* (bug 11346) Prevent users who cannot edit a page from changing its restrictions.
This commit is contained in:
Andrew Garrett
parent
c1e259c8d7
commit
a94424d59c
5 changed files with 18 additions and 19 deletions
|
|
@ -202,6 +202,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
|
|||
* namespaceDupes.php no longer dies when coming across an illegal title
|
||||
* (bug 12143) Do not show a link to patrol new pages for non existent pages
|
||||
* (bug 12166) Fix XHTML validity for Special:Emailuser
|
||||
* (bug 11346) Users who cannot edit a page can now no longer unprotect it.
|
||||
|
||||
== Parser changes in 1.12 ==
|
||||
|
||||
|
|
|
|||
|
|
@ -1709,7 +1709,7 @@ class Article {
|
|||
global $wgUser, $wgRestrictionTypes, $wgContLang;
|
||||
|
||||
$id = $this->mTitle->getArticleID();
|
||||
if( !$wgUser->isAllowed( 'protect' ) || wfReadOnly() || $id == 0 ) {
|
||||
if( array() != $this->mTitle->getUserPermissionsErrors( 'protect', $wgUser ) || wfReadOnly() || $id == 0 ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@ class ProtectionForm {
|
|||
var $mReason = '';
|
||||
var $mCascade = false;
|
||||
var $mExpiry = null;
|
||||
var $mPermErrors = array();
|
||||
|
||||
function __construct( &$article ) {
|
||||
global $wgRequest, $wgUser;
|
||||
|
|
@ -56,7 +57,7 @@ class ProtectionForm {
|
|||
}
|
||||
|
||||
// The form will be available in read-only to show levels.
|
||||
$this->disabled = !$wgUser->isAllowed( 'protect' ) || wfReadOnly() || $wgUser->isBlocked();
|
||||
$this->disabled = ($this->mPermErrors = $this->mTitle->getUserPermissionsErrors('protect',$wgUser)) != array();
|
||||
$this->disabledAttrib = $this->disabled
|
||||
? array( 'disabled' => 'disabled' )
|
||||
: array();
|
||||
|
|
@ -125,22 +126,11 @@ class ProtectionForm {
|
|||
# Show an appropriate message if the user isn't allowed or able to change
|
||||
# the protection settings at this time
|
||||
if( $this->disabled ) {
|
||||
if( $wgUser->isAllowed( 'protect' ) ) {
|
||||
if( $wgUser->isBlocked() ) {
|
||||
# Blocked
|
||||
$message = 'protect-locked-blocked';
|
||||
} else {
|
||||
# Database lock
|
||||
$message = 'protect-locked-dblock';
|
||||
}
|
||||
} else {
|
||||
# Permission error
|
||||
$message = 'protect-locked-access';
|
||||
}
|
||||
$message = $wgOut->formatPermissionsErrorMessage( $this->mPermErrors );
|
||||
} else {
|
||||
$message = 'protect-text';
|
||||
$message = wfMsg( 'protect-text', wfEscapeWikiText( $this->mTitle->getPrefixedText() ) );
|
||||
}
|
||||
$wgOut->addWikiText( wfMsg( $message, wfEscapeWikiText( $this->mTitle->getPrefixedText() ) ) );
|
||||
$wgOut->addWikiText( $message );
|
||||
|
||||
$wgOut->addHTML( $this->buildForm() );
|
||||
|
||||
|
|
@ -394,4 +384,4 @@ class ProtectionForm {
|
|||
$logViewer->showList( $out );
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1188,6 +1188,13 @@ class Title {
|
|||
}
|
||||
}
|
||||
|
||||
if ($action == 'protect')
|
||||
{
|
||||
if ($this->getUserPermissionsErrors('edit', $user) != array()) {
|
||||
$errors[] = array( 'protect-cantedit' ); // If they can't edit, they shouldn't protect.
|
||||
}
|
||||
}
|
||||
|
||||
if( $action == 'create' ) {
|
||||
if( ( $this->isTalkPage() && !$user->isAllowed( 'createtalk' ) ) ||
|
||||
( !$this->isTalkPage() && !$user->isAllowed( 'createpage' ) ) ) {
|
||||
|
|
@ -1195,9 +1202,9 @@ class Title {
|
|||
}
|
||||
} elseif( $action == 'move' && !( $this->isMovable() && $user->isAllowed( 'move' ) ) ) {
|
||||
$errors[] = $user->isAnon() ? array ( 'movenologintext' ) : array ('movenotallowed');
|
||||
} else if ( !$user->isAllowed( $action ) ) {
|
||||
} else if ( !$user->isAllowed( $action ) ) {
|
||||
$return = null;
|
||||
$groups = array();
|
||||
$groups = array();
|
||||
global $wgGroupPermissions;
|
||||
foreach( $wgGroupPermissions as $key => $value ) {
|
||||
if( isset( $value[$action] ) && $value[$action] == true ) {
|
||||
|
|
|
|||
|
|
@ -1941,6 +1941,7 @@ Here are the current settings for the page <strong>$1</strong>:',
|
|||
'protect-summary-cascade' => 'cascading',
|
||||
'protect-expiring' => 'expires $1 (UTC)',
|
||||
'protect-cascade' => 'Protect pages included in this page (cascading protection)',
|
||||
'protect-cantedit' => 'You cannot change the protection levels of this page, because you do not have permission to edit it.',
|
||||
'restriction-type' => 'Permission:',
|
||||
'restriction-level' => 'Restriction level:',
|
||||
'minimum-size' => 'Min size',
|
||||
|
|
|
|||
Loading…
Reference in a new issue