A service class for checking permissions To obtain an instance, use MediaWikiServices::getInstance()->getPermissionManager(). More...
Public Member Functions | |
| __construct (ServiceOptions $options, SpecialPageFactory $specialPageFactory, RevisionLookup $revisionLookup, NamespaceInfo $nsInfo, BlockErrorFormatter $blockErrorFormatter) | |
| addTemporaryUserRights (UserIdentity $user, $rights) | |
| Add temporary user rights, only valid for the current scope. More... | |
| getAllPermissions () | |
| Get a list of all available permissions. More... | |
| getGroupPermissions ( $groups) | |
| Get the permissions associated with a given list of groups. More... | |
| getGroupsWithPermission ( $role) | |
| Get all the groups who have a given permission. More... | |
| getNamespaceRestrictionLevels ( $index, UserIdentity $user=null) | |
| Determine which restriction levels it makes sense to use in a namespace, optionally filtered by a user's rights. More... | |
| getPermissionErrors ( $action, User $user, LinkTarget $page, $rigor=self::RIGOR_SECURE, $ignoreErrors=[]) | |
| Can $user perform $action on a page? More... | |
| getUserPermissions (UserIdentity $user) | |
| Get the permissions this user has. More... | |
| groupHasPermission ( $group, $role) | |
| Check, if the given group has the given permission. More... | |
| invalidateUsersRightsCache ( $user=null) | |
| Clears users permissions cache, if specific user is provided it tries to clear permissions cache only for provided user. More... | |
| isBlockedFrom (User $user, LinkTarget $page, $fromReplica=false) | |
| Check if user is blocked from editing a particular article. More... | |
| isEveryoneAllowed ( $right) | |
| Check if all users may be assumed to have the given permission. More... | |
| overrideUserRightsForTesting ( $user, $rights=[]) | |
| Overrides user permissions cache. More... | |
| quickUserCan ( $action, User $user, LinkTarget $page) | |
| A convenience method for calling PermissionManager::userCan with PermissionManager::RIGOR_QUICK. More... | |
| userCan ( $action, User $user, LinkTarget $page, $rigor=self::RIGOR_SECURE) | |
| Can $user perform $action on a page? More... | |
| userHasAllRights (UserIdentity $user,... $actions) | |
| Check if user is allowed to make all actions. More... | |
| userHasAnyRight (UserIdentity $user,... $actions) | |
| Check if user is allowed to make any action. More... | |
| userHasRight (UserIdentity $user, $action='') | |
| Testing a permission. More... | |
Private Member Functions | |
| checkActionPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page) | |
| Check action permissions not already checked in checkQuickPermissions. More... | |
| checkCascadingSourcesRestrictions ( $action, UserIdentity $user, $errors, $rigor, $short, LinkTarget $page) | |
| Check restrictions on cascading pages. More... | |
| checkPageRestrictions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page) | |
| Check against page_restrictions table requirements on this page. More... | |
| checkPermissionHooks ( $action, User $user, $errors, $rigor, $short, LinkTarget $page) | |
| Check various permission hooks. More... | |
| checkQuickPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page) | |
| Permissions checks that fail most often, and which are easiest to test. More... | |
| checkReadPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page) | |
| Check that the user is allowed to read this page. More... | |
| checkSiteConfigPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page) | |
| Check sitewide CSS/JSON/JS permissions. More... | |
| checkSpecialsAndNSPermissions ( $action, UserIdentity $user, $errors, $rigor, $short, LinkTarget $page) | |
| Check permissions on special pages & namespaces. More... | |
| checkUserBlock ( $action, User $user, $errors, $rigor, $short, LinkTarget $page) | |
| Check that the user isn't blocked from editing. More... | |
| checkUserConfigPermissions ( $action, UserIdentity $user, $errors, $rigor, $short, LinkTarget $page) | |
| Check CSS/JSON/JS sub-page permissions. More... | |
| getPermissionErrorsInternal ( $action, User $user, LinkTarget $page, $rigor=self::RIGOR_SECURE, $short=false) | |
| Can $user perform $action on a page? This is an internal function, with multiple levels of checks depending on performance needs; see $rigor below. More... | |
| getRightsCacheKey (UserIdentity $user) | |
| Gets a unique key for user rights cache. More... | |
| isNamespaceProtected ( $index, UserIdentity $user) | |
| Determines if $user is unable to edit pages in namespace because it has been protected. More... | |
| isSameSpecialPage ( $name, LinkTarget $page) | |
| Returns true if this title resolves to the named special page. More... | |
| missingPermissionError ( $action, $short) | |
| Get a description array when the user doesn't have the right to perform $action (i.e. More... | |
| resultToError ( $errors, $result) | |
| Add the resulting error code to the errors array. More... | |
| userCanEditRawHtmlPage (UserIdentity $user) | |
| Check if user is allowed to edit sitewide pages that contain raw HTML. More... | |
Private Attributes | |
| string[] null | $allRights |
| Cached results of getAllRights() More... | |
| BlockErrorFormatter | $blockErrorFormatter |
| bool[] | $cachedRights = [] |
| Cached rights for isEveryoneAllowed, [ right => allowed ]. More... | |
| $coreRights | |
| Array of Strings Core rights. More... | |
| NamespaceInfo | $nsInfo |
| ServiceOptions | $options |
| RevisionLookup | $revisionLookup |
| SpecialPageFactory | $specialPageFactory |
| string[][][] | $temporaryUserRights = [] |
| Temporary user rights, valid for the current request only. More... | |
| string[][] | $usersRights = null |
| Cached user rights. More... | |
Detailed Description
A service class for checking permissions To obtain an instance, use MediaWikiServices::getInstance()->getPermissionManager().
- Since
- 1.33
Definition at line 48 of file PermissionManager.php.
Constructor & Destructor Documentation
◆ __construct()
| MediaWiki\Permissions\PermissionManager::__construct | ( | ServiceOptions | $options, |
| SpecialPageFactory | $specialPageFactory, | ||
| RevisionLookup | $revisionLookup, | ||
| NamespaceInfo | $nsInfo, | ||
| BlockErrorFormatter | $blockErrorFormatter | ||
| ) |
- Parameters
-
ServiceOptions $options SpecialPageFactory $specialPageFactory RevisionLookup $revisionLookup NamespaceInfo $nsInfo BlockErrorFormatter $blockErrorFormatter
Definition at line 201 of file PermissionManager.php.
References MediaWiki\Permissions\PermissionManager\$blockErrorFormatter, MediaWiki\Permissions\PermissionManager\$nsInfo, MediaWiki\Permissions\PermissionManager\$options, MediaWiki\Permissions\PermissionManager\$revisionLookup, MediaWiki\Permissions\PermissionManager\$specialPageFactory, and MediaWiki\Config\ServiceOptions\assertRequiredOptions().
Member Function Documentation
◆ addTemporaryUserRights()
| MediaWiki\Permissions\PermissionManager::addTemporaryUserRights | ( | UserIdentity | $user, |
| $rights | |||
| ) |
Add temporary user rights, only valid for the current scope.
This is meant for making it possible to programatically trigger certain actions that the user wouldn't be able to trigger themselves; e.g. allow users without the bot right to make bot-flagged actions through certain special pages. Returns a "scope guard" variable; whenever that variable goes out of scope or is consumed via ScopedCallback::consume(), the temporary rights are revoked.
- Since
- 1.34
- Parameters
-
UserIdentity $user string | string[] $rights
- Returns
- ScopedCallback
Definition at line 1606 of file PermissionManager.php.
References MediaWiki\User\UserIdentity\getId().
◆ checkActionPermissions()
|
private |
Check action permissions not already checked in checkQuickPermissions.
- Parameters
-
string $action The action to check User $user User to check array $errors List of current errors string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool $short Short circuit on first error LinkTarget $page
- Returns
- array List of errors
Definition at line 932 of file PermissionManager.php.
References MediaWiki\$action, $title, $wgDeleteRevisionsLimit, $wgLang, MediaWiki\Permissions\PermissionManager\checkCascadingSourcesRestrictions(), MediaWiki\Permissions\PermissionManager\checkPageRestrictions(), MediaWiki\Permissions\PermissionManager\getPermissionErrorsInternal(), Title\newFromLinkTarget(), MediaWiki\Permissions\PermissionManager\userCan(), MediaWiki\Permissions\PermissionManager\userHasRight(), and User\whoIs().
◆ checkCascadingSourcesRestrictions()
|
private |
Check restrictions on cascading pages.
- Parameters
-
string $action The action to check UserIdentity $user User to check array $errors List of current errors string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool $short Short circuit on first error LinkTarget $page
- Returns
- array List of errors
Definition at line 875 of file PermissionManager.php.
References MediaWiki\$action, $title, Title\newFromLinkTarget(), and MediaWiki\Permissions\PermissionManager\userHasAllRights().
Referenced by MediaWiki\Permissions\PermissionManager\checkActionPermissions().
◆ checkPageRestrictions()
|
private |
Check against page_restrictions table requirements on this page.
The user must possess all required rights for this action.
- Parameters
-
string $action The action to check User $user User to check array $errors List of current errors string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool $short Short circuit on first error LinkTarget $page
- Returns
- array List of errors
Definition at line 826 of file PermissionManager.php.
References MediaWiki\$action, $title, Title\newFromLinkTarget(), and MediaWiki\Permissions\PermissionManager\userHasRight().
Referenced by MediaWiki\Permissions\PermissionManager\checkActionPermissions().
◆ checkPermissionHooks()
|
private |
Check various permission hooks.
- Parameters
-
string $action The action to check User $user User to check array $errors List of current errors string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool $short Short circuit on first error LinkTarget $page
- Returns
- array List of errors
Definition at line 428 of file PermissionManager.php.
References MediaWiki\$action, $title, Title\newFromLinkTarget(), MediaWiki\Permissions\PermissionManager\resultToError(), and Hooks\run().
◆ checkQuickPermissions()
|
private |
Permissions checks that fail most often, and which are easiest to test.
- Parameters
-
string $action The action to check User $user User to check array $errors List of current errors string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool $short Short circuit on first error LinkTarget $page
- Returns
- array List of errors
Definition at line 729 of file PermissionManager.php.
References MediaWiki\$action, $title, MediaWiki\Permissions\PermissionManager\groupHasPermission(), User\isAnon(), MediaWiki\Permissions\PermissionManager\missingPermissionError(), Title\newFromLinkTarget(), NS_CATEGORY, NS_FILE, NS_USER, Hooks\run(), and MediaWiki\Permissions\PermissionManager\userHasRight().
◆ checkReadPermissions()
|
private |
Check that the user is allowed to read this page.
- Parameters
-
string $action The action to check User $user User to check array $errors List of current errors string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool $short Short circuit on first error LinkTarget $page
- Returns
- array List of errors
Definition at line 503 of file PermissionManager.php.
References MediaWiki\$action, $title, SpecialPage\getTitleFor(), MediaWiki\Permissions\PermissionManager\isEveryoneAllowed(), MediaWiki\Permissions\PermissionManager\isSameSpecialPage(), MediaWiki\Permissions\PermissionManager\missingPermissionError(), Title\newFromLinkTarget(), NS_MAIN, Hooks\run(), and MediaWiki\Permissions\PermissionManager\userHasRight().
◆ checkSiteConfigPermissions()
|
private |
Check sitewide CSS/JSON/JS permissions.
- Parameters
-
string $action The action to check User $user User to check array $errors List of current errors string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool $short Short circuit on first error LinkTarget $page
- Returns
- array List of errors
Definition at line 1069 of file PermissionManager.php.
References MediaWiki\$action, $title, Title\newFromLinkTarget(), MediaWiki\Permissions\PermissionManager\userCanEditRawHtmlPage(), MediaWiki\Permissions\PermissionManager\userHasRight(), and wfMessage().
◆ checkSpecialsAndNSPermissions()
|
private |
Check permissions on special pages & namespaces.
- Parameters
-
string $action The action to check UserIdentity $user User to check array $errors List of current errors string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool $short Short circuit on first error LinkTarget $page
- Returns
- array List of errors
Definition at line 1025 of file PermissionManager.php.
References MediaWiki\$action, $title, MediaWiki\Permissions\PermissionManager\isNamespaceProtected(), Title\newFromLinkTarget(), NS_MAIN, NS_MEDIAWIKI, NS_SPECIAL, and wfMessage().
◆ checkUserBlock()
|
private |
Check that the user isn't blocked from editing.
- Parameters
-
string $action The action to check User $user User to check array $errors List of current errors string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool $short Short circuit on first error LinkTarget $page
- Returns
- array List of errors
Definition at line 637 of file PermissionManager.php.
References MediaWiki\$action, MediaWiki\$context, Action\exists(), Action\factory(), WikiPage\factory(), User\getBlock(), IContextSource\getLanguage(), RequestContext\getMain(), IContextSource\getRequest(), IContextSource\getUser(), MediaWiki\Permissions\PermissionManager\isBlockedFrom(), User\isEmailConfirmed(), and Title\newFromLinkTarget().
◆ checkUserConfigPermissions()
|
private |
Check CSS/JSON/JS sub-page permissions.
- Parameters
-
string $action The action to check UserIdentity $user User to check array $errors List of current errors string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool $short Short circuit on first error LinkTarget $page
- Returns
- array List of errors
Definition at line 1125 of file PermissionManager.php.
References MediaWiki\$action, $content, $title, MediaWiki\User\UserIdentity\getName(), Title\newFromLinkTarget(), NS_USER, Revision\RevisionRecord\RAW, MediaWiki\Permissions\PermissionManager\userHasAnyRight(), and MediaWiki\Permissions\PermissionManager\userHasRight().
◆ getAllPermissions()
| MediaWiki\Permissions\PermissionManager::getAllPermissions | ( | ) |
Get a list of all available permissions.
- Since
- 1.34
- Returns
- string[] Array of permission names
Definition at line 1472 of file PermissionManager.php.
References MediaWiki\Permissions\PermissionManager\$allRights, MediaWiki\Permissions\PermissionManager\$coreRights, and Hooks\run().
◆ getGroupPermissions()
| MediaWiki\Permissions\PermissionManager::getGroupPermissions | ( | $groups | ) |
Get the permissions associated with a given list of groups.
- Since
- 1.34
- Parameters
-
array $groups Array of Strings List of internal group names
- Returns
- array Array of Strings List of permission key names for given groups combined
Definition at line 1369 of file PermissionManager.php.
Referenced by MediaWiki\Permissions\PermissionManager\getUserPermissions().
◆ getGroupsWithPermission()
| MediaWiki\Permissions\PermissionManager::getGroupsWithPermission | ( | $role | ) |
Get all the groups who have a given permission.
- Since
- 1.34
- Parameters
-
string $role Role to check
- Returns
- array Array of Strings List of internal group names with the given permission
Definition at line 1397 of file PermissionManager.php.
References MediaWiki\Permissions\PermissionManager\groupHasPermission().
Referenced by MediaWiki\Permissions\PermissionManager\getNamespaceRestrictionLevels().
◆ getNamespaceRestrictionLevels()
| MediaWiki\Permissions\PermissionManager::getNamespaceRestrictionLevels | ( | $index, | |
| UserIdentity | $user = null |
||
| ) |
Determine which restriction levels it makes sense to use in a namespace, optionally filtered by a user's rights.
- Parameters
-
int $index Index to check UserIdentity | null $user User to check
- Returns
- array
Definition at line 1509 of file PermissionManager.php.
References MediaWiki\Permissions\PermissionManager\getGroupsWithPermission(), and MediaWiki\Permissions\PermissionManager\userHasRight().
◆ getPermissionErrors()
| MediaWiki\Permissions\PermissionManager::getPermissionErrors | ( | $action, | |
| User | $user, | ||
| LinkTarget | $page, | ||
$rigor = self::RIGOR_SECURE, |
|||
$ignoreErrors = [] |
|||
| ) |
Can $user perform $action on a page?
- Todo:
- FIXME: This does not check throttles (User::pingLimiter()).
- Parameters
-
string $action Action that permission needs to be checked for User $user User to check LinkTarget $page string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
array $ignoreErrors Array of Strings Set this to a list of message keys whose corresponding errors may be ignored.
- Returns
- array[] Array of arrays of the arguments to wfMessage to explain permissions problems.
Definition at line 275 of file PermissionManager.php.
References MediaWiki\$action, and MediaWiki\Permissions\PermissionManager\getPermissionErrorsInternal().
◆ getPermissionErrorsInternal()
|
private |
Can $user perform $action on a page? This is an internal function, with multiple levels of checks depending on performance needs; see $rigor below.
It does not check wfReadOnly().
- Parameters
-
string $action Action that permission needs to be checked for User $user User to check LinkTarget $page string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool $short Set this to true to stop after the first permission error.
- Returns
- array[] Array of arrays of the arguments to wfMessage to explain permissions problems.
- Exceptions
-
Exception
Definition at line 355 of file PermissionManager.php.
References MediaWiki\$action.
Referenced by MediaWiki\Permissions\PermissionManager\checkActionPermissions(), MediaWiki\Permissions\PermissionManager\getPermissionErrors(), and MediaWiki\Permissions\PermissionManager\userCan().
◆ getRightsCacheKey()
|
private |
Gets a unique key for user rights cache.
- Parameters
-
UserIdentity $user
- Returns
- string
Definition at line 1336 of file PermissionManager.php.
References MediaWiki\User\UserIdentity\isRegistered().
Referenced by MediaWiki\Permissions\PermissionManager\getUserPermissions(), MediaWiki\Permissions\PermissionManager\invalidateUsersRightsCache(), and MediaWiki\Permissions\PermissionManager\overrideUserRightsForTesting().
◆ getUserPermissions()
| MediaWiki\Permissions\PermissionManager::getUserPermissions | ( | UserIdentity | $user | ) |
Get the permissions this user has.
- Since
- 1.34
- Parameters
-
UserIdentity $user
- Returns
- string[] permission names
Definition at line 1265 of file PermissionManager.php.
References MediaWiki\Permissions\PermissionManager\getGroupPermissions(), MediaWiki\User\UserIdentity\getId(), MediaWiki\Permissions\PermissionManager\getRightsCacheKey(), User\newFromIdentity(), and Hooks\run().
Referenced by MediaWiki\Permissions\PermissionManager\userHasRight().
◆ groupHasPermission()
| MediaWiki\Permissions\PermissionManager::groupHasPermission | ( | $group, | |
| $role | |||
| ) |
Check, if the given group has the given permission.
If you're wanting to check whether all users have a permission, use PermissionManager::isEveryoneAllowed() instead. That properly checks if it's revoked from anyone.
- Since
- 1.34
- Parameters
-
string $group Group to check string $role Role to check
- Returns
- bool
Definition at line 1354 of file PermissionManager.php.
Referenced by MediaWiki\Permissions\PermissionManager\checkQuickPermissions(), and MediaWiki\Permissions\PermissionManager\getGroupsWithPermission().
◆ invalidateUsersRightsCache()
| MediaWiki\Permissions\PermissionManager::invalidateUsersRightsCache | ( | $user = null | ) |
Clears users permissions cache, if specific user is provided it tries to clear permissions cache only for provided user.
- Since
- 1.34
- Parameters
-
User | null $user
Definition at line 1320 of file PermissionManager.php.
References MediaWiki\Permissions\PermissionManager\getRightsCacheKey().
◆ isBlockedFrom()
| MediaWiki\Permissions\PermissionManager::isBlockedFrom | ( | User | $user, |
| LinkTarget | $page, | ||
$fromReplica = false |
|||
| ) |
Check if user is blocked from editing a particular article.
If the user does not have a block, this will return false.
- Parameters
-
User $user LinkTarget $page Title to check bool $fromReplica Whether to check the replica DB instead of the master
- Returns
- bool
Definition at line 309 of file PermissionManager.php.
References $title, User\getBlock(), User\getTalkPage(), User\isAllowUsertalk(), User\isHidden(), Title\newFromLinkTarget(), and Hooks\run().
Referenced by MediaWiki\Permissions\PermissionManager\checkUserBlock().
◆ isEveryoneAllowed()
| MediaWiki\Permissions\PermissionManager::isEveryoneAllowed | ( | $right | ) |
Check if all users may be assumed to have the given permission.
We generally assume so if the right is granted to '*' and isn't revoked on any group. It doesn't attempt to take grants or other extension limitations on rights into account in the general case, though, as that would require it to always return false and defeat the purpose. Specifically, session-based rights restrictions (such as OAuth or bot passwords) are applied based on the current session.
- Parameters
-
string $right Right to check
- Returns
- bool
- Since
- 1.34
Definition at line 1422 of file PermissionManager.php.
References MediaWiki\Session\SessionManager\getGlobalSession(), and Hooks\run().
Referenced by MediaWiki\Permissions\PermissionManager\checkReadPermissions().
◆ isNamespaceProtected()
|
private |
Determines if $user is unable to edit pages in namespace because it has been protected.
- Parameters
-
int $index UserIdentity $user
- Returns
- bool
Definition at line 1493 of file PermissionManager.php.
References MediaWiki\Permissions\PermissionManager\userHasAllRights().
Referenced by MediaWiki\Permissions\PermissionManager\checkSpecialsAndNSPermissions().
◆ isSameSpecialPage()
|
private |
Returns true if this title resolves to the named special page.
- Parameters
-
string $name The special page name LinkTarget $page
- Returns
- bool
Definition at line 610 of file PermissionManager.php.
References MediaWiki\Linker\LinkTarget\getDBkey(), MediaWiki\Linker\LinkTarget\getNamespace(), and NS_SPECIAL.
Referenced by MediaWiki\Permissions\PermissionManager\checkReadPermissions().
◆ missingPermissionError()
|
private |
Get a description array when the user doesn't have the right to perform $action (i.e.
when User::isAllowed() returns false)
- Parameters
-
string $action The action to check bool $short Short circuit on first error
- Returns
- array Array containing an error message key and any parameters
Definition at line 591 of file PermissionManager.php.
References MediaWiki\$action, and User\newFatalPermissionDeniedStatus().
Referenced by MediaWiki\Permissions\PermissionManager\checkQuickPermissions(), and MediaWiki\Permissions\PermissionManager\checkReadPermissions().
◆ overrideUserRightsForTesting()
| MediaWiki\Permissions\PermissionManager::overrideUserRightsForTesting | ( | $user, | |
$rights = [] |
|||
| ) |
Overrides user permissions cache.
- Since
- 1.34
- Parameters
-
User $user string[] | string $rights
- Exceptions
-
Exception
Definition at line 1625 of file PermissionManager.php.
References MediaWiki\Permissions\PermissionManager\getRightsCacheKey().
◆ quickUserCan()
| MediaWiki\Permissions\PermissionManager::quickUserCan | ( | $action, | |
| User | $user, | ||
| LinkTarget | $page | ||
| ) |
A convenience method for calling PermissionManager::userCan with PermissionManager::RIGOR_QUICK.
Suitable for use for nonessential UI controls in common cases, but not for functional access control. May provide false positives, but should never provide a false negative.
- See also
- PermissionManager::userCan()
- Parameters
-
string $action User $user LinkTarget $page
- Returns
- bool
Definition at line 254 of file PermissionManager.php.
References MediaWiki\$action, and MediaWiki\Permissions\PermissionManager\userCan().
◆ resultToError()
|
private |
Add the resulting error code to the errors array.
- Parameters
-
array $errors List of current errors array | string | MessageSpecifier | false $result Result of errors
- Returns
- array List of errors
Definition at line 467 of file PermissionManager.php.
Referenced by MediaWiki\Permissions\PermissionManager\checkPermissionHooks().
◆ userCan()
| MediaWiki\Permissions\PermissionManager::userCan | ( | $action, | |
| User | $user, | ||
| LinkTarget | $page, | ||
$rigor = self::RIGOR_SECURE |
|||
| ) |
Can $user perform $action on a page?
The method is intended to replace Title::userCan() The $user parameter need to be superseded by UserIdentity value in future The $title parameter need to be superseded by PageIdentity value in future
- See also
- Title::userCan()
- Parameters
-
string $action User $user LinkTarget $page string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
- Returns
- bool
Definition at line 235 of file PermissionManager.php.
References MediaWiki\$action, and MediaWiki\Permissions\PermissionManager\getPermissionErrorsInternal().
Referenced by MediaWiki\Permissions\PermissionManager\checkActionPermissions(), and MediaWiki\Permissions\PermissionManager\quickUserCan().
◆ userCanEditRawHtmlPage()
|
private |
Check if user is allowed to edit sitewide pages that contain raw HTML.
Pages listed in $wgRawHtmlMessages allow raw HTML which can be used to deploy CSS or JS code to all users so both rights are required to edit them.
- Parameters
-
UserIdentity $user
- Returns
- bool True if user has both rights
Definition at line 1588 of file PermissionManager.php.
References MediaWiki\Permissions\PermissionManager\userHasAllRights().
Referenced by MediaWiki\Permissions\PermissionManager\checkSiteConfigPermissions().
◆ userHasAllRights()
| MediaWiki\Permissions\PermissionManager::userHasAllRights | ( | UserIdentity | $user, |
| $actions | |||
| ) |
Check if user is allowed to make all actions.
- Parameters
-
UserIdentity $user string ...$actions
- Returns
- bool True if user is allowed to perform all of the given actions
- Since
- 1.34
Definition at line 1247 of file PermissionManager.php.
References MediaWiki\$action, and MediaWiki\Permissions\PermissionManager\userHasRight().
Referenced by MediaWiki\Permissions\PermissionManager\checkCascadingSourcesRestrictions(), MediaWiki\Permissions\PermissionManager\isNamespaceProtected(), and MediaWiki\Permissions\PermissionManager\userCanEditRawHtmlPage().
◆ userHasAnyRight()
| MediaWiki\Permissions\PermissionManager::userHasAnyRight | ( | UserIdentity | $user, |
| $actions | |||
| ) |
Check if user is allowed to make any action.
- Parameters
-
UserIdentity $user string ...$actions
- Returns
- bool True if user is allowed to perform any of the given actions
- Since
- 1.34
Definition at line 1230 of file PermissionManager.php.
References MediaWiki\$action, and MediaWiki\Permissions\PermissionManager\userHasRight().
Referenced by MediaWiki\Permissions\PermissionManager\checkUserConfigPermissions().
◆ userHasRight()
| MediaWiki\Permissions\PermissionManager::userHasRight | ( | UserIdentity | $user, |
$action = '' |
|||
| ) |
Testing a permission.
- Since
- 1.34
- Parameters
-
UserIdentity $user string $action
- Returns
- bool
Definition at line 1213 of file PermissionManager.php.
References MediaWiki\$action, and MediaWiki\Permissions\PermissionManager\getUserPermissions().
Referenced by MediaWiki\Permissions\PermissionManager\checkActionPermissions(), MediaWiki\Permissions\PermissionManager\checkPageRestrictions(), MediaWiki\Permissions\PermissionManager\checkQuickPermissions(), MediaWiki\Permissions\PermissionManager\checkReadPermissions(), MediaWiki\Permissions\PermissionManager\checkSiteConfigPermissions(), MediaWiki\Permissions\PermissionManager\checkUserConfigPermissions(), MediaWiki\Permissions\PermissionManager\getNamespaceRestrictionLevels(), MediaWiki\Permissions\PermissionManager\userHasAllRights(), and MediaWiki\Permissions\PermissionManager\userHasAnyRight().
Member Data Documentation
◆ $allRights
|
private |
Cached results of getAllRights()
Definition at line 88 of file PermissionManager.php.
Referenced by MediaWiki\Permissions\PermissionManager\getAllPermissions().
◆ $blockErrorFormatter
|
private |
Definition at line 91 of file PermissionManager.php.
Referenced by MediaWiki\Permissions\PermissionManager\__construct().
◆ $cachedRights
|
private |
Cached rights for isEveryoneAllowed, [ right => allowed ].
Definition at line 103 of file PermissionManager.php.
◆ $coreRights
|
private |
Array of Strings Core rights.
Each of these should have a corresponding message of the form "right-$right".
Definition at line 111 of file PermissionManager.php.
Referenced by MediaWiki\Permissions\PermissionManager\getAllPermissions().
◆ $nsInfo
|
private |
Definition at line 85 of file PermissionManager.php.
Referenced by MediaWiki\Permissions\PermissionManager\__construct().
◆ $options
|
private |
Definition at line 59 of file PermissionManager.php.
Referenced by MediaWiki\Permissions\PermissionManager\__construct().
◆ $revisionLookup
|
private |
Definition at line 82 of file PermissionManager.php.
Referenced by MediaWiki\Permissions\PermissionManager\__construct().
◆ $specialPageFactory
|
private |
Definition at line 79 of file PermissionManager.php.
Referenced by MediaWiki\Permissions\PermissionManager\__construct().
◆ $temporaryUserRights
|
private |
Temporary user rights, valid for the current request only.
userid => override group => rights
Definition at line 100 of file PermissionManager.php.
◆ $usersRights
|
private |
Cached user rights.
Definition at line 94 of file PermissionManager.php.
The documentation for this class was generated from the following file:
- includes/Permissions/PermissionManager.php
