MediaWiki master
ApiUserrights.php
Go to the documentation of this file.
1<?php
2
26use MediaWiki\MainConfigNames;
27use MediaWiki\ParamValidator\TypeDef\UserDef;
28use MediaWiki\Specials\SpecialUserRights;
29use MediaWiki\Title\Title;
30use MediaWiki\User\Options\UserOptionsLookup;
31use MediaWiki\User\UserGroupManager;
32use MediaWiki\User\UserIdentity;
33use MediaWiki\Watchlist\WatchlistManager;
34use Wikimedia\ParamValidator\ParamValidator;
35use Wikimedia\ParamValidator\TypeDef\ExpiryDef;
36
40class ApiUserrights extends ApiBase {
41
42 use ApiWatchlistTrait;
43
45 private $mUser = null;
46
47 private UserGroupManager $userGroupManager;
48 private WatchedItemStoreInterface $watchedItemStore;
49
58 public function __construct(
59 ApiMain $mainModule,
60 $moduleName,
61 UserGroupManager $userGroupManager,
62 WatchedItemStoreInterface $watchedItemStore,
63 WatchlistManager $watchlistManager,
64 UserOptionsLookup $userOptionsLookup
65 ) {
66 parent::__construct( $mainModule, $moduleName );
67 $this->userGroupManager = $userGroupManager;
68 $this->watchedItemStore = $watchedItemStore;
69
70 // Variables needed in ApiWatchlistTrait trait
71 $this->watchlistExpiryEnabled = $this->getConfig()->get( MainConfigNames::WatchlistExpiry );
72 $this->watchlistMaxDuration =
73 $this->getConfig()->get( MainConfigNames::WatchlistExpiryMaxDuration );
74 $this->watchlistManager = $watchlistManager;
75 $this->userOptionsLookup = $userOptionsLookup;
76 }
77
78 public function execute() {
79 $pUser = $this->getUser();
80
81 // Deny if the user is blocked and doesn't have the full 'userrights' permission.
82 // This matches what Special:UserRights does for the web UI.
83 if ( !$this->getAuthority()->isAllowed( 'userrights' ) ) {
84 $block = $pUser->getBlock( IDBAccessObject::READ_LATEST );
85 if ( $block && $block->isSitewide() ) {
86 $this->dieBlocked( $block );
87 }
88 }
89
90 $params = $this->extractRequestParams();
91
92 // Figure out expiry times from the input
93 $expiry = (array)$params['expiry'];
94 $add = (array)$params['add'];
95 if ( !$add ) {
96 $expiry = [];
97 } elseif ( count( $expiry ) !== count( $add ) ) {
98 if ( count( $expiry ) === 1 ) {
99 $expiry = array_fill( 0, count( $add ), $expiry[0] );
100 } else {
101 $this->dieWithError( [
102 'apierror-toofewexpiries',
103 count( $expiry ),
104 count( $add )
105 ] );
106 }
107 }
108
109 // Validate the expiries
110 $groupExpiries = [];
111 foreach ( $expiry as $index => $expiryValue ) {
112 $group = $add[$index];
113 $groupExpiries[$group] = SpecialUserRights::expiryToTimestamp( $expiryValue );
114
115 if ( $groupExpiries[$group] === false ) {
116 $this->dieWithError( [ 'apierror-invalidexpiry', wfEscapeWikiText( $expiryValue ) ] );
117 }
118
119 // not allowed to have things expiring in the past
120 if ( $groupExpiries[$group] && $groupExpiries[$group] < wfTimestampNow() ) {
121 $this->dieWithError( [ 'apierror-pastexpiry', wfEscapeWikiText( $expiryValue ) ] );
122 }
123 }
124
125 $user = $this->getUrUser( $params );
126
127 $tags = $params['tags'];
128
129 // Check if user can add tags
130 if ( $tags !== null ) {
131 $ableToTag = ChangeTags::canAddTagsAccompanyingChange( $tags, $this->getAuthority() );
132 if ( !$ableToTag->isOK() ) {
133 $this->dieStatus( $ableToTag );
134 }
135 }
136
137 $form = new SpecialUserRights();
138 $form->setContext( $this->getContext() );
139 $r = [];
140 $r['user'] = $user->getName();
141 $r['userid'] = $user->getId( $user->getWikiId() );
142 [ $r['added'], $r['removed'] ] = $form->doSaveUserGroups(
143 // Don't pass null to doSaveUserGroups() for array params, cast to empty array
144 $user, $add, (array)$params['remove'],
145 $params['reason'], (array)$tags, $groupExpiries
146 );
147
148 $watchlistExpiry = $this->getExpiryFromParams( $params );
149 $watchuser = $params['watchuser'];
150 $userPage = Title::makeTitle( NS_USER, $user->getName() );
151 if ( $watchuser && $user->getWikiId() === UserIdentity::LOCAL ) {
152 $this->setWatch( 'watch', $userPage, $this->getUser(), null, $watchlistExpiry );
153 } else {
154 $watchuser = false;
155 $watchlistExpiry = null;
156 }
157 $r['watchuser'] = $watchuser;
158 if ( $watchlistExpiry !== null ) {
159 $r['watchlistexpiry'] = $this->getWatchlistExpiry(
160 $this->watchedItemStore,
161 $userPage,
162 $this->getUser()
163 );
164 }
165
166 $result = $this->getResult();
167 ApiResult::setIndexedTagName( $r['added'], 'group' );
168 ApiResult::setIndexedTagName( $r['removed'], 'group' );
169 $result->addValue( null, $this->getModuleName(), $r );
170 }
171
176 private function getUrUser( array $params ) {
177 if ( $this->mUser !== null ) {
178 return $this->mUser;
179 }
180
181 $this->requireOnlyOneParameter( $params, 'user', 'userid' );
182
183 $user = $params['user'] ?? '#' . $params['userid'];
184
185 $form = new SpecialUserRights();
186 $form->setContext( $this->getContext() );
187 $status = $form->fetchUser( $user );
188 if ( !$status->isOK() ) {
189 $this->dieStatus( $status );
190 }
191
192 $this->mUser = $status->value;
193
194 return $status->value;
195 }
196
197 public function mustBePosted() {
198 return true;
199 }
200
201 public function isWriteMode() {
202 return true;
203 }
204
205 public function getAllowedParams( $flags = 0 ) {
206 $allGroups = $this->userGroupManager->listAllGroups();
207
208 if ( $flags & ApiBase::GET_VALUES_FOR_HELP ) {
209 sort( $allGroups );
210 }
211
212 $params = [
213 'user' => [
214 ParamValidator::PARAM_TYPE => 'user',
215 UserDef::PARAM_ALLOWED_USER_TYPES => [ 'name', 'id' ],
216 ],
217 'userid' => [
218 ParamValidator::PARAM_TYPE => 'integer',
219 ParamValidator::PARAM_DEPRECATED => true,
220 ],
221 'add' => [
222 ParamValidator::PARAM_TYPE => $allGroups,
223 ParamValidator::PARAM_ISMULTI => true
224 ],
225 'expiry' => [
226 ParamValidator::PARAM_ISMULTI => true,
227 ParamValidator::PARAM_ALLOW_DUPLICATES => true,
228 ParamValidator::PARAM_DEFAULT => 'infinite',
229 ],
230 'remove' => [
231 ParamValidator::PARAM_TYPE => $allGroups,
232 ParamValidator::PARAM_ISMULTI => true
233 ],
234 'reason' => [
235 ParamValidator::PARAM_DEFAULT => ''
236 ],
237 'token' => [
238 // Standard definition automatically inserted
239 ApiBase::PARAM_HELP_MSG_APPEND => [ 'api-help-param-token-webui' ],
240 ],
241 'tags' => [
242 ParamValidator::PARAM_TYPE => 'tags',
243 ParamValidator::PARAM_ISMULTI => true
244 ],
245 'watchuser' => false,
246 ];
247
248 // Params appear in the docs in the order they are defined,
249 // which is why this is here and not at the bottom.
250 // @todo Find better way to support insertion at arbitrary position
251 if ( $this->watchlistExpiryEnabled ) {
252 $params += [
253 'watchlistexpiry' => [
254 ParamValidator::PARAM_TYPE => 'expiry',
255 ExpiryDef::PARAM_MAX => $this->watchlistMaxDuration,
256 ExpiryDef::PARAM_USE_MAX => true,
257 ]
258 ];
259 }
260
261 return $params;
262 }
263
264 public function needsToken() {
265 return 'userrights';
266 }
267
268 protected function getWebUITokenSalt( array $params ) {
269 return $this->getUrUser( $params )->getName();
270 }
271
272 protected function getExamplesMessages() {
273 return [
274 'action=userrights&user=FooBot&add=bot&remove=sysop|bureaucrat&token=123ABC'
275 => 'apihelp-userrights-example-user',
276 'action=userrights&userid=123&add=bot&remove=sysop|bureaucrat&token=123ABC'
277 => 'apihelp-userrights-example-userid',
278 'action=userrights&user=SometimeSysop&add=sysop&expiry=1%20month&token=123ABC'
279 => 'apihelp-userrights-example-expiry',
280 ];
281 }
282
283 public function getHelpUrls() {
284 return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:User_group_membership';
285 }
286}
getExpiryFromParams
getExpiryFromParams(array $params)
Get formatted expiry from the given parameters, or null if no expiry was provided.
Definition ApiWatchlistTrait.php:157
setWatch
setWatch(string $watch, Title $title, User $user, ?string $userOption=null, ?string $expiry=null)
Set a watch (or unwatch) based the based on a watchlist parameter.
Definition ApiWatchlistTrait.php:92
getWatchlistExpiry
getWatchlistExpiry(WatchedItemStoreInterface $store, Title $title, UserIdentity $user)
Get existing expiry from the database.
Definition ApiWatchlistTrait.php:174
NS_USER
const NS_USER
Definition Defines.php:66
wfTimestampNow
wfTimestampNow()
Convenience function; returns MediaWiki timestamp for the present time.
