Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

logging: Abstract LogPager enforcing of action and performer restrictions

Browse source 
This avoids duplicating the code in the future, such as proposed for
I3ea2c050b6dd6c (T16711).

Change-Id: Ic53b074f542014f156b006864d91a138ba5fb22b
This commit is contained in:
cenarium 2016-01-25 22:35:22 +01:00 committed by Timo Tijhof
parent 9d6cdbce20
commit ce881e02e8
1 changed files with 43 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

59
includes/logging/LogPager.php
View file

@ -45,6 +45,12 @@ class LogPager extends ReverseChronologicalPager {
/** @var string */
private $action = '';
/** @var bool */
private $performerRestrictionsEnforced = false;
/** @var bool */
private $actionRestrictionsEnforced = false;
/** @var LogEventsList */
public $mLogEventsList;
@ -177,14 +183,7 @@ class LogPager extends ReverseChronologicalPager {
} else {
$this->mConds['log_user'] = $userid;
}
// Paranoia: avoid brute force searches (T19342)
$user = $this->getUser();
if ( !$user->isAllowed( 'deletedhistory' ) ) {
$this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_USER ) . ' = 0';
} elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
$this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_USER ) .
' != ' . LogPage::SUPPRESSED_USER;
}
$this->enforcePerformerRestrictions();
$this->performer = $name;
}
@ -252,14 +251,7 @@ class LogPager extends ReverseChronologicalPager {
} else {
$this->mConds['log_title'] = $title->getDBkey();
}
// Paranoia: avoid brute force searches (T19342)
$user = $this->getUser();
if ( !$user->isAllowed( 'deletedhistory' ) ) {
$this->mConds[] = $db->bitAnd( 'log_deleted', LogPage::DELETED_ACTION ) . ' = 0';
} elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
$this->mConds[] = $db->bitAnd( 'log_deleted', LogPage::SUPPRESSED_ACTION ) .
' != ' . LogPage::SUPPRESSED_ACTION;
}
$this->enforceActionRestrictions();
}
/**
@ -420,4 +412,39 @@ class LogPager extends ReverseChronologicalPager {
parent::doQuery();
$this->mDb->setBigSelects( 'default' );
}
/**
* Paranoia: avoid brute force searches (T19342)
*/
private function enforceActionRestrictions() {
if ( $this->actionRestrictionsEnforced ) {
return;
}
$this->actionRestrictionsEnforced = true;
$user = $this->getUser();
if ( !$user->isAllowed( 'deletedhistory' ) ) {
$this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_USER ) . ' = 0';
} elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
$this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_USER ) .
' != ' . LogPage::SUPPRESSED_USER;
}
}
/**
* Paranoia: avoid brute force searches (T19342)
*/
private function enforcePerformerRestrictions() {
// Same as enforceActionRestrictions(), except for _USER instead of _ACTION bits.
if ( $this->performerRestrictionsEnforced ) {
return;
}
$this->performerRestrictionsEnforced = true;
$user = $this->getUser();
if ( !$user->isAllowed( 'deletedhistory' ) ) {
$this->mConds[] = $db->bitAnd( 'log_deleted', LogPage::DELETED_ACTION ) . ' = 0';
} elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
$this->mConds[] = $db->bitAnd( 'log_deleted', LogPage::SUPPRESSED_ACTION ) .
' != ' . LogPage::SUPPRESSED_ACTION;
}
}
}