CheckExclusiveRights.php

Go to the documentation of this file.

<?php
 
namespace MediaWiki\Extension\OATHAuth\Hook\GetUserPermissionsErrors;
 
use ConfigException;
use MediaWiki\Extension\OATHAuth\OATHAuth;
use MediaWiki\Session\Session;
use RequestContext;
use User;
use Title;
 
class CheckExclusiveRights {
    protected $exclusiveRights;
 
    protected $session;
 
    protected $title;
 
    protected $user;
 
    protected $action;
 
    protected $result;
 
    public static function callback( $title, $user, $action, &$result ) {
        $config = RequestContext::getMain()->getConfig();
        if ( !$config->has( 'OATHExclusiveRights' ) ) {
            return true;
        }
        $session = $user->getRequest()->getSession();
        $exclusiveRights = $config->get( 'OATHExclusiveRights' );
        $handler = new static( $exclusiveRights, $session, $title, $user, $action, $result );
        return $handler->execute();
    }
 
    protected function __construct( $exclusiveRights, $session, $title, $user, $action, &$result ) {
        $this->exclusiveRights = $exclusiveRights;
        $this->session = $session;
        $this->title = $title;
        $this->user = $user;
        $this->action = $action;
        $this->result = &$result;
    }
 
    protected function execute() {
        if ( !$this->authenticatedOver2FA() && $this->actionBlocked() ) {
            $this->addError();
            return false;
        }
        return true;
    }
 
    private function authenticatedOver2FA() {
        return (bool)$this->session->get( OATHAuth::AUTHENTICATED_OVER_2FA, false );
    }
 
    private function actionBlocked() {
        return in_array( $this->action, $this->exclusiveRights );
    }
 
    private function addError() {
        $this->result = 'oathauth-action-exclusive-to-2fa';
    }
}