From b2c906301938de17ef36bf5d5a8c1eab71038ab4 Mon Sep 17 00:00:00 2001 From: rxy Date: Mon, 29 Apr 2019 05:14:18 +0900 Subject: [PATCH] Add permission check for user is permitted to view the log type Bug: T222038 Change-Id: I92ec2adfd9c514b3be1c07b7d22b9f9722d24a82 --- includes/logging/LogEventsList.php | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/includes/logging/LogEventsList.php b/includes/logging/LogEventsList.php index 3fd52af01b..ab16db73a8 100644 --- a/includes/logging/LogEventsList.php +++ b/includes/logging/LogEventsList.php @@ -531,7 +531,7 @@ class LogEventsList extends ContextSource { /** * Determine if the current user is allowed to view a particular - * field of this log row, if it's marked as deleted. + * field of this log row, if it's marked as deleted and/or restricted log type. * * @param stdClass $row * @param int $field @@ -539,7 +539,8 @@ class LogEventsList extends ContextSource { * @return bool */ public static function userCan( $row, $field, User $user = null ) { - return self::userCanBitfield( $row->log_deleted, $field, $user ); + return self::userCanBitfield( $row->log_deleted, $field, $user ) && + self::userCanViewLogType( $row->log_type, $user ); } /** @@ -570,6 +571,26 @@ class LogEventsList extends ContextSource { } /** + * Determine if the current user is allowed to view a particular + * field of this log row, if it's marked as restricted log type. + * + * @param stdClass $row + * @param User|null $user User to check, or null to use $wgUser + * @return bool + */ + public static function userCanViewLogType( $type, User $user = null ) { + if ( $user === null ){ + global $wgUser; + $user = $wgUser; + } + $logRestrictions = MediaWikiServices::getInstance()->getMainConfig()->get( 'LogRestrictions' ); + if ( isset( $logRestrictions[$type] ) && !$user->isAllowed( $logRestrictions[$type] ) ) { + return false; + } + return true; + } + + /** * @param stdClass $row * @param int $field One of DELETED_* bitfield constants * @return bool -- 2.11.0