Page MenuHomePhabricator
Files F55895742

0001-Prevent-blocked-users-from-being-able-to-review-unre.patch
Soda (Sohom Datta)
Actions

Authored By
Soda
Jun 26 2024, 2:04 PM
Size
4 KB
Referenced Files
None
Subscribers
None

0001-Prevent-blocked-users-from-being-able-to-review-unre.patch
View Options

From 7ba1d5925f2b4b7eb5581a81a85f3287e4e7df18 Mon Sep 17 00:00:00 2001
From: Sohom <sdatta4@ncsu.edu>
Date: Sat, 8 Jun 2024 12:36:12 -0400
Subject: [PATCH] Prevent blocked users from being able to review/unreview
articles
Bug: T366991
Change-Id: I0288a715f7040a14ab7f70b2888fe1ef77a44588
---
includes/Api/ApiPageTriageAction.php | 22 +++++-
.../integration/ApiPageTriageActionTest.php | 77 ++++++++++++++++++-
2 files changed, 94 insertions(+), 5 deletions(-)
diff --git a/includes/Api/ApiPageTriageAction.php b/includes/Api/ApiPageTriageAction.php
index ceb3d87a..a7196093 100644
--- a/includes/Api/ApiPageTriageAction.php
+++ b/includes/Api/ApiPageTriageAction.php
@@ -14,6 +14,7 @@ use MediaWiki\Extension\PageTriage\ArticleMetadata;
use MediaWiki\Extension\PageTriage\PageTriage;
use MediaWiki\Extension\PageTriage\PageTriageUtil;
use MediaWiki\Extension\PageTriage\QueueRecord;
+use MediaWiki\Permissions\PermissionStatus;
use MediaWiki\Revision\RevisionRecord;
use MediaWiki\Revision\RevisionStore;
use Wikimedia\ParamValidator\ParamValidator;
@@ -99,8 +100,25 @@ class ApiPageTriageAction extends ApiBase {
* @return bool
*/
private function canPerformReviewAction( int $attemptedReviewAction, Article $article ): bool {
- $isPatroller = $this->getAuthority()->isAllowed( 'patrol' );
- $isAutopatrolled = $this->getAuthority()->isAllowed( 'autopatrol' );
+ $patrolPermissionStatus = new PermissionStatus();
+ $autopatrolledPermissionStatus = new PermissionStatus();
+ $isPatroller = $this->getAuthority()->definitelyCan(
+ 'patrol',
+ $article->getPage(),
+ $patrolPermissionStatus
+ );
+ $isAutopatrolled = $this->getAuthority()->definitelyCan(
+ 'autopatrol',
+ $article->getPage(),
+ $autopatrolledPermissionStatus
+ );
+
+ if (
+ $patrolPermissionStatus->isBlocked() ||
+ $autopatrolledPermissionStatus->isBlocked()
+ ) {
+ $this->dieBlocked( $patrolPermissionStatus->getBlock() );
+ }
if ( $isPatroller && $isAutopatrolled ) {
return true;
diff --git a/tests/phpunit/integration/ApiPageTriageActionTest.php b/tests/phpunit/integration/ApiPageTriageActionTest.php
index 2cb74969..a111d903 100644
--- a/tests/phpunit/integration/ApiPageTriageActionTest.php
+++ b/tests/phpunit/integration/ApiPageTriageActionTest.php
@@ -3,6 +3,7 @@
namespace MediaWiki\Extension\PageTriage\Test;
use ApiUsageException;
+use MediaWiki\MediaWikiServices;
use MediaWiki\User\User;
use TestUser;
@@ -41,12 +42,30 @@ class ApiPageTriageActionTest extends PageTriageTestCase {
[]
);
- self::$users['autopatrolleduser'] = new TestUser(
+ self::$users['blockeduser'] = new TestUser(
'ApitestuserC',
'Api Test UserC',
- 'api_test_userC@example.com',
+ 'api_test_userB@example.com',
+ [ 'sysop' ]
+ );
+
+ self::$users['autopatrolleduser'] = new TestUser(
+ 'ApitestuserD',
+ 'Api Test UserD',
+ 'api_test_userD@example.com',
[ 'autopatrol' ]
);
+
+ $blockUserAction = MediaWikiServices::getInstance()
+ ->getBlockUserFactory()
+ ->newBlockUser(
+ 'ApitestuserC',
+ self::$users['one']->getAuthority(),
+ 'infinite',
+ 'Test reason'
+ );
+
+ $blockUserAction->placeBlock();
}
public function testLogin() {
@@ -88,7 +107,7 @@ class ApiPageTriageActionTest extends PageTriageTestCase {
* @depends testLogin
*/
public function testSuccessfulReviewAction( $sessionArray ) {
- $pageId = $this->makeDraft( 'Test ' );
+ $pageId = $this->makeDraft( 'Test' );
[ $result, , ] = $this->doApiRequestWithToken(
[
@@ -104,6 +123,58 @@ class ApiPageTriageActionTest extends PageTriageTestCase {
$this->assertEquals( "success", $result['pagetriageaction']['result'] );
}
+ /**
+ * @depends testLogin
+ */
+ public function testBlockedUserReview() {
+ $pageId = $this->makeDraft( 'Test' );
+
+ $this->expectException( ApiUsageException::class );
+ [ $result, , ] = $this->doApiRequestWithToken(
+ [
+ 'action' => 'pagetriageaction',
+ 'pageid' => $pageId,
+ 'reviewed' => '1',
+ 'skipnotif' => '1'
+ ],
+ null,
+ self::$users['blockeduser']->getUser()
+ );
+ $this->assertNotEquals( "success", $result['pagetriageaction']['result'] );
+ }
+
+ /**
+ * @depends testLogin
+ */
+ public function testBlockedUserUnReview() {
+ $pageId = $this->makeDraft( 'Test' );
+
+ $this->doApiRequestWithToken(
+ [
+ 'action' => 'pagetriageaction',
+ 'pageid' => $pageId,
+ 'reviewed' => '1',
+ 'skipnotif' => '1'
+ ],
+ null,
+ self::$users['one']->getUser()
+ );
+
+ $this->expectException( ApiUsageException::class );
+ $this->doApiRequestWithToken(
+ [
+ 'action' => 'pagetriageaction',
+ 'pageid' => $pageId,
+ 'reviewed' => '1',
+ 'skipnotif' => '1'
+ ],
+ null,
+ self::$users['blockeduser']->getUser()
+ );
+
+ $this->assertNotEquals( "success", $result['pagetriageaction']['result'] );
+ }
+
/**
* @depends testLogin
*/
--
2.45.1

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
18291830
Default Alt Text
0001-Prevent-blocked-users-from-being-able-to-review-unre.patch (4 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits