MediaWiki REL1_34
ApiProtect.php
Go to the documentation of this file.
1<?php
26class ApiProtect extends ApiBase {
27 public function execute() {
28 $params = $this->extractRequestParams();
29
30 $pageObj = $this->getTitleOrPageId( $params, 'fromdbmaster' );
31 $titleObj = $pageObj->getTitle();
32
33 $this->checkTitleUserPermissions( $titleObj, 'protect' );
34
35 $user = $this->getUser();
36 $tags = $params['tags'];
37
38 // Check if user can add tags
39 if ( !is_null( $tags ) ) {
40 $ableToTag = ChangeTags::canAddTagsAccompanyingChange( $tags, $user );
41 if ( !$ableToTag->isOK() ) {
42 $this->dieStatus( $ableToTag );
43 }
44 }
45
46 $expiry = (array)$params['expiry'];
47 if ( count( $expiry ) != count( $params['protections'] ) ) {
48 if ( count( $expiry ) == 1 ) {
49 $expiry = array_fill( 0, count( $params['protections'] ), $expiry[0] );
50 } else {
51 $this->dieWithError( [
52 'apierror-toofewexpiries',
53 count( $expiry ),
54 count( $params['protections'] )
55 ] );
56 }
57 }
58
59 $restrictionTypes = $titleObj->getRestrictionTypes();
60
61 $protections = [];
62 $expiryarray = [];
63 $resultProtections = [];
64 foreach ( $params['protections'] as $i => $prot ) {
65 $p = explode( '=', $prot );
66 $protections[$p[0]] = ( $p[1] == 'all' ? '' : $p[1] );
67
68 if ( $titleObj->exists() && $p[0] == 'create' ) {
69 $this->dieWithError( 'apierror-create-titleexists' );
70 }
71 if ( !$titleObj->exists() && $p[0] != 'create' ) {
72 $this->dieWithError( 'apierror-missingtitle-createonly' );
73 }
74
75 if ( !in_array( $p[0], $restrictionTypes ) && $p[0] != 'create' ) {
76 $this->dieWithError( [ 'apierror-protect-invalidaction', wfEscapeWikiText( $p[0] ) ] );
77 }
78 if ( !in_array( $p[1], $this->getConfig()->get( 'RestrictionLevels' ) ) && $p[1] != 'all' ) {
79 $this->dieWithError( [ 'apierror-protect-invalidlevel', wfEscapeWikiText( $p[1] ) ] );
80 }
81
82 if ( wfIsInfinity( $expiry[$i] ) ) {
83 $expiryarray[$p[0]] = 'infinity';
84 } else {
85 $exp = strtotime( $expiry[$i] );
86 if ( $exp < 0 || !$exp ) {
87 $this->dieWithError( [ 'apierror-invalidexpiry', wfEscapeWikiText( $expiry[$i] ) ] );
88 }
89
90 $exp = wfTimestamp( TS_MW, $exp );
91 if ( $exp < wfTimestampNow() ) {
92 $this->dieWithError( [ 'apierror-pastexpiry', wfEscapeWikiText( $expiry[$i] ) ] );
93 }
94 $expiryarray[$p[0]] = $exp;
95 }
96 $resultProtections[] = [
97 $p[0] => $protections[$p[0]],
98 'expiry' => ApiResult::formatExpiry( $expiryarray[$p[0]], 'infinite' ),
99 ];
100 }
101
102 $cascade = $params['cascade'];
103
104 $watch = $params['watch'] ? 'watch' : $params['watchlist'];
105 $this->setWatch( $watch, $titleObj, 'watchdefault' );
106
107 $status = $pageObj->doUpdateRestrictions(
108 $protections,
109 $expiryarray,
110 $cascade,
111 $params['reason'],
112 $user,
113 $tags
114 );
115
116 if ( !$status->isOK() ) {
117 $this->dieStatus( $status );
118 }
119 $res = [
120 'title' => $titleObj->getPrefixedText(),
121 'reason' => $params['reason']
122 ];
123 if ( $cascade ) {
124 $res['cascade'] = true;
125 }
126 $res['protections'] = $resultProtections;
127 $result = $this->getResult();
128 ApiResult::setIndexedTagName( $res['protections'], 'protection' );
129 $result->addValue( null, $this->getModuleName(), $res );
130 }
131
132 public function mustBePosted() {
133 return true;
134 }
135
136 public function isWriteMode() {
137 return true;
138 }
139
140 public function getAllowedParams() {
141 return [
142 'title' => [
143 ApiBase::PARAM_TYPE => 'string',
144 ],
145 'pageid' => [
146 ApiBase::PARAM_TYPE => 'integer',
147 ],
148 'protections' => [
151 ],
152 'expiry' => [
155 ApiBase::PARAM_DFLT => 'infinite',
156 ],
157 'reason' => '',
158 'tags' => [
159 ApiBase::PARAM_TYPE => 'tags',
161 ],
162 'cascade' => false,
163 'watch' => [
164 ApiBase::PARAM_DFLT => false,
166 ],
167 'watchlist' => [
168 ApiBase::PARAM_DFLT => 'preferences',
170 'watch',
171 'unwatch',
172 'preferences',
173 'nochange'
174 ],
175 ],
176 ];
177 }
178
179 public function needsToken() {
180 return 'csrf';
181 }
182
183 protected function getExamplesMessages() {
184 return [
185 'action=protect&title=Main%20Page&token=123ABC&' .
