master/php/BlockPermissionChecker_8php_source.html

<?php


namespace MediaWiki\Block;


use MediaWiki\Config\ServiceOptions;

use MediaWiki\MainConfigNames;

use MediaWiki\Permissions\Authority;

use MediaWiki\User\UserIdentity;


class BlockPermissionChecker {

    private $target;


    private $performer;


    public const CONSTRUCTOR_OPTIONS = [

        MainConfigNames::EnableUserEmail,

    ];


    private $options;


    public function __construct(

        ServiceOptions $options,

        BlockUtils $blockUtils,

        $target,

        Authority $performer

    ) {

        $options->assertRequiredOptions( self::CONSTRUCTOR_OPTIONS );

        $this->options = $options;

        [ $this->target, ] = $blockUtils->parseBlockTarget( $target );

        $this->performer = $performer;

    }


    public function checkBasePermissions( $checkHideuser = false ) {

        if ( !$this->performer->isAllowed( 'block' ) ) {

            return 'badaccess-group0';

        }


        if (

            $checkHideuser &&

            !$this->performer->isAllowed( 'hideuser' )

        ) {

            return 'unblock-hideuser';

        }


        return true;

    }


    public function checkBlockPermissions() {

        $block = $this->performer->getBlock(); // TODO: pass disposition parameter

        if ( !$block ) {

            // User is not blocked, process as normal

            return true;

        }


        if ( !$block->isSitewide() ) {

            // T208965: Partially blocked admins should have full access

            return true;

        }


        $performerIdentity = $this->performer->getUser();


        if (

            $this->target instanceof UserIdentity &&

            $this->target->getId() === $performerIdentity->getId()

        ) {

            // Blocked admin is trying to alter their own block


            // Self-blocked admins can always remove or alter their block

            if ( $block->getBlocker() && $performerIdentity->equals( $block->getBlocker() ) ) {

                return true;

            }


            // Users with 'unblockself' right can unblock themselves or alter their own block

            if ( $this->performer->isAllowed( 'unblockself' ) ) {

                return true;

            } else {

                return 'ipbnounblockself';

            }

        }


        if (

            $this->target instanceof UserIdentity &&

            $block->getBlocker() &&

            $this->target->equals( $block->getBlocker() )

        ) {

            // T150826: Blocked admins can always block the admin who blocked them

            return true;

        }


        // User is blocked and no exception took effect

        return 'ipbblocked';

    }


    public function checkEmailPermissions() {

        return $this->options->get( MainConfigNames::EnableUserEmail ) &&

            $this->performer->isAllowed( 'blockemail' );

    }


}


MediaWiki\Block\BlockPermissionChecker
Block permissions.
Definition BlockPermissionChecker.php:38

MediaWiki\Block\BlockPermissionChecker\CONSTRUCTOR_OPTIONS
const CONSTRUCTOR_OPTIONS
Definition BlockPermissionChecker.php:52

MediaWiki\Block\BlockPermissionChecker\__construct
__construct(ServiceOptions $options, BlockUtils $blockUtils, $target, Authority $performer)
Definition BlockPermissionChecker.php:65

MediaWiki\Block\BlockPermissionChecker\checkEmailPermissions
checkEmailPermissions()
Check permission to block emailing.
Definition BlockPermissionChecker.php:162

MediaWiki\Block\BlockPermissionChecker\checkBlockPermissions
checkBlockPermissions()
Checks block-related permissions (doesn't check any other permissions)
Definition BlockPermissionChecker.php:110

MediaWiki\Block\BlockPermissionChecker\checkBasePermissions
checkBasePermissions( $checkHideuser=false)
Check the base permission that applies to either block or unblock.
Definition BlockPermissionChecker.php:84

MediaWiki\Block\BlockUtils
Backend class for blocking utils.
Definition BlockUtils.php:47

MediaWiki\Block\BlockUtils\parseBlockTarget
parseBlockTarget( $target)
From string specification or UserIdentity, get the block target and the type of target.
Definition BlockUtils.php:104

MediaWiki\Config\ServiceOptions
A class for passing options to services.
Definition ServiceOptions.php:26

MediaWiki\Config\ServiceOptions\assertRequiredOptions
assertRequiredOptions(array $expectedKeys)
Assert that the list of options provided in this instance exactly match $expectedKeys,...
Definition ServiceOptions.php:70

MediaWiki\MainConfigNames
A class containing constants representing the names of configuration variables.
Definition MainConfigNames.php:22

MediaWiki\MainConfigNames\EnableUserEmail
const EnableUserEmail
Name constant for the EnableUserEmail setting, for use with Config::get()
Definition MainConfigNames.php:930

MediaWiki\Permissions\Authority
This interface represents the authority associated with the current execution context,...
Definition Authority.php:37

MediaWiki\User\UserIdentity
Interface for objects representing user identity.
Definition UserIdentity.php:39

MediaWiki\User\UserIdentity\equals
equals(?UserIdentity $user)

MediaWiki\User\UserIdentity\getId
getId( $wikiId=self::LOCAL)

MediaWiki\Block
Definition AbstractBlock.php:21