Page MenuHomePhorge
Files F585465

No OneTemporary
Actions

Size
2 KB
Referenced Files
None
Subscribers
None

View Options

diff --git a/includes/api/ApiQueryBlocks.php b/includes/api/ApiQueryBlocks.php
index 3a8fc538def..0de66f5be50 100644
--- a/includes/api/ApiQueryBlocks.php
+++ b/includes/api/ApiQueryBlocks.php
@@ -239,6 +239,7 @@ class ApiQueryBlocks extends ApiQueryBase {
}
if ( !$this->getAuthority()->isAllowed( 'hideuser' ) ) {
+ $this->addWhere( [ 'bl_deleted' => 0 ] );
$this->addWhere(
$this->hideUserUtils->getExpression( $db, 'block_target.bt_user' )
);
diff --git a/tests/phpunit/includes/api/query/ApiQueryBlocksTest.php b/tests/phpunit/includes/api/query/ApiQueryBlocksTest.php
index b12fe7250dd..f08f5c1db17 100644
--- a/tests/phpunit/includes/api/query/ApiQueryBlocksTest.php
+++ b/tests/phpunit/includes/api/query/ApiQueryBlocksTest.php
@@ -8,6 +8,7 @@ use MediaWiki\Block\Restriction\NamespaceRestriction;
use MediaWiki\Block\Restriction\PageRestriction;
use MediaWiki\MainConfigNames;
use MediaWiki\Tests\Api\ApiTestCase;
+use MediaWiki\Tests\Unit\Permissions\MockAuthorityTrait;
/**
* @group API
@@ -17,6 +18,7 @@ use MediaWiki\Tests\Api\ApiTestCase;
* @covers \MediaWiki\Api\ApiQueryBlocks
*/
class ApiQueryBlocksTest extends ApiTestCase {
+ use MockAuthorityTrait;
public function testExecute() {
[ $data ] = $this->doApiRequest( [
@@ -83,6 +85,36 @@ class ApiQueryBlocksTest extends ApiTestCase {
$this->assertArraySubmapSame( $subset, $data['query']['blocks'][0] );
}
+ public function testHiddenBlocksVisibility() {
+ // Ensure that hidden blocks are not shown by default.
+ $badActor = $this->getTestUser()->getUser();
+ $sysop = $this->getTestSysop()->getUser();
+
+ $parentBlock = $this->getServiceContainer()->getDatabaseBlockStore()
+ ->insertBlockWithParams( [
+ 'targetUser' => $badActor,
+ 'by' => $sysop,
+ 'hideName' => true,
+ 'enableAutoblock' => true,
+ ] );
+
+ $autoblock = $this->getServiceContainer()->getDatabaseBlockStore()
+ ->doAutoblock( $parentBlock, '1.2.3.4' );
+
+ [ $data ] = $this->doApiRequest( [
+ 'action' => 'query',
+ 'list' => 'blocks',
+ ] );
+ $this->assertCount( 0, $data['query']['blocks'] );
+
+ [ $data ] = $this->doApiRequestWithToken( [
+ 'action' => 'query',
+ 'list' => 'blocks',
+ ], null, $this->mockRegisteredAuthorityWithPermissions( [ 'hideuser' ] ) );
+
+ $this->assertCount( 2, $data['query']['blocks'] );
+ }
+
public function testExecuteRestrictions() {
$this->overrideConfigValue( MainConfigNames::EnablePartialActionBlocks, true );
$badActor = $this->getTestUser()->getUser();

File Metadata

Mime Type
text/x-diff
Expires
Sat, Jul 5, 5:33 AM (1 d, 7 h)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
227868
Default Alt Text
(2 KB)

Event Timeline