested by Brion on IRC last night.
2011-04-14 10:38:29 +00:00
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*
* @file
* @ingroup Actions
*/
Documentation improvements in includes/actions - Separate file and class documentation - Add some missing class documentation - Fix erroneous documentation Change-Id: I35c846ad63e837165b79456dc89d330498aebf64
2013-03-05 15:39:35 +00:00
/**
* Page addition to a user's watchlist
*
* @ingroup Actions
*/
* Made (un)watch action show a form if the token is bad/missing (this handles unwatch links given in emails) * Changed misleading watch/unwatch subtitle msgs
2011-07-12 21:58:23 +00:00
class WatchAction extends FormAction {
r86001, now with less scariness :P I took out the delete action and did purge instead, which is a much more self-contained action-with-a-form. Also implement a few changes suggested by Brion on IRC last night.
2011-04-14 10:38:29 +00:00
Follow-up r 86041 per CR and IRC: * Article constructor needs to be called with zero as second parameter * Run stylize.php over new files * Add Action::getLang() for consistency with other context accessors * Fix declaration of FormAction::alterForm(), doesn't need to be passed by reference * Fix inline use of Credits::getCredits() in SkinTemplate and SkinLegacy
2011-04-14 12:17:24 +00:00
public function getName() {
r86001, now with less scariness :P I took out the delete action and did purge instead, which is a much more self-contained action-with-a-form. Also implement a few changes suggested by Brion on IRC last night.
2011-04-14 10:38:29 +00:00
return 'watch';
}
Follow-up r 86041 per CR and IRC: * Article constructor needs to be called with zero as second parameter * Run stylize.php over new files * Add Action::getLang() for consistency with other context accessors * Fix declaration of FormAction::alterForm(), doesn't need to be passed by reference * Fix inline use of Credits::getCredits() in SkinTemplate and SkinLegacy
2011-04-14 12:17:24 +00:00
public function requiresUnblock() {
r86001, now with less scariness :P I took out the delete action and did purge instead, which is a much more self-contained action-with-a-form. Also implement a few changes suggested by Brion on IRC last night.
2011-04-14 10:38:29 +00:00
return false;
}
Follow-up r 86041 per CR and IRC: * Article constructor needs to be called with zero as second parameter * Run stylize.php over new files * Add Action::getLang() for consistency with other context accessors * Fix declaration of FormAction::alterForm(), doesn't need to be passed by reference * Fix inline use of Credits::getCredits() in SkinTemplate and SkinLegacy
2011-04-14 12:17:24 +00:00
protected function getDescription() {
Convert various FormActions to OOUI Support for OOUI is added to FormAction, and subclasses can enable it as required. PurgeAction, RevertAction, WatchAction and UnwatchAction are converted to OOUI, with minor changes to the forms to give them a neater appearance. Bug: T160236 Change-Id: I5294e5d886e8641e9b63eabc9d7fa8ea93e0df96
2017-03-11 05:48:17 +00:00
return '';
r86001, now with less scariness :P I took out the delete action and did purge instead, which is a much more self-contained action-with-a-form. Also implement a few changes suggested by Brion on IRC last night.
2011-04-14 10:38:29 +00:00
}
* Made (un)watch action show a form if the token is bad/missing (this handles unwatch links given in emails) * Changed misleading watch/unwatch subtitle msgs
2011-07-12 21:58:23 +00:00
public function onSubmit( $data ) {
WatchAction::onSubmit return correct value, not always true The onSubmit method documentation states, that the caller can expect either true for a successfull run, false if not tried and an array of error messages in case of an failure. WatchAction however always returned false, even though a Status object is availble with all needed information. The behaviour of WatchAction::onSubmit is now changed to return the appropriate value taken from the returned Status object of WatchAction::doSelf. Also: * Added WatchAction test class to higher test coverage, especially for the static methods * Marked getUnwatchToken as deprecated, it's not used and a caller can easily switch to getWatchToken with "unwatch" as the action parameter Change-Id: I2c1b91e1884a0d5f27f5e7ab9eafd6173642c21c
2018-05-18 20:08:09 +00:00
return self::doWatch( $this->getTitle(), $this->getUser() );
* Made (un)watch action show a form if the token is bad/missing (this handles unwatch links given in emails) * Changed misleading watch/unwatch subtitle msgs
2011-07-12 21:58:23 +00:00
}
protected function checkCanExecute( User $user ) {
// Must be logged in
if ( $user->isAnon() ) {
Make UserNotLoggedIn redirect to login page For pages like Special:Watchlist that throw a UserNotLoggedIn exception when the user is anonymous, this patch makes the page redirect to the login page automatically. This is instead of the current behavior of showing a link to the login page that the user must click. (Also, Special:Userlogin has existing functionality that will redirect the user back once they are logged in.) Bug: 15484 Change-Id: Idd9325374cb5dc13c4c057f45f88a33bdff523a9
2014-07-15 18:48:09 +00:00
throw new UserNotLoggedIn( 'watchlistanontext', 'watchnologin' );
* Made (un)watch action show a form if the token is bad/missing (this handles unwatch links given in emails) * Changed misleading watch/unwatch subtitle msgs
2011-07-12 21:58:23 +00:00
}
r86001, now with less scariness :P I took out the delete action and did purge instead, which is a much more self-contained action-with-a-form. Also implement a few changes suggested by Brion on IRC last night.
2011-04-14 10:38:29 +00:00
Remove return from Action::checkCanExecute No need to return true on success, because failure gives Exception, so the return value needs no checking. Change-Id: Id59bfaebc14bd1c638a721c303f585c1de627508
2014-08-03 18:42:25 +00:00
parent::checkCanExecute( $user );
r86001, now with less scariness :P I took out the delete action and did purge instead, which is a much more self-contained action-with-a-form. Also implement a few changes suggested by Brion on IRC last night.
