MediaWiki master
ApiUserrights.php
Go to the documentation of this file.
1<?php
2
26use MediaWiki\MainConfigNames;
27use MediaWiki\ParamValidator\TypeDef\UserDef;
28use MediaWiki\Specials\SpecialUserRights;
29use MediaWiki\Title\Title;
30use MediaWiki\User\Options\UserOptionsLookup;
31use MediaWiki\User\UserGroupManager;
32use MediaWiki\User\UserIdentity;
33use MediaWiki\Watchlist\WatchedItemStoreInterface;
34use MediaWiki\Watchlist\WatchlistManager;
35use Wikimedia\ParamValidator\ParamValidator;
36use Wikimedia\ParamValidator\TypeDef\ExpiryDef;
37
41class ApiUserrights extends ApiBase {
42
43 use ApiWatchlistTrait;
44
46 private $mUser = null;
47
48 private UserGroupManager $userGroupManager;
49 private WatchedItemStoreInterface $watchedItemStore;
50
59 public function __construct(
60 ApiMain $mainModule,
61 $moduleName,
62 UserGroupManager $userGroupManager,
63 WatchedItemStoreInterface $watchedItemStore,
64 WatchlistManager $watchlistManager,
65 UserOptionsLookup $userOptionsLookup
66 ) {
67 parent::__construct( $mainModule, $moduleName );
68 $this->userGroupManager = $userGroupManager;
69 $this->watchedItemStore = $watchedItemStore;
70
71 // Variables needed in ApiWatchlistTrait trait
72 $this->watchlistExpiryEnabled = $this->getConfig()->get( MainConfigNames::WatchlistExpiry );
73 $this->watchlistMaxDuration =
74 $this->getConfig()->get( MainConfigNames::WatchlistExpiryMaxDuration );
75 $this->watchlistManager = $watchlistManager;
76 $this->userOptionsLookup = $userOptionsLookup;
77 }
78
79 public function execute() {
80 $pUser = $this->getUser();
81
82 // Deny if the user is blocked and doesn't have the full 'userrights' permission.
83 // This matches what Special:UserRights does for the web UI.
84 if ( !$this->getAuthority()->isAllowed( 'userrights' ) ) {
85 $block = $pUser->getBlock( IDBAccessObject::READ_LATEST );
86 if ( $block && $block->isSitewide() ) {
87 $this->dieBlocked( $block );
88 }
89 }
90
91 $params = $this->extractRequestParams();
92
93 // Figure out expiry times from the input
94 $expiry = (array)$params['expiry'];
95 $add = (array)$params['add'];
96 if ( !$add ) {
97 $expiry = [];
98 } elseif ( count( $expiry ) !== count( $add ) ) {
99 if ( count( $expiry ) === 1 ) {
100 $expiry = array_fill( 0, count( $add ), $expiry[0] );
101 } else {
102 $this->dieWithError( [
103 'apierror-toofewexpiries',
104 count( $expiry ),
105 count( $add )
106 ] );
107 }
108 }
109
110 // Validate the expiries
111 $groupExpiries = [];
112 foreach ( $expiry as $index => $expiryValue ) {
113 $group = $add[$index];
114 $groupExpiries[$group] = SpecialUserRights::expiryToTimestamp( $expiryValue );
115
116 if ( $groupExpiries[$group] === false ) {
117 $this->dieWithError( [ 'apierror-invalidexpiry', wfEscapeWikiText( $expiryValue ) ] );
118 }
119
120 // not allowed to have things expiring in the past
121 if ( $groupExpiries[$group] && $groupExpiries[$group] < wfTimestampNow() ) {
122 $this->dieWithError( [ 'apierror-pastexpiry', wfEscapeWikiText( $expiryValue ) ] );
123 }
124 }
125
126 $user = $this->getUrUser( $params );
127
128 $tags = $params['tags'];
129
130 // Check if user can add tags
131 if ( $tags !== null ) {
132 $ableToTag = ChangeTags::canAddTagsAccompanyingChange( $tags, $this->getAuthority() );
133 if ( !$ableToTag->isOK() ) {
134 $this->dieStatus( $ableToTag );
135 }
136 }
137
138 $form = new SpecialUserRights();
139 $form->setContext( $this->getContext() );
140 $r = [];
141 $r['user'] = $user->getName();
142 $r['userid'] = $user->getId( $user->getWikiId() );
143 [ $r['added'], $r['removed'] ] = $form->doSaveUserGroups(
144 $user,
145 $add,
146 // Don't pass null to doSaveUserGroups() for array params, cast to empty array
147 (array)$params['remove'],
148 $params['reason'],
149 (array)$tags,
150 $groupExpiries
151 );
152
153 $watchlistExpiry = $this->getExpiryFromParams( $params );
154 $watchuser = $params['watchuser'];
155 $userPage = Title::makeTitle( NS_USER, $user->getName() );
156 if ( $watchuser && $user->getWikiId() === UserIdentity::LOCAL ) {
157 $this->setWatch( 'watch', $userPage, $this->getUser(), null, $watchlistExpiry );
158 } else {
159 $watchuser = false;
160 $watchlistExpiry = null;
161 }
162 $r['watchuser'] = $watchuser;
