MediaWiki  master
Public Member Functions | Public Attributes | Private Member Functions | Private Attributes | List of all members
MediaWiki\Permissions\PermissionManager Class Reference

A service class for checking permissions To obtain an instance, use MediaWikiServices::getInstance()->getPermissionManager(). More...

Collaboration diagram for MediaWiki\Permissions\PermissionManager:
Collaboration graph
[legend]

Public Member Functions

 __construct (ServiceOptions $options, SpecialPageFactory $specialPageFactory, NamespaceInfo $nsInfo, GroupPermissionsLookup $groupPermissionsLookup, UserGroupManager $userGroupManager, BlockErrorFormatter $blockErrorFormatter, HookContainer $hookContainer, UserCache $userCache, RedirectLookup $redirectLookup, RestrictionStore $restrictionStore, TitleFormatter $titleFormatter, TempUserConfig $tempUserConfig, UserFactory $userFactory, ActionFactory $actionFactory)
 
 addTemporaryUserRights (UserIdentity $user, $rights)
 Add temporary user rights, only valid for the current function scope. More...
 
 getAllPermissions ()
 Get a list of all available permissions. More...
 
 getGroupPermissions ( $groups)
 Get the permissions associated with a given list of groups. More...
 
 getGroupsWithPermission ( $role)
 Get all the groups who have a given permission. More...
 
 getNamespaceRestrictionLevels ( $index, UserIdentity $user=null)
 Determine which restriction levels it makes sense to use in a namespace, optionally filtered by a user's rights. More...
 
 getPermissionErrors ( $action, User $user, LinkTarget $page, $rigor=self::RIGOR_SECURE, $ignoreErrors=[])
 Can $user perform $action on a page? More...
 
 getUserPermissions (UserIdentity $user)
 Get the permissions this user has. More...
 
 groupHasPermission ( $group, $role)
 Check, if the given group has the given permission. More...
 
 invalidateUsersRightsCache ( $user=null)
 Clear the in-process permission cache for one or all users. More...
 
 isBlockedFrom (User $user, $page, $fromReplica=false)
 Check if user is blocked from editing a particular article. More...
 
 isEveryoneAllowed ( $right)
 Check if all users may be assumed to have the given permission. More...
 
 overrideUserRightsForTesting ( $user, $rights=[])
 Override the user permissions cache. More...
 
 quickUserCan ( $action, User $user, LinkTarget $page)
 A convenience method for calling PermissionManager::userCan with PermissionManager::RIGOR_QUICK. More...
 
 userCan ( $action, User $user, LinkTarget $page, $rigor=self::RIGOR_SECURE)
 Can $user perform $action on a page? More...
 
 userHasAllRights (UserIdentity $user,... $actions)
 Whether the user is allowed to perform all of the given actions. More...
 
 userHasAnyRight (UserIdentity $user,... $actions)
 Whether the user is generally allowed to perform at least one of the actions. More...
 
 userHasRight (UserIdentity $user, $action='')
 Whether the user is generally allowed to perform the given action. More...
 

Public Attributes

const CONSTRUCTOR_OPTIONS
 

Private Member Functions

 checkActionPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page)
 Check action permissions not already checked in checkQuickPermissions. More...
 
 checkCascadingSourcesRestrictions ( $action, UserIdentity $user, $errors, $rigor, $short, LinkTarget $page)
 Check restrictions on cascading pages. More...
 
 checkPageRestrictions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page)
 Check for any page_restrictions table requirements on this page. More...
 
 checkPermissionHooks ( $action, User $user, $errors, $rigor, $short, LinkTarget $page)
 Check various permission hooks. More...
 
 checkQuickPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page)
 Run easy-to-test (or "quick") permissions checks for a given action. More...
 
 checkReadPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page)
 Check that the user is allowed to read this page. More...
 
 checkSiteConfigPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page)
 Check sitewide CSS/JSON/JS permissions. More...
 
