Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
Total | |
0.00% |
0 / 114 |
|
0.00% |
0 / 11 |
CRAP | |
0.00% |
0 / 1 |
ApiGlobalUserRights | |
0.00% |
0 / 114 |
|
0.00% |
0 / 11 |
702 | |
0.00% |
0 / 1 |
__construct | |
0.00% |
0 / 5 |
|
0.00% |
0 / 1 |
2 | |||
getUserRightsPage | |
0.00% |
0 / 6 |
|
0.00% |
0 / 1 |
2 | |||
execute | |
0.00% |
0 / 45 |
|
0.00% |
0 / 1 |
182 | |||
getCentralAuthUser | |
0.00% |
0 / 11 |
|
0.00% |
0 / 1 |
12 | |||
mustBePosted | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
isWriteMode | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
getAllowedParams | |
0.00% |
0 / 36 |
|
0.00% |
0 / 1 |
6 | |||
needsToken | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
getWebUITokenSalt | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
getExamplesMessages | |
0.00% |
0 / 6 |
|
0.00% |
0 / 1 |
2 | |||
getHelpUrls | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 |
1 | <?php |
2 | /** |
3 | * Created on 1st October, 2014 |
4 | * |
5 | * Copyright © 2014 Alex Monk <krenair@gmail.com> |
6 | * |
7 | * This program is free software; you can redistribute it and/or modify |
8 | * it under the terms of the GNU General Public License as published by |
9 | * the Free Software Foundation; either version 2 of the License, or |
10 | * (at your option) any later version. |
11 | * |
12 | * This program is distributed in the hope that it will be useful, |
13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
15 | * GNU General Public License for more details. |
16 | * |
17 | * You should have received a copy of the GNU General Public License along |
18 | * with this program; if not, write to the Free Software Foundation, Inc., |
19 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
20 | * http://www.gnu.org/copyleft/gpl.html |
21 | * |
22 | * @file |
23 | */ |
24 | |
25 | namespace MediaWiki\Extension\CentralAuth\Api; |
26 | |
27 | use ApiBase; |
28 | use ApiMain; |
29 | use ApiResult; |
30 | use ChangeTags; |
31 | use IDBAccessObject; |
32 | use MediaWiki\Extension\CentralAuth\GlobalGroup\GlobalGroupLookup; |
33 | use MediaWiki\Extension\CentralAuth\Special\SpecialGlobalGroupMembership; |
34 | use MediaWiki\Extension\CentralAuth\User\CentralAuthUser; |
35 | use MediaWiki\ParamValidator\TypeDef\UserDef; |
36 | use MediaWiki\Specials\SpecialUserRights; |
37 | use MediaWiki\Title\TitleFactory; |
38 | use MediaWiki\User\UserNamePrefixSearch; |
39 | use MediaWiki\User\UserNameUtils; |
40 | use Wikimedia\ParamValidator\ParamValidator; |
41 | |
42 | /** |
43 | * @ingroup API |
44 | */ |
45 | class ApiGlobalUserRights extends ApiBase { |
46 | private ?CentralAuthUser $user = null; |
47 | |
48 | private TitleFactory $titleFactory; |
49 | |
50 | /** @var UserNamePrefixSearch */ |
51 | private $userNamePrefixSearch; |
52 | |
53 | /** @var UserNameUtils */ |
54 | private $userNameUtils; |
55 | |
56 | /** @var GlobalGroupLookup */ |
57 | private $globalGroupLookup; |
58 | |
59 | /** |
60 | * @param ApiMain $mainModule |
61 | * @param string $moduleName |
62 | * @param TitleFactory $titleFactory |
63 | * @param UserNamePrefixSearch $userNamePrefixSearch |
64 | * @param UserNameUtils $userNameUtils |
65 | * @param GlobalGroupLookup $globalGroupLookup |
66 | */ |
67 | public function __construct( |
68 | ApiMain $mainModule, |
69 | $moduleName, |
70 | TitleFactory $titleFactory, |
71 | UserNamePrefixSearch $userNamePrefixSearch, |
72 | UserNameUtils $userNameUtils, |
73 | GlobalGroupLookup $globalGroupLookup |
74 | ) { |
75 | parent::__construct( $mainModule, $moduleName ); |
76 | $this->titleFactory = $titleFactory; |
77 | $this->userNamePrefixSearch = $userNamePrefixSearch; |
78 | $this->userNameUtils = $userNameUtils; |
79 | $this->globalGroupLookup = $globalGroupLookup; |
80 | } |
81 | |
82 | private function getUserRightsPage(): SpecialGlobalGroupMembership { |
83 | return new SpecialGlobalGroupMembership( |
84 | $this->titleFactory, |
85 | $this->userNamePrefixSearch, |
86 | $this->userNameUtils, |
87 | $this->globalGroupLookup |
88 | ); |
89 | } |
90 | |
91 | public function execute() { |
92 | $pUser = $this->getUser(); |
93 | // Deny if the user is blocked and doesn't have the full 'userrights' permission. |
94 | // This matches what Special:UserRights does for the web UI. |
95 | if ( !$this->getAuthority()->isAllowed( 'userrights' ) ) { |
96 | $block = $pUser->getBlock( IDBAccessObject::READ_LATEST ); |
97 | if ( $block && $block->isSitewide() ) { |
98 | $this->dieBlocked( $block ); |
99 | } |
100 | } |
101 | $params = $this->extractRequestParams(); |
102 | $expiry = (array)$params['expiry']; |
103 | $add = (array)$params['add']; |
104 | if ( !$add ) { |
105 | $expiry = []; |
106 | } elseif ( count( $expiry ) !== count( $add ) ) { |
107 | if ( count( $expiry ) === 1 ) { |
108 | $expiry = array_fill( 0, count( $add ), $expiry[0] ); |
109 | } else { |
110 | $this->dieWithError( [ |
111 | 'apierror-toofewexpiries', |
112 | count( $expiry ), |
113 | count( $add ) |
114 | ] ); |
115 | } |
116 | } |
117 | // Validate the expiries |
118 | $groupExpiries = []; |
119 | foreach ( $expiry as $index => $expiryValue ) { |
120 | $group = $add[$index]; |
121 | $groupExpiries[$group] = SpecialUserRights::expiryToTimestamp( $expiryValue ); |
122 | if ( $groupExpiries[$group] === false ) { |
123 | $this->dieWithError( [ 'apierror-invalidexpiry', wfEscapeWikiText( $expiryValue ) ] ); |
124 | } |
125 | // not allowed to have things expiring in the past |
126 | if ( $groupExpiries[$group] && $groupExpiries[$group] < wfTimestampNow() ) { |
127 | $this->dieWithError( [ 'apierror-pastexpiry', wfEscapeWikiText( $expiryValue ) ] ); |
128 | } |
129 | } |
130 | |
131 | $user = $this->getCentralAuthUser( $params ); |
132 | |
133 | $tags = $params['tags']; |
134 | // Check if user can add tags |
135 | if ( $tags !== null ) { |
136 | $ableToTag = ChangeTags::canAddTagsAccompanyingChange( $tags, $this->getAuthority() ); |
137 | if ( !$ableToTag->isOK() ) { |
138 | $this->dieStatus( $ableToTag ); |
139 | } |
140 | } |
141 | $form = $this->getUserRightsPage(); |
142 | $form->setContext( $this->getContext() ); |
143 | $r = []; |
144 | $r['user'] = $user->getName(); |
145 | $r['userid'] = $user->getId(); |
146 | [ $r['added'], $r['removed'] ] = $form->doSaveUserGroups( |
147 | // Don't pass null to doSaveUserGroups() for array params, cast to empty array |
148 | $user, $add, (array)$params['remove'], |
149 | $params['reason'], (array)$tags, $groupExpiries |
150 | ); |
151 | $result = $this->getResult(); |
152 | ApiResult::setIndexedTagName( $r['added'], 'group' ); |
153 | ApiResult::setIndexedTagName( $r['removed'], 'group' ); |
154 | $result->addValue( null, $this->getModuleName(), $r ); |
155 | } |
156 | |
157 | /** |
158 | * @param array $params |
159 | * @return CentralAuthUser |
160 | */ |
161 | private function getCentralAuthUser( array $params ): CentralAuthUser { |
162 | if ( $this->user !== null ) { |
163 | return $this->user; |
164 | } |
165 | |
166 | $this->requireOnlyOneParameter( $params, 'user', 'userid' ); |
167 | $user = $params['user'] ?? '#' . $params['userid']; |
168 | $form = $this->getUserRightsPage(); |
169 | $form->setContext( $this->getContext() ); |
170 | $status = $form->fetchUser( $user ); |
171 | if ( !$status->isOK() ) { |
172 | $this->dieStatus( $status ); |
173 | } |
174 | |
175 | $this->user = $status->value; |
176 | return $status->value; |
177 | } |
178 | |
179 | /** @inheritDoc */ |
180 | public function mustBePosted() { |
181 | return true; |
182 | } |
183 | |
184 | /** @inheritDoc */ |
185 | public function isWriteMode() { |
186 | return true; |
187 | } |
188 | |
189 | /** @inheritDoc */ |
190 | public function getAllowedParams( $flags = 0 ) { |
191 | $allGroups = $this->globalGroupLookup->getDefinedGroups(); |
192 | if ( $flags & ApiBase::GET_VALUES_FOR_HELP ) { |
193 | sort( $allGroups ); |
194 | } |
195 | return [ |
196 | 'user' => [ |
197 | ParamValidator::PARAM_TYPE => 'user', |
198 | UserDef::PARAM_ALLOWED_USER_TYPES => [ 'name', 'id' ], |
199 | ], |
200 | 'userid' => [ |
201 | ParamValidator::PARAM_TYPE => 'integer', |
202 | ParamValidator::PARAM_DEPRECATED => true, |
203 | ], |
204 | 'add' => [ |
205 | ParamValidator::PARAM_TYPE => $allGroups, |
206 | ParamValidator::PARAM_ISMULTI => true |
207 | ], |
208 | 'expiry' => [ |
209 | ParamValidator::PARAM_ISMULTI => true, |
210 | ParamValidator::PARAM_ALLOW_DUPLICATES => true, |
211 | ParamValidator::PARAM_DEFAULT => 'infinite', |
212 | ], |
213 | 'remove' => [ |
214 | ParamValidator::PARAM_TYPE => $allGroups, |
215 | ParamValidator::PARAM_ISMULTI => true |
216 | ], |
217 | 'reason' => [ |
218 | ParamValidator::PARAM_DEFAULT => '' |
219 | ], |
220 | 'token' => [ |
221 | // Standard definition automatically inserted |
222 | ApiBase::PARAM_HELP_MSG_APPEND => [ 'api-help-param-token-webui' ], |
223 | ], |
224 | 'tags' => [ |
225 | ParamValidator::PARAM_TYPE => 'tags', |
226 | ParamValidator::PARAM_ISMULTI => true |
227 | ], |
228 | ]; |
229 | } |
230 | |
231 | public function needsToken() { |
232 | return 'userrights'; |
233 | } |
234 | |
235 | /** @inheritDoc */ |
236 | protected function getWebUITokenSalt( array $params ) { |
237 | return $this->getCentralAuthUser( $params )->getName(); |
238 | } |
239 | |
240 | /** @inheritDoc */ |
241 | protected function getExamplesMessages() { |
242 | return [ |
243 | 'action=userrights&user=FooBot&add=bot&remove=sysop|bureaucrat&token=123ABC' |
244 | => 'apihelp-globaluserrights-example-1', |
245 | 'action=userrights&userid=123&add=bot&remove=sysop|bureaucrat&token=123ABC' |
246 | => 'apihelp-globaluserrights-example-2', |
247 | ]; |
248 | } |
249 | |
250 | /** @inheritDoc */ |
251 | public function getHelpUrls() { |
252 | return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:User_group_membership'; |
253 | } |
254 | } |