MediaWiki REL1_34
|
A service class for checking permissions To obtain an instance, use MediaWikiServices::getInstance()->getPermissionManager(). More...
Public Member Functions | |
__construct (ServiceOptions $options, SpecialPageFactory $specialPageFactory, RevisionLookup $revisionLookup, NamespaceInfo $nsInfo) | |
addTemporaryUserRights (UserIdentity $user, $rights) | |
Add temporary user rights, only valid for the current scope. | |
getAllPermissions () | |
Get a list of all available permissions. | |
getGroupPermissions ( $groups) | |
Get the permissions associated with a given list of groups. | |
getGroupsWithPermission ( $role) | |
Get all the groups who have a given permission. | |
getNamespaceRestrictionLevels ( $index, UserIdentity $user=null) | |
Determine which restriction levels it makes sense to use in a namespace, optionally filtered by a user's rights. | |
getPermissionErrors ( $action, User $user, LinkTarget $page, $rigor=self::RIGOR_SECURE, $ignoreErrors=[]) | |
Can $user perform $action on a page? | |
getUserPermissions (UserIdentity $user) | |
Get the permissions this user has. | |
groupHasPermission ( $group, $role) | |
Check, if the given group has the given permission. | |
invalidateUsersRightsCache ( $user=null) | |
Clears users permissions cache, if specific user is provided it tries to clear permissions cache only for provided user. | |
isBlockedFrom (User $user, LinkTarget $page, $fromReplica=false) | |
Check if user is blocked from editing a particular article. | |
isEveryoneAllowed ( $right) | |
Check if all users may be assumed to have the given permission. | |
overrideUserRightsForTesting ( $user, $rights=[]) | |
Overrides user permissions cache. | |
quickUserCan ( $action, User $user, LinkTarget $page) | |
A convenience method for calling PermissionManager::userCan with PermissionManager::RIGOR_QUICK. | |
userCan ( $action, User $user, LinkTarget $page, $rigor=self::RIGOR_SECURE) | |
Can $user perform $action on a page? | |
userHasAllRights (UserIdentity $user) | |
Check if user is allowed to make all actions. | |
userHasAnyRight (UserIdentity $user) | |
Check if user is allowed to make any action. | |
userHasRight (UserIdentity $user, $action='') | |
Testing a permission. | |
Private Member Functions | |
checkActionPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page) | |
Check action permissions not already checked in checkQuickPermissions. | |
checkCascadingSourcesRestrictions ( $action, UserIdentity $user, $errors, $rigor, $short, LinkTarget $page) | |
Check restrictions on cascading pages. | |
checkPageRestrictions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page) | |
Check against page_restrictions table requirements on this page. | |
checkPermissionHooks ( $action, User $user, $errors, $rigor, $short, LinkTarget $page) | |
Check various permission hooks. | |
checkQuickPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page) | |
Permissions checks that fail most often, and which are easiest to test. | |
checkReadPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page) | |
Check that the user is allowed to read this page. | |
checkSiteConfigPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page) | |
Check sitewide CSS/JSON/JS permissions. | |
checkSpecialsAndNSPermissions ( $action, UserIdentity $user, $errors, $rigor, $short, LinkTarget $page) | |
Check permissions on special pages & namespaces. | |
checkUserBlock ( $action, User $user, $errors, $rigor, $short, LinkTarget $page) | |
Check that the user isn't blocked from editing. | |
checkUserConfigPermissions ( $action, UserIdentity $user, $errors, $rigor, $short, LinkTarget $page) | |
Check CSS/JSON/JS sub-page permissions. | |
getPermissionErrorsInternal ( $action, User $user, LinkTarget $page, $rigor=self::RIGOR_SECURE, $short=false) | |
Can $user perform $action on a page? This is an internal function, with multiple levels of checks depending on performance needs; see $rigor below. | |
getRightsCacheKey (UserIdentity $user) | |
Gets a unique key for user rights cache. | |
isNamespaceProtected ( $index, UserIdentity $user) | |
Determines if $user is unable to edit pages in namespace because it has been protected. | |
isSameSpecialPage ( $name, LinkTarget $page) | |
Returns true if this title resolves to the named special page. | |
missingPermissionError ( $action, $short) | |
Get a description array when the user doesn't have the right to perform $action (i.e. | |
resultToError ( $errors, $result) | |
Add the resulting error code to the errors array. | |
Private Attributes | |
string[] null | $allRights |
Cached results of getAllRights() | |
bool[] | $cachedRights = [] |
Cached rights for isEveryoneAllowed, [ right => allowed ]. | |
$coreRights | |
Array of Strings Core rights. | |
NamespaceInfo | $nsInfo |
ServiceOptions | $options |
RevisionLookup | $revisionLookup |
SpecialPageFactory | $specialPageFactory |
string[][][] | $temporaryUserRights = [] |
Temporary user rights, valid for the current request only. | |
string[][] | $usersRights = null |
Cached user rights. | |
A service class for checking permissions To obtain an instance, use MediaWikiServices::getInstance()->getPermissionManager().
