Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
Total | |
100.00% |
32 / 32 |
|
100.00% |
14 / 14 |
CRAP | |
100.00% |
1 / 1 |
AbuseFilterPermissionManager | |
100.00% |
32 / 32 |
|
100.00% |
14 / 14 |
23 | |
100.00% |
1 / 1 |
canEdit | |
100.00% |
5 / 5 |
|
100.00% |
1 / 1 |
3 | |||
canEditGlobal | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
canEditFilter | |
100.00% |
4 / 4 |
|
100.00% |
1 / 1 |
3 | |||
canEditFilterWithRestrictedActions | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
canViewPrivateFilters | |
100.00% |
8 / 8 |
|
100.00% |
1 / 1 |
3 | |||
canViewPrivateFiltersLogs | |
100.00% |
2 / 2 |
|
100.00% |
1 / 1 |
2 | |||
canViewAbuseLog | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
canHideAbuseLog | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
canRevertFilterActions | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
canSeeLogDetailsForFilter | |
100.00% |
4 / 4 |
|
100.00% |
1 / 1 |
3 | |||
canSeeLogDetails | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
canSeePrivateDetails | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
canSeeHiddenLogEntries | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
canUseTestTools | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 |
1 | <?php |
2 | |
3 | namespace MediaWiki\Extension\AbuseFilter; |
4 | |
5 | use MediaWiki\Extension\AbuseFilter\Filter\AbstractFilter; |
6 | use MediaWiki\Permissions\Authority; |
7 | |
8 | /** |
9 | * This class simplifies the interactions between the AbuseFilter code and Authority, knowing |
10 | * what rights are required to perform AF-related actions. |
11 | */ |
12 | class AbuseFilterPermissionManager { |
13 | public const SERVICE_NAME = 'AbuseFilterPermissionManager'; |
14 | |
15 | /** |
16 | * @param Authority $performer |
17 | * @return bool |
18 | */ |
19 | public function canEdit( Authority $performer ): bool { |
20 | $block = $performer->getBlock(); |
21 | return ( |
22 | !( $block && $block->isSitewide() ) && |
23 | $performer->isAllowed( 'abusefilter-modify' ) |
24 | ); |
25 | } |
26 | |
27 | /** |
28 | * @param Authority $performer |
29 | * @return bool |
30 | */ |
31 | public function canEditGlobal( Authority $performer ): bool { |
32 | return $performer->isAllowed( 'abusefilter-modify-global' ); |
33 | } |
34 | |
35 | /** |
36 | * Whether the user can edit the given filter. |
37 | * |
38 | * @param Authority $performer |
39 | * @param AbstractFilter $filter |
40 | * @return bool |
41 | */ |
42 | public function canEditFilter( Authority $performer, AbstractFilter $filter ): bool { |
43 | return ( |
44 | $this->canEdit( $performer ) && |
45 | !( $filter->isGlobal() && !$this->canEditGlobal( $performer ) ) |
46 | ); |
47 | } |
48 | |
49 | /** |
50 | * Whether the user can edit a filter with restricted actions enabled. |
51 | * |
52 | * @param Authority $performer |
53 | * @return bool |
54 | */ |
55 | public function canEditFilterWithRestrictedActions( Authority $performer ): bool { |
56 | return $performer->isAllowed( 'abusefilter-modify-restricted' ); |
57 | } |
58 | |
59 | /** |
60 | * @param Authority $performer |
61 | * @return bool |
62 | */ |
63 | public function canViewPrivateFilters( Authority $performer ): bool { |
64 | $block = $performer->getBlock(); |
65 | return ( |
66 | !( $block && $block->isSitewide() ) && |
67 | $performer->isAllowedAny( |
68 | 'abusefilter-modify', |
69 | 'abusefilter-view-private' |
70 | ) |
71 | ); |
72 | } |
73 | |
74 | /** |
75 | * @param Authority $performer |
76 | * @return bool |
77 | */ |
78 | public function canViewPrivateFiltersLogs( Authority $performer ): bool { |
79 | return $this->canViewPrivateFilters( $performer ) || |
80 | $performer->isAllowed( 'abusefilter-log-private' ); |
81 | } |
82 | |
83 | /** |
84 | * @param Authority $performer |
85 | * @return bool |
86 | */ |
87 | public function canViewAbuseLog( Authority $performer ): bool { |
88 | return $performer->isAllowed( 'abusefilter-log' ); |
89 | } |
90 | |
91 | /** |
92 | * @param Authority $performer |
93 | * @return bool |
94 | */ |
95 | public function canHideAbuseLog( Authority $performer ): bool { |
96 | return $performer->isAllowed( 'abusefilter-hide-log' ); |
97 | } |
98 | |
99 | /** |
100 | * @param Authority $performer |
101 | * @return bool |
102 | */ |
103 | public function canRevertFilterActions( Authority $performer ): bool { |
104 | return $performer->isAllowed( 'abusefilter-revert' ); |
105 | } |
106 | |
107 | /** |
108 | * @param Authority $performer |
109 | * @param bool|int $filterHidden Whether the filter is hidden |
110 | * @todo Take a Filter parameter |
111 | * @return bool |
112 | */ |
113 | public function canSeeLogDetailsForFilter( Authority $performer, $filterHidden ): bool { |
114 | if ( $filterHidden ) { |
115 | return $this->canSeeLogDetails( $performer ) |
116 | && $this->canViewPrivateFiltersLogs( $performer ); |
117 | } |
118 | |
119 | return $this->canSeeLogDetails( $performer ); |
120 | } |
121 | |
122 | /** |
123 | * @param Authority $performer |
124 | * @return bool |
125 | */ |
126 | public function canSeeLogDetails( Authority $performer ): bool { |
127 | return $performer->isAllowed( 'abusefilter-log-detail' ); |
128 | } |
129 | |
130 | /** |
131 | * @param Authority $performer |
132 | * @return bool |
133 | */ |
134 | public function canSeePrivateDetails( Authority $performer ): bool { |
135 | return $performer->isAllowed( 'abusefilter-privatedetails' ); |
136 | } |
137 | |
138 | /** |
139 | * @param Authority $performer |
140 | * @return bool |
141 | */ |
142 | public function canSeeHiddenLogEntries( Authority $performer ): bool { |
143 | return $performer->isAllowed( 'abusefilter-hidden-log' ); |
144 | } |
145 | |
146 | /** |
147 | * @param Authority $performer |
148 | * @return bool |
149 | */ |
150 | public function canUseTestTools( Authority $performer ): bool { |
151 | // TODO: make independent |
152 | return $this->canViewPrivateFilters( $performer ); |
153 | } |
154 | |
155 | } |