From 06b9aa64b2e8cb6cc0fa9776a2b9999619923f0f Mon Sep 17 00:00:00 2001
From: Func <Funcer@outlook.com>
Date: Tue, 9 Nov 2021 09:47:14 +0000
Subject: Apply proper restrictions on file revert action

Users should have 'reupload' or 'reupload-own' rights to do file revert.

Bug: T304474
Change-Id: I2d0eaeeea237286741708c2b5920fe7cca3acf50
(cherry picked from commit 7b4aee237e257954195c4d695b2cfe2a9a3b4116)
---
 includes/actions/RevertAction.php | 11 +++++++++++
 includes/api/ApiFileRevert.php    |  6 ++++++
 2 files changed, 17 insertions(+)

diff --git a/includes/actions/RevertAction.php b/includes/actions/RevertAction.php
index 5963596e8bad..1c897f8f5507 100644
--- a/includes/actions/RevertAction.php
+++ b/includes/actions/RevertAction.php
@@ -71,6 +71,7 @@ class RevertAction extends FormAction {
 	}
 
 	public function getRestriction() {
+		// Required permissions of revert are complicated, will be checked below.
 		return 'upload';
 	}
 
@@ -78,6 +79,16 @@ class RevertAction extends FormAction {
 		if ( $this->getTitle()->getNamespace() !== NS_FILE ) {
 			throw new ErrorPageError( $this->msg( 'nosuchaction' ), $this->msg( 'nosuchactiontext' ) );
 		}
+
+		$rights = [ 'reupload' ];
+		if ( $user->equals( $this->getFile()->getUploader() ) ) {
+			// reupload-own is more basic, put it in the front for error messages.
+			array_unshift( $rights, 'reupload-own' );
+		}
+		if ( !$user->isAllowedAny( ...$rights ) ) {
+			throw new PermissionsError( $rights[0] );
+		}
+
 		parent::checkCanExecute( $user );
 
 		$oldimage = $this->getRequest()->getText( 'oldimage' );
diff --git a/includes/api/ApiFileRevert.php b/includes/api/ApiFileRevert.php
index c33cb8c2180f..290f46015f7a 100644
--- a/includes/api/ApiFileRevert.php
+++ b/includes/api/ApiFileRevert.php
@@ -61,6 +61,12 @@ class ApiFileRevert extends ApiBase {
 
 		// Check whether we're allowed to revert this file
 		$this->checkTitleUserPermissions( $this->file->getTitle(), [ 'edit', 'upload' ] );
+		$rights = [ 'reupload' ];
+		if ( $this->getUser()->equals( $this->file->getUploader() ) ) {
+			// reupload-own is more basic, put it in the front for error messages.
+			array_unshift( $rights, 'reupload-own' );
+		}
+		$this->checkUserRightsAny( $rights );
 
 		$sourceUrl = $this->file->getArchiveVirtualUrl( $this->archiveName );
 		$status = $this->file->upload(
-- 
cgit v1.2.3