 checkSpecialsAndNSPermissions ( $action, UserIdentity $user, $errors, $rigor, $short, LinkTarget $page)
 Check permissions on special pages & namespaces. More...
 
 checkUserBlock ( $action, User $user, $errors, $rigor, $short, LinkTarget $page)
 Check that the user isn't blocked from editing. More...
 
 checkUserConfigPermissions ( $action, UserIdentity $user, $errors, $rigor, $short, LinkTarget $page)
 Check CSS/JSON/JS sub-page permissions. More...
 
 getPermissionErrorsInternal ( $action, User $user, LinkTarget $page, $rigor=self::RIGOR_SECURE, $short=false)
 Can $user perform $action on a page? This is an internal function, with multiple levels of checks depending on performance needs; see $rigor below. More...
 
 getRightsCacheKey (UserIdentity $user)
 Get a unique key for user rights cache. More...
 
 isNamespaceProtected ( $index, UserIdentity $user)
 Determine if $user is unable to edit pages in namespace because it has been protected. More...
 
 isSameSpecialPage ( $name, LinkTarget $page)
 Whether a title resolves to the named special page. More...
 
 missingPermissionError (string $action, bool $short)
 Get a description array for when an action isn't allowed to be performed. More...
 
 resultToError ( $errors, $result)
 Add the resulting error code to the errors array. More...
 
 userCanEditRawHtmlPage (UserIdentity $user)
 Check if user is allowed to edit sitewide pages that contain raw HTML. More...
 

Private Attributes

ActionFactory $actionFactory
 
string[] null $allRights
 Cached results of getAllPermissions() More...
 
BlockErrorFormatter $blockErrorFormatter
 
bool[] $cachedRights = []
 Cached rights for isEveryoneAllowed, [ right => allowed ]. More...
 
 $coreRights
 Array of Strings Core rights. More...
 
GroupPermissionsLookup $groupPermissionsLookup
 
HookRunner $hookRunner
 
NamespaceInfo $nsInfo
 
ServiceOptions $options
 
RedirectLookup $redirectLookup
 
RestrictionStore $restrictionStore
 
SpecialPageFactory $specialPageFactory
 
string[][][] $temporaryUserRights = []
 Temporary user rights, valid for the current request only. More...
 
TempUserConfig $tempUserConfig
 
TitleFormatter $titleFormatter
 
UserCache $userCache
 
UserFactory $userFactory
 
UserGroupManager $userGroupManager
 
string[][] $usersRights = []
 Cached user rights. More...
 

Detailed Description

A service class for checking permissions To obtain an instance, use MediaWikiServices::getInstance()->getPermissionManager().

Since
1.33

Definition at line 56 of file PermissionManager.php.

Constructor & Destructor Documentation

◆ __construct()

MediaWiki\Permissions\PermissionManager::__construct ( ServiceOptions  $options,
SpecialPageFactory  $specialPageFactory,
NamespaceInfo  $nsInfo,
GroupPermissionsLookup  $groupPermissionsLookup,
UserGroupManager  $userGroupManager,
BlockErrorFormatter  $blockErrorFormatter,
HookContainer  $hookContainer,
UserCache  $userCache,
RedirectLookup  $redirectLookup,
RestrictionStore  $restrictionStore,
TitleFormatter  $titleFormatter,
TempUserConfig  $tempUserConfig,
UserFactory  $userFactory,
ActionFactory  $actionFactory 
)
Parameters
ServiceOptions$options
SpecialPageFactory$specialPageFactory
NamespaceInfo$nsInfo
GroupPermissionsLookup$groupPermissionsLookup
UserGroupManager$userGroupManager
BlockErrorFormatter$blockErrorFormatter
HookContainer$hookContainer
UserCache$userCache
RedirectLookup$redirectLookup
RestrictionStore$restrictionStore
TitleFormatter$titleFormatter
TempUserConfig$tempUserConfig
UserFactory$userFactory
ActionFactory$actionFactory

Definition at line 247 of file PermissionManager.php.

