From b57a2c03904b8c321adc82ffcee2f7424b08f473 Mon Sep 17 00:00:00 2001 From: rxy Date: Mon, 29 Apr 2019 05:14:18 +0900 Subject: [PATCH] Add permission check for user is permitted to view the log type Bug: T222038 Change-Id: I1c4e57a513e3a0e616b862a5b9d684f463ad9981 --- includes/logging/LogEventsList.php | 25 +++++++++++++++++++++++-- includes/logging/LogFormatter.php | 22 ++++++++++++++++++++-- 2 files changed, 43 insertions(+), 4 deletions(-) diff --git a/includes/logging/LogEventsList.php b/includes/logging/LogEventsList.php index 3fd52af01b..ab16db73a8 100644 --- a/includes/logging/LogEventsList.php +++ b/includes/logging/LogEventsList.php @@ -531,7 +531,7 @@ class LogEventsList extends ContextSource { /** * Determine if the current user is allowed to view a particular - * field of this log row, if it's marked as deleted. + * field of this log row, if it's marked as deleted and/or restricted log type. * * @param stdClass $row * @param int $field @@ -539,7 +539,8 @@ class LogEventsList extends ContextSource { * @return bool */ public static function userCan( $row, $field, User $user = null ) { - return self::userCanBitfield( $row->log_deleted, $field, $user ); + return self::userCanBitfield( $row->log_deleted, $field, $user ) && + self::userCanViewLogType( $row->log_type, $user ); } /** @@ -570,6 +571,26 @@ class LogEventsList extends ContextSource { } /** + * Determine if the current user is allowed to view a particular + * field of this log row, if it's marked as restricted log type. + * + * @param stdClass $row + * @param User|null $user User to check, or null to use $wgUser + * @return bool + */ + public static function userCanViewLogType( $type, User $user = null ) { + if ( $user === null ){ + global $wgUser; + $user = $wgUser; + } + $logRestrictions = MediaWikiServices::getInstance()->getMainConfig()->get( 'LogRestrictions' ); + if ( isset( $logRestrictions[$type] ) && !$user->isAllowed( $logRestrictions[$type] ) ) { + return false; + } + return true; + } + + /** * @param stdClass $row * @param int $field One of DELETED_* bitfield constants * @return bool diff --git a/includes/logging/LogFormatter.php b/includes/logging/LogFormatter.php index 3e942ae08d..0ffaee8fca 100644 --- a/includes/logging/LogFormatter.php +++ b/includes/logging/LogFormatter.php @@ -154,6 +154,23 @@ class LogFormatter { } /** + * Check if a log item type can be displayed + * @return bool + */ + public function canViewLogType() { + // If the user doesn't have the right permission to view the specific + // log type, return false + $logRestrictions = $this->context->getConfig()->get( 'LogRestrictions' ); + $type = $this->entry->getType(); + if ( isset( $logRestrictions[$type] ) + && !$this->context->getUser()->isAllowed( $logRestrictions[$type] ) + ) { + return false; + } + return true; + } + + /** * Check if a log item can be displayed * @param int $field LogPage::DELETED_* constant * @return bool @@ -161,9 +178,10 @@ class LogFormatter { protected function canView( $field ) { if ( $this->audience == self::FOR_THIS_USER ) { return LogEventsList::userCanBitfield( - $this->entry->getDeleted(), $field, $this->context->getUser() ); + $this->entry->getDeleted(), $field, $this->context->getUser() ) && + self::canViewLogType(); } else { - return !$this->entry->isDeleted( $field ); + return !$this->entry->isDeleted( $field ) && self::canViewLogType(); } } -- 2.11.0