MediaWiki r35399 - Code Review

Jump to: navigation, search
Repository:MediaWiki
Revision:r35398‎ | r35399 (on ViewVC)‎ | r35400 >
Date:15:43, 27 May 2008
Author:catrope
Status:old
Tags:
Comment:
* Added 'writeapi' right that controls access to the write API. Users who don't have this right won't be able to use the write API modules even if $wgEnableWriteAPI = true; and they have the other rights required
* Checking for 'writeapi' in ApiMain::requestWriteMode() and tweaking the noapiwrite error message a bit
* Granting this right to *, user and bot by default.

For extra clarity: to e.g. move pages through the API, a user needs to have the 'move' right AND the 'writeapi' right AND $wgEnableWriteAPI = true;
Modified paths:

Diff [purge]

Index: trunk/phase3/includes/api/ApiMain.php
@@ -179,12 +179,19 @@
180180 }
181181
182182 /**
183 - * This method will simply cause an error if the write mode was disabled for this api.
 183+ * This method will simply cause an error if the write mode was disabled
 184+ * or if the current user doesn't have the right to use it
184185 */
185186 public function requestWriteMode() {
 187+ global $wgUser;
186188 if (!$this->mEnableWrite)
187 - $this->dieUsage('Editing of this site is disabled. Make sure the $wgEnableWriteAPI=true; ' .
188 - 'statement is included in the site\'s LocalSettings.php file', 'noapiwrite');
 189+ $this->dieUsage('Editing of this wiki through the API' .
 190+ ' is disabled. Make sure the $wgEnableWriteAPI=true; ' .
 191+ 'statement is included in the wiki\'s ' .
 192+ 'LocalSettings.php file', 'noapiwrite');
 193+ if (!$wgUser->isAllowed('writeapi'))
 194+ $this->dieUsage('You\'re not allowed to edit this ' .
 195+ 'wiki through the API', 'writeapidenied');
189196 }
190197
191198 /**
Index: trunk/phase3/includes/DefaultSettings.php
@@ -1083,6 +1083,7 @@
10841084 $wgGroupPermissions['*' ]['edit'] = true;
10851085 $wgGroupPermissions['*' ]['createpage'] = true;
10861086 $wgGroupPermissions['*' ]['createtalk'] = true;
 1087+$wgGroupPermissions['*' ]['writeapi'] = true;
10871088
10881089 // Implicit group for all logged-in accounts
10891090 $wgGroupPermissions['user' ]['move'] = true;
@@ -1090,6 +1091,7 @@
10911092 $wgGroupPermissions['user' ]['edit'] = true;
10921093 $wgGroupPermissions['user' ]['createpage'] = true;
10931094 $wgGroupPermissions['user' ]['createtalk'] = true;
 1095+$wgGroupPermissions['user' ]['writeapi'] = true;
10941096 $wgGroupPermissions['user' ]['upload'] = true;
10951097 $wgGroupPermissions['user' ]['reupload'] = true;
10961098 $wgGroupPermissions['user' ]['reupload-shared'] = true;
@@ -1107,6 +1109,7 @@
11081110 $wgGroupPermissions['bot' ]['autopatrol'] = true;
11091111 $wgGroupPermissions['bot' ]['suppressredirect'] = true;
11101112 $wgGroupPermissions['bot' ]['apihighlimits'] = true;
 1113+$wgGroupPermissions['bot' ]['writeapi'] = true;
11111114 #$wgGroupPermissions['bot' ]['editprotected'] = true; // can edit all protected pages without cascade protection enabled
11121115
11131116 // Most extra permission abilities go to this group

Follow-up revisions

Rev.Commit summaryAuthorDate
r35413Add new right 'writeapi', introduced per r35399.raymond16:33, 27 May 2008

Status & tagging log

  • 15:27, 12 September 2011 Meno25 (talk | contribs) changed the status of r35399 [removed: ok added: old]