Do not allow a user to delete a page they can't edit

This was probably overlooked in the past because usually the only users who can delete pages also have permission to edit the relevant protection levels. Change-Id: Ibe28a69c9fbab00b81c53b1643df722a3f1fbf19
2014-08-10 21:23:28 +01:00 · 2014-08-10 21:23:28 +01:00 · 002a277901
commit 002a277901
parent 78f56b0753
4 changed files with 12 additions and 0 deletions
--- a/includes/Title.php
+++ b/includes/Title.php
@ -2258,6 +2258,12 @@ class Title {
 				$errors[] = array( 'immobile-target-page' );
 			}
 		} elseif ( $action == 'delete' ) {
+			if ( count( $this->getUserPermissionsErrorsInternal( 'edit',
+				$user, $doExpensiveQueries, true ) )
+			) {
+				// If they can't edit, they shouldn't delete.
+				$errors[] = array( 'delete-cantedit' );
+			}
 			if ( $doExpensiveQueries && $wgDeleteRevisionsLimit
 				&& !$this->userCan( 'bigdelete', $user ) && $this->isBigDeletion()
 			) {
--- a/includes/api/ApiBase.php
+++ b/includes/api/ApiBase.php
@ -1411,6 +1411,10 @@ abstract class ApiBase extends ContextSource {
 			'code' => 'cantedit',
 			'info' => "You can't protect this page because you can't edit it"
 		),
+		'delete-cantedit' => array(
+			'code' => 'cantedit',
+			'info' => "You can't delete this page because you can't edit it"
+		),
 		'badaccess-group0' => array(
 			'code' => 'permissiondenied',
 			'info' => "Permission denied"
--- a/languages/i18n/en.json
+++ b/languages/i18n/en.json
@ -1876,6 +1876,7 @@
 	"delete-edit-reasonlist": "Edit deletion reasons",
 	"delete-toobig": "This page has a large edit history, over $1 {{PLURAL:$1|revision|revisions}}.\nDeletion of such pages has been restricted to prevent accidental disruption of {{SITENAME}}.",
 	"delete-warning-toobig": "This page has a large edit history, over $1 {{PLURAL:$1|revision|revisions}}.\nDeleting it may disrupt database operations of {{SITENAME}};\nproceed with caution.",
+	"delete-cantedit": "You cannot delete this page because you do not have permission to edit it.",
 	"deleting-backlinks-warning": "'''Warning:''' [[Special:WhatLinksHere/{{FULLPAGENAME}}|Other pages]] link to or transclude the page you are about to delete.",
 	"rollback": "Roll back edits",
 	"rollback_short": "Rollback",
--- a/languages/i18n/qqq.json
+++ b/languages/i18n/qqq.json
@ -2038,6 +2038,7 @@
 	"delete-edit-reasonlist": "Shown beneath the page deletion form on the right side. It is a link to {{msg-mw|Deletereason-dropdown|notext=1}}.\n\nSee also:\n* {{msg-mw|Ipb-edit-dropdown}}\n* {{msg-mw|Protect-edit-reasonlist}}.\n{{Identical|Edit delete reasons}}",
 	"delete-toobig": "Parameters:\n* $1 - the upper limit of number of revisions\nSee also:\n* {{msg-mw|Delete-warning-toobig}}",
 	"delete-warning-toobig": "Parameters:\n* $1 - the upper limit of number of revisions\nSee also:\n* {{msg-mw|Delete-toobig}}",
+	"delete-cantedit": "Used as error message when deleting the page.",
 	"deleting-backlinks-warning": "A warning shown when a page that is being deleted has at least one link to it or is transcluded in at least one page.",
 	"rollback": "{{Identical|Rollback}}",
 	"rollback_short": "{{Identical|Rollback}}",