2011-04-14 10:38:29 +00:00
}
WatchAction requires token (BREAKING CHANGE) * (bug 27655) Require token for watching/unwatching pages * Previously done for API (bug 29070) in r88522 * As with markpatrolled, the tokens are not compatible and made that way on purpose. The API requires the POST method and uses a universal token per-session. Since the front-end is all GET based (also per convention like in markpatrolled and rollback) they are stronger salted (title / action specific) * ajax.watch used the API already and was switched in r88554. * The actual watching/unwatching code was moved from WatchAction->onView to WatchAction::doWatch. This was done to allow the API to do the action without needing to generate a token like the front-end needs (or having to duplicate code). It is now similar to RecentChange::markPatrolled (in that it also a "central" function that does not care about tokens, it's called after the token-handling) * JavaScript / Gadgets that utilize action=watch in their scripts: ** Effects should be minimal as they should be using the API (see r88522 and wikitech-l) ** If they use index.php and scrap the link from the page, they can continue to do so. * There are links to the watch action all over the place. I've tried to catch most of them, but there may be some I miss. Migration in most cases is just a matter of adding an array item to the $query for: 'token' => WatchAction::getWatchToken( $title, $user [, $action] ) or changing: Action::factory( 'watch', $article )->execute(); to: WatchAction::doWatch( $title, $user ); While replacing the usages in some cases an instance of Article() no longer had to be created, in others $wgUser had to be retrieved from global (which was implied before but needs to be given directly now) Other notes: * Article->unwatch() and Article->watch(), which were deprecated as of 1.18 and are no longer used in core, may be broken in scenarios where the Request does not have a 'token' but is making a call to $article->watch() * Some extensions need to be fixed, I'm currently running a grep search and will fix them a.s.a.p [1] http://www.mediawiki.org/wiki/ResourceLoader/Default_modules?mw.user#tokens
2011-06-06 00:09:03 +00:00
Convert various FormActions to OOUI Support for OOUI is added to FormAction, and subclasses can enable it as required. PurgeAction, RevertAction, WatchAction and UnwatchAction are converted to OOUI, with minor changes to the forms to give them a neater appearance. Bug: T160236 Change-Id: I5294e5d886e8641e9b63eabc9d7fa8ea93e0df96
2017-03-11 05:48:17 +00:00
protected function usesOOUI() {
return true;
}
protected function getFormFields() {
return [
'intro' => [
'type' => 'info',
'vertical-label' => true,
'raw' => true,
'default' => $this->msg( 'confirm-watch-top' )->parse()
]
];
}
WatchAction: Require POST for index.php action=watch The GET variant was already rarely used because our frontend enchances these links with a click handler that uses AJAX to make a POST request to the API. The index.php url, nor its token, were used for the majority of users. Simplify this by stripping the 'token' query from these urls and requiring a POST request for index.php?action=watch and unwatch. * FormAction: Actually set a proper '<form action>' instead of letting HTMLForm default to a confusing title path (e.g. /wiki/Pagename). Article path should not be used for POST requests. * WatchAction: Group all FormAction-related methods together. * WatchAction: Make token consistent with other actions now that it is POST-only (no "stronger" salt containing the page title). * Remove ununsed mediawiki.page.startup dependency from mediawiki.page.watch.ajax. * WatchAction: If accessed over GET directly (e.g. for users without javascript) display a confirmation form that submits the token. Similar to PurgeAction. Change-Id: I504f457e68a133bcfc418cff13b838080fec1008
2015-09-28 21:32:45 +00:00
protected function alterForm( HTMLForm $form ) {
Convert various FormActions to OOUI Support for OOUI is added to FormAction, and subclasses can enable it as required. PurgeAction, RevertAction, WatchAction and UnwatchAction are converted to OOUI, with minor changes to the forms to give them a neater appearance. Bug: T160236 Change-Id: I5294e5d886e8641e9b63eabc9d7fa8ea93e0df96
2017-03-11 05:48:17 +00:00
$form->setWrapperLegendMsg( 'addwatch' );
WatchAction: Require POST for index.php action=watch The GET variant was already rarely used because our frontend enchances these links with a click handler that uses AJAX to make a POST request to the API. The index.php url, nor its token, were used for the majority of users. Simplify this by stripping the 'token' query from these urls and requiring a POST request for index.php?action=watch and unwatch. * FormAction: Actually set a proper '<form action>' instead of letting HTMLForm default to a confusing title path (e.g. /wiki/Pagename). Article path should not be used for POST requests. * WatchAction: Group all FormAction-related methods together. * WatchAction: Make token consistent with other actions now that it is POST-only (no "stronger" salt containing the page title). * Remove ununsed mediawiki.page.startup dependency from mediawiki.page.watch.ajax. * WatchAction: If accessed over GET directly (e.g. for users without javascript) display a confirmation form that submits the token. Similar to PurgeAction. Change-Id: I504f457e68a133bcfc418cff13b838080fec1008
2015-09-28 21:32:45 +00:00
$form->setSubmitTextMsg( 'confirm-watch-button' );
$form->setTokenSalt( 'watch' );
}
public function onSuccess() {
Use different message when (un)watching a page in talk namespace addedwatchtext and removedwatchtext uses the phrase "$1 and its discussion page". As this is inaccurate on talk namespace pages, two new messages, addedwatchtext-talk and removedwatchtext-talk, have been introduced for use in talk namespace pages. Bug: T87856 Change-Id: Iafd86402d3a2a65ce2be007c87c981ac08f44e67
2016-07-30 10:05:36 +00:00
$msgKey = $this->getTitle()->isTalkPage() ? 'addedwatchtext-talk' : 'addedwatchtext';
$this->getOutput()->addWikiMsg( $msgKey, $this->getTitle()->getPrefixedText() );
WatchAction: Require POST for index.php action=watch The GET variant was already rarely used because our frontend enchances these links with a click handler that uses AJAX to make a POST request to the API. The index.php url, nor its token, were used for the majority of users. Simplify this by stripping the 'token' query from these urls and requiring a POST request for index.php?action=watch and unwatch. * FormAction: Actually set a proper '<form action>' instead of letting HTMLForm default to a confusing title path (e.g. /wiki/Pagename). Article path should not be used for POST requests. * WatchAction: Group all FormAction-related methods together. * WatchAction: Make token consistent with other actions now that it is POST-only (no "stronger" salt containing the page title). * Remove ununsed mediawiki.page.startup dependency from mediawiki.page.watch.ajax. * WatchAction: If accessed over GET directly (e.g. for users without javascript) display a confirmation form that submits the token. Similar to PurgeAction. Change-Id: I504f457e68a133bcfc418cff13b838080fec1008
2015-09-28 21:32:45 +00:00
}
Add user rights 'viewmywatchlist', 'editmywatchlist' These are needed for OAuth grants. Note that, even if 'editmywatchlist' is not granted, various actions will still allow for adding but not removing of pages. Change-Id: Ie33446a228dd6ed0114730935c1bf65667f5ce01
2013-06-13 18:02:55 +00:00
/**
* Watch or unwatch a page
* @since 1.22
* @param bool $watch Whether to watch or unwatch the page
* @param Title $title Page to watch/unwatch
* @param User $user User who is watching/unwatching
* @return Status
*/
public static function doWatchOrUnwatch( $watch, Title $title, User $user ) {
Break long lines in Action classes Fixes CodeSniffer errors and warnigs. Change-Id: Ic9cf4b9c677b3168d7c9820e2694080907997ee3
2013-11-14 11:33:19 +00:00
if ( $user->isLoggedIn() &&
Move WatchedItem logic to WatchedItemStore This also removes assumptions that when a page in one Namespace should be watched / removed that the page in the talk / subject ns for the page should have the same action applied This should maintain all backward compatability for the WatchedItem class This also includes tests written by: - WMDE-leszek - Addshore Bug: T127956 Change-Id: Iad9abafe4417bb479151a3bfbee6e1c78a3afe3c
2016-02-01 11:53:01 +00:00
$user->isWatched( $title, User::IGNORE_USER_RIGHTS ) != $watch
Break long lines in Action classes Fixes CodeSniffer errors and warnigs. Change-Id: Ic9cf4b9c677b3168d7c9820e2694080907997ee3
2013-11-14 11:33:19 +00:00
) {
Add user rights 'viewmywatchlist', 'editmywatchlist' These are needed for OAuth grants. Note that, even if 'editmywatchlist' is not granted, various actions will still allow for adding but not removing of pages. Change-Id: Ie33446a228dd6ed0114730935c1bf65667f5ce01
2013-06-13 18:02:55 +00:00
// If the user doesn't have 'editmywatchlist', we still want to
// allow them to add but not remove items via edits and such.
if ( $watch ) {
Move WatchedItem logic to WatchedItemStore This also removes assumptions that when a page in one Namespace should be watched / removed that the page in the talk / subject ns for the page should have the same action applied This should maintain all backward compatability for the WatchedItem class This also includes tests written by: - WMDE-leszek - Addshore Bug: T127956 Change-Id: Iad9abafe4417bb479151a3bfbee6e1c78a3afe3c
2016-02-01 11:53:01 +00:00
return self::doWatch( $title, $user, User::IGNORE_USER_RIGHTS );
Add user rights 'viewmywatchlist', 'editmywatchlist' These are needed for OAuth grants. Note that, even if 'editmywatchlist' is not granted, various actions will still allow for adding but not removing of pages. Change-Id: Ie33446a228dd6ed0114730935c1bf65667f5ce01
2013-06-13 18:02:55 +00:00
} else {
return self::doUnwatch( $title, $user );
}
}
Update formatting Change-Id: I3cbe1f5e48730fbbe57e4b20a0c202edddc93c95
2013-11-14 11:18:26 +00:00
Add user rights 'viewmywatchlist', 'editmywatchlist' These are needed for OAuth grants. Note that, even if 'editmywatchlist' is not granted, various actions will still allow for adding but not removing of pages. Change-Id: Ie33446a228dd6ed0114730935c1bf65667f5ce01
2013-06-13 18:02:55 +00:00
return Status::newGood();
}
Return errors from WatchAction Currently, WatchAction::doWatch and WatchAction::doUnwatch return true always. Let's have them return a status object instead. This also cleans up the handling of Status objects in some of the API modules. Change-Id: I9dd9f0fd499c37f29fa12bcdb6142238a1f11e4d
2013-06-13 17:56:29 +00:00
/**
* Watch a page
Add user rights 'viewmywatchlist', 'editmywatchlist' These are needed for OAuth grants. Note that, even if 'editmywatchlist' is not granted, various actions will still allow for adding but not removing of pages. Change-Id: Ie33446a228dd6ed0114730935c1bf65667f5ce01
2013-06-13 18:02:55 +00:00
* @since 1.22 Returns Status, $checkRights parameter added
Return errors from WatchAction Currently, WatchAction::doWatch and WatchAction::doUnwatch return true always. Let's have them return a status object instead. This also cleans up the handling of Status objects in some of the API modules. Change-Id: I9dd9f0fd499c37f29fa12bcdb6142238a1f11e4d
2013-06-13 17:56:29 +00:00
* @param Title $title Page to watch/unwatch
* @param User $user User who is watching/unwatching
Move WatchedItem logic to WatchedItemStore This also removes assumptions that when a page in one Namespace should be watched / removed that the page in the talk / subject ns for the page should have the same action applied This should maintain all backward compatability for the WatchedItem class This also includes tests written by: - WMDE-leszek - Addshore Bug: T127956 Change-Id: Iad9abafe4417bb479151a3bfbee6e1c78a3afe3c
2016-02-01 11:53:01 +00:00
* @param bool $checkRights Passed through to $user->addWatch()
* Pass User::CHECK_USER_RIGHTS or User::IGNORE_USER_RIGHTS.
Return errors from WatchAction Currently, WatchAction::doWatch and WatchAction::doUnwatch return true always. Let's have them return a status object instead. This also cleans up the handling of Status objects in some of the API modules. Change-Id: I9dd9f0fd499c37f29fa12bcdb6142238a1f11e4d
2013-06-13 17:56:29 +00:00
* @return Status
*/
Move WatchedItem logic to WatchedItemStore This also removes assumptions that when a page in one Namespace should be watched / removed that the page in the talk / subject ns for the page should have the same action applied This should maintain all backward compatability for the WatchedItem class This also includes tests written by: - WMDE-leszek - Addshore Bug: T127956 Change-Id: Iad9abafe4417bb479151a3bfbee6e1c78a3afe3c
2016-02-01 11:53:01 +00:00
public static function doWatch(
Title $title,
User $user,
$checkRights = User::CHECK_USER_RIGHTS
Break long lines in Action classes Fixes CodeSniffer errors and warnigs. Change-Id: Ic9cf4b9c677b3168d7c9820e2694080907997ee3
2013-11-14 11:33:19 +00:00
) {
Move WatchedItem logic to WatchedItemStore This also removes assumptions that when a page in one Namespace should be watched / removed that the page in the talk / subject ns for the page should have the same action applied This should maintain all backward compatability for the WatchedItem class This also includes tests written by: - WMDE-leszek - Addshore Bug: T127956 Change-Id: Iad9abafe4417bb479151a3bfbee6e1c78a3afe3c
2016-02-01 11:53:01 +00:00
if ( $checkRights && !$user->isAllowed( 'editmywatchlist' ) ) {
Add user rights 'viewmywatchlist', 'editmywatchlist' These are needed for OAuth grants. Note that, even if 'editmywatchlist' is not granted, various actions will still allow for adding but not removing of pages. Change-Id: Ie33446a228dd6ed0114730935c1bf65667f5ce01
2013-06-13 18:02:55 +00:00
return User::newFatalPermissionDeniedStatus( 'editmywatchlist' );
}
Made UnwatchArticle, UnwatchArticleComplete, WatchArticle and WatchArticleComplete pass a WikiPage object instead of Article. There are two extensions (InterwikiIntegration and Syslog) that use these hooks and they don't Article-only methods so they won't break by this change.
2012-01-06 16:28:11 +00:00
$page = WikiPage::factory( $title );
WatchAction requires token (BREAKING CHANGE) * (bug 27655) Require token for watching/unwatching pages * Previously done for API (bug 29070) in r88522 * As with markpatrolled, the tokens are not compatible and made that way on purpose. The API requires the POST method and uses a universal token per-session. Since the front-end is all GET based (also per convention like in markpatrolled and rollback) they are stronger salted (title / action specific) * ajax.watch used the API already and was switched in r88554. * The actual watching/unwatching code was moved from WatchAction->onView to WatchAction::doWatch. This was done to allow the API to do the action without needing to generate a token like the front-end needs (or having to duplicate code). It is now similar to RecentChange::markPatrolled (in that it also a "central" function that does not care about tokens, it's called after the token-handling) * JavaScript / Gadgets that utilize action=watch in their scripts: ** Effects should be minimal as they should be using the API (see r88522 and wikitech-l) ** If they use index.php and scrap the link from the page, they can continue to do so. * There are links to the watch action all over the place. I've tried to catch most of them, but there may be some I miss. Migration in most cases is just a matter of adding an array item to the $query for: 'token' => WatchAction::getWatchToken( $title, $user [, $action] ) or changing: Action::factory( 'watch', $article )->execute(); to: WatchAction::doWatch( $title, $user ); While replacing the usages in some cases an instance of Article() no longer had to be created, in others $wgUser had to be retrieved from global (which was implied before but needs to be given directly now) Other notes: * Article->unwatch() and Article->watch(), which were deprecated as of 1.18 and are no longer used in core, may be broken in scenarios where the Request does not have a 'token' but is making a call to $article->watch() * Some extensions need to be fixed, I'm currently running a grep search and will fix them a.s.a.p [1] http://www.mediawiki.org/wiki/ResourceLoader/Default_modules?mw.user#tokens
2011-06-06 00:09:03 +00:00
Return errors from WatchAction Currently, WatchAction::doWatch and WatchAction::doUnwatch return true always. Let's have them return a status object instead. This also cleans up the handling of Status objects in some of the API modules. Change-Id: I9dd9f0fd499c37f29fa12bcdb6142238a1f11e4d
2013-06-13 17:56:29 +00:00
$status = Status::newFatal( 'hookaborted' );
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
if ( Hooks::run( 'WatchArticle', [ &$user, &$page, &$status ] ) ) {
Return errors from WatchAction Currently, WatchAction::doWatch and WatchAction::doUnwatch return true always. Let's have them return a status object instead. This also cleans up the handling of Status objects in some of the API modules. Change-Id: I9dd9f0fd499c37f29fa12bcdb6142238a1f11e4d
2013-06-13 17:56:29 +00:00
$status = Status::newGood();
Add user rights 'viewmywatchlist', 'editmywatchlist' These are needed for OAuth grants. Note that, even if 'editmywatchlist' is not granted, various actions will still allow for adding but not removing of pages. Change-Id: Ie33446a228dd6ed0114730935c1bf65667f5ce01
2013-06-13 18:02:55 +00:00
$user->addWatch( $title, $checkRights );
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
Hooks::run( 'WatchArticleComplete', [ &$user, &$page ] );
