MediaWiki REL1_33
MediaWiki\Permissions\PermissionManager Class Reference

A service class for checking permissions To obtain an instance, use MediaWikiServices::getInstance()->getPermissionManager(). More...

Collaboration diagram for MediaWiki\Permissions\PermissionManager:

Public Member Functions

 __construct (SpecialPageFactory $specialPageFactory, $whitelistRead, $whitelistReadRegexp, $emailConfirmToEdit, $blockDisablesLogin)
 
 getPermissionErrors ( $action, User $user, LinkTarget $page, $rigor=self::RIGOR_SECURE, $ignoreErrors=[])
 Can $user perform $action on a page?
 
 isBlockedFrom (User $user, LinkTarget $page, $fromReplica=false)
 Check if user is blocked from editing a particular article.
 
 userCan ( $action, User $user, LinkTarget $page, $rigor=self::RIGOR_SECURE)
 Can $user perform $action on a page?
 

Private Member Functions

 checkActionPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page)
 Check action permissions not already checked in checkQuickPermissions.
 
 checkCascadingSourcesRestrictions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page)
 Check restrictions on cascading pages.
 
 checkPageRestrictions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page)
 Check against page_restrictions table requirements on this page.
 
 checkPermissionHooks ( $action, User $user, $errors, $rigor, $short, LinkTarget $page)
 Check various permission hooks.
 
 checkQuickPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page)
 Permissions checks that fail most often, and which are easiest to test.
 
 checkReadPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page)
 Check that the user is allowed to read this page.
 
 checkSiteConfigPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page)
 Check sitewide CSS/JSON/JS permissions.
 
 checkSpecialsAndNSPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page)
 Check permissions on special pages & namespaces.
 
 checkUserBlock ( $action, User $user, $errors, $rigor, $short, LinkTarget $page)
 Check that the user isn't blocked from editing.
 
 checkUserConfigPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page)
 Check CSS/JSON/JS sub-page permissions.
 
 getPermissionErrorsInternal ( $action, User $user, LinkTarget $page, $rigor=self::RIGOR_SECURE, $short=false)
 Can $user perform $action on a page? This is an internal function, with multiple levels of checks depending on performance needs; see $rigor below.
 
 isSameSpecialPage ( $name, LinkTarget $page)
 Returns true if this title resolves to the named special page.
 
 missingPermissionError ( $action, $short)
 Get a description array when the user doesn't have the right to perform $action (i.e.
 
 resultToError ( $errors, $result)
 Add the resulting error code to the errors array.
 

Private Attributes

bool $blockDisablesLogin
 If set to true, blocked users will no longer be allowed to log in.
 
bool $emailConfirmToEdit
 Require users to confirm email address before they can edit.
 
SpecialPageFactory $specialPageFactory
 
string[] $whitelistRead
 List of pages names anonymous user may see.
 
string[] $whitelistReadRegexp
 Whitelists publicly readable titles with regular expressions.
 

Detailed Description

A service class for checking permissions To obtain an instance, use MediaWikiServices::getInstance()->getPermissionManager().

Since
1.33

Definition at line 43 of file PermissionManager.php.

Constructor & Destructor Documentation

◆ __construct()

MediaWiki\Permissions\PermissionManager::__construct ( SpecialPageFactory  $specialPageFactory,
  $whitelistRead,
  $whitelistReadRegexp,
  $emailConfirmToEdit,
  $blockDisablesLogin 
)

Member Function Documentation

◆ checkActionPermissions()

MediaWiki\Permissions\PermissionManager::checkActionPermissions (   $action,
User  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Check action permissions not already checked in checkQuickPermissions.

Parameters
string$actionThe action to check
User$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors
Exceptions
Exception

Definition at line 786 of file PermissionManager.php.

References $user, $wgDeleteRevisionsLimit, $wgLang, MediaWiki\Permissions\PermissionManager\checkCascadingSourcesRestrictions(), MediaWiki\Permissions\PermissionManager\checkPageRestrictions(), MediaWiki\Linker\LinkTarget\getNamespace(), MediaWiki\Permissions\PermissionManager\getPermissionErrorsInternal(), MediaWiki\Permissions\PermissionManager\userCan(), and User\whoIs().

◆ checkCascadingSourcesRestrictions()

MediaWiki\Permissions\PermissionManager::checkCascadingSourcesRestrictions (   $action,
User  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Check restrictions on cascading pages.

Parameters
string$actionThe action to check
User$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors

Definition at line 724 of file PermissionManager.php.

References $user, as, and list.

Referenced by MediaWiki\Permissions\PermissionManager\checkActionPermissions().

◆ checkPageRestrictions()

MediaWiki\Permissions\PermissionManager::checkPageRestrictions (   $action,
User  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Check against page_restrictions table requirements on this page.

The user must possess all required rights for this action.

Parameters
string$actionThe action to check
User$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors

Definition at line 676 of file PermissionManager.php.

References $user, and as.

Referenced by MediaWiki\Permissions\PermissionManager\checkActionPermissions().

◆ checkPermissionHooks()

MediaWiki\Permissions\PermissionManager::checkPermissionHooks (   $action,
User  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Check various permission hooks.

Parameters
string$actionThe action to check
User$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors
Exceptions
FatalError
MWException

Definition at line 286 of file PermissionManager.php.

References $user, and MediaWiki\Permissions\PermissionManager\resultToError().

◆ checkQuickPermissions()

MediaWiki\Permissions\PermissionManager::checkQuickPermissions (   $action,
User  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Permissions checks that fail most often, and which are easiest to test.

Parameters
string$actionThe action to check
User$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors
Exceptions
FatalError
MWException

Definition at line 583 of file PermissionManager.php.

References $user, false, MediaWiki\Linker\LinkTarget\getNamespace(), MediaWiki\Linker\LinkTarget\getText(), User\groupHasPermission(), MediaWiki\Permissions\PermissionManager\missingPermissionError(), NS_CATEGORY, NS_FILE, and NS_USER.

◆ checkReadPermissions()

MediaWiki\Permissions\PermissionManager::checkReadPermissions (   $action,
User  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Check that the user is allowed to read this page.

Parameters
string$actionThe action to check
User$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors
Exceptions
FatalError
MWException

Definition at line 363 of file PermissionManager.php.

References $name, $user, as, MediaWiki\Linker\LinkTarget\getDBkey(), MediaWiki\Linker\LinkTarget\getNamespace(), SpecialPage\getTitleFor(), User\isEveryoneAllowed(), MediaWiki\Permissions\PermissionManager\isSameSpecialPage(), list, MediaWiki\Permissions\PermissionManager\missingPermissionError(), and NS_MAIN.

◆ checkSiteConfigPermissions()

MediaWiki\Permissions\PermissionManager::checkSiteConfigPermissions (   $action,
User  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Check sitewide CSS/JSON/JS permissions.

Parameters
string$actionThe action to check
User$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors

Definition at line 923 of file PermissionManager.php.

References $user, and wfMessage().

◆ checkSpecialsAndNSPermissions()

MediaWiki\Permissions\PermissionManager::checkSpecialsAndNSPermissions (   $action,
User  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Check permissions on special pages & namespaces.

Parameters
string$actionThe action to check
User$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors

Definition at line 879 of file PermissionManager.php.

References $user, MediaWiki\Linker\LinkTarget\getNamespace(), NS_MAIN, NS_MEDIAWIKI, NS_SPECIAL, and wfMessage().

◆ checkUserBlock()

MediaWiki\Permissions\PermissionManager::checkUserBlock (   $action,
User  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Check that the user isn't blocked from editing.

Parameters
string$actionThe action to check
User$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors
Exceptions
MWException

Definition at line 496 of file PermissionManager.php.

References $user, Action\exists(), Action\factory(), WikiPage\factory(), false, RequestContext\getMain(), and MediaWiki\Permissions\PermissionManager\isBlockedFrom().

◆ checkUserConfigPermissions()

MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions (   $action,
User  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Check CSS/JSON/JS sub-page permissions.

Parameters
string$actionThe action to check
User$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors

Definition at line 983 of file PermissionManager.php.

References $user, and MediaWiki\Linker\LinkTarget\getText().

◆ getPermissionErrors()

MediaWiki\Permissions\PermissionManager::getPermissionErrors (   $action,
User  $user,
LinkTarget  $page,
  $rigor = self::RIGOR_SECURE,
  $ignoreErrors = [] 
)

Can $user perform $action on a page?

Todo:
FIXME: This does not check throttles (User::pingLimiter()).
Parameters
string$actionAction that permission needs to be checked for
User$userUser to check
LinkTarget$page
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
array$ignoreErrorsArray of Strings Set this to a list of message keys whose corresponding errors may be ignored.
Returns
array Array of arrays of the arguments to wfMessage to explain permissions problems.
Exceptions
Exception

Definition at line 132 of file PermissionManager.php.

References $user, as, and MediaWiki\Permissions\PermissionManager\getPermissionErrorsInternal().

◆ getPermissionErrorsInternal()

MediaWiki\Permissions\PermissionManager::getPermissionErrorsInternal (   $action,
User  $user,
LinkTarget  $page,
  $rigor = self::RIGOR_SECURE,
  $short = false 
)
private

Can $user perform $action on a page? This is an internal function, with multiple levels of checks depending on performance needs; see $rigor below.

It does not check wfReadOnly().

Parameters
string$actionAction that permission needs to be checked for
User$userUser to check
LinkTarget$page
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool$shortSet this to true to stop after the first permission error.
Returns
array Array of arrays of the arguments to wfMessage to explain permissions problems.
Exceptions
Exception

Definition at line 211 of file PermissionManager.php.

References $user, and as.

Referenced by MediaWiki\Permissions\PermissionManager\checkActionPermissions(), MediaWiki\Permissions\PermissionManager\getPermissionErrors(), and MediaWiki\Permissions\PermissionManager\userCan().

◆ isBlockedFrom()

MediaWiki\Permissions\PermissionManager::isBlockedFrom ( User  $user,
LinkTarget  $page,
  $fromReplica = false 
)

Check if user is blocked from editing a particular article.

Parameters
User$user
LinkTarget$pageTitle to check
bool$fromReplicaWhether to check the replica DB instead of the master
Returns
bool
Exceptions
FatalError
MWException

Definition at line 167 of file PermissionManager.php.

References $user.

Referenced by MediaWiki\Permissions\PermissionManager\checkUserBlock().

◆ isSameSpecialPage()

MediaWiki\Permissions\PermissionManager::isSameSpecialPage (   $name,
LinkTarget  $page 
)
private

Returns true if this title resolves to the named special page.

Parameters
string$nameThe special page name
LinkTarget$page
Returns
bool

Definition at line 468 of file PermissionManager.php.

References $name, MediaWiki\Linker\LinkTarget\getDBkey(), MediaWiki\Linker\LinkTarget\getNamespace(), list, and NS_SPECIAL.

Referenced by MediaWiki\Permissions\PermissionManager\checkReadPermissions().

◆ missingPermissionError()

MediaWiki\Permissions\PermissionManager::missingPermissionError (   $action,
  $short 
)
private

Get a description array when the user doesn't have the right to perform $action (i.e.

when User::isAllowed() returns false)

Parameters
string$actionThe action to check
bool$shortShort circuit on first error
Returns
array Array containing an error message key and any parameters

Definition at line 449 of file PermissionManager.php.

References User\newFatalPermissionDeniedStatus().

Referenced by MediaWiki\Permissions\PermissionManager\checkQuickPermissions(), and MediaWiki\Permissions\PermissionManager\checkReadPermissions().

◆ resultToError()

MediaWiki\Permissions\PermissionManager::resultToError (   $errors,
  $result 
)
private

Add the resulting error code to the errors array.

Parameters
array$errorsList of current errors
array$resultResult of errors
Returns
array List of errors

Definition at line 325 of file PermissionManager.php.

Referenced by MediaWiki\Permissions\PermissionManager\checkPermissionHooks().

◆ userCan()

MediaWiki\Permissions\PermissionManager::userCan (   $action,
User  $user,
LinkTarget  $page,
  $rigor = self::RIGOR_SECURE 
)

Can $user perform $action on a page?

The method is intended to replace Title::userCan() The $user parameter need to be superseded by UserIdentity value in future The $title parameter need to be superseded by PageIdentity value in future

See also
Title::userCan()
Parameters
string$action
User$user
LinkTarget$page
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
Returns
bool
Exceptions
Exception

Definition at line 110 of file PermissionManager.php.

References $user, and MediaWiki\Permissions\PermissionManager\getPermissionErrorsInternal().

Referenced by MediaWiki\Permissions\PermissionManager\checkActionPermissions().

Member Data Documentation

◆ $blockDisablesLogin

bool MediaWiki\Permissions\PermissionManager::$blockDisablesLogin
private

If set to true, blocked users will no longer be allowed to log in.

Definition at line 67 of file PermissionManager.php.

Referenced by MediaWiki\Permissions\PermissionManager\__construct().

◆ $emailConfirmToEdit

bool MediaWiki\Permissions\PermissionManager::$emailConfirmToEdit
private

Require users to confirm email address before they can edit.

Definition at line 64 of file PermissionManager.php.

Referenced by MediaWiki\Permissions\PermissionManager\__construct().

◆ $specialPageFactory

SpecialPageFactory MediaWiki\Permissions\PermissionManager::$specialPageFactory
private
Initial value:
=
const RIGOR_SECURE 'secure'

Definition at line 55 of file PermissionManager.php.

Referenced by MediaWiki\Permissions\PermissionManager\__construct().

◆ $whitelistRead

string [] MediaWiki\Permissions\PermissionManager::$whitelistRead
private

List of pages names anonymous user may see.

Definition at line 58 of file PermissionManager.php.

Referenced by MediaWiki\Permissions\PermissionManager\__construct().

◆ $whitelistReadRegexp

string [] MediaWiki\Permissions\PermissionManager::$whitelistReadRegexp
private

Whitelists publicly readable titles with regular expressions.

Definition at line 61 of file PermissionManager.php.

Referenced by MediaWiki\Permissions\PermissionManager\__construct().


The documentation for this class was generated from the following file: