Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
96.00% |
24 / 25 |
|
50.00% |
1 / 2 |
CRAP | |
0.00% |
0 / 1 |
| PermissionChecker | |
96.00% |
24 / 25 |
|
50.00% |
1 / 2 |
9 | |
0.00% |
0 / 1 |
| __construct | |
100.00% |
5 / 5 |
|
100.00% |
1 / 1 |
1 | |||
| onGetUserPermissionsErrors | |
95.00% |
19 / 20 |
|
0.00% |
0 / 1 |
8 | |||
| 1 | <?php |
| 2 | |
| 3 | namespace MediaWiki\Extension\NSFileRepo\HookHandler; |
| 4 | |
| 5 | use Config; |
| 6 | use MediaWiki\Permissions\Hook\GetUserPermissionsErrorsHook; |
| 7 | use MediaWiki\Permissions\PermissionManager; |
| 8 | use MultiConfig; |
| 9 | use NSFileRepo\Config as NSFileRepoConfig; |
| 10 | use Title; |
| 11 | use User; |
| 12 | |
| 13 | class PermissionChecker implements GetUserPermissionsErrorsHook { |
| 14 | |
| 15 | /** |
| 16 | * |
| 17 | * @var Config |
| 18 | */ |
| 19 | private $config = null; |
| 20 | |
| 21 | /** |
| 22 | * |
| 23 | * @var PermissionManager |
| 24 | */ |
| 25 | private $permManager = null; |
| 26 | |
| 27 | /** |
| 28 | * |
| 29 | * @param Config $mainConfig |
| 30 | * @param PermissionManager $permissionManager |
| 31 | */ |
| 32 | public function __construct( $mainConfig, $permissionManager ) { |
| 33 | $this->config = new MultiConfig( [ |
| 34 | new NSFileRepoConfig(), |
| 35 | $mainConfig |
| 36 | ] ); |
| 37 | $this->permManager = $permissionManager; |
| 38 | } |
| 39 | |
| 40 | /** |
| 41 | * @param Title $title |
| 42 | * @param User $user |
| 43 | * @param string $action |
| 44 | * @param string &$result |
| 45 | * @return bool|void |
| 46 | */ |
| 47 | public function onGetUserPermissionsErrors( $title, $user, $action, &$result ) { |
| 48 | $whitelistRead = $this->config->get( 'WhitelistRead' ); |
| 49 | if ( $whitelistRead !== false && in_array( $title->getPrefixedText(), $whitelistRead ) ) { |
| 50 | return true; |
| 51 | } |
| 52 | |
| 53 | if ( $title->getNamespace() !== NS_FILE ) { |
| 54 | return true; |
| 55 | } |
| 56 | |
| 57 | $ntitle = Title::newFromText( $title->getDBkey() ); |
| 58 | |
| 59 | // When image title cannot be created, due to upload errors, |
| 60 | //$title->getDBKey() is empty, resulting in an invaid |
| 61 | //title object in Title::newFromText |
| 62 | if ( !$ntitle instanceof Title ) { |
| 63 | return true; |
| 64 | } |
| 65 | |
| 66 | // Additional check for NS_MAIN: If a user is not allowed to read NS_MAIN he should also be not allowed |
| 67 | //to view files with no namespace-prefix as they are logically assigned to namespace NS_MAIN |
| 68 | $titleIsNSMAIN = $ntitle->getNamespace() === NS_MAIN; |
| 69 | $titleNSaboveThreshold = $ntitle->getNamespace() > $this->config->get( 'NamespaceThreshold' ); |
| 70 | if ( $titleIsNSMAIN || $titleNSaboveThreshold ) { |
| 71 | $errors = $this->permManager->getPermissionErrors( |
| 72 | $action, |
| 73 | $user, |
| 74 | $ntitle |
| 75 | ); |
| 76 | if ( !empty( $errors ) ) { |
| 77 | $result = false; |
| 78 | return false; |
| 79 | } |
| 80 | } |
| 81 | |
| 82 | return true; |
| 83 | } |
| 84 | } |