References MediaWiki\Permissions\PermissionManager\$actionFactory, MediaWiki\Permissions\PermissionManager\$blockErrorFormatter, MediaWiki\Permissions\PermissionManager\$groupPermissionsLookup, MediaWiki\Permissions\PermissionManager\$nsInfo, MediaWiki\Permissions\PermissionManager\$options, MediaWiki\Permissions\PermissionManager\$redirectLookup, MediaWiki\Permissions\PermissionManager\$restrictionStore, MediaWiki\Permissions\PermissionManager\$specialPageFactory, MediaWiki\Permissions\PermissionManager\$tempUserConfig, MediaWiki\Permissions\PermissionManager\$titleFormatter, MediaWiki\Permissions\PermissionManager\$userCache, MediaWiki\Permissions\PermissionManager\$userFactory, MediaWiki\Permissions\PermissionManager\$userGroupManager, and MediaWiki\Config\ServiceOptions\assertRequiredOptions().

Member Function Documentation

◆ addTemporaryUserRights()

MediaWiki\Permissions\PermissionManager::addTemporaryUserRights ( UserIdentity  $user,
  $rights 
)

Add temporary user rights, only valid for the current function scope.

This is meant for making it possible to programatically trigger certain actions that the user wouldn't be able to trigger themselves; e.g. allow users without the bot right to make bot-flagged actions through certain special pages.

This returns a "scope guard" variable. Its only purpose is to be stored in a variable by the caller, which is automatically closed at the end of the function, at which point the rights are revoked again. Alternatively, you can close it earlier by consuming it via ScopedCallback::consume().

Since
1.34
Parameters
UserIdentity$user
string | string[]$rights
Returns
ScopedCallback

Definition at line 1763 of file PermissionManager.php.

References MediaWiki\User\UserIdentity\getId().

◆ checkActionPermissions()

MediaWiki\Permissions\PermissionManager::checkActionPermissions (   $action,
User  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Check action permissions not already checked in checkQuickPermissions.

Parameters
string$actionThe action to check
User$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the primary DB as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors

Definition at line 1099 of file PermissionManager.php.

◆ checkCascadingSourcesRestrictions()

MediaWiki\Permissions\PermissionManager::checkCascadingSourcesRestrictions (   $action,
UserIdentity  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Check restrictions on cascading pages.

Parameters
string$actionThe action to check
UserIdentity$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the primary DB as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors

Definition at line 1045 of file PermissionManager.php.

References $title, and Title\getCascadeProtectionSources().

◆ checkPageRestrictions()

MediaWiki\Permissions\PermissionManager::checkPageRestrictions (   $action,
User  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Check for any page_restrictions table requirements on this page.

If the page has multiple restrictions, the user must have all of those rights to perform the action in question.

Parameters
string$actionThe action to check
User$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the primary DB as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors

Definition at line 997 of file PermissionManager.php.

References $title.

◆ checkPermissionHooks()

MediaWiki\Permissions\PermissionManager::checkPermissionHooks (   $action,
User  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Check various permission hooks.

Parameters
string$actionThe action to check
User$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the primary DB as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors

Definition at line 534 of file PermissionManager.php.

◆ checkQuickPermissions()

MediaWiki\Permissions\PermissionManager::checkQuickPermissions (   $action,
User  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Run easy-to-test (or "quick") permissions checks for a given action.

Parameters
string$actionThe action to check
User$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the primary DB as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors

Definition at line 886 of file PermissionManager.php.

◆ checkReadPermissions()

MediaWiki\Permissions\PermissionManager::checkReadPermissions (   $action,
User  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Check that the user is allowed to read this page.

Parameters
string$actionThe action to check
User$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the primary DB as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors

Definition at line 607 of file PermissionManager.php.

◆ checkSiteConfigPermissions()

MediaWiki\Permissions\PermissionManager::checkSiteConfigPermissions (   $action,
User  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Check sitewide CSS/JSON/JS permissions.

Parameters
string$actionThe action to check
User$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the primary DB as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors

Definition at line 1259 of file PermissionManager.php.

◆ checkSpecialsAndNSPermissions()

MediaWiki\Permissions\PermissionManager::checkSpecialsAndNSPermissions (   $action,
UserIdentity  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Check permissions on special pages & namespaces.

Parameters
string$actionThe action to check
UserIdentity$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the primary DB as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors

Definition at line 1217 of file PermissionManager.php.

◆ checkUserBlock()

MediaWiki\Permissions\PermissionManager::checkUserBlock (   $action,
User  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Check that the user isn't blocked from editing.

Parameters
string$actionThe action to check
User$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the primary DB as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors

Definition at line 742 of file PermissionManager.php.

◆ checkUserConfigPermissions()

MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions (   $action,
UserIdentity  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Check CSS/JSON/JS sub-page permissions.

Parameters
string$actionThe action to check
UserIdentity$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the primary DB as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors

Definition at line 1313 of file PermissionManager.php.

References $title, MediaWiki\User\UserIdentity\getName(), and NS_USER.

◆ getAllPermissions()

MediaWiki\Permissions\PermissionManager::getAllPermissions ( )

Get a list of all available permissions.

Since
1.34
Returns
string[] Array of permission names

Definition at line 1624 of file PermissionManager.php.

◆ getGroupPermissions()

MediaWiki\Permissions\PermissionManager::getGroupPermissions (   $groups)

Get the permissions associated with a given list of groups.

Since
1.34
Deprecated:
since 1.36 Use GroupPermissionsLookup instead
Parameters
string[]$groupsinternal group names
Returns
string[] permission key names for given groups combined

Definition at line 1544 of file PermissionManager.php.

◆ getGroupsWithPermission()

MediaWiki\Permissions\PermissionManager::getGroupsWithPermission (   $role)

Get all the groups who have a given permission.

Since
1.34
Deprecated:
since 1.36, use GroupPermissionsLookup instead.
Parameters
string$roleRole to check
Returns
string[] internal group names with the given permission

Definition at line 1556 of file PermissionManager.php.

◆ getNamespaceRestrictionLevels()

MediaWiki\Permissions\PermissionManager::getNamespaceRestrictionLevels (   $index,
UserIdentity  $user = null 
)

Determine which restriction levels it makes sense to use in a namespace, optionally filtered by a user's rights.

Parameters
int$indexNamespace ID (index) to check
UserIdentity | null$userUser to check
Returns
string[]

Definition at line 1662 of file PermissionManager.php.

◆ getPermissionErrors()

MediaWiki\Permissions\PermissionManager::getPermissionErrors (   $action,
User  $user,
LinkTarget  $page,
  $rigor = self::RIGOR_SECURE,
  $ignoreErrors = [] 
)

Can $user perform $action on a page?

Todo:
FIXME: This does not check throttles (User::pingLimiter()).
Parameters
string$actionAction that permission needs to be checked for
User$userUser to check
LinkTarget$page
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the primary DB as needed
string[]$ignoreErrorsSet this to a list of message keys whose corresponding errors may be ignored.
Returns
array[] Array of arrays of the arguments to wfMessage to explain permissions problems.

Definition at line 337 of file PermissionManager.php.

◆ getPermissionErrorsInternal()

MediaWiki\Permissions\PermissionManager::getPermissionErrorsInternal (   $action,
User  $user,
LinkTarget  $page,
  $rigor = self::RIGOR_SECURE,
  $short = false 
)
private

Can $user perform $action on a page? This is an internal function, with multiple levels of checks depending on performance needs; see $rigor below.

It does not check ReadOnlyMode::isReadOnly().

Parameters
string$actionAction that permission needs to be checked for
User$userUser to check
LinkTarget$page
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the primary DB as needed
bool$shortSet this to true to stop after the first permission error.
Returns
array[] Array of arrays of the arguments to wfMessage to explain permissions problems.
Exceptions
Exception

Definition at line 420 of file PermissionManager.php.

