MediaWiki  master
MediaWiki\Permissions\PermissionManager Class Reference

A service class for checking permissions To obtain an instance, use MediaWikiServices::getInstance()->getPermissionManager(). More...

Collaboration diagram for MediaWiki\Permissions\PermissionManager:

Public Member Functions

 __construct (ServiceOptions $options, SpecialPageFactory $specialPageFactory, RevisionLookup $revisionLookup, NamespaceInfo $nsInfo, BlockErrorFormatter $blockErrorFormatter)
 
 addTemporaryUserRights (UserIdentity $user, $rights)
 Add temporary user rights, only valid for the current scope. More...
 
 getAllPermissions ()
 Get a list of all available permissions. More...
 
 getGroupPermissions ( $groups)
 Get the permissions associated with a given list of groups. More...
 
 getGroupsWithPermission ( $role)
 Get all the groups who have a given permission. More...
 
 getNamespaceRestrictionLevels ( $index, UserIdentity $user=null)
 Determine which restriction levels it makes sense to use in a namespace, optionally filtered by a user's rights. More...
 
 getPermissionErrors ( $action, User $user, LinkTarget $page, $rigor=self::RIGOR_SECURE, $ignoreErrors=[])
 Can $user perform $action on a page? More...
 
 getUserPermissions (UserIdentity $user)
 Get the permissions this user has. More...
 
 groupHasPermission ( $group, $role)
 Check, if the given group has the given permission. More...
 
 invalidateUsersRightsCache ( $user=null)
 Clears users permissions cache, if specific user is provided it tries to clear permissions cache only for provided user. More...
 
 isBlockedFrom (User $user, LinkTarget $page, $fromReplica=false)
 Check if user is blocked from editing a particular article. More...
 
 isEveryoneAllowed ( $right)
 Check if all users may be assumed to have the given permission. More...
 
 overrideUserRightsForTesting ( $user, $rights=[])
 Overrides user permissions cache. More...
 
 quickUserCan ( $action, User $user, LinkTarget $page)
 A convenience method for calling PermissionManager::userCan with PermissionManager::RIGOR_QUICK. More...
 
 userCan ( $action, User $user, LinkTarget $page, $rigor=self::RIGOR_SECURE)
 Can $user perform $action on a page? More...
 
 userHasAllRights (UserIdentity $user,... $actions)
 Check if user is allowed to make all actions. More...
 
 userHasAnyRight (UserIdentity $user,... $actions)
 Check if user is allowed to make any action. More...
 
 userHasRight (UserIdentity $user, $action='')
 Testing a permission. More...
 

Private Member Functions

 checkActionPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page)
 Check action permissions not already checked in checkQuickPermissions. More...
 
 checkCascadingSourcesRestrictions ( $action, UserIdentity $user, $errors, $rigor, $short, LinkTarget $page)
 Check restrictions on cascading pages. More...
 
 checkPageRestrictions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page)
 Check against page_restrictions table requirements on this page. More...
 
 checkPermissionHooks ( $action, User $user, $errors, $rigor, $short, LinkTarget $page)
 Check various permission hooks. More...
 
 checkQuickPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page)
 Permissions checks that fail most often, and which are easiest to test. More...
 
 checkReadPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page)
 Check that the user is allowed to read this page. More...
 
 checkSiteConfigPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page)
 Check sitewide CSS/JSON/JS permissions. More...
 
 checkSpecialsAndNSPermissions ( $action, UserIdentity $user, $errors, $rigor, $short, LinkTarget $page)
 Check permissions on special pages & namespaces. More...
 
 checkUserBlock ( $action, User $user, $errors, $rigor, $short, LinkTarget $page)
 Check that the user isn't blocked from editing. More...
 
 checkUserConfigPermissions ( $action, UserIdentity $user, $errors, $rigor, $short, LinkTarget $page)
 Check CSS/JSON/JS sub-page permissions. More...
 
 getPermissionErrorsInternal ( $action, User $user, LinkTarget $page, $rigor=self::RIGOR_SECURE, $short=false)
 Can $user perform $action on a page? This is an internal function, with multiple levels of checks depending on performance needs; see $rigor below. More...
 
 getRightsCacheKey (UserIdentity $user)
 Gets a unique key for user rights cache. More...
 
 isNamespaceProtected ( $index, UserIdentity $user)
 Determines if $user is unable to edit pages in namespace because it has been protected. More...
 
 isSameSpecialPage ( $name, LinkTarget $page)
 Returns true if this title resolves to the named special page. More...
 
 missingPermissionError ( $action, $short)
 Get a description array when the user doesn't have the right to perform $action (i.e. More...
 
 resultToError ( $errors, $result)
 Add the resulting error code to the errors array. More...
 

Private Attributes

string [] null $allRights
 Cached results of getAllRights() More...
 
BlockErrorFormatter $blockErrorFormatter
 
bool [] $cachedRights = []
 Cached rights for isEveryoneAllowed, [ right => allowed ]. More...
 
 $coreRights
 Array of Strings Core rights. More...
 
NamespaceInfo $nsInfo
 
ServiceOptions $options
 
RevisionLookup $revisionLookup
 
SpecialPageFactory $specialPageFactory
 
string [][][] $temporaryUserRights = []
 Temporary user rights, valid for the current request only. More...
 
string [][] $usersRights = null
 Cached user rights. More...
 

Detailed Description

A service class for checking permissions To obtain an instance, use MediaWikiServices::getInstance()->getPermissionManager().

Since
1.33

Definition at line 48 of file PermissionManager.php.

Constructor & Destructor Documentation

◆ __construct()

MediaWiki\Permissions\PermissionManager::__construct ( ServiceOptions  $options,
SpecialPageFactory  $specialPageFactory,
RevisionLookup  $revisionLookup,
NamespaceInfo  $nsInfo,
BlockErrorFormatter  $blockErrorFormatter 
)

Member Function Documentation

◆ addTemporaryUserRights()

MediaWiki\Permissions\PermissionManager::addTemporaryUserRights ( UserIdentity  $user,
  $rights 
)

Add temporary user rights, only valid for the current scope.

This is meant for making it possible to programatically trigger certain actions that the user wouldn't be able to trigger themselves; e.g. allow users without the bot right to make bot-flagged actions through certain special pages. Returns a "scope guard" variable; whenever that variable goes out of scope or is consumed via ScopedCallback::consume(), the temporary rights are revoked.

Since
1.34
Parameters
UserIdentity$user
string|string[]$rights
Returns
ScopedCallback

Definition at line 1603 of file PermissionManager.php.

References MediaWiki\User\UserIdentity\getId().

◆ checkActionPermissions()

MediaWiki\Permissions\PermissionManager::checkActionPermissions (   $action,
User  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Check action permissions not already checked in checkQuickPermissions.

Parameters
string$actionThe action to check
User$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors

Definition at line 937 of file PermissionManager.php.

References MediaWiki\$action, $title, $wgDeleteRevisionsLimit, $wgLang, MediaWiki\Permissions\PermissionManager\checkCascadingSourcesRestrictions(), MediaWiki\Permissions\PermissionManager\checkPageRestrictions(), MediaWiki\Permissions\PermissionManager\getPermissionErrorsInternal(), Title\newFromLinkTarget(), MediaWiki\Permissions\PermissionManager\userCan(), MediaWiki\Permissions\PermissionManager\userHasRight(), and User\whoIs().

◆ checkCascadingSourcesRestrictions()

MediaWiki\Permissions\PermissionManager::checkCascadingSourcesRestrictions (   $action,
UserIdentity  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Check restrictions on cascading pages.

Parameters
string$actionThe action to check
UserIdentity$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors

Definition at line 875 of file PermissionManager.php.

References MediaWiki\$action, $title, Title\newFromLinkTarget(), and MediaWiki\Permissions\PermissionManager\userHasAllRights().

Referenced by MediaWiki\Permissions\PermissionManager\checkActionPermissions().

◆ checkPageRestrictions()

MediaWiki\Permissions\PermissionManager::checkPageRestrictions (   $action,
User  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Check against page_restrictions table requirements on this page.

The user must possess all required rights for this action.

Parameters
string$actionThe action to check
User$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors

Definition at line 826 of file PermissionManager.php.

