MediaWiki master
BlockPermissionChecker.php
Go to the documentation of this file.
1<?php
2
22namespace MediaWiki\Block;
23
28
42 private $target;
43
47 private $performer;
48
52 public const CONSTRUCTOR_OPTIONS = [
54 ];
55
57 private $options;
58
65 public function __construct(
66 ServiceOptions $options,
67 BlockUtils $blockUtils,
68 $target,
69 Authority $performer
70 ) {
71 $options->assertRequiredOptions( self::CONSTRUCTOR_OPTIONS );
72 $this->options = $options;
73 [ $this->target, ] = $blockUtils->parseBlockTarget( $target );
74 $this->performer = $performer;
75 }
76
84 public function checkBasePermissions( $checkHideuser = false ) {
85 if ( !$this->performer->isAllowed( 'block' ) ) {
86 return 'badaccess-group0';
87 }
88
89 if (
90 $checkHideuser &&
91 !$this->performer->isAllowed( 'hideuser' )
92 ) {
93 return 'unblock-hideuser';
94 }
95
96 return true;
97 }
98
110 public function checkBlockPermissions() {
111 $block = $this->performer->getBlock(); // TODO: pass disposition parameter
112 if ( !$block ) {
113 // User is not blocked, process as normal
114 return true;
115 }
116
117 if ( !$block->isSitewide() ) {
118 // T208965: Partially blocked admins should have full access
119 return true;
120 }
121
122 $performerIdentity = $this->performer->getUser();
123
124 if (
125 $this->target instanceof UserIdentity &&
126 $this->target->getId() === $performerIdentity->getId()
127 ) {
128 // Blocked admin is trying to alter their own block
129
130 // Self-blocked admins can always remove or alter their block
131 if ( $block->getBlocker() && $performerIdentity->equals( $block->getBlocker() ) ) {
132 return true;
133 }
134
135 // Users with 'unblockself' right can unblock themselves or alter their own block
136 if ( $this->performer->isAllowed( 'unblockself' ) ) {
137 return true;
138 } else {
139 return 'ipbnounblockself';
140 }
141 }
142
143 if (
144 $this->target instanceof UserIdentity &&
145 $block->getBlocker() &&
146 $this->target->equals( $block->getBlocker() )
147 ) {
148 // T150826: Blocked admins can always block the admin who blocked them
149 return true;
150 }
151
152 // User is blocked and no exception took effect
153 return 'ipbblocked';
154 }
155
162 public function checkEmailPermissions() {
163 return $this->options->get( MainConfigNames::EnableUserEmail ) &&
164 $this->performer->isAllowed( 'blockemail' );
165 }
166}
__construct(ServiceOptions $options, BlockUtils $blockUtils, $target, Authority $performer)
checkEmailPermissions()
Check permission to block emailing.
checkBlockPermissions()
Checks block-related permissions (doesn't check any other permissions)
checkBasePermissions( $checkHideuser=false)
Check the base permission that applies to either block or unblock.
Backend class for blocking utils.
parseBlockTarget( $target)
From string specification or UserIdentity, get the block target and the type of target.
A class for passing options to services.
assertRequiredOptions(array $expectedKeys)
Assert that the list of options provided in this instance exactly match $expectedKeys,...
A class containing constants representing the names of configuration variables.
const EnableUserEmail
Name constant for the EnableUserEmail setting, for use with Config::get()
This interface represents the authority associated with the current execution context,...
Definition Authority.php:37
Interface for objects representing user identity.
equals(?UserIdentity $user)
getId( $wikiId=self::LOCAL)