A service class for checking permissions To obtain an instance, use MediaWikiServices::getInstance()->getPermissionManager(). More...
Public Member Functions | |
| __construct (SpecialPageFactory $specialPageFactory, $whitelistRead, $whitelistReadRegexp, $emailConfirmToEdit, $blockDisablesLogin, NamespaceInfo $nsInfo) | |
| getPermissionErrors ( $action, User $user, LinkTarget $page, $rigor=self::RIGOR_SECURE, $ignoreErrors=[]) | |
| Can $user perform $action on a page? More... | |
| isBlockedFrom (User $user, LinkTarget $page, $fromReplica=false) | |
| Check if user is blocked from editing a particular article. More... | |
| userCan ( $action, User $user, LinkTarget $page, $rigor=self::RIGOR_SECURE) | |
| Can $user perform $action on a page? More... | |
Private Member Functions | |
| checkActionPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page) | |
| Check action permissions not already checked in checkQuickPermissions. More... | |
| checkCascadingSourcesRestrictions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page) | |
| Check restrictions on cascading pages. More... | |
| checkPageRestrictions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page) | |
| Check against page_restrictions table requirements on this page. More... | |
| checkPermissionHooks ( $action, User $user, $errors, $rigor, $short, LinkTarget $page) | |
| Check various permission hooks. More... | |
| checkQuickPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page) | |
| Permissions checks that fail most often, and which are easiest to test. More... | |
| checkReadPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page) | |
| Check that the user is allowed to read this page. More... | |
| checkSiteConfigPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page) | |
| Check sitewide CSS/JSON/JS permissions. More... | |
| checkSpecialsAndNSPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page) | |
| Check permissions on special pages & namespaces. More... | |
| checkUserBlock ( $action, User $user, $errors, $rigor, $short, LinkTarget $page) | |
| Check that the user isn't blocked from editing. More... | |
| checkUserConfigPermissions ( $action, User $user, $errors, $rigor, $short, LinkTarget $page) | |
| Check CSS/JSON/JS sub-page permissions. More... | |
| getPermissionErrorsInternal ( $action, User $user, LinkTarget $page, $rigor=self::RIGOR_SECURE, $short=false) | |
| Can $user perform $action on a page? This is an internal function, with multiple levels of checks depending on performance needs; see $rigor below. More... | |
| isSameSpecialPage ( $name, LinkTarget $page) | |
| Returns true if this title resolves to the named special page. More... | |
| missingPermissionError ( $action, $short) | |
| Get a description array when the user doesn't have the right to perform $action (i.e. More... | |
| resultToError ( $errors, $result) | |
| Add the resulting error code to the errors array. More... | |
Private Attributes | |
| bool | $blockDisablesLogin |
| If set to true, blocked users will no longer be allowed to log in. More... | |
| bool | $emailConfirmToEdit |
| Require users to confirm email address before they can edit. More... | |
| NamespaceInfo | $nsInfo |
| SpecialPageFactory | $specialPageFactory |
| string [] | $whitelistRead |
| List of pages names anonymous user may see. More... | |
| string [] | $whitelistReadRegexp |
| Whitelists publicly readable titles with regular expressions. More... | |
Detailed Description
A service class for checking permissions To obtain an instance, use MediaWikiServices::getInstance()->getPermissionManager().
- Since
- 1.33
Definition at line 43 of file PermissionManager.php.
Constructor & Destructor Documentation
◆ __construct()
| MediaWiki\Permissions\PermissionManager::__construct | ( | SpecialPageFactory | $specialPageFactory, |
| $whitelistRead, | |||
| $whitelistReadRegexp, | |||
| $emailConfirmToEdit, | |||
| $blockDisablesLogin, | |||
| NamespaceInfo | $nsInfo | ||
| ) |
- Parameters
-
SpecialPageFactory $specialPageFactory string[] $whitelistRead string[] $whitelistReadRegexp bool $emailConfirmToEdit bool $blockDisablesLogin NamespaceInfo $nsInfo
Definition at line 80 of file PermissionManager.php.
