MediaWiki master
|
A service class for checking permissions To obtain an instance, use MediaWikiServices::getInstance()->getPermissionManager(). More...
Public Member Functions | |
__construct (ServiceOptions $options, SpecialPageFactory $specialPageFactory, NamespaceInfo $nsInfo, GroupPermissionsLookup $groupPermissionsLookup, UserGroupManager $userGroupManager, BlockManager $blockManager, BlockErrorFormatter $blockErrorFormatter, HookContainer $hookContainer, UserIdentityLookup $userIdentityLookup, RedirectLookup $redirectLookup, RestrictionStore $restrictionStore, TitleFormatter $titleFormatter, TempUserConfig $tempUserConfig, UserFactory $userFactory, ActionFactory $actionFactory) | |
addTemporaryUserRights (UserIdentity $user, $rights) | |
Add temporary user rights, only valid for the current function scope. | |
getAllPermissions () | |
Get a list of all permissions that can be managed through group permissions. | |
getApplicableBlock (string $action, User $user, string $rigor, $page, ?WebRequest $request) | |
Return the Block object applicable for the given permission check, if any. | |
getImplicitRights () | |
Get a list of implicit rights. | |
getNamespaceRestrictionLevels ( $index, ?UserIdentity $user=null) | |
Determine which restriction levels it makes sense to use in a namespace, optionally filtered by a user's rights. | |
getPermissionErrors ( $action, User $user, LinkTarget $page, $rigor=self::RIGOR_SECURE, $ignoreErrors=[]) | |
Can $user perform $action on a page? | |
getPermissionStatus ( $action, User $user, LinkTarget $page, $rigor=self::RIGOR_SECURE, $short=false) | |
Can $user perform $action on a page? | |
getUserPermissions (UserIdentity $user) | |
Get the permissions this user has. | |
invalidateUsersRightsCache ( $user=null) | |
Clear the in-process permission cache for one or all users. | |
isBlockedFrom (User $user, $page, $fromReplica=false) | |
Check if user is blocked from editing a particular article. | |
isEveryoneAllowed ( $right) | |
Check if all users may be assumed to have the given permission. | |
newFatalPermissionDeniedStatus ( $permission, IContextSource $context) | |
Factory function for fatal permission-denied errors. | |
overrideUserRightsForTesting ( $user, $rights=[]) | |
Override the user permissions cache. | |
quickUserCan ( $action, User $user, LinkTarget $page) | |
A convenience method for calling PermissionManager::userCan with PermissionManager::RIGOR_QUICK. | |
throwPermissionErrors ( $action, User $user, LinkTarget $page, $rigor=self::RIGOR_SECURE, $ignoreErrors=[]) | |
Like getPermissionErrors , but immediately throw if there are any errors. | |
userCan ( $action, User $user, LinkTarget $page, $rigor=self::RIGOR_SECURE) | |
Can $user perform $action on a page? | |
userHasAllRights (UserIdentity $user,... $actions) | |
Whether the user is allowed to perform all of the given actions. | |
userHasAnyRight (UserIdentity $user,... $actions) | |
Whether the user is generally allowed to perform at least one of the actions. | |
userHasRight (UserIdentity $user, $action='') | |
Whether the user is generally allowed to perform the given action. | |
Public Attributes | |
const | CONSTRUCTOR_OPTIONS |
A service class for checking permissions To obtain an instance, use MediaWikiServices::getInstance()->getPermissionManager().
Definition at line 65 of file PermissionManager.php.
MediaWiki\Permissions\PermissionManager::__construct | ( | ServiceOptions | $options, |
SpecialPageFactory | $specialPageFactory, | ||
NamespaceInfo | $nsInfo, | ||
GroupPermissionsLookup | $groupPermissionsLookup, | ||
UserGroupManager | $userGroupManager, | ||
BlockManager | $blockManager, | ||
BlockErrorFormatter | $blockErrorFormatter, | ||
HookContainer | $hookContainer, | ||
UserIdentityLookup | $userIdentityLookup, | ||
RedirectLookup | $redirectLookup, | ||
RestrictionStore | $restrictionStore, | ||
TitleFormatter | $titleFormatter, | ||
TempUserConfig | $tempUserConfig, | ||
UserFactory | $userFactory, | ||
ActionFactory | $actionFactory ) |
Definition at line 238 of file PermissionManager.php.
References MediaWiki\Config\ServiceOptions\assertRequiredOptions().
MediaWiki\Permissions\PermissionManager::addTemporaryUserRights | ( | UserIdentity | $user, |
$rights ) |
Add temporary user rights, only valid for the current function scope.
This is meant for making it possible to programatically trigger certain actions that the user wouldn't be able to trigger themselves; e.g. allow users without the bot right to make bot-flagged actions through certain special pages.
This returns a "scope guard" variable. Its only purpose is to be stored in a variable by the caller, which is automatically closed at the end of the function, at which point the rights are revoked again. Alternatively, you can close it earlier by consuming it via ScopedCallback::consume().
UserIdentity | $user | |
string | string[] | $rights |
Definition at line 1854 of file PermissionManager.php.
References MediaWiki\User\UserIdentity\getId().
MediaWiki\Permissions\PermissionManager::getAllPermissions | ( | ) |
Get a list of all permissions that can be managed through group permissions.
This does not include implicit rights which are granted to all users automatically.
Definition at line 1692 of file PermissionManager.php.
MediaWiki\Permissions\PermissionManager::getApplicableBlock | ( | string | $action, |
User | $user, | ||
string | $rigor, | ||
$page, | |||
?WebRequest | $request ) |
Return the Block object applicable for the given permission check, if any.
string | $action | The action to check |
User | $user | User to check |
string | $rigor | One of PermissionManager::RIGOR_ constants
|
LinkTarget | PageReference | null | $page | |
WebRequest | null | $request | The request to get the IP and cookies from. If this is null, IP and cookie blocks will not be checked. |
Definition at line 838 of file PermissionManager.php.
MediaWiki\Permissions\PermissionManager::getImplicitRights | ( | ) |
Get a list of implicit rights.
Rights in this list should be granted to all users implicitly.
Implicit rights are defined to allow rate limits to be imposed on permissions
Definition at line 1718 of file PermissionManager.php.
MediaWiki\Permissions\PermissionManager::getNamespaceRestrictionLevels | ( | $index, | |
?UserIdentity | $user = null ) |
Determine which restriction levels it makes sense to use in a namespace, optionally filtered by a user's rights.
int | $index | Namespace ID (index) to check |
UserIdentity | null | $user | User to check |
Definition at line 1753 of file PermissionManager.php.
MediaWiki\Permissions\PermissionManager::getPermissionErrors | ( | $action, | |
User | $user, | ||
LinkTarget | $page, | ||
$rigor = self::RIGOR_SECURE, | |||
$ignoreErrors = [] ) |
Can $user perform $action on a page?
This does not check throttles (User::pingLimiter()). If that's desired, use the Authority interface methods instead.
string | $action | Action that permission needs to be checked for |
User | $user | User to check |
LinkTarget | $page | |
string | $rigor | One of PermissionManager::RIGOR_ constants
|
string[] | $ignoreErrors | Set this to a list of message keys whose corresponding errors may be ignored. |
Definition at line 338 of file PermissionManager.php.
References Wikimedia\Message\MessageSpecifier\getKey().
MediaWiki\Permissions\PermissionManager::getPermissionStatus | ( | $action, | |
User | $user, | ||
LinkTarget | $page, | ||
$rigor = self::RIGOR_SECURE, | |||
$short = false ) |
Can $user perform $action on a page?
This does not check throttles (User::pingLimiter()). If that's desired, use the Authority interface methods instead.
string | $action | Action that permission needs to be checked for |
User | $user | User to check |
LinkTarget | $page | |
string | $rigor | One of PermissionManager::RIGOR_ constants
|
bool | $short | Set this to true to stop after the first permission error. |
$status->isGood()
to tell if the user can perform the action. Use $status->getMessages()
to display errors if the status is not good. Definition at line 425 of file PermissionManager.php.
MediaWiki\Permissions\PermissionManager::getUserPermissions | ( | UserIdentity | $user | ) |
Get the permissions this user has.
UserIdentity | $user |
Definition at line 1548 of file PermissionManager.php.
MediaWiki\Permissions\PermissionManager::invalidateUsersRightsCache | ( | $user = null | ) |
Clear the in-process permission cache for one or all users.
UserIdentity | null | $user | If a specific user is provided it will clear the permission cache only for that user. |
Definition at line 1607 of file PermissionManager.php.
MediaWiki\Permissions\PermissionManager::isBlockedFrom | ( | User | $user, |
$page, | |||
$fromReplica = false ) |
Check if user is blocked from editing a particular article.
If the user does not have a block, this will return false.
User | $user | |
PageIdentity | LinkTarget | $page | Title to check |
bool | $fromReplica | Whether to check the replica DB instead of the primary DB |
Definition at line 397 of file PermissionManager.php.
MediaWiki\Permissions\PermissionManager::isEveryoneAllowed | ( | $right | ) |
Check if all users may be assumed to have the given permission.
We generally assume so if the right is granted to '*' and isn't revoked on any group. It doesn't attempt to take grants or other extension limitations on rights into account in the general case, though, as that would require it to always return false and defeat the purpose. Specifically, session-based rights restrictions (such as OAuth or bot passwords) are applied based on the current session.
string | $right | Right to check |
Definition at line 1640 of file PermissionManager.php.
MediaWiki\Permissions\PermissionManager::newFatalPermissionDeniedStatus | ( | $permission, | |
IContextSource | $context ) |
Factory function for fatal permission-denied errors.
string | $permission | User right required |
IContextSource | $context |
Definition at line 739 of file PermissionManager.php.
MediaWiki\Permissions\PermissionManager::overrideUserRightsForTesting | ( | $user, | |
$rights = [] ) |
Override the user permissions cache.
UserIdentity | $user | |
string[] | string | $rights |
Definition at line 1871 of file PermissionManager.php.
MediaWiki\Permissions\PermissionManager::quickUserCan | ( | $action, | |
User | $user, | ||
LinkTarget | $page ) |
A convenience method for calling PermissionManager::userCan with PermissionManager::RIGOR_QUICK.
Suitable for use for nonessential UI controls in common cases, but not for functional access control. May provide false positives, but should never provide a false negative.
string | $action | |
User | $user | |
LinkTarget | $page |
Definition at line 309 of file PermissionManager.php.
MediaWiki\Permissions\PermissionManager::throwPermissionErrors | ( | $action, | |
User | $user, | ||
LinkTarget | $page, | ||
$rigor = self::RIGOR_SECURE, | |||
$ignoreErrors = [] ) |
Like getPermissionErrors
, but immediately throw if there are any errors.
string | $action | Action that permission needs to be checked for |
User | $user | User to check |
LinkTarget | $page | |
string | $rigor | One of PermissionManager::RIGOR_ constants
|
string[] | $ignoreErrors | Set this to a list of message keys whose corresponding errors may be ignored. |
PermissionsError |
Definition at line 374 of file PermissionManager.php.
MediaWiki\Permissions\PermissionManager::userCan | ( | $action, | |
User | $user, | ||
LinkTarget | $page, | ||
$rigor = self::RIGOR_SECURE ) |
Can $user perform $action on a page?
The method replaced Title::userCan() The $user parameter need to be superseded by UserIdentity value in future The $title parameter need to be superseded by PageIdentity value in future
string | $action | |
User | $user | |
LinkTarget | $page | |
string | $rigor | One of PermissionManager::RIGOR_ constants
|
Definition at line 290 of file PermissionManager.php.
MediaWiki\Permissions\PermissionManager::userHasAllRights | ( | UserIdentity | $user, |
$actions ) |
Whether the user is allowed to perform all of the given actions.
UserIdentity | $user | |
string | ...$actions |
Definition at line 1532 of file PermissionManager.php.
MediaWiki\Permissions\PermissionManager::userHasAnyRight | ( | UserIdentity | $user, |
$actions ) |
Whether the user is generally allowed to perform at least one of the actions.
UserIdentity | $user | |
string | ...$actions |
Definition at line 1515 of file PermissionManager.php.
MediaWiki\Permissions\PermissionManager::userHasRight | ( | UserIdentity | $user, |
$action = '' ) |
Whether the user is generally allowed to perform the given action.
UserIdentity | $user | |
string | $action |
Definition at line 1496 of file PermissionManager.php.
const MediaWiki\Permissions\PermissionManager::CONSTRUCTOR_OPTIONS |
Definition at line 79 of file PermissionManager.php.