163 if ( $watchlistExpiry !== null ) {
164 $r['watchlistexpiry'] = $this->getWatchlistExpiry(
165 $this->watchedItemStore,
166 $userPage,
167 $this->getUser()
168 );
169 }
170
171 $result = $this->getResult();
172 ApiResult::setIndexedTagName( $r['added'], 'group' );
173 ApiResult::setIndexedTagName( $r['removed'], 'group' );
174 $result->addValue( null, $this->getModuleName(), $r );
175 }
176
181 private function getUrUser( array $params ) {
182 if ( $this->mUser !== null ) {
183 return $this->mUser;
184 }
185
186 $this->requireOnlyOneParameter( $params, 'user', 'userid' );
187
188 $user = $params['user'] ?? '#' . $params['userid'];
189
190 $form = new SpecialUserRights();
191 $form->setContext( $this->getContext() );
192 $status = $form->fetchUser( $user );
193 if ( !$status->isOK() ) {
194 $this->dieStatus( $status );
195 }
196
197 $this->mUser = $status->value;
198
199 return $status->value;
200 }
201
202 public function mustBePosted() {
203 return true;
204 }
205
206 public function isWriteMode() {
207 return true;
208 }
209
210 public function getAllowedParams( $flags = 0 ) {
211 $allGroups = $this->userGroupManager->listAllGroups();
212
213 if ( $flags & ApiBase::GET_VALUES_FOR_HELP ) {
214 sort( $allGroups );
215 }
216
217 $params = [
218 'user' => [
219 ParamValidator::PARAM_TYPE => 'user',
220 UserDef::PARAM_ALLOWED_USER_TYPES => [ 'name', 'id' ],
221 ],
222 'userid' => [
223 ParamValidator::PARAM_TYPE => 'integer',
224 ParamValidator::PARAM_DEPRECATED => true,
225 ],
226 'add' => [
227 ParamValidator::PARAM_TYPE => $allGroups,
228 ParamValidator::PARAM_ISMULTI => true
229 ],
230 'expiry' => [
231 ParamValidator::PARAM_ISMULTI => true,
232 ParamValidator::PARAM_ALLOW_DUPLICATES => true,
233 ParamValidator::PARAM_DEFAULT => 'infinite',
234 ],
235 'remove' => [
236 ParamValidator::PARAM_TYPE => $allGroups,
237 ParamValidator::PARAM_ISMULTI => true
238 ],
239 'reason' => [
240 ParamValidator::PARAM_DEFAULT => ''
241 ],
242 'token' => [
243 // Standard definition automatically inserted
244 ApiBase::PARAM_HELP_MSG_APPEND => [ 'api-help-param-token-webui' ],
245 ],
246 'tags' => [
247 ParamValidator::PARAM_TYPE => 'tags',
248 ParamValidator::PARAM_ISMULTI => true
249 ],
250 'watchuser' => false,
251 ];
252
253 // Params appear in the docs in the order they are defined,
254 // which is why this is here and not at the bottom.
255 // @todo Find better way to support insertion at arbitrary position
256 if ( $this->watchlistExpiryEnabled ) {
257 $params += [
258 'watchlistexpiry' => [
259 ParamValidator::PARAM_TYPE => 'expiry',
260 ExpiryDef::PARAM_MAX => $this->watchlistMaxDuration,
261 ExpiryDef::PARAM_USE_MAX => true,
262 ]
263 ];
264 }
265
266 return $params;
267 }
268
269 public function needsToken() {
270 return 'userrights';
271 }
272
273 protected function getWebUITokenSalt( array $params ) {
274 return $this->getUrUser( $params )->getName();
275 }
276
277 protected function getExamplesMessages() {
278 return [
279 'action=userrights&user=FooBot&add=bot&remove=sysop|bureaucrat&token=123ABC'
280 => 'apihelp-userrights-example-user',
281 'action=userrights&userid=123&add=bot&remove=sysop|bureaucrat&token=123ABC'
282 => 'apihelp-userrights-example-userid',
283 'action=userrights&user=SometimeSysop&add=sysop&expiry=1%20month&token=123ABC'
284 => 'apihelp-userrights-example-expiry',
285 ];
286 }
287
288 public function getHelpUrls() {
289 return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:User_group_membership';
290 }
291}
getExpiryFromParams
getExpiryFromParams(array $params)
Get formatted expiry from the given parameters, or null if no expiry was provided.
Definition ApiWatchlistTrait.php:158
setWatch
setWatch(string $watch, PageIdentity $page, User $user, ?string $userOption=null, ?string $expiry=null)
Set a watch (or unwatch) based the based on a watchlist parameter.
Definition ApiWatchlistTrait.php:93
getWatchlistExpiry
getWatchlistExpiry(WatchedItemStoreInterface $store, PageIdentity $page, UserIdentity $user)
Get existing expiry from the database.
Definition ApiWatchlistTrait.php:175
NS_USER
const NS_USER
Definition Defines.php:67
wfTimestampNow
wfTimestampNow()
Convenience function; returns MediaWiki timestamp for the present time.
Definition GlobalFunctions.php:1406
wfEscapeWikiText
wfEscapeWikiText( $input)
Escapes the given text so that it may be output using addWikiText() without any linking,...
Definition GlobalFunctions.php:1144
$params
array $params
The job parameters.
Definition UploadJobTrait.php:45
ApiBase
This abstract class implements many basic API functions, and is the base of all API classes.
Definition ApiBase.php:65
ApiBase\dieWithError
dieWithError( $msg, $code=null, $data=null, $httpCode=0)
Abort execution with an error.
Definition ApiBase.php:1540
ApiBase\PARAM_HELP_MSG_APPEND
const PARAM_HELP_MSG_APPEND
((string|array|Message)[]) Specify additional i18n messages to append to the normal message for this ...
Definition ApiBase.php:179
ApiBase\requireOnlyOneParameter
requireOnlyOneParameter( $params,... $required)
Die if 0 or more than one of a certain set of parameters is set and not false.
Definition ApiBase.php:960
ApiBase\getResult
getResult()
Get the result object.
Definition ApiBase.php:681
ApiBase\extractRequestParams
extractRequestParams( $options=[])
Using getAllowedParams(), this function makes an array of the values provided by the user,...
Definition ApiBase.php:821
ApiBase\GET_VALUES_FOR_HELP
const GET_VALUES_FOR_HELP
getAllowedParams() flag: When this is set, the result could take longer to generate,...
Definition ApiBase.php:250
ApiBase\getModuleName
getModuleName()
Get the name of the module being executed by this instance.
Definition ApiBase.php:542
ApiBase\dieStatus
dieStatus(StatusValue $status)
Throw an ApiUsageException based on the Status object.
Definition ApiBase.php:1595
ApiBase\dieBlocked
dieBlocked(Block $block)
Throw an ApiUsageException, which will (if uncaught) call the main module's error handler and die wit...
Definition ApiBase.php:1568
ApiMain
This is the main API class, used for both external and internal processing.
Definition ApiMain.php:67
ApiUserrights\getHelpUrls
getHelpUrls()
Return links to more detailed help pages about the module.
Definition ApiUserrights.php:288
ApiUserrights\getAllowedParams
getAllowedParams( $flags=0)
Definition ApiUserrights.php:210
ApiUserrights\execute
execute()
Evaluates the parameters, performs the requested query, and sets up the result.
Definition ApiUserrights.php:79
ApiUserrights\mustBePosted
mustBePosted()
Indicates whether this module must be called with a POST request.
Definition ApiUserrights.php:202
ApiUserrights\__construct
__construct(ApiMain $mainModule, $moduleName, UserGroupManager $userGroupManager, WatchedItemStoreInterface $watchedItemStore, WatchlistManager $watchlistManager, UserOptionsLookup $userOptionsLookup)
Definition ApiUserrights.php:59
ApiUserrights\needsToken
needsToken()
Returns the token type this module requires in order to execute.
Definition ApiUserrights.php:269
ApiUserrights\isWriteMode
isWriteMode()
Indicates whether this module requires write mode.
Definition ApiUserrights.php:206
ApiUserrights\getExamplesMessages
getExamplesMessages()
Returns usage examples for this module.
Definition ApiUserrights.php:277
ApiUserrights\getWebUITokenSalt
getWebUITokenSalt(array $params)
Fetch the salt used in the Web UI corresponding to this module.
Definition ApiUserrights.php:273
ChangeTags\canAddTagsAccompanyingChange
static canAddTagsAccompanyingChange(array $tags, Authority $performer=null, $checkBlock=true)
Is it OK to allow the user to apply all the specified tags at the same time as they edit/make the cha...
Definition ChangeTags.php:400
MediaWiki\Context\ContextSource\getContext
getContext()
Get the base IContextSource object.
Definition ContextSource.php:61
MediaWiki\MainConfigNames
A class containing constants representing the names of configuration variables.
Definition MainConfigNames.php:22
MediaWiki\ParamValidator\TypeDef\UserDef
Type definition for user types.
Definition UserDef.php:27
MediaWiki\Specials\SpecialUserRights
Special page to allow managing user group membership.
Definition SpecialUserRights.php:56
MediaWiki\Title\Title
Represents a title within MediaWiki.
Definition Title.php:79
MediaWiki\User\Options\UserOptionsLookup
Provides access to user options.
Definition UserOptionsLookup.php:30
Wikimedia\ParamValidator\ParamValidator
Service for formatting and validating API parameters.
Definition ParamValidator.php:42
Wikimedia\ParamValidator\TypeDef\ExpiryDef
Type definition for expiry timestamps.
Definition ExpiryDef.php:17
ApiWatchlistTrait
trait ApiWatchlistTrait
An ApiWatchlistTrait adds class properties and convenience methods for APIs that allow you to watch a...
Definition ApiWatchlistTrait.php:24
MediaWiki\User\UserIdentity
Interface for objects representing user identity.
Definition UserIdentity.php:39