r9499 - Code Review

From MediaWiki.org

Jump to: navigation, search
Repository:MediaWiki
Revision:r9498 | r9499 (on ViewVC) | r9500 >
Date:08:03, 19 June 2005
Author:vibber
Status:ok
Tags:
Comment:* Special:Upload now uses 'upload' permission instead of hardcoding login check
* Add 'importupload' permission to disable direct uploads to Special:Import
Modified paths:

Diff [purge]

Index: trunk/phase3/includes/SpecialImport.php
===================================================================
--- trunk/phase3/includes/SpecialImport.php	(revision 9498)
+++ trunk/phase3/includes/SpecialImport.php	(revision 9499)
@@ -29,7 +29,7 @@
  * Constructor
  */
 function wfSpecialImport( $page = '' ) {
-	global $wgOut, $wgLang, $wgRequest, $wgTitle;
+	global $wgUser, $wgOut, $wgLang, $wgRequest, $wgTitle;
 	global $wgImportSources;
 	
 	###
@@ -42,7 +42,11 @@
 		
 		switch( $wgRequest->getVal( "source" ) ) {
 		case "upload":
-			$result = $importer->setupFromUpload( "xmlimport" );
+			if( $wgUser->isAllowed( 'importupload' ) ) {
+				$result = $importer->setupFromUpload( "xmlimport" );
+			} else {
+				return $wgOut->permissionRequired( 'importupload' );
+			}
 			break;
 		case "interwiki":
 			$result = $importer->setupFromInterwiki(
@@ -68,9 +72,11 @@
 		}
 	}
 	
-	$wgOut->addWikiText( "<p>" . wfMsg( "importtext" ) . "</p>" );
 	$action = $wgTitle->escapeLocalUrl( 'action=submit' );
-	$wgOut->addHTML( "
+	
+	if( $wgUser->isAllowed( 'importupload' ) ) {
+		$wgOut->addWikiText( "<p>" . wfMsg( "importtext" ) . "</p>" );
+		$wgOut->addHTML( "
 <fieldset>
 	<legend>Upload XML</legend>
 	<form enctype='multipart/form-data' method='post' action=\"$action\">
@@ -82,7 +88,12 @@
 	</form>
 </fieldset>
 " );
-
+	} else {
+		if( empty( $wgImportSources ) ) {
+			$wgOut->addWikiText( wfMsg( 'importnosources' ) );
+		}
+	}
+	
 	if( !empty( $wgImportSources ) ) {
 		$wgOut->addHTML( "
 <fieldset>
Index: trunk/phase3/includes/SpecialUpload.php
===================================================================
--- trunk/phase3/includes/SpecialUpload.php	(revision 9498)
+++ trunk/phase3/includes/SpecialUpload.php	(revision 9499)
@@ -99,8 +99,7 @@
 		}
 
 		/** Various rights checks */
-		if( ( $wgUser->isAnon() )
-			 OR $wgUser->isBlocked() ) {
+		if( !$wgUser->isAllowed( 'upload' ) || $wgUser->isBlocked() ) {
 			$wgOut->errorpage( 'uploadnologin', 'uploadnologintext' );
 			return;
 		}
Index: trunk/phase3/includes/DefaultSettings.php
===================================================================
--- trunk/phase3/includes/DefaultSettings.php	(revision 9498)
+++ trunk/phase3/includes/DefaultSettings.php	(revision 9499)
@@ -686,6 +686,7 @@
 
 $wgGroupPermissions['user' ]['move']            = true;
 $wgGroupPermissions['user' ]['read']            = true;
+$wgGroupPermissions['user' ]['upload']          = true;
 
 $wgGroupPermissions['bot'  ]['bot']             = true;
 
@@ -694,10 +695,12 @@
 $wgGroupPermissions['sysop']['delete']          = true;
 $wgGroupPermissions['sysop']['editinterface']   = true;
 $wgGroupPermissions['sysop']['import']          = true;
-$wgGroupPermissions['sysop']['importraw']       = true;
+$wgGroupPermissions['sysop']['importupload']    = true;
+$wgGroupPermissions['user' ]['move']            = true;
 $wgGroupPermissions['sysop']['patrol']          = true;
 $wgGroupPermissions['sysop']['protect']         = true;
 $wgGroupPermissions['sysop']['rollback']        = true;
+$wgGroupPermissions['user' ]['upload']          = true;
 
 $wgGroupPermissions['bureaucrat']['userrights'] = true;
 
@@ -1130,8 +1133,11 @@
 
 /**
  * List of interwiki prefixes for wikis we'll accept as sources for
- * Special:Import (for sysops). Since complete page history# can be imported,
+ * Special:Import (for sysops). Since complete page history can be imported,
  * these should be 'trusted'.
+ *
+ * If a user has the 'import' permission but not the 'importupload' permission,
+ * they will only be able to run imports through this transwiki interface.
  */
 $wgImportSources = array();
 
Index: trunk/phase3/RELEASE-NOTES
===================================================================
--- trunk/phase3/RELEASE-NOTES	(revision 9498)
+++ trunk/phase3/RELEASE-NOTES	(revision 9499)
@@ -300,6 +300,8 @@
 * badaccess/badaccesstext to supercede sysop*, developer* messages
 * Changed $wgGroupPermissions to more cut-n-paste-friendly format
 * 'developer' group deprecated by default
+* Special:Upload now uses 'upload' permission instead of hardcoding login check
+* Add 'importupload' permission to disable direct uploads to Special:Import
 
 
 === Caveats ===
Index: trunk/phase3/languages/Language.php
===================================================================
--- trunk/phase3/languages/Language.php	(revision 9498)
+++ trunk/phase3/languages/Language.php	(revision 9499)
@@ -1656,6 +1656,7 @@
 'importnotext'	=> 'Empty or no text',
 'importsuccess'	=> 'Import succeeded!',
 'importhistoryconflict' => 'Conflicting history revision exists (may have imported this page before)',
+'importnosources' => 'No transwiki import sources have been defined and direct history uploads are disabled.',
 
 # Keyboard access keys for power users
 'accesskey-search' => 'f',

Status & tagging log

  • 14:05, 18 June 2009 ^demon (Talk | contribs) changed the status of r9499 [removed: new added: ok]
Retrieved from "http://www.mediawiki.org/wiki/Special:Code/MediaWiki/9499"
Views
Toolbox