References MediaWiki\$action, $title, Title\newFromLinkTarget(), and MediaWiki\Permissions\PermissionManager\userHasRight().

Referenced by MediaWiki\Permissions\PermissionManager\checkActionPermissions().

◆ checkPermissionHooks()

MediaWiki\Permissions\PermissionManager::checkPermissionHooks (   $action,
User  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Check various permission hooks.

Parameters
string$actionThe action to check
User$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors

Definition at line 428 of file PermissionManager.php.

References MediaWiki\$action, $title, Title\newFromLinkTarget(), MediaWiki\Permissions\PermissionManager\resultToError(), and Hooks\run().

◆ checkQuickPermissions()

MediaWiki\Permissions\PermissionManager::checkQuickPermissions (   $action,
User  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Permissions checks that fail most often, and which are easiest to test.

Parameters
string$actionThe action to check
User$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors

Definition at line 729 of file PermissionManager.php.

References MediaWiki\$action, $title, MediaWiki\Permissions\PermissionManager\groupHasPermission(), User\isAnon(), MediaWiki\Permissions\PermissionManager\missingPermissionError(), Title\newFromLinkTarget(), NS_CATEGORY, NS_FILE, NS_USER, Hooks\run(), and MediaWiki\Permissions\PermissionManager\userHasRight().

◆ checkReadPermissions()

MediaWiki\Permissions\PermissionManager::checkReadPermissions (   $action,
User  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Check that the user is allowed to read this page.

Parameters
string$actionThe action to check
User$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors

Definition at line 503 of file PermissionManager.php.

References MediaWiki\$action, $title, SpecialPage\getTitleFor(), MediaWiki\Permissions\PermissionManager\isEveryoneAllowed(), MediaWiki\Permissions\PermissionManager\isSameSpecialPage(), MediaWiki\Permissions\PermissionManager\missingPermissionError(), Title\newFromLinkTarget(), NS_MAIN, Hooks\run(), and MediaWiki\Permissions\PermissionManager\userHasRight().

◆ checkSiteConfigPermissions()

MediaWiki\Permissions\PermissionManager::checkSiteConfigPermissions (   $action,
User  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Check sitewide CSS/JSON/JS permissions.

Parameters
string$actionThe action to check
User$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors

Definition at line 1074 of file PermissionManager.php.

References MediaWiki\$action, $title, Title\newFromLinkTarget(), MediaWiki\Permissions\PermissionManager\userHasRight(), and wfMessage().

◆ checkSpecialsAndNSPermissions()

MediaWiki\Permissions\PermissionManager::checkSpecialsAndNSPermissions (   $action,
UserIdentity  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Check permissions on special pages & namespaces.

Parameters
string$actionThe action to check
UserIdentity$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors

Definition at line 1030 of file PermissionManager.php.

References MediaWiki\$action, $title, MediaWiki\Permissions\PermissionManager\isNamespaceProtected(), Title\newFromLinkTarget(), NS_MAIN, NS_MEDIAWIKI, NS_SPECIAL, and wfMessage().

◆ checkUserBlock()

MediaWiki\Permissions\PermissionManager::checkUserBlock (   $action,
User  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Check that the user isn't blocked from editing.

Parameters
string$actionThe action to check
User$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors

Definition at line 637 of file PermissionManager.php.

References MediaWiki\$action, MediaWiki\$context, Action\exists(), Action\factory(), WikiPage\factory(), User\getBlock(), IContextSource\getLanguage(), RequestContext\getMain(), IContextSource\getRequest(), IContextSource\getUser(), MediaWiki\Permissions\PermissionManager\isBlockedFrom(), User\isEmailConfirmed(), and Title\newFromLinkTarget().

◆ checkUserConfigPermissions()

MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions (   $action,
UserIdentity  $user,
  $errors,
  $rigor,
  $short,
LinkTarget  $page 
)
private

Check CSS/JSON/JS sub-page permissions.

Parameters
string$actionThe action to check
UserIdentity$userUser to check
array$errorsList of current errors
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool$shortShort circuit on first error
LinkTarget$page
Returns
array List of errors

Definition at line 1134 of file PermissionManager.php.

