Prevent non-admins from reopening purged requests

Using email as the test here, which is what the rest of the application uses. This is locked behind a new user right; distinct from reopening old non-purged requests. I've specifically set this as a tool admin task, not a "request admin tools" task, as checkusers should have no need to reopen a purged request. Opening old requests I could see being useful for a CU, but there's nothing that can realistically be done for a purged request.
enwikipedia-acc · Oct 14, 2020 · 7b36a51 · 7b36a51
1 parent 632b3f6
commit 7b36a51
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/includes/Pages/RequestAction/PageDeferRequest.php b/includes/Pages/RequestAction/PageDeferRequest.php
@@ -56,6 +56,13 @@ protected function main()
             }
         }
 
+        if ($request->getEmail() === $this->getSiteConfiguration()->getDataClearEmail()) {
+            if (!$this->barrierTest('reopenClearedRequest', $currentUser, 'RequestData')) {
+                throw new ApplicationLogicException(
+                    "You are not allowed to re-open a request for which the private data has been purged.");
+            }
+        }
+
         if ($request->getStatus() === RequestStatus::JOBQUEUE) {
             /** @var JobQueue[] $pendingJobs */
             $pendingJobs = JobQueueSearchHelper::get($database)->byRequest($request->getId())->statusIn([

diff --git a/includes/Security/RoleConfiguration.php b/includes/Security/RoleConfiguration.php
@@ -242,6 +242,9 @@ class RoleConfiguration
                 'acknowledge' => self::ACCESS_ALLOW,
                 'requeue'     => self::ACCESS_ALLOW,
             ),
+            'RequestData'               => array(
+                'reopenClearedRequest'  => self::ACCESS_ALLOW,
+            ),
         ),
         'checkuser'         => array(
             '_description'            => 'A user with CheckUser access',