MediaWiki master
PostgresUtils.php
Go to the documentation of this file.
1<?php
2
3namespace MediaWiki\Installer\Task;
4
5use MediaWiki\MainConfigNames;
6use Wikimedia\Rdbms\IMaintainableDatabase;
7
11class PostgresUtils {
12 private const MAX_ROLE_SEARCH_DEPTH = 5;
13
15 private $context;
16
17 public function __construct( ITaskContext $context ) {
18 $this->context = $context;
19 }
20
21 public function canCreateAccounts() {
22 $perms = $this->getInstallUserPermissions();
23 return ( $perms && $perms->rolsuper ) || $perms->rolcreaterole;
24 }
25
26 public function isSuperUser() {
27 $perms = $this->getInstallUserPermissions();
28 return $perms && $perms->rolsuper;
29 }
30
36 public function canCreateObjectsForWebUser() {
37 if ( $this->isSuperUser() ) {
38 return true;
39 }
40
41 $status = $this->context->getConnection( ITaskContext::CONN_CREATE_DATABASE );
42 if ( !$status->isOK() ) {
43 return false;
44 }
45 $conn = $status->getDB();
46 $installerId = $conn->selectField( 'pg_catalog.pg_roles', 'oid',
47 [ 'rolname' => $this->context->getOption( 'InstallUser' ) ], __METHOD__ );
48 $webId = $conn->selectField( 'pg_catalog.pg_roles', 'oid',
49 [ 'rolname' => $this->context->getConfigVar( MainConfigNames::DBuser ) ], __METHOD__ );
50
51 return self::isRoleMember( $conn, $installerId, $webId, self::MAX_ROLE_SEARCH_DEPTH );
52 }
53
55 private function getInstallUserPermissions() {
56 $status = $this->context->getConnection( ITaskContext::CONN_CREATE_DATABASE );
57 if ( !$status->isOK() ) {
58 return false;
59 }
60 $conn = $status->getDB();
61 $superuser = $this->context->getOption( 'InstallUser' );
62
63 $row = $conn->selectRow( 'pg_catalog.pg_roles', '*',
64 [ 'rolname' => $superuser ], __METHOD__ );
65
66 return $row;
67 }
68
77 private function isRoleMember( $conn, $targetMember, $group, $maxDepth ) {
78 if ( $targetMember === $group ) {
79 // A role is always a member of itself
80 return true;
81 }
82 // Get all members of the given group
83 $res = $conn->select( 'pg_catalog.pg_auth_members', [ 'member' ],
84 [ 'roleid' => $group ], __METHOD__ );
85 foreach ( $res as $row ) {
86 if ( $row->member == $targetMember ) {
87 // Found target member
88 return true;
89 }
90 // Recursively search each member of the group to see if the target
91 // is a member of it, up to the given maximum depth.
92 if ( $maxDepth > 0 &&
93 $this->isRoleMember( $conn, $targetMember, $row->member, $maxDepth - 1 )
94 ) {
95 // Found member of member
96 return true;
97 }
98 }
99
100 return false;
101 }
102}
MediaWiki\Installer\Task\PostgresUtils\canCreateObjectsForWebUser
canCreateObjectsForWebUser()
Returns true if the install user is able to create objects owned by the web user, false otherwise.
Definition PostgresUtils.php:36
MediaWiki\MainConfigNames
A class containing constants representing the names of configuration variables.
Definition MainConfigNames.php:22
MediaWiki\MainConfigNames\DBuser
const DBuser
Name constant for the DBuser setting, for use with Config::get()
Definition MainConfigNames.php:1098
MediaWiki\Installer\Task\ITaskContext
Dependency bundle and execution context for installer tasks.
Definition ITaskContext.php:14
MediaWiki\Installer\Task\ITaskContext\CONN_CREATE_DATABASE
const CONN_CREATE_DATABASE
A connection for creating DBs, suitable for pre-installation.
Definition ITaskContext.php:18
Wikimedia\Rdbms\IMaintainableDatabase
Advanced database interface for IDatabase handles that include maintenance methods.
Definition IMaintainableDatabase.php:34