References MediaWiki\$action, $content, $title, MediaWiki\User\UserIdentity\getName(), Title\newFromLinkTarget(), NS_USER, Revision\RevisionRecord\RAW, MediaWiki\Permissions\PermissionManager\userHasAnyRight(), and MediaWiki\Permissions\PermissionManager\userHasRight().

◆ getAllPermissions()

MediaWiki\Permissions\PermissionManager::getAllPermissions ( )

Get a list of all available permissions.

Since
1.34
Returns
string[] Array of permission names

Definition at line 1481 of file PermissionManager.php.

References MediaWiki\Permissions\PermissionManager\$allRights, MediaWiki\Permissions\PermissionManager\$coreRights, and Hooks\run().

◆ getGroupPermissions()

MediaWiki\Permissions\PermissionManager::getGroupPermissions (   $groups)

Get the permissions associated with a given list of groups.

Since
1.34
Parameters
array$groupsArray of Strings List of internal group names
Returns
array Array of Strings List of permission key names for given groups combined

Definition at line 1378 of file PermissionManager.php.

Referenced by MediaWiki\Permissions\PermissionManager\getUserPermissions().

◆ getGroupsWithPermission()

MediaWiki\Permissions\PermissionManager::getGroupsWithPermission (   $role)

Get all the groups who have a given permission.

Since
1.34
Parameters
string$roleRole to check
Returns
array Array of Strings List of internal group names with the given permission

Definition at line 1406 of file PermissionManager.php.

References MediaWiki\Permissions\PermissionManager\groupHasPermission().

Referenced by MediaWiki\Permissions\PermissionManager\getNamespaceRestrictionLevels().

◆ getNamespaceRestrictionLevels()

MediaWiki\Permissions\PermissionManager::getNamespaceRestrictionLevels (   $index,
UserIdentity  $user = null 
)

Determine which restriction levels it makes sense to use in a namespace, optionally filtered by a user's rights.

Parameters
int$indexIndex to check
UserIdentity | null$userUser to check
Returns
array

Definition at line 1518 of file PermissionManager.php.

References MediaWiki\Permissions\PermissionManager\getGroupsWithPermission(), and MediaWiki\Permissions\PermissionManager\userHasRight().

◆ getPermissionErrors()

MediaWiki\Permissions\PermissionManager::getPermissionErrors (   $action,
User  $user,
LinkTarget  $page,
  $rigor = self::RIGOR_SECURE,
  $ignoreErrors = [] 
)

Can $user perform $action on a page?

Todo:
FIXME: This does not check throttles (User::pingLimiter()).
Parameters
string$actionAction that permission needs to be checked for
User$userUser to check
LinkTarget$page
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
array$ignoreErrorsArray of Strings Set this to a list of message keys whose corresponding errors may be ignored.
Returns
array[] Array of arrays of the arguments to wfMessage to explain permissions problems.

Definition at line 275 of file PermissionManager.php.

References MediaWiki\$action, and MediaWiki\Permissions\PermissionManager\getPermissionErrorsInternal().

◆ getPermissionErrorsInternal()

MediaWiki\Permissions\PermissionManager::getPermissionErrorsInternal (   $action,
User  $user,
LinkTarget  $page,
  $rigor = self::RIGOR_SECURE,
  $short = false 
)
private

Can $user perform $action on a page? This is an internal function, with multiple levels of checks depending on performance needs; see $rigor below.

It does not check wfReadOnly().

Parameters
string$actionAction that permission needs to be checked for
User$userUser to check
LinkTarget$page
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool$shortSet this to true to stop after the first permission error.
Returns
array[] Array of arrays of the arguments to wfMessage to explain permissions problems.
Exceptions
Exception

Definition at line 355 of file PermissionManager.php.

References MediaWiki\$action.

Referenced by MediaWiki\Permissions\PermissionManager\checkActionPermissions(), MediaWiki\Permissions\PermissionManager\getPermissionErrors(), and MediaWiki\Permissions\PermissionManager\userCan().

◆ getRightsCacheKey()

MediaWiki\Permissions\PermissionManager::getRightsCacheKey ( UserIdentity  $user)
private

◆ getUserPermissions()

MediaWiki\Permissions\PermissionManager::getUserPermissions ( UserIdentity  $user)

Get the permissions this user has.

Since
1.34
Parameters
UserIdentity$user
Returns
string[] permission names

Definition at line 1274 of file PermissionManager.php.

References MediaWiki\Permissions\PermissionManager\getGroupPermissions(), MediaWiki\User\UserIdentity\getId(), MediaWiki\Permissions\PermissionManager\getRightsCacheKey(), User\newFromIdentity(), and Hooks\run().

Referenced by MediaWiki\Permissions\PermissionManager\userHasRight().

◆ groupHasPermission()

MediaWiki\Permissions\PermissionManager::groupHasPermission (   $group,
  $role 
)

Check, if the given group has the given permission.

If you're wanting to check whether all users have a permission, use PermissionManager::isEveryoneAllowed() instead. That properly checks if it's revoked from anyone.

Since
1.34
Parameters
string$groupGroup to check
string$roleRole to check
Returns
bool

Definition at line 1363 of file PermissionManager.php.

Referenced by MediaWiki\Permissions\PermissionManager\checkQuickPermissions(), and MediaWiki\Permissions\PermissionManager\getGroupsWithPermission().

◆ invalidateUsersRightsCache()

MediaWiki\Permissions\PermissionManager::invalidateUsersRightsCache (   $user = null)

Clears users permissions cache, if specific user is provided it tries to clear permissions cache only for provided user.

Since
1.34
Parameters
User | null$user

Definition at line 1329 of file PermissionManager.php.

References MediaWiki\Permissions\PermissionManager\getRightsCacheKey().

◆ isBlockedFrom()

MediaWiki\Permissions\PermissionManager::isBlockedFrom ( User  $user,
LinkTarget  $page,
  $fromReplica = false 
)

Check if user is blocked from editing a particular article.

If the user does not have a block, this will return false.

Parameters
User$user
LinkTarget$pageTitle to check
bool$fromReplicaWhether to check the replica DB instead of the master
Returns
bool

Definition at line 309 of file PermissionManager.php.

References $title, User\getBlock(), User\getTalkPage(), User\isAllowUsertalk(), User\isHidden(), Title\newFromLinkTarget(), and Hooks\run().

Referenced by MediaWiki\Permissions\PermissionManager\checkUserBlock().

◆ isEveryoneAllowed()

MediaWiki\Permissions\PermissionManager::isEveryoneAllowed (   $right)

Check if all users may be assumed to have the given permission.

We generally assume so if the right is granted to '*' and isn't revoked on any group. It doesn't attempt to take grants or other extension limitations on rights into account in the general case, though, as that would require it to always return false and defeat the purpose. Specifically, session-based rights restrictions (such as OAuth or bot passwords) are applied based on the current session.

Parameters
string$rightRight to check
Returns
bool
Since
1.34

Definition at line 1431 of file PermissionManager.php.

References MediaWiki\Session\SessionManager\getGlobalSession(), and Hooks\run().

Referenced by MediaWiki\Permissions\PermissionManager\checkReadPermissions().

◆ isNamespaceProtected()

MediaWiki\Permissions\PermissionManager::isNamespaceProtected (   $index,
UserIdentity  $user 
)
private

Determines if $user is unable to edit pages in namespace because it has been protected.

Parameters
$index
UserIdentity$user
Returns
bool

Definition at line 1502 of file PermissionManager.php.

References MediaWiki\Permissions\PermissionManager\userHasAllRights().

Referenced by MediaWiki\Permissions\PermissionManager\checkSpecialsAndNSPermissions().

◆ isSameSpecialPage()

MediaWiki\Permissions\PermissionManager::isSameSpecialPage (   $name,
LinkTarget  $page 
)
private

Returns true if this title resolves to the named special page.

Parameters
string$nameThe special page name
LinkTarget$page
Returns
bool

Definition at line 610 of file PermissionManager.php.

References MediaWiki\Linker\LinkTarget\getDBkey(), MediaWiki\Linker\LinkTarget\getNamespace(), and NS_SPECIAL.

