MediaWiki  master
MediaWiki\Permissions\PermissionManager Class Reference

A service class for checking permissions To obtain an instance, use MediaWikiServices::getInstance()->getPermissionManager(). More...

Collaboration diagram for MediaWiki\Permissions\PermissionManager:

Public Member Functions

 __construct (SpecialPageFactory $specialPageFactory, $whitelistRead, $whitelistReadRegexp, $emailConfirmToEdit, $blockDisablesLogin, NamespaceInfo $nsInfo)
 
 getPermissionErrors ( $action, User $user, LinkTarget $page, $rigor=self::RIGOR_SECURE, $ignoreErrors=[])
 Can $user perform $action on a page? More...
 
 isBlockedFrom (User $user, LinkTarget $page, $fromReplica=false)
 Check if user is blocked from editing a particular article. More...
 
 userCan ( $action, User $user, LinkTarget $page, $rigor=self::RIGOR_SECURE)
 Can $user perform $action on a page? More...
 

Private Member Functions

 checkActionPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page)
 Check action permissions not already checked in checkQuickPermissions. More...
 
 checkCascadingSourcesRestrictions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page)
 Check restrictions on cascading pages. More...
 
 checkPageRestrictions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page)
 Check against page_restrictions table requirements on this page. More...
 
 checkPermissionHooks ( $action, User $user, $errors, $rigor, $short, LinkTarget $page)
 Check various permission hooks. More...
 
 checkQuickPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page)
 Permissions checks that fail most often, and which are easiest to test. More...
 
 checkReadPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page)
 Check that the user is allowed to read this page. More...
 
 checkSiteConfigPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page)
 Check sitewide CSS/JSON/JS permissions. More...
 
 checkSpecialsAndNSPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page)
 Check permissions on special pages & namespaces. More...
 
 checkUserBlock ( $action, User $user, $errors, $rigor, $short, LinkTarget $page)
 Check that the user isn't blocked from editing. More...
 
 checkUserConfigPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page)
 Check CSS/JSON/JS sub-page permissions. More...
 
 getPermissionErrorsInternal ( $action, User $user, LinkTarget $page, $rigor=self::RIGOR_SECURE, $short=false)
 Can $user perform $action on a page? This is an internal function, with multiple levels of checks depending on performance needs; see $rigor below. More...
 
 isSameSpecialPage ( $name, LinkTarget $page)
 Returns true if this title resolves to the named special page. More...
 
 missingPermissionError ( $action, $short)
 Get a description array when the user doesn't have the right to perform $action (i.e. More...
 
 resultToError ( $errors, $result)
 Add the resulting error code to the errors array. More...
 

Private Attributes

bool $blockDisablesLogin
 If set to true, blocked users will no longer be allowed to log in. More...
 
bool $emailConfirmToEdit
 Require users to confirm email address before they can edit. More...
 
NamespaceInfo $nsInfo
 
SpecialPageFactory $specialPageFactory
 
string [] $whitelistRead
 List of pages names anonymous user may see. More...
 
string [] $whitelistReadRegexp
 Whitelists publicly readable titles with regular expressions. More...
 

Detailed Description

A service class for checking permissions To obtain an instance, use MediaWikiServices::getInstance()->getPermissionManager().

Since
1.33

Definition at line 43 of file PermissionManager.php.

Constructor & Destructor Documentation

◆ __construct()

MediaWiki\Permissions\PermissionManager::__construct ( SpecialPageFactory  $specialPageFactory,
  $whitelistRead,
  $whitelistReadRegexp,
  $emailConfirmToEdit,
  $blockDisablesLogin,
NamespaceInfo  $nsInfo 
)

Member Function Documentation

◆ checkActionPermissions()

MediaWiki\Permissions\PermissionManager::checkActionPermissions (   $action,
User  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Check action permissions not already checked in checkQuickPermissions.

Parameters
string$actionThe action to check
User$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors
Exceptions
Exception

Definition at line 794 of file PermissionManager.php.

