MediaWiki  master
BlockPermissionChecker.php
Go to the documentation of this file.
1 <?php
2 
22 namespace MediaWiki\Block;
23 
27 
42  private $target;
43 
47  private $targetType = null;
48 
52  private $performer;
53 
57  public const CONSTRUCTOR_OPTIONS = [
58  'EnableUserEmail',
59  ];
60 
62  private $options;
63 
70  public function __construct(
72  BlockUtils $blockUtils,
73  $target,
75  ) {
76  $options->assertRequiredOptions( self::CONSTRUCTOR_OPTIONS );
77  $this->options = $options;
78  list( $this->target, $this->targetType ) = $blockUtils->parseBlockTarget( $target );
79  $this->performer = $performer;
80  }
81 
89  public function checkBasePermissions( $checkHideuser = false ) {
90  if ( !$this->performer->isAllowed( 'block' ) ) {
91  return 'badaccess-group0';
92  }
93 
94  if (
95  $checkHideuser &&
96  !$this->performer->isAllowed( 'hideuser' )
97  ) {
98  return 'unblock-hideuser';
99  }
100 
101  return true;
102  }
103 
115  public function checkBlockPermissions() {
116  $block = $this->performer->getBlock(); // TODO: pass disposition parameter
117  if ( !$block ) {
118  // User is not blocked, process as normal
119  return true;
120  }
121 
122  if ( !$block->isSitewide() ) {
123  // T208965: Partially blocked admins should have full access
124  return true;
125  }
126 
127  $performerIdentity = $this->performer->getUser();
128 
129  if (
130  $this->target instanceof UserIdentity &&
131  $this->target->getId() === $performerIdentity->getId()
132  ) {
133  // Blocked admin is trying to alter their own block
134 
135  // Self-blocked admins can always remove or alter their block
136  if ( $block->getBlocker() && $performerIdentity->equals( $block->getBlocker() ) ) {
137  return true;
138  }
139 
140  // Users with 'unblockself' right can unblock themselves or alter their own block
141  if ( $this->performer->isAllowed( 'unblockself' ) ) {
142  return true;
143  } else {
144  return 'ipbnounblockself';
145  }
146  }
147 
148  if (
149  $this->target instanceof UserIdentity &&
150  $block->getBlocker() &&
151  $this->target->equals( $block->getBlocker() )
152  ) {
153  // T150826: Blocked admins can always block the admin who blocked them
154  return true;
155  }
156 
157  // User is blocked and no exception took effect
158  return 'ipbblocked';
159  }
160 
167  public function checkEmailPermissions() {
168  return $this->options->get( 'EnableUserEmail' ) &&
169  $this->performer->isAllowed( 'blockemail' );
170  }
171 }
MediaWiki\Block\BlockPermissionChecker\$targetType
int null $targetType
One of AbstractBlock::TYPE_* constants, or null when unknown.
Definition: BlockPermissionChecker.php:47
MediaWiki\Block\BlockPermissionChecker\$options
ServiceOptions $options
Definition: BlockPermissionChecker.php:62
MediaWiki\Block\BlockPermissionChecker\checkBlockPermissions
checkBlockPermissions()
Checks block-related permissions (doesn't check any other permissions)
Definition: BlockPermissionChecker.php:115
MediaWiki\Block
Definition: AbstractBlock.php:21
MediaWiki\Block\BlockUtils
Backend class for blocking utils.
Definition: BlockUtils.php:45
MediaWiki\User\UserIdentity\getId
getId( $wikiId=self::LOCAL)
MediaWiki\User\UserIdentity
Interface for objects representing user identity.
Definition: UserIdentity.php:39
MediaWiki\Block\BlockPermissionChecker\__construct
__construct(ServiceOptions $options, BlockUtils $blockUtils, $target, Authority $performer)
Definition: BlockPermissionChecker.php:70
MediaWiki\Block\BlockPermissionChecker\$target
UserIdentity string null $target
Block target or null when unknown.
Definition: BlockPermissionChecker.php:42
MediaWiki\Config\ServiceOptions
A class for passing options to services.
Definition: ServiceOptions.php:27
MediaWiki\Block\BlockPermissionChecker\checkEmailPermissions
checkEmailPermissions()
Check permission to block emailing.
Definition: BlockPermissionChecker.php:167
MediaWiki\Block\BlockPermissionChecker\CONSTRUCTOR_OPTIONS
const CONSTRUCTOR_OPTIONS
Definition: BlockPermissionChecker.php:57
MediaWiki\Permissions\Authority
This interface represents the authority associated the current execution context, such as a web reque...
Definition: Authority.php:37
MediaWiki\Block\BlockPermissionChecker
Block permissions.
Definition: BlockPermissionChecker.php:38
MediaWiki\Block\BlockPermissionChecker\$performer
Authority $performer
Block performer.
Definition: BlockPermissionChecker.php:52
MediaWiki\Block\BlockPermissionChecker\checkBasePermissions
checkBasePermissions( $checkHideuser=false)
Check base permission that apply to either block or unblock.
Definition: BlockPermissionChecker.php:89
MediaWiki\User\UserIdentity\equals
equals(?UserIdentity $user)
MediaWiki\Block\BlockUtils\parseBlockTarget
parseBlockTarget( $target)
From an existing block, get the target and the type of target.
Definition: BlockUtils.php:91
MediaWiki\Config\ServiceOptions\assertRequiredOptions
assertRequiredOptions(array $expectedKeys)
Assert that the list of options provided in this instance exactly match $expectedKeys,...
Definition: ServiceOptions.php:71