Page MenuHomePhabricator

All logged in users can patrol edits if $wgOnlySysopsCanPatrol is unset/false
Closed, ResolvedPublic


Author: alan.harder

In 1.5.7 and current CVS it appears that $wgOnlySysopsCanPatrol is not defined
anywhere by default. Also, the logic in the places that determine if the user
can patrol doesn't seem to work as intended:

$wgUser->isAllowed('patrol') || !$wgOnlySysopsCanPatrol

This expression is always true if $wgOnlySysopsCanPatrol is unset/false.. thus
the remaining part of the "if" expression (not shown here) controls whether a
user can patrol, and isAllowed('patrol') has no effect.. end result: all logged
in users can patrol.
Also, one place in DifferenceEngine.php checks rollback right instead of patrol.

  • MediaWiki: 1.5.7
  • PHP: 4.4.2-1 (apache2handler)
  • MySQL: 4.1.15-Debian_1-log

See attached patch for our fix (patch for CVS).. with the setting in
$wgGroupPermissions I didn't see the need for this global, so I removed it.
Also didn't see a need for the extra isLoggedIn check each time.. just checking
isAllowed seems sufficient.
Without this global I didn't know what to put for the 3rd parameter to
MarkPatrolled and MarkPatrolledComplete hooks, so I changed those to false.

Version: 1.6.x
Severity: normal



Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 9:10 PM
bzimport set Reference to bz5282.
bzimport added a subscriber: Unknown Object (MLST).

alan.harder wrote:

cvs patch to fix checking of patrol user right


robchur wrote:

Incorporated into CVS HEAD. Thanks for the patch.