diff --git a/extension.json b/extension.json index 5ae55c7c8..5d56f27c4 100644 --- a/extension.json +++ b/extension.json @@ -195,7 +195,7 @@ "abusefilter-examine-nomatch", "abusefilter-examine-syntaxerror", "abusefilter-examine-notfound", - "abusefilter-mustbeeditor", + "abusefilter-mustviewprivateoredit", "abusefilter-http-error", "unknown-error" ], diff --git a/i18n/en.json b/i18n/en.json index 89077ed77..a5218136a 100644 --- a/i18n/en.json +++ b/i18n/en.json @@ -9,7 +9,7 @@ "abusefilter": "Abuse filter configuration", "abuselog": "Abuse log", "abusefilter-intro": "Welcome to the Abuse Filter management interface.\nThe Abuse Filter is an automated software mechanism of applying automatic heuristics to all actions.\nThis interface shows a list of defined filters, and allows them to be modified.", - "abusefilter-mustbeeditor": "For security reasons, only users with the right to modify abuse filters may use this interface.", + "abusefilter-mustviewprivateoredit": "For security reasons, only users with the right to view private abuse filters or modify filters may use this interface.", "abusefilter-warning": "'''Warning:''' This action has been automatically identified as harmful.\nUnconstructive actions will be quickly reverted,\nand egregious or repeated unconstructive editing will result in your account or IP address being blocked.\nIf you believe this action to be constructive, you may submit it again to confirm it.\nA brief description of the abuse rule which your action matched is: $1", "abusefilter-disallowed": "This action has been automatically identified as harmful, and therefore disallowed.\nIf you believe your action was constructive, please inform an administrator of what you were trying to do.\nA brief description of the abuse rule which your action matched is: $1", "abusefilter-blocked-display": "This action has been automatically identified as harmful,\nand you have been prevented from executing it.\nIn addition, to protect {{SITENAME}}, your user account and all associated IP addresses have been blocked from editing.\nIf this has occurred in error, please contact an administrator.\nA brief description of the abuse rule which your action matched is: $1", diff --git a/i18n/qqq.json b/i18n/qqq.json index 44bfe90db..d0f908b1f 100644 --- a/i18n/qqq.json +++ b/i18n/qqq.json @@ -42,7 +42,7 @@ "abusefilter": "{{doc-special|AbuseFilter}}", "abuselog": "{{doc-special|AbuseLog}}\n{{Identical|Abuse log}}", "abusefilter-intro": "Introduction text for the list of filter rules.", - "abusefilter-mustbeeditor": "\"No access\" message shown when a user does not have access rights.", + "abusefilter-mustviewprivateoredit": "\"No access\" message shown when a user does not have access rights.", "abusefilter-warning": "A warning message shown when a user tries to save an edit which matches some abuse filter rule. Parameters:\n* $1 is a short description of the abuse filter rule which triggered this action\n* $2 is the filter id", "abusefilter-disallowed": "Message given to user because of a triggered filter. Parameters:\n* $1 is a filter description\n* $2 is the filter id", "abusefilter-blocked-display": "Message given to user because of a triggered filter. Parameters:\n* $1 is a filter description\n* $2 is the filter id", diff --git a/includes/AbuseFilter.php b/includes/AbuseFilter.php index c4855f0bf..0772b8ddc 100644 --- a/includes/AbuseFilter.php +++ b/includes/AbuseFilter.php @@ -190,11 +190,16 @@ class AbuseFilter { 'log' => 'Special:AbuseLog', ]; - if ( $context->getUser()->isAllowed( 'abusefilter-modify' ) ) { + if ( $context->getUser()->isAllowedAny( 'abusefilter-modify', 'abusefilter-view-private' ) ) { $linkDefs = array_merge( $linkDefs, [ 'test' => 'Special:AbuseFilter/test', - 'tools' => 'Special:AbuseFilter/tools', - 'import' => 'Special:AbuseFilter/import', + 'tools' => 'Special:AbuseFilter/tools' + ] ); + } + + if ( $context->getUser()->isAllowed( 'abusefilter-modify' ) ) { + $linkDefs = array_merge( $linkDefs, [ + 'import' => 'Special:AbuseFilter/import' ] ); } diff --git a/includes/Views/AbuseFilterView.php b/includes/Views/AbuseFilterView.php index 9148b43e6..9facfcf12 100644 --- a/includes/Views/AbuseFilterView.php +++ b/includes/Views/AbuseFilterView.php @@ -70,13 +70,15 @@ abstract class AbuseFilterView extends ContextSource { * @param string $textName * @param bool $addResultDiv * @param bool $externalForm + * @param bool $needsModifyRights * @return string */ public function buildEditBox( $rules, $textName = 'wpFilterRules', $addResultDiv = true, - $externalForm = false + $externalForm = false, + $needsModifyRights = true ) { $this->getOutput()->enableOOUI(); @@ -84,13 +86,16 @@ abstract class AbuseFilterView extends ContextSource { $editorAttrib = [ 'dir' => 'ltr' ]; $noTestAttrib = []; - if ( !$this->getUser()->isAllowed( 'abusefilter-modify' ) ) { + $isUserAllowed = $needsModifyRights ? + $this->getUser()->isAllowed( 'abusefilter-modify' ) : + $this->canViewPrivate(); + if ( !$isUserAllowed ) { $noTestAttrib['disabled'] = 'disabled'; $addResultDiv = false; } $rules = rtrim( $rules ) . "\n"; - $canEdit = $this->canEdit(); + $canEdit = $needsModifyRights ? $this->canEdit() : $this->canViewPrivate(); if ( ExtensionRegistry::getInstance()->isLoaded( 'CodeEditor' ) ) { $editorAttrib['name'] = 'wpAceFilterEditor'; diff --git a/includes/Views/AbuseFilterViewExamine.php b/includes/Views/AbuseFilterViewExamine.php index f43e85735..3b19eeba5 100644 --- a/includes/Views/AbuseFilterViewExamine.php +++ b/includes/Views/AbuseFilterViewExamine.php @@ -178,9 +178,9 @@ class AbuseFilterViewExamine extends AbuseFilterView { $output->addModules( 'ext.abuseFilter.examine' ); // Add test bit - if ( $this->getUser()->isAllowed( 'abusefilter-modify' ) ) { + if ( $this->canViewPrivate() ) { $tester = Xml::tags( 'h2', null, $this->msg( 'abusefilter-examine-test' )->parse() ); - $tester .= $this->buildEditBox( $this->mTestFilter, 'wpTestFilter', false ); + $tester .= $this->buildEditBox( $this->mTestFilter, 'wpTestFilter', false, false, false ); $tester .= AbuseFilter::buildFilterLoader(); $html .= Xml::tags( 'div', [ 'id' => 'mw-abusefilter-examine-editor' ], $tester ); $html .= Xml::tags( 'p', diff --git a/includes/Views/AbuseFilterViewTestBatch.php b/includes/Views/AbuseFilterViewTestBatch.php index d54dfbefc..c6de5c6a0 100644 --- a/includes/Views/AbuseFilterViewTestBatch.php +++ b/includes/Views/AbuseFilterViewTestBatch.php @@ -15,8 +15,8 @@ class AbuseFilterViewTestBatch extends AbuseFilterView { AbuseFilter::disableConditionLimit(); - if ( !$this->getUser()->isAllowed( 'abusefilter-modify' ) ) { - $out->addWikiMsg( 'abusefilter-mustbeeditor' ); + if ( !$this->canViewPrivate() ) { + $out->addWikiMsg( 'abusefilter-mustviewprivateoredit' ); return; } @@ -32,7 +32,8 @@ class AbuseFilterViewTestBatch extends AbuseFilterView { $this->mFilter, 'wpTestFilter', true, - true + true, + false ) . "\n"; $output .= AbuseFilter::buildFilterLoader(); diff --git a/includes/Views/AbuseFilterViewTools.php b/includes/Views/AbuseFilterViewTools.php index f01757d37..44ee0eb4e 100644 --- a/includes/Views/AbuseFilterViewTools.php +++ b/includes/Views/AbuseFilterViewTools.php @@ -7,11 +7,10 @@ class AbuseFilterViewTools extends AbuseFilterView { public function show() { $out = $this->getOutput(); $out->enableOOUI(); - $user = $this->getUser(); $request = $this->getRequest(); - if ( !$user->isAllowed( 'abusefilter-modify' ) ) { - $out->addWikiMsg( 'abusefilter-mustbeeditor' ); + if ( !$this->canViewPrivate() ) { + $out->addWikiMsg( 'abusefilter-mustviewprivateoredit' ); return; } @@ -20,7 +19,13 @@ class AbuseFilterViewTools extends AbuseFilterView { // Expression evaluator $eval = ''; - $eval .= $this->buildEditBox( $request->getText( 'wpTestExpr' ), 'wpTestExpr' ); + $eval .= $this->buildEditBox( + $request->getText( 'wpTestExpr' ), + 'wpTestExpr', + true, + false, + false + ); $eval .= Xml::tags( 'p', null, diff --git a/includes/api/ApiAbuseFilterCheckMatch.php b/includes/api/ApiAbuseFilterCheckMatch.php index 13084dee1..9d4fd8c3a 100644 --- a/includes/api/ApiAbuseFilterCheckMatch.php +++ b/includes/api/ApiAbuseFilterCheckMatch.php @@ -9,7 +9,7 @@ class ApiAbuseFilterCheckMatch extends ApiBase { $this->requireOnlyOneParameter( $params, 'vars', 'rcid', 'logid' ); // "Anti-DoS" - if ( !$this->getUser()->isAllowed( 'abusefilter-modify' ) ) { + if ( !$this->getUser()->isAllowedAny( 'abusefilter-modify', 'abusefilter-view-private' ) ) { $this->dieWithError( 'apierror-abusefilter-canttest', 'permissiondenied' ); } diff --git a/includes/api/ApiAbuseFilterCheckSyntax.php b/includes/api/ApiAbuseFilterCheckSyntax.php index d8ef54c90..213fb9049 100644 --- a/includes/api/ApiAbuseFilterCheckSyntax.php +++ b/includes/api/ApiAbuseFilterCheckSyntax.php @@ -7,7 +7,7 @@ class ApiAbuseFilterCheckSyntax extends ApiBase { */ public function execute() { // "Anti-DoS" - if ( !$this->getUser()->isAllowed( 'abusefilter-modify' ) ) { + if ( !$this->getUser()->isAllowedAny( 'abusefilter-modify', 'abusefilter-view-private' ) ) { $this->dieWithError( 'apierror-abusefilter-cantcheck', 'permissiondenied' ); } diff --git a/modules/ext.abuseFilter.examine.js b/modules/ext.abuseFilter.examine.js index e51becf66..2eb9358f9 100644 --- a/modules/ext.abuseFilter.examine.js +++ b/modules/ext.abuseFilter.examine.js @@ -52,8 +52,8 @@ } else if ( error === 'nosuchrcid' || error === 'nosuchlogid' ) { msg = 'abusefilter-examine-notfound'; } else if ( error === 'permissiondenied' ) { - // The 'abusefilter-modify' right is needed to use this API - msg = 'abusefilter-mustbeeditor'; + // The 'abusefilter-modify' or 'abusefilter-view-private' right is needed to use this API + msg = 'abusefilter-mustviewprivateoredit'; } else if ( error === 'http' ) { msg = 'abusefilter-http-error'; } else {