From 4ec9b06a77cc3d5a2c43a2e34c0665f6ca1bd2fe Mon Sep 17 00:00:00 2001
From: Piotr Miazga <piotr@polishdeveloper.pl>
Date: Thu, 23 May 2019 21:25:39 +0200
Subject: [PATCH] Watchstar should respect viewmywatchlist|editmywatchlist
 permissions

If viewmywatchlist|editmywatchlist permisions were set to false for
anonymous user, MinervaSkin would show a watchstar icon that links
to LoginPage, even if user was logged in. Clicking watching action
would cause browser to reload the page without any effect.
Under the hood - system would redirect to login, and then the login
page would redirect user back to the article page because user is
logged in.

MinervaSkin should respect viewmywatchlist|editmywatchlist
permissions. If user do not have access to watchlist, do not show
watch icon.

Bug: T221792
Change-Id: I26a1133a7ccff6a4adcdc72d594d0902bfa8ff79
---
 includes/skins/SkinMinerva.php                |  4 +++
 .../skins/SkinMinervaPageActionsTest.php      | 27 +++++++++++++++++++
 2 files changed, 31 insertions(+)

diff --git a/includes/skins/SkinMinerva.php b/includes/skins/SkinMinerva.php
index dd26a9e..adc36f5 100644
--- a/includes/skins/SkinMinerva.php
+++ b/includes/skins/SkinMinerva.php
@@ -245,6 +245,10 @@ class SkinMinerva extends SkinTemplate {
 			return $this->isCurrentPageContentModelEditable();
 		}
 
+		if ( $action === 'watch' ) {
+			return $this->getUser()->isAllowedAll( 'viewmywatchlist', 'editmywatchlist' );
+		}
+
 		if ( $action === 'switch-language' ) {
 			return $this->doesPageHaveLanguages || $config->get( 'MinervaAlwaysShowLanguageButton' );
 		}
diff --git a/tests/phpunit/skins/SkinMinervaPageActionsTest.php b/tests/phpunit/skins/SkinMinervaPageActionsTest.php
index 41f175c..3f2e07a 100644
--- a/tests/phpunit/skins/SkinMinervaPageActionsTest.php
+++ b/tests/phpunit/skins/SkinMinervaPageActionsTest.php
@@ -186,4 +186,31 @@ class SkinMinervaPageActionsTest extends MediaWikiTestCase {
 
 		$this->assertEquals( $expected, $this->skin->isAllowedPageAction( 'switch-language' ) );
 	}
+
+	/**
+	 * Watch action requires 'viewmywatchlist' and 'editmywatchlist' permissions
+	 * to be grated. Verify that isAllowedAction('watch') returns false when user
+	 * do not have those permissions granted
+	 * @covers SkinMinerva::isAllowedPageAction
+	 */
+	public function test_watch_is_allowed_only_when_watchlist_permissions_are_granted() {
+		$title = Title::newFromText( 'test_watchstar_permissions' );
+		$requestContext = RequestContext::getMain();
+		$requestContext->setTitle( $title );
+		$userMock = $this->getMockBuilder( 'User' )
+			->disableOriginalConstructor()
+			->setMethods( [ 'isAllowedAll' ] )
+			->getMock();
+		$userMock->expects( $this->once() )
+			->method( 'isAllowedAll' )
+			->with( 'viewmywatchlist', 'editmywatchlist' )
+			->willReturn( false );
+		$requestContext->setUser( $userMock );
+
+		$result = new TestSkinMinerva();
+		$result->setContext( $requestContext );
+
+		$this->assertTrue( $this->skin->isAllowedPageAction( 'talk' ) );
+		$this->assertFalse( $this->skin->isAllowedPageAction( 'watch' ) );
+	}
 }