Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
100.00% |
62 / 62 |
|
100.00% |
4 / 4 |
CRAP | |
100.00% |
1 / 1 |
| GlobalBlockLocalStatusManager | |
100.00% |
62 / 62 |
|
100.00% |
4 / 4 |
10 | |
100.00% |
1 / 1 |
| __construct | |
100.00% |
8 / 8 |
|
100.00% |
1 / 1 |
1 | |||
| locallyDisableBlock | |
100.00% |
32 / 32 |
|
100.00% |
1 / 1 |
4 | |||
| locallyEnableBlock | |
100.00% |
16 / 16 |
|
100.00% |
1 / 1 |
4 | |||
| addLogEntry | |
100.00% |
6 / 6 |
|
100.00% |
1 / 1 |
1 | |||
| 1 | <?php |
| 2 | |
| 3 | namespace MediaWiki\Extension\GlobalBlocking\Services; |
| 4 | |
| 5 | use ManualLogEntry; |
| 6 | use MediaWiki\Config\ServiceOptions; |
| 7 | use MediaWiki\Title\Title; |
| 8 | use MediaWiki\User\CentralId\CentralIdLookup; |
| 9 | use MediaWiki\User\UserIdentity; |
| 10 | use StatusValue; |
| 11 | use Wikimedia\Rdbms\IConnectionProvider; |
| 12 | |
| 13 | class GlobalBlockLocalStatusManager { |
| 14 | |
| 15 | public const CONSTRUCTOR_OPTIONS = [ |
| 16 | 'GlobalBlockingAllowGlobalAccountBlocks', |
| 17 | ]; |
| 18 | |
| 19 | private ServiceOptions $options; |
| 20 | private GlobalBlockLocalStatusLookup $globalBlockLocalStatusLookup; |
| 21 | private GlobalBlockLookup $globalBlockLookup; |
| 22 | private GlobalBlockingBlockPurger $globalBlockingBlockPurger; |
| 23 | private GlobalBlockingConnectionProvider $globalBlockingConnectionProvider; |
| 24 | private IConnectionProvider $localDbProvider; |
| 25 | private CentralIdLookup $centralIdLookup; |
| 26 | |
| 27 | public function __construct( |
| 28 | ServiceOptions $options, |
| 29 | GlobalBlockLocalStatusLookup $globalBlockLocalStatusLookup, |
| 30 | GlobalBlockLookup $globalBlockLookup, |
| 31 | GlobalBlockingBlockPurger $globalBlockingBlockPurger, |
| 32 | GlobalBlockingConnectionProvider $globalBlockingConnectionProvider, |
| 33 | IConnectionProvider $localDbProvider, |
| 34 | CentralIdLookup $centralIdLookup |
| 35 | ) { |
| 36 | $options->assertRequiredOptions( self::CONSTRUCTOR_OPTIONS ); |
| 37 | $this->options = $options; |
| 38 | $this->globalBlockLocalStatusLookup = $globalBlockLocalStatusLookup; |
| 39 | $this->globalBlockLookup = $globalBlockLookup; |
| 40 | $this->globalBlockingBlockPurger = $globalBlockingBlockPurger; |
| 41 | $this->globalBlockingConnectionProvider = $globalBlockingConnectionProvider; |
| 42 | $this->localDbProvider = $localDbProvider; |
| 43 | $this->centralIdLookup = $centralIdLookup; |
| 44 | } |
| 45 | |
| 46 | /** |
| 47 | * Disable a global block applying to users on a given wiki. |
| 48 | * |
| 49 | * @param string $target The specific target of the block being disabled on this wiki. Can be an IP or IP range. |
| 50 | * @param string $reason The reason for locally disabling the block. |
| 51 | * @param UserIdentity $performer The user who is locally disabling the block. The caller of this method is |
| 52 | * responsible for determining if the performer has the necessary rights to perform the action. |
| 53 | * @param string|false $wikiId The wiki where the block should be modified. Use false for the local wiki. |
| 54 | * @return StatusValue |
| 55 | */ |
| 56 | public function locallyDisableBlock( |
| 57 | string $target, string $reason, UserIdentity $performer, $wikiId = false |
| 58 | ): StatusValue { |
| 59 | // We need to purge expired blocks so we can be sure that the block we are locally disabling isn't |
| 60 | // already expired. |
| 61 | $this->globalBlockingBlockPurger->purgeExpiredBlocks(); |
| 62 | |
| 63 | // Check that a block exists on the given $target. |
| 64 | $globalBlockId = $this->globalBlockLookup->getGlobalBlockId( $target ); |
| 65 | if ( !$globalBlockId ) { |
| 66 | $errorMessageKey = $this->options->get( 'GlobalBlockingAllowGlobalAccountBlocks' ) ? |
| 67 | 'globalblocking-notblocked-new' : 'globalblocking-notblocked'; |
| 68 | return StatusValue::newFatal( $errorMessageKey, $target ); |
| 69 | } |
| 70 | |
| 71 | // Assert that the block is not already locally disabled. |
| 72 | $localWhitelistInfo = $this->globalBlockLocalStatusLookup |
| 73 | ->getLocalWhitelistInfo( $globalBlockId, null, $wikiId ); |
| 74 | if ( $localWhitelistInfo !== false ) { |
| 75 | return StatusValue::newFatal( 'globalblocking-whitelist-nochange', $target ); |
| 76 | } |
| 77 | |
| 78 | // Find the expiry of the block. This is important so that we can store it in the |
| 79 | // global_block_whitelist table, which allows us to purge it when the block has expired. |
| 80 | $expiry = $this->globalBlockingConnectionProvider->getReplicaGlobalBlockingDatabase()->newSelectQueryBuilder() |
| 81 | ->select( 'gb_expiry' ) |
| 82 | ->from( 'globalblocks' ) |
| 83 | ->where( [ 'gb_id' => $globalBlockId ] ) |
| 84 | ->caller( __METHOD__ ) |
| 85 | ->fetchField(); |
| 86 | |
| 87 | $this->localDbProvider->getPrimaryDatabase( $wikiId )->newInsertQueryBuilder() |
| 88 | ->insertInto( 'global_block_whitelist' ) |
| 89 | ->row( [ |
| 90 | 'gbw_by' => $performer->getId(), |
| 91 | 'gbw_by_text' => $performer->getName(), |
| 92 | 'gbw_reason' => trim( $reason ), |
| 93 | 'gbw_address' => $target, |
| 94 | 'gbw_target_central_id' => $this->centralIdLookup |
| 95 | ->centralIdFromName( $target, CentralIdLookup::AUDIENCE_RAW ), |
| 96 | 'gbw_expiry' => $expiry, |
| 97 | 'gbw_id' => $globalBlockId |
| 98 | ] ) |
| 99 | ->caller( __METHOD__ ) |
| 100 | ->execute(); |
| 101 | |
| 102 | $this->addLogEntry( 'whitelist', $target, $reason, $performer ); |
| 103 | return StatusValue::newGood( [ 'id' => $globalBlockId ] ); |
| 104 | } |
| 105 | |
| 106 | /** |
| 107 | * @param string $target The specific target of the block being enabled on this wiki. Can be an IP or IP range. |
| 108 | * @param string $reason The reason for enabling the block. |
| 109 | * @param UserIdentity $performer The user who is locally enabling the block. The caller of this method is |
| 110 | * responsible for determining if the performer has the necessary rights to perform the action. |
| 111 | * @param string|false $wikiId The wiki where the block should be modified. Use false for the local wiki. |
| 112 | * @return StatusValue |
| 113 | */ |
| 114 | public function locallyEnableBlock( |
| 115 | string $target, string $reason, UserIdentity $performer, $wikiId = false |
| 116 | ): StatusValue { |
| 117 | // Only allow locally re-enabling a global block if the global block exists. |
| 118 | $globalBlockId = $this->globalBlockLookup->getGlobalBlockId( $target ); |
| 119 | if ( !$globalBlockId ) { |
| 120 | $errorMessageKey = $this->options->get( 'GlobalBlockingAllowGlobalAccountBlocks' ) ? |
| 121 | 'globalblocking-notblocked-new' : 'globalblocking-notblocked'; |
| 122 | return StatusValue::newFatal( $errorMessageKey, $target ); |
| 123 | } |
| 124 | |
| 125 | // Assert that the block is locally disabled. |
| 126 | $localWhitelistInfo = $this->globalBlockLocalStatusLookup |
| 127 | ->getLocalWhitelistInfo( $globalBlockId, null, $wikiId ); |
| 128 | if ( $localWhitelistInfo === false ) { |
| 129 | return StatusValue::newFatal( 'globalblocking-whitelist-nochange', $target ); |
| 130 | } |
| 131 | |
| 132 | // Locally re-enable the block by removing the associated global_block_whitelist row. |
| 133 | $this->localDbProvider->getPrimaryDatabase( $wikiId )->newDeleteQueryBuilder() |
| 134 | ->deleteFrom( 'global_block_whitelist' ) |
| 135 | ->where( [ 'gbw_id' => $globalBlockId ] ) |
| 136 | ->caller( __METHOD__ ) |
| 137 | ->execute(); |
| 138 | |
| 139 | $this->addLogEntry( 'dwhitelist', $target, $reason, $performer ); |
| 140 | return StatusValue::newGood( [ 'id' => $globalBlockId ] ); |
| 141 | } |
| 142 | |
| 143 | /** |
| 144 | * Add a log entry for the change of the local status of a global block. |
| 145 | * |
| 146 | * @param string $action either 'whitelist' or 'dwhitelist' |
| 147 | * @param string $target Target IP, range, or username. |
| 148 | * @param string $reason The reason for the local status change. |
| 149 | */ |
| 150 | protected function addLogEntry( string $action, string $target, string $reason, UserIdentity $performer ) { |
| 151 | $logEntry = new ManualLogEntry( 'gblblock', $action ); |
| 152 | $logEntry->setTarget( Title::makeTitleSafe( NS_USER, $target ) ); |
| 153 | $logEntry->setComment( $reason ); |
| 154 | $logEntry->setPerformer( $performer ); |
| 155 | $logId = $logEntry->insert(); |
| 156 | $logEntry->publish( $logId ); |
| 157 | } |
| 158 | } |