Referenced by MediaWiki\Permissions\PermissionManager\checkReadPermissions().

◆ missingPermissionError()

MediaWiki\Permissions\PermissionManager::missingPermissionError (   $action,
  $short 
)
private

Get a description array when the user doesn't have the right to perform $action (i.e.

when User::isAllowed() returns false)

Parameters
string$actionThe action to check
bool$shortShort circuit on first error
Returns
array Array containing an error message key and any parameters

Definition at line 591 of file PermissionManager.php.

References MediaWiki\$action, and User\newFatalPermissionDeniedStatus().

Referenced by MediaWiki\Permissions\PermissionManager\checkQuickPermissions(), and MediaWiki\Permissions\PermissionManager\checkReadPermissions().

◆ overrideUserRightsForTesting()

MediaWiki\Permissions\PermissionManager::overrideUserRightsForTesting (   $user,
  $rights = [] 
)

Overrides user permissions cache.

Since
1.34
Parameters
User$user
string[]|string$rights
Exceptions
Exception

Definition at line 1622 of file PermissionManager.php.

References MediaWiki\Permissions\PermissionManager\getRightsCacheKey().

◆ quickUserCan()

MediaWiki\Permissions\PermissionManager::quickUserCan (   $action,
User  $user,
LinkTarget  $page 
)

A convenience method for calling PermissionManager::userCan with PermissionManager::RIGOR_QUICK.

Suitable for use for nonessential UI controls in common cases, but not for functional access control. May provide false positives, but should never provide a false negative.

See also
PermissionManager::userCan()
Parameters
string$action
User$user
LinkTarget$page
Returns
bool

Definition at line 254 of file PermissionManager.php.

References MediaWiki\$action, and MediaWiki\Permissions\PermissionManager\userCan().

◆ resultToError()

MediaWiki\Permissions\PermissionManager::resultToError (   $errors,
  $result 
)
private

Add the resulting error code to the errors array.

Parameters
array$errorsList of current errors
array | string | MessageSpecifier | false$resultResult of errors
Returns
array List of errors

Definition at line 467 of file PermissionManager.php.

Referenced by MediaWiki\Permissions\PermissionManager\checkPermissionHooks().

◆ userCan()

MediaWiki\Permissions\PermissionManager::userCan (   $action,
User  $user,
LinkTarget  $page,
  $rigor = self::RIGOR_SECURE 
)

Can $user perform $action on a page?

The method is intended to replace Title::userCan() The $user parameter need to be superseded by UserIdentity value in future The $title parameter need to be superseded by PageIdentity value in future

See also
Title::userCan()
Parameters
string$action
User$user
LinkTarget$page
string$rigorOne of PermissionManager::RIGOR_ constants
  • RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
  • RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
  • RIGOR_SECURE : does cheap and expensive checks, using the master as needed
Returns
bool

Definition at line 235 of file PermissionManager.php.

References MediaWiki\$action, and MediaWiki\Permissions\PermissionManager\getPermissionErrorsInternal().

Referenced by MediaWiki\Permissions\PermissionManager\checkActionPermissions(), and MediaWiki\Permissions\PermissionManager\quickUserCan().

◆ userHasAllRights()

MediaWiki\Permissions\PermissionManager::userHasAllRights ( UserIdentity  $user,
  $actions 
)

Check if user is allowed to make all actions.

Parameters
UserIdentity$user
string...$actions
Returns
bool True if user is allowed to perform all of the given actions
Since
1.34

Definition at line 1256 of file PermissionManager.php.

References MediaWiki\$action, and MediaWiki\Permissions\PermissionManager\userHasRight().

Referenced by MediaWiki\Permissions\PermissionManager\checkCascadingSourcesRestrictions(), and MediaWiki\Permissions\PermissionManager\isNamespaceProtected().

◆ userHasAnyRight()

MediaWiki\Permissions\PermissionManager::userHasAnyRight ( UserIdentity  $user,
  $actions 
)

Check if user is allowed to make any action.

Parameters
UserIdentity$user
string...$actions
Returns
bool True if user is allowed to perform any of the given actions
Since
1.34

Definition at line 1239 of file PermissionManager.php.

References MediaWiki\$action, and MediaWiki\Permissions\PermissionManager\userHasRight().

Referenced by MediaWiki\Permissions\PermissionManager\checkUserConfigPermissions().

◆ userHasRight()

Member Data Documentation

◆ $allRights

string [] null MediaWiki\Permissions\PermissionManager::$allRights
private

Cached results of getAllRights()

Definition at line 88 of file PermissionManager.php.

Referenced by MediaWiki\Permissions\PermissionManager\getAllPermissions().

◆ $blockErrorFormatter

BlockErrorFormatter MediaWiki\Permissions\PermissionManager::$blockErrorFormatter
private

◆ $cachedRights

bool [] MediaWiki\Permissions\PermissionManager::$cachedRights = []
private

Cached rights for isEveryoneAllowed, [ right => allowed ].

Definition at line 103 of file PermissionManager.php.

◆ $coreRights

MediaWiki\Permissions\PermissionManager::$coreRights
private
Initial value:
= [
'apihighlimits',
'applychangetags',
'autoconfirmed',
'autocreateaccount',
'autopatrol',
'bigdelete',
'block',
'blockemail',
'bot',
'browsearchive',
'changetags',
'createaccount',
'createpage',
'createtalk',
'delete',
'deletechangetags',
'deletedhistory',
'deletedtext',
'deletelogentry',
'deleterevision',
'edit',
'editcontentmodel',
'editinterface',
'editprotected',
'editmyoptions',
'editmyprivateinfo',
'editmyusercss',
'editmyuserjson',
'editmyuserjs',
'editmyuserjsredirect',
'editmywatchlist',
'editsemiprotected',
'editsitecss',
'editsitejson',
'editsitejs',
'editusercss',
'edituserjson',
'edituserjs',
'hideuser',
'import',
'importupload',
'ipblock-exempt',
'managechangetags',
'markbotedits',
'mergehistory',
'minoredit',
'move',
'movefile',
'move-categorypages',
'move-rootuserpages',
'move-subpages',
'nominornewtalk',
'noratelimit',
'override-export-depth',
'pagelang',
'patrol',
'patrolmarks',
'protect',
'purge',
'read',
'reupload',
'reupload-own',
'reupload-shared',
'rollback',
'sendemail',
'siteadmin',
'suppressionlog',
'suppressredirect',
'suppressrevision',
'unblockself',
'undelete',
'unwatchedpages',
'upload',
'upload_by_url',
'userrights',
'userrights-interwiki',
'viewmyprivateinfo',
'viewmywatchlist',
'viewsuppressed',
'writeapi',
]

Array of Strings Core rights.

Each of these should have a corresponding message of the form "right-$right".

Definition at line 111 of file PermissionManager.php.

Referenced by MediaWiki\Permissions\PermissionManager\getAllPermissions().

◆ $nsInfo

NamespaceInfo MediaWiki\Permissions\PermissionManager::$nsInfo
private

◆ $options

ServiceOptions MediaWiki\Permissions\PermissionManager::$options
private
Initial value:
=[,,,,,,,,]
public const CONSTRUCTOR_OPTIONS
'WhitelistRead'
'WhitelistReadRegexp'
'EmailConfirmToEdit'
'BlockDisablesLogin'
'GroupPermissions'
'RevokePermissions'
'AvailableRights'
'NamespaceProtection'
'RestrictionLevels'

Definition at line 59 of file PermissionManager.php.

Referenced by MediaWiki\Permissions\PermissionManager\__construct().

◆ $revisionLookup

RevisionLookup MediaWiki\Permissions\PermissionManager::$revisionLookup
private

◆ $specialPageFactory

SpecialPageFactory MediaWiki\Permissions\PermissionManager::$specialPageFactory
private

◆ $temporaryUserRights

string [][][] MediaWiki\Permissions\PermissionManager::$temporaryUserRights = []
private

Temporary user rights, valid for the current request only.

userid => override group => rights

Definition at line 100 of file PermissionManager.php.

◆ $usersRights

string [][] MediaWiki\Permissions\PermissionManager::$usersRights = null
private

Cached user rights.

Definition at line 94 of file PermissionManager.php.


The documentation for this class was generated from the following file: