master/php/ApiUserrights_8php_source.html

<?php


namespace MediaWiki\Api;


use MediaWiki\ChangeTags\ChangeTags;

use MediaWiki\MainConfigNames;

use MediaWiki\ParamValidator\TypeDef\UserDef;

use MediaWiki\Title\Title;

use MediaWiki\User\MultiFormatUserIdentityLookup;

use MediaWiki\User\Options\UserOptionsLookup;

use MediaWiki\User\UserGroupAssignmentService;

use MediaWiki\User\UserGroupManager;

use MediaWiki\User\UserIdentity;

use MediaWiki\Watchlist\WatchedItemStoreInterface;

use MediaWiki\Watchlist\WatchlistManager;

use Wikimedia\ParamValidator\ParamValidator;

use Wikimedia\ParamValidator\TypeDef\ExpiryDef;

use Wikimedia\Rdbms\IDBAccessObject;


class ApiUserrights extends ApiBase {


    use ApiWatchlistTrait;


    private $mUser = null;


    private UserGroupManager $userGroupManager;

    private WatchedItemStoreInterface $watchedItemStore;

    private UserGroupAssignmentService $userGroupAssignmentService;

    private MultiFormatUserIdentityLookup $multiFormatUserIdentityLookup;


    public function __construct(

        ApiMain $mainModule,

        string $moduleName,

        UserGroupManager $userGroupManager,

        WatchedItemStoreInterface $watchedItemStore,

        WatchlistManager $watchlistManager,

        UserOptionsLookup $userOptionsLookup,

        UserGroupAssignmentService $userGroupAssignmentService,

        MultiFormatUserIdentityLookup $multiFormatUserIdentityLookup,

    ) {

        parent::__construct( $mainModule, $moduleName );

        $this->userGroupManager = $userGroupManager;

        $this->watchedItemStore = $watchedItemStore;


        // Variables needed in ApiWatchlistTrait trait

        $this->watchlistExpiryEnabled = $this->getConfig()->get( MainConfigNames::WatchlistExpiry );

        $this->watchlistMaxDuration =

            $this->getConfig()->get( MainConfigNames::WatchlistExpiryMaxDuration );

        $this->watchlistManager = $watchlistManager;

        $this->userOptionsLookup = $userOptionsLookup;

        $this->userGroupAssignmentService = $userGroupAssignmentService;

        $this->multiFormatUserIdentityLookup = $multiFormatUserIdentityLookup;

    }


    public function execute() {

        $pUser = $this->getUser();


        // Deny if the user is blocked and doesn't have the full 'userrights' permission.

        // This matches what Special:UserRights does for the web UI.

        if ( !$this->getAuthority()->isAllowed( 'userrights' ) ) {

            $block = $pUser->getBlock( IDBAccessObject::READ_LATEST );

            if ( $block && $block->isSitewide() ) {

                $this->dieBlocked( $block );

            }

        }


        $params = $this->extractRequestParams();


        // Figure out expiry times from the input

        $expiry = (array)$params['expiry'];

        $add = (array)$params['add'];

        if ( !$add ) {

            $expiry = [];

        } elseif ( count( $expiry ) !== count( $add ) ) {

            if ( count( $expiry ) === 1 ) {

                $expiry = array_fill( 0, count( $add ), $expiry[0] );

            } else {

                $this->dieWithError( [

                    'apierror-toofewexpiries',

                    count( $expiry ),

                    count( $add )

                ] );

            }

        }


        // Validate the expiries

        $groupExpiries = [];

        foreach ( $expiry as $index => $expiryValue ) {

            $group = $add[$index];

            $groupExpiries[$group] = UserGroupAssignmentService::expiryToTimestamp( $expiryValue );


            if ( $groupExpiries[$group] === false ) {

                $this->dieWithError( [ 'apierror-invalidexpiry', wfEscapeWikiText( $expiryValue ) ] );

            }


            // not allowed to have things expiring in the past

            if ( $groupExpiries[$group] && $groupExpiries[$group] < wfTimestampNow() ) {

                $this->dieWithError( [ 'apierror-pastexpiry', wfEscapeWikiText( $expiryValue ) ] );

            }

        }


        $user = $this->getUrUser( $params );


        $tags = $params['tags'];


        // Check if user can add tags

        if ( $tags !== null ) {

            $ableToTag = ChangeTags::canAddTagsAccompanyingChange( $tags, $this->getAuthority() );

            if ( !$ableToTag->isOK() ) {

                $this->dieStatus( $ableToTag );

            }

        }


        $r = [];

        $r['user'] = $user->getName();

        $r['userid'] = $user->getId( $user->getWikiId() );

        [ $r['added'], $r['removed'] ] = $this->userGroupAssignmentService->saveChangesToUserGroups(

            $this->getUser(),

            $user,

            $add,

            // Don't pass null to saveChangesToUserGroups() for array params, cast to empty array

            (array)$params['remove'],

            $groupExpiries,

            $params['reason'],

            (array)$tags

        );


        $userPage = Title::makeTitle( NS_USER, $user->getName() );

        $watchlistExpiry = $this->getExpiryFromParams( $params, $userPage, $this->getUser() );

        $watchuser = $params['watchuser'];

        if ( $watchuser && $user->getWikiId() === UserIdentity::LOCAL ) {

            $this->setWatch( 'watch', $userPage, $this->getUser(), null, $watchlistExpiry );

        } else {

            $watchuser = false;

            $watchlistExpiry = null;

        }

        $r['watchuser'] = $watchuser;

        if ( $watchlistExpiry !== null ) {

            $r['watchlistexpiry'] = $this->getWatchlistExpiry(

                $this->watchedItemStore,

                $userPage,

                $this->getUser()

            );

        }


        $result = $this->getResult();

        ApiResult::setIndexedTagName( $r['added'], 'group' );

        ApiResult::setIndexedTagName( $r['removed'], 'group' );

        $result->addValue( null, $this->getModuleName(), $r );

    }


    private function getUrUser( array $params ) {

        if ( $this->mUser !== null ) {

            return $this->mUser;

        }


        $this->requireOnlyOneParameter( $params, 'user', 'userid' );


        $userDesignator = $params['user'] ?? '#' . $params['userid'];

        $status = $this->multiFormatUserIdentityLookup->getUserIdentity( $userDesignator, $this->getAuthority() );

        if ( !$status->isOK() ) {

            $this->dieStatus( $status );

        }


        $user = $status->value;

        $canHaveRights = $this->userGroupAssignmentService->targetCanHaveUserGroups( $user );

        if ( !$canHaveRights ) {

            // Return different errors for anons and temp. accounts to keep consistent behavior

            $this->dieWithError(

                $user->isRegistered() ? [ 'userrights-no-group', $user->getName() ] : 'nosuchusershort'

            );

        }


        $this->mUser = $user;


        return $user;

    }


    public function mustBePosted() {

        return true;

    }


    public function isWriteMode() {

        return true;

    }


    public function getAllowedParams( $flags = 0 ) {

        $allGroups = $this->userGroupManager->listAllGroups();


        if ( $flags & ApiBase::GET_VALUES_FOR_HELP ) {

            sort( $allGroups );

        }


        $params = [

            'user' => [

                ParamValidator::PARAM_TYPE => 'user',

                UserDef::PARAM_ALLOWED_USER_TYPES => [ 'name', 'id' ],

            ],

            'userid' => [

                ParamValidator::PARAM_TYPE => 'integer',

                ParamValidator::PARAM_DEPRECATED => true,

            ],

            'add' => [

                ParamValidator::PARAM_TYPE => $allGroups,

                ParamValidator::PARAM_ISMULTI => true

            ],

            'expiry' => [

                ParamValidator::PARAM_ISMULTI => true,

                ParamValidator::PARAM_ALLOW_DUPLICATES => true,

                ParamValidator::PARAM_DEFAULT => 'infinite',

            ],

            'remove' => [

                ParamValidator::PARAM_TYPE => $allGroups,

                ParamValidator::PARAM_ISMULTI => true

            ],

            'reason' => [

                ParamValidator::PARAM_DEFAULT => ''

            ],

            'token' => [

                // Standard definition automatically inserted

                ApiBase::PARAM_HELP_MSG_APPEND => [ 'api-help-param-token-webui' ],

            ],

            'tags' => [

                ParamValidator::PARAM_TYPE => 'tags',

                ParamValidator::PARAM_ISMULTI => true

            ],

            'watchuser' => false,

        ];


        // Params appear in the docs in the order they are defined,

        // which is why this is here and not at the bottom.

        // @todo Find better way to support insertion at arbitrary position

        if ( $this->watchlistExpiryEnabled ) {

            $params += [

                'watchlistexpiry' => [

                    ParamValidator::PARAM_TYPE => 'expiry',

                    ExpiryDef::PARAM_MAX => $this->watchlistMaxDuration,

                    ExpiryDef::PARAM_USE_MAX => true,

                ]

            ];

        }


        return $params;

    }


    public function needsToken() {

        return 'userrights';

    }


    protected function getWebUITokenSalt( array $params ) {

        return $this->getUrUser( $params )->getName();

    }


    protected function getExamplesMessages() {

        return [

            'action=userrights&user=FooBot&add=bot&remove=sysop|bureaucrat&token=123ABC'

                => 'apihelp-userrights-example-user',

            'action=userrights&userid=123&add=bot&remove=sysop|bureaucrat&token=123ABC'

                => 'apihelp-userrights-example-userid',

            'action=userrights&user=SometimeSysop&add=sysop&expiry=1%20month&token=123ABC'

                => 'apihelp-userrights-example-expiry',

        ];

    }


    public function getHelpUrls() {

        return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:User_group_membership';

    }


}


class_alias( ApiUserrights::class, 'ApiUserrights' );

NS_USER
const NS_USER
Definition Defines.php:53

wfTimestampNow
wfTimestampNow()
Convenience function; returns MediaWiki timestamp for the present time.
Definition GlobalFunctions.php:1329

wfEscapeWikiText
wfEscapeWikiText( $input)
Escapes the given text so that it may be output using addWikiText() without any linking,...
Definition GlobalFunctions.php:1057

MediaWiki\Api\ApiBase
This abstract class implements many basic API functions, and is the base of all API classes.
Definition ApiBase.php:61

MediaWiki\Api\ApiBase\dieWithError
dieWithError( $msg, $code=null, $data=null, $httpCode=0)
Abort execution with an error.
Definition ApiBase.php:1511

MediaWiki\Api\ApiBase\getModuleName
getModuleName()
Get the name of the module being executed by this instance.
Definition ApiBase.php:543

MediaWiki\Api\ApiBase\getResult
getResult()
Get the result object.
Definition ApiBase.php:682

MediaWiki\Api\ApiBase\PARAM_HELP_MSG_APPEND
const PARAM_HELP_MSG_APPEND
((string|array|Message)[]) Specify additional i18n messages to append to the normal message for this ...
Definition ApiBase.php:175

MediaWiki\Api\ApiBase\dieBlocked
dieBlocked(Block $block)
Throw an ApiUsageException, which will (if uncaught) call the main module's error handler and die wit...
Definition ApiBase.php:1539

MediaWiki\Api\ApiBase\dieStatus
dieStatus(StatusValue $status)
Throw an ApiUsageException based on the Status object.
Definition ApiBase.php:1562

MediaWiki\Api\ApiBase\extractRequestParams
extractRequestParams( $options=[])
Using getAllowedParams(), this function makes an array of the values provided by the user,...
Definition ApiBase.php:823

MediaWiki\Api\ApiBase\requireOnlyOneParameter
requireOnlyOneParameter( $params,... $required)
Die if 0 or more than one of a certain set of parameters is set and not false.
Definition ApiBase.php:961

MediaWiki\Api\ApiBase\GET_VALUES_FOR_HELP
const GET_VALUES_FOR_HELP
getAllowedParams() flag: When this is set, the result could take longer to generate,...
Definition ApiBase.php:245

MediaWiki\Api\ApiMain
This is the main API class, used for both external and internal processing.
Definition ApiMain.php:66

MediaWiki\Api\ApiResult\setIndexedTagName
static setIndexedTagName(array &$arr, $tag)
Set the tag name for numeric-keyed values in XML format.
Definition ApiResult.php:613

MediaWiki\Api\ApiUserrights
Definition ApiUserrights.php:32

MediaWiki\Api\ApiUserrights\getWebUITokenSalt
getWebUITokenSalt(array $params)
Fetch the salt used in the Web UI corresponding to this module.Only override this if the Web UI uses ...
Definition ApiUserrights.php:272

MediaWiki\Api\ApiUserrights\getHelpUrls
getHelpUrls()
Return links to more detailed help pages about the module.1.25, returning boolean false is deprecated...
Definition ApiUserrights.php:289

MediaWiki\Api\ApiUserrights\__construct
__construct(ApiMain $mainModule, string $moduleName, UserGroupManager $userGroupManager, WatchedItemStoreInterface $watchedItemStore, WatchlistManager $watchlistManager, UserOptionsLookup $userOptionsLookup, UserGroupAssignmentService $userGroupAssignmentService, MultiFormatUserIdentityLookup $multiFormatUserIdentityLookup,)
Definition ApiUserrights.php:44

MediaWiki\Api\ApiUserrights\isWriteMode
isWriteMode()
Indicates whether this module requires write access to the wiki.API modules must override this method...
Definition ApiUserrights.php:202

MediaWiki\Api\ApiUserrights\getExamplesMessages
getExamplesMessages()
Returns usage examples for this module.Return value has query strings as keys, with values being eith...
Definition ApiUserrights.php:277

MediaWiki\Api\ApiUserrights\needsToken
needsToken()
Returns the token type this module requires in order to execute.Modules are strongly encouraged to us...
Definition ApiUserrights.php:267

MediaWiki\Api\ApiUserrights\execute
execute()
Evaluates the parameters, performs the requested query, and sets up the result.
Definition ApiUserrights.php:68

MediaWiki\Api\ApiUserrights\getAllowedParams
getAllowedParams( $flags=0)
Definition ApiUserrights.php:207

MediaWiki\Api\ApiUserrights\mustBePosted
mustBePosted()
Indicates whether this module must be called with a POST request.Implementations of this method must ...
Definition ApiUserrights.php:197

MediaWiki\ChangeTags\ChangeTags
Recent changes tagging.
Definition ChangeTags.php:50

MediaWiki\Context\ContextSource\getConfig
getConfig()
Definition ContextSource.php:73

MediaWiki\Deferred\LinksUpdate\CategoryLinksTable\makeTitle
makeTitle( $linkId)
Convert a link ID to a Title.to override Title
Definition CategoryLinksTable.php:323

MediaWiki\MainConfigNames
A class containing constants representing the names of configuration variables.
Definition MainConfigNames.php:22

MediaWiki\MainConfigNames\WatchlistExpiry
const WatchlistExpiry
Name constant for the WatchlistExpiry setting, for use with Config::get()
Definition MainConfigNames.php:3790

MediaWiki\MainConfigNames\WatchlistExpiryMaxDuration
const WatchlistExpiryMaxDuration
Name constant for the WatchlistExpiryMaxDuration setting, for use with Config::get()
Definition MainConfigNames.php:3814

MediaWiki\ParamValidator\TypeDef\UserDef
Type definition for user types.
Definition UserDef.php:27

MediaWiki\Title\Title
Represents a title within MediaWiki.
Definition Title.php:69

MediaWiki\User\MultiFormatUserIdentityLookup
A service to look up user identities based on the user input.
Definition MultiFormatUserIdentityLookup.php:29

MediaWiki\User\Options\UserOptionsLookup
Provides access to user options.
Definition UserOptionsLookup.php:17

MediaWiki\User\UserGroupAssignmentService
This class represents a service that provides high-level operations on user groups.
Definition UserGroupAssignmentService.php:29

MediaWiki\User\UserGroupManager
Manage user group memberships.
Definition UserGroupManager.php:34

MediaWiki\Watchlist\WatchlistManager
WatchlistManager service.
Definition WatchlistManager.php:36

Wikimedia\ParamValidator\ParamValidator
Service for formatting and validating API parameters.
Definition ParamValidator.php:42

Wikimedia\ParamValidator\TypeDef\ExpiryDef
Type definition for expiry timestamps.
Definition ExpiryDef.php:18

MediaWiki\Api\ApiWatchlistTrait
trait ApiWatchlistTrait
An ApiWatchlistTrait adds class properties and convenience methods for APIs that allow you to watch a...
Definition ApiWatchlistTrait.php:26

MediaWiki\User\UserIdentity
Interface for objects representing user identity.
Definition UserIdentity.php:24

MediaWiki\Watchlist\WatchedItemStoreInterface
Definition WatchedItemStoreInterface.php:17

Wikimedia\Rdbms\IDBAccessObject
Interface for database access objects.
Definition IDBAccessObject.php:45

MediaWiki\Api
Definition ApiAcquireTempUserName.php:8

MediaWiki\Api\setWatch
setWatch(string $watch, PageIdentity $page, User $user, ?string $userOption=null, ?string $expiry=null)
Set a watch (or unwatch) based the based on a watchlist parameter.
Definition ApiWatchlistTrait.php:92

MediaWiki\Api\getAuthority
getAuthority()

MediaWiki\Api\getExpiryFromParams
getExpiryFromParams(array $params, ?PageIdentity $page=null, ?UserIdentity $user=null, string $userOption='watchdefault-expiry')
Get formatted expiry from the given parameters.
Definition ApiWatchlistTrait.php:163

MediaWiki\Api\getWatchlistExpiry
getWatchlistExpiry(WatchedItemStoreInterface $store, PageIdentity $page, UserIdentity $user)
Get existing expiry from the database.
Definition ApiWatchlistTrait.php:197

MediaWiki\Api\getUser
getUser()