References MediaWiki\Permissions\PermissionManager\$blockDisablesLogin, MediaWiki\Permissions\PermissionManager\$emailConfirmToEdit, MediaWiki\Permissions\PermissionManager\$nsInfo, MediaWiki\Permissions\PermissionManager\$specialPageFactory, MediaWiki\Permissions\PermissionManager\$whitelistRead, and MediaWiki\Permissions\PermissionManager\$whitelistReadRegexp.
Member Function Documentation
◆ checkActionPermissions()
|
private |
Check action permissions not already checked in checkQuickPermissions.
- Parameters
-
string $action The action to check User $user User to check array $errors List of current errors string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool $short Short circuit on first error LinkTarget $page
- Returns
- array List of errors
- Exceptions
-
Exception
Definition at line 794 of file PermissionManager.php.
References MediaWiki\$action, $wgDeleteRevisionsLimit, $wgLang, MediaWiki\Permissions\PermissionManager\checkCascadingSourcesRestrictions(), MediaWiki\Permissions\PermissionManager\checkPageRestrictions(), MediaWiki\Linker\LinkTarget\getNamespace(), MediaWiki\Permissions\PermissionManager\getPermissionErrorsInternal(), User\isAllowed(), Title\newFromLinkTarget(), MediaWiki\Permissions\PermissionManager\userCan(), and User\whoIs().
◆ checkCascadingSourcesRestrictions()
|
private |
Check restrictions on cascading pages.
- Parameters
-
string $action The action to check User $user User to check array $errors List of current errors string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool $short Short circuit on first error LinkTarget $page
- Returns
- array List of errors
Definition at line 732 of file PermissionManager.php.
References MediaWiki\$action, as, User\isAllowedAll(), list, and Title\newFromLinkTarget().
Referenced by MediaWiki\Permissions\PermissionManager\checkActionPermissions().
◆ checkPageRestrictions()
|
private |
Check against page_restrictions table requirements on this page.
The user must possess all required rights for this action.
- Parameters
-
string $action The action to check User $user User to check array $errors List of current errors string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool $short Short circuit on first error LinkTarget $page
- Returns
- array List of errors
Definition at line 684 of file PermissionManager.php.
References MediaWiki\$action, as, User\isAllowed(), and Title\newFromLinkTarget().
Referenced by MediaWiki\Permissions\PermissionManager\checkActionPermissions().
◆ checkPermissionHooks()
|
private |
Check various permission hooks.
- Parameters
-
string $action The action to check User $user User to check array $errors List of current errors string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool $short Short circuit on first error LinkTarget $page
- Returns
- array List of errors
- Exceptions
-
FatalError MWException
Definition at line 292 of file PermissionManager.php.
References MediaWiki\$action, Title\newFromLinkTarget(), MediaWiki\Permissions\PermissionManager\resultToError(), and Hooks\run().
◆ checkQuickPermissions()
|
private |
Permissions checks that fail most often, and which are easiest to test.
- Parameters
-
string $action The action to check User $user User to check array $errors List of current errors string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool $short Short circuit on first error LinkTarget $page
- Returns
- array List of errors
- Exceptions
-
FatalError MWException
Definition at line 589 of file PermissionManager.php.
References MediaWiki\$action, MediaWiki\Linker\LinkTarget\getNamespace(), MediaWiki\Linker\LinkTarget\getText(), User\groupHasPermission(), User\isAllowed(), User\isAnon(), MediaWiki\Permissions\PermissionManager\missingPermissionError(), Title\newFromLinkTarget(), NS_CATEGORY, NS_FILE, NS_USER, and Hooks\run().
◆ checkReadPermissions()
|
private |
Check that the user is allowed to read this page.
- Parameters
-
string $action The action to check User $user User to check array $errors List of current errors string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool $short Short circuit on first error LinkTarget $page
- Returns
- array List of errors
- Exceptions
-
FatalError MWException
Definition at line 369 of file PermissionManager.php.
References MediaWiki\$action, $name, as, MediaWiki\Linker\LinkTarget\getDBkey(), MediaWiki\Linker\LinkTarget\getNamespace(), SpecialPage\getTitleFor(), User\isAllowed(), User\isEveryoneAllowed(), MediaWiki\Permissions\PermissionManager\isSameSpecialPage(), list, MediaWiki\Permissions\PermissionManager\missingPermissionError(), Title\newFromLinkTarget(), NS_MAIN, and Hooks\run().
◆ checkSiteConfigPermissions()
|
private |
Check sitewide CSS/JSON/JS permissions.
- Parameters
-
string $action The action to check User $user User to check array $errors List of current errors string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool $short Short circuit on first error LinkTarget $page
- Returns
- array List of errors
Definition at line 931 of file PermissionManager.php.
References MediaWiki\$action, User\isAllowed(), Title\newFromLinkTarget(), null, and wfMessage().
◆ checkSpecialsAndNSPermissions()
|
private |
Check permissions on special pages & namespaces.
- Parameters
-
string $action The action to check User $user User to check array $errors List of current errors string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool $short Short circuit on first error LinkTarget $page
- Returns
- array List of errors
Definition at line 887 of file PermissionManager.php.
References MediaWiki\$action, MediaWiki\Linker\LinkTarget\getNamespace(), Title\newFromLinkTarget(), NS_MAIN, NS_MEDIAWIKI, NS_SPECIAL, and wfMessage().
◆ checkUserBlock()
|
private |
Check that the user isn't blocked from editing.
- Parameters
-
string $action The action to check User $user User to check array $errors List of current errors string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool $short Short circuit on first error LinkTarget $page
- Returns
- array List of errors
- Exceptions
-
MWException
Definition at line 502 of file PermissionManager.php.
References MediaWiki\$action, Action\exists(), Action\factory(), WikiPage\factory(), false, User\getBlock(), RequestContext\getMain(), MediaWiki\Permissions\PermissionManager\isBlockedFrom(), User\isEmailConfirmed(), Title\newFromLinkTarget(), and null.
◆ checkUserConfigPermissions()
|
private |
Check CSS/JSON/JS sub-page permissions.
- Parameters
-
string $action The action to check User $user User to check array $errors List of current errors string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool $short Short circuit on first error LinkTarget $page
- Returns
- array List of errors
Definition at line 991 of file PermissionManager.php.
References MediaWiki\$action, User\getName(), MediaWiki\Linker\LinkTarget\getText(), User\isAllowed(), User\isAllowedAny(), and Title\newFromLinkTarget().
◆ getPermissionErrors()
| MediaWiki\Permissions\PermissionManager::getPermissionErrors | ( | $action, | |
| User | $user, | ||
| LinkTarget | $page, | ||
$rigor = self::RIGOR_SECURE, |
|||
$ignoreErrors = [] |
|||
| ) |
Can $user perform $action on a page?
- Todo:
- FIXME: This does not check throttles (User::pingLimiter()).
- Parameters
-
string $action Action that permission needs to be checked for User $user User to check LinkTarget $page string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
array $ignoreErrors Array of Strings Set this to a list of message keys whose corresponding errors may be ignored.
- Returns
- array Array of arrays of the arguments to wfMessage to explain permissions problems.
- Exceptions
-
Exception
Definition at line 138 of file PermissionManager.php.
References MediaWiki\$action, as, and MediaWiki\Permissions\PermissionManager\getPermissionErrorsInternal().
◆ getPermissionErrorsInternal()
|
private |
Can $user perform $action on a page? This is an internal function, with multiple levels of checks depending on performance needs; see $rigor below.
It does not check wfReadOnly().
- Parameters
-
string $action Action that permission needs to be checked for User $user User to check LinkTarget $page string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
bool $short Set this to true to stop after the first permission error.
- Returns
- array Array of arrays of the arguments to wfMessage to explain permissions problems.
- Exceptions
-
Exception
Definition at line 217 of file PermissionManager.php.
References MediaWiki\$action, and as.
Referenced by MediaWiki\Permissions\PermissionManager\checkActionPermissions(), MediaWiki\Permissions\PermissionManager\getPermissionErrors(), and MediaWiki\Permissions\PermissionManager\userCan().
◆ isBlockedFrom()
| MediaWiki\Permissions\PermissionManager::isBlockedFrom | ( | User | $user, |
| LinkTarget | $page, | ||
$fromReplica = false |
|||
| ) |
Check if user is blocked from editing a particular article.
- Parameters
-
User $user LinkTarget $page Title to check bool $fromReplica Whether to check the replica DB instead of the master
- Returns
- bool
- Exceptions
-
FatalError MWException
Definition at line 173 of file PermissionManager.php.
References User\getBlock(), User\getTalkPage(), User\isAllowUsertalk(), User\isHidden(), Title\newFromLinkTarget(), and Hooks\run().
Referenced by MediaWiki\Permissions\PermissionManager\checkUserBlock().
◆ isSameSpecialPage()
|
private |
Returns true if this title resolves to the named special page.
- Parameters
-
string $name The special page name LinkTarget $page
- Returns
- bool
Definition at line 474 of file PermissionManager.php.
References $name, MediaWiki\Linker\LinkTarget\getDBkey(), MediaWiki\Linker\LinkTarget\getNamespace(), list, and NS_SPECIAL.
Referenced by MediaWiki\Permissions\PermissionManager\checkReadPermissions().
◆ missingPermissionError()
|
private |
Get a description array when the user doesn't have the right to perform $action (i.e.
when User::isAllowed() returns false)
- Parameters
-
string $action The action to check bool $short Short circuit on first error
- Returns
- array Array containing an error message key and any parameters
Definition at line 455 of file PermissionManager.php.
References MediaWiki\$action, and User\newFatalPermissionDeniedStatus().
Referenced by MediaWiki\Permissions\PermissionManager\checkQuickPermissions(), and MediaWiki\Permissions\PermissionManager\checkReadPermissions().
◆ resultToError()
|
private |
Add the resulting error code to the errors array.
- Parameters
-
array $errors List of current errors array | string | MessageSpecifier | false $result Result of errors
- Returns
- array List of errors
Definition at line 331 of file PermissionManager.php.
Referenced by MediaWiki\Permissions\PermissionManager\checkPermissionHooks().
◆ userCan()
| MediaWiki\Permissions\PermissionManager::userCan | ( | $action, | |
| User | $user, | ||
| LinkTarget | $page, | ||
$rigor = self::RIGOR_SECURE |
|||
| ) |
Can $user perform $action on a page?
The method is intended to replace Title::userCan() The $user parameter need to be superseded by UserIdentity value in future The $title parameter need to be superseded by PageIdentity value in future
- See also
- Title::userCan()
- Parameters
-
string $action User $user LinkTarget $page string $rigor One of PermissionManager::RIGOR_ constants - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
- RIGOR_FULL : does cheap and expensive checks possibly from a replica DB
- RIGOR_SECURE : does cheap and expensive checks, using the master as needed
- Returns
- bool
- Exceptions
-
Exception
Definition at line 116 of file PermissionManager.php.
References MediaWiki\$action, and MediaWiki\Permissions\PermissionManager\getPermissionErrorsInternal().
Referenced by MediaWiki\Permissions\PermissionManager\checkActionPermissions().
Member Data Documentation
◆ $blockDisablesLogin
|
private |
If set to true, blocked users will no longer be allowed to log in.
Definition at line 67 of file PermissionManager.php.
Referenced by MediaWiki\Permissions\PermissionManager\__construct().
◆ $emailConfirmToEdit
|
private |
Require users to confirm email address before they can edit.
Definition at line 64 of file PermissionManager.php.
Referenced by MediaWiki\Permissions\PermissionManager\__construct().
◆ $nsInfo
|
private |
Definition at line 70 of file PermissionManager.php.
Referenced by MediaWiki\Permissions\PermissionManager\__construct().
◆ $specialPageFactory
|
private |
Definition at line 51 of file PermissionManager.php.
Referenced by MediaWiki\Permissions\PermissionManager\__construct().
◆ $whitelistRead
|
private |
List of pages names anonymous user may see.
Definition at line 58 of file PermissionManager.php.
Referenced by MediaWiki\Permissions\PermissionManager\__construct().
◆ $whitelistReadRegexp
|
private |
Whitelists publicly readable titles with regular expressions.
Definition at line 61 of file PermissionManager.php.
Referenced by MediaWiki\Permissions\PermissionManager\__construct().
The documentation for this class was generated from the following file:
- includes/Permissions/PermissionManager.php