WatchAction requires token (BREAKING CHANGE) * (bug 27655) Require token for watching/unwatching pages * Previously done for API (bug 29070) in r88522 * As with markpatrolled, the tokens are not compatible and made that way on purpose. The API requires the POST method and uses a universal token per-session. Since the front-end is all GET based (also per convention like in markpatrolled and rollback) they are stronger salted (title / action specific) * ajax.watch used the API already and was switched in r88554. * The actual watching/unwatching code was moved from WatchAction->onView to WatchAction::doWatch. This was done to allow the API to do the action without needing to generate a token like the front-end needs (or having to duplicate code). It is now similar to RecentChange::markPatrolled (in that it also a "central" function that does not care about tokens, it's called after the token-handling) * JavaScript / Gadgets that utilize action=watch in their scripts: ** Effects should be minimal as they should be using the API (see r88522 and wikitech-l) ** If they use index.php and scrap the link from the page, they can continue to do so. * There are links to the watch action all over the place. I've tried to catch most of them, but there may be some I miss. Migration in most cases is just a matter of adding an array item to the $query for: 'token' => WatchAction::getWatchToken( $title, $user [, $action] ) or changing: Action::factory( 'watch', $article )->execute(); to: WatchAction::doWatch( $title, $user ); While replacing the usages in some cases an instance of Article() no longer had to be created, in others $wgUser had to be retrieved from global (which was implied before but needs to be given directly now) Other notes: * Article->unwatch() and Article->watch(), which were deprecated as of 1.18 and are no longer used in core, may be broken in scenarios where the Request does not have a 'token' but is making a call to $article->watch() * Some extensions need to be fixed, I'm currently running a grep search and will fix them a.s.a.p [1] http://www.mediawiki.org/wiki/ResourceLoader/Default_modules?mw.user#tokens
2011-06-06 00:09:03 +00:00
}
Update formatting Change-Id: I3cbe1f5e48730fbbe57e4b20a0c202edddc93c95
2013-11-14 11:18:26 +00:00
Return errors from WatchAction Currently, WatchAction::doWatch and WatchAction::doUnwatch return true always. Let's have them return a status object instead. This also cleans up the handling of Status objects in some of the API modules. Change-Id: I9dd9f0fd499c37f29fa12bcdb6142238a1f11e4d
2013-06-13 17:56:29 +00:00
return $status;
WatchAction requires token (BREAKING CHANGE) * (bug 27655) Require token for watching/unwatching pages * Previously done for API (bug 29070) in r88522 * As with markpatrolled, the tokens are not compatible and made that way on purpose. The API requires the POST method and uses a universal token per-session. Since the front-end is all GET based (also per convention like in markpatrolled and rollback) they are stronger salted (title / action specific) * ajax.watch used the API already and was switched in r88554. * The actual watching/unwatching code was moved from WatchAction->onView to WatchAction::doWatch. This was done to allow the API to do the action without needing to generate a token like the front-end needs (or having to duplicate code). It is now similar to RecentChange::markPatrolled (in that it also a "central" function that does not care about tokens, it's called after the token-handling) * JavaScript / Gadgets that utilize action=watch in their scripts: ** Effects should be minimal as they should be using the API (see r88522 and wikitech-l) ** If they use index.php and scrap the link from the page, they can continue to do so. * There are links to the watch action all over the place. I've tried to catch most of them, but there may be some I miss. Migration in most cases is just a matter of adding an array item to the $query for: 'token' => WatchAction::getWatchToken( $title, $user [, $action] ) or changing: Action::factory( 'watch', $article )->execute(); to: WatchAction::doWatch( $title, $user ); While replacing the usages in some cases an instance of Article() no longer had to be created, in others $wgUser had to be retrieved from global (which was implied before but needs to be given directly now) Other notes: * Article->unwatch() and Article->watch(), which were deprecated as of 1.18 and are no longer used in core, may be broken in scenarios where the Request does not have a 'token' but is making a call to $article->watch() * Some extensions need to be fixed, I'm currently running a grep search and will fix them a.s.a.p [1] http://www.mediawiki.org/wiki/ResourceLoader/Default_modules?mw.user#tokens
2011-06-06 00:09:03 +00:00
}
Return errors from WatchAction Currently, WatchAction::doWatch and WatchAction::doUnwatch return true always. Let's have them return a status object instead. This also cleans up the handling of Status objects in some of the API modules. Change-Id: I9dd9f0fd499c37f29fa12bcdb6142238a1f11e4d
2013-06-13 17:56:29 +00:00
/**
* Unwatch a page
* @since 1.22 Returns Status
* @param Title $title Page to watch/unwatch
* @param User $user User who is watching/unwatching
* @return Status
*/
Fixed spacing around parenthesis in includes Change-Id: Ie8adc00f4ee8ecec4554e584c18d5d2073415397
2013-04-27 12:02:08 +00:00
public static function doUnwatch( Title $title, User $user ) {
Add user rights 'viewmywatchlist', 'editmywatchlist' These are needed for OAuth grants. Note that, even if 'editmywatchlist' is not granted, various actions will still allow for adding but not removing of pages. Change-Id: Ie33446a228dd6ed0114730935c1bf65667f5ce01
2013-06-13 18:02:55 +00:00
if ( !$user->isAllowed( 'editmywatchlist' ) ) {
return User::newFatalPermissionDeniedStatus( 'editmywatchlist' );
}
Made UnwatchArticle, UnwatchArticleComplete, WatchArticle and WatchArticleComplete pass a WikiPage object instead of Article. There are two extensions (InterwikiIntegration and Syslog) that use these hooks and they don't Article-only methods so they won't break by this change.
