Code Coverage
 
Lines
Functions and Methods
Classes and Traits
Total
83.21% covered (warning)
83.21%
114 / 137
60.00% covered (warning)
60.00%
6 / 10
CRAP
0.00% covered (danger)
0.00%
0 / 1
ApiUserrights
83.21% covered (warning)
83.21%
114 / 137
60.00% covered (warning)
60.00%
6 / 10
32.98
0.00% covered (danger)
0.00%
0 / 1
 __construct
100.00% covered (success)
100.00%
8 / 8
100.00% covered (success)
100.00%
1 / 1
1
 execute
89.83% covered (warning)
89.83%
53 / 59
0.00% covered (danger)
0.00%
0 / 1
16.27
 getUrUser
100.00% covered (success)
100.00%
11 / 11
100.00% covered (success)
100.00%
1 / 1
3
 mustBePosted
100.00% covered (success)
100.00%
1 / 1
100.00% covered (success)
100.00%
1 / 1
1
 isWriteMode
100.00% covered (success)
100.00%
1 / 1
100.00% covered (success)
100.00%
1 / 1
1
 getAllowedParams
82.61% covered (warning)
82.61%
38 / 46
0.00% covered (danger)
0.00%
0 / 1
3.05
 needsToken
100.00% covered (success)
100.00%
1 / 1
100.00% covered (success)
100.00%
1 / 1
1
 getWebUITokenSalt
100.00% covered (success)
100.00%
1 / 1
100.00% covered (success)
100.00%
1 / 1
1
 getExamplesMessages
0.00% covered (danger)
0.00%
0 / 8
0.00% covered (danger)
0.00%
0 / 1
2
 getHelpUrls
0.00% covered (danger)
0.00%
0 / 1
0.00% covered (danger)
0.00%
0 / 1
2
1<?php
2
3/**
4 * API userrights module
5 *
6 * Copyright © 2009 Roan Kattouw <roan.kattouw@gmail.com>
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
21 * http://www.gnu.org/copyleft/gpl.html
22 *
23 * @file
24 */
25
26use MediaWiki\MainConfigNames;
27use MediaWiki\ParamValidator\TypeDef\UserDef;
28use MediaWiki\Specials\SpecialUserRights;
29use MediaWiki\Title\Title;
30use MediaWiki\User\Options\UserOptionsLookup;
31use MediaWiki\User\UserGroupManager;
32use MediaWiki\User\UserIdentity;
33use MediaWiki\Watchlist\WatchlistManager;
34use Wikimedia\ParamValidator\ParamValidator;
35use Wikimedia\ParamValidator\TypeDef\ExpiryDef;
36
37/**
38 * @ingroup API
39 */
40class ApiUserrights extends ApiBase {
41
42    use ApiWatchlistTrait;
43
44    /** @var UserIdentity|null */
45    private $mUser = null;
46
47    private UserGroupManager $userGroupManager;
48    private WatchedItemStoreInterface $watchedItemStore;
49
50    /**
51     * @param ApiMain $mainModule
52     * @param string $moduleName
53     * @param UserGroupManager $userGroupManager
54     * @param WatchedItemStoreInterface $watchedItemStore
55     * @param WatchlistManager $watchlistManager
56     * @param UserOptionsLookup $userOptionsLookup
57     */
58    public function __construct(
59        ApiMain $mainModule,
60        $moduleName,
61        UserGroupManager $userGroupManager,
62        WatchedItemStoreInterface $watchedItemStore,
63        WatchlistManager $watchlistManager,
64        UserOptionsLookup $userOptionsLookup
65    ) {
66        parent::__construct( $mainModule, $moduleName );
67        $this->userGroupManager = $userGroupManager;
68        $this->watchedItemStore = $watchedItemStore;
69
70        // Variables needed in ApiWatchlistTrait trait
71        $this->watchlistExpiryEnabled = $this->getConfig()->get( MainConfigNames::WatchlistExpiry );
72        $this->watchlistMaxDuration =
73            $this->getConfig()->get( MainConfigNames::WatchlistExpiryMaxDuration );
74        $this->watchlistManager = $watchlistManager;
75        $this->userOptionsLookup = $userOptionsLookup;
76    }
77
78    public function execute() {
79        $pUser = $this->getUser();
80
81        // Deny if the user is blocked and doesn't have the full 'userrights' permission.
