Merge commit from fork

Author: originalauthority

extension.json

@@ -7,7 +7,7 @@
 	"descriptionmsg": "tableprogresstracking-desc",
 	"license-name": "Apache-2.0",
 	"type": "parserhook",
-	"version": "1.2.0",
+	"version": "1.2.1",
 	"requires": {
 		"MediaWiki": ">= 1.43.0"
 	},

includes/Rest/DeleteProgressHandler.php

@@ -4,11 +4,15 @@
 
 use MediaWiki\Rest\Response;
 use MediaWiki\Rest\SimpleHandler;
+use MediaWiki\Rest\TokenAwareHandlerTrait;
+use MediaWiki\Rest\Validator\Validator;
 use Telepedia\Extensions\TableProgressTracking\ProgressService;
 use Wikimedia\ParamValidator\ParamValidator;
 
 class DeleteProgressHandler extends SimpleHandler {
 
+	use TokenAwareHandlerTrait;
+	
 	public function __construct(
 		private readonly ProgressService $progressService
 	) {
@@ -69,7 +73,22 @@ public function run( int $articleId, int $tableId ): Response {
 	/**
 	 * @inheritDoc
 	 */
-	public function getParamSettings() {
+	public function needsWriteAccess(): bool {
+		return true;
+	}
+
+	/**
+	 * @inheritDoc
+	 */
+	public function validate( Validator $restValidator ): void {
+		parent::validate( $restValidator );
+		$this->validateToken( false );
+	}
+
+	/**
+	 * @inheritDoc
+	 */
+	public function getParamSettings(): array {
 		return [
 			'articleId' => [
 				self::PARAM_SOURCE => 'path',
@@ -91,6 +110,6 @@ public function getBodyParamSettings(): array {
 				ParamValidator::PARAM_TYPE => 'string',
 				ParamValidator::PARAM_REQUIRED => true,
 			]
-		];
+		] + $this->getTokenParamDefinition();
 	}
 }

includes/Rest/TrackProgressHandler.php

@@ -4,11 +4,15 @@
 
 use MediaWiki\Rest\Response;
 use MediaWiki\Rest\SimpleHandler;
+use MediaWiki\Rest\TokenAwareHandlerTrait;
+use MediaWiki\Rest\Validator\Validator;
 use Telepedia\Extensions\TableProgressTracking\ProgressService;
 use Wikimedia\ParamValidator\ParamValidator;
 
 class TrackProgressHandler extends SimpleHandler {
 
+	use TokenAwareHandlerTrait;
+	
 	public function __construct(
 		private readonly ProgressService $progressService
 	) {
@@ -69,6 +73,21 @@ public function run( int $articleId, int $tableId ): Response {
 		return $response;
 	}
 
+	/**
+	 * @inheritDoc
+	 */
+	public function needsWriteAccess(): bool {
+		return true;
+	}
+
+	/**
+	 * @inheritDoc
+	 */
+	public function validate( Validator $restValidator ): void {
+		parent::validate( $restValidator );
+		$this->validateToken( false );
+	}
+
 	/**
 	 * @inheritDoc
 	 */
@@ -94,6 +113,6 @@ public function getBodyParamSettings(): array {
 				ParamValidator::PARAM_TYPE => 'string',
 				ParamValidator::PARAM_REQUIRED => true,
 			]
-		];
+		]  + $this->getTokenParamDefinition();
 	}
 }

resources/index.js

@@ -182,11 +182,13 @@ var ProgressTracker = {
 		try {
 			if ( checkbox.checked ) {
 				await api.post( `/progress-tracking/${this.pageId}/${tableId}`, {
-					entity_id: rowId
+					entity_id: rowId,
+					token: mw.user.tokens.get( 'csrfToken' )
 				} );
 			} else {
 				await api.delete( `/progress-tracking/${this.pageId}/${tableId}`, {
-					entity_id: rowId
+					entity_id: rowId,
+					token: mw.user.tokens.get( 'csrfToken' )
 				} );
 			}