A service class for checking permissions To obtain an instance, use MediaWikiServices::getInstance()->getPermissionManager(). More...
Public Member Functions | |
| __construct (SpecialPageFactory $specialPageFactory, $whitelistRead, $whitelistReadRegexp, $emailConfirmToEdit, $blockDisablesLogin) | |
| getPermissionErrors ( $action, User $user, LinkTarget $page, $rigor=self::RIGOR_SECURE, $ignoreErrors=[]) | |
| Can $user perform $action on a page? More... | |
| isBlockedFrom (User $user, LinkTarget $page, $fromReplica=false) | |
| Check if user is blocked from editing a particular article. More... | |
| userCan ( $action, User $user, LinkTarget $page, $rigor=self::RIGOR_SECURE) | |
| Can $user perform $action on a page? More... | |
Private Member Functions | |
| checkActionPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page) | |
| Check action permissions not already checked in checkQuickPermissions. More... | |
| checkCascadingSourcesRestrictions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page) | |
| Check restrictions on cascading pages. More... | |
| checkPageRestrictions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page) | |
| Check against page_restrictions table requirements on this page. More... | |
| checkPermissionHooks ( $action, User $user, $errors, $rigor, $short, LinkTarget $page) | |
| Check various permission hooks. More... | |
| checkQuickPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page) | |
| Permissions checks that fail most often, and which are easiest to test. More... | |
| checkReadPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page) | |
| Check that the user is allowed to read this page. More... | |
| checkSiteConfigPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page) | |
| Check sitewide CSS/JSON/JS permissions. More... | |
| checkSpecialsAndNSPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page) | |
| Check permissions on special pages & namespaces. More... | |
| checkUserBlock ( $action, User $user, $errors, $rigor, $short, LinkTarget $page) | |
| Check that the user isn't blocked from editing. More... | |
| checkUserConfigPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page) | |
| Check CSS/JSON/JS sub-page permissions. More... | |
| getPermissionErrorsInternal ( $action, User $user, LinkTarget $page, $rigor=self::RIGOR_SECURE, $short=false) | |
| Can $user perform $action on a page? This is an internal function, with multiple levels of checks depending on performance needs; see $rigor below. More... | |
| isSameSpecialPage ( $name, LinkTarget $page) | |
| Returns true if this title resolves to the named special page. More... | |
| missingPermissionError ( $action, $short) | |
| Get a description array when the user doesn't have the right to perform $action (i.e. More... | |
| resultToError ( $errors, $result) | |
| Add the resulting error code to the errors array. More... | |
Private Attributes | |
| bool | $blockDisablesLogin |
| If set to true, blocked users will no longer be allowed to log in. More... | |
| bool | $emailConfirmToEdit |
| Require users to confirm email address before they can edit. More... | |
| SpecialPageFactory | $specialPageFactory |
| string[] | $whitelistRead |
| List of pages names anonymous user may see. More... | |
| string[] | $whitelistReadRegexp |
| Whitelists publicly readable titles with regular expressions. More... | |
Detailed Description
A service class for checking permissions To obtain an instance, use MediaWikiServices::getInstance()->getPermissionManager().
- Since
- 1.33
Definition at line 43 of file PermissionManager.php.
Constructor & Destructor Documentation
◆ __construct()
| MediaWiki\Permissions\PermissionManager::__construct | ( | SpecialPageFactory | $specialPageFactory, |
| $whitelistRead, | |||
| $whitelistReadRegexp, | |||
| $emailConfirmToEdit, | |||
| $blockDisablesLogin | |||
| ) |
- Parameters
-
SpecialPageFactory $specialPageFactory string[] $whitelistRead string[] $whitelistReadRegexp bool $emailConfirmToEdit bool $blockDisablesLogin
Definition at line 76 of file PermissionManager.php.
References MediaWiki\Permissions\PermissionManager\$blockDisablesLogin, MediaWiki\Permissions\PermissionManager\$emailConfirmToEdit, MediaWiki\Permissions\PermissionManager\$specialPageFactory, MediaWiki\Permissions\PermissionManager\$whitelistRead, and MediaWiki\Permissions\PermissionManager\$whitelistReadRegexp.
Member Function Documentation
◆ checkActionPermissions()
|
private |
Check action permissions not already checked in checkQuickPermissions.
- Parameters
-
string $action The action to check User $user User to check array $errors List of current errors string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool $short Short circuit on first error LinkTarget $page
- Returns
- array List of errors
- Exceptions
-
Exception
Definition at line 786 of file PermissionManager.php.
References MediaWiki\$action, $user, $wgDeleteRevisionsLimit, $wgLang, MediaWiki\Permissions\PermissionManager\checkCascadingSourcesRestrictions(), MediaWiki\Permissions\PermissionManager\checkPageRestrictions(), captcha-old\count, MediaWiki\Linker\LinkTarget\getNamespace(), MediaWiki\Permissions\PermissionManager\getPermissionErrorsInternal(), MWNamespace\isMovable(), Title\newFromLinkTarget(), MediaWiki\Permissions\PermissionManager\userCan(), and User\whoIs().
◆ checkCascadingSourcesRestrictions()
|
private |
Check restrictions on cascading pages.
- Parameters
-
string $action The action to check User $user User to check array $errors List of current errors string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool $short Short circuit on first error LinkTarget $page
- Returns
- array List of errors
Definition at line 724 of file PermissionManager.php.
References MediaWiki\$action, $user, as, captcha-old\count, list, and Title\newFromLinkTarget().
Referenced by MediaWiki\Permissions\PermissionManager\checkActionPermissions().
◆ checkPageRestrictions()
|
private |
Check against page_restrictions table requirements on this page.
The user must possess all required rights for this action.
- Parameters
-
string $action The action to check User $user User to check array $errors List of current errors string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool $short Short circuit on first error LinkTarget $page
- Returns
- array List of errors
Definition at line 676 of file PermissionManager.php.
References MediaWiki\$action, $user, as, and Title\newFromLinkTarget().
Referenced by MediaWiki\Permissions\PermissionManager\checkActionPermissions().
◆ checkPermissionHooks()
|
private |
Check various permission hooks.
- Parameters
-
string $action The action to check User $user User to check array $errors List of current errors string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool $short Short circuit on first error LinkTarget $page
- Returns
- array List of errors
- Exceptions
-
FatalError MWException
Definition at line 286 of file PermissionManager.php.
References MediaWiki\$action, $user, captcha-old\count, Title\newFromLinkTarget(), MediaWiki\Permissions\PermissionManager\resultToError(), and Hooks\run().
◆ checkQuickPermissions()
|
private |
Permissions checks that fail most often, and which are easiest to test.
- Parameters
-
string $action The action to check User $user User to check array $errors List of current errors string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool $short Short circuit on first error LinkTarget $page
- Returns
- array List of errors
- Exceptions
-
FatalError MWException
Definition at line 583 of file PermissionManager.php.
References MediaWiki\$action, $user, MediaWiki\Linker\LinkTarget\getNamespace(), MediaWiki\Linker\LinkTarget\getText(), User\groupHasPermission(), MWNamespace\hasSubpages(), MWNamespace\isTalk(), MediaWiki\Permissions\PermissionManager\missingPermissionError(), Title\newFromLinkTarget(), NS_CATEGORY, NS_FILE, NS_USER, and Hooks\run().
◆ checkReadPermissions()
|
private |
Check that the user is allowed to read this page.
- Parameters
-
string $action The action to check User $user User to check array $errors List of current errors string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool $short Short circuit on first error LinkTarget $page
- Returns
- array List of errors
- Exceptions
-
FatalError MWException
Definition at line 363 of file PermissionManager.php.
References MediaWiki\$action, $name, $user, as, captcha-old\count, MediaWiki\Linker\LinkTarget\getDBkey(), MediaWiki\Linker\LinkTarget\getNamespace(), SpecialPage\getTitleFor(), User\isEveryoneAllowed(), MediaWiki\Permissions\PermissionManager\isSameSpecialPage(), list, MediaWiki\Permissions\PermissionManager\missingPermissionError(), Title\newFromLinkTarget(), NS_MAIN, and Hooks\run().
◆ checkSiteConfigPermissions()
|
private |
Check sitewide CSS/JSON/JS permissions.
- Parameters
-
string $action The action to check User $user User to check array $errors List of current errors string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool $short Short circuit on first error LinkTarget $page
- Returns
- array List of errors
Definition at line 923 of file PermissionManager.php.
References MediaWiki\$action, $user, Title\newFromLinkTarget(), and wfMessage().
◆ checkSpecialsAndNSPermissions()
|
private |
Check permissions on special pages & namespaces.
- Parameters
-
string $action The action to check User $user User to check array $errors List of current errors string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool $short Short circuit on first error LinkTarget $page
- Returns
- array List of errors
Definition at line 879 of file PermissionManager.php.
References MediaWiki\$action, $user, MediaWiki\Linker\LinkTarget\getNamespace(), Title\newFromLinkTarget(), NS_MAIN, NS_MEDIAWIKI, NS_SPECIAL, and wfMessage().
◆ checkUserBlock()
|
private |
Check that the user isn't blocked from editing.
- Parameters
-
string $action The action to check User $user User to check array $errors List of current errors string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool $short Short circuit on first error LinkTarget $page
- Returns
- array List of errors
- Exceptions
-
MWException
Definition at line 496 of file PermissionManager.php.
References MediaWiki\$action, $user, Action\exists(), Action\factory(), WikiPage\factory(), false, RequestContext\getMain(), MediaWiki\Permissions\PermissionManager\isBlockedFrom(), and Title\newFromLinkTarget().
◆ checkUserConfigPermissions()
|
private |
Check CSS/JSON/JS sub-page permissions.
- Parameters
-
string $action The action to check User $user User to check array $errors List of current errors string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool $short Short circuit on first error LinkTarget $page
- Returns
- array List of errors
Definition at line 983 of file PermissionManager.php.
References MediaWiki\$action, $user, MediaWiki\Linker\LinkTarget\getText(), and Title\newFromLinkTarget().
◆ getPermissionErrors()
| MediaWiki\Permissions\PermissionManager::getPermissionErrors | ( | $action, | |
| User | $user, | ||
| LinkTarget | $page, | ||
$rigor = self::RIGOR_SECURE, |
|||
$ignoreErrors = [] |
|||
| ) |
Can $user perform $action on a page?
- Todo:
- FIXME: This does not check throttles (User::pingLimiter()).
- Parameters
-
string $action Action that permission needs to be checked for User $user User to check LinkTarget $page string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
array $ignoreErrors Array of Strings Set this to a list of message keys whose corresponding errors may be ignored.
- Returns
- array Array of arrays of the arguments to wfMessage to explain permissions problems.
- Exceptions
-
Exception
Definition at line 132 of file PermissionManager.php.
References MediaWiki\$action, as, and MediaWiki\Permissions\PermissionManager\getPermissionErrorsInternal().
◆ getPermissionErrorsInternal()
|
private |
Can $user perform $action on a page? This is an internal function, with multiple levels of checks depending on performance needs; see $rigor below.
It does not check wfReadOnly().
- Parameters
-
string $action Action that permission needs to be checked for User $user User to check LinkTarget $page string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool $short Set this to true to stop after the first permission error.
- Returns
- array Array of arrays of the arguments to wfMessage to explain permissions problems.
- Exceptions
-
Exception
Definition at line 211 of file PermissionManager.php.
References MediaWiki\$action, $user, and as.
Referenced by MediaWiki\Permissions\PermissionManager\checkActionPermissions(), MediaWiki\Permissions\PermissionManager\getPermissionErrors(), and MediaWiki\Permissions\PermissionManager\userCan().
◆ isBlockedFrom()
| MediaWiki\Permissions\PermissionManager::isBlockedFrom | ( | User | $user, |
| LinkTarget | $page, | ||
$fromReplica = false |
|||
| ) |
Check if user is blocked from editing a particular article.
- Parameters
-
User $user LinkTarget $page Title to check bool $fromReplica Whether to check the replica DB instead of the master
- Returns
- bool
- Exceptions
-
FatalError MWException
Definition at line 167 of file PermissionManager.php.
References $user, Title\newFromLinkTarget(), and Hooks\run().
Referenced by MediaWiki\Permissions\PermissionManager\checkUserBlock().
◆ isSameSpecialPage()
|
private |
Returns true if this title resolves to the named special page.
- Parameters
-
string $name The special page name LinkTarget $page
- Returns
- bool
Definition at line 468 of file PermissionManager.php.
References $name, MediaWiki\Linker\LinkTarget\getDBkey(), MediaWiki\Linker\LinkTarget\getNamespace(), list, and NS_SPECIAL.
Referenced by MediaWiki\Permissions\PermissionManager\checkReadPermissions().
◆ missingPermissionError()
|
private |
Get a description array when the user doesn't have the right to perform $action (i.e.
when User::isAllowed() returns false)
- Parameters
-
string $action The action to check bool $short Short circuit on first error
- Returns
- array Array containing an error message key and any parameters
Definition at line 449 of file PermissionManager.php.
References MediaWiki\$action, and User\newFatalPermissionDeniedStatus().
Referenced by MediaWiki\Permissions\PermissionManager\checkQuickPermissions(), and MediaWiki\Permissions\PermissionManager\checkReadPermissions().
◆ resultToError()
|
private |
Add the resulting error code to the errors array.
- Parameters
-
array $errors List of current errors array $result Result of errors
- Returns
- array List of errors
Definition at line 325 of file PermissionManager.php.
References captcha-old\count.
Referenced by MediaWiki\Permissions\PermissionManager\checkPermissionHooks().
◆ userCan()
| MediaWiki\Permissions\PermissionManager::userCan | ( | $action, | |
| User | $user, | ||
| LinkTarget | $page, | ||
$rigor = self::RIGOR_SECURE |
|||
| ) |
Can $user perform $action on a page?
The method is intended to replace Title::userCan() The $user parameter need to be superseded by UserIdentity value in future The $title parameter need to be superseded by PageIdentity value in future
- See also
- Title::userCan()
- Parameters
-
string $action User $user LinkTarget $page string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
- Returns
- bool
- Exceptions
-
Exception
Definition at line 110 of file PermissionManager.php.
References MediaWiki\$action, captcha-old\count, and MediaWiki\Permissions\PermissionManager\getPermissionErrorsInternal().
Referenced by MediaWiki\Permissions\PermissionManager\checkActionPermissions().
Member Data Documentation
◆ $blockDisablesLogin
|
private |
If set to true, blocked users will no longer be allowed to log in.
Definition at line 67 of file PermissionManager.php.
Referenced by MediaWiki\Permissions\PermissionManager\__construct().
◆ $emailConfirmToEdit
|
private |
Require users to confirm email address before they can edit.
Definition at line 64 of file PermissionManager.php.
Referenced by MediaWiki\Permissions\PermissionManager\__construct().
◆ $specialPageFactory
|
private |
Definition at line 51 of file PermissionManager.php.
Referenced by MediaWiki\Permissions\PermissionManager\__construct().
◆ $whitelistRead
|
private |
List of pages names anonymous user may see.
Definition at line 58 of file PermissionManager.php.
Referenced by MediaWiki\Permissions\PermissionManager\__construct().
◆ $whitelistReadRegexp
|
private |
Whitelists publicly readable titles with regular expressions.
Definition at line 61 of file PermissionManager.php.
Referenced by MediaWiki\Permissions\PermissionManager\__construct().
The documentation for this class was generated from the following file:
- includes/Permissions/PermissionManager.php
