Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
Total | |
96.00% |
24 / 25 |
|
50.00% |
1 / 2 |
CRAP | |
0.00% |
0 / 1 |
PermissionChecker | |
96.00% |
24 / 25 |
|
50.00% |
1 / 2 |
9 | |
0.00% |
0 / 1 |
__construct | |
100.00% |
5 / 5 |
|
100.00% |
1 / 1 |
1 | |||
onGetUserPermissionsErrors | |
95.00% |
19 / 20 |
|
0.00% |
0 / 1 |
8 |
1 | <?php |
2 | |
3 | namespace MediaWiki\Extension\NSFileRepo\HookHandler; |
4 | |
5 | use Config; |
6 | use MediaWiki\Permissions\Hook\GetUserPermissionsErrorsHook; |
7 | use MediaWiki\Permissions\PermissionManager; |
8 | use MultiConfig; |
9 | use NSFileRepo\Config as NSFileRepoConfig; |
10 | use Title; |
11 | use User; |
12 | |
13 | class PermissionChecker implements GetUserPermissionsErrorsHook { |
14 | |
15 | /** |
16 | * |
17 | * @var Config |
18 | */ |
19 | private $config = null; |
20 | |
21 | /** |
22 | * |
23 | * @var PermissionManager |
24 | */ |
25 | private $permManager = null; |
26 | |
27 | /** |
28 | * |
29 | * @param Config $mainConfig |
30 | * @param PermissionManager $permissionManager |
31 | */ |
32 | public function __construct( $mainConfig, $permissionManager ) { |
33 | $this->config = new MultiConfig( [ |
34 | new NSFileRepoConfig(), |
35 | $mainConfig |
36 | ] ); |
37 | $this->permManager = $permissionManager; |
38 | } |
39 | |
40 | /** |
41 | * @param Title $title |
42 | * @param User $user |
43 | * @param string $action |
44 | * @param string &$result |
45 | * @return bool|void |
46 | */ |
47 | public function onGetUserPermissionsErrors( $title, $user, $action, &$result ) { |
48 | $whitelistRead = $this->config->get( 'WhitelistRead' ); |
49 | if ( $whitelistRead !== false && in_array( $title->getPrefixedText(), $whitelistRead ) ) { |
50 | return true; |
51 | } |
52 | |
53 | if ( $title->getNamespace() !== NS_FILE ) { |
54 | return true; |
55 | } |
56 | |
57 | $ntitle = Title::newFromText( $title->getDBkey() ); |
58 | |
59 | // When image title cannot be created, due to upload errors, |
60 | //$title->getDBKey() is empty, resulting in an invaid |
61 | //title object in Title::newFromText |
62 | if ( !$ntitle instanceof Title ) { |
63 | return true; |
64 | } |
65 | |
66 | // Additional check for NS_MAIN: If a user is not allowed to read NS_MAIN he should also be not allowed |
67 | //to view files with no namespace-prefix as they are logically assigned to namespace NS_MAIN |
68 | $titleIsNSMAIN = $ntitle->getNamespace() === NS_MAIN; |
69 | $titleNSaboveThreshold = $ntitle->getNamespace() > $this->config->get( 'NamespaceThreshold' ); |
70 | if ( $titleIsNSMAIN || $titleNSaboveThreshold ) { |
71 | $errors = $this->permManager->getPermissionErrors( |
72 | $action, |
73 | $user, |
74 | $ntitle |
75 | ); |
76 | if ( !empty( $errors ) ) { |
77 | $result = false; |
78 | return false; |
79 | } |
80 | } |
81 | |
82 | return true; |
83 | } |
84 | } |