Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
Total | |
83.21% |
114 / 137 |
|
60.00% |
6 / 10 |
CRAP | |
0.00% |
0 / 1 |
ApiUserrights | |
83.21% |
114 / 137 |
|
60.00% |
6 / 10 |
32.98 | |
0.00% |
0 / 1 |
__construct | |
100.00% |
8 / 8 |
|
100.00% |
1 / 1 |
1 | |||
execute | |
89.83% |
53 / 59 |
|
0.00% |
0 / 1 |
16.27 | |||
getUrUser | |
100.00% |
11 / 11 |
|
100.00% |
1 / 1 |
3 | |||
mustBePosted | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
isWriteMode | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
getAllowedParams | |
82.61% |
38 / 46 |
|
0.00% |
0 / 1 |
3.05 | |||
needsToken | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
getWebUITokenSalt | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
getExamplesMessages | |
0.00% |
0 / 8 |
|
0.00% |
0 / 1 |
2 | |||
getHelpUrls | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 |
1 | <?php |
2 | |
3 | /** |
4 | * API userrights module |
5 | * |
6 | * Copyright © 2009 Roan Kattouw <roan.kattouw@gmail.com> |
7 | * |
8 | * This program is free software; you can redistribute it and/or modify |
9 | * it under the terms of the GNU General Public License as published by |
10 | * the Free Software Foundation; either version 2 of the License, or |
11 | * (at your option) any later version. |
12 | * |
13 | * This program is distributed in the hope that it will be useful, |
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | * GNU General Public License for more details. |
17 | * |
18 | * You should have received a copy of the GNU General Public License along |
19 | * with this program; if not, write to the Free Software Foundation, Inc., |
20 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
21 | * http://www.gnu.org/copyleft/gpl.html |
22 | * |
23 | * @file |
24 | */ |
25 | |
26 | use MediaWiki\MainConfigNames; |
27 | use MediaWiki\ParamValidator\TypeDef\UserDef; |
28 | use MediaWiki\Specials\SpecialUserRights; |
29 | use MediaWiki\Title\Title; |
30 | use MediaWiki\User\Options\UserOptionsLookup; |
31 | use MediaWiki\User\UserGroupManager; |
32 | use MediaWiki\User\UserIdentity; |
33 | use MediaWiki\Watchlist\WatchlistManager; |
34 | use Wikimedia\ParamValidator\ParamValidator; |
35 | use Wikimedia\ParamValidator\TypeDef\ExpiryDef; |
36 | |
37 | /** |
38 | * @ingroup API |
39 | */ |
40 | class ApiUserrights extends ApiBase { |
41 | |
42 | use ApiWatchlistTrait; |
43 | |
44 | /** @var UserIdentity|null */ |
45 | private $mUser = null; |
46 | |
47 | private UserGroupManager $userGroupManager; |
48 | private WatchedItemStoreInterface $watchedItemStore; |
49 | |
50 | /** |
51 | * @param ApiMain $mainModule |
52 | * @param string $moduleName |
53 | * @param UserGroupManager $userGroupManager |
54 | * @param WatchedItemStoreInterface $watchedItemStore |
55 | * @param WatchlistManager $watchlistManager |
56 | * @param UserOptionsLookup $userOptionsLookup |
57 | */ |
58 | public function __construct( |
59 | ApiMain $mainModule, |
60 | $moduleName, |
61 | UserGroupManager $userGroupManager, |
62 | WatchedItemStoreInterface $watchedItemStore, |
63 | WatchlistManager $watchlistManager, |
64 | UserOptionsLookup $userOptionsLookup |
65 | ) { |
66 | parent::__construct( $mainModule, $moduleName ); |
67 | $this->userGroupManager = $userGroupManager; |
68 | $this->watchedItemStore = $watchedItemStore; |
69 | |
70 | // Variables needed in ApiWatchlistTrait trait |
71 | $this->watchlistExpiryEnabled = $this->getConfig()->get( MainConfigNames::WatchlistExpiry ); |
72 | $this->watchlistMaxDuration = |
73 | $this->getConfig()->get( MainConfigNames::WatchlistExpiryMaxDuration ); |
