2019-03-07 20:02:07 +00:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
namespace MediaWiki\Tests\Permissions;
|
|
|
|
|
|
|
|
|
|
use Action;
|
2018-11-01 23:29:22 +00:00
|
|
|
use ContentHandler;
|
2019-04-09 06:58:04 +00:00
|
|
|
use FauxRequest;
|
2019-08-21 05:28:47 +00:00
|
|
|
use LoggedServiceOptions;
|
2019-05-13 14:18:07 +00:00
|
|
|
use MediaWiki\Block\DatabaseBlock;
|
2019-03-07 20:02:07 +00:00
|
|
|
use MediaWiki\Block\Restriction\NamespaceRestriction;
|
|
|
|
|
use MediaWiki\Block\Restriction\PageRestriction;
|
Separate Block into AbstractBlock, Block and SystemBlock
This commit splits the existing Block class into AbstractBlock, Block
and SystemBlock.
Before this patch, the Block class represents several types of
blocks, which can be separated into blocks stored in the database,
and temporary blocks created by the system. These are now
represented by Block and SystemBlock, which inherit from
AbstractBlock.
This lays the foundations for:
* enforcing block parameters from multiple blocks that apply to a
user/IP address
* improvements to the Block API, including the addition of services
Breaking changes: functions expecting a Block object should still
expect a Block object if it came from the database, but other
functions may now need to expect an AbstractBlock or SystemBlock
object. (Note that an alternative naming scheme, in which the
abstract class is called Block and the subclasses are DatabaseBlock
and SystemBlock, avoids this breakage. However, it introduces more
breakages to calls to static Block methods and new Block
instantiations.)
Changes to tests: system blocks don't set the $blockCreateAccount or
$mExipry block properties, so remove/change any tests that assume
they do.
Bug: T222737
Change-Id: I83bceb5e5049e254c90ace060f8f8fad44696c67
2019-03-18 22:09:49 +00:00
|
|
|
use MediaWiki\Block\SystemBlock;
|
2018-11-01 23:29:22 +00:00
|
|
|
use MediaWiki\Linker\LinkTarget;
|
2019-03-07 20:02:07 +00:00
|
|
|
use MediaWiki\MediaWikiServices;
|
|
|
|
|
use MediaWiki\Permissions\PermissionManager;
|
2018-11-01 23:29:22 +00:00
|
|
|
use MediaWiki\Revision\MutableRevisionRecord;
|
|
|
|
|
use MediaWiki\Revision\RevisionLookup;
|
2019-08-21 19:49:59 +00:00
|
|
|
use MWException;
|
2019-08-21 05:28:47 +00:00
|
|
|
use TestAllServiceOptionsUsed;
|
2019-07-11 17:22:20 +00:00
|
|
|
use Wikimedia\ScopedCallback;
|
2018-11-01 23:29:22 +00:00
|
|
|
use MediaWiki\Session\SessionId;
|
|
|
|
|
use MediaWiki\Session\TestUtils;
|
|
|
|
|
use MediaWikiLangTestCase;
|
|
|
|
|
use RequestContext;
|
|
|
|
|
use stdClass;
|
|
|
|
|
use Title;
|
|
|
|
|
use User;
|
2019-04-09 06:58:04 +00:00
|
|
|
use Wikimedia\TestingAccessWrapper;
|
2019-03-07 20:02:07 +00:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @group Database
|
|
|
|
|
*
|
|
|
|
|
* @covers \MediaWiki\Permissions\PermissionManager
|
|
|
|
|
*/
|
|
|
|
|
class PermissionManagerTest extends MediaWikiLangTestCase {
|
2019-08-21 05:28:47 +00:00
|
|
|
use TestAllServiceOptionsUsed;
|
2019-03-07 20:02:07 +00:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @var string
|
|
|
|
|
*/
|
|
|
|
|
protected $userName, $altUserName;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @var Title
|
|
|
|
|
*/
|
|
|
|
|
protected $title;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @var User
|
|
|
|
|
*/
|
|
|
|
|
protected $user, $anonUser, $userUser, $altUser;
|
|
|
|
|
|
|
|
|
|
/** Constant for self::testIsBlockedFrom */
|
|
|
|
|
const USER_TALK_PAGE = '<user talk page>';
|
|
|
|
|
|
|
|
|
|
protected function setUp() {
|
|
|
|
|
parent::setUp();
|
|
|
|
|
|
|
|
|
|
$localZone = 'UTC';
|
|
|
|
|
$localOffset = date( 'Z' ) / 60;
|
|
|
|
|
|
|
|
|
|
$this->setMwGlobals( [
|
|
|
|
|
'wgLocaltimezone' => $localZone,
|
|
|
|
|
'wgLocalTZoffset' => $localOffset,
|
|
|
|
|
'wgNamespaceProtection' => [
|
|
|
|
|
NS_MEDIAWIKI => 'editinterface',
|
|
|
|
|
],
|
2019-04-09 06:58:04 +00:00
|
|
|
'wgRevokePermissions' => [
|
|
|
|
|
'formertesters' => [
|
|
|
|
|
'runtest' => true
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
'wgAvailableRights' => [
|
|
|
|
|
'test',
|
|
|
|
|
'runtest',
|
|
|
|
|
'writetest',
|
|
|
|
|
'nukeworld',
|
|
|
|
|
'modifytest',
|
|
|
|
|
'editmyoptions'
|
|
|
|
|
]
|
2019-03-07 20:02:07 +00:00
|
|
|
] );
|
2019-04-09 06:58:04 +00:00
|
|
|
|
|
|
|
|
$this->setGroupPermissions( 'unittesters', 'test', true );
|
|
|
|
|
$this->setGroupPermissions( 'unittesters', 'runtest', true );
|
|
|
|
|
$this->setGroupPermissions( 'unittesters', 'writetest', false );
|
|
|
|
|
$this->setGroupPermissions( 'unittesters', 'nukeworld', false );
|
|
|
|
|
|
|
|
|
|
$this->setGroupPermissions( 'testwriters', 'test', true );
|
|
|
|
|
$this->setGroupPermissions( 'testwriters', 'writetest', true );
|
|
|
|
|
$this->setGroupPermissions( 'testwriters', 'modifytest', true );
|
|
|
|
|
|
|
|
|
|
$this->setGroupPermissions( '*', 'editmyoptions', true );
|
|
|
|
|
|
2019-03-07 20:02:07 +00:00
|
|
|
// Without this testUserBlock will use a non-English context on non-English MediaWiki
|
|
|
|
|
// installations (because of how Title::checkUserBlock is implemented) and fail.
|
|
|
|
|
RequestContext::resetMain();
|
|
|
|
|
|
|
|
|
|
$this->userName = 'Useruser';
|
|
|
|
|
$this->altUserName = 'Altuseruser';
|
|
|
|
|
date_default_timezone_set( $localZone );
|
|
|
|
|
|
|
|
|
|
$this->title = Title::makeTitle( NS_MAIN, "Main Page" );
|
|
|
|
|
if ( !isset( $this->userUser ) || !( $this->userUser instanceof User ) ) {
|
|
|
|
|
$this->userUser = User::newFromName( $this->userName );
|
|
|
|
|
|
|
|
|
|
if ( !$this->userUser->getId() ) {
|
|
|
|
|
$this->userUser = User::createNew( $this->userName, [
|
|
|
|
|
"email" => "test@example.com",
|
|
|
|
|
"real_name" => "Test User" ] );
|
|
|
|
|
$this->userUser->load();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$this->altUser = User::newFromName( $this->altUserName );
|
|
|
|
|
if ( !$this->altUser->getId() ) {
|
|
|
|
|
$this->altUser = User::createNew( $this->altUserName, [
|
|
|
|
|
"email" => "alttest@example.com",
|
|
|
|
|
"real_name" => "Test User Alt" ] );
|
|
|
|
|
$this->altUser->load();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$this->anonUser = User::newFromId( 0 );
|
|
|
|
|
|
|
|
|
|
$this->user = $this->userUser;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-09 06:58:04 +00:00
|
|
|
public function tearDown() {
|
|
|
|
|
parent::tearDown();
|
|
|
|
|
$this->restoreMwServices();
|
2019-03-07 20:02:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
protected function setTitle( $ns, $title = "Main_Page" ) {
|
|
|
|
|
$this->title = Title::makeTitle( $ns, $title );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
protected function setUser( $userName = null ) {
|
|
|
|
|
if ( $userName === 'anon' ) {
|
|
|
|
|
$this->user = $this->anonUser;
|
|
|
|
|
} elseif ( $userName === null || $userName === $this->userName ) {
|
|
|
|
|
$this->user = $this->userUser;
|
|
|
|
|
} else {
|
|
|
|
|
$this->user = $this->altUser;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @todo This test method should be split up into separate test methods and
|
|
|
|
|
* data providers
|
|
|
|
|
*
|
|
|
|
|
* This test is failing per T201776.
|
|
|
|
|
*
|
|
|
|
|
* @group Broken
|
|
|
|
|
* @covers \MediaWiki\Permissions\PermissionManager::checkQuickPermissions
|
|
|
|
|
*/
|
|
|
|
|
public function testQuickPermissions() {
|
|
|
|
|
$prefix = MediaWikiServices::getInstance()->getContentLanguage()->
|
|
|
|
|
getFormattedNsText( NS_PROJECT );
|
|
|
|
|
|
|
|
|
|
$this->setUser( 'anon' );
|
|
|
|
|
$this->setTitle( NS_TALK );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, "createtalk" );
|
|
|
|
|
$res = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'create', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( [], $res );
|
|
|
|
|
|
|
|
|
|
$this->setTitle( NS_TALK );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, "createpage" );
|
|
|
|
|
$res = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'create', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( [ [ "nocreatetext" ] ], $res );
|
|
|
|
|
|
|
|
|
|
$this->setTitle( NS_TALK );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, "" );
|
|
|
|
|
$res = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'create', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( [ [ 'nocreatetext' ] ], $res );
|
|
|
|
|
|
|
|
|
|
$this->setTitle( NS_MAIN );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, "createpage" );
|
|
|
|
|
$res = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'create', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( [], $res );
|
|
|
|
|
|
|
|
|
|
$this->setTitle( NS_MAIN );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, "createtalk" );
|
|
|
|
|
$res = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'create', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( [ [ 'nocreatetext' ] ], $res );
|
|
|
|
|
|
|
|
|
|
$this->setUser( $this->userName );
|
|
|
|
|
$this->setTitle( NS_TALK );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, "createtalk" );
|
|
|
|
|
$res = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'create', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( [], $res );
|
|
|
|
|
|
|
|
|
|
$this->setTitle( NS_TALK );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, "createpage" );
|
|
|
|
|
$res = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'create', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( [ [ 'nocreate-loggedin' ] ], $res );
|
|
|
|
|
|
|
|
|
|
$this->setTitle( NS_TALK );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, "" );
|
|
|
|
|
$res = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'create', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( [ [ 'nocreate-loggedin' ] ], $res );
|
|
|
|
|
|
|
|
|
|
$this->setTitle( NS_MAIN );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, "createpage" );
|
|
|
|
|
$res = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'create', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( [], $res );
|
|
|
|
|
|
|
|
|
|
$this->setTitle( NS_MAIN );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, "createtalk" );
|
|
|
|
|
$res = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'create', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( [ [ 'nocreate-loggedin' ] ], $res );
|
|
|
|
|
|
|
|
|
|
$this->setTitle( NS_MAIN );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, "" );
|
|
|
|
|
$res = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'create', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( [ [ 'nocreate-loggedin' ] ], $res );
|
|
|
|
|
|
|
|
|
|
$this->setUser( 'anon' );
|
|
|
|
|
$this->setTitle( NS_USER, $this->userName . '' );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, "" );
|
|
|
|
|
$res = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'move', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( [ [ 'cant-move-user-page' ], [ 'movenologintext' ] ], $res );
|
|
|
|
|
|
|
|
|
|
$this->setTitle( NS_USER, $this->userName . '/subpage' );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, "" );
|
|
|
|
|
$res = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'move', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( [ [ 'movenologintext' ] ], $res );
|
|
|
|
|
|
|
|
|
|
$this->setTitle( NS_USER, $this->userName . '' );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, "move-rootuserpages" );
|
|
|
|
|
$res = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'move', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( [ [ 'movenologintext' ] ], $res );
|
|
|
|
|
|
|
|
|
|
$this->setTitle( NS_USER, $this->userName . '/subpage' );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, "move-rootuserpages" );
|
|
|
|
|
$res = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'move', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( [ [ 'movenologintext' ] ], $res );
|
|
|
|
|
|
|
|
|
|
$this->setTitle( NS_USER, $this->userName . '' );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, "" );
|
|
|
|
|
$res = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'move', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( [ [ 'cant-move-user-page' ], [ 'movenologintext' ] ], $res );
|
|
|
|
|
|
|
|
|
|
$this->setTitle( NS_USER, $this->userName . '/subpage' );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, "" );
|
|
|
|
|
$res = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'move', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( [ [ 'movenologintext' ] ], $res );
|
|
|
|
|
|
|
|
|
|
$this->setTitle( NS_USER, $this->userName . '' );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, "move-rootuserpages" );
|
|
|
|
|
$res = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'move', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( [ [ 'movenologintext' ] ], $res );
|
|
|
|
|
|
|
|
|
|
$this->setTitle( NS_USER, $this->userName . '/subpage' );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, "move-rootuserpages" );
|
|
|
|
|
$res = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'move', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( [ [ 'movenologintext' ] ], $res );
|
|
|
|
|
|
|
|
|
|
$this->setUser( $this->userName );
|
|
|
|
|
$this->setTitle( NS_FILE, "img.png" );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, "" );
|
|
|
|
|
$res = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'move', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( [ [ 'movenotallowedfile' ], [ 'movenotallowed' ] ], $res );
|
|
|
|
|
|
|
|
|
|
$this->setTitle( NS_FILE, "img.png" );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, "movefile" );
|
|
|
|
|
$res = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'move', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( [ [ 'movenotallowed' ] ], $res );
|
|
|
|
|
|
|
|
|
|
$this->setUser( 'anon' );
|
|
|
|
|
$this->setTitle( NS_FILE, "img.png" );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, "" );
|
|
|
|
|
$res = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'move', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( [ [ 'movenotallowedfile' ], [ 'movenologintext' ] ], $res );
|
|
|
|
|
|
|
|
|
|
$this->setTitle( NS_FILE, "img.png" );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, "movefile" );
|
|
|
|
|
$res = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'move', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( [ [ 'movenologintext' ] ], $res );
|
|
|
|
|
|
|
|
|
|
$this->setUser( $this->userName );
|
2019-04-09 06:58:04 +00:00
|
|
|
// $this->setUserPerm( "move" );
|
|
|
|
|
$this->runGroupPermissions( 'move', 'move', [ [ 'movenotallowedfile' ] ] );
|
2019-03-07 20:02:07 +00:00
|
|
|
|
2019-04-09 06:58:04 +00:00
|
|
|
// $this->setUserPerm( "" );
|
2019-03-07 20:02:07 +00:00
|
|
|
$this->runGroupPermissions(
|
2019-04-09 06:58:04 +00:00
|
|
|
'',
|
2019-03-07 20:02:07 +00:00
|
|
|
'move',
|
|
|
|
|
[ [ 'movenotallowedfile' ], [ 'movenotallowed' ] ]
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$this->setUser( 'anon' );
|
2019-04-09 06:58:04 +00:00
|
|
|
//$this->setUserPerm( "move" );
|
|
|
|
|
$this->runGroupPermissions( 'move', 'move', [ [ 'movenotallowedfile' ] ] );
|
2019-03-07 20:02:07 +00:00
|
|
|
|
2019-04-09 06:58:04 +00:00
|
|
|
// $this->setUserPerm( "" );
|
2019-03-07 20:02:07 +00:00
|
|
|
$this->runGroupPermissions(
|
2019-04-09 06:58:04 +00:00
|
|
|
'',
|
2019-03-07 20:02:07 +00:00
|
|
|
'move',
|
|
|
|
|
[ [ 'movenotallowedfile' ], [ 'movenotallowed' ] ],
|
|
|
|
|
[ [ 'movenotallowedfile' ], [ 'movenologintext' ] ]
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if ( $this->isWikitextNS( NS_MAIN ) ) {
|
|
|
|
|
// NOTE: some content models don't allow moving
|
|
|
|
|
// @todo find a Wikitext namespace for testing
|
|
|
|
|
|
|
|
|
|
$this->setTitle( NS_MAIN );
|
|
|
|
|
$this->setUser( 'anon' );
|
2019-04-09 06:58:04 +00:00
|
|
|
// $this->setUserPerm( "move" );
|
|
|
|
|
$this->runGroupPermissions( 'move', 'move', [] );
|
2019-03-07 20:02:07 +00:00
|
|
|
|
2019-04-09 06:58:04 +00:00
|
|
|
// $this->setUserPerm( "" );
|
|
|
|
|
$this->runGroupPermissions( '', 'move', [ [ 'movenotallowed' ] ],
|
2019-03-07 20:02:07 +00:00
|
|
|
[ [ 'movenologintext' ] ] );
|
|
|
|
|
|
|
|
|
|
$this->setUser( $this->userName );
|
2019-04-09 06:58:04 +00:00
|
|
|
// $this->setUserPerm( "" );
|
|
|
|
|
$this->runGroupPermissions( '', 'move', [ [ 'movenotallowed' ] ] );
|
2019-03-07 20:02:07 +00:00
|
|
|
|
2019-04-09 06:58:04 +00:00
|
|
|
//$this->setUserPerm( "move" );
|
|
|
|
|
$this->runGroupPermissions( 'move', 'move', [] );
|
2019-03-07 20:02:07 +00:00
|
|
|
|
|
|
|
|
$this->setUser( 'anon' );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, 'move' );
|
|
|
|
|
$res = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'move-target', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( [], $res );
|
|
|
|
|
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, '' );
|
|
|
|
|
$res = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'move-target', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( [ [ 'movenotallowed' ] ], $res );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$this->setTitle( NS_USER );
|
|
|
|
|
$this->setUser( $this->userName );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, [ "move", "move-rootuserpages" ] );
|
|
|
|
|
$res = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'move-target', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( [], $res );
|
|
|
|
|
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, "move" );
|
|
|
|
|
$res = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'move-target', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( [ [ 'cant-move-to-user-page' ] ], $res );
|
|
|
|
|
|
|
|
|
|
$this->setUser( 'anon' );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, [ "move", "move-rootuserpages" ] );
|
|
|
|
|
$res = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'move-target', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( [], $res );
|
|
|
|
|
|
|
|
|
|
$this->setTitle( NS_USER, "User/subpage" );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, [ "move", "move-rootuserpages" ] );
|
|
|
|
|
$res = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'move-target', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( [], $res );
|
|
|
|
|
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, "move" );
|
|
|
|
|
$res = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'move-target', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( [], $res );
|
|
|
|
|
|
|
|
|
|
$this->setUser( 'anon' );
|
|
|
|
|
$check = [
|
|
|
|
|
'edit' => [
|
|
|
|
|
[ [ 'badaccess-groups', "*, [[$prefix:Users|Users]]", 2 ] ],
|
|
|
|
|
[ [ 'badaccess-group0' ] ],
|
|
|
|
|
[],
|
|
|
|
|
true
|
|
|
|
|
],
|
|
|
|
|
'protect' => [
|
|
|
|
|
[ [
|
|
|
|
|
'badaccess-groups',
|
|
|
|
|
"[[$prefix:Administrators|Administrators]]", 1 ],
|
|
|
|
|
[ 'protect-cantedit'
|
|
|
|
|
] ],
|
|
|
|
|
[ [ 'badaccess-group0' ], [ 'protect-cantedit' ] ],
|
|
|
|
|
[ [ 'protect-cantedit' ] ],
|
|
|
|
|
false
|
|
|
|
|
],
|
|
|
|
|
'' => [ [], [], [], true ]
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
foreach ( [ "edit", "protect", "" ] as $action ) {
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user );
|
2019-03-07 20:02:07 +00:00
|
|
|
$this->assertEquals( $check[$action][0],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( $action, $this->user, $this->title, true ) );
|
|
|
|
|
$this->assertEquals( $check[$action][0],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( $action, $this->user, $this->title, 'full' ) );
|
|
|
|
|
$this->assertEquals( $check[$action][0],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( $action, $this->user, $this->title, 'secure' ) );
|
|
|
|
|
|
|
|
|
|
global $wgGroupPermissions;
|
|
|
|
|
$old = $wgGroupPermissions;
|
2019-08-26 09:13:49 +00:00
|
|
|
$this->setMwGlobals( 'wgGroupPermissions', [] );
|
2019-03-07 20:02:07 +00:00
|
|
|
|
|
|
|
|
$this->assertEquals( $check[$action][1],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( $action, $this->user, $this->title, true ) );
|
|
|
|
|
$this->assertEquals( $check[$action][1],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( $action, $this->user, $this->title, 'full' ) );
|
|
|
|
|
$this->assertEquals( $check[$action][1],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( $action, $this->user, $this->title, 'secure' ) );
|
2019-08-26 09:13:49 +00:00
|
|
|
$this->setMwGlobals( 'wgGroupPermissions', $old );
|
2019-03-07 20:02:07 +00:00
|
|
|
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, $action );
|
2019-03-07 20:02:07 +00:00
|
|
|
$this->assertEquals( $check[$action][2],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( $action, $this->user, $this->title, true ) );
|
|
|
|
|
$this->assertEquals( $check[$action][2],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( $action, $this->user, $this->title, 'full' ) );
|
|
|
|
|
$this->assertEquals( $check[$action][2],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( $action, $this->user, $this->title, 'secure' ) );
|
|
|
|
|
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, $action );
|
2019-03-07 20:02:07 +00:00
|
|
|
$this->assertEquals( $check[$action][3],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()
|
|
|
|
|
->userCan( $action, $this->user, $this->title, true ) );
|
2019-03-07 20:02:07 +00:00
|
|
|
$this->assertEquals( $check[$action][3],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()
|
2019-08-23 23:53:15 +00:00
|
|
|
->quickUserCan( $action, $this->user, $this->title ) );
|
2019-03-07 20:02:07 +00:00
|
|
|
# count( User::getGroupsWithPermissions( $action ) ) < 1
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-09 06:58:04 +00:00
|
|
|
protected function runGroupPermissions( $perm, $action, $result, $result2 = null ) {
|
2019-03-07 20:02:07 +00:00
|
|
|
if ( $result2 === null ) {
|
|
|
|
|
$result2 = $result;
|
|
|
|
|
}
|
|
|
|
|
|
2019-08-26 09:13:49 +00:00
|
|
|
$this->setGroupPermissions( 'autoconfirmed', 'move', false );
|
|
|
|
|
$this->setGroupPermissions( 'user', 'move', false );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, $perm );
|
|
|
|
|
$res = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( $action, $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( $result, $res );
|
|
|
|
|
|
2019-08-26 09:13:49 +00:00
|
|
|
$this->setGroupPermissions( 'autoconfirmed', 'move', true );
|
|
|
|
|
$this->setGroupPermissions( 'user', 'move', false );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, $perm );
|
|
|
|
|
$res = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( $action, $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( $result2, $res );
|
|
|
|
|
|
2019-08-26 09:13:49 +00:00
|
|
|
$this->setGroupPermissions( 'autoconfirmed', 'move', true );
|
|
|
|
|
$this->setGroupPermissions( 'user', 'move', true );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, $perm );
|
|
|
|
|
$res = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( $action, $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( $result2, $res );
|
|
|
|
|
|
2019-08-26 09:13:49 +00:00
|
|
|
$this->setGroupPermissions( 'autoconfirmed', 'move', false );
|
|
|
|
|
$this->setGroupPermissions( 'user', 'move', true );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, $perm );
|
|
|
|
|
$res = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( $action, $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( $result2, $res );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @todo This test method should be split up into separate test methods and
|
|
|
|
|
* data providers
|
|
|
|
|
* @covers MediaWiki\Permissions\PermissionManager::checkSpecialsAndNSPermissions
|
|
|
|
|
*/
|
|
|
|
|
public function testSpecialsAndNSPermissions() {
|
|
|
|
|
$this->setUser( $this->userName );
|
|
|
|
|
|
|
|
|
|
$this->setTitle( NS_SPECIAL );
|
|
|
|
|
|
|
|
|
|
$this->assertEquals( [ [ 'badaccess-group0' ], [ 'ns-specialprotected' ] ],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'bogus', $this->user, $this->title ) );
|
|
|
|
|
|
|
|
|
|
$this->setTitle( NS_MAIN );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, 'bogus' );
|
2019-03-07 20:02:07 +00:00
|
|
|
$this->assertEquals( [],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'bogus', $this->user, $this->title ) );
|
|
|
|
|
|
|
|
|
|
$this->setTitle( NS_MAIN );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, '' );
|
2019-03-07 20:02:07 +00:00
|
|
|
$this->assertEquals( [ [ 'badaccess-group0' ] ],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'bogus', $this->user, $this->title ) );
|
|
|
|
|
|
2019-08-23 15:33:21 +00:00
|
|
|
$this->mergeMwGlobalArrayValue( 'wgNamespaceProtection', [
|
|
|
|
|
NS_USER => [ 'bogus' ]
|
|
|
|
|
] );
|
|
|
|
|
$this->resetServices();
|
|
|
|
|
$this->overrideUserPermissions( $this->user, '' );
|
2019-03-07 20:02:07 +00:00
|
|
|
|
|
|
|
|
$this->setTitle( NS_USER );
|
|
|
|
|
$this->assertEquals( [ [ 'badaccess-group0' ],
|
|
|
|
|
[ 'namespaceprotected', 'User', 'bogus' ] ],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'bogus', $this->user, $this->title ) );
|
|
|
|
|
|
|
|
|
|
$this->setTitle( NS_MEDIAWIKI );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, 'bogus' );
|
2019-03-07 20:02:07 +00:00
|
|
|
$this->assertEquals( [ [ 'protectedinterface', 'bogus' ] ],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'bogus', $this->user, $this->title ) );
|
|
|
|
|
|
|
|
|
|
$this->setTitle( NS_MEDIAWIKI );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, 'bogus' );
|
2019-03-07 20:02:07 +00:00
|
|
|
$this->assertEquals( [ [ 'protectedinterface', 'bogus' ] ],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'bogus', $this->user, $this->title ) );
|
|
|
|
|
|
2019-08-23 15:33:21 +00:00
|
|
|
$this->setMwGlobals( 'wgNamespaceProtection', null );
|
|
|
|
|
$this->resetServices();
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, 'bogus' );
|
2019-08-23 15:33:21 +00:00
|
|
|
|
2019-03-07 20:02:07 +00:00
|
|
|
$this->assertEquals( [],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'bogus', $this->user, $this->title ) );
|
|
|
|
|
$this->assertEquals( true,
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()
|
|
|
|
|
->userCan( 'bogus', $this->user, $this->title ) );
|
2019-03-07 20:02:07 +00:00
|
|
|
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, '' );
|
2019-03-07 20:02:07 +00:00
|
|
|
$this->assertEquals( [ [ 'badaccess-group0' ] ],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'bogus', $this->user, $this->title ) );
|
2019-09-17 14:19:26 +00:00
|
|
|
$this->assertFalse(
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()
|
|
|
|
|
->userCan( 'bogus', $this->user, $this->title ) );
|
2019-03-07 20:02:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @todo This test method should be split up into separate test methods and
|
|
|
|
|
* data providers
|
|
|
|
|
* @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
|
|
|
|
|
*/
|
|
|
|
|
public function testJsConfigEditPermissions() {
|
|
|
|
|
$this->setUser( $this->userName );
|
|
|
|
|
|
|
|
|
|
$this->setTitle( NS_USER, $this->userName . '/test.js' );
|
|
|
|
|
$this->runConfigEditPermissions(
|
|
|
|
|
[ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
|
|
|
|
|
|
|
|
|
|
[ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
|
|
|
|
|
[ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
|
|
|
|
|
[ [ 'badaccess-group0' ] ],
|
|
|
|
|
|
|
|
|
|
[ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
|
|
|
|
|
[ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
|
|
|
|
|
[ [ 'badaccess-group0' ] ],
|
|
|
|
|
[ [ 'badaccess-groups' ] ]
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @todo This test method should be split up into separate test methods and
|
|
|
|
|
* data providers
|
|
|
|
|
* @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
|
|
|
|
|
*/
|
|
|
|
|
public function testJsonConfigEditPermissions() {
|
|
|
|
|
$prefix = MediaWikiServices::getInstance()->getContentLanguage()->
|
|
|
|
|
getFormattedNsText( NS_PROJECT );
|
|
|
|
|
$this->setUser( $this->userName );
|
|
|
|
|
|
|
|
|
|
$this->setTitle( NS_USER, $this->userName . '/test.json' );
|
|
|
|
|
$this->runConfigEditPermissions(
|
|
|
|
|
[ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
|
|
|
|
|
|
|
|
|
|
[ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
|
|
|
|
|
[ [ 'badaccess-group0' ] ],
|
|
|
|
|
[ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
|
|
|
|
|
|
|
|
|
|
[ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
|
|
|
|
|
[ [ 'badaccess-group0' ] ],
|
|
|
|
|
[ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
|
|
|
|
|
[ [ 'badaccess-groups' ] ]
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @todo This test method should be split up into separate test methods and
|
|
|
|
|
* data providers
|
|
|
|
|
* @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
|
|
|
|
|
*/
|
|
|
|
|
public function testCssConfigEditPermissions() {
|
|
|
|
|
$this->setUser( $this->userName );
|
|
|
|
|
|
|
|
|
|
$this->setTitle( NS_USER, $this->userName . '/test.css' );
|
|
|
|
|
$this->runConfigEditPermissions(
|
|
|
|
|
[ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
|
|
|
|
|
|
|
|
|
|
[ [ 'badaccess-group0' ] ],
|
|
|
|
|
[ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
|
|
|
|
|
[ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
|
|
|
|
|
|
|
|
|
|
[ [ 'badaccess-group0' ] ],
|
|
|
|
|
[ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
|
|
|
|
|
[ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
|
|
|
|
|
[ [ 'badaccess-groups' ] ]
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @todo This test method should be split up into separate test methods and
|
|
|
|
|
* data providers
|
|
|
|
|
* @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
|
|
|
|
|
*/
|
|
|
|
|
public function testOtherJsConfigEditPermissions() {
|
|
|
|
|
$this->setUser( $this->userName );
|
|
|
|
|
|
|
|
|
|
$this->setTitle( NS_USER, $this->altUserName . '/test.js' );
|
|
|
|
|
$this->runConfigEditPermissions(
|
|
|
|
|
[ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
|
|
|
|
|
|
|
|
|
|
[ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
|
|
|
|
|
[ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
|
|
|
|
|
[ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
|
|
|
|
|
|
|
|
|
|
[ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
|
|
|
|
|
[ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
|
|
|
|
|
[ [ 'badaccess-group0' ] ],
|
|
|
|
|
[ [ 'badaccess-groups' ] ]
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @todo This test method should be split up into separate test methods and
|
|
|
|
|
* data providers
|
|
|
|
|
* @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
|
|
|
|
|
*/
|
|
|
|
|
public function testOtherJsonConfigEditPermissions() {
|
|
|
|
|
$this->setUser( $this->userName );
|
|
|
|
|
|
|
|
|
|
$this->setTitle( NS_USER, $this->altUserName . '/test.json' );
|
|
|
|
|
$this->runConfigEditPermissions(
|
|
|
|
|
[ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
|
|
|
|
|
|
|
|
|
|
[ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
|
|
|
|
|
[ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
|
|
|
|
|
[ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
|
|
|
|
|
|
|
|
|
|
[ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
|
|
|
|
|
[ [ 'badaccess-group0' ] ],
|
|
|
|
|
[ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
|
|
|
|
|
[ [ 'badaccess-groups' ] ]
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @todo This test method should be split up into separate test methods and
|
|
|
|
|
* data providers
|
|
|
|
|
* @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
|
|
|
|
|
*/
|
|
|
|
|
public function testOtherCssConfigEditPermissions() {
|
|
|
|
|
$this->setUser( $this->userName );
|
|
|
|
|
|
|
|
|
|
$this->setTitle( NS_USER, $this->altUserName . '/test.css' );
|
|
|
|
|
$this->runConfigEditPermissions(
|
|
|
|
|
[ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
|
|
|
|
|
|
|
|
|
|
[ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
|
|
|
|
|
[ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
|
|
|
|
|
[ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
|
|
|
|
|
|
|
|
|
|
[ [ 'badaccess-group0' ] ],
|
|
|
|
|
[ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
|
|
|
|
|
[ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
|
|
|
|
|
[ [ 'badaccess-groups' ] ]
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-01 23:29:22 +00:00
|
|
|
public function testJsConfigRedirectEditPermissions() {
|
|
|
|
|
$revision = null;
|
|
|
|
|
$user = $this->getTestUser()->getUser();
|
|
|
|
|
$otherUser = $this->getTestUser( 'sysop' )->getUser();
|
|
|
|
|
$localJsTitle = Title::newFromText( 'User:' . $user->getName() . '/foo.js' );
|
|
|
|
|
$otherLocalJsTitle = Title::newFromText( 'User:' . $user->getName() . '/foo2.js' );
|
|
|
|
|
$nonlocalJsTitle = Title::newFromText( 'User:' . $otherUser->getName() . '/foo.js' );
|
|
|
|
|
|
|
|
|
|
$services = MediaWikiServices::getInstance();
|
|
|
|
|
$revisionLookup = $this->getMockBuilder( RevisionLookup::class )
|
|
|
|
|
->setMethods( [ 'getRevisionByTitle' ] )
|
|
|
|
|
->getMockForAbstractClass();
|
|
|
|
|
$revisionLookup->method( 'getRevisionByTitle' )
|
|
|
|
|
->willReturnCallback( function ( LinkTarget $page ) use (
|
|
|
|
|
$services, &$revision, $localJsTitle
|
|
|
|
|
) {
|
|
|
|
|
if ( $localJsTitle->equals( Title::newFromLinkTarget( $page ) ) ) {
|
|
|
|
|
return $revision;
|
|
|
|
|
} else {
|
|
|
|
|
return $services->getRevisionLookup()->getRevisionByTitle( $page );
|
|
|
|
|
}
|
|
|
|
|
} );
|
|
|
|
|
$permissionManager = new PermissionManager(
|
2019-08-21 05:28:47 +00:00
|
|
|
new LoggedServiceOptions(
|
|
|
|
|
self::$serviceOptionsAccessLog,
|
2019-10-08 18:23:08 +00:00
|
|
|
PermissionManager::CONSTRUCTOR_OPTIONS,
|
2019-08-21 05:28:47 +00:00
|
|
|
[
|
|
|
|
|
'WhitelistRead' => [],
|
|
|
|
|
'WhitelistReadRegexp' => [],
|
|
|
|
|
'EmailConfirmToEdit' => false,
|
|
|
|
|
'BlockDisablesLogin' => false,
|
|
|
|
|
'GroupPermissions' => [],
|
|
|
|
|
'RevokePermissions' => [],
|
2019-08-21 19:49:59 +00:00
|
|
|
'AvailableRights' => [],
|
|
|
|
|
'NamespaceProtection' => [],
|
|
|
|
|
'RestrictionLevels' => []
|
2019-08-21 05:28:47 +00:00
|
|
|
]
|
|
|
|
|
),
|
2018-11-01 23:29:22 +00:00
|
|
|
$services->getSpecialPageFactory(),
|
|
|
|
|
$revisionLookup,
|
2019-09-20 15:03:48 +00:00
|
|
|
MediaWikiServices::getInstance()->getNamespaceInfo(),
|
|
|
|
|
MediaWikiServices::getInstance()->getBlockErrorFormatter()
|
2018-11-01 23:29:22 +00:00
|
|
|
);
|
|
|
|
|
$this->setService( 'PermissionManager', $permissionManager );
|
|
|
|
|
|
|
|
|
|
$permissionManager->overrideUserRightsForTesting( $user, [ 'edit', 'editmyuserjs' ] );
|
|
|
|
|
|
|
|
|
|
$revision = $this->getJavascriptRevision( $localJsTitle, $user, '/* script */' );
|
|
|
|
|
$errors = $permissionManager->getPermissionErrors( 'edit', $user, $localJsTitle );
|
|
|
|
|
$this->assertSame( [], $errors );
|
|
|
|
|
|
|
|
|
|
$revision = $this->getJavascriptRedirectRevision( $localJsTitle, $otherLocalJsTitle, $user );
|
|
|
|
|
$errors = $permissionManager->getPermissionErrors( 'edit', $user, $localJsTitle );
|
|
|
|
|
$this->assertSame( [], $errors );
|
|
|
|
|
|
|
|
|
|
$revision = $this->getJavascriptRedirectRevision( $localJsTitle, $nonlocalJsTitle, $user );
|
|
|
|
|
$errors = $permissionManager->getPermissionErrors( 'edit', $user, $localJsTitle );
|
|
|
|
|
$this->assertSame( [ [ 'mycustomjsredirectprotected', 'edit' ] ], $errors );
|
|
|
|
|
|
|
|
|
|
$permissionManager->overrideUserRightsForTesting( $user,
|
|
|
|
|
[ 'edit', 'editmyuserjs', 'editmyuserjsredirect' ] );
|
|
|
|
|
|
|
|
|
|
$revision = $this->getJavascriptRedirectRevision( $localJsTitle, $nonlocalJsTitle, $user );
|
|
|
|
|
$errors = $permissionManager->getPermissionErrors( 'edit', $user, $localJsTitle );
|
|
|
|
|
$this->assertSame( [], $errors );
|
|
|
|
|
}
|
|
|
|
|
|
2019-03-07 20:02:07 +00:00
|
|
|
/**
|
|
|
|
|
* @todo This test method should be split up into separate test methods and
|
|
|
|
|
* data providers
|
|
|
|
|
* @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
|
|
|
|
|
*/
|
|
|
|
|
public function testOtherNonConfigEditPermissions() {
|
|
|
|
|
$this->setUser( $this->userName );
|
|
|
|
|
|
|
|
|
|
$this->setTitle( NS_USER, $this->altUserName . '/tempo' );
|
|
|
|
|
$this->runConfigEditPermissions(
|
|
|
|
|
[ [ 'badaccess-group0' ] ],
|
|
|
|
|
|
|
|
|
|
[ [ 'badaccess-group0' ] ],
|
|
|
|
|
[ [ 'badaccess-group0' ] ],
|
|
|
|
|
[ [ 'badaccess-group0' ] ],
|
|
|
|
|
|
|
|
|
|
[ [ 'badaccess-group0' ] ],
|
|
|
|
|
[ [ 'badaccess-group0' ] ],
|
|
|
|
|
[ [ 'badaccess-group0' ] ],
|
|
|
|
|
[ [ 'badaccess-groups' ] ]
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @todo This should use data providers like the other methods here.