◆ getRightsCacheKey()

MediaWiki\Permissions\PermissionManager::getRightsCacheKey ( UserIdentity  $user)
private

Get a unique key for user rights cache.

Parameters
UserIdentity$user
Returns
string

Definition at line 1515 of file PermissionManager.php.

◆ getUserPermissions()

MediaWiki\Permissions\PermissionManager::getUserPermissions ( UserIdentity  $user)

Get the permissions this user has.

Since
1.34
Parameters
UserIdentity$user
Returns
string[] permission names

Definition at line 1443 of file PermissionManager.php.

References User\newFromIdentity().

◆ groupHasPermission()

MediaWiki\Permissions\PermissionManager::groupHasPermission (   $group,
  $role 
)

Check, if the given group has the given permission.

If you're wanting to check whether all users have a permission, use PermissionManager::isEveryoneAllowed() instead. That properly checks if it's revoked from anyone.

Since
1.34
Deprecated:
since 1.36 Use GroupPermissionsLookup instead
Parameters
string$groupGroup to check
string$roleRole to check
Returns
bool

Definition at line 1532 of file PermissionManager.php.

◆ invalidateUsersRightsCache()

MediaWiki\Permissions\PermissionManager::invalidateUsersRightsCache (   $user = null)

Clear the in-process permission cache for one or all users.

Since
1.34
Parameters
UserIdentity | null$userIf a specific user is provided it will clear the permission cache only for that user.

Definition at line 1500 of file PermissionManager.php.

◆ isBlockedFrom()

MediaWiki\Permissions\PermissionManager::isBlockedFrom ( User  $user,
  $page,
  $fromReplica = false 
)

Check if user is blocked from editing a particular article.

If the user does not have a block, this will return false.

Parameters
User$user
PageIdentity | LinkTarget$pageTitle to check
bool$fromReplicaWhether to check the replica DB instead of the primary DB
Returns
bool

Definition at line 370 of file PermissionManager.php.

◆ isEveryoneAllowed()

MediaWiki\Permissions\PermissionManager::isEveryoneAllowed (   $right)

Check if all users may be assumed to have the given permission.

We generally assume so if the right is granted to '*' and isn't revoked on any group. It doesn't attempt to take grants or other extension limitations on rights into account in the general case, though, as that would require it to always return false and defeat the purpose. Specifically, session-based rights restrictions (such as OAuth or bot passwords) are applied based on the current session.

Since
1.34
Parameters
string$rightRight to check
Returns
bool

Definition at line 1574 of file PermissionManager.php.

◆ isNamespaceProtected()

MediaWiki\Permissions\PermissionManager::isNamespaceProtected (   $index,
UserIdentity  $user 
)
private

Determine if $user is unable to edit pages in namespace because it has been protected.

Parameters
int$index
UserIdentity$user
Returns
bool

Definition at line 1646 of file PermissionManager.php.

◆ isSameSpecialPage()

MediaWiki\Permissions\PermissionManager::isSameSpecialPage (   $name,
LinkTarget  $page 
)
private

Whether a title resolves to the named special page.

Parameters
string$nameThe special page name
LinkTarget$page
Returns
bool

Definition at line 717 of file PermissionManager.php.

References MediaWiki\Linker\LinkTarget\getDBkey().

◆ missingPermissionError()

MediaWiki\Permissions\PermissionManager::missingPermissionError ( string  $action,
bool  $short 
)
private

Get a description array for when an action isn't allowed to be performed.

Parameters
string$actionThe action to check
bool$shortShort circuit on first error
Returns
array Array containing an error message key and any parameters

Definition at line 699 of file PermissionManager.php.

◆ overrideUserRightsForTesting()

MediaWiki\Permissions\PermissionManager::overrideUserRightsForTesting (   $user,
  $rights = [] 
)

Override the user permissions cache.

Definition at line 1780 of file PermissionManager.php.

◆ quickUserCan()

MediaWiki\Permissions\PermissionManager::quickUserCan (   $action,
User  $user,
LinkTarget  $page 
)

A convenience method for calling PermissionManager::userCan with PermissionManager::RIGOR_QUICK.

Suitable for use for nonessential UI controls in common cases, but not for functional access control. May provide false positives, but should never provide a false negative.

See also
PermissionManager::userCan()
Parameters
string$action
User$user
LinkTarget$page
Returns
bool

Definition at line 316 of file PermissionManager.php.

◆ resultToError()

MediaWiki\Permissions\PermissionManager::resultToError (   $errors,
  $result 
)
private

Add the resulting error code to the errors array.

Parameters
array$errorsList of current errors
array | string | MessageSpecifier | false$resultResult of errors
Returns
array List of errors

Definition at line 573 of file PermissionManager.php.

◆ userCan()

MediaWiki\Permissions\PermissionManager::userCan (   $action,
User  $user,
LinkTarget  $page,
  $rigor = self::RIGOR_SECURE 
)

Can $user perform $action on a page?

The method replaced Title::userCan() The $user parameter need to be superseded by UserIdentity value in future The $title parameter need to be superseded by PageIdentity value in future

Parameters
string$action
User$user
LinkTarget$page
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the primary DB as needed
Returns
bool

Definition at line 297 of file PermissionManager.php.

◆ userCanEditRawHtmlPage()

MediaWiki\Permissions\PermissionManager::userCanEditRawHtmlPage ( UserIdentity  $user)
private

Check if user is allowed to edit sitewide pages that contain raw HTML.

Pages listed in $wgRawHtmlMessages allow raw HTML which can be used to deploy CSS or JS code to all users so both rights are required to edit them.

Parameters
UserIdentity$user
Returns
bool True if user has both rights

Definition at line 1742 of file PermissionManager.php.

◆ userHasAllRights()

MediaWiki\Permissions\PermissionManager::userHasAllRights ( UserIdentity  $user,
  $actions 
)

Whether the user is allowed to perform all of the given actions.

Since
1.34
Parameters
UserIdentity$user
string...$actions
Returns
bool True if user is allowed to perform all of the given actions

Definition at line 1427 of file PermissionManager.php.

◆ userHasAnyRight()

MediaWiki\Permissions\PermissionManager::userHasAnyRight ( UserIdentity  $user,
  $actions 
)

Whether the user is generally allowed to perform at least one of the actions.

Since
1.34
Parameters
UserIdentity$user
string...$actions
Returns
bool True if user is allowed to perform any of the actions

Definition at line 1410 of file PermissionManager.php.

◆ userHasRight()

MediaWiki\Permissions\PermissionManager::userHasRight ( UserIdentity  $user,
  $action = '' 
)

Whether the user is generally allowed to perform the given action.

Since
1.34
Parameters
UserIdentity$user
string$action
Returns
bool True if allowed

Definition at line 1392 of file PermissionManager.php.

Member Data Documentation

◆ $actionFactory

ActionFactory MediaWiki\Permissions\PermissionManager::$actionFactory
private

Definition at line 127 of file PermissionManager.php.

Referenced by MediaWiki\Permissions\PermissionManager\__construct().

◆ $allRights

string [] null MediaWiki\Permissions\PermissionManager::$allRights
private

Cached results of getAllPermissions()

Definition at line 103 of file PermissionManager.php.

◆ $blockErrorFormatter

BlockErrorFormatter MediaWiki\Permissions\PermissionManager::$blockErrorFormatter
private

Definition at line 106 of file PermissionManager.php.

Referenced by MediaWiki\Permissions\PermissionManager\__construct().

◆ $cachedRights

bool [] MediaWiki\Permissions\PermissionManager::$cachedRights = []
private

Cached rights for isEveryoneAllowed, [ right => allowed ].

Definition at line 139 of file PermissionManager.php.