82        // This matches what Special:UserRights does for the web UI.
83        if ( !$this->getAuthority()->isAllowed( 'userrights' ) ) {
84            $block = $pUser->getBlock( IDBAccessObject::READ_LATEST );
85            if ( $block && $block->isSitewide() ) {
86                $this->dieBlocked( $block );
87            }
88        }
89
90        $params = $this->extractRequestParams();
91
92        // Figure out expiry times from the input
93        $expiry = (array)$params['expiry'];
94        $add = (array)$params['add'];
95        if ( !$add ) {
96            $expiry = [];
97        } elseif ( count( $expiry ) !== count( $add ) ) {
98            if ( count( $expiry ) === 1 ) {
99                $expiry = array_fill( 0, count( $add ), $expiry[0] );
100            } else {
101                $this->dieWithError( [
102                    'apierror-toofewexpiries',
103                    count( $expiry ),
104                    count( $add )
105                ] );
106            }
107        }
108
109        // Validate the expiries
110        $groupExpiries = [];
111        foreach ( $expiry as $index => $expiryValue ) {
112            $group = $add[$index];
113            $groupExpiries[$group] = SpecialUserRights::expiryToTimestamp( $expiryValue );
114
115            if ( $groupExpiries[$group] === false ) {
116                $this->dieWithError( [ 'apierror-invalidexpiry', wfEscapeWikiText( $expiryValue ) ] );
117            }
118
119            // not allowed to have things expiring in the past
120            if ( $groupExpiries[$group] && $groupExpiries[$group] < wfTimestampNow() ) {
121                $this->dieWithError( [ 'apierror-pastexpiry', wfEscapeWikiText( $expiryValue ) ] );
122            }
123        }
124
125        $user = $this->getUrUser( $params );
126
127        $tags = $params['tags'];
128
129        // Check if user can add tags
130        if ( $tags !== null ) {
131            $ableToTag = ChangeTags::canAddTagsAccompanyingChange( $tags, $this->getAuthority() );
132            if ( !$ableToTag->isOK() ) {
133                $this->dieStatus( $ableToTag );
134            }
135        }
136
137        $form = new SpecialUserRights();
138        $form->setContext( $this->getContext() );
139        $r = [];
140        $r['user'] = $user->getName();
141        $r['userid'] = $user->getId();
142        [ $r['added'], $r['removed'] ] = $form->doSaveUserGroups(
143            // Don't pass null to doSaveUserGroups() for array params, cast to empty array
144            $user, $add, (array)$params['remove'],
145            $params['reason'], (array)$tags, $groupExpiries
146        );
147
148        $watchlistExpiry = $this->getExpiryFromParams( $params );
149        $watchuser = $params['watchuser'];
150        $userPage = Title::makeTitle( NS_USER, $user->getName() );
151        if ( $watchuser && $user->getWikiId() === UserIdentity::LOCAL ) {
152            $this->setWatch( 'watch', $userPage, $this->getUser(), null, $watchlistExpiry );
153        } else {
154            $watchuser = false;
155            $watchlistExpiry = null;
156        }
157        $r['watchuser'] = $watchuser;
158        if ( $watchlistExpiry !== null ) {
159            $r['watchlistexpiry'] = $this->getWatchlistExpiry(
160                $this->watchedItemStore,
161                $userPage,
162                $this->getUser()
163            );
164        }
165
166        $result = $this->getResult();
167        ApiResult::setIndexedTagName( $r['added'], 'group' );
168        ApiResult::setIndexedTagName( $r['removed'], 'group' );
169        $result->addValue( null, $this->getModuleName(), $r );
170    }
171
172    /**
173     * @param array $params
174     * @return UserIdentity
175     */
176    private function getUrUser( array $params ) {
177        if ( $this->mUser !== null ) {
178            return $this->mUser;
179        }
180
181        $this->requireOnlyOneParameter( $params, 'user', 'userid' );
182
183        $user = $params['user'] ?? '#' . $params['userid'];
184
185        $form = new SpecialUserRights();
186        $form->setContext( $this->getContext() );
187        $status = $form->fetchUser( $user );
188        if ( !$status->isOK() ) {
189            $this->dieStatus( $status );
190        }
191
192        $this->mUser = $status->value;
193
194        return $status->value;
195    }
196
197    public function mustBePosted() {
198        return true;
199    }
200
201    public function isWriteMode() {
202        return true;
203    }
204
205    public function getAllowedParams( $flags = 0 ) {
206        $allGroups = $this->userGroupManager->listAllGroups();
207
208        if ( $flags & ApiBase::GET_VALUES_FOR_HELP ) {
209            sort( $allGroups );
210        }
211
212        $params = [
213            'user' => [
214                ParamValidator::PARAM_TYPE => 'user',
215                UserDef::PARAM_ALLOWED_USER_TYPES => [ 'name', 'id' ],
216            ],
217            'userid' => [
218                ParamValidator::PARAM_TYPE => 'integer',
219                ParamValidator::PARAM_DEPRECATED => true,
220            ],
221            'add' => [
222                ParamValidator::PARAM_TYPE => $allGroups,
223                ParamValidator::PARAM_ISMULTI => true
224            ],
225            'expiry' => [
226                ParamValidator::PARAM_ISMULTI => true,
227                ParamValidator::PARAM_ALLOW_DUPLICATES => true,
228                ParamValidator::PARAM_DEFAULT => 'infinite',
229            ],
230            'remove' => [
231                ParamValidator::PARAM_TYPE => $allGroups,
232                ParamValidator::PARAM_ISMULTI => true
233            ],
234            'reason' => [
235                ParamValidator::PARAM_DEFAULT => ''
236            ],
237            'token' => [
238                // Standard definition automatically inserted
239                ApiBase::PARAM_HELP_MSG_APPEND => [ 'api-help-param-token-webui' ],
240            ],
241            'tags' => [
242                ParamValidator::PARAM_TYPE => 'tags',
243                ParamValidator::PARAM_ISMULTI => true
244            ],
245            'watchuser' => false,
246        ];
247
248        // Params appear in the docs in the order they are defined,
249        // which is why this is here and not at the bottom.
250        // @todo Find better way to support insertion at arbitrary position
251        if ( $this->watchlistExpiryEnabled ) {
252            $params += [
253                'watchlistexpiry' => [
254                    ParamValidator::PARAM_TYPE => 'expiry',
255                    ExpiryDef::PARAM_MAX => $this->watchlistMaxDuration,
256                    ExpiryDef::PARAM_USE_MAX => true,
257                ]
258            ];
259        }
260
261        return $params;
262    }
263
264    public function needsToken() {
265        return 'userrights';
266    }
267
268    protected function getWebUITokenSalt( array $params ) {
269        return $this->getUrUser( $params )->getName();
270    }
271
272    protected function getExamplesMessages() {
273        return [
274            'action=userrights&user=FooBot&add=bot&remove=sysop|bureaucrat&token=123ABC'
275                => 'apihelp-userrights-example-user',
276            'action=userrights&userid=123&add=bot&remove=sysop|bureaucrat&token=123ABC'
277                => 'apihelp-userrights-example-userid',
278            'action=userrights&user=SometimeSysop&add=sysop&expiry=1%20month&token=123ABC'
279                => 'apihelp-userrights-example-expiry',
280        ];
281    }
282
283    public function getHelpUrls() {
284        return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:User_group_membership';
285    }
286}