MediaWiki master
MediaWiki\Permissions\GrantsInfo Class Reference

Users can authorize applications to use their account via OAuth. More...

Public Member Functions

 __construct (ServiceOptions $options)
 
 getGrantGroups (array $grantsFilter=null)
 Divide the grants into groups.
 
 getGrantRights ( $grants)
 Fetch the rights allowed by a set of grants.
 
 getHiddenGrants ()
 Get the list of grants that are hidden and should always be granted.
 
 getRightsByGrant ()
 Map all grants to corresponding user rights.
 
 getRiskGroupsByGrant (string $default='unknown')
 Returns a map of grant name => risk group.
 
 getValidGrants ()
 List all known grants.
 
 grantsAreValid (array $grants)
 Test that all grants in the list are known.
 

Public Attributes

const CONSTRUCTOR_OPTIONS
 
const RISK_INTERNAL = 'internal'
 Risk level classification for grants which are used for internal purposes and should not be handed out.
 
const RISK_LOW = 'low'
 Risk level classification for grants which aren't particularly risky.
 
const RISK_SECURITY = 'security'
 Risk level classification for grants which can be used to cause damage that is hard or impossible to undo, such as exfiltrating sensitive private data or creating security vulnerabilities.
 
const RISK_VANDALISM = 'vandalism'
 Risk level classification for grants which can be used for disruptive vandalism or other kinds of abuse that couldn't be achieved just by registering new accounts, such as main page vandalism, vandalism of popular templates, page merge vandalism, or blocks.
 

Detailed Description

Users can authorize applications to use their account via OAuth.

Grants are used to limit permissions for these application. This service allows application logic to access grants.

Since
1.38

Definition at line 33 of file GrantsInfo.php.

Constructor & Destructor Documentation

◆ __construct()

MediaWiki\Permissions\GrantsInfo::__construct ( ServiceOptions  $options)
Parameters
ServiceOptions$options

Definition at line 80 of file GrantsInfo.php.

References MediaWiki\Config\ServiceOptions\assertRequiredOptions().

Member Function Documentation

◆ getGrantGroups()

MediaWiki\Permissions\GrantsInfo::getGrantGroups ( array  $grantsFilter = null)

Divide the grants into groups.

Parameters
string[] | null$grantsFilter
Returns
string[][] Map of (group => (grant list))

Definition at line 139 of file GrantsInfo.php.

◆ getGrantRights()

MediaWiki\Permissions\GrantsInfo::getGrantRights (   $grants)

Fetch the rights allowed by a set of grants.

Parameters
string[] | string$grants
Returns
string[]

Definition at line 112 of file GrantsInfo.php.

◆ getHiddenGrants()

MediaWiki\Permissions\GrantsInfo::getHiddenGrants ( )

Get the list of grants that are hidden and should always be granted.

Returns
string[]

Definition at line 163 of file GrantsInfo.php.

◆ getRightsByGrant()

MediaWiki\Permissions\GrantsInfo::getRightsByGrant ( )

Map all grants to corresponding user rights.

Returns
string[][] grant => array of rights in the grant

Definition at line 99 of file GrantsInfo.php.

◆ getRiskGroupsByGrant()

MediaWiki\Permissions\GrantsInfo::getRiskGroupsByGrant ( string  $default = 'unknown')

Returns a map of grant name => risk group.

The risk groups are the GrantsInfo::RISK_* constants, plus $default for grants where the risk level is not defined.

Parameters
string$defaultDefault risk group to assign to grants for which no risk group is configured. $default does not have to be one of the RISK_* constants.
Returns
string[]
Since
1.42

Definition at line 181 of file GrantsInfo.php.

◆ getValidGrants()

MediaWiki\Permissions\GrantsInfo::getValidGrants ( )

List all known grants.

Returns
string[]

Definition at line 91 of file GrantsInfo.php.

◆ grantsAreValid()

MediaWiki\Permissions\GrantsInfo::grantsAreValid ( array  $grants)

Test that all grants in the list are known.

Parameters
string[]$grants
Returns
bool

Definition at line 130 of file GrantsInfo.php.

Member Data Documentation

◆ CONSTRUCTOR_OPTIONS

const MediaWiki\Permissions\GrantsInfo::CONSTRUCTOR_OPTIONS
Initial value:
= [
]
const GrantRiskGroups
Name constant for the GrantRiskGroups setting, for use with Config::get()
const GrantPermissionGroups
Name constant for the GrantPermissionGroups setting, for use with Config::get()
const GrantPermissions
Name constant for the GrantPermissions setting, for use with Config::get()
Access: internal
For use by ServiceWiring

Definition at line 68 of file GrantsInfo.php.

◆ RISK_INTERNAL

const MediaWiki\Permissions\GrantsInfo::RISK_INTERNAL = 'internal'

Risk level classification for grants which are used for internal purposes and should not be handed out.

Definition at line 63 of file GrantsInfo.php.

◆ RISK_LOW

const MediaWiki\Permissions\GrantsInfo::RISK_LOW = 'low'

Risk level classification for grants which aren't particularly risky.

These grants might be abused, e.g. for vandalism, but the effect is easy to undo and the efficiency of abusing them isn't particularly different from registering new user accounts and using those for abuse. Note that risk levels depend on the use case; the default classification is meant for "normal" (public, open registration) wikis. Classification for e.g. a private wiki holding confidential information could be quite different.

Definition at line 43 of file GrantsInfo.php.

◆ RISK_SECURITY

const MediaWiki\Permissions\GrantsInfo::RISK_SECURITY = 'security'

Risk level classification for grants which can be used to cause damage that is hard or impossible to undo, such as exfiltrating sensitive private data or creating security vulnerabilities.

Definition at line 57 of file GrantsInfo.php.

◆ RISK_VANDALISM

const MediaWiki\Permissions\GrantsInfo::RISK_VANDALISM = 'vandalism'

Risk level classification for grants which can be used for disruptive vandalism or other kinds of abuse that couldn't be achieved just by registering new accounts, such as main page vandalism, vandalism of popular templates, page merge vandalism, or blocks.

Definition at line 50 of file GrantsInfo.php.


The documentation for this class was generated from the following file: