Code Coverage
 
Lines
Functions and Methods
Classes and Traits
Total
71.43% covered (warning)
71.43%
30 / 42
40.00% covered (danger)
40.00%
2 / 5
 CRAP
0.00% covered (danger)
0.00%
0 / 1
BlockPermissionChecker
71.43% covered (warning)
71.43%
30 / 42
40.00% covered (danger)
40.00%
2 / 5
 35.34
0.00% covered (danger)
0.00%
0 / 1
 __construct
0.00% covered (danger)
0.00%
0 / 4
0.00% covered (danger)
0.00%
0 / 1
 2
 setTarget
0.00% covered (danger)
0.00%
0 / 1
0.00% covered (danger)
0.00%
0 / 1
 2
 checkBasePermissions
100.00% covered (success)
100.00%
6 / 6
100.00% covered (success)
100.00%
1 / 1
 4
 checkBlockPermissions
75.86% covered (warning)
75.86%
22 / 29
0.00% covered (danger)
0.00%
0 / 1
 18.16
 checkEmailPermissions
100.00% covered (success)
100.00%
2 / 2
100.00% covered (success)
100.00%
1 / 1
 2
1<?php
2
3/**
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License along
15 * with this program; if not, write to the Free Software Foundation, Inc.,
16 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 * http://www.gnu.org/copyleft/gpl.html
18 *
19 * @file
20 */
21
22namespace MediaWiki\Block;
23
24use InvalidArgumentException;
25use MediaWiki\Config\ServiceOptions;
26use MediaWiki\MainConfigNames;
27use MediaWiki\Permissions\Authority;
28use MediaWiki\User\UserIdentity;
29use Wikimedia\Rdbms\IDBAccessObject;
30
31/**
32 * Block permissions
33 *
34 * This class is responsible for making sure a user has permission to block.
35 *
36 * This class is usable for both blocking and unblocking.
37 *
38 * @since 1.35
39 */
40class BlockPermissionChecker {
41    /**
42     * Legacy target state
43     * @var BlockTarget|null Block target or null when unknown
44     */
45    private $target;
46
47    /**
48     * @var BlockTargetFactory
49     */
50    private $blockTargetFactory;
51
52    /**
53     * @var Authority Block performer
54     */
55    private $performer;
56
57    /**
58     * @internal only for use by ServiceWiring and BlockPermissionCheckerFactory
59     */
60    public const CONSTRUCTOR_OPTIONS = [
61        MainConfigNames::EnableUserEmail,
62    ];
63
64    private ServiceOptions $options;
65
66    /**
67     * @param ServiceOptions $options
68     * @param BlockTargetFactory $blockTargetFactory For legacy branches only
69     * @param Authority $performer
70     */
71    public function __construct(
72        ServiceOptions $options,
73        BlockTargetFactory $blockTargetFactory,
74        Authority $performer
75    ) {
76        $options->assertRequiredOptions( self::CONSTRUCTOR_OPTIONS );
77        $this->options = $options;
78        $this->blockTargetFactory = $blockTargetFactory;
79        $this->performer = $performer;
80    }
81
82    /**
83     * @internal To support deprecated method BlockPermissionCheckerFactory::newBlockPermissionChecker()
84     * @param UserIdentity|string $target
85     * @return void
86     */
87    public function setTarget( $target ) {
88        $this->target = $this->blockTargetFactory->newFromLegacyUnion( $target );
89    }
90
91    /**
92     * Check the base permission that applies to either block or unblock
93     *
94     * @since 1.36
95     * @param bool $checkHideuser
96     * @return bool|string
97     */
98    public function checkBasePermissions( $checkHideuser = false ) {
99        if ( !$this->performer->isAllowed( 'block' ) ) {
100            return 'badaccess-group0';
101        }
102
103        if (
104            $checkHideuser &&
105            !$this->performer->isAllowed( 'hideuser' )
106        ) {
107            return 'unblock-hideuser';
108        }
109
110        return true;
111    }
112
113    /**
114     * Checks block-related permissions (doesn't check any other permissions)
115     *
116     * T17810: Site-wide blocked admins should not be able to block/unblock
117     * others with one exception; they can block the user who blocked them,
118     * to reduce advantage of a malicious account blocking all admins (T150826).
119     *
120     * T208965: Partially blocked admins can block and unblock others as normal.
121     *
122     * @param BlockTarget|UserIdentity|string|null $target The target of the
123     *   proposed block or unblock operation. Passing null for this parameter
124     *   is deprecated. This parameter will soon be required. Passing a
125     *   UserIdentity or string for this parameter is deprecated. Pass a
126     *   BlockTarget in new code.
127     * @param int $freshness Indicates whether slightly stale data is acceptable
128     *   in exchange for a fast response.
129     * @return bool|string True when checks passed, message code for failures
130     */
131    public function checkBlockPermissions(
132        $target = null,
133        $freshness = IDBAccessObject::READ_NORMAL
134    ) {
135        if ( $target === null ) {
136            if ( $this->target ) {
137                wfDeprecatedMsg(
138                    'Passing null to checkBlockPermissions() for $target is deprecated since 1.44',
139                    '1.44' );
140                $target = $this->target;
141            } else {
142                throw new InvalidArgumentException( 'A target is required' );
143            }
144        } elseif ( !( $target instanceof BlockTarget ) ) {
145            $target = $this->blockTargetFactory->newFromLegacyUnion( $target );
146            if ( !$target ) {
147                throw new InvalidArgumentException( 'Invalid block target' );
148            }
149        }
150
151        $block = $this->performer->getBlock( $freshness );
152        if ( !$block ) {
153            // User is not blocked, process as normal
154            return true;
155        }
156
157        if ( !$block->isSitewide() ) {
158            // T208965: Partially blocked admins should have full access
159            return true;
160        }
161
162        $performerIdentity = $this->performer->getUser();
163
164        if (
165            $target instanceof UserBlockTarget &&
166            $target->getUserIdentity()->getId() === $performerIdentity->getId()
167        ) {
168            // Blocked admin is trying to alter their own block
169
170            // Self-blocked admins can always remove or alter their block
171            if ( $block->getBlocker() && $performerIdentity->equals( $block->getBlocker() ) ) {
172                return true;
173            }
174
175            // Users with 'unblockself' right can unblock themselves or alter their own block
176            if ( $this->performer->isAllowed( 'unblockself' ) ) {
177                return true;
178            } else {
179                return 'ipbnounblockself';
180            }
181        }
182
183        if (
184            $target instanceof UserBlockTarget &&
185            $block->getBlocker() &&
186            $target->getUserIdentity()->equals( $block->getBlocker() )
187        ) {
188            // T150826: Blocked admins can always block the admin who blocked them
189            return true;
190        }
191
192        // User is blocked and no exception took effect
193        return 'ipbblocked';
194    }
195
196    /**
197     * Check permission to block emailing
198     *
199     * @since 1.36
200     * @return bool
201     */
202    public function checkEmailPermissions() {
203        return $this->options->get( MainConfigNames::EnableUserEmail ) &&
204            $this->performer->isAllowed( 'blockemail' );
205    }
206}