Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
Total | |
0.00% |
0 / 287 |
|
0.00% |
0 / 14 |
CRAP | |
0.00% |
0 / 1 |
SpecialWikiSets | |
0.00% |
0 / 287 |
|
0.00% |
0 / 14 |
4970 | |
0.00% |
0 / 1 |
__construct | |
0.00% |
0 / 2 |
|
0.00% |
0 / 1 |
2 | |||
getDescription | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
execute | |
0.00% |
0 / 34 |
|
0.00% |
0 / 1 |
182 | |||
buildMainView | |
0.00% |
0 / 19 |
|
0.00% |
0 / 1 |
30 | |||
buildSetView | |
0.00% |
0 / 71 |
|
0.00% |
0 / 1 |
380 | |||
buildTypeSelector | |
0.00% |
0 / 4 |
|
0.00% |
0 / 1 |
6 | |||
buildTableByList | |
0.00% |
0 / 17 |
|
0.00% |
0 / 1 |
30 | |||
buildDeleteView | |
0.00% |
0 / 16 |
|
0.00% |
0 / 1 |
6 | |||
addEntry | |
0.00% |
0 / 7 |
|
0.00% |
0 / 1 |
2 | |||
doSubmit | |
0.00% |
0 / 99 |
|
0.00% |
0 / 1 |
272 | |||
doDelete | |
0.00% |
0 / 10 |
|
0.00% |
0 / 1 |
6 | |||
showLogFragment | |
0.00% |
0 / 5 |
|
0.00% |
0 / 1 |
2 | |||
getGroupName | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
showNoPermissionsView | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 |
1 | <?php |
2 | |
3 | namespace MediaWiki\Extension\CentralAuth\Special; |
4 | |
5 | use LogEventsList; |
6 | use LogPage; |
7 | use ManualLogEntry; |
8 | use MediaWiki\Extension\CentralAuth\CentralAuthWikiListService; |
9 | use MediaWiki\Extension\CentralAuth\WikiSet; |
10 | use MediaWiki\Html\Html; |
11 | use MediaWiki\SpecialPage\SpecialPage; |
12 | use MediaWiki\Title\Title; |
13 | use PermissionsError; |
14 | use Xml; |
15 | use XmlSelect; |
16 | |
17 | /** |
18 | * Special page to allow to edit "wikisets" which are used to restrict |
19 | * specific global group permissions to certain wikis. |
20 | * |
21 | * @file |
22 | * @ingroup Extensions |
23 | */ |
24 | |
25 | class SpecialWikiSets extends SpecialPage { |
26 | /** @var bool */ |
27 | private $mCanEdit; |
28 | |
29 | private CentralAuthWikiListService $wikiListService; |
30 | |
31 | public function __construct( CentralAuthWikiListService $wikiListService ) { |
32 | parent::__construct( 'WikiSets' ); |
33 | |
34 | $this->wikiListService = $wikiListService; |
35 | } |
36 | |
37 | /** |
38 | * @inheritDoc |
39 | */ |
40 | public function getDescription() { |
41 | return $this->msg( 'centralauth-editset' ); |
42 | } |
43 | |
44 | /** |
45 | * @param string|null $subpage |
46 | * @return void |
47 | */ |
48 | public function execute( $subpage ) { |
49 | $this->mCanEdit = $this->getContext()->getAuthority()->isAllowed( 'globalgrouppermissions' ); |
50 | $req = $this->getRequest(); |
51 | $tokenOk = $req->wasPosted() |
52 | && $this->getUser()->matchEditToken( $req->getVal( 'wpEditToken' ) ); |
53 | |
54 | $this->setHeaders(); |
55 | |
56 | if ( $subpage === null ) { |
57 | $this->buildMainView(); |
58 | return; |
59 | } |
60 | |
61 | if ( str_starts_with( $subpage, 'delete/' ) ) { |
62 | if ( !$this->mCanEdit ) { |
63 | $this->showNoPermissionsView(); |
64 | } |
65 | |
66 | // Remove delete/ part |
67 | $subpage = substr( $subpage, 7 ); |
68 | |
69 | if ( is_numeric( $subpage ) ) { |
70 | if ( $tokenOk ) { |
71 | $this->doDelete( $subpage ); |
72 | return; |
73 | } |
74 | |
75 | $this->buildDeleteView( $subpage ); |
76 | return; |
77 | } |
78 | } |
79 | |
80 | $set = null; |
81 | if ( $subpage !== '0' ) { |
82 | $set = is_numeric( $subpage ) ? WikiSet::newFromId( $subpage ) : WikiSet::newFromName( $subpage ); |
83 | if ( !$set ) { |
84 | $this->getOutput()->setPageTitleMsg( $this->msg( 'error' ) ); |
85 | $error = $this->msg( 'centralauth-editset-notfound', $subpage )->escaped(); |
86 | $this->buildMainView( Html::errorBox( $error ) ); |
87 | return; |
88 | } |
89 | } elseif ( !$this->mCanEdit ) { |
90 | $this->showNoPermissionsView(); |
91 | } |
92 | |
93 | if ( $tokenOk ) { |
94 | if ( !$this->mCanEdit ) { |
95 | $this->showNoPermissionsView(); |
96 | } |
97 | |
98 | $this->doSubmit( $set ); |
99 | return; |
100 | } |
101 | |
102 | $this->buildSetView( $set ); |
103 | } |
104 | |
105 | /** |
106 | * @param string|null $msg Output directly as HTML. Caller must escape. |
107 | */ |
108 | private function buildMainView( string $msg = null ) { |
109 | // Give grep a chance to find the usages: centralauth-editset-legend-rw, |
110 | // centralauth-editset-legend-ro |
111 | $msgPostfix = $this->mCanEdit ? 'rw' : 'ro'; |
112 | $legend = $this->msg( "centralauth-editset-legend-{$msgPostfix}" )->escaped(); |
113 | $this->getOutput()->addHTML( "<fieldset><legend>{$legend}</legend>" ); |
114 | if ( $msg ) { |
115 | $this->getOutput()->addHTML( $msg ); |
116 | } |
117 | // Give grep a chance to find the usages: centralauth-editset-intro-rw, |
118 | // centralauth-editset-intro-ro |
119 | $this->getOutput()->addWikiMsg( "centralauth-editset-intro-{$msgPostfix}" ); |
120 | $this->getOutput()->addHTML( '<ul>' ); |
121 | |
122 | // Give grep a chance to find the usages: centralauth-editset-item-rw, |
123 | // centralauth-editset-item-ro |
124 | foreach ( WikiSet::getAllWikiSets() as $set ) { |
125 | $text = $this->msg( "centralauth-editset-item-{$msgPostfix}", |
126 | $set->getName(), $set->getID() )->parse(); |
127 | $this->getOutput()->addHTML( "<li>{$text}</li>" ); |
128 | } |
129 | |
130 | if ( $this->mCanEdit ) { |
131 | $target = $this->getPageTitle( '0' ); |
132 | $newlink = $this->getLinkRenderer()->makeLink( |
133 | $target, |
134 | $this->msg( 'centralauth-editset-new' )->text() |
135 | ); |
136 | $this->getOutput()->addHTML( "<li>{$newlink}</li>" ); |
137 | } |
138 | |
139 | $this->getOutput()->addHTML( '</ul></fieldset>' ); |
140 | } |
141 | |
142 | /** |
143 | * @param WikiSet|null $set wiki set to operate on |
144 | * @param bool|string $error False or raw html to output as error |
145 | * @param string|null $name (Optional) Name of WikiSet |
146 | * @param string|null $type WikiSet::OPTIN or WikiSet::OPTOUT |
147 | * @param string[]|null $wikis |
148 | * @param string|null $reason |
149 | */ |
150 | private function buildSetView( |
151 | ?WikiSet $set, $error = false, $name = null, $type = null, $wikis = null, $reason = null |
152 | ) { |
153 | $this->getOutput()->addBacklinkSubtitle( $this->getPageTitle() ); |
154 | |
155 | if ( !$name ) { |
156 | $name = $set ? $set->getName() : ''; |
157 | } |
158 | if ( !$type ) { |
159 | $type = $set ? $set->getType() : WikiSet::OPTIN; |
160 | } |
161 | if ( !$wikis ) { |
162 | $wikis = $set ? $set->getWikisRaw() : []; |
163 | } |
164 | |
165 | sort( $wikis ); |
166 | $wikis = implode( "\n", $wikis ); |
167 | |
168 | $url = $this->getPageTitle( (string)( $set ? $set->getId() : 0 ) ) |
169 | ->getLocalUrl(); |
170 | |
171 | if ( $this->mCanEdit ) { |
172 | // Give grep a chance to find the usages: |
173 | // centralauth-editset-legend-edit, centralauth-editset-legend-new |
174 | $legend = $this->msg( |
175 | 'centralauth-editset-legend-' . ( $set ? 'edit' : 'new' ), |
176 | $name |
177 | )->escaped(); |
178 | } else { |
179 | $legend = $this->msg( 'centralauth-editset-legend-view', $name )->escaped(); |
180 | } |
181 | |
182 | $this->getOutput()->addHTML( "<fieldset><legend>{$legend}</legend>" ); |
183 | |
184 | if ( $set ) { |
185 | $groups = $set->getRestrictedGroups(); |
186 | if ( $groups ) { |
187 | $usage = "<ul>\n"; |
188 | foreach ( $groups as $group ) { |
189 | $usage .= "<li>" . $this->msg( 'centralauth-editset-grouplink', $group ) |
190 | ->parse() . "</li>\n"; |
191 | } |
192 | $usage .= "</ul>"; |
193 | } else { |
194 | $usage = $this->msg( 'centralauth-editset-nouse' )->parseAsBlock(); |
195 | } |
196 | $sortedWikis = $set->getWikisRaw(); |
197 | sort( $sortedWikis ); |
198 | } else { |
199 | $usage = ''; |
200 | $sortedWikis = []; |
201 | } |
202 | |
203 | # Make an array of the opposite list of wikis |
204 | # (all databases *excluding* the defined ones) |
205 | $restWikis = []; |
206 | foreach ( $this->getConfig()->get( 'LocalDatabases' ) as $wiki ) { |
207 | if ( !in_array( $wiki, $sortedWikis ) ) { |
208 | $restWikis[] = $wiki; |
209 | } |
210 | } |
211 | sort( $restWikis ); |
212 | |
213 | if ( $this->mCanEdit ) { |
214 | if ( $error ) { |
215 | $this->getOutput()->addHTML( Html::errorBox( $error ) ); |
216 | } |
217 | $this->getOutput()->addHTML( |
218 | Html::openElement( |
219 | 'form', |
220 | [ 'action' => $url, 'method' => 'POST' ] |
221 | ) |
222 | ); |
223 | |
224 | $form = []; |
225 | $form['centralauth-editset-name'] = Xml::input( 'wpName', false, $name ); |
226 | if ( $usage ) { |
227 | $form['centralauth-editset-usage'] = $usage; |
228 | } |
229 | $form['centralauth-editset-type'] = $this->buildTypeSelector( 'wpType', $type ); |
230 | $form['centralauth-editset-wikis'] = Xml::textarea( 'wpWikis', $wikis ); |
231 | $form['centralauth-editset-restwikis'] = Xml::textarea( 'wpRestWikis', |
232 | implode( "\n", $restWikis ), 40, 5, [ 'readonly' => true ] ); |
233 | $form['centralauth-editset-reason'] = Xml::input( 'wpReason', 50, $reason ?? '' ); |
234 | |
235 | $this->getOutput()->addHTML( Xml::buildForm( $form, 'centralauth-editset-submit' ) ); |
236 | |
237 | $edittoken = Html::hidden( 'wpEditToken', $this->getUser()->getEditToken() ); |
238 | $this->getOutput()->addHTML( "<p>{$edittoken}</p></form></fieldset>" ); |
239 | } else { |
240 | // Give grep a chance to find the usages: centralauth-editset-optin, |
241 | // centralauth-editset-optout |
242 | $form = []; |
243 | $form['centralauth-editset-name'] = htmlspecialchars( $name ); |
244 | $form['centralauth-editset-usage'] = $usage; |
245 | $form['centralauth-editset-type'] = $this->msg( "centralauth-editset-{$type}" ) |
246 | ->escaped(); |
