Page MenuHomePhabricator

T222038.patch

File Metadata

Author
Rxy
Created
Apr 28 2019, 8:24 PM

T222038.patch

From b2c906301938de17ef36bf5d5a8c1eab71038ab4 Mon Sep 17 00:00:00 2001
From: rxy <wikitech.rxy@rxy.jp>
Date: Mon, 29 Apr 2019 05:14:18 +0900
Subject: [PATCH] Add permission check for user is permitted to view the log
type
Bug: T222038
Change-Id: I92ec2adfd9c514b3be1c07b7d22b9f9722d24a82
---
includes/logging/LogEventsList.php | 25 +++++++++++++++++++++++--
1 file changed, 23 insertions(+), 2 deletions(-)
diff --git a/includes/logging/LogEventsList.php b/includes/logging/LogEventsList.php
index 3fd52af01b..ab16db73a8 100644
--- a/includes/logging/LogEventsList.php
+++ b/includes/logging/LogEventsList.php
@@ -531,7 +531,7 @@ class LogEventsList extends ContextSource {
/**
* Determine if the current user is allowed to view a particular
- * field of this log row, if it's marked as deleted.
+ * field of this log row, if it's marked as deleted and/or restricted log type.
*
* @param stdClass $row
* @param int $field
@@ -539,7 +539,8 @@ class LogEventsList extends ContextSource {
* @return bool
*/
public static function userCan( $row, $field, User $user = null ) {
- return self::userCanBitfield( $row->log_deleted, $field, $user );
+ return self::userCanBitfield( $row->log_deleted, $field, $user ) &&
+ self::userCanViewLogType( $row->log_type, $user );
}
/**
@@ -570,6 +571,26 @@ class LogEventsList extends ContextSource {
}
/**
+ * Determine if the current user is allowed to view a particular
+ * field of this log row, if it's marked as restricted log type.
+ *
+ * @param stdClass $row
+ * @param User|null $user User to check, or null to use $wgUser
+ * @return bool
+ */
+ public static function userCanViewLogType( $type, User $user = null ) {
+ if ( $user === null ){
+ global $wgUser;
+ $user = $wgUser;
+ }
+ $logRestrictions = MediaWikiServices::getInstance()->getMainConfig()->get( 'LogRestrictions' );
+ if ( isset( $logRestrictions[$type] ) && !$user->isAllowed( $logRestrictions[$type] ) ) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
* @param stdClass $row
* @param int $field One of DELETED_* bitfield constants
* @return bool
--
2.11.0

Event Timeline