bc6f7e4bdc
Ideally, only User associated with the global request should be associated with UserAuthority. For a random user instance, not the current performer, checking permissions should be based solely on user groups and perhaps an existing block. Right now however, PermissionManager is coupled with global request, so we still instantiate a UserAuthority for non-current users. This mimics the behaviour we've had before. As we refactor PermissionManager, we will be able to replace Authority implementation in this case, or even entirely prohibit non-performer authority. Bug: T271459 Depends-On: Iebf2dca34eea751391d9740443c195287399aa5c Change-Id: Ib094e498fd883db23f2763f171281b1c9e99217e
231 lines
6.2 KiB
PHP
231 lines
6.2 KiB
PHP
<?php
|
|
|
|
/**
|
|
* Tests for MediaWiki api.php?action=delete.
|
|
*
|
|
* @author Yifei He
|
|
*
|
|
* @group API
|
|
* @group Database
|
|
* @group medium
|
|
*
|
|
* @covers ApiDelete
|
|
*/
|
|
class ApiDeleteTest extends ApiTestCase {
|
|
|
|
protected function setUp() : void {
|
|
parent::setUp();
|
|
$this->tablesUsed = array_merge(
|
|
$this->tablesUsed,
|
|
[ 'change_tag', 'change_tag_def', 'logging', 'watchlist', 'watchlist_expiry' ]
|
|
);
|
|
|
|
$this->setMwGlobals( [
|
|
'wgWatchlistExpiry' => true,
|
|
] );
|
|
}
|
|
|
|
public function testDelete() {
|
|
$name = 'Help:' . ucfirst( __FUNCTION__ );
|
|
|
|
// create new page
|
|
$this->editPage( $name, 'Some text' );
|
|
|
|
// test deletion
|
|
$apiResult = $this->doApiRequestWithToken( [
|
|
'action' => 'delete',
|
|
'title' => $name,
|
|
] )[0];
|
|
|
|
$this->assertArrayHasKey( 'delete', $apiResult );
|
|
$this->assertArrayHasKey( 'title', $apiResult['delete'] );
|
|
$this->assertSame( $name, $apiResult['delete']['title'] );
|
|
$this->assertArrayHasKey( 'logid', $apiResult['delete'] );
|
|
|
|
$this->assertFalse( Title::newFromText( $name )->exists() );
|
|
}
|
|
|
|
public function testBatchedDelete() {
|
|
$this->setMwGlobals( 'wgDeleteRevisionsBatchSize', 1 );
|
|
|
|
$name = 'Help:' . ucfirst( __FUNCTION__ );
|
|
for ( $i = 1; $i <= 3; $i++ ) {
|
|
$this->editPage( $name, "Revision $i" );
|
|
}
|
|
|
|
$apiResult = $this->doApiRequestWithToken( [
|
|
'action' => 'delete',
|
|
'title' => $name,
|
|
] )[0];
|
|
|
|
$this->assertArrayHasKey( 'delete', $apiResult );
|
|
$this->assertArrayHasKey( 'title', $apiResult['delete'] );
|
|
$this->assertSame( $name, $apiResult['delete']['title'] );
|
|
$this->assertArrayHasKey( 'scheduled', $apiResult['delete'] );
|
|
$this->assertTrue( $apiResult['delete']['scheduled'] );
|
|
$this->assertArrayNotHasKey( 'logid', $apiResult['delete'] );
|
|
|
|
// Run the jobs
|
|
JobQueueGroup::destroySingletons();
|
|
$jobs = new RunJobs;
|
|
$jobs->loadParamsAndArgs( null, [ 'quiet' => true ], null );
|
|
$jobs->execute();
|
|
|
|
$this->assertFalse( Title::newFromText( $name )->exists( Title::READ_LATEST ) );
|
|
}
|
|
|
|
public function testDeleteNonexistent() {
|
|
$this->expectException( ApiUsageException::class );
|
|
$this->expectExceptionMessage( "The page you specified doesn't exist." );
|
|
|
|
$this->doApiRequestWithToken( [
|
|
'action' => 'delete',
|
|
'title' => 'This page deliberately left nonexistent',
|
|
] );
|
|
}
|
|
|
|
public function testDeletionWithoutPermission() {
|
|
$this->expectException( ApiUsageException::class );
|
|
$this->expectExceptionMessage(
|
|
// Two error messages are possible depending on the number of groups in the wiki with deletion rights:
|
|
// - The action you have requested is limited to users in the group:
|
|
// - The action you have requested is limited to users in one of the groups:
|
|
'The action you have requested is limited to users in'
|
|
);
|
|
|
|
$name = 'Help:' . ucfirst( __FUNCTION__ );
|
|
|
|
// create new page
|
|
$this->editPage( $name, 'Some text' );
|
|
|
|
// test deletion without permission
|
|
try {
|
|
$user = new User();
|
|
$apiResult = $this->doApiRequest( [
|
|
'action' => 'delete',
|
|
'title' => $name,
|
|
'token' => $user->getEditToken(),
|
|
], null, null, $user );
|
|
} finally {
|
|
$this->assertTrue( Title::newFromText( $name )->exists() );
|
|
}
|
|
}
|
|
|
|
public function testDeleteWithTag() {
|
|
$name = 'Help:' . ucfirst( __FUNCTION__ );
|
|
|
|
ChangeTags::defineTag( 'custom tag' );
|
|
|
|
$this->editPage( $name, 'Some text' );
|
|
|
|
$this->doApiRequestWithToken( [
|
|
'action' => 'delete',
|
|
'title' => $name,
|
|
'tags' => 'custom tag',
|
|
] );
|
|
|
|
$this->assertFalse( Title::newFromText( $name )->exists() );
|
|
|
|
$dbw = wfGetDB( DB_MASTER );
|
|
$this->assertSame( 'custom tag', $dbw->selectField(
|
|
[ 'change_tag', 'logging', 'change_tag_def' ],
|
|
'ctd_name',
|
|
[
|
|
'log_namespace' => NS_HELP,
|
|
'log_title' => ucfirst( __FUNCTION__ ),
|
|
],
|
|
__METHOD__,
|
|
[],
|
|
[
|
|
'change_tag' => [ 'JOIN', 'ct_log_id = log_id' ],
|
|
'change_tag_def' => [ 'JOIN', 'ctd_id = ct_tag_id' ]
|
|
]
|
|
) );
|
|
}
|
|
|
|
public function testDeleteWithoutTagPermission() {
|
|
$this->expectException( ApiUsageException::class );
|
|
$this->expectExceptionMessage(
|
|
'You do not have permission to apply change tags along with your changes.'
|
|
);
|
|
|
|
$name = 'Help:' . ucfirst( __FUNCTION__ );
|
|
|
|
ChangeTags::defineTag( 'custom tag' );
|
|
$this->setMwGlobals( 'wgRevokePermissions',
|
|
[ 'user' => [ 'applychangetags' => true ] ] );
|
|
|
|
$this->editPage( $name, 'Some text' );
|
|
|
|
try {
|
|
$this->doApiRequestWithToken( [
|
|
'action' => 'delete',
|
|
'title' => $name,
|
|
'tags' => 'custom tag',
|
|
] );
|
|
} finally {
|
|
$this->assertTrue( Title::newFromText( $name )->exists() );
|
|
}
|
|
}
|
|
|
|
public function testDeleteAbortedByHook() {
|
|
$this->expectException( ApiUsageException::class );
|
|
$this->expectExceptionMessage( 'Deletion aborted by hook. It gave no explanation.' );
|
|
|
|
$name = 'Help:' . ucfirst( __FUNCTION__ );
|
|
|
|
$this->editPage( $name, 'Some text' );
|
|
|
|
$this->setTemporaryHook( 'ArticleDelete',
|
|
function () {
|
|
return false;
|
|
}
|
|
);
|
|
|
|
try {
|
|
$this->doApiRequestWithToken( [ 'action' => 'delete', 'title' => $name ] );
|
|
} finally {
|
|
$this->assertTrue( Title::newFromText( $name )->exists() );
|
|
}
|
|
}
|
|
|
|
public function testDeleteWatch() {
|
|
$name = 'Help:' . ucfirst( __FUNCTION__ );
|
|
$user = self::$users['sysop']->getUser();
|
|
|
|
$this->editPage( $name, 'Some text' );
|
|
$this->assertTrue( Title::newFromText( $name )->exists() );
|
|
$this->assertFalse( $user->isWatched( Title::newFromText( $name ) ) );
|
|
|
|
$this->doApiRequestWithToken( [
|
|
'action' => 'delete',
|
|
'title' => $name,
|
|
'watch' => '',
|
|
'watchlistexpiry' => '99990123000000',
|
|
] );
|
|
|
|
$title = Title::newFromText( $name );
|
|
$this->assertFalse( $title->exists() );
|
|
$this->assertTrue( $user->isWatched( $title ) );
|
|
$this->assertTrue( $user->isTempWatched( $title ) );
|
|
}
|
|
|
|
public function testDeleteUnwatch() {
|
|
$name = 'Help:' . ucfirst( __FUNCTION__ );
|
|
$user = $this->getTestSysop()->getUser();
|
|
|
|
$this->editPage( $name, 'Some text' );
|
|
$this->assertTrue( Title::newFromText( $name )->exists() );
|
|
$user->addWatch( Title::newFromText( $name ) );
|
|
$this->assertTrue( $user->isWatched( Title::newFromText( $name ) ) );
|
|
|
|
$this->doApiRequestWithToken( [
|
|
'action' => 'delete',
|
|
'title' => $name,
|
|
'watchlist' => 'unwatch',
|
|
] );
|
|
|
|
$this->assertFalse( Title::newFromText( $name )->exists() );
|
|
$this->assertFalse( $user->isWatched( Title::newFromText( $name ) ) );
|
|
}
|
|
}
|