◆ $coreRights

MediaWiki\Permissions\PermissionManager::$coreRights
private
Initial value:
= [
'apihighlimits',
'applychangetags',
'autoconfirmed',
'autocreateaccount',
'autopatrol',
'bigdelete',
'block',
'blockemail',
'bot',
'browsearchive',
'changetags',
'createaccount',
'createpage',
'createtalk',
'delete',
'delete-redirect',
'deletechangetags',
'deletedhistory',
'deletedtext',
'deletelogentry',
'deleterevision',
'edit',
'editcontentmodel',
'editinterface',
'editprotected',
'editmyoptions',
'editmyprivateinfo',
'editmyusercss',
'editmyuserjson',
'editmyuserjs',
'editmyuserjsredirect',
'editmywatchlist',
'editsemiprotected',
'editsitecss',
'editsitejson',
'editsitejs',
'editusercss',
'edituserjson',
'edituserjs',
'hideuser',
'import',
'importupload',
'ipblock-exempt',
'managechangetags',
'markbotedits',
'mergehistory',
'minoredit',
'move',
'movefile',
'move-categorypages',
'move-rootuserpages',
'move-subpages',
'nominornewtalk',
'noratelimit',
'override-export-depth',
'pagelang',
'patrol',
'patrolmarks',
'protect',
'purge',
'read',
'reupload',
'reupload-own',
'reupload-shared',
'rollback',
'sendemail',
'siteadmin',
'suppressionlog',
'suppressredirect',
'suppressrevision',
'unblockself',
'undelete',
'unwatchedpages',
'upload',
'upload_by_url',
'userrights',
'userrights-interwiki',
'viewmyprivateinfo',
'viewmywatchlist',
'viewsuppressed',
'writeapi',
]

Array of Strings Core rights.

Each of these should have a corresponding message of the form "right-$right".

Definition at line 147 of file PermissionManager.php.

◆ $groupPermissionsLookup

GroupPermissionsLookup MediaWiki\Permissions\PermissionManager::$groupPermissionsLookup
private

Definition at line 97 of file PermissionManager.php.

Referenced by MediaWiki\Permissions\PermissionManager\__construct().

◆ $hookRunner

HookRunner MediaWiki\Permissions\PermissionManager::$hookRunner
private

Definition at line 109 of file PermissionManager.php.

◆ $nsInfo

NamespaceInfo MediaWiki\Permissions\PermissionManager::$nsInfo
private

Definition at line 94 of file PermissionManager.php.

Referenced by MediaWiki\Permissions\PermissionManager\__construct().

◆ $options

ServiceOptions MediaWiki\Permissions\PermissionManager::$options
private

Definition at line 85 of file PermissionManager.php.

Referenced by MediaWiki\Permissions\PermissionManager\__construct().

◆ $redirectLookup

RedirectLookup MediaWiki\Permissions\PermissionManager::$redirectLookup
private

Definition at line 91 of file PermissionManager.php.

Referenced by MediaWiki\Permissions\PermissionManager\__construct().

◆ $restrictionStore

RestrictionStore MediaWiki\Permissions\PermissionManager::$restrictionStore
private

Definition at line 115 of file PermissionManager.php.

Referenced by MediaWiki\Permissions\PermissionManager\__construct().

◆ $specialPageFactory

SpecialPageFactory MediaWiki\Permissions\PermissionManager::$specialPageFactory
private

Definition at line 88 of file PermissionManager.php.

Referenced by MediaWiki\Permissions\PermissionManager\__construct().

◆ $temporaryUserRights

string [][][] MediaWiki\Permissions\PermissionManager::$temporaryUserRights = []
private

Temporary user rights, valid for the current request only.

userid => override group => rights

Definition at line 136 of file PermissionManager.php.

◆ $tempUserConfig

TempUserConfig MediaWiki\Permissions\PermissionManager::$tempUserConfig
private

Definition at line 121 of file PermissionManager.php.

Referenced by MediaWiki\Permissions\PermissionManager\__construct().

◆ $titleFormatter

TitleFormatter MediaWiki\Permissions\PermissionManager::$titleFormatter
private

Definition at line 118 of file PermissionManager.php.

Referenced by MediaWiki\Permissions\PermissionManager\__construct().

◆ $userCache

UserCache MediaWiki\Permissions\PermissionManager::$userCache
private

Definition at line 112 of file PermissionManager.php.

Referenced by MediaWiki\Permissions\PermissionManager\__construct().

◆ $userFactory

UserFactory MediaWiki\Permissions\PermissionManager::$userFactory
private

Definition at line 124 of file PermissionManager.php.

Referenced by MediaWiki\Permissions\PermissionManager\__construct().

◆ $userGroupManager

UserGroupManager MediaWiki\Permissions\PermissionManager::$userGroupManager
private

Definition at line 100 of file PermissionManager.php.

Referenced by MediaWiki\Permissions\PermissionManager\__construct().

◆ $usersRights

string [][] MediaWiki\Permissions\PermissionManager::$usersRights = []
private

Cached user rights.

Definition at line 130 of file PermissionManager.php.

◆ CONSTRUCTOR_OPTIONS

const MediaWiki\Permissions\PermissionManager::CONSTRUCTOR_OPTIONS
Initial value:
= [
MainConfigNames::WhitelistRead,
MainConfigNames::WhitelistReadRegexp,
MainConfigNames::EmailConfirmToEdit,
MainConfigNames::BlockDisablesLogin,
MainConfigNames::EnablePartialActionBlocks,
MainConfigNames::GroupPermissions,
MainConfigNames::RevokePermissions,
MainConfigNames::AvailableRights,
MainConfigNames::NamespaceProtection,
MainConfigNames::RestrictionLevels,
MainConfigNames::DeleteRevisionsLimit,
]
MediaWiki\MainConfigNames\AvailableRights
const AvailableRights
Name constant for the AvailableRights setting, for use with Config::get()
Definition: MainConfigNames.php:2831
MediaWiki\MainConfigNames\NamespaceProtection
const NamespaceProtection
Name constant for the NamespaceProtection setting, for use with Config::get()
Definition: MainConfigNames.php:2777
MediaWiki\MainConfigNames\RevokePermissions
const RevokePermissions
Name constant for the RevokePermissions setting, for use with Config::get()
Definition: MainConfigNames.php:2723
MediaWiki\MainConfigNames\WhitelistRead
const WhitelistRead
Name constant for the WhitelistRead setting, for use with Config::get()
Definition: MainConfigNames.php:2693
MediaWiki\MainConfigNames\BlockDisablesLogin
const BlockDisablesLogin
Name constant for the BlockDisablesLogin setting, for use with Config::get()
Definition: MainConfigNames.php:2681
MediaWiki\MainConfigNames\DeleteRevisionsLimit
const DeleteRevisionsLimit
Name constant for the DeleteRevisionsLimit setting, for use with Config::get()
Definition: MainConfigNames.php:2837
MediaWiki\MainConfigNames\EmailConfirmToEdit
const EmailConfirmToEdit
Name constant for the EmailConfirmToEdit setting, for use with Config::get()
Definition: MainConfigNames.php:2705
MediaWiki\MainConfigNames\GroupPermissions
const GroupPermissions
Name constant for the GroupPermissions setting, for use with Config::get()
Definition: MainConfigNames.php:2717
MediaWiki\MainConfigNames\RestrictionLevels
const RestrictionLevels
Name constant for the RestrictionLevels setting, for use with Config::get()
Definition: MainConfigNames.php:2759
MediaWiki\MainConfigNames\WhitelistReadRegexp
const WhitelistReadRegexp
Name constant for the WhitelistReadRegexp setting, for use with Config::get()
Definition: MainConfigNames.php:2699
MediaWiki\MainConfigNames\EnablePartialActionBlocks
const EnablePartialActionBlocks
Name constant for the EnablePartialActionBlocks setting, for use with Config::get()
Definition: MainConfigNames.php:2687
Access: internal
For use by ServiceWiring

Definition at line 70 of file PermissionManager.php.

The documentation for this class was generated from the following file: