MediaWiki  1.32.0
ApiUserrightsTest.php
Go to the documentation of this file.
1 <?php
2 
10 class ApiUserrightsTest extends ApiTestCase {
11 
12  protected function setUp() {
13  parent::setUp();
14  $this->tablesUsed = array_merge(
15  $this->tablesUsed,
16  [ 'change_tag', 'change_tag_def', 'logging' ]
17  );
18  }
19 
28  protected function setPermissions( $add = [], $remove = [] ) {
29  $this->setGroupPermissions( 'bureaucrat', 'userrights', false );
30 
31  if ( $add ) {
32  $this->mergeMwGlobalArrayValue( 'wgAddGroups', [ 'bureaucrat' => $add ] );
33  }
34  if ( $remove ) {
35  $this->mergeMwGlobalArrayValue( 'wgRemoveGroups', [ 'bureaucrat' => $remove ] );
36  }
37  }
38 
53  protected function doSuccessfulRightsChange(
54  $expectedGroups = 'sysop', array $params = [], User $user = null
55  ) {
56  $expectedGroups = (array)$expectedGroups;
57  $params['action'] = 'userrights';
58 
59  if ( !$user ) {
60  $user = $this->getMutableTestUser()->getUser();
61  }
62 
63  $this->assertTrue( TestUserRegistry::isMutable( $user ),
64  'Immutable user passed to doSuccessfulRightsChange!' );
65 
66  if ( !isset( $params['user'] ) && !isset( $params['userid'] ) ) {
67  $params['user'] = $user->getName();
68  }
69  if ( !isset( $params['add'] ) && !isset( $params['remove'] ) ) {
70  $params['add'] = 'sysop';
71  }
72 
73  $res = $this->doApiRequestWithToken( $params );
74 
75  $user->clearInstanceCache();
76  $this->assertSame( $expectedGroups, $user->getGroups() );
77 
78  $this->assertArrayNotHasKey( 'warnings', $res[0] );
79  }
80 
90  protected function doFailedRightsChange(
91  $expectedException, array $params = [], User $user = null
92  ) {
93  $params['action'] = 'userrights';
94 
95  $this->setExpectedException( ApiUsageException::class, $expectedException );
96 
97  if ( !$user ) {
98  // If 'user' or 'userid' is specified and $user was not specified,
99  // the user we're creating now will have nothing to do with the API
100  // request, but that's okay, since we're just testing that it has
101  // no groups.
102  $user = $this->getMutableTestUser()->getUser();
103  }
104 
105  $this->assertTrue( TestUserRegistry::isMutable( $user ),
106  'Immutable user passed to doFailedRightsChange!' );
107 
108  if ( !isset( $params['user'] ) && !isset( $params['userid'] ) ) {
109  $params['user'] = $user->getName();
110  }
111  if ( !isset( $params['add'] ) && !isset( $params['remove'] ) ) {
112  $params['add'] = 'sysop';
113  }
114  $expectedGroups = $user->getGroups();
115 
116  try {
117  $this->doApiRequestWithToken( $params );
118  } finally {
119  $user->clearInstanceCache();
120  $this->assertSame( $expectedGroups, $user->getGroups() );
121  }
122  }
123 
124  public function testAdd() {
125  $this->doSuccessfulRightsChange();
126  }
127 
128  public function testBlockedWithUserrights() {
129  global $wgUser;
130 
131  $block = new Block( [ 'address' => $wgUser, 'by' => $wgUser->getId(), ] );
132  $block->insert();
133 
134  try {
135  $this->doSuccessfulRightsChange();
136  } finally {
137  $block->delete();
138  $wgUser->clearInstanceCache();
139  }
140  }
141 
142  public function testBlockedWithoutUserrights() {
143  $user = $this->getTestSysop()->getUser();
144 
145  $this->setPermissions( true, true );
146 
147  $block = new Block( [ 'address' => $user, 'by' => $user->getId() ] );
148  $block->insert();
149 
150  try {
151  $this->doFailedRightsChange( 'You have been blocked from editing.' );
152  } finally {
153  $block->delete();
154  $user->clearInstanceCache();
155  }
156  }
157 
158  public function testAddMultiple() {
159  $this->doSuccessfulRightsChange(
160  [ 'bureaucrat', 'sysop' ],
161  [ 'add' => 'bureaucrat|sysop' ]
162  );
163  }
164 
165  public function testTooFewExpiries() {
166  $this->doFailedRightsChange(
167  '2 expiry timestamps were provided where 3 were needed.',
168  [ 'add' => 'sysop|bureaucrat|bot', 'expiry' => 'infinity|tomorrow' ]
169  );
170  }
171 
172  public function testTooManyExpiries() {
173  $this->doFailedRightsChange(
174  '3 expiry timestamps were provided where 2 were needed.',
175  [ 'add' => 'sysop|bureaucrat', 'expiry' => 'infinity|tomorrow|never' ]
176  );
177  }
178 
179  public function testInvalidExpiry() {
180  $this->doFailedRightsChange( 'Invalid expiry time', [ 'expiry' => 'yummy lollipops!' ] );
181  }
182 
183  public function testMultipleInvalidExpiries() {
184  $this->doFailedRightsChange(
185  'Invalid expiry time "foo".',
186  [ 'add' => 'sysop|bureaucrat', 'expiry' => 'foo|bar' ]
187  );
188  }
189 
190  public function testWithTag() {
191  $this->setMwGlobals( 'wgChangeTagsSchemaMigrationStage', MIGRATION_WRITE_BOTH );
192  ChangeTags::defineTag( 'custom tag' );
193 
194  $user = $this->getMutableTestUser()->getUser();
195 
196  $this->doSuccessfulRightsChange( 'sysop', [ 'tags' => 'custom tag' ], $user );
197 
198  $dbr = wfGetDB( DB_REPLICA );
199  $this->assertSame(
200  'custom tag',
201  $dbr->selectField(
202  [ 'change_tag', 'logging' ],
203  'ct_tag',
204  [
205  'ct_log_id = log_id',
206  'log_namespace' => NS_USER,
207  'log_title' => strtr( $user->getName(), ' ', '_' )
208  ],
209  __METHOD__
210  )
211  );
212  }
213 
214  public function testWithTagNewBackend() {
215  $this->setMwGlobals( 'wgChangeTagsSchemaMigrationStage', MIGRATION_NEW );
216  ChangeTags::defineTag( 'custom tag' );
217 
218  $user = $this->getMutableTestUser()->getUser();
219 
220  $this->doSuccessfulRightsChange( 'sysop', [ 'tags' => 'custom tag' ], $user );
221 
222  $dbr = wfGetDB( DB_REPLICA );
223  $this->assertSame(
224  'custom tag',
225  $dbr->selectField(
226  [ 'change_tag', 'logging', 'change_tag_def' ],
227  'ctd_name',
228  [
229  'ct_log_id = log_id',
230  'log_namespace' => NS_USER,
231  'log_title' => strtr( $user->getName(), ' ', '_' )
232  ],
233  __METHOD__,
234  [ 'change_tag_def' => [ 'INNER JOIN', 'ctd_id = ct_tag_id' ] ]
235  )
236  );
237  }
238 
239  public function testWithoutTagPermission() {
240  ChangeTags::defineTag( 'custom tag' );
241 
242  $this->setGroupPermissions( 'user', 'applychangetags', false );
243 
244  $this->doFailedRightsChange(
245  'You do not have permission to apply change tags along with your changes.',
246  [ 'tags' => 'custom tag' ]
247  );
248  }
249 
250  public function testNonexistentUser() {
251  $this->doFailedRightsChange(
252  'There is no user by the name "Nonexistent user". Check your spelling.',
253  [ 'user' => 'Nonexistent user' ]
254  );
255  }
256 
257  public function testWebToken() {
258  $sysop = $this->getTestSysop()->getUser();
259  $user = $this->getMutableTestUser()->getUser();
260 
261  $token = $sysop->getEditToken( $user->getName() );
262 
263  $res = $this->doApiRequest( [
264  'action' => 'userrights',
265  'user' => $user->getName(),
266  'add' => 'sysop',
267  'token' => $token,
268  ] );
269 
270  $user->clearInstanceCache();
271  $this->assertSame( [ 'sysop' ], $user->getGroups() );
272 
273  $this->assertArrayNotHasKey( 'warnings', $res[0] );
274  }
275 
284  private function getMockForProcessingExpiries( $canProcessExpiries ) {
285  $sysop = $this->getTestSysop()->getUser();
286  $user = $this->getMutableTestUser()->getUser();
287 
288  $token = $sysop->getEditToken( 'userrights' );
289 
290  $main = new ApiMain( new FauxRequest( [
291  'action' => 'userrights',
292  'user' => $user->getName(),
293  'add' => 'sysop',
294  'token' => $token,
295  ] ) );
296 
297  $mockUserRightsPage = $this->getMockBuilder( UserrightsPage::class )
298  ->setMethods( [ 'canProcessExpiries' ] )
299  ->getMock();
300  $mockUserRightsPage->method( 'canProcessExpiries' )->willReturn( $canProcessExpiries );
301 
302  $mockApi = $this->getMockBuilder( ApiUserrights::class )
303  ->setConstructorArgs( [ $main, 'userrights' ] )
304  ->setMethods( [ 'getUserRightsPage' ] )
305  ->getMock();
306  $mockApi->method( 'getUserRightsPage' )->willReturn( $mockUserRightsPage );
307 
308  return $mockApi;
309  }
310 
311  public function testCanProcessExpiries() {
312  $mock1 = $this->getMockForProcessingExpiries( true );
313  $this->assertArrayHasKey( 'expiry', $mock1->getAllowedParams() );
314 
315  $mock2 = $this->getMockForProcessingExpiries( false );
316  $this->assertArrayNotHasKey( 'expiry', $mock2->getAllowedParams() );
317  }
318 
328  public function testAddAndRemoveGroups(
329  array $permissions = null, array $groupsToChange, array $expectedGroups
330  ) {
331  if ( $permissions !== null ) {
332  $this->setPermissions( $permissions[0], $permissions[1] );
333  }
334 
335  $params = [
336  'add' => implode( '|', $groupsToChange[0] ),
337  'remove' => implode( '|', $groupsToChange[1] ),
338  ];
339 
340  // We'll take a bot so we have a group to remove
341  $user = $this->getMutableTestUser( [ 'bot' ] )->getUser();
342 
343  $this->doSuccessfulRightsChange( $expectedGroups, $params, $user );
344  }
345 
346  public function addAndRemoveGroupsProvider() {
347  return [
348  'Simple add' => [
349  [ [ 'sysop' ], [] ],
350  [ [ 'sysop' ], [] ],
351  [ 'bot', 'sysop' ]
352  ], 'Add with only remove permission' => [
353  [ [], [ 'sysop' ] ],
354  [ [ 'sysop' ], [] ],
355  [ 'bot' ],
356  ], 'Add with global remove permission' => [
357  [ [], true ],
358  [ [ 'sysop' ], [] ],
359  [ 'bot' ],
360  ], 'Simple remove' => [
361  [ [], [ 'bot' ] ],
362  [ [], [ 'bot' ] ],
363  [],
364  ], 'Remove with only add permission' => [
365  [ [ 'bot' ], [] ],
366  [ [], [ 'bot' ] ],
367  [ 'bot' ],
368  ], 'Remove with global add permission' => [
369  [ true, [] ],
370  [ [], [ 'bot' ] ],
371  [ 'bot' ],
372  ], 'Add and remove same new group' => [
373  null,
374  [ [ 'sysop' ], [ 'sysop' ] ],
375  // The userrights code does removals before adds, so it doesn't remove the sysop
376  // group here and only adds it.
377  [ 'bot', 'sysop' ],
378  ], 'Add and remove same existing group' => [
379  null,
380  [ [ 'bot' ], [ 'bot' ] ],
381  // But here it first removes the existing group and then re-adds it.
382  [ 'bot' ],
383  ],
384  ];
385  }
386 }
ApiMain
This is the main API class, used for both external and internal processing.
Definition: ApiMain.php:41
$user
please add to it if you re going to add events to the MediaWiki code where normally authentication against an external auth plugin would be creating a account $user
Definition: hooks.txt:244
FauxRequest
WebRequest clone which takes values from a provided array.
Definition: FauxRequest.php:33
ApiUserrightsTest\testAddAndRemoveGroups
testAddAndRemoveGroups(array $permissions=null, array $groupsToChange, array $expectedGroups)
Tests adding and removing various groups with various permissions.
Definition: ApiUserrightsTest.php:328
ApiUserrightsTest\testAdd
testAdd()
Definition: ApiUserrightsTest.php:124
MediaWikiTestCase\mergeMwGlobalArrayValue
mergeMwGlobalArrayValue( $name, $values)
Merges the given values into a MW global array variable.
Definition: MediaWikiTestCase.php:901
ApiUserrightsTest\testNonexistentUser
testNonexistentUser()
Definition: ApiUserrightsTest.php:250
ApiUserrightsTest\doSuccessfulRightsChange
doSuccessfulRightsChange( $expectedGroups='sysop', array $params=[], User $user=null)
Perform an API userrights request that's expected to be successful.
Definition: ApiUserrightsTest.php:53
MIGRATION_NEW
const MIGRATION_NEW
Definition: Defines.php:318
$params
$params
Definition: styleTest.css.php:44
MIGRATION_WRITE_BOTH
const MIGRATION_WRITE_BOTH
Definition: Defines.php:316
ApiUserrightsTest\setUp
setUp()
Definition: ApiUserrightsTest.php:12
ApiUserrightsTest\testWebToken
testWebToken()
Definition: ApiUserrightsTest.php:257
$res
$res
Definition: database.txt:21
ApiUserrightsTest\testCanProcessExpiries
testCanProcessExpiries()
Definition: ApiUserrightsTest.php:311
Block\insert
insert( $dbw=null)
Insert a block into the block table.
Definition: Block.php:527
php
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
Definition: injection.txt:35
ApiUserrightsTest\testTooFewExpiries
testTooFewExpiries()
Definition: ApiUserrightsTest.php:165
$dbr
$dbr
Definition: testCompression.php:50
TestUserRegistry\isMutable
static isMutable(User $user)
Definition: TestUserRegistry.php:115
ApiTestCase\doApiRequest
doApiRequest(array $params, array $session=null, $appendModule=false, User $user=null, $tokenType=null)
Does the API request and returns the result.
Definition: ApiTestCase.php:63
wfGetDB
wfGetDB( $db, $groups=[], $wiki=false)
Get a Database object.
Definition: GlobalFunctions.php:2693
ApiUserrightsTest\testInvalidExpiry
testInvalidExpiry()
Definition: ApiUserrightsTest.php:179
MediaWikiTestCase\setMwGlobals
setMwGlobals( $pairs, $value=null)
Sets a global, maintaining a stashed version of the previous global to be restored in tearDown.
Definition: MediaWikiTestCase.php:706
ApiTestCase\doApiRequestWithToken
doApiRequestWithToken(array $params, array $session=null, User $user=null, $tokenType='auto')
Convenience function to access the token parameter of doApiRequest() more succinctly.
Definition: ApiTestCase.php:133
ChangeTags\defineTag
static defineTag( $tag)
Defines a tag in the valid_tag table and/or update ctd_user_defined field in change_tag_def,...
Definition: ChangeTags.php:915
DB_REPLICA
const DB_REPLICA
Definition: defines.php:25
array
The wiki should then use memcached to cache various data To use multiple just add more items to the array To increase the weight of a make its entry a array("192.168.0.1:11211", 2))
ApiUserrightsTest\testTooManyExpiries
testTooManyExpiries()
Definition: ApiUserrightsTest.php:172
ApiUserrightsTest\testMultipleInvalidExpiries
testMultipleInvalidExpiries()
Definition: ApiUserrightsTest.php:183
ApiUserrightsTest\addAndRemoveGroupsProvider
addAndRemoveGroupsProvider()
Definition: ApiUserrightsTest.php:346
ApiUserrightsTest
API Database medium.
Definition: ApiUserrightsTest.php:10
ApiUserrightsTest\testBlockedWithoutUserrights
testBlockedWithoutUserrights()
Definition: ApiUserrightsTest.php:142
ApiTestCase
Definition: ApiTestCase.php:5
MediaWikiTestCase\getMutableTestUser
static getMutableTestUser( $groups=[])
Convenience method for getting a mutable test user.
Definition: MediaWikiTestCase.php:191
MediaWikiTestCase\getTestSysop
static getTestSysop()
Convenience method for getting an immutable admin test user.
Definition: MediaWikiTestCase.php:203
ApiUserrightsTest\setPermissions
setPermissions( $add=[], $remove=[])
Unsets $wgGroupPermissions['bureaucrat']['userrights'], and sets $wgAddGroups['bureaucrat'] and $wgRe...
Definition: ApiUserrightsTest.php:28
MediaWikiTestCase\setGroupPermissions
setGroupPermissions( $newPerms, $newKey=null, $newValue=null)
Alters $wgGroupPermissions for the duration of the test.
Definition: MediaWikiTestCase.php:1092
ApiUserrightsTest\doFailedRightsChange
doFailedRightsChange( $expectedException, array $params=[], User $user=null)
Perform an API userrights request that's expected to fail.
Definition: ApiUserrightsTest.php:90
ApiUserrightsTest\testWithTag
testWithTag()
Definition: ApiUserrightsTest.php:190
Block
Definition: Block.php:27
NS_USER
const NS_USER
Definition: Defines.php:66
true
null means default in associative array with keys and values unescaped Should be merged with default with a value of false meaning to suppress the attribute in associative array with keys and values unescaped noclasses just before the function returns a value If you return true
Definition: hooks.txt:2036
class
you have access to all of the normal MediaWiki so you can get a DB use the etc For full docs on the Maintenance class
Definition: maintenance.txt:52
ApiUserrightsTest\testWithTagNewBackend
testWithTagNewBackend()
Definition: ApiUserrightsTest.php:214
User
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
Definition: User.php:47
ApiUserrightsTest\testBlockedWithUserrights
testBlockedWithUserrights()
Definition: ApiUserrightsTest.php:128
ApiUserrightsTest\testWithoutTagPermission
testWithoutTagPermission()
Definition: ApiUserrightsTest.php:239
ApiUserrightsTest\getMockForProcessingExpiries
getMockForProcessingExpiries( $canProcessExpiries)
Helper for testCanProcessExpiries that returns a mock ApiUserrights that either can or cannot process...
Definition: ApiUserrightsTest.php:284
ApiUserrightsTest\testAddMultiple
testAddMultiple()
Definition: ApiUserrightsTest.php:158