MediaWiki  master
GroupPermissionsLookup.php
Go to the documentation of this file.
1 <?php
21 namespace MediaWiki\Permissions;
22 
24 
31 
36  public const CONSTRUCTOR_OPTIONS = [
37  'GroupInheritsPermissions',
38  'GroupPermissions',
39  'RevokePermissions',
40  ];
41 
44 
47 
50 
51  /*
52  * @param ServiceOptions $options
53  */
54  public function __construct( ServiceOptions $options ) {
55  $options->assertRequiredOptions( self::CONSTRUCTOR_OPTIONS );
56  $this->groupPermissions = $options->get( 'GroupPermissions' );
57  $this->revokePermissions = $options->get( 'RevokePermissions' );
58  $this->groupInheritance = $options->get( 'GroupInheritsPermissions' );
59  }
60 
73  public function groupHasPermission( string $group, string $permission ): bool {
74  $inheritsFrom = $this->groupInheritance[$group] ?? false;
75  $has = isset( $this->groupPermissions[$group][$permission] ) &&
76  $this->groupPermissions[$group][$permission];
77  // If the group doesn't have the permission and inherits from somewhere,
78  // check that group too
79  if ( !$has && $inheritsFrom !== false ) {
80  $has = isset( $this->groupPermissions[$inheritsFrom][$permission] ) &&
81  $this->groupPermissions[$inheritsFrom][$permission];
82  }
83  if ( !$has ) {
84  // If they don't have the permission, exit early
85  return false;
86  }
87 
88  // Check if the permission has been revoked
89  $revoked = isset( $this->revokePermissions[$group][$permission] ) &&
90  $this->revokePermissions[$group][$permission];
91  if ( !$revoked && $inheritsFrom !== false ) {
92  $revoked = isset( $this->revokePermissions[$inheritsFrom][$permission] ) &&
93  $this->revokePermissions[$inheritsFrom][$permission];
94  }
95 
96  return !$revoked;
97  }
98 
109  public function getGrantedPermissions( string $group ): array {
110  $rights = array_keys( array_filter( $this->groupPermissions[$group] ?? [] ) );
111  $inheritsFrom = $this->groupInheritance[$group] ?? false;
112  if ( $inheritsFrom !== false ) {
113  $rights = array_merge(
114  $rights,
115  // array_filter removes empty items
116  array_keys( array_filter( $this->groupPermissions[$inheritsFrom] ?? [] ) )
117  );
118  }
119 
120  return array_unique( $rights );
121  }
122 
130  public function getRevokedPermissions( string $group ): array {
131  $rights = array_keys( array_filter( $this->revokePermissions[$group] ?? [] ) );
132  $inheritsFrom = $this->groupInheritance[$group] ?? false;
133  if ( $inheritsFrom !== false ) {
134  $rights = array_merge(
135  $rights,
136  // array_filter removes empty items
137  array_keys( array_filter( $this->revokePermissions[$inheritsFrom] ?? [] ) )
138  );
139  }
140 
141  return array_unique( $rights );
142  }
143 
150  public function getGroupPermissions( array $groups ): array {
151  $rights = [];
152  $checkGroups = [];
153 
154  // Add inherited groups to the list of groups to check
155  foreach ( $groups as $group ) {
156  $checkGroups[] = $group;
157  if ( isset( $this->groupInheritance[$group] ) ) {
158  $checkGroups[] = $this->groupInheritance[$group];
159  }
160  }
161 
162  // grant every granted permission first
163  foreach ( $checkGroups as $group ) {
164  if ( isset( $this->groupPermissions[$group] ) ) {
165  $rights = array_merge(
166  $rights,
167  // array_filter removes empty items
168  array_keys( array_filter( $this->groupPermissions[$group] ) )
169  );
170  }
171  }
172  // now revoke the revoked permissions
173  foreach ( $checkGroups as $group ) {
174  if ( isset( $this->revokePermissions[$group] ) ) {
175  $rights = array_diff(
176  $rights,
177  array_keys( array_filter( $this->revokePermissions[$group] ) )
178  );
179  }
180  }
181  return array_unique( $rights );
182  }
183 
190  public function getGroupsWithPermission( string $permission ): array {
191  $allowedGroups = [];
192  $groups = array_merge(
193  array_keys( $this->groupPermissions ),
194  array_keys( $this->groupInheritance )
195  );
196  foreach ( $groups as $group ) {
197  if ( $this->groupHasPermission( $group, $permission ) ) {
198  $allowedGroups[] = $group;
199  }
200  }
201  return $allowedGroups;
202  }
203 }
MediaWiki\Permissions\GroupPermissionsLookup
Definition: GroupPermissionsLookup.php:30
MediaWiki\Config\ServiceOptions
A class for passing options to services.
Definition: ServiceOptions.php:27
MediaWiki\Permissions\GroupPermissionsLookup\getGrantedPermissions
getGrantedPermissions(string $group)
Get a list of permissions granted to this group.
Definition: GroupPermissionsLookup.php:109
MediaWiki\Permissions\GroupPermissionsLookup\$revokePermissions
array[] $revokePermissions
Definition: GroupPermissionsLookup.php:46
MediaWiki\Permissions\GroupPermissionsLookup\__construct
__construct(ServiceOptions $options)
Definition: GroupPermissionsLookup.php:54
MediaWiki\Permissions\GroupPermissionsLookup\$groupInheritance
string[] $groupInheritance
Definition: GroupPermissionsLookup.php:49
MediaWiki\Permissions\GroupPermissionsLookup\getRevokedPermissions
getRevokedPermissions(string $group)
Get a list of permissions revoked from this group.
Definition: GroupPermissionsLookup.php:130
MediaWiki\Permissions\GroupPermissionsLookup\getGroupPermissions
getGroupPermissions(array $groups)
Get the permissions associated with a given list of groups.
Definition: GroupPermissionsLookup.php:150
MediaWiki\Permissions\GroupPermissionsLookup\groupHasPermission
groupHasPermission(string $group, string $permission)
Check, if the given group has the given permission.
Definition: GroupPermissionsLookup.php:73
MediaWiki\Permissions\GroupPermissionsLookup\getGroupsWithPermission
getGroupsWithPermission(string $permission)
Get all the groups who have a given permission.
Definition: GroupPermissionsLookup.php:190
MediaWiki\Config\ServiceOptions\get
get( $key)
Definition: ServiceOptions.php:93
MediaWiki\Permissions\GroupPermissionsLookup\$groupPermissions
array[] $groupPermissions
Definition: GroupPermissionsLookup.php:32
MediaWiki\Config\ServiceOptions\assertRequiredOptions
assertRequiredOptions(array $expectedKeys)
Assert that the list of options provided in this instance exactly match $expectedKeys,...
Definition: ServiceOptions.php:71
MediaWiki\Permissions
Definition: Authority.php:21