186 'protections=edit=sysop|move=sysop&cascade=&expiry=20070901163000|never'
187 => 'apihelp-protect-example-protect',
188 'action=protect&title=Main%20Page&token=123ABC&' .
189 'protections=edit=all|move=all&reason=Lifting%20restrictions'
190 => 'apihelp-protect-example-unprotect',
191 'action=protect&title=Main%20Page&token=123ABC&' .
192 'protections=&reason=Lifting%20restrictions'
193 => 'apihelp-protect-example-unprotect2',
194 ];
195 }
196
197 public function getHelpUrls() {
198 return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Protect';
199 }
200}
wfTimestampNow()
Convenience function; returns MediaWiki timestamp for the present time.
wfIsInfinity( $str)
Determine input string is represents as infinity.
wfTimestamp( $outputtype=TS_UNIX, $ts=0)
Get a timestamp string in one of various formats.
wfEscapeWikiText( $text)
Escapes the given text so that it may be output using addWikiText() without any linking,...
This abstract class implements many basic API functions, and is the base of all API classes.
Definition ApiBase.php:42
const PARAM_REQUIRED
(boolean) Is the parameter required?
Definition ApiBase.php:118
const PARAM_DEPRECATED
(boolean) Is the parameter deprecated (will show a warning)?
Definition ApiBase.php:112
dieWithError( $msg, $code=null, $data=null, $httpCode=null)
Abort execution with an error.
Definition ApiBase.php:2014
checkTitleUserPermissions(LinkTarget $linkTarget, $actions, $options=[])
Helper function for permission-denied errors.
Definition ApiBase.php:2156
const PARAM_TYPE
(string|string[]) Either an array of allowed value strings, or a string type as described below.
Definition ApiBase.php:94
setWatch( $watch, $titleObj, $userOption=null)
Set a watch (or unwatch) based the based on a watchlist parameter.
Definition ApiBase.php:1750
const PARAM_DFLT
(null|boolean|integer|string) Default value of the parameter.
Definition ApiBase.php:55
const PARAM_ALLOW_DUPLICATES
(boolean) Allow the same value to be set more than once when PARAM_ISMULTI is true?
Definition ApiBase.php:109
getResult()
Get the result object.
Definition ApiBase.php:640
extractRequestParams( $options=[])
Using getAllowedParams(), this function makes an array of the values provided by the user,...
Definition ApiBase.php:761
getModuleName()
Get the name of the module being executed by this instance.
Definition ApiBase.php:520
getTitleOrPageId( $params, $load=false)
Get a WikiPage object from a title or pageid param, if possible.
Definition ApiBase.php:1034
dieStatus(StatusValue $status)
Throw an ApiUsageException based on the Status object.
Definition ApiBase.php:2086
const PARAM_ISMULTI
(boolean) Accept multiple pipe-separated values for this parameter (e.g.
Definition ApiBase.php:58
isWriteMode()
Indicates whether this module requires write mode.
getExamplesMessages()
Returns usage examples for this module.
needsToken()
Returns the token type this module requires in order to execute.
mustBePosted()
Indicates whether this module must be called with a POST request.
getAllowedParams()
Returns an array of allowed parameters (parameter name) => (default value) or (parameter name) => (ar...
execute()
Evaluates the parameters, performs the requested query, and sets up the result.
getHelpUrls()
Return links to more detailed help pages about the module.
static canAddTagsAccompanyingChange(array $tags, User $user=null)
Is it OK to allow the user to apply all the specified tags at the same time as they edit/make the cha...