247 | $form['centralauth-editset-wikis'] = self::buildTableByList( |
248 | $sortedWikis, 3, [ 'style' => 'width:100%;' ] |
249 | ) . '<hr>'; |
250 | $form['centralauth-editset-restwikis'] = self::buildTableByList( |
251 | $restWikis, 3, [ 'style' => 'width:100%;' ] |
252 | ); |
253 | |
254 | $this->getOutput()->addHTML( Xml::buildForm( $form ) ); |
255 | } |
256 | |
257 | if ( $set ) { |
258 | $this->showLogFragment( (string)$set->getId() ); |
259 | } |
260 | } |
261 | |
262 | /** |
263 | * @param string $name |
264 | * @param string $value |
265 | * @return string |
266 | */ |
267 | private function buildTypeSelector( $name, $value ) { |
268 | // Give grep a chance to find the usages: centralauth-editset-optin, |
269 | // centralauth-editset-optout |
270 | $select = new XmlSelect( $name, 'set-type', $value ); |
271 | foreach ( [ WikiSet::OPTIN, WikiSet::OPTOUT ] as $type ) { |
272 | $select->addOption( $this->msg( "centralauth-editset-{$type}" )->text(), $type ); |
273 | } |
274 | return $select->getHTML(); |
275 | } |
276 | |
277 | /** |
278 | * Builds a table of several columns, and divides the items of |
279 | * $list equally among each column. All items are escaped. |
280 | * |
281 | * Could in the future be replaced by CSS column-count. |
282 | * |
283 | * @param string[] $list |
284 | * @param int $columns number of columns |
285 | * @param array $tableAttribs <table> attributes |
286 | * @return string Table |
287 | */ |
288 | private function buildTableByList( array $list, int $columns = 2, array $tableAttribs = [] ): string { |
289 | $count = count( $list ); |
290 | if ( $count === 0 ) { |
291 | return $this->msg( 'centralauth-editset-nowikis' )->parse(); |
292 | } |
293 | |
294 | # If there are less items than columns, limit the number of columns |
295 | $columns = $count < $columns ? $count : $columns; |
296 | $itemsPerCol = (int)ceil( $count / $columns ); |
297 | $splitLists = array_chunk( $list, $itemsPerCol ); |
298 | |
299 | $body = ''; |
300 | foreach ( $splitLists as $splitList ) { |
301 | $body .= '<td style="width:' . round( 100 / $columns ) . '%;"><ul>'; |
302 | foreach ( $splitList as $listitem ) { |
303 | $body .= Html::element( 'li', [], $listitem ); |
304 | } |
305 | $body .= '</ul></td>'; |
306 | } |
307 | return Html::rawElement( 'table', $tableAttribs, |
308 | '<tbody>' . |
309 | Html::rawElement( 'tr', [ 'style' => 'vertical-align:top;' ], $body ) . |
310 | '</tbody>' |
311 | ); |
312 | } |
313 | |
314 | /** |
315 | * @param string $subpage |
316 | */ |
317 | private function buildDeleteView( $subpage ) { |
318 | $this->getOutput()->addBacklinkSubtitle( $this->getPageTitle() ); |
319 | |
320 | $set = WikiSet::newFromID( $subpage ); |
321 | if ( !$set ) { |
322 | $this->buildMainView( Html::errorBox( $this->msg( 'centralauth-editset-notfound', $subpage )->escaped() ) ); |
323 | return; |
324 | } |
325 | |
326 | $legend = $this->msg( 'centralauth-editset-legend-delete', $set->getName() )->text(); |
327 | $form = [ 'centralauth-editset-reason' => Xml::input( 'wpReason' ) ]; |
328 | $url = $this->getPageTitle( 'delete/' . $subpage )->getLocalUrl(); |
329 | $edittoken = Html::hidden( 'wpEditToken', $this->getUser()->getEditToken() ); |
330 | |
331 | $this->getOutput()->addHTML( |
332 | Html::openElement( 'fieldset' ) . |
333 | Html::element( 'legend', [], $legend ) . |
334 | Html::openElement( 'form', [ 'action' => $url, 'method' => 'post' ] ) |
335 | ); |
336 | $this->getOutput()->addHTML( Xml::buildForm( $form, 'centralauth-editset-submit-delete' ) ); |
337 | $this->getOutput()->addHTML( "<p>{$edittoken}</p></form></fieldset>" ); |
338 | } |
339 | |
340 | /** |
341 | * Log action to 'gblrights' log |
342 | * |
343 | * @param string $action Type of action |
344 | * @param Title $title |
345 | * @param string $reason |
346 | * @param array $params |
347 | */ |
348 | private function addEntry( $action, $title, $reason, $params ): void { |
349 | $entry = new ManualLogEntry( 'gblrights', $action ); |
350 | $entry->setTarget( $title ); |
351 | $entry->setPerformer( $this->getUser() ); |
352 | $entry->setComment( $reason ); |
353 | $entry->setParameters( $params ); |
354 | $logid = $entry->insert(); |
355 | $entry->publish( $logid ); |
356 | } |
357 | |
358 | /** |
359 | * @param WikiSet|null $set wiki set to operate on |
360 | */ |
361 | private function doSubmit( ?WikiSet $set ) { |
362 | $name = $this->getContentLanguage()->ucfirst( $this->getRequest()->getVal( 'wpName' ) ); |
363 | $type = $this->getRequest()->getVal( 'wpType' ); |
364 | $wikis = array_unique( preg_split( |
365 | '/(\s+|\s*\W\s*)/', $this->getRequest()->getVal( 'wpWikis' ), -1, PREG_SPLIT_NO_EMPTY ) |
366 | ); |
367 | $reason = $this->getRequest()->getVal( 'wpReason' ); |
368 | |
369 | if ( !Title::newFromText( $name ) ) { |
370 | $this->buildSetView( $set, $this->msg( 'centralauth-editset-badname' )->escaped(), |
371 | $name, $type, $wikis, $reason ); |
372 | return; |
373 | } |
374 | if ( ( !$set || $set->getName() != $name ) && WikiSet::newFromName( $name ) ) { |
375 | $this->buildSetView( $set, $this->msg( 'centralauth-editset-setexists' )->escaped(), |
376 | $name, $type, $wikis, $reason ); |
377 | return; |
378 | } |
379 | if ( !in_array( $type, [ WikiSet::OPTIN, WikiSet::OPTOUT ] ) ) { |
380 | $this->buildSetView( $set, $this->msg( 'centralauth-editset-badtype' )->escaped(), |
381 | $name, $type, $wikis, $reason ); |
382 | return; |
383 | } |
384 | if ( !$wikis ) { |
385 | $this->buildSetView( $set, $this->msg( 'centralauth-editset-zerowikis' )->escaped(), |
386 | $name, $type, $wikis, $reason ); |
387 | return; |
388 | } |
389 | |
390 | $badwikis = []; |
391 | $allwikis = $this->wikiListService->getWikiList(); |
392 | foreach ( $wikis as $wiki ) { |
393 | if ( !in_array( $wiki, $allwikis ) ) { |
394 | $badwikis[] = $wiki; |
395 | } |
396 | } |
397 | if ( $badwikis ) { |
398 | $this->buildSetView( $set, $this->msg( |
399 | 'centralauth-editset-badwikis', |
400 | implode( ', ', $badwikis ) ) |
401 | ->numParams( count( $badwikis ) ) |
402 | ->escaped(), |
403 | $name, $type, $wikis, $reason |
404 | ); |
405 | return; |
406 | } |
407 | |
408 | if ( $set ) { |
409 | $oldname = $set->getName(); |
410 | $oldtype = $set->getType(); |
411 | $oldwikis = $set->getWikisRaw(); |
412 | } else { |
413 | $set = new WikiSet(); |
414 | $oldname = $oldtype = null; |
415 | $oldwikis = []; |
416 | } |
417 | $set->setName( $name ); |
418 | $set->setType( $type ); |
419 | $set->setWikisRaw( $wikis ); |
420 | $set->saveToDB(); |
421 | |
422 | // Now logging |
423 | $title = $this->getPageTitle( (string)$set->getID() ); |
424 | if ( !$oldname ) { |
425 | // New set |
426 | $this->addEntry( |
427 | 'newset', |
428 | $title, |
429 | $reason, |
430 | [ |
431 | '4::name' => $name, |
432 | '5::type' => $type, |
433 | 'wikis' => $wikis, |
434 | ] |
435 | ); |
436 | } else { |
437 | if ( $oldname != $name ) { |
438 | $this->addEntry( |
439 | 'setrename', |
440 | $title, |
441 | $reason, |
442 | [ |
443 | '4::name' => $name, |
444 | '5::oldName' => $oldname, |
445 | ] |
446 | ); |
447 | } |
448 | if ( $oldtype != $type ) { |
449 | $this->addEntry( |
450 | 'setnewtype', |
451 | $title, |
452 | $reason, |
453 | [ |
454 | '4::name' => $name, |
455 | '5::oldType' => $oldtype, |
456 | '6::type' => $type, |
457 | ] |
458 | ); |
459 | } |
460 | $added = array_diff( $wikis, $oldwikis ); |
461 | $removed = array_diff( $oldwikis, $wikis ); |
462 | if ( $added || $removed ) { |
463 | $this->addEntry( |
464 | 'setchange', |
465 | $title, |
466 | $reason, |
467 | [ |
468 | '4::name' => $name, |
469 | 'added' => $added, |
470 | 'removed' => $removed, |
471 | ] |
472 | ); |
473 | } |
474 | } |
475 | |
476 | $returnLink = $this->getLinkRenderer()->makeKnownLink( |
477 | $this->getPageTitle(), $this->msg( 'centralauth-editset-return' )->text() ); |
478 | |
479 | $this->getOutput()->addHTML( |
480 | Html::successBox( $this->msg( 'centralauth-editset-success' )->escaped() ) . |
481 | '<p>' . $returnLink . '</p>' |
482 | ); |
483 | } |
484 | |
485 | /** |
486 | * @param string $set |
487 | */ |
488 | private function doDelete( $set ) { |
489 | $set = WikiSet::newFromID( $set ); |
490 | if ( !$set ) { |
491 | $this->buildMainView( Html::errorBox( $this->msg( 'centralauth-editset-notfound', $set )->escaped() ) ); |
492 | return; |
493 | } |
494 | |
495 | $reason = $this->getRequest()->getVal( 'wpReason' ); |
496 | $name = $set->getName(); |
497 | $set->delete(); |
498 | |
499 | $title = $this->getPageTitle( (string)$set->getID() ); |
500 | $this->addEntry( 'deleteset', $title, $reason, [ '4::name' => $name ] ); |
501 | |
502 | $this->buildMainView( Html::successBox( $this->msg( 'centralauth-editset-success-delete' )->escaped() ) ); |
503 | } |
504 | |
505 | /** |
506 | * @param string $number |
507 | */ |
508 | protected function showLogFragment( $number ) { |
509 | $title = $this->getPageTitle( $number ); |
510 | $logPage = new LogPage( 'gblrights' ); |
511 | $out = $this->getOutput(); |
512 | $out->addHTML( Xml::element( 'h2', null, $logPage->getName()->text() . "\n" ) ); |
513 | LogEventsList::showLogExtract( $out, 'gblrights', $title->getPrefixedText() ); |
514 | } |
515 | |
516 | /** @inheritDoc */ |
517 | protected function getGroupName() { |
518 | return 'wiki'; |
519 | } |
520 | |
521 | /** |
522 | * @phan-return never |
523 | * @return void |
524 | * @throws PermissionsError |
525 | */ |
526 | private function showNoPermissionsView() { |
527 | throw new PermissionsError( 'globalgrouppermissions' ); |
528 | } |
529 | } |