Definition GlobalFunctions.php:1394
wfEscapeWikiText
wfEscapeWikiText( $input)
Escapes the given text so that it may be output using addWikiText() without any linking,...
Definition GlobalFunctions.php:1132
$params
array $params
The job parameters.
Definition UploadJobTrait.php:45
ApiBase
This abstract class implements many basic API functions, and is the base of all API classes.
Definition ApiBase.php:64
ApiBase\dieWithError
dieWithError( $msg, $code=null, $data=null, $httpCode=0)
Abort execution with an error.
Definition ApiBase.php:1542
ApiBase\PARAM_HELP_MSG_APPEND
const PARAM_HELP_MSG_APPEND
((string|array|Message)[]) Specify additional i18n messages to append to the normal message for this ...
Definition ApiBase.php:178
ApiBase\requireOnlyOneParameter
requireOnlyOneParameter( $params,... $required)
Die if 0 or more than one of a certain set of parameters is set and not false.
Definition ApiBase.php:959
ApiBase\getResult
getResult()
Get the result object.
Definition ApiBase.php:680
ApiBase\extractRequestParams
extractRequestParams( $options=[])
Using getAllowedParams(), this function makes an array of the values provided by the user,...
Definition ApiBase.php:820
ApiBase\GET_VALUES_FOR_HELP
const GET_VALUES_FOR_HELP
getAllowedParams() flag: When this is set, the result could take longer to generate,...
Definition ApiBase.php:249
ApiBase\getModuleName
getModuleName()
Get the name of the module being executed by this instance.
Definition ApiBase.php:541
ApiBase\dieStatus
dieStatus(StatusValue $status)
Throw an ApiUsageException based on the Status object.
Definition ApiBase.php:1598
ApiBase\dieBlocked
dieBlocked(Block $block)
Throw an ApiUsageException, which will (if uncaught) call the main module's error handler and die wit...
Definition ApiBase.php:1571
ApiMain
This is the main API class, used for both external and internal processing.
Definition ApiMain.php:65
ApiUserrights\getHelpUrls
getHelpUrls()
Return links to more detailed help pages about the module.
Definition ApiUserrights.php:283
ApiUserrights\getAllowedParams
getAllowedParams( $flags=0)
Definition ApiUserrights.php:205
ApiUserrights\execute
execute()
Evaluates the parameters, performs the requested query, and sets up the result.
Definition ApiUserrights.php:78
ApiUserrights\mustBePosted
mustBePosted()
Indicates whether this module must be called with a POST request.
Definition ApiUserrights.php:197
ApiUserrights\__construct
__construct(ApiMain $mainModule, $moduleName, UserGroupManager $userGroupManager, WatchedItemStoreInterface $watchedItemStore, WatchlistManager $watchlistManager, UserOptionsLookup $userOptionsLookup)
Definition ApiUserrights.php:58
ApiUserrights\needsToken
needsToken()
Returns the token type this module requires in order to execute.
Definition ApiUserrights.php:264
ApiUserrights\isWriteMode
isWriteMode()
Indicates whether this module requires write mode.
Definition ApiUserrights.php:201
ApiUserrights\getExamplesMessages
getExamplesMessages()
Returns usage examples for this module.
Definition ApiUserrights.php:272
ApiUserrights\getWebUITokenSalt
getWebUITokenSalt(array $params)
Fetch the salt used in the Web UI corresponding to this module.
Definition ApiUserrights.php:268
ChangeTags\canAddTagsAccompanyingChange
static canAddTagsAccompanyingChange(array $tags, Authority $performer=null, $checkBlock=true)
Is it OK to allow the user to apply all the specified tags at the same time as they edit/make the cha...
Definition ChangeTags.php:398
MediaWiki\Context\ContextSource\getContext
getContext()
Get the base IContextSource object.
Definition ContextSource.php:61
MediaWiki\MainConfigNames
A class containing constants representing the names of configuration variables.
Definition MainConfigNames.php:22
MediaWiki\ParamValidator\TypeDef\UserDef
Type definition for user types.
Definition UserDef.php:27
MediaWiki\Specials\SpecialUserRights
Special page to allow managing user group membership.
Definition SpecialUserRights.php:59
MediaWiki\Title\Title
Represents a title within MediaWiki.
Definition Title.php:78
MediaWiki\User\Options\UserOptionsLookup
Provides access to user options.
Definition UserOptionsLookup.php:30
Wikimedia\ParamValidator\ParamValidator
Service for formatting and validating API parameters.
Definition ParamValidator.php:42
Wikimedia\ParamValidator\TypeDef\ExpiryDef
Type definition for expiry timestamps.
Definition ExpiryDef.php:17
ApiWatchlistTrait
trait ApiWatchlistTrait
An ApiWatchlistTrait adds class properties and convenience methods for APIs that allow you to watch a...
Definition ApiWatchlistTrait.php:23
MediaWiki\User\UserIdentity
Interface for objects representing user identity.
Definition UserIdentity.php:39