References MediaWiki\$action, $wgDeleteRevisionsLimit, $wgLang, MediaWiki\Permissions\PermissionManager\checkCascadingSourcesRestrictions(), MediaWiki\Permissions\PermissionManager\checkPageRestrictions(), MediaWiki\Linker\LinkTarget\getNamespace(), MediaWiki\Permissions\PermissionManager\getPermissionErrorsInternal(), User\isAllowed(), Title\newFromLinkTarget(), MediaWiki\Permissions\PermissionManager\userCan(), and User\whoIs().

◆ checkCascadingSourcesRestrictions()

MediaWiki\Permissions\PermissionManager::checkCascadingSourcesRestrictions (   $action,
User  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Check restrictions on cascading pages.

Parameters
string$actionThe action to check
User$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors

Definition at line 732 of file PermissionManager.php.

References MediaWiki\$action, as, User\isAllowedAll(), list, and Title\newFromLinkTarget().

Referenced by MediaWiki\Permissions\PermissionManager\checkActionPermissions().

◆ checkPageRestrictions()

MediaWiki\Permissions\PermissionManager::checkPageRestrictions (   $action,
User  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Check against page_restrictions table requirements on this page.

The user must possess all required rights for this action.

Parameters
string$actionThe action to check
User$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors

Definition at line 684 of file PermissionManager.php.

References MediaWiki\$action, as, User\isAllowed(), and Title\newFromLinkTarget().

Referenced by MediaWiki\Permissions\PermissionManager\checkActionPermissions().

◆ checkPermissionHooks()

MediaWiki\Permissions\PermissionManager::checkPermissionHooks (   $action,
User  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Check various permission hooks.

Parameters
string$actionThe action to check
User$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors
Exceptions
FatalError
MWException

Definition at line 292 of file PermissionManager.php.

References MediaWiki\$action, Title\newFromLinkTarget(), MediaWiki\Permissions\PermissionManager\resultToError(), and Hooks\run().

◆ checkQuickPermissions()

MediaWiki\Permissions\PermissionManager::checkQuickPermissions (   $action,
User  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Permissions checks that fail most often, and which are easiest to test.

Parameters
string$actionThe action to check
User$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors
Exceptions
FatalError
MWException

Definition at line 589 of file PermissionManager.php.

References MediaWiki\$action, MediaWiki\Linker\LinkTarget\getNamespace(), MediaWiki\Linker\LinkTarget\getText(), User\groupHasPermission(), User\isAllowed(), User\isAnon(), MediaWiki\Permissions\PermissionManager\missingPermissionError(), Title\newFromLinkTarget(), NS_CATEGORY, NS_FILE, NS_USER, and Hooks\run().

◆ checkReadPermissions()

MediaWiki\Permissions\PermissionManager::checkReadPermissions (   $action,
User  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Check that the user is allowed to read this page.

Parameters
string$actionThe action to check
User$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors
Exceptions
FatalError
MWException

Definition at line 369 of file PermissionManager.php.

References MediaWiki\$action, $name, as, MediaWiki\Linker\LinkTarget\getDBkey(), MediaWiki\Linker\LinkTarget\getNamespace(), SpecialPage\getTitleFor(), User\isAllowed(), User\isEveryoneAllowed(), MediaWiki\Permissions\PermissionManager\isSameSpecialPage(), list, MediaWiki\Permissions\PermissionManager\missingPermissionError(), Title\newFromLinkTarget(), NS_MAIN, and Hooks\run().

◆ checkSiteConfigPermissions()

MediaWiki\Permissions\PermissionManager::checkSiteConfigPermissions (   $action,
User  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Check sitewide CSS/JSON/JS permissions.

Parameters
string$actionThe action to check
User$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors

Definition at line 931 of file PermissionManager.php.

References MediaWiki\$action, User\isAllowed(), Title\newFromLinkTarget(), null, and wfMessage().

◆ checkSpecialsAndNSPermissions()

MediaWiki\Permissions\PermissionManager::checkSpecialsAndNSPermissions (   $action,
User  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Check permissions on special pages & namespaces.

Parameters
string$actionThe action to check
User$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors

Definition at line 887 of file PermissionManager.php.

References MediaWiki\$action, MediaWiki\Linker\LinkTarget\getNamespace(), Title\newFromLinkTarget(), NS_MAIN, NS_MEDIAWIKI, NS_SPECIAL, and wfMessage().

◆ checkUserBlock()

MediaWiki\Permissions\PermissionManager::checkUserBlock (   $action,
User  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Check that the user isn't blocked from editing.

Parameters
string$actionThe action to check
User$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors
Exceptions
MWException

Definition at line 502 of file PermissionManager.php.

References MediaWiki\$action, Action\exists(), Action\factory(), WikiPage\factory(), false, User\getBlock(), RequestContext\getMain(), MediaWiki\Permissions\PermissionManager\isBlockedFrom(), User\isEmailConfirmed(), Title\newFromLinkTarget(), and null.

◆ checkUserConfigPermissions()

MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions (   $action,
User  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Check CSS/JSON/JS sub-page permissions.

Parameters
string$actionThe action to check
User$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors

Definition at line 991 of file PermissionManager.php.

References MediaWiki\$action, User\getName(), MediaWiki\Linker\LinkTarget\getText(), User\isAllowed(), User\isAllowedAny(), and Title\newFromLinkTarget().

◆ getPermissionErrors()

MediaWiki\Permissions\PermissionManager::getPermissionErrors (   $action,
User  $user,
LinkTarget  $page,
  $rigor = self::RIGOR_SECURE,
  $ignoreErrors = [] 
)

Can $user perform $action on a page?

Todo:
FIXME: This does not check throttles (User::pingLimiter()).
Parameters
string$actionAction that permission needs to be checked for
User$userUser to check
LinkTarget$page
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
array$ignoreErrorsArray of Strings Set this to a list of message keys whose corresponding errors may be ignored.
Returns
array Array of arrays of the arguments to wfMessage to explain permissions problems.
Exceptions
Exception

Definition at line 138 of file PermissionManager.php.

References MediaWiki\$action, as, and MediaWiki\Permissions\PermissionManager\getPermissionErrorsInternal().

◆ getPermissionErrorsInternal()

MediaWiki\Permissions\PermissionManager::getPermissionErrorsInternal (   $action,
User  $user,
LinkTarget  $page,
  $rigor = self::RIGOR_SECURE,
  $short = false 
)
private

Can $user perform $action on a page? This is an internal function, with multiple levels of checks depending on performance needs; see $rigor below.

It does not check wfReadOnly().

Parameters
string$actionAction that permission needs to be checked for
User$userUser to check
LinkTarget$page
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool$shortSet this to true to stop after the first permission error.
Returns
array Array of arrays of the arguments to wfMessage to explain permissions problems.
Exceptions
Exception

Definition at line 217 of file PermissionManager.php.

References MediaWiki\$action, and as.

Referenced by MediaWiki\Permissions\PermissionManager\checkActionPermissions(), MediaWiki\Permissions\PermissionManager\getPermissionErrors(), and MediaWiki\Permissions\PermissionManager\userCan().

◆ isBlockedFrom()

MediaWiki\Permissions\PermissionManager::isBlockedFrom ( User  $user,
LinkTarget  $page,
  $fromReplica = false 
)

Check if user is blocked from editing a particular article.

Parameters
User$user
LinkTarget$pageTitle to check
bool$fromReplicaWhether to check the replica DB instead of the master
Returns
bool
Exceptions
FatalError
MWException

Definition at line 173 of file PermissionManager.php.

References User\getBlock(), User\getTalkPage(), User\isAllowUsertalk(), User\isHidden(), Title\newFromLinkTarget(), and Hooks\run().

Referenced by MediaWiki\Permissions\PermissionManager\checkUserBlock().

