Helps bot operators adhere to the principle of least privileges.
Grants can now be restricted to allow editing (and other write
operations) for upto 25 listed pages. The page IDs are persisted within
the bp_restrictions field of bot_passwords table, and in the session
metadata.
This restriction is checked only as part of expensive checks in
PermissionManager, since they are not applicable for UI actions.
Bug: T349957
Change-Id: I3d228eb97664d040a160c5b742d9176fdfae9a43
Earlier, loadDataFromRequest() returned MWRestrictions object only in
case of valid input, and the original string if invalid. Now, an
MWRestrictions object is returned in all cases, on which we now have a
validity field. This also de-duplicates the check to find the invalid IP
address(es).
Bug: T349957
Change-Id: Iadb762b572cf0e7d2b92dbc4912804a3ddb48e74
2023-11-23 16:01:50 +00:00
Renamed from tests/phpunit/includes/htmlform/HTMLRestrictionsFieldTest.php (Browse further)
