MediaWiki  master
MediaWiki\Permissions\UserAuthority Class Reference

Represents the authority of a given User. More...

Inheritance diagram for MediaWiki\Permissions\UserAuthority:
Collaboration diagram for MediaWiki\Permissions\UserAuthority:

Public Member Functions

 __construct (User $user, PermissionManager $permissionManager)
 
 authorizeRead (string $action, PageIdentity $target, PermissionStatus $status=null)
 Authorize read access.This should be used immediately before performing read access on restricted information.Calling this method may have non-trivial side-effects, such as incrementing a rate limit counter.
Parameters
string$action
PageIdentity$target
PermissionStatus | null$statusaggregator for failures
Returns
bool
More...
 
 authorizeWrite (string $action, PageIdentity $target, PermissionStatus $status=null)
 Authorize write access.This should be used immediately before updating persisted information.Calling this method may have non-trivial side-effects, such as incrementing a rate limit counter.
Parameters
string$action
PageIdentity$target
PermissionStatus | null$statusaggregator for failures
Returns
bool
More...
 
 definitelyCan (string $action, PageIdentity $target, PermissionStatus $status=null)
 Checks whether this authority can perform the given action on the given target page.This method performs a thorough check, but does not protect against race conditions. It is intended to be used when a user is intending to perform an action, but has not yet committed to it. For example, when a user goes to the edit page of an article, this method may be used to determine whether the user should be presented with a warning and a read-only view instead.
Parameters
string$action
PageIdentity$target
PermissionStatus | null$statusaggregator for failures
Returns
bool
More...
 
 getBlock (int $freshness=self::READ_NORMAL)
 Returns any user block affecting the Authority. More...
 
 getUser ()
 Returns the performer of the actions associated with this authority.Actions performed under this authority should generally be attributed to the user identity returned by this method.
Returns
UserIdentity
More...
 
 isAllowed (string $permission)
 Checks whether this authority has the given permission in general.For some permissions, exceptions may exist, both positive and negative, on a per-target basis.
Parameters
string$permission
Returns
bool
More...
 
 isAllowedAll (... $permissions)
 Checks whether this authority has any of the given permissions in general.Implementations must ensure that this method returns false if isAllowed would return false for any of the given permissions. Calling isAllowedAll() with one parameter must be equivalent to calling isAllowed(). Calling isAllowedAny() with no parameter is not allowed.
See also
isAllowed
Parameters
string...$permissions Permissions to test. At least one must be given.
Returns
bool True if the user is allowed to perform all of the given actions
More...
 
 isAllowedAny (... $permissions)
 Checks whether this authority has any of the given permissions in general.Implementations must ensure that this method returns true if isAllowed would return true for any of the given permissions. Calling isAllowedAny() with one parameter must be equivalent to calling isAllowed(). Calling isAllowedAny() with no parameter is not allowed.
See also
isAllowed
Parameters
string...$permissions Permissions to test. At least one must be given.
Returns
bool True if user is allowed to perform any of the given actions
More...
 
 probablyCan (string $action, PageIdentity $target, PermissionStatus $status=null)
 Checks whether this authority can probably perform the given action on the given target page.This method offers a fast, lightweight check, and may produce false positives. It is intended for determining which UI elements should be offered to the user.
Parameters
string$action
PageIdentity$target
PermissionStatus | null$statusaggregator for failures
Returns
bool
More...
 

Private Member Functions

 internalCan (string $rigor, string $action, PageIdentity $target, PermissionStatus $status=null)
 

Private Attributes

User $actor
 
PermissionManager $permissionManager
 
Block false null $userBlock = null
 Local cache for user block information. More...
 

Detailed Description

Represents the authority of a given User.

For anonymous visitors, this will typically allow only basic permissions. For logged in users, permissions are generally based on group membership, but may be adjusted based on things like IP range blocks, OAuth grants, or rate limits.

Note
This is intended as an intermediate step towards an implementation of Authority that contains much of the logic currently in PermissionManager, and is based directly on WebRequest and Session, rather than a User object. However, for now, code that needs an Authority that reflects the current user and web request should use a User object directly.
Stability: unstable
Since
1.36

Definition at line 45 of file UserAuthority.php.

Constructor & Destructor Documentation

◆ __construct()

MediaWiki\Permissions\UserAuthority::__construct ( User  $user,
PermissionManager  $permissionManager 
)
Parameters
User$user
PermissionManager$permissionManager

Definition at line 68 of file UserAuthority.php.

References MediaWiki\Permissions\UserAuthority\$permissionManager.

Member Function Documentation

◆ authorizeRead()

MediaWiki\Permissions\UserAuthority::authorizeRead ( string  $action,
PageIdentity  $target,
PermissionStatus  $status = null 
)

Authorize read access.This should be used immediately before performing read access on restricted information.Calling this method may have non-trivial side-effects, such as incrementing a rate limit counter.

Parameters
string$action
PageIdentity$target
PermissionStatus | null$statusaggregator for failures
Returns
bool

Parameters
string$action
PageIdentity$target
PermissionStatus | null$status
Returns
bool

Implements MediaWiki\Permissions\Authority.

Definition at line 194 of file UserAuthority.php.

References MediaWiki\$action, and MediaWiki\Permissions\UserAuthority\internalCan().

◆ authorizeWrite()

MediaWiki\Permissions\UserAuthority::authorizeWrite ( string  $action,
PageIdentity  $target,
PermissionStatus  $status = null 
)

Authorize write access.This should be used immediately before updating persisted information.Calling this method may have non-trivial side-effects, such as incrementing a rate limit counter.