2012-01-06 16:28:11 +00:00
$page = WikiPage::factory( $title );
WatchAction requires token (BREAKING CHANGE) * (bug 27655) Require token for watching/unwatching pages * Previously done for API (bug 29070) in r88522 * As with markpatrolled, the tokens are not compatible and made that way on purpose. The API requires the POST method and uses a universal token per-session. Since the front-end is all GET based (also per convention like in markpatrolled and rollback) they are stronger salted (title / action specific) * ajax.watch used the API already and was switched in r88554. * The actual watching/unwatching code was moved from WatchAction->onView to WatchAction::doWatch. This was done to allow the API to do the action without needing to generate a token like the front-end needs (or having to duplicate code). It is now similar to RecentChange::markPatrolled (in that it also a "central" function that does not care about tokens, it's called after the token-handling) * JavaScript / Gadgets that utilize action=watch in their scripts: ** Effects should be minimal as they should be using the API (see r88522 and wikitech-l) ** If they use index.php and scrap the link from the page, they can continue to do so. * There are links to the watch action all over the place. I've tried to catch most of them, but there may be some I miss. Migration in most cases is just a matter of adding an array item to the $query for: 'token' => WatchAction::getWatchToken( $title, $user [, $action] ) or changing: Action::factory( 'watch', $article )->execute(); to: WatchAction::doWatch( $title, $user ); While replacing the usages in some cases an instance of Article() no longer had to be created, in others $wgUser had to be retrieved from global (which was implied before but needs to be given directly now) Other notes: * Article->unwatch() and Article->watch(), which were deprecated as of 1.18 and are no longer used in core, may be broken in scenarios where the Request does not have a 'token' but is making a call to $article->watch() * Some extensions need to be fixed, I'm currently running a grep search and will fix them a.s.a.p [1] http://www.mediawiki.org/wiki/ResourceLoader/Default_modules?mw.user#tokens
2011-06-06 00:09:03 +00:00
Return errors from WatchAction Currently, WatchAction::doWatch and WatchAction::doUnwatch return true always. Let's have them return a status object instead. This also cleans up the handling of Status objects in some of the API modules. Change-Id: I9dd9f0fd499c37f29fa12bcdb6142238a1f11e4d
2013-06-13 17:56:29 +00:00
$status = Status::newFatal( 'hookaborted' );
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
if ( Hooks::run( 'UnwatchArticle', [ &$user, &$page, &$status ] ) ) {
Return errors from WatchAction Currently, WatchAction::doWatch and WatchAction::doUnwatch return true always. Let's have them return a status object instead. This also cleans up the handling of Status objects in some of the API modules. Change-Id: I9dd9f0fd499c37f29fa12bcdb6142238a1f11e4d
2013-06-13 17:56:29 +00:00
$status = Status::newGood();
WatchAction requires token (BREAKING CHANGE) * (bug 27655) Require token for watching/unwatching pages * Previously done for API (bug 29070) in r88522 * As with markpatrolled, the tokens are not compatible and made that way on purpose. The API requires the POST method and uses a universal token per-session. Since the front-end is all GET based (also per convention like in markpatrolled and rollback) they are stronger salted (title / action specific) * ajax.watch used the API already and was switched in r88554. * The actual watching/unwatching code was moved from WatchAction->onView to WatchAction::doWatch. This was done to allow the API to do the action without needing to generate a token like the front-end needs (or having to duplicate code). It is now similar to RecentChange::markPatrolled (in that it also a "central" function that does not care about tokens, it's called after the token-handling) * JavaScript / Gadgets that utilize action=watch in their scripts: ** Effects should be minimal as they should be using the API (see r88522 and wikitech-l) ** If they use index.php and scrap the link from the page, they can continue to do so. * There are links to the watch action all over the place. I've tried to catch most of them, but there may be some I miss. Migration in most cases is just a matter of adding an array item to the $query for: 'token' => WatchAction::getWatchToken( $title, $user [, $action] ) or changing: Action::factory( 'watch', $article )->execute(); to: WatchAction::doWatch( $title, $user ); While replacing the usages in some cases an instance of Article() no longer had to be created, in others $wgUser had to be retrieved from global (which was implied before but needs to be given directly now) Other notes: * Article->unwatch() and Article->watch(), which were deprecated as of 1.18 and are no longer used in core, may be broken in scenarios where the Request does not have a 'token' but is making a call to $article->watch() * Some extensions need to be fixed, I'm currently running a grep search and will fix them a.s.a.p [1] http://www.mediawiki.org/wiki/ResourceLoader/Default_modules?mw.user#tokens
2011-06-06 00:09:03 +00:00
$user->removeWatch( $title );
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
Hooks::run( 'UnwatchArticleComplete', [ &$user, &$page ] );
WatchAction requires token (BREAKING CHANGE) * (bug 27655) Require token for watching/unwatching pages * Previously done for API (bug 29070) in r88522 * As with markpatrolled, the tokens are not compatible and made that way on purpose. The API requires the POST method and uses a universal token per-session. Since the front-end is all GET based (also per convention like in markpatrolled and rollback) they are stronger salted (title / action specific) * ajax.watch used the API already and was switched in r88554. * The actual watching/unwatching code was moved from WatchAction->onView to WatchAction::doWatch. This was done to allow the API to do the action without needing to generate a token like the front-end needs (or having to duplicate code). It is now similar to RecentChange::markPatrolled (in that it also a "central" function that does not care about tokens, it's called after the token-handling) * JavaScript / Gadgets that utilize action=watch in their scripts: ** Effects should be minimal as they should be using the API (see r88522 and wikitech-l) ** If they use index.php and scrap the link from the page, they can continue to do so. * There are links to the watch action all over the place. I've tried to catch most of them, but there may be some I miss. Migration in most cases is just a matter of adding an array item to the $query for: 'token' => WatchAction::getWatchToken( $title, $user [, $action] ) or changing: Action::factory( 'watch', $article )->execute(); to: WatchAction::doWatch( $title, $user ); While replacing the usages in some cases an instance of Article() no longer had to be created, in others $wgUser had to be retrieved from global (which was implied before but needs to be given directly now) Other notes: * Article->unwatch() and Article->watch(), which were deprecated as of 1.18 and are no longer used in core, may be broken in scenarios where the Request does not have a 'token' but is making a call to $article->watch() * Some extensions need to be fixed, I'm currently running a grep search and will fix them a.s.a.p [1] http://www.mediawiki.org/wiki/ResourceLoader/Default_modules?mw.user#tokens
2011-06-06 00:09:03 +00:00
}
Update formatting Change-Id: I3cbe1f5e48730fbbe57e4b20a0c202edddc93c95
2013-11-14 11:18:26 +00:00
Return errors from WatchAction Currently, WatchAction::doWatch and WatchAction::doUnwatch return true always. Let's have them return a status object instead. This also cleans up the handling of Status objects in some of the API modules. Change-Id: I9dd9f0fd499c37f29fa12bcdb6142238a1f11e4d
2013-06-13 17:56:29 +00:00
return $status;
WatchAction requires token (BREAKING CHANGE) * (bug 27655) Require token for watching/unwatching pages * Previously done for API (bug 29070) in r88522 * As with markpatrolled, the tokens are not compatible and made that way on purpose. The API requires the POST method and uses a universal token per-session. Since the front-end is all GET based (also per convention like in markpatrolled and rollback) they are stronger salted (title / action specific) * ajax.watch used the API already and was switched in r88554. * The actual watching/unwatching code was moved from WatchAction->onView to WatchAction::doWatch. This was done to allow the API to do the action without needing to generate a token like the front-end needs (or having to duplicate code). It is now similar to RecentChange::markPatrolled (in that it also a "central" function that does not care about tokens, it's called after the token-handling) * JavaScript / Gadgets that utilize action=watch in their scripts: ** Effects should be minimal as they should be using the API (see r88522 and wikitech-l) ** If they use index.php and scrap the link from the page, they can continue to do so. * There are links to the watch action all over the place. I've tried to catch most of them, but there may be some I miss. Migration in most cases is just a matter of adding an array item to the $query for: 'token' => WatchAction::getWatchToken( $title, $user [, $action] ) or changing: Action::factory( 'watch', $article )->execute(); to: WatchAction::doWatch( $title, $user ); While replacing the usages in some cases an instance of Article() no longer had to be created, in others $wgUser had to be retrieved from global (which was implied before but needs to be given directly now) Other notes: * Article->unwatch() and Article->watch(), which were deprecated as of 1.18 and are no longer used in core, may be broken in scenarios where the Request does not have a 'token' but is making a call to $article->watch() * Some extensions need to be fixed, I'm currently running a grep search and will fix them a.s.a.p [1] http://www.mediawiki.org/wiki/ResourceLoader/Default_modules?mw.user#tokens
2011-06-06 00:09:03 +00:00
}
/**
* Get token to watch (or unwatch) a page for a user
*
* @param Title $title Title object of page to watch
Fix doxygen docs before REL1_19 branching
2012-02-01 20:53:38 +00:00
* @param User $user User for whom the action is going to be performed
WatchAction requires token (BREAKING CHANGE) * (bug 27655) Require token for watching/unwatching pages * Previously done for API (bug 29070) in r88522 * As with markpatrolled, the tokens are not compatible and made that way on purpose. The API requires the POST method and uses a universal token per-session. Since the front-end is all GET based (also per convention like in markpatrolled and rollback) they are stronger salted (title / action specific) * ajax.watch used the API already and was switched in r88554. * The actual watching/unwatching code was moved from WatchAction->onView to WatchAction::doWatch. This was done to allow the API to do the action without needing to generate a token like the front-end needs (or having to duplicate code). It is now similar to RecentChange::markPatrolled (in that it also a "central" function that does not care about tokens, it's called after the token-handling) * JavaScript / Gadgets that utilize action=watch in their scripts: ** Effects should be minimal as they should be using the API (see r88522 and wikitech-l) ** If they use index.php and scrap the link from the page, they can continue to do so. * There are links to the watch action all over the place. I've tried to catch most of them, but there may be some I miss. Migration in most cases is just a matter of adding an array item to the $query for: 'token' => WatchAction::getWatchToken( $title, $user [, $action] ) or changing: Action::factory( 'watch', $article )->execute(); to: WatchAction::doWatch( $title, $user ); While replacing the usages in some cases an instance of Article() no longer had to be created, in others $wgUser had to be retrieved from global (which was implied before but needs to be given directly now) Other notes: * Article->unwatch() and Article->watch(), which were deprecated as of 1.18 and are no longer used in core, may be broken in scenarios where the Request does not have a 'token' but is making a call to $article->watch() * Some extensions need to be fixed, I'm currently running a grep search and will fix them a.s.a.p [1] http://www.mediawiki.org/wiki/ResourceLoader/Default_modules?mw.user#tokens
2011-06-06 00:09:03 +00:00
* @param string $action Optionally override the action to 'unwatch'
* @return string Token
Update code comments that point to 1.18 to point to 1.19
2011-07-18 23:01:08 +00:00
* @since 1.18
WatchAction requires token (BREAKING CHANGE) * (bug 27655) Require token for watching/unwatching pages * Previously done for API (bug 29070) in r88522 * As with markpatrolled, the tokens are not compatible and made that way on purpose. The API requires the POST method and uses a universal token per-session. Since the front-end is all GET based (also per convention like in markpatrolled and rollback) they are stronger salted (title / action specific) * ajax.watch used the API already and was switched in r88554. * The actual watching/unwatching code was moved from WatchAction->onView to WatchAction::doWatch. This was done to allow the API to do the action without needing to generate a token like the front-end needs (or having to duplicate code). It is now similar to RecentChange::markPatrolled (in that it also a "central" function that does not care about tokens, it's called after the token-handling) * JavaScript / Gadgets that utilize action=watch in their scripts: ** Effects should be minimal as they should be using the API (see r88522 and wikitech-l) ** If they use index.php and scrap the link from the page, they can continue to do so. * There are links to the watch action all over the place. I've tried to catch most of them, but there may be some I miss. Migration in most cases is just a matter of adding an array item to the $query for: 'token' => WatchAction::getWatchToken( $title, $user [, $action] ) or changing: Action::factory( 'watch', $article )->execute(); to: WatchAction::doWatch( $title, $user ); While replacing the usages in some cases an instance of Article() no longer had to be created, in others $wgUser had to be retrieved from global (which was implied before but needs to be given directly now) Other notes: * Article->unwatch() and Article->watch(), which were deprecated as of 1.18 and are no longer used in core, may be broken in scenarios where the Request does not have a 'token' but is making a call to $article->watch() * Some extensions need to be fixed, I'm currently running a grep search and will fix them a.s.a.p [1] http://www.mediawiki.org/wiki/ResourceLoader/Default_modules?mw.user#tokens
2011-06-06 00:09:03 +00:00
*/
public static function getWatchToken( Title $title, User $user, $action = 'watch' ) {
if ( $action != 'unwatch' ) {
$action = 'watch';
}
WatchAction: Require POST for index.php action=watch The GET variant was already rarely used because our frontend enchances these links with a click handler that uses AJAX to make a POST request to the API. The index.php url, nor its token, were used for the majority of users. Simplify this by stripping the 'token' query from these urls and requiring a POST request for index.php?action=watch and unwatch. * FormAction: Actually set a proper '<form action>' instead of letting HTMLForm default to a confusing title path (e.g. /wiki/Pagename). Article path should not be used for POST requests. * WatchAction: Group all FormAction-related methods together. * WatchAction: Make token consistent with other actions now that it is POST-only (no "stronger" salt containing the page title). * Remove ununsed mediawiki.page.startup dependency from mediawiki.page.watch.ajax. * WatchAction: If accessed over GET directly (e.g. for users without javascript) display a confirmation form that submits the token. Similar to PurgeAction. Change-Id: I504f457e68a133bcfc418cff13b838080fec1008
2015-09-28 21:32:45 +00:00
// Match ApiWatch and ResourceLoaderUserTokensModule
return $user->getEditToken( $action );
WatchAction requires token (BREAKING CHANGE) * (bug 27655) Require token for watching/unwatching pages * Previously done for API (bug 29070) in r88522 * As with markpatrolled, the tokens are not compatible and made that way on purpose. The API requires the POST method and uses a universal token per-session. Since the front-end is all GET based (also per convention like in markpatrolled and rollback) they are stronger salted (title / action specific) * ajax.watch used the API already and was switched in r88554. * The actual watching/unwatching code was moved from WatchAction->onView to WatchAction::doWatch. This was done to allow the API to do the action without needing to generate a token like the front-end needs (or having to duplicate code). It is now similar to RecentChange::markPatrolled (in that it also a "central" function that does not care about tokens, it's called after the token-handling) * JavaScript / Gadgets that utilize action=watch in their scripts: ** Effects should be minimal as they should be using the API (see r88522 and wikitech-l) ** If they use index.php and scrap the link from the page, they can continue to do so. * There are links to the watch action all over the place. I've tried to catch most of them, but there may be some I miss. Migration in most cases is just a matter of adding an array item to the $query for: 'token' => WatchAction::getWatchToken( $title, $user [, $action] ) or changing: Action::factory( 'watch', $article )->execute(); to: WatchAction::doWatch( $title, $user ); While replacing the usages in some cases an instance of Article() no longer had to be created, in others $wgUser had to be retrieved from global (which was implied before but needs to be given directly now) Other notes: * Article->unwatch() and Article->watch(), which were deprecated as of 1.18 and are no longer used in core, may be broken in scenarios where the Request does not have a 'token' but is making a call to $article->watch() * Some extensions need to be fixed, I'm currently running a grep search and will fix them a.s.a.p [1] http://www.mediawiki.org/wiki/ResourceLoader/Default_modules?mw.user#tokens
2011-06-06 00:09:03 +00:00
}
Distinguish read vs write mode Action classes Bug: T123589 Change-Id: I3c8fab646d3bb8cd468e5b60c27f3c5d43f9f97c
2016-01-14 00:06:06 +00:00
public function doesWrites() {
return true;
}
r86001, now with less scariness :P I took out the delete action and did purge instead, which is a much more self-contained action-with-a-form. Also implement a few changes suggested by Brion on IRC last night.
2011-04-14 10:38:29 +00:00
}
Reference in a new issue Copy permalink