74 | $this->watchlistManager = $watchlistManager; |
75 | $this->userOptionsLookup = $userOptionsLookup; |
76 | } |
77 | |
78 | public function execute() { |
79 | $pUser = $this->getUser(); |
80 | |
81 | // Deny if the user is blocked and doesn't have the full 'userrights' permission. |
82 | // This matches what Special:UserRights does for the web UI. |
83 | if ( !$this->getAuthority()->isAllowed( 'userrights' ) ) { |
84 | $block = $pUser->getBlock( IDBAccessObject::READ_LATEST ); |
85 | if ( $block && $block->isSitewide() ) { |
86 | $this->dieBlocked( $block ); |
87 | } |
88 | } |
89 | |
90 | $params = $this->extractRequestParams(); |
91 | |
92 | // Figure out expiry times from the input |
93 | $expiry = (array)$params['expiry']; |
94 | $add = (array)$params['add']; |
95 | if ( !$add ) { |
96 | $expiry = []; |
97 | } elseif ( count( $expiry ) !== count( $add ) ) { |
98 | if ( count( $expiry ) === 1 ) { |
99 | $expiry = array_fill( 0, count( $add ), $expiry[0] ); |
100 | } else { |
101 | $this->dieWithError( [ |
102 | 'apierror-toofewexpiries', |
103 | count( $expiry ), |
104 | count( $add ) |
105 | ] ); |
106 | } |
107 | } |
108 | |
109 | // Validate the expiries |
110 | $groupExpiries = []; |
111 | foreach ( $expiry as $index => $expiryValue ) { |
112 | $group = $add[$index]; |
113 | $groupExpiries[$group] = SpecialUserRights::expiryToTimestamp( $expiryValue ); |
114 | |
115 | if ( $groupExpiries[$group] === false ) { |
116 | $this->dieWithError( [ 'apierror-invalidexpiry', wfEscapeWikiText( $expiryValue ) ] ); |
117 | } |
118 | |
119 | // not allowed to have things expiring in the past |
120 | if ( $groupExpiries[$group] && $groupExpiries[$group] < wfTimestampNow() ) { |
121 | $this->dieWithError( [ 'apierror-pastexpiry', wfEscapeWikiText( $expiryValue ) ] ); |
122 | } |
123 | } |
124 | |
125 | $user = $this->getUrUser( $params ); |
126 | |
127 | $tags = $params['tags']; |
128 | |
129 | // Check if user can add tags |
130 | if ( $tags !== null ) { |
131 | $ableToTag = ChangeTags::canAddTagsAccompanyingChange( $tags, $this->getAuthority() ); |
132 | if ( !$ableToTag->isOK() ) { |
133 | $this->dieStatus( $ableToTag ); |
134 | } |
135 | } |
136 | |
137 | $form = new SpecialUserRights(); |
138 | $form->setContext( $this->getContext() ); |
139 | $r = []; |
140 | $r['user'] = $user->getName(); |
141 | $r['userid'] = $user->getId(); |
142 | [ $r['added'], $r['removed'] ] = $form->doSaveUserGroups( |
143 | // Don't pass null to doSaveUserGroups() for array params, cast to empty array |
144 | $user, $add, (array)$params['remove'], |
145 | $params['reason'], (array)$tags, $groupExpiries |
146 | ); |
147 | |
148 | $watchlistExpiry = $this->getExpiryFromParams( $params ); |
149 | $watchuser = $params['watchuser']; |
150 | $userPage = Title::makeTitle( NS_USER, $user->getName() ); |
151 | if ( $watchuser && $user->getWikiId() === UserIdentity::LOCAL ) { |
152 | $this->setWatch( 'watch', $userPage, $this->getUser(), null, $watchlistExpiry ); |
153 | } else { |
154 | $watchuser = false; |
155 | $watchlistExpiry = null; |
156 | } |
157 | $r['watchuser'] = $watchuser; |
158 | if ( $watchlistExpiry !== null ) { |
159 | $r['watchlistexpiry'] = $this->getWatchlistExpiry( |
160 | $this->watchedItemStore, |
161 | $userPage, |
162 | $this->getUser() |
163 | ); |
164 | } |
165 | |
166 | $result = $this->getResult(); |
167 | ApiResult::setIndexedTagName( $r['added'], 'group' ); |
168 | ApiResult::setIndexedTagName( $r['removed'], 'group' ); |
169 | $result->addValue( null, $this->getModuleName(), $r ); |
170 | } |
171 | |
172 | /** |
173 | * @param array $params |
174 | * @return UserIdentity |
175 | */ |
176 | private function getUrUser( array $params ) { |
177 | if ( $this->mUser !== null ) { |
178 | return $this->mUser; |
179 | } |
180 | |
181 | $this->requireOnlyOneParameter( $params, 'user', 'userid' ); |
182 | |
183 | $user = $params['user'] ?? '#' . $params['userid']; |
184 | |
185 | $form = new SpecialUserRights(); |
186 | $form->setContext( $this->getContext() ); |
187 | $status = $form->fetchUser( $user ); |
188 | if ( !$status->isOK() ) { |
189 | $this->dieStatus( $status ); |
190 | } |
191 | |
192 | $this->mUser = $status->value; |
193 | |
194 | return $status->value; |
195 | } |
196 | |
197 | public function mustBePosted() { |
198 | return true; |
199 | } |
200 | |
201 | public function isWriteMode() { |
202 | return true; |
203 | } |
204 | |
205 | public function getAllowedParams( $flags = 0 ) { |
206 | $allGroups = $this->userGroupManager->listAllGroups(); |
207 | |
208 | if ( $flags & ApiBase::GET_VALUES_FOR_HELP ) { |
209 | sort( $allGroups ); |
210 | } |
211 | |
212 | $params = [ |
213 | 'user' => [ |
214 | ParamValidator::PARAM_TYPE => 'user', |
215 | UserDef::PARAM_ALLOWED_USER_TYPES => [ 'name', 'id' ], |
216 | ], |
217 | 'userid' => [ |
218 | ParamValidator::PARAM_TYPE => 'integer', |
219 | ParamValidator::PARAM_DEPRECATED => true, |
220 | ], |
221 | 'add' => [ |
222 | ParamValidator::PARAM_TYPE => $allGroups, |
223 | ParamValidator::PARAM_ISMULTI => true |
224 | ], |
225 | 'expiry' => [ |
226 | ParamValidator::PARAM_ISMULTI => true, |
227 | ParamValidator::PARAM_ALLOW_DUPLICATES => true, |
228 | ParamValidator::PARAM_DEFAULT => 'infinite', |
229 | ], |
230 | 'remove' => [ |
231 | ParamValidator::PARAM_TYPE => $allGroups, |
232 | ParamValidator::PARAM_ISMULTI => true |
233 | ], |
234 | 'reason' => [ |
235 | ParamValidator::PARAM_DEFAULT => '' |
236 | ], |
237 | 'token' => [ |
238 | // Standard definition automatically inserted |
239 | ApiBase::PARAM_HELP_MSG_APPEND => [ 'api-help-param-token-webui' ], |
240 | ], |
241 | 'tags' => [ |
242 | ParamValidator::PARAM_TYPE => 'tags', |
243 | ParamValidator::PARAM_ISMULTI => true |
244 | ], |
245 | 'watchuser' => false, |
246 | ]; |
247 | |
248 | // Params appear in the docs in the order they are defined, |
249 | // which is why this is here and not at the bottom. |
250 | // @todo Find better way to support insertion at arbitrary position |
251 | if ( $this->watchlistExpiryEnabled ) { |
252 | $params += [ |
253 | 'watchlistexpiry' => [ |
254 | ParamValidator::PARAM_TYPE => 'expiry', |
255 | ExpiryDef::PARAM_MAX => $this->watchlistMaxDuration, |
256 | ExpiryDef::PARAM_USE_MAX => true, |
257 | ] |
258 | ]; |
259 | } |
260 | |
261 | return $params; |
262 | } |
263 | |
264 | public function needsToken() { |
265 | return 'userrights'; |
266 | } |
267 | |
268 | protected function getWebUITokenSalt( array $params ) { |
269 | return $this->getUrUser( $params )->getName(); |
270 | } |
271 | |
272 | protected function getExamplesMessages() { |
273 | return [ |
274 | 'action=userrights&user=FooBot&add=bot&remove=sysop|bureaucrat&token=123ABC' |
275 | => 'apihelp-userrights-example-user', |
276 | 'action=userrights&userid=123&add=bot&remove=sysop|bureaucrat&token=123ABC' |
277 | => 'apihelp-userrights-example-userid', |
278 | 'action=userrights&user=SometimeSysop&add=sysop&expiry=1%20month&token=123ABC' |
279 | => 'apihelp-userrights-example-expiry', |
280 | ]; |
281 | } |
282 | |
283 | public function getHelpUrls() { |
284 | return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:User_group_membership'; |
285 | } |
286 | } |