Parameters
string$action
PageIdentity$target
PermissionStatus | null$statusaggregator for failures
Returns
bool

Parameters
string$action
PageIdentity$target
PermissionStatus | null$status
Returns
bool

Implements MediaWiki\Permissions\Authority.

Definition at line 221 of file UserAuthority.php.

References MediaWiki\$action, and MediaWiki\Permissions\UserAuthority\internalCan().

◆ definitelyCan()

MediaWiki\Permissions\UserAuthority::definitelyCan ( string  $action,
PageIdentity  $target,
PermissionStatus  $status = null 
)

Checks whether this authority can perform the given action on the given target page.This method performs a thorough check, but does not protect against race conditions. It is intended to be used when a user is intending to perform an action, but has not yet committed to it. For example, when a user goes to the edit page of an article, this method may be used to determine whether the user should be presented with a warning and a read-only view instead.

Parameters
string$action
PageIdentity$target
PermissionStatus | null$statusaggregator for failures
Returns
bool

Parameters
string$action
PageIdentity$target
PermissionStatus | null$status
Returns
bool

Implements MediaWiki\Permissions\Authority.

Definition at line 169 of file UserAuthority.php.

References MediaWiki\$action, and MediaWiki\Permissions\UserAuthority\internalCan().

◆ getBlock()

MediaWiki\Permissions\UserAuthority::getBlock ( int  $freshness = self::READ_NORMAL)

Returns any user block affecting the Authority.

Parameters
int$freshness
Returns
?Block
Since
1.37

Implements MediaWiki\Permissions\Authority.

Definition at line 304 of file UserAuthority.php.

Referenced by MediaWiki\Permissions\UserAuthority\internalCan().

◆ getUser()

MediaWiki\Permissions\UserAuthority::getUser ( )

Returns the performer of the actions associated with this authority.Actions performed under this authority should generally be attributed to the user identity returned by this method.

Returns
UserIdentity

Returns
UserIdentity

Implements MediaWiki\Permissions\Authority.

Definition at line 81 of file UserAuthority.php.

References MediaWiki\Permissions\UserAuthority\$actor.

◆ internalCan()

MediaWiki\Permissions\UserAuthority::internalCan ( string  $rigor,
string  $action,
PageIdentity  $target,
PermissionStatus  $status = null 
)
private

◆ isAllowed()

MediaWiki\Permissions\UserAuthority::isAllowed ( string  $permission)

Checks whether this authority has the given permission in general.For some permissions, exceptions may exist, both positive and negative, on a per-target basis.

Parameters
string$permission
Returns
bool

Parameters
string$permission
Returns
bool

Implements MediaWiki\Permissions\Authority.

Definition at line 92 of file UserAuthority.php.

Referenced by MediaWiki\Permissions\UserAuthority\isAllowedAll(), and MediaWiki\Permissions\UserAuthority\isAllowedAny().

◆ isAllowedAll()

MediaWiki\Permissions\UserAuthority::isAllowedAll (   $permissions)

Checks whether this authority has any of the given permissions in general.Implementations must ensure that this method returns false if isAllowed would return false for any of the given permissions. Calling isAllowedAll() with one parameter must be equivalent to calling isAllowed(). Calling isAllowedAny() with no parameter is not allowed.

See also
isAllowed
Parameters
string...$permissions Permissions to test. At least one must be given.
Returns
bool True if the user is allowed to perform all of the given actions

Parameters
string...$permissions
Returns
bool

Implements MediaWiki\Permissions\Authority.

Definition at line 124 of file UserAuthority.php.

References MediaWiki\Permissions\UserAuthority\isAllowed().

◆ isAllowedAny()

MediaWiki\Permissions\UserAuthority::isAllowedAny (   $permissions)

Checks whether this authority has any of the given permissions in general.Implementations must ensure that this method returns true if isAllowed would return true for any of the given permissions. Calling isAllowedAny() with one parameter must be equivalent to calling isAllowed(). Calling isAllowedAny() with no parameter is not allowed.

See also
isAllowed
Parameters
string...$permissions Permissions to test. At least one must be given.
Returns
bool True if user is allowed to perform any of the given actions

Parameters
string...$permissions
Returns
bool

Implements MediaWiki\Permissions\Authority.

Definition at line 103 of file UserAuthority.php.

References MediaWiki\Permissions\UserAuthority\isAllowed().

◆ probablyCan()

MediaWiki\Permissions\UserAuthority::probablyCan ( string  $action,
PageIdentity  $target,
PermissionStatus  $status = null 
)

Checks whether this authority can probably perform the given action on the given target page.This method offers a fast, lightweight check, and may produce false positives. It is intended for determining which UI elements should be offered to the user.

Parameters
string$action
PageIdentity$target
PermissionStatus | null$statusaggregator for failures
Returns
bool

Parameters
string$action
PageIdentity$target
PermissionStatus | null$status
Returns
bool

Implements MediaWiki\Permissions\Authority.

Definition at line 147 of file UserAuthority.php.

References MediaWiki\$action, and MediaWiki\Permissions\UserAuthority\internalCan().

Member Data Documentation

◆ $actor

User MediaWiki\Permissions\UserAuthority::$actor
private

Definition at line 55 of file UserAuthority.php.

Referenced by MediaWiki\Permissions\UserAuthority\getUser().

◆ $permissionManager

PermissionManager MediaWiki\Permissions\UserAuthority::$permissionManager
private

Definition at line 50 of file UserAuthority.php.

Referenced by MediaWiki\Permissions\UserAuthority\__construct().

◆ $userBlock

Block false null MediaWiki\Permissions\UserAuthority::$userBlock = null
private

Local cache for user block information.

False is used to indicate that there is no block, while null indicates that we don't know and have to check.

Definition at line 62 of file UserAuthority.php.


The documentation for this class was generated from the following file: