MediaWiki 1.40.4
ApiUserrights.php
Go to the documentation of this file.
1<?php
2
26use MediaWiki\ParamValidator\TypeDef\UserDef;
27use MediaWiki\Permissions\Authority;
28use MediaWiki\Specials\SpecialUserRights;
29use MediaWiki\User\UserGroupManager;
30use Wikimedia\ParamValidator\ParamValidator;
31
35class ApiUserrights extends ApiBase {
36
37 private $mUser = null;
38
40 private $userGroupManager;
41
47 public function __construct(
48 ApiMain $mainModule,
49 $moduleName,
50 UserGroupManager $userGroupManager
51 ) {
52 parent::__construct( $mainModule, $moduleName );
53 $this->userGroupManager = $userGroupManager;
54 }
55
56 public function execute() {
57 $pUser = $this->getUser();
58
59 // Deny if the user is blocked and doesn't have the full 'userrights' permission.
60 // This matches what Special:UserRights does for the web UI.
61 if ( !$this->getAuthority()->isAllowed( 'userrights' ) ) {
62 $block = $pUser->getBlock( Authority::READ_LATEST );
63 if ( $block && $block->isSitewide() ) {
64 $this->dieBlocked( $block );
65 }
66 }
67
68 $params = $this->extractRequestParams();
69
70 // Figure out expiry times from the input
71 $expiry = (array)$params['expiry'];
72 $add = (array)$params['add'];
73 if ( !$add ) {
74 $expiry = [];
75 } elseif ( count( $expiry ) !== count( $add ) ) {
76 if ( count( $expiry ) === 1 ) {
77 $expiry = array_fill( 0, count( $add ), $expiry[0] );
78 } else {
79 $this->dieWithError( [
80 'apierror-toofewexpiries',
81 count( $expiry ),
82 count( $add )
83 ] );
84 }
85 }
86
87 // Validate the expiries
88 $groupExpiries = [];
89 foreach ( $expiry as $index => $expiryValue ) {
90 $group = $add[$index];
91 $groupExpiries[$group] = SpecialUserRights::expiryToTimestamp( $expiryValue );
92
93 if ( $groupExpiries[$group] === false ) {
94 $this->dieWithError( [ 'apierror-invalidexpiry', wfEscapeWikiText( $expiryValue ) ] );
95 }
96
97 // not allowed to have things expiring in the past
98 if ( $groupExpiries[$group] && $groupExpiries[$group] < wfTimestampNow() ) {
99 $this->dieWithError( [ 'apierror-pastexpiry', wfEscapeWikiText( $expiryValue ) ] );
100 }
101 }
102
103 $user = $this->getUrUser( $params );
104
105 $tags = $params['tags'];
106
107 // Check if user can add tags
108 if ( $tags !== null ) {
109 $ableToTag = ChangeTags::canAddTagsAccompanyingChange( $tags, $this->getAuthority() );
110 if ( !$ableToTag->isOK() ) {
111 $this->dieStatus( $ableToTag );
112 }
113 }
114
115 $form = new SpecialUserRights();
116 $form->setContext( $this->getContext() );
117 $r = [];
118 $r['user'] = $user->getName();
119 $r['userid'] = $user->getId();
120 [ $r['added'], $r['removed'] ] = $form->doSaveUserGroups(
121 // Don't pass null to doSaveUserGroups() for array params, cast to empty array
122 $user, $add, (array)$params['remove'],
123 $params['reason'], (array)$tags, $groupExpiries
124 );
125
126 $result = $this->getResult();
127 ApiResult::setIndexedTagName( $r['added'], 'group' );
128 ApiResult::setIndexedTagName( $r['removed'], 'group' );
129 $result->addValue( null, $this->getModuleName(), $r );
130 }
131
136 private function getUrUser( array $params ) {
137 if ( $this->mUser !== null ) {
138 return $this->mUser;
139 }
140
141 $this->requireOnlyOneParameter( $params, 'user', 'userid' );
142
143 $user = $params['user'] ?? '#' . $params['userid'];
144
145 $form = new SpecialUserRights();
146 $form->setContext( $this->getContext() );
147 $status = $form->fetchUser( $user );
148 if ( !$status->isOK() ) {
149 $this->dieStatus( $status );
150 }
151
152 $this->mUser = $status->value;
153
154 return $status->value;
155 }
156
157 public function mustBePosted() {
158 return true;
159 }
160
161 public function isWriteMode() {
162 return true;
163 }
164
165 public function getAllowedParams( $flags = 0 ) {
166 $allGroups = $this->userGroupManager->listAllGroups();
167
168 if ( $flags & ApiBase::GET_VALUES_FOR_HELP ) {
169 sort( $allGroups );
170 }
171
172 return [
173 'user' => [
174 ParamValidator::PARAM_TYPE => 'user',
175 UserDef::PARAM_ALLOWED_USER_TYPES => [ 'name', 'id' ],
176 ],
177 'userid' => [
178 ParamValidator::PARAM_TYPE => 'integer',
179 ParamValidator::PARAM_DEPRECATED => true,
180 ],
181 'add' => [
182 ParamValidator::PARAM_TYPE => $allGroups,
183 ParamValidator::PARAM_ISMULTI => true
184 ],
185 'expiry' => [
186 ParamValidator::PARAM_ISMULTI => true,
187 ParamValidator::PARAM_ALLOW_DUPLICATES => true,
188 ParamValidator::PARAM_DEFAULT => 'infinite',
189 ],
190 'remove' => [
191 ParamValidator::PARAM_TYPE => $allGroups,
192 ParamValidator::PARAM_ISMULTI => true
193 ],
194 'reason' => [
195 ParamValidator::PARAM_DEFAULT => ''
196 ],
197 'token' => [
198 // Standard definition automatically inserted
199 ApiBase::PARAM_HELP_MSG_APPEND => [ 'api-help-param-token-webui' ],
200 ],
201 'tags' => [
202 ParamValidator::PARAM_TYPE => 'tags',
203 ParamValidator::PARAM_ISMULTI => true
204 ],
205 ];
206 }
207
208 public function needsToken() {
209 return 'userrights';
210 }
211
212 protected function getWebUITokenSalt( array $params ) {
213 return $this->getUrUser( $params )->getName();
214 }
215
216 protected function getExamplesMessages() {
217 return [
218 'action=userrights&user=FooBot&add=bot&remove=sysop|bureaucrat&token=123ABC'
219 => 'apihelp-userrights-example-user',
220 'action=userrights&userid=123&add=bot&remove=sysop|bureaucrat&token=123ABC'
221 => 'apihelp-userrights-example-userid',
222 'action=userrights&user=SometimeSysop&add=sysop&expiry=1%20month&token=123ABC'
223 => 'apihelp-userrights-example-expiry',
224 ];
225 }
226
227 public function getHelpUrls() {
228 return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:User_group_membership';
229 }
230}
wfTimestampNow
wfTimestampNow()
Convenience function; returns MediaWiki timestamp for the present time.
Definition GlobalFunctions.php:1411
wfEscapeWikiText
wfEscapeWikiText( $text)
Escapes the given text so that it may be output using addWikiText() without any linking,...
Definition GlobalFunctions.php:1170
ApiBase
This abstract class implements many basic API functions, and is the base of all API classes.
Definition ApiBase.php:59
ApiBase\dieWithError
dieWithError( $msg, $code=null, $data=null, $httpCode=0)
Abort execution with an error.
Definition ApiBase.php:1460
ApiBase\PARAM_HELP_MSG_APPEND
const PARAM_HELP_MSG_APPEND
((string|array|Message)[]) Specify additional i18n messages to append to the normal message for this ...
Definition ApiBase.php:173
ApiBase\requireOnlyOneParameter
requireOnlyOneParameter( $params,... $required)
Die if none or more than one of a certain set of parameters is set and not false.
Definition ApiBase.php:911
ApiBase\getResult
getResult()
Get the result object.
Definition ApiBase.php:637
ApiBase\extractRequestParams
extractRequestParams( $options=[])
Using getAllowedParams(), this function makes an array of the values provided by the user,...
Definition ApiBase.php:773
ApiBase\GET_VALUES_FOR_HELP
const GET_VALUES_FOR_HELP
getAllowedParams() flag: When set, the result could take longer to generate, but should be more thoro...
Definition ApiBase.php:242
ApiBase\getModuleName
getModuleName()
Get the name of the module being executed by this instance.
Definition ApiBase.php:506
ApiBase\dieStatus
dieStatus(StatusValue $status)
Throw an ApiUsageException based on the Status object.
Definition ApiBase.php:1521
ApiBase\dieBlocked
dieBlocked(Block $block)
Throw an ApiUsageException, which will (if uncaught) call the main module's error handler and die wit...
Definition ApiBase.php:1489
ApiMain
This is the main API class, used for both external and internal processing.
Definition ApiMain.php:58
ApiUserrights\getHelpUrls
getHelpUrls()
Return links to more detailed help pages about the module.
Definition ApiUserrights.php:227
ApiUserrights\getAllowedParams
getAllowedParams( $flags=0)
Definition ApiUserrights.php:165
ApiUserrights\execute
execute()
Evaluates the parameters, performs the requested query, and sets up the result.
Definition ApiUserrights.php:56
ApiUserrights\mustBePosted
mustBePosted()
Indicates whether this module must be called with a POST request.
Definition ApiUserrights.php:157
ApiUserrights\needsToken
needsToken()
Returns the token type this module requires in order to execute.
Definition ApiUserrights.php:208
ApiUserrights\isWriteMode
isWriteMode()
Indicates whether this module requires write mode.
Definition ApiUserrights.php:161
ApiUserrights\__construct
__construct(ApiMain $mainModule, $moduleName, UserGroupManager $userGroupManager)
Definition ApiUserrights.php:47
ApiUserrights\getExamplesMessages
getExamplesMessages()
Returns usage examples for this module.
Definition ApiUserrights.php:216
ApiUserrights\getWebUITokenSalt
getWebUITokenSalt(array $params)
Fetch the salt used in the Web UI corresponding to this module.
Definition ApiUserrights.php:212
ChangeTags\canAddTagsAccompanyingChange
static canAddTagsAccompanyingChange(array $tags, Authority $performer=null, $checkBlock=true)
Is it OK to allow the user to apply all the specified tags at the same time as they edit/make the cha...
Definition ChangeTags.php:637
ContextSource\getContext
getContext()
Get the base IContextSource object.
Definition ContextSource.php:48
MediaWiki\ParamValidator\TypeDef\UserDef
Type definition for user types.
Definition UserDef.php:27
MediaWiki\Specials\SpecialUserRights
Special page to allow managing user group membership.
Definition SpecialUserRights.php:58
Wikimedia\ParamValidator\ParamValidator
Service for formatting and validating API parameters.
Definition ParamValidator.php:42
MediaWiki\Permissions\Authority
This interface represents the authority associated the current execution context, such as a web reque...
Definition Authority.php:37
true
return true
Definition router.php:92