◆ isSameSpecialPage()

MediaWiki\Permissions\PermissionManager::isSameSpecialPage (   $name,
LinkTarget  $page 
)
private

Returns true if this title resolves to the named special page.

Parameters
string$nameThe special page name
LinkTarget$page
Returns
bool

Definition at line 474 of file PermissionManager.php.

References $name, MediaWiki\Linker\LinkTarget\getDBkey(), MediaWiki\Linker\LinkTarget\getNamespace(), list, and NS_SPECIAL.

Referenced by MediaWiki\Permissions\PermissionManager\checkReadPermissions().

◆ missingPermissionError()

MediaWiki\Permissions\PermissionManager::missingPermissionError (   $action,
  $short 
)
private

Get a description array when the user doesn't have the right to perform $action (i.e.

when User::isAllowed() returns false)

Parameters
string$actionThe action to check
bool$shortShort circuit on first error
Returns
array Array containing an error message key and any parameters

Definition at line 455 of file PermissionManager.php.

References MediaWiki\$action, and User\newFatalPermissionDeniedStatus().

Referenced by MediaWiki\Permissions\PermissionManager\checkQuickPermissions(), and MediaWiki\Permissions\PermissionManager\checkReadPermissions().

◆ resultToError()

MediaWiki\Permissions\PermissionManager::resultToError (   $errors,
  $result 
)
private

Add the resulting error code to the errors array.

Parameters
array$errorsList of current errors
array | string | MessageSpecifier | false$resultResult of errors
Returns
array List of errors

Definition at line 331 of file PermissionManager.php.

Referenced by MediaWiki\Permissions\PermissionManager\checkPermissionHooks().

◆ userCan()

MediaWiki\Permissions\PermissionManager::userCan (   $action,
User  $user,
LinkTarget  $page,
  $rigor = self::RIGOR_SECURE 
)

Can $user perform $action on a page?

The method is intended to replace Title::userCan() The $user parameter need to be superseded by UserIdentity value in future The $title parameter need to be superseded by PageIdentity value in future

See also
Title::userCan()
Parameters
string$action
User$user
LinkTarget$page
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
Returns
bool
Exceptions
Exception

Definition at line 116 of file PermissionManager.php.

References MediaWiki\$action, and MediaWiki\Permissions\PermissionManager\getPermissionErrorsInternal().

Referenced by MediaWiki\Permissions\PermissionManager\checkActionPermissions().

Member Data Documentation

◆ $blockDisablesLogin

bool MediaWiki\Permissions\PermissionManager::$blockDisablesLogin
private

If set to true, blocked users will no longer be allowed to log in.

Definition at line 67 of file PermissionManager.php.

Referenced by MediaWiki\Permissions\PermissionManager\__construct().

◆ $emailConfirmToEdit

bool MediaWiki\Permissions\PermissionManager::$emailConfirmToEdit
private

Require users to confirm email address before they can edit.

Definition at line 64 of file PermissionManager.php.

Referenced by MediaWiki\Permissions\PermissionManager\__construct().

◆ $nsInfo

NamespaceInfo MediaWiki\Permissions\PermissionManager::$nsInfo
private

◆ $specialPageFactory

SpecialPageFactory MediaWiki\Permissions\PermissionManager::$specialPageFactory
private
Initial value:
=
const RIGOR_SECURE 'secure'

Definition at line 51 of file PermissionManager.php.

Referenced by MediaWiki\Permissions\PermissionManager\__construct().

◆ $whitelistRead

string [] MediaWiki\Permissions\PermissionManager::$whitelistRead
private

List of pages names anonymous user may see.

Definition at line 58 of file PermissionManager.php.

Referenced by MediaWiki\Permissions\PermissionManager\__construct().

◆ $whitelistReadRegexp

string [] MediaWiki\Permissions\PermissionManager::$whitelistReadRegexp
private

Whitelists publicly readable titles with regular expressions.

Definition at line 61 of file PermissionManager.php.

Referenced by MediaWiki\Permissions\PermissionManager\__construct().


The documentation for this class was generated from the following file: