From 4ac9fa081a7c045f6a9f1cfc529d82423f485b2e Mon Sep 17 00:00:00 2001
From: Pierre Schmitz <pierre@archlinux.de>
Date: Sun, 8 Dec 2013 09:55:49 +0100
Subject: Update to MediaWiki 1.22.0

---
 includes/WatchedItem.php | 65 +++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 61 insertions(+), 4 deletions(-)

(limited to 'includes/WatchedItem.php')

diff --git a/includes/WatchedItem.php b/includes/WatchedItem.php
index 5ac92f73..1e07e7c7 100644
--- a/includes/WatchedItem.php
+++ b/includes/WatchedItem.php
@@ -27,19 +27,37 @@
  * @ingroup Watchlist
  */
 class WatchedItem {
-	var $mTitle, $mUser;
+	/**
+	 * Constant to specify that user rights 'editmywatchlist' and
+	 * 'viewmywatchlist' should not be checked.
+	 * @since 1.22
+	 */
+	const IGNORE_USER_RIGHTS = 0;
+
+	/**
+	 * Constant to specify that user rights 'editmywatchlist' and
+	 * 'viewmywatchlist' should be checked.
+	 * @since 1.22
+	 */
+	const CHECK_USER_RIGHTS = 1;
+
+	var $mTitle, $mUser, $mCheckRights;
 	private $loaded = false, $watched, $timestamp;
 
 	/**
 	 * Create a WatchedItem object with the given user and title
+	 * @since 1.22 $checkRights parameter added
 	 * @param $user User: the user to use for (un)watching
 	 * @param $title Title: the title we're going to (un)watch
+	 * @param $checkRights int: Whether to check the 'viewmywatchlist' and 'editmywatchlist' rights.
+	 *     Pass either WatchedItem::IGNORE_USER_RIGHTS or WatchedItem::CHECK_USER_RIGHTS.
 	 * @return WatchedItem object
 	 */
-	public static function fromUserTitle( $user, $title ) {
+	public static function fromUserTitle( $user, $title, $checkRights = WatchedItem::CHECK_USER_RIGHTS ) {
 		$wl = new WatchedItem;
 		$wl->mUser = $user;
 		$wl->mTitle = $title;
+		$wl->mCheckRights = $checkRights;
 
 		return $wl;
 	}
@@ -89,6 +107,12 @@ class WatchedItem {
 		}
 		$this->loaded = true;
 
+		// Only loggedin user can have a watchlist
+		if ( $this->mUser->isAnon() ) {
+			$this->watched = false;
+			return;
+		}
+
 		# Pages and their talk pages are considered equivalent for watching;
 		# remember that talk namespaces are numbered as page namespace+1.
 
@@ -104,11 +128,23 @@ class WatchedItem {
 		}
 	}
 
+	/**
+	 * Check permissions
+	 * @param $what string: 'viewmywatchlist' or 'editmywatchlist'
+	 */
+	private function isAllowed( $what ) {
+		return !$this->mCheckRights || $this->mUser->isAllowed( $what );
+	}
+
 	/**
 	 * Is mTitle being watched by mUser?
 	 * @return bool
 	 */
 	public function isWatched() {
+		if ( !$this->isAllowed( 'viewmywatchlist' ) ) {
+			return false;
+		}
+
 		$this->load();
 		return $this->watched;
 	}
@@ -120,6 +156,10 @@ class WatchedItem {
 	 *         the wl_notificationtimestamp field otherwise
 	 */
 	public function getNotificationTimestamp() {
+		if ( !$this->isAllowed( 'viewmywatchlist' ) ) {
+			return false;
+		}
+
 		$this->load();
 		if ( $this->watched ) {
 			return $this->timestamp;
@@ -135,6 +175,11 @@ class WatchedItem {
 	 *        page is not watched or the notification timestamp is already NULL.
 	 */
 	public function resetNotificationTimestamp( $force = '' ) {
+		// Only loggedin user can have a watchlist
+		if ( wfReadOnly() || $this->mUser->isAnon() || !$this->isAllowed( 'editmywatchlist' ) ) {
+			return;
+		}
+
 		if ( $force != 'force' ) {
 			$this->load();
 			if ( !$this->watched || $this->timestamp === null ) {
@@ -153,11 +198,17 @@ class WatchedItem {
 	/**
 	 * Given a title and user (assumes the object is setup), add the watch to the
 	 * database.
-	 * @return bool (always true)
+	 * @return bool
 	 */
 	public function addWatch() {
 		wfProfileIn( __METHOD__ );
 
+		// Only loggedin user can have a watchlist
+		if ( wfReadOnly() || $this->mUser->isAnon() || !$this->isAllowed( 'editmywatchlist' ) ) {
+			wfProfileOut( __METHOD__ );
+			return false;
+		}
+
 		// Use INSERT IGNORE to avoid overwriting the notification timestamp
 		// if there's already an entry for this page
 		$dbw = wfGetDB( DB_MASTER );
@@ -192,6 +243,12 @@ class WatchedItem {
 	public function removeWatch() {
 		wfProfileIn( __METHOD__ );
 
+		// Only loggedin user can have a watchlist
+		if ( wfReadOnly() || $this->mUser->isAnon() || !$this->isAllowed( 'editmywatchlist' ) ) {
+			wfProfileOut( __METHOD__ );
+			return false;
+		}
+
 		$success = false;
 		$dbw = wfGetDB( DB_MASTER );
 		$dbw->delete( 'watchlist',
@@ -268,7 +325,7 @@ class WatchedItem {
 			);
 		}
 
-		if( empty( $values ) ) {
+		if ( empty( $values ) ) {
 			// Nothing to do
 			return true;
 		}
-- 
cgit v1.2.2