Definition at line 47 of file PermissionManager.php.
MediaWiki\Permissions\PermissionManager::__construct | ( | ServiceOptions | $options, |
SpecialPageFactory | $specialPageFactory, | ||
RevisionLookup | $revisionLookup, | ||
NamespaceInfo | $nsInfo ) |
ServiceOptions | $options | |
SpecialPageFactory | $specialPageFactory | |
RevisionLookup | $revisionLookup | |
NamespaceInfo | $nsInfo |
Definition at line 196 of file PermissionManager.php.
References MediaWiki\Permissions\PermissionManager\$nsInfo, MediaWiki\Permissions\PermissionManager\$options, MediaWiki\Permissions\PermissionManager\$revisionLookup, MediaWiki\Permissions\PermissionManager\$specialPageFactory, and MediaWiki\Config\ServiceOptions\assertRequiredOptions().
MediaWiki\Permissions\PermissionManager::addTemporaryUserRights | ( | UserIdentity | $user, |
$rights ) |
Add temporary user rights, only valid for the current scope.
This is meant for making it possible to programatically trigger certain actions that the user wouldn't be able to trigger themselves; e.g. allow users without the bot right to make bot-flagged actions through certain special pages. Returns a "scope guard" variable; whenever that variable goes out of scope or is consumed via ScopedCallback::consume(), the temporary rights are revoked.
UserIdentity | $user | |
string | string[] | $rights |
Definition at line 1593 of file PermissionManager.php.
References MediaWiki\User\UserIdentity\getId().
|
private |
Check action permissions not already checked in checkQuickPermissions.
string | $action | The action to check |
User | $user | User to check |
array | $errors | List of current errors |
string | $rigor | One of PermissionManager::RIGOR_ constants
|
bool | $short | Short circuit on first error |
LinkTarget | $page |
Definition at line 923 of file PermissionManager.php.
References $title, $wgDeleteRevisionsLimit, $wgLang, MediaWiki\Permissions\PermissionManager\checkCascadingSourcesRestrictions(), MediaWiki\Permissions\PermissionManager\checkPageRestrictions(), MediaWiki\Permissions\PermissionManager\getPermissionErrorsInternal(), MediaWiki\Permissions\PermissionManager\userCan(), MediaWiki\Permissions\PermissionManager\userHasRight(), and User\whoIs().
|
private |
Check restrictions on cascading pages.
string | $action | The action to check |
UserIdentity | $user | User to check |
array | $errors | List of current errors |
string | $rigor | One of PermissionManager::RIGOR_ constants
|
bool | $short | Short circuit on first error |
LinkTarget | $page |
Definition at line 861 of file PermissionManager.php.
References $title, and MediaWiki\Permissions\PermissionManager\userHasAllRights().
Referenced by MediaWiki\Permissions\PermissionManager\checkActionPermissions().
|
private |
Check against page_restrictions table requirements on this page.
The user must possess all required rights for this action.
string | $action | The action to check |
User | $user | User to check |
array | $errors | List of current errors |
string | $rigor | One of PermissionManager::RIGOR_ constants
|
bool | $short | Short circuit on first error |
LinkTarget | $page |
Definition at line 812 of file PermissionManager.php.
References $title, and MediaWiki\Permissions\PermissionManager\userHasRight().
Referenced by MediaWiki\Permissions\PermissionManager\checkActionPermissions().
|
private |
Check various permission hooks.
string | $action | The action to check |
User | $user | User to check |
array | $errors | List of current errors |
string | $rigor | One of PermissionManager::RIGOR_ constants
|
bool | $short | Short circuit on first error |
LinkTarget | $page |
Definition at line 421 of file PermissionManager.php.
References $title, and MediaWiki\Permissions\PermissionManager\resultToError().
|
private |
Permissions checks that fail most often, and which are easiest to test.
string | $action | The action to check |
User | $user | User to check |
array | $errors | List of current errors |
string | $rigor | One of PermissionManager::RIGOR_ constants
|
bool | $short | Short circuit on first error |
LinkTarget | $page |
Definition at line 715 of file PermissionManager.php.
References $title, MediaWiki\Permissions\PermissionManager\groupHasPermission(), User\isAnon(), MediaWiki\Permissions\PermissionManager\missingPermissionError(), NS_CATEGORY, NS_FILE, NS_USER, and MediaWiki\Permissions\PermissionManager\userHasRight().
|
private |
Check that the user is allowed to read this page.
string | $action | The action to check |
User | $user | User to check |
array | $errors | List of current errors |
string | $rigor | One of PermissionManager::RIGOR_ constants
|
bool | $short | Short circuit on first error |
LinkTarget | $page |
Definition at line 496 of file PermissionManager.php.
References $title, MediaWiki\Permissions\PermissionManager\isEveryoneAllowed(), MediaWiki\Permissions\PermissionManager\isSameSpecialPage(), MediaWiki\Permissions\PermissionManager\missingPermissionError(), NS_MAIN, and MediaWiki\Permissions\PermissionManager\userHasRight().
|
private |
Check sitewide CSS/JSON/JS permissions.
string | $action | The action to check |
User | $user | User to check |
array | $errors | List of current errors |
string | $rigor | One of PermissionManager::RIGOR_ constants
|
bool | $short | Short circuit on first error |
LinkTarget | $page |
Definition at line 1060 of file PermissionManager.php.
References $title, MediaWiki\Permissions\PermissionManager\userHasRight(), and wfMessage().
|
private |
Check permissions on special pages & namespaces.
string | $action | The action to check |
UserIdentity | $user | User to check |
array | $errors | List of current errors |
string | $rigor | One of PermissionManager::RIGOR_ constants
|
bool | $short | Short circuit on first error |
LinkTarget | $page |
Definition at line 1016 of file PermissionManager.php.
References $title, MediaWiki\Permissions\PermissionManager\isNamespaceProtected(), NS_MAIN, NS_MEDIAWIKI, NS_SPECIAL, and wfMessage().
|
private |
Check that the user isn't blocked from editing.
string | $action | The action to check |
User | $user | User to check |
array | $errors | List of current errors |
string | $rigor | One of PermissionManager::RIGOR_ constants
|
bool | $short | Short circuit on first error |
LinkTarget | $page |
Definition at line 630 of file PermissionManager.php.
References Action\exists(), Action\factory(), User\getBlock(), MediaWiki\Permissions\PermissionManager\isBlockedFrom(), and User\isEmailConfirmed().
|
private |
Check CSS/JSON/JS sub-page permissions.
string | $action | The action to check |
UserIdentity | $user | User to check |
array | $errors | List of current errors |
string | $rigor | One of PermissionManager::RIGOR_ constants
|
bool | $short | Short circuit on first error |
LinkTarget | $page |
Definition at line 1120 of file PermissionManager.php.
References $content, $title, MediaWiki\User\UserIdentity\getName(), and NS_USER.
MediaWiki\Permissions\PermissionManager::getAllPermissions | ( | ) |
Get a list of all available permissions.
Definition at line 1471 of file PermissionManager.php.
References MediaWiki\Permissions\PermissionManager\$allRights, and MediaWiki\Permissions\PermissionManager\$coreRights.
MediaWiki\Permissions\PermissionManager::getGroupPermissions | ( | $groups | ) |
Get the permissions associated with a given list of groups.
array | $groups | Array of Strings List of internal group names |
Definition at line 1368 of file PermissionManager.php.
Referenced by MediaWiki\Permissions\PermissionManager\getUserPermissions().
MediaWiki\Permissions\PermissionManager::getGroupsWithPermission | ( | $role | ) |
Get all the groups who have a given permission.
string | $role | Role to check |
Definition at line 1396 of file PermissionManager.php.
References MediaWiki\Permissions\PermissionManager\groupHasPermission().
Referenced by MediaWiki\Permissions\PermissionManager\getNamespaceRestrictionLevels().
MediaWiki\Permissions\PermissionManager::getNamespaceRestrictionLevels | ( | $index, | |
UserIdentity | $user = null ) |
Determine which restriction levels it makes sense to use in a namespace, optionally filtered by a user's rights.
int | $index | Index to check |
UserIdentity | null | $user | User to check |
Definition at line 1508 of file PermissionManager.php.
References MediaWiki\Permissions\PermissionManager\getGroupsWithPermission(), and MediaWiki\Permissions\PermissionManager\userHasRight().
MediaWiki\Permissions\PermissionManager::getPermissionErrors | ( | $action, | |
User | $user, | ||
LinkTarget | $page, | ||
$rigor = self::RIGOR_SECURE, | |||
$ignoreErrors = [] ) |
Can $user perform $action on a page?
string | $action | Action that permission needs to be checked for |
User | $user | User to check |
LinkTarget | $page | |
string | $rigor | One of PermissionManager::RIGOR_ constants
|
array | $ignoreErrors | Array of Strings Set this to a list of message keys whose corresponding errors may be ignored. |
Definition at line 268 of file PermissionManager.php.
References MediaWiki\Permissions\PermissionManager\getPermissionErrorsInternal().
|
private |
Can $user perform $action on a page? This is an internal function, with multiple levels of checks depending on performance needs; see $rigor below.
It does not check wfReadOnly().
string | $action | Action that permission needs to be checked for |
User | $user | User to check |
LinkTarget | $page | |
string | $rigor | One of PermissionManager::RIGOR_ constants
|
bool | $short | Set this to true to stop after the first permission error. |
Exception |
Definition at line 348 of file PermissionManager.php.
Referenced by MediaWiki\Permissions\PermissionManager\checkActionPermissions(), MediaWiki\Permissions\PermissionManager\getPermissionErrors(), and MediaWiki\Permissions\PermissionManager\userCan().
|
private |
Gets a unique key for user rights cache.
UserIdentity | $user |
Definition at line 1335 of file PermissionManager.php.
References MediaWiki\User\UserIdentity\isRegistered().
Referenced by MediaWiki\Permissions\PermissionManager\getUserPermissions(), MediaWiki\Permissions\PermissionManager\invalidateUsersRightsCache(), and MediaWiki\Permissions\PermissionManager\overrideUserRightsForTesting().
MediaWiki\Permissions\PermissionManager::getUserPermissions | ( | UserIdentity | $user | ) |
Get the permissions this user has.
UserIdentity | $user |
Definition at line 1264 of file PermissionManager.php.
References MediaWiki\Permissions\PermissionManager\getGroupPermissions(), MediaWiki\User\UserIdentity\getId(), MediaWiki\Permissions\PermissionManager\getRightsCacheKey(), MediaWiki\Permissions\PermissionManager\getUserPermissions(), and User\newFromIdentity().
Referenced by MediaWiki\Permissions\PermissionManager\getUserPermissions(), and MediaWiki\Permissions\PermissionManager\userHasRight().
MediaWiki\Permissions\PermissionManager::groupHasPermission | ( | $group, | |
$role ) |
Check, if the given group has the given permission.
If you're wanting to check whether all users have a permission, use PermissionManager::isEveryoneAllowed() instead. That properly checks if it's revoked from anyone.
string | $group | Group to check |
string | $role | Role to check |
Definition at line 1353 of file PermissionManager.php.
