MediaWiki master
RestAuthorizeTrait.php
Go to the documentation of this file.
1<?php
2
3namespace MediaWiki\Rest\Handler\Helper;
4
5use MediaWiki\Page\PageIdentity;
6use MediaWiki\Permissions\Authority;
7use MediaWiki\Permissions\PermissionStatus;
8use MediaWiki\Rest\HttpException;
9use Wikimedia\Message\MessageValue;
10
11trait RestAuthorizeTrait {
12 use RestStatusTrait;
13
20 private function authorizeActionOrThrow(
21 Authority $authority,
22 string $action
23 ): void {
24 $status = PermissionStatus::newEmpty();
25 if ( !$authority->authorizeAction( $action, $status ) ) {
26 $this->handleStatus( $status );
27 }
28 }
29
36 private function authorizeReadOrThrow(
37 Authority $authority,
38 string $action,
39 PageIdentity $target
40 ): void {
41 $status = PermissionStatus::newEmpty();
42 if ( !$authority->authorizeRead( $action, $target, $status ) ) {
43 $this->handleStatus( $status );
44 }
45 }
46
53 private function authorizeWriteOrThrow(
54 Authority $authority,
55 string $action,
56 PageIdentity $target
57 ): void {
58 $status = PermissionStatus::newEmpty();
59 if ( !$authority->authorizeWrite( $action, $target, $status ) ) {
60 $this->handleStatus( $status );
61 }
62 }
63
70 private function handleStatus( PermissionStatus $status ): void {
71 // The permission name should always be set, but don't explode if it isn't.
72 $permission = $status->getPermission() ?: '(unknown)';
73
74 if ( $status->isRateLimitExceeded() ) {
75 $this->throwExceptionForStatus(
76 $status,
77 MessageValue::new( 'rest-rate-limit-exceeded', [ $permission ] ),
78 429 // See https://www.rfc-editor.org/rfc/rfc6585#section-4
79 );
80 }
81
82 $this->throwExceptionForStatus(
83 $status,
84 MessageValue::new( 'rest-permission-error', [ $permission ] ),
85 403
86 );
87 }
88
89}
MediaWiki\Permissions\PermissionStatus
A StatusValue for permission errors.
Definition PermissionStatus.php:39
MediaWiki\Permissions\PermissionStatus\getPermission
getPermission()
Returns the name of the permission that was being checked.
Definition PermissionStatus.php:141
MediaWiki\Permissions\PermissionStatus\isRateLimitExceeded
isRateLimitExceeded()
Whether the user is over the rate limit for some action.
Definition PermissionStatus.php:120
MediaWiki\Rest\HttpException
This is the base exception class for non-fatal exceptions thrown from REST handlers.
Definition HttpException.php:12
Wikimedia\Message\MessageValue
Value object representing a message for i18n.
Definition MessageValue.php:18
MediaWiki\Page\PageIdentity
Interface for objects (potentially) representing an editable wiki page.
Definition PageIdentity.php:67
MediaWiki\Permissions\Authority
This interface represents the authority associated with the current execution context,...
Definition Authority.php:37
MediaWiki\Permissions\Authority\authorizeAction
authorizeAction(string $action, PermissionStatus $status=null)
Authorize an action.
MediaWiki\Permissions\Authority\authorizeWrite
authorizeWrite(string $action, PageIdentity $target, PermissionStatus $status=null)
Authorize write access.
MediaWiki\Permissions\Authority\authorizeRead
authorizeRead(string $action, PageIdentity $target, PermissionStatus $status=null)
Authorize read access.
MediaWiki\Rest\Handler\Helper
Copyright (C) 2011-2020 Wikimedia Foundation and others.
Definition HtmlInputTransformHelper.php:20
MediaWiki\Rest\Handler\Helper\RestStatusTrait
trait RestStatusTrait
Trait for handling Status objects in REST handlers.
Definition RestStatusTrait.php:16