wikimedia/mediawiki-extensions-AbuseFilter
1
0
Fork 0
mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/AbuseFilter.git synced 2024-11-24 06:03:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Apply proper visibility checks for recentchanges queries

Browse source 
Follow-up: I6063c02fa261c4cc0e6dbbb2db4e111eb85912c2

Bug: T274152
Bug: T274158
Change-Id: I71a6d521bd12931ce60eec4d2dc35af19146000f
This commit is contained in:
Daimona Eaytoy 2021-03-11 11:50:44 +01:00
parent e28d15c55e
commit 3413d15b68
3 changed files with 18 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
includes/Pager/AbuseFilterExaminePager.php
View file

@ -59,7 +59,7 @@ class AbuseFilterExaminePager extends ReverseChronologicalPager {
}
$conds[] = $this->mPage->buildTestConditions( $dbr );
$conds = array_merge( $conds, $this->mPage->buildVisibilityConditions() );
$conds = array_merge( $conds, $this->mPage->buildVisibilityConditions( $dbr, $this->getAuthority() ) );
$rcQuery = RecentChange::getQueryInfo();
$info = [

19
includes/View/AbuseFilterView.php
View file

@ -7,6 +7,8 @@ use Flow\Data\Listener\RecentChangesListener;
use IContextSource;
use MediaWiki\Extension\AbuseFilter\AbuseFilterPermissionManager;
use MediaWiki\Linker\LinkRenderer;
use MediaWiki\Permissions\Authority;
use MediaWiki\Revision\RevisionRecord;
use MWException;
use OOUI;
use RecentChange;
@ -189,11 +191,22 @@ abstract class AbuseFilterView extends ContextSource {
}
/**
* @todo Check what the user can actually see and use a proper bitmask. Core should provide such a method though.
* @todo Core should provide a method for this (T233222)
* @param IDatabase $db
* @param Authority $authority
* @return array
*/
public function buildVisibilityConditions() : array {
return [ 'rc_deleted' => 0 ];
public function buildVisibilityConditions( IDatabase $db, Authority $authority ) : array {
if ( !$authority->isAllowed( 'deletedhistory' ) ) {
$bitmask = RevisionRecord::DELETED_USER;
} elseif ( !$authority->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
$bitmask = RevisionRecord::DELETED_USER | RevisionRecord::DELETED_RESTRICTED;
} else {
$bitmask = 0;
}
return $bitmask
? [ $db->bitAnd( 'rc_deleted', $bitmask ) . " != $bitmask" ]
: [];
}
/**

2
includes/View/AbuseFilterViewTestBatch.php
View file

@ -258,7 +258,7 @@ class AbuseFilterViewTestBatch extends AbuseFilterView {
$action = $this->mTestAction !== '0' ? $this->mTestAction : false;
$conds[] = $this->buildTestConditions( $dbr, $action );
$conds = array_merge( $conds, $this->buildVisibilityConditions() );
$conds = array_merge( $conds, $this->buildVisibilityConditions( $dbr, $this->getAuthority() ) );
$rcQuery = RecentChange::getQueryInfo();
$res = $dbr->select(