Referenced by MediaWiki\Permissions\PermissionManager\checkQuickPermissions(), and MediaWiki\Permissions\PermissionManager\getGroupsWithPermission().
MediaWiki\Permissions\PermissionManager::invalidateUsersRightsCache | ( | $user = null | ) |
Clears users permissions cache, if specific user is provided it tries to clear permissions cache only for provided user.
User | null | $user |
Definition at line 1319 of file PermissionManager.php.
References MediaWiki\Permissions\PermissionManager\getRightsCacheKey().
MediaWiki\Permissions\PermissionManager::isBlockedFrom | ( | User | $user, |
LinkTarget | $page, | ||
$fromReplica = false ) |
Check if user is blocked from editing a particular article.
If the user does not have a block, this will return false.
User | $user | |
LinkTarget | $page | Title to check |
bool | $fromReplica | Whether to check the replica DB instead of the master |
Definition at line 302 of file PermissionManager.php.
References $title, User\getBlock(), User\getTalkPage(), User\isAllowUsertalk(), and User\isHidden().
Referenced by MediaWiki\Permissions\PermissionManager\checkUserBlock().
MediaWiki\Permissions\PermissionManager::isEveryoneAllowed | ( | $right | ) |
Check if all users may be assumed to have the given permission.
We generally assume so if the right is granted to '*' and isn't revoked on any group. It doesn't attempt to take grants or other extension limitations on rights into account in the general case, though, as that would require it to always return false and defeat the purpose. Specifically, session-based rights restrictions (such as OAuth or bot passwords) are applied based on the current session.
string | $right | Right to check |
Definition at line 1421 of file PermissionManager.php.
Referenced by MediaWiki\Permissions\PermissionManager\checkReadPermissions().
|
private |
Determines if $user is unable to edit pages in namespace because it has been protected.
$index | ||
UserIdentity | $user |
Definition at line 1492 of file PermissionManager.php.
References MediaWiki\Permissions\PermissionManager\userHasAllRights().
Referenced by MediaWiki\Permissions\PermissionManager\checkSpecialsAndNSPermissions().
|
private |
Returns true if this title resolves to the named special page.
string | $name | The special page name |
LinkTarget | $page |
Definition at line 603 of file PermissionManager.php.
References MediaWiki\Linker\LinkTarget\getDBkey(), MediaWiki\Linker\LinkTarget\getNamespace(), and NS_SPECIAL.
Referenced by MediaWiki\Permissions\PermissionManager\checkReadPermissions().
|
private |
Get a description array when the user doesn't have the right to perform $action (i.e.
when User::isAllowed() returns false)
string | $action | The action to check |
bool | $short | Short circuit on first error |
Definition at line 584 of file PermissionManager.php.
References User\newFatalPermissionDeniedStatus().
Referenced by MediaWiki\Permissions\PermissionManager\checkQuickPermissions(), and MediaWiki\Permissions\PermissionManager\checkReadPermissions().
MediaWiki\Permissions\PermissionManager::overrideUserRightsForTesting | ( | $user, | |
$rights = [] ) |
Overrides user permissions cache.
User | $user | |
string[] | string | $rights |
Exception |
Definition at line 1612 of file PermissionManager.php.
References MediaWiki\Permissions\PermissionManager\getRightsCacheKey().
MediaWiki\Permissions\PermissionManager::quickUserCan | ( | $action, | |
User | $user, | ||
LinkTarget | $page ) |
A convenience method for calling PermissionManager::userCan with PermissionManager::RIGOR_QUICK.
Suitable for use for nonessential UI controls in common cases, but not for functional access control. May provide false positives, but should never provide a false negative.
string | $action | |
User | $user | |
LinkTarget | $page |
Definition at line 247 of file PermissionManager.php.
References MediaWiki\Permissions\PermissionManager\userCan().
|
private |
Add the resulting error code to the errors array.
array | $errors | List of current errors |
array | string | MessageSpecifier | false | $result | Result of errors |
Definition at line 460 of file PermissionManager.php.
Referenced by MediaWiki\Permissions\PermissionManager\checkPermissionHooks().
MediaWiki\Permissions\PermissionManager::userCan | ( | $action, | |
User | $user, | ||
LinkTarget | $page, | ||
$rigor = self::RIGOR_SECURE ) |
Can $user perform $action on a page?
The method is intended to replace Title::userCan() The $user parameter need to be superseded by UserIdentity value in future The $title parameter need to be superseded by PageIdentity value in future
string | $action | |
User | $user | |
LinkTarget | $page | |
string | $rigor | One of PermissionManager::RIGOR_ constants
|
Definition at line 228 of file PermissionManager.php.
References MediaWiki\Permissions\PermissionManager\getPermissionErrorsInternal().
Referenced by MediaWiki\Permissions\PermissionManager\checkActionPermissions(), and MediaWiki\Permissions\PermissionManager\quickUserCan().
MediaWiki\Permissions\PermissionManager::userHasAllRights | ( | UserIdentity | $user | ) |
Check if user is allowed to make all actions.
UserIdentity | $user | // TODO: HHVM bug T228695#5450847 |
string | ...$actions PhanCommentParamWithoutRealParam |
Definition at line 1245 of file PermissionManager.php.
References MediaWiki\Permissions\PermissionManager\userHasRight().
Referenced by MediaWiki\Permissions\PermissionManager\checkCascadingSourcesRestrictions(), and MediaWiki\Permissions\PermissionManager\isNamespaceProtected().
MediaWiki\Permissions\PermissionManager::userHasAnyRight | ( | UserIdentity | $user | ) |
Check if user is allowed to make any action.
UserIdentity | $user | // TODO: HHVM bug T228695#5450847 |
string | ...$actions PhanCommentParamWithoutRealParam |
Definition at line 1226 of file PermissionManager.php.
References MediaWiki\Permissions\PermissionManager\userHasRight().
MediaWiki\Permissions\PermissionManager::userHasRight | ( | UserIdentity | $user, |
$action = '' ) |
Testing a permission.
UserIdentity | $user | |
string | $action |
Definition at line 1208 of file PermissionManager.php.
References MediaWiki\Permissions\PermissionManager\getUserPermissions().
Referenced by MediaWiki\Permissions\PermissionManager\checkActionPermissions(), MediaWiki\Permissions\PermissionManager\checkPageRestrictions(), MediaWiki\Permissions\PermissionManager\checkQuickPermissions(), MediaWiki\Permissions\PermissionManager\checkReadPermissions(), MediaWiki\Permissions\PermissionManager\checkSiteConfigPermissions(), SpecialRevisionDelete\execute(), MediaWiki\Permissions\PermissionManager\getNamespaceRestrictionLevels(), MediaWiki\Permissions\PermissionManager\userHasAllRights(), and MediaWiki\Permissions\PermissionManager\userHasAnyRight().
|
private |
Cached results of getAllRights()
Definition at line 87 of file PermissionManager.php.
Referenced by MediaWiki\Permissions\PermissionManager\getAllPermissions().
|
private |
Cached rights for isEveryoneAllowed, [ right => allowed ].
Definition at line 99 of file PermissionManager.php.
|
private |
Array of Strings Core rights.
Each of these should have a corresponding message of the form "right-$right".
Definition at line 107 of file PermissionManager.php.
Referenced by MediaWiki\Permissions\PermissionManager\getAllPermissions().
|
private |
Definition at line 84 of file PermissionManager.php.
Referenced by MediaWiki\Permissions\PermissionManager\__construct().
|
private |
Definition at line 75 of file PermissionManager.php.
Referenced by MediaWiki\Permissions\PermissionManager\__construct().
|
private |
Definition at line 81 of file PermissionManager.php.
Referenced by MediaWiki\Permissions\PermissionManager\__construct().
|
private |
Definition at line 78 of file PermissionManager.php.
Referenced by MediaWiki\Permissions\PermissionManager\__construct().
|
private |
Temporary user rights, valid for the current request only.
userid => override group => rights
Definition at line 96 of file PermissionManager.php.
|
private |
Cached user rights.
Definition at line 90 of file PermissionManager.php.