|
|
|
|
|
* @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
|
|
|
|
|
*/
|
|
|
|
|
public function testPatrolActionConfigEditPermissions() {
|
|
|
|
|
$this->setUser( 'anon' );
|
|
|
|
|
$this->setTitle( NS_USER, 'ToPatrolOrNotToPatrol' );
|
|
|
|
|
$this->runConfigEditPermissions(
|
|
|
|
|
[ [ 'badaccess-group0' ] ],
|
|
|
|
|
|
|
|
|
|
[ [ 'badaccess-group0' ] ],
|
|
|
|
|
[ [ 'badaccess-group0' ] ],
|
|
|
|
|
[ [ 'badaccess-group0' ] ],
|
|
|
|
|
|
|
|
|
|
[ [ 'badaccess-group0' ] ],
|
|
|
|
|
[ [ 'badaccess-group0' ] ],
|
|
|
|
|
[ [ 'badaccess-group0' ] ],
|
|
|
|
|
[ [ 'badaccess-groups' ] ]
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
protected function runConfigEditPermissions(
|
|
|
|
|
$resultNone,
|
|
|
|
|
$resultMyCss,
|
|
|
|
|
$resultMyJson,
|
|
|
|
|
$resultMyJs,
|
|
|
|
|
$resultUserCss,
|
|
|
|
|
$resultUserJson,
|
|
|
|
|
$resultUserJs,
|
|
|
|
|
$resultPatrol
|
|
|
|
|
) {
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user );
|
|
|
|
|
$result = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'bogus', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( $resultNone, $result );
|
|
|
|
|
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, 'editmyusercss' );
|
|
|
|
|
$result = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'bogus', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( $resultMyCss, $result );
|
|
|
|
|
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, 'editmyuserjson' );
|
|
|
|
|
$result = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'bogus', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( $resultMyJson, $result );
|
|
|
|
|
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, 'editmyuserjs' );
|
|
|
|
|
$result = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'bogus', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( $resultMyJs, $result );
|
|
|
|
|
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, 'editusercss' );
|
|
|
|
|
$result = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'bogus', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( $resultUserCss, $result );
|
|
|
|
|
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, 'edituserjson' );
|
|
|
|
|
$result = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'bogus', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( $resultUserJson, $result );
|
|
|
|
|
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, 'edituserjs' );
|
|
|
|
|
$result = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'bogus', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( $resultUserJs, $result );
|
|
|
|
|
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user );
|
|
|
|
|
$result = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'patrol', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( reset( $resultPatrol[0] ), reset( $result[0] ) );
|
|
|
|
|
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, [ 'edituserjs', 'edituserjson', 'editusercss' ] );
|
|
|
|
|
$result = MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'bogus', $this->user, $this->title );
|
|
|
|
|
$this->assertEquals( [ [ 'badaccess-group0' ] ], $result );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @todo This test method should be split up into separate test methods and
|
|
|
|
|
* data providers
|
|
|
|
|
*
|
|
|
|
|
* This test is failing per T201776.
|
|
|
|
|
*
|
|
|
|
|
* @group Broken
|
|
|
|
|
* @covers \MediaWiki\Permissions\PermissionManager::checkPageRestrictions
|
|
|
|
|
*/
|
|
|
|
|
public function testPageRestrictions() {
|
|
|
|
|
$prefix = MediaWikiServices::getInstance()->getContentLanguage()->
|
|
|
|
|
getFormattedNsText( NS_PROJECT );
|
|
|
|
|
|
|
|
|
|
$this->setTitle( NS_MAIN );
|
|
|
|
|
$this->title->mRestrictionsLoaded = true;
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, "edit" );
|
2019-03-07 20:02:07 +00:00
|
|
|
$this->title->mRestrictions = [ "bogus" => [ 'bogus', "sysop", "protect", "" ] ];
|
|
|
|
|
|
|
|
|
|
$this->assertEquals( [],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()
|
|
|
|
|
->getPermissionErrors( 'edit', $this->user, $this->title ) );
|
2019-03-07 20:02:07 +00:00
|
|
|
|
|
|
|
|
$this->assertEquals( true,
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()
|
2019-08-23 23:53:15 +00:00
|
|
|
->quickUserCan( 'edit', $this->user, $this->title ) );
|
2019-03-07 20:02:07 +00:00
|
|
|
|
|
|
|
|
$this->title->mRestrictions = [ "edit" => [ 'bogus', "sysop", "protect", "" ],
|
|
|
|
|
"bogus" => [ 'bogus', "sysop", "protect", "" ] ];
|
|
|
|
|
|
|
|
|
|
$this->assertEquals( [ [ 'badaccess-group0' ],
|
|
|
|
|
[ 'protectedpagetext', 'bogus', 'bogus' ],
|
|
|
|
|
[ 'protectedpagetext', 'editprotected', 'bogus' ],
|
|
|
|
|
[ 'protectedpagetext', 'protect', 'bogus' ] ],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()->getPermissionErrors(
|
|
|
|
|
'bogus', $this->user, $this->title ) );
|
2019-03-07 20:02:07 +00:00
|
|
|
$this->assertEquals( [ [ 'protectedpagetext', 'bogus', 'edit' ],
|
|
|
|
|
[ 'protectedpagetext', 'editprotected', 'edit' ],
|
|
|
|
|
[ 'protectedpagetext', 'protect', 'edit' ] ],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()->getPermissionErrors(
|
|
|
|
|
'edit', $this->user, $this->title ) );
|
|
|
|
|
$this->overrideUserPermissions( $this->user );
|
2019-03-07 20:02:07 +00:00
|
|
|
$this->assertEquals( [ [ 'badaccess-group0' ],
|
|
|
|
|
[ 'protectedpagetext', 'bogus', 'bogus' ],
|
|
|
|
|
[ 'protectedpagetext', 'editprotected', 'bogus' ],
|
|
|
|
|
[ 'protectedpagetext', 'protect', 'bogus' ] ],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()->getPermissionErrors(
|
|
|
|
|
'bogus', $this->user, $this->title ) );
|
2019-03-07 20:02:07 +00:00
|
|
|
$this->assertEquals( [ [ 'badaccess-groups', "*, [[$prefix:Users|Users]]", 2 ],
|
|
|
|
|
[ 'protectedpagetext', 'bogus', 'edit' ],
|
|
|
|
|
[ 'protectedpagetext', 'editprotected', 'edit' ],
|
|
|
|
|
[ 'protectedpagetext', 'protect', 'edit' ] ],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()->getPermissionErrors(
|
|
|
|
|
'edit', $this->user, $this->title ) );
|
|
|
|
|
$this->overrideUserPermissions( $this->user, [ "edit", "editprotected" ] );
|
2019-03-07 20:02:07 +00:00
|
|
|
$this->assertEquals( [ [ 'badaccess-group0' ],
|
|
|
|
|
[ 'protectedpagetext', 'bogus', 'bogus' ],
|
|
|
|
|
[ 'protectedpagetext', 'protect', 'bogus' ] ],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()->getPermissionErrors(
|
|
|
|
|
'bogus', $this->user, $this->title ) );
|
2019-03-07 20:02:07 +00:00
|
|
|
$this->assertEquals( [
|
|
|
|
|
[ 'protectedpagetext', 'bogus', 'edit' ],
|
|
|
|
|
[ 'protectedpagetext', 'protect', 'edit' ] ],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()->getPermissionErrors(
|
|
|
|
|
'edit', $this->user, $this->title ) );
|
2019-03-07 20:02:07 +00:00
|
|
|
|
|
|
|
|
$this->title->mCascadeRestriction = true;
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, "edit" );
|
2019-03-07 20:02:07 +00:00
|
|
|
|
2019-09-17 14:19:26 +00:00
|
|
|
$this->assertFalse(
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()
|
2019-08-23 23:53:15 +00:00
|
|
|
->quickUserCan( 'bogus', $this->user, $this->title ) );
|
2019-03-07 20:02:07 +00:00
|
|
|
|
2019-09-17 14:19:26 +00:00
|
|
|
$this->assertFalse(
|
2019-08-23 23:53:15 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()->quickUserCan(
|
|
|
|
|
'edit', $this->user, $this->title ) );
|
2019-03-07 20:02:07 +00:00
|
|
|
|
|
|
|
|
$this->assertEquals( [ [ 'badaccess-group0' ],
|
|
|
|
|
[ 'protectedpagetext', 'bogus', 'bogus' ],
|
|
|
|
|
[ 'protectedpagetext', 'editprotected', 'bogus' ],
|
|
|
|
|
[ 'protectedpagetext', 'protect', 'bogus' ] ],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()->getPermissionErrors(
|
|
|
|
|
'bogus', $this->user, $this->title ) );
|
2019-03-07 20:02:07 +00:00
|
|
|
$this->assertEquals( [ [ 'protectedpagetext', 'bogus', 'edit' ],
|
|
|
|
|
[ 'protectedpagetext', 'editprotected', 'edit' ],
|
|
|
|
|
[ 'protectedpagetext', 'protect', 'edit' ] ],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()->getPermissionErrors(
|
|
|
|
|
'edit', $this->user, $this->title ) );
|
2019-03-07 20:02:07 +00:00
|
|
|
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, [ "edit", "editprotected" ] );
|
2019-09-17 14:19:26 +00:00
|
|
|
$this->assertFalse(
|
2019-08-23 23:53:15 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()->quickUserCan(
|
|
|
|
|
'bogus', $this->user, $this->title ) );
|
2019-03-07 20:02:07 +00:00
|
|
|
|
2019-09-17 14:19:26 +00:00
|
|
|
$this->assertFalse(
|
2019-08-23 23:53:15 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()->quickUserCan(
|
|
|
|
|
'edit', $this->user, $this->title ) );
|
2019-03-07 20:02:07 +00:00
|
|
|
|
|
|
|
|
$this->assertEquals( [ [ 'badaccess-group0' ],
|
|
|
|
|
[ 'protectedpagetext', 'bogus', 'bogus' ],
|
|
|
|
|
[ 'protectedpagetext', 'protect', 'bogus' ],
|
|
|
|
|
[ 'protectedpagetext', 'protect', 'bogus' ] ],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()->getPermissionErrors(
|
|
|
|
|
'bogus', $this->user, $this->title ) );
|
2019-03-07 20:02:07 +00:00
|
|
|
$this->assertEquals( [ [ 'protectedpagetext', 'bogus', 'edit' ],
|
|
|
|
|
[ 'protectedpagetext', 'protect', 'edit' ],
|
|
|
|
|
[ 'protectedpagetext', 'protect', 'edit' ] ],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()->getPermissionErrors(
|
|
|
|
|
'edit', $this->user, $this->title ) );
|
2019-03-07 20:02:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @covers \MediaWiki\Permissions\PermissionManager::checkCascadingSourcesRestrictions
|
|
|
|
|
*/
|
|
|
|
|
public function testCascadingSourcesRestrictions() {
|
|
|
|
|
$this->setTitle( NS_MAIN, "test page" );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, [ "edit", "bogus" ] );
|
2019-03-07 20:02:07 +00:00
|
|
|
|
|
|
|
|
$this->title->mCascadeSources = [
|
|
|
|
|
Title::makeTitle( NS_MAIN, "Bogus" ),
|
|
|
|
|
Title::makeTitle( NS_MAIN, "UnBogus" )
|
|
|
|
|
];
|
|
|
|
|
$this->title->mCascadingRestrictions = [
|
|
|
|
|
"bogus" => [ 'bogus', "sysop", "protect", "" ]
|
|
|
|
|
];
|
|
|
|
|
|
2019-09-17 14:19:26 +00:00
|
|
|
$this->assertFalse(
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()->userCan(
|
|
|
|
|
'bogus', $this->user, $this->title ) );
|
2019-03-07 20:02:07 +00:00
|
|
|
$this->assertEquals( [
|
|
|
|
|
[ "cascadeprotected", 2, "* [[:Bogus]]\n* [[:UnBogus]]\n", 'bogus' ],
|
|
|
|
|
[ "cascadeprotected", 2, "* [[:Bogus]]\n* [[:UnBogus]]\n", 'bogus' ],
|
|
|
|
|
[ "cascadeprotected", 2, "* [[:Bogus]]\n* [[:UnBogus]]\n", 'bogus' ] ],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()->getPermissionErrors(
|
|
|
|
|
'bogus', $this->user, $this->title ) );
|
2019-03-07 20:02:07 +00:00
|
|
|
|
|
|
|
|
$this->assertEquals( true,
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()->userCan(
|
|
|
|
|
'edit', $this->user, $this->title ) );
|
2019-03-07 20:02:07 +00:00
|
|
|
$this->assertEquals( [],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()->getPermissionErrors(
|
|
|
|
|
'edit', $this->user, $this->title ) );
|
2019-03-07 20:02:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @todo This test method should be split up into separate test methods and
|
|
|
|
|
* data providers
|
|
|
|
|
* @covers \MediaWiki\Permissions\PermissionManager::checkActionPermissions
|
|
|
|
|
*/
|
|
|
|
|
public function testActionPermissions() {
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, [ "createpage" ] );
|
2019-03-07 20:02:07 +00:00
|
|
|
$this->setTitle( NS_MAIN, "test page" );
|
|
|
|
|
$this->title->mTitleProtection['permission'] = '';
|
|
|
|
|
$this->title->mTitleProtection['user'] = $this->user->getId();
|
|
|
|
|
$this->title->mTitleProtection['expiry'] = 'infinity';
|
|
|
|
|
$this->title->mTitleProtection['reason'] = 'test';
|
|
|
|
|
$this->title->mCascadeRestriction = false;
|
|
|
|
|
|
|
|
|
|
$this->assertEquals( [ [ 'titleprotected', 'Useruser', 'test' ] ],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'create', $this->user, $this->title ) );
|
2019-09-17 14:19:26 +00:00
|
|
|
$this->assertFalse(
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()->userCan(
|
|
|
|
|
'create', $this->user, $this->title ) );
|
2019-03-07 20:02:07 +00:00
|
|
|
|
|
|
|
|
$this->title->mTitleProtection['permission'] = 'editprotected';
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, [ 'createpage', 'protect' ] );
|
2019-03-07 20:02:07 +00:00
|
|
|
$this->assertEquals( [ [ 'titleprotected', 'Useruser', 'test' ] ],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'create', $this->user, $this->title ) );
|
2019-09-17 14:19:26 +00:00
|
|
|
$this->assertFalse(
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()->userCan(
|
|
|
|
|
'create', $this->user, $this->title ) );
|
2019-03-07 20:02:07 +00:00
|
|
|
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, [ 'createpage', 'editprotected' ] );
|
2019-03-07 20:02:07 +00:00
|
|
|
$this->assertEquals( [],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'create', $this->user, $this->title ) );
|
|
|
|
|
$this->assertEquals( true,
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()->userCan(
|
|
|
|
|
'create', $this->user, $this->title ) );
|
2019-03-07 20:02:07 +00:00
|
|
|
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, [ 'createpage' ] );
|
2019-03-07 20:02:07 +00:00
|
|
|
$this->assertEquals( [ [ 'titleprotected', 'Useruser', 'test' ] ],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'create', $this->user, $this->title ) );
|
2019-09-17 14:19:26 +00:00
|
|
|
$this->assertFalse(
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()->userCan(
|
|
|
|
|
'create', $this->user, $this->title ) );
|
2019-03-07 20:02:07 +00:00
|
|
|
|
|
|
|
|
$this->setTitle( NS_MEDIA, "test page" );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, [ "move" ] );
|
2019-09-17 14:19:26 +00:00
|
|
|
$this->assertFalse(
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()->userCan(
|
|
|
|
|
'move', $this->user, $this->title ) );
|
2019-03-07 20:02:07 +00:00
|
|
|
$this->assertEquals( [ [ 'immobile-source-namespace', 'Media' ] ],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'move', $this->user, $this->title ) );
|
|
|
|
|
|
|
|
|
|
$this->setTitle( NS_HELP, "test page" );
|
|
|
|
|
$this->assertEquals( [],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'move', $this->user, $this->title ) );
|
|
|
|
|
$this->assertEquals( true,
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()->userCan(
|
|
|
|
|
'move', $this->user, $this->title ) );
|
2019-03-07 20:02:07 +00:00
|
|
|
|
|
|
|
|
$this->title->mInterwiki = "no";
|
|
|
|
|
$this->assertEquals( [ [ 'immobile-source-page' ] ],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'move', $this->user, $this->title ) );
|
2019-09-17 14:19:26 +00:00
|
|
|
$this->assertFalse(
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()->userCan(
|
|
|
|
|
'move', $this->user, $this->title ) );
|
2019-03-07 20:02:07 +00:00
|
|
|
|
|
|
|
|
$this->setTitle( NS_MEDIA, "test page" );
|
2019-09-17 14:19:26 +00:00
|
|
|
$this->assertFalse(
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()->userCan(
|
|
|
|
|
'move-target', $this->user, $this->title ) );
|
2019-03-07 20:02:07 +00:00
|
|
|
$this->assertEquals( [ [ 'immobile-target-namespace', 'Media' ] ],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'move-target', $this->user, $this->title ) );
|
|
|
|
|
|
|
|
|
|
$this->setTitle( NS_HELP, "test page" );
|
|
|
|
|
$this->assertEquals( [],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'move-target', $this->user, $this->title ) );
|
|
|
|
|
$this->assertEquals( true,
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()->userCan(
|
|
|
|
|
'move-target', $this->user, $this->title ) );
|
2019-03-07 20:02:07 +00:00
|
|
|
|
|
|
|
|
$this->title->mInterwiki = "no";
|
|
|
|
|
$this->assertEquals( [ [ 'immobile-target-page' ] ],
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->getPermissionErrors( 'move-target', $this->user, $this->title ) );
|
2019-09-17 14:19:26 +00:00
|
|
|
$this->assertFalse(
|
2019-04-09 06:58:04 +00:00
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()->userCan(
|
|
|
|
|
'move-target', $this->user, $this->title ) );
|
2019-03-07 20:02:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2019-10-11 16:06:38 +00:00
|
|
|
* @dataProvider provideTestCheckUserBlockActions
|
2019-03-07 20:02:07 +00:00
|
|
|
* @covers \MediaWiki\Permissions\PermissionManager::checkUserBlock
|
|
|
|
|
*/
|
2019-10-11 16:06:38 +00:00
|
|
|
public function testCheckUserBlockActions( $block, $restriction, $expected ) {
|
2019-03-07 20:02:07 +00:00
|
|
|
$this->setMwGlobals( [
|
2019-10-11 16:06:38 +00:00
|
|
|
'wgEmailConfirmToEdit' => false,
|
2019-03-07 20:02:07 +00:00
|
|
|
] );
|
|
|
|
|
|
2019-10-11 16:06:38 +00:00
|
|
|
if ( $restriction ) {
|
|
|
|
|
$pageRestriction = new PageRestriction( 0, $this->title->getArticleID() );
|
|
|
|
|
$pageRestriction->setTitle( $this->title );
|
|
|
|
|
$block->setRestrictions( [ $pageRestriction ] );
|
|
|
|
|
}
|
2019-03-07 20:02:07 +00:00
|
|
|
|
2019-10-11 16:06:38 +00:00
|
|
|
$user = $this->getMockBuilder( User::class )
|
|
|
|
|
->setMethods( [ 'getBlock' ] )
|
|
|
|
|
->getMock();
|
|
|
|
|
$user->method( 'getBlock' )
|
|
|
|
|
->willReturn( $block );
|
2019-03-07 20:02:07 +00:00
|
|
|
|
2019-10-11 16:06:38 +00:00
|
|
|
$this->overrideUserPermissions( $user, [
|
2019-04-09 06:58:04 +00:00
|
|
|
'createpage',
|
|
|
|
|
'edit',
|
|
|
|
|
'move',
|
|
|
|
|
'rollback',
|
|
|
|
|
'patrol',
|
|
|
|
|
'upload',
|
|
|
|
|
'purge'
|
|
|
|
|
] );
|
2019-03-07 20:02:07 +00:00
|
|
|
|
2019-10-11 16:06:38 +00:00
|
|
|
$permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
|
|
|
|
|
|
|
|
|
|
// Check that user is blocked or unblocked from specific actions
|
|
|
|
|
foreach ( $expected as $action => $blocked ) {
|
|
|
|
|
$expectedErrorCount = $blocked ? 1 : 0;
|
|
|
|
|
$this->assertEquals(
|
|
|
|
|
$expectedErrorCount,
|
|
|
|
|
count( $permissionManager->getPermissionErrors(
|
|
|
|
|
$action,
|
|
|
|
|
$user,
|
|
|
|
|
$this->title
|
|
|
|
|
) )
|
|
|
|
|
);
|
|
|
|
|
}
|
2019-03-07 20:02:07 +00:00
|
|
|
|
|
|
|
|
// quickUserCan should ignore user blocks
|
2019-10-11 16:06:38 +00:00
|
|
|
$this->assertEquals(
|
|
|
|
|
true,
|
|
|
|
|
$permissionManager->quickUserCan( 'move-target', $this->user, $this->title )
|
|
|
|
|
);
|
|
|
|
|
}
|
2019-03-07 20:02:07 +00:00
|
|
|
|
2019-10-11 16:06:38 +00:00
|
|
|
public static function provideTestCheckUserBlockActions() {
|
|
|
|
|
return [
|
|
|
|
|
'Sitewide autoblock' => [
|
|
|
|
|
new DatabaseBlock( [
|
|
|
|
|
'address' => '127.0.8.1',
|
|
|
|
|
'by' => 100,
|
|
|
|
|
'auto' => true,
|
|
|
|
|
] ),
|
|
|
|
|
false,
|
|
|
|
|
[
|
|
|
|
|
'edit' => true,
|
|
|
|
|
'move-target' => true,
|
|
|
|
|
'rollback' => true,
|
|
|
|
|
'patrol' => true,
|
|
|
|
|
'upload' => true,
|
|
|
|
|
'purge' => false,
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
'Sitewide block' => [
|
|
|
|
|
new DatabaseBlock( [
|
|
|
|
|
'address' => '127.0.8.1',
|
|
|
|
|
'by' => 100,
|
|
|
|
|
] ),
|
|
|
|
|
false,
|
|
|
|
|
[
|
|
|
|
|
'edit' => true,
|
|
|
|
|
'move-target' => true,
|
|
|
|
|
'rollback' => true,
|
|
|
|
|
'patrol' => true,
|
|
|
|
|
'upload' => true,
|
|
|
|
|
'purge' => false,
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
'Partial block without restriction against this page' => [
|
|
|
|
|
new DatabaseBlock( [
|
|
|
|
|
'address' => '127.0.8.1',
|
|
|
|
|
'by' => 100,
|
|
|
|
|
'sitewide' => false,
|
|
|
|
|
] ),
|
|
|
|
|
false,
|
|
|
|
|
[
|
|
|
|
|
'edit' => false,
|
|
|
|
|
'move-target' => false,
|
|
|
|
|
'rollback' => false,
|
|
|
|
|
'patrol' => false,
|
|
|
|
|
'upload' => false,
|
|
|
|
|
'purge' => false,
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
'Partial block with restriction against this page' => [
|
|
|
|
|
new DatabaseBlock( [
|
|
|
|
|
'address' => '127.0.8.1',
|
|
|
|
|
'by' => 100,
|
|
|
|
|
'sitewide' => false,
|
|
|
|
|
] ),
|
|
|
|
|
true,
|
|
|
|
|
[
|
|
|
|
|
'edit' => true,
|
|
|
|
|
'move-target' => true,
|
|
|
|
|
'rollback' => true,
|
|
|
|
|
'patrol' => true,
|
|
|
|
|
'upload' => false,
|
|
|
|
|
'purge' => false,
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
'System block' => [
|
|
|
|
|
new SystemBlock( [
|
|
|
|
|
'address' => '127.0.8.1',
|
|
|
|
|
'by' => 100,
|
|
|
|
|
'systemBlock' => 'test',
|
|
|
|
|
] ),
|
|
|
|
|
false,
|
|
|
|
|
[
|
|
|
|
|
'edit' => true,
|
|
|
|
|
'move-target' => true,
|
|
|
|
|
'rollback' => true,
|
|
|
|
|
'patrol' => true,
|
|
|
|
|
'upload' => true,
|
|
|
|
|
'purge' => false,
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
'No block' => [
|
|
|
|
|
null,
|
|
|
|
|
false,
|
|
|
|
|
[
|
|
|
|
|
'edit' => false,
|
|
|
|
|
'move-target' => false,
|
|
|
|
|
'rollback' => false,
|
|
|
|
|
'patrol' => false,
|
|
|
|
|
'upload' => false,
|
|
|
|
|
'purge' => false,
|
|
|
|
|
]
|
|
|
|
|
]
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @dataProvider provideTestCheckUserBlockMessage
|
|
|
|
|
* @covers \MediaWiki\Permissions\PermissionManager::checkUserBlock
|
|
|
|
|
*/
|
|
|
|
|
public function testCheckUserBlockMessage( $blockType, $blockParams, $restriction, $expected ) {
|
|
|
|
|
$this->setMwGlobals( [
|
|
|
|
|
'wgEmailConfirmToEdit' => false,
|
2019-03-07 20:02:07 +00:00
|
|
|
] );
|
|
|
|
|
|
2019-10-11 16:06:38 +00:00
|
|
|
$block = new $blockType( array_merge( [
|
2019-03-07 20:02:07 +00:00
|
|
|
'address' => '127.0.8.1',
|
|
|
|
|
'by' => $this->user->getId(),
|
2019-10-11 16:06:38 +00:00
|
|
|
'reason' => 'Test reason',
|
|
|
|
|
'timestamp' => '20000101000000',
|
|
|
|
|
'expiry' => 0,
|
|
|
|
|
], $blockParams ) );
|
|
|
|
|
|
|
|
|
|
if ( $restriction ) {
|
|
|
|
|
$pageRestriction = new PageRestriction( 0, $this->title->getArticleID() );
|
|
|
|
|
$pageRestriction->setTitle( $this->title );
|
|
|
|
|
$block->setRestrictions( [ $pageRestriction ] );
|
|
|
|
|
}
|
2019-03-07 20:02:07 +00:00
|
|
|
|
2019-10-11 16:06:38 +00:00
|
|
|
$user = $this->getMockBuilder( User::class )
|
|
|
|
|
->setMethods( [ 'getBlock' ] )
|
|
|
|
|
->getMock();
|
|
|
|
|
$user->method( 'getBlock' )
|
|
|
|
|
->willReturn( $block );
|
|
|
|
|
|
|
|
|
|
$this->overrideUserPermissions( $user, [ 'edit' ] );
|
|
|
|
|
|
|
|
|
|
// TODO: PermissionManager::checkUserBlock gets the global IP because
|
|
|
|
|
// the correct context is not currently passed in. When that is fixed,
|
|
|
|
|
// this should be updated.
|
|
|
|
|
$expectedErrors = [ [
|
|
|
|
|
$expected['message'],
|
|
|
|
|
"[[User:Useruser|\u{202A}Useruser\u{202C}]]",
|
|
|
|
|
'Test reason',
|
|
|
|
|
RequestContext::getMain()->getRequest()->getIP(),
|
|
|
|
|
"\u{202A}Useruser\u{202C}",
|
|
|
|
|
$expected['identifier'],
|
|
|
|
|
'infinite',
|
|
|
|
|
'127.0.8.1',
|
|
|
|
|
'00:00, 1 January 2000'
|
|
|
|
|
] ];
|
|
|
|
|
|
|
|
|
|
$permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
|
|
|
|
|
|
|
|
|
|
$this->assertEquals(
|
|
|
|
|
$expectedErrors,
|
|
|
|
|
$permissionManager->getPermissionErrors(
|
|
|
|
|
'edit',
|
|
|
|
|
$user,
|
|
|
|
|
$this->title
|
|
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
}
|
2019-03-07 20:02:07 +00:00
|
|
|
|
2019-10-11 16:06:38 +00:00
|
|
|
public static function provideTestCheckUserBlockMessage() {
|
|
|
|
|
return [
|
|
|
|
|
'Sitewide autoblock' => [
|
|
|
|
|
DatabaseBlock::class,
|
|
|
|
|
[ 'auto' => true ],
|
|
|
|
|
false,
|
|
|
|
|
[
|
|
|
|
|
'message' => 'autoblockedtext',
|
|
|
|
|
'identifier' => null, // Block not inserted
|
|
|
|
|
],
|
|
|
|
|
],
|
|
|
|
|
'Sitewide block' => [
|
|
|
|
|
DatabaseBlock::class,
|
|
|
|
|
[],
|
|
|
|
|
false,
|
|
|
|
|
[
|
|
|
|
|
'message' => 'blockedtext',
|
|
|
|
|
'identifier' => null, // Block not inserted
|
|
|
|
|
],
|
|
|
|
|
],
|
|
|
|
|
'Partial block with restriction against this page' => [
|
|
|
|
|
DatabaseBlock::class,
|
|
|
|
|
[ 'sitewide' => false ],
|
|
|
|
|
true,
|
|
|
|
|
[
|
|
|
|
|
'message' => 'blockedtext-partial',
|
|
|
|
|
'identifier' => null, // Block not inserted
|
|
|
|
|
],
|
|
|
|
|
],
|
|
|
|
|
'System block' => [
|
|
|
|
|
SystemBlock::class,
|
|
|
|
|
[ 'systemBlock' => 'test' ],
|
|
|
|
|
false,
|
|
|
|
|
[
|
|
|
|
|
'message' => 'systemblockedtext',
|
|
|
|
|
'identifier' => 'test',
|
|
|
|
|
],
|
|
|
|
|
],
|
|
|
|
|
];
|
|
|
|
|
}
|
2019-03-07 20:02:07 +00:00
|
|
|
|
2019-10-11 16:06:38 +00:00
|
|
|
/**
|
|
|
|
|
* @dataProvider provideTestCheckUserBlockEmailConfirmToEdit
|
|
|
|
|
* @covers \MediaWiki\Permissions\PermissionManager::checkUserBlock
|
|
|
|
|
*/
|
|
|
|
|
public function testCheckUserBlockEmailConfirmToEdit( $emailConfirmToEdit, $assertion ) {
|
|
|
|
|
$this->setMwGlobals( [
|
|
|
|
|
'wgEmailConfirmToEdit' => $emailConfirmToEdit,
|
|
|
|
|
'wgEmailAuthentication' => true,
|
2019-03-07 20:02:07 +00:00
|
|
|
] );
|
|
|
|
|
|
2019-10-11 16:06:38 +00:00
|
|
|
$this->overrideUserPermissions( $this->user, [
|
|
|
|
|
'edit',
|
|
|
|
|
'move',
|
2019-03-07 20:02:07 +00:00
|
|
|
] );
|
|
|
|
|
|
2019-10-11 16:06:38 +00:00
|
|
|
$permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
|
2019-03-07 20:02:07 +00:00
|
|
|
|
2019-10-11 16:06:38 +00:00
|
|
|
$this->$assertion( [ 'confirmedittext' ],
|
|
|
|
|
$permissionManager->getPermissionErrors( 'edit', $this->user, $this->title ) );
|
2019-03-07 20:02:07 +00:00
|
|
|
|
2019-10-11 16:06:38 +00:00
|
|
|
// $wgEmailConfirmToEdit only applies to 'edit' action
|
2019-03-07 20:02:07 +00:00
|
|
|
$this->assertEquals( [],
|
2019-10-11 16:06:38 +00:00
|
|
|
$permissionManager->getPermissionErrors( 'move-target', $this->user, $this->title ) );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public static function provideTestCheckUserBlockEmailConfirmToEdit() {
|
|
|
|
|
return [
|
|
|
|
|
'User must confirm email to edit' => [
|
|
|
|
|
true,
|
|
|
|
|
'assertContains',
|
|
|
|
|
],
|
|
|
|
|
'User may edit without confirming email' => [
|
|
|
|
|
false,
|
|
|
|
|
'assertNotContains',
|
|
|
|
|
],
|
|
|
|
|
];
|
2019-03-07 20:02:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @covers \MediaWiki\Permissions\PermissionManager::checkUserBlock
|
|
|
|
|
*
|
|
|
|
|
* Tests to determine that the passed in permission does not get mixed up with
|
|
|
|
|
* an action of the same name.
|
|
|
|
|
*/
|
2019-10-11 16:06:38 +00:00
|
|
|
public function testCheckUserBlockActionPermission() {
|
2019-03-07 20:02:07 +00:00
|
|
|
$tester = $this->getMockBuilder( Action::class )
|
|
|
|
|
->disableOriginalConstructor()
|
|
|
|
|
->getMock();
|
|
|
|
|
$tester->method( 'getName' )
|
|
|
|
|
->willReturn( 'tester' );
|
|
|
|
|
$tester->method( 'getRestriction' )
|
|
|
|
|
->willReturn( 'test' );
|
|
|
|
|
$tester->method( 'requiresUnblock' )
|
|
|
|
|
->willReturn( false );
|
|
|
|
|
|
|
|
|
|
$this->setMwGlobals( [
|
|
|
|
|
'wgActions' => [
|
|
|
|
|
'tester' => $tester,
|
|
|
|
|
],
|
|
|
|
|
'wgGroupPermissions' => [
|
|
|
|
|
'*' => [
|
|
|
|
|
'tester' => true,
|
|
|
|
|
],
|
|
|
|
|
],
|
|
|
|
|
] );
|
|
|
|
|
|
2019-10-11 16:06:38 +00:00
|
|
|
$user = $this->getMockBuilder( User::class )
|
|
|
|
|
->setMethods( [ 'getBlock' ] )
|
|
|
|
|
->getMock();
|
|
|
|
|
$user->method( 'getBlock' )
|
|
|
|
|
->willReturn( new DatabaseBlock( [
|
|
|
|
|
'address' => '127.0.8.1',
|
|
|
|
|
'by' => $this->user->getId(),
|
|
|
|
|
] ) );
|
|
|
|
|
|
|
|
|
|
$this->assertEquals(
|
|
|
|
|
1,
|
|
|
|
|
count(
|
|
|
|
|
MediaWikiServices::getInstance()->getPermissionManager()
|
|
|
|
|
->getPermissionErrors( 'tester', $user, $this->title )
|
|
|
|
|
)
|
|
|
|
|
);
|
2019-03-07 20:02:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @covers \MediaWiki\Permissions\PermissionManager::isBlockedFrom
|
|
|
|
|
*/
|
|
|
|
|
public function testBlockInstanceCache() {
|
|
|
|
|
// First, check the user isn't blocked
|
|
|
|
|
$user = $this->getMutableTestUser()->getUser();
|
|
|
|
|
$ut = Title::makeTitle( NS_USER_TALK, $user->getName() );
|
|
|
|
|
$this->assertNull( $user->getBlock( false ), 'sanity check' );
|
|
|
|
|
//$this->assertSame( '', $user->blockedBy(), 'sanity check' );
|
|
|
|
|
//$this->assertSame( '', $user->blockedFor(), 'sanity check' );
|
|
|
|
|
//$this->assertFalse( (bool)$user->isHidden(), 'sanity check' );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->assertFalse( MediaWikiServices::getInstance()->getPermissionManager()
|
2019-03-07 20:02:07 +00:00
|
|
|
->isBlockedFrom( $user, $ut ), 'sanity check' );
|
|
|
|
|
|
|
|
|
|
// Block the user
|
|
|
|
|
$blocker = $this->getTestSysop()->getUser();
|
2019-05-13 14:18:07 +00:00
|
|
|
$block = new DatabaseBlock( [
|
2019-03-07 20:02:07 +00:00
|
|
|
'hideName' => true,
|
|
|
|
|
'allowUsertalk' => false,
|
|
|
|
|
'reason' => 'Because',
|
|
|
|
|
] );
|
|
|
|
|
$block->setTarget( $user );
|
|
|
|
|
$block->setBlocker( $blocker );
|
|
|
|
|
$res = $block->insert();
|
|
|
|
|
$this->assertTrue( (bool)$res['id'], 'sanity check: Failed to insert block' );
|
|
|
|
|
|
|
|
|
|
// Clear cache and confirm it loaded the block properly
|
|
|
|
|
$user->clearInstanceCache();
|
2019-05-13 14:18:07 +00:00
|
|
|
$this->assertInstanceOf( DatabaseBlock::class, $user->getBlock( false ) );
|
2019-03-07 20:02:07 +00:00
|
|
|
//$this->assertSame( $blocker->getName(), $user->blockedBy() );
|
|
|
|
|
//$this->assertSame( 'Because', $user->blockedFor() );
|
|
|
|
|
//$this->assertTrue( (bool)$user->isHidden() );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->assertTrue( MediaWikiServices::getInstance()->getPermissionManager()
|
|
|
|
|
->isBlockedFrom( $user, $ut ) );
|
2019-03-07 20:02:07 +00:00
|
|
|
|
|
|
|
|
// Unblock
|
|
|
|
|
$block->delete();
|
|
|
|
|
|
|
|
|
|
// Clear cache and confirm it loaded the not-blocked properly
|
|
|
|
|
$user->clearInstanceCache();
|
|
|
|
|
$this->assertNull( $user->getBlock( false ) );
|
|
|
|
|
//$this->assertSame( '', $user->blockedBy() );
|
|
|
|
|
//$this->assertSame( '', $user->blockedFor() );
|
|
|
|
|
//$this->assertFalse( (bool)$user->isHidden() );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->assertFalse( MediaWikiServices::getInstance()->getPermissionManager()
|
|
|
|
|
->isBlockedFrom( $user, $ut ) );
|
2019-03-07 20:02:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @covers \MediaWiki\Permissions\PermissionManager::isBlockedFrom
|
|
|
|
|
* @dataProvider provideIsBlockedFrom
|
|
|
|
|
* @param string|null $title Title to test.
|
|
|
|
|
* @param bool $expect Expected result from User::isBlockedFrom()
|
|
|
|
|
* @param array $options Additional test options:
|
|
|
|
|
* - 'blockAllowsUTEdit': (bool, default true) Value for $wgBlockAllowsUTEdit
|
2019-05-13 14:18:07 +00:00
|
|
|
* - 'allowUsertalk': (bool, default false) Passed to DatabaseBlock::__construct()
|
2019-03-07 20:02:07 +00:00
|
|
|
* - 'pageRestrictions': (array|null) If non-empty, page restriction titles for the block.
|
|
|
|
|
*/
|
|
|
|
|
public function testIsBlockedFrom( $title, $expect, array $options = [] ) {
|
|
|
|
|
$this->setMwGlobals( [
|
|
|
|
|
'wgBlockAllowsUTEdit' => $options['blockAllowsUTEdit'] ?? true,
|
|
|
|
|
] );
|
|
|
|
|
|
|
|
|
|
$user = $this->getTestUser()->getUser();
|
|
|
|
|
|
|
|
|
|
if ( $title === self::USER_TALK_PAGE ) {
|
|
|
|
|
$title = $user->getTalkPage();
|
|
|
|
|
} else {
|
|
|
|
|
$title = Title::newFromText( $title );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$restrictions = [];
|
|
|
|
|
foreach ( $options['pageRestrictions'] ?? [] as $pagestr ) {
|
|
|
|
|
$page = $this->getExistingTestPage(
|
|
|
|
|
$pagestr === self::USER_TALK_PAGE ? $user->getTalkPage() : $pagestr
|
|
|
|
|
);
|
|
|
|
|
$restrictions[] = new PageRestriction( 0, $page->getId() );
|
|
|
|
|
}
|
|
|
|
|
foreach ( $options['namespaceRestrictions'] ?? [] as $ns ) {
|
|
|
|
|
$restrictions[] = new NamespaceRestriction( 0, $ns );
|
|
|
|
|
}
|
|
|
|
|
|
2019-05-13 14:18:07 +00:00
|
|
|
$block = new DatabaseBlock( [
|
2019-03-07 20:02:07 +00:00
|
|
|
'expiry' => wfTimestamp( TS_MW, wfTimestamp() + ( 40 * 60 * 60 ) ),
|
|
|
|
|
'allowUsertalk' => $options['allowUsertalk'] ?? false,
|
|
|
|
|
'sitewide' => !$restrictions,
|
|
|
|
|
] );
|
|
|
|
|
$block->setTarget( $user );
|
|
|
|
|
$block->setBlocker( $this->getTestSysop()->getUser() );
|
|
|
|
|
if ( $restrictions ) {
|
|
|
|
|
$block->setRestrictions( $restrictions );
|
|
|
|
|
}
|
|
|
|
|
$block->insert();
|
|
|
|
|
|
|
|
|
|
try {
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->assertSame( $expect, MediaWikiServices::getInstance()->getPermissionManager()
|
|
|
|
|
->isBlockedFrom( $user, $title ) );
|
2019-03-07 20:02:07 +00:00
|
|
|
} finally {
|
|
|
|
|
$block->delete();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public static function provideIsBlockedFrom() {
|
|
|
|
|
return [
|
|
|
|
|
'Sitewide block, basic operation' => [ 'Test page', true ],
|
|
|
|
|
'Sitewide block, not allowing user talk' => [
|
|
|
|
|
self::USER_TALK_PAGE, true, [
|
|
|
|
|
'allowUsertalk' => false,
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
'Sitewide block, allowing user talk' => [
|
|
|
|
|
self::USER_TALK_PAGE, false, [
|
|
|
|
|
'allowUsertalk' => true,
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
'Sitewide block, allowing user talk but $wgBlockAllowsUTEdit is false' => [
|
|
|
|
|
self::USER_TALK_PAGE, true, [
|
|
|
|
|
'allowUsertalk' => true,
|
|
|
|
|
'blockAllowsUTEdit' => false,
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
'Partial block, blocking the page' => [
|
|
|
|
|
'Test page', true, [
|
|
|
|
|
'pageRestrictions' => [ 'Test page' ],
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
'Partial block, not blocking the page' => [
|
|
|
|
|
'Test page 2', false, [
|
|
|
|
|
'pageRestrictions' => [ 'Test page' ],
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
'Partial block, not allowing user talk but user talk page is not blocked' => [
|
|
|
|
|
self::USER_TALK_PAGE, false, [
|
|
|
|
|
'allowUsertalk' => false,
|
|
|
|
|
'pageRestrictions' => [ 'Test page' ],
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
'Partial block, allowing user talk but user talk page is blocked' => [
|
|
|
|
|
self::USER_TALK_PAGE, true, [
|
|
|
|
|
'allowUsertalk' => true,
|
|
|
|
|
'pageRestrictions' => [ self::USER_TALK_PAGE ],
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
'Partial block, user talk page is not blocked but $wgBlockAllowsUTEdit is false' => [
|
|
|
|
|
self::USER_TALK_PAGE, false, [
|
|
|
|
|
'allowUsertalk' => false,
|
|
|
|
|
'pageRestrictions' => [ 'Test page' ],
|
|
|
|
|
'blockAllowsUTEdit' => false,
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
'Partial block, user talk page is blocked and $wgBlockAllowsUTEdit is false' => [
|
|
|
|
|
self::USER_TALK_PAGE, true, [
|
|
|
|
|
'allowUsertalk' => true,
|
|
|
|
|
'pageRestrictions' => [ self::USER_TALK_PAGE ],
|
|
|
|
|
'blockAllowsUTEdit' => false,
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
'Partial user talk namespace block, not allowing user talk' => [
|
|
|
|
|
self::USER_TALK_PAGE, true, [
|
|
|
|
|
'allowUsertalk' => false,
|
|
|
|
|
'namespaceRestrictions' => [ NS_USER_TALK ],
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
'Partial user talk namespace block, allowing user talk' => [
|
|
|
|
|
self::USER_TALK_PAGE, false, [
|
|
|
|
|
'allowUsertalk' => true,
|
|
|
|
|
'namespaceRestrictions' => [ NS_USER_TALK ],
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
'Partial user talk namespace block, where $wgBlockAllowsUTEdit is false' => [
|
|
|
|
|
self::USER_TALK_PAGE, true, [
|
|
|
|
|
'allowUsertalk' => true,
|
|
|
|
|
'namespaceRestrictions' => [ NS_USER_TALK ],
|
|
|
|
|
'blockAllowsUTEdit' => false,
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-09 06:58:04 +00:00
|
|
|
/**
|
|
|
|
|
* @covers \MediaWiki\Permissions\PermissionManager::getUserPermissions
|
|
|
|
|
*/
|
|
|
|
|
public function testGetUserPermissions() {
|
|
|
|
|
$user = $this->getTestUser( [ 'unittesters' ] )->getUser();
|
|
|
|
|
$rights = MediaWikiServices::getInstance()->getPermissionManager()
|
|
|
|
|
->getUserPermissions( $user );
|
|
|
|
|
$this->assertContains( 'runtest', $rights );
|
|
|
|
|
$this->assertNotContains( 'writetest', $rights );
|
|
|
|
|
$this->assertNotContains( 'modifytest', $rights );
|
|
|
|
|
$this->assertNotContains( 'nukeworld', $rights );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @covers \MediaWiki\Permissions\PermissionManager::getUserPermissions
|
|
|
|
|
*/
|
|
|
|
|
public function testGetUserPermissionsHooks() {
|
|
|
|
|
$user = $this->getTestUser( [ 'unittesters', 'testwriters' ] )->getUser();
|
|
|
|
|
$userWrapper = TestingAccessWrapper::newFromObject( $user );
|
|
|
|
|
|
2019-08-21 02:21:13 +00:00
|
|
|
$rights = MediaWikiServices::getInstance()
|
|
|
|
|
->getPermissionManager()
|
2019-04-09 06:58:04 +00:00
|
|
|
->getUserPermissions( $user );
|
|
|
|
|
$this->assertContains( 'test', $rights, 'sanity check' );
|
|
|
|
|
$this->assertContains( 'runtest', $rights, 'sanity check' );
|
|
|
|
|
$this->assertContains( 'writetest', $rights, 'sanity check' );
|
|
|
|
|
$this->assertNotContains( 'nukeworld', $rights, 'sanity check' );
|
|
|
|
|
|
|
|
|
|
// Add a hook manipluating the rights
|
2019-08-21 02:21:13 +00:00
|
|
|
$this->setTemporaryHook( 'UserGetRights', function ( $user, &$rights ) {
|
2019-04-09 06:58:04 +00:00
|
|
|
$rights[] = 'nukeworld';
|
|
|
|
|
$rights = array_diff( $rights, [ 'writetest' ] );
|
2019-08-21 02:21:13 +00:00
|
|
|
} );
|
2019-04-09 06:58:04 +00:00
|
|
|
|
2019-08-21 02:21:13 +00:00
|
|
|
$rights = MediaWikiServices::getInstance()
|
|
|
|
|
->getPermissionManager()
|
2019-04-09 06:58:04 +00:00
|
|
|
->getUserPermissions( $user );
|
|
|
|
|
$this->assertContains( 'test', $rights );
|
|
|
|
|
$this->assertContains( 'runtest', $rights );
|
|
|
|
|
$this->assertNotContains( 'writetest', $rights );
|
|
|
|
|
$this->assertContains( 'nukeworld', $rights );
|
|
|
|
|
|
|
|
|
|
// Add a Session that limits rights
|
|
|
|
|
$mock = $this->getMockBuilder( stdClass::class )
|
|
|
|
|
->setMethods( [ 'getAllowedUserRights', 'deregisterSession', 'getSessionId' ] )
|
|
|
|
|
->getMock();
|
|
|
|
|
$mock->method( 'getAllowedUserRights' )->willReturn( [ 'test', 'writetest' ] );
|
|
|
|
|
$mock->method( 'getSessionId' )->willReturn(
|
|
|
|
|
new SessionId( str_repeat( 'X', 32 ) )
|
|
|
|
|
);
|
|
|
|
|
$session = TestUtils::getDummySession( $mock );
|
|
|
|
|
$mockRequest = $this->getMockBuilder( FauxRequest::class )
|
|
|
|
|
->setMethods( [ 'getSession' ] )
|
|
|
|
|
->getMock();
|
|
|
|
|
$mockRequest->method( 'getSession' )->willReturn( $session );
|
|
|
|
|
$userWrapper->mRequest = $mockRequest;
|
|
|
|
|
|
|
|
|
|
$this->resetServices();
|
2019-08-21 02:21:13 +00:00
|
|
|
$rights = MediaWikiServices::getInstance()
|
|
|
|
|
->getPermissionManager()
|
2019-04-09 06:58:04 +00:00
|
|
|
->getUserPermissions( $user );
|
|
|
|
|
$this->assertContains( 'test', $rights );
|
|
|
|
|
$this->assertNotContains( 'runtest', $rights );
|
|
|
|
|
$this->assertNotContains( 'writetest', $rights );
|
|
|
|
|
$this->assertNotContains( 'nukeworld', $rights );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @covers \MediaWiki\Permissions\PermissionManager::getGroupPermissions
|
|
|
|
|
*/
|
|
|
|
|
public function testGroupPermissions() {
|
|
|
|
|
$rights = MediaWikiServices::getInstance()->getPermissionManager()
|
|
|
|
|
->getGroupPermissions( [ 'unittesters' ] );
|
|
|
|
|
$this->assertContains( 'runtest', $rights );
|
|
|
|
|
$this->assertNotContains( 'writetest', $rights );
|
|
|
|
|
$this->assertNotContains( 'modifytest', $rights );
|
|
|
|
|
$this->assertNotContains( 'nukeworld', $rights );
|
|
|
|
|
|
|
|
|
|
$rights = MediaWikiServices::getInstance()->getPermissionManager()
|
|
|
|
|
->getGroupPermissions( [ 'unittesters', 'testwriters' ] );
|
|
|
|
|
$this->assertContains( 'runtest', $rights );
|
|
|
|
|
$this->assertContains( 'writetest', $rights );
|
|
|
|
|
$this->assertContains( 'modifytest', $rights );
|
|
|
|
|
$this->assertNotContains( 'nukeworld', $rights );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @covers \MediaWiki\Permissions\PermissionManager::getGroupPermissions
|
|
|
|
|
*/
|
|
|
|
|
public function testRevokePermissions() {
|
|
|
|
|
$rights = MediaWikiServices::getInstance()->getPermissionManager()
|
|
|
|
|
->getGroupPermissions( [ 'unittesters', 'formertesters' ] );
|
|
|
|
|
$this->assertNotContains( 'runtest', $rights );
|
|
|
|
|
$this->assertNotContains( 'writetest', $rights );
|
|
|
|
|
$this->assertNotContains( 'modifytest', $rights );
|
|
|
|
|
$this->assertNotContains( 'nukeworld', $rights );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @dataProvider provideGetGroupsWithPermission
|
|
|
|
|
* @covers \MediaWiki\Permissions\PermissionManager::getGroupsWithPermission
|
|
|
|
|
*/
|
|
|
|
|
public function testGetGroupsWithPermission( $expected, $right ) {
|
|
|
|
|
$result = MediaWikiServices::getInstance()->getPermissionManager()
|
|
|
|
|
->getGroupsWithPermission( $right );
|
|
|
|
|
sort( $result );
|
|
|
|
|
sort( $expected );
|
|
|
|
|
|
|
|
|
|
$this->assertEquals( $expected, $result, "Groups with permission $right" );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public static function provideGetGroupsWithPermission() {
|
|
|
|
|
return [
|
|
|
|
|
[
|
|
|
|
|
[ 'unittesters', 'testwriters' ],
|
|
|
|
|
'test'
|
|
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
[ 'unittesters' ],
|
|
|
|
|
'runtest'
|
|
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
[ 'testwriters' ],
|
|
|
|
|
'writetest'
|
|
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
[ 'testwriters' ],
|
|
|
|
|
'modifytest'
|
|
|
|
|
],
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @covers \MediaWiki\Permissions\PermissionManager::userHasRight
|
|
|
|
|
*/
|
|
|
|
|
public function testUserHasRight() {
|
|
|
|
|
$result = MediaWikiServices::getInstance()->getPermissionManager()->userHasRight(
|
|
|
|
|
$this->getTestUser( 'unittesters' )->getUser(),
|
|
|
|
|
'test'
|
|
|
|
|
);
|
|
|
|
|
$this->assertTrue( $result );
|
|
|
|
|
|
|
|
|
|
$result = MediaWikiServices::getInstance()->getPermissionManager()->userHasRight(
|
|
|
|
|
$this->getTestUser( 'formertesters' )->getUser(),
|
|
|
|
|
'runtest'
|
|
|
|
|
);
|
|
|
|
|
$this->assertFalse( $result );
|
|
|
|
|
|
|
|
|
|
$result = MediaWikiServices::getInstance()->getPermissionManager()->userHasRight(
|
|
|
|
|
$this->getTestUser( 'formertesters' )->getUser(),
|
|
|
|
|
''
|
|
|
|
|
);
|
|
|
|
|
$this->assertTrue( $result );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @covers \MediaWiki\Permissions\PermissionManager::groupHasPermission
|
|
|
|
|
*/
|
|
|
|
|
public function testGroupHasPermission() {
|
|
|
|
|
$result = MediaWikiServices::getInstance()->getPermissionManager()->groupHasPermission(
|
|
|
|
|
'unittesters',
|
|
|
|
|
'test'
|
|
|
|
|
);
|
|
|
|
|
$this->assertTrue( $result );
|
|
|
|
|
|
|
|
|
|
$result = MediaWikiServices::getInstance()->getPermissionManager()->groupHasPermission(
|
|
|
|
|
'formertesters',
|
|
|
|
|
'runtest'
|
|
|
|
|
);
|
|
|
|
|
$this->assertFalse( $result );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @covers \MediaWiki\Permissions\PermissionManager::isEveryoneAllowed
|
|
|
|
|
*/
|
|
|
|
|
public function testIsEveryoneAllowed() {
|
|
|
|
|
$result = MediaWikiServices::getInstance()->getPermissionManager()
|
|
|
|
|
->isEveryoneAllowed( 'editmyoptions' );
|
|
|
|
|
$this->assertTrue( $result );
|
|
|
|
|
|
|
|
|
|
$result = MediaWikiServices::getInstance()->getPermissionManager()
|
|
|
|
|
->isEveryoneAllowed( 'test' );
|
|
|
|
|
$this->assertFalse( $result );
|
|
|
|
|
}
|
|
|
|
|
|
2019-07-11 17:22:20 +00:00
|
|
|
/**
|
|
|
|
|
* @covers \MediaWiki\Permissions\PermissionManager::addTemporaryUserRights
|
|
|
|
|
*/
|
2019-07-17 12:00:21 +00:00
|
|
|
public function testAddTemporaryUserRights() {
|
2019-07-11 17:22:20 +00:00
|
|
|
$permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
|
|
|
|
|
$this->overrideUserPermissions( $this->user, [ 'read', 'edit' ] );
|
|
|
|
|
// sanity checks
|
|
|
|
|
$this->assertEquals( [ 'read', 'edit' ], $permissionManager->getUserPermissions( $this->user ) );
|
|
|
|
|
$this->assertFalse( $permissionManager->userHasRight( $this->user, 'move' ) );
|
|
|
|
|
|
|
|
|
|
$scope = $permissionManager->addTemporaryUserRights( $this->user, [ 'move', 'delete' ] );
|
|
|
|
|
$this->assertEquals( [ 'read', 'edit', 'move', 'delete' ],
|
|
|
|
|
$permissionManager->getUserPermissions( $this->user ) );
|
|
|
|
|
$this->assertTrue( $permissionManager->userHasRight( $this->user, 'move' ) );
|
|
|
|
|
|
|
|
|
|
$scope2 = $permissionManager->addTemporaryUserRights( $this->user, [ 'delete', 'upload' ] );
|
|
|
|
|
$this->assertEquals( [ 'read', 'edit', 'move', 'delete', 'upload' ],
|
|
|
|
|
$permissionManager->getUserPermissions( $this->user ) );
|
|
|
|
|
|
|
|
|
|
ScopedCallback::consume( $scope );
|
|
|
|
|
$this->assertEquals( [ 'read', 'edit', 'delete', 'upload' ],
|
|
|
|
|
$permissionManager->getUserPermissions( $this->user ) );
|
|
|
|
|
ScopedCallback::consume( $scope2 );
|
|
|
|
|
$this->assertEquals( [ 'read', 'edit' ],
|
|
|
|
|
$permissionManager->getUserPermissions( $this->user ) );
|
|
|
|
|
$this->assertFalse( $permissionManager->userHasRight( $this->user, 'move' ) );
|
|
|
|
|
|
|
|
|
|
( function () use ( $permissionManager ) {
|
|
|
|
|
$scope = $permissionManager->addTemporaryUserRights( $this->user, 'move' );
|
|
|
|
|
$this->assertTrue( $permissionManager->userHasRight( $this->user, 'move' ) );
|
|
|
|
|
} )();
|
|
|
|
|
$this->assertFalse( $permissionManager->userHasRight( $this->user, 'move' ) );
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-01 23:29:22 +00:00
|
|
|
/**
|
|
|
|
|
* Create a RevisionRecord with a single Javascript main slot.
|
|
|
|
|
* @param Title $title
|
|
|
|
|
* @param User $user
|
|
|
|
|
* @param string $text
|
|
|
|
|
* @return MutableRevisionRecord
|
|
|
|
|
*/
|
|
|
|
|
private function getJavascriptRevision( Title $title, User $user, $text ) {
|
|
|
|
|
$content = ContentHandler::makeContent( $text, $title, CONTENT_MODEL_JAVASCRIPT );
|
|
|
|
|
$revision = new MutableRevisionRecord( $title );
|
|
|
|
|
$revision->setContent( 'main', $content );
|
|
|
|
|
return $revision;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Create a RevisionRecord with a single Javascript redirect main slot.
|
|
|
|
|
* @param Title $title
|
|
|
|
|
* @param Title $redirectTargetTitle
|
|
|
|
|
* @param User $user
|
|
|
|
|
* @return MutableRevisionRecord
|
|
|
|
|
*/
|
|
|
|
|
private function getJavascriptRedirectRevision(
|
|
|
|
|
Title $title, Title $redirectTargetTitle, User $user
|
|
|
|
|
) {
|
|
|
|
|
$content = ContentHandler::getForModelID( CONTENT_MODEL_JAVASCRIPT )
|
|
|
|
|
->makeRedirectContent( $redirectTargetTitle );
|
|
|
|
|
$revision = new MutableRevisionRecord( $title );
|
|
|
|
|
$revision->setContent( 'main', $content );
|
|
|
|
|
return $revision;
|
|
|
|
|
}
|
|
|
|
|
|
2019-08-21 19:49:59 +00:00
|
|
|
public function provideGetRestrictionLevels() {
|
|
|
|
|
return [
|
|
|
|
|
'No namespace restriction' => [ [ '', 'autoconfirmed', 'sysop' ], NS_TALK ],
|
|
|
|
|
'Restricted to autoconfirmed' => [ [ '', 'sysop' ], NS_MAIN ],
|
|
|
|
|
'Restricted to sysop' => [ [ '' ], NS_USER ],
|
|
|
|
|
'Restricted to someone in two groups' => [ [ '', 'sysop' ], 101 ],
|
|
|
|
|
'No special permissions' => [
|
|
|
|
|
[ '' ],
|
|
|
|
|
NS_TALK,
|
|
|
|
|
[]
|
|
|
|
|
],
|
|
|
|
|
'autoconfirmed' => [
|
|
|
|
|
[ '', 'autoconfirmed' ],
|
|
|
|
|
NS_TALK,
|
|
|
|
|
[ 'autoconfirmed' ]
|
|
|
|
|
],
|
|
|
|
|
'autoconfirmed revoked' => [
|
|
|
|
|
[ '' ],
|
|
|
|
|
NS_TALK,
|
|
|
|
|
[ 'autoconfirmed', 'noeditsemiprotected' ]
|
|
|
|
|
],
|
|
|
|
|
'sysop' => [
|
|
|
|
|
[ '', 'autoconfirmed', 'sysop' ],
|
|
|
|
|
NS_TALK,
|
|
|
|
|
[ 'sysop' ]
|
|
|
|
|
],
|
|
|
|
|
'sysop with autoconfirmed revoked (a bit silly)' => [
|
|
|
|
|
[ '', 'sysop' ],
|
|
|
|
|
NS_TALK,
|
|
|
|
|
[ 'sysop', 'noeditsemiprotected' ]
|
|
|
|
|
],
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @dataProvider provideGetRestrictionLevels
|
|
|
|
|
* @covers \MediaWiki\Permissions\PermissionManager::getNamespaceRestrictionLevels
|
|
|
|
|
*
|
|
|
|
|
* @param array $expected
|
|
|
|
|
* @param int $ns
|
|
|
|
|
* @param array|null $userGroups
|
|
|
|
|
* @throws MWException
|
|
|
|
|
*/
|
|
|
|
|
public function testGetRestrictionLevels( array $expected, $ns, array $userGroups = null ) {
|
|
|
|
|
$this->setMwGlobals( [
|
|
|
|
|
'wgGroupPermissions' => [
|
|
|
|
|
'*' => [ 'edit' => true ],
|
|
|
|
|
'autoconfirmed' => [ 'editsemiprotected' => true ],
|
|
|
|
|
'sysop' => [
|
|
|
|
|
'editsemiprotected' => true,
|
|
|
|
|
'editprotected' => true,
|
|
|
|
|
],
|
|
|
|
|
'privileged' => [ 'privileged' => true ],
|
|
|
|
|
],
|
|
|
|
|
'wgRevokePermissions' => [
|
|
|
|
|
'noeditsemiprotected' => [ 'editsemiprotected' => true ],
|
|
|
|
|
],
|
|
|
|
|
'wgNamespaceProtection' => [
|
|
|
|
|
NS_MAIN => 'autoconfirmed',
|
|
|
|
|
NS_USER => 'sysop',
|
|
|
|
|
101 => [ 'editsemiprotected', 'privileged' ],
|
|
|
|
|
],
|
|
|
|
|
'wgRestrictionLevels' => [ '', 'autoconfirmed', 'sysop' ],
|
|
|
|
|
'wgAutopromote' => []
|
|
|
|
|
] );
|
|
|
|
|
$user = is_null( $userGroups ) ? null : $this->getTestUser( $userGroups )->getUser();
|
|
|
|
|
$this->assertSame( $expected, MediaWikiServices::getInstance()
|
|
|
|
|
->getPermissionManager()
|
|
|
|
|
->getNamespaceRestrictionLevels( $ns, $user ) );
|
|
|
|
|
}
|
2019-08-20 20:59:49 +00:00
|
|
|
|
2019-08-28 17:31:34 +00:00
|
|
|
/**
|
|
|
|
|
* @covers \MediaWiki\Permissions\PermissionManager::getAllPermissions
|
|
|
|
|
*/
|
|
|
|
|
public function testGetAllPermissions() {
|
|
|
|
|
$this->setMwGlobals( [
|
|
|
|
|
'wgAvailableRights' => [ 'test_right' ]
|
|
|
|
|
] );
|
|
|
|
|
$this->resetServices();
|
|
|
|
|
$this->assertContains(
|
|
|
|
|
'test_right',
|
|
|
|
|
MediaWikiServices::getInstance()
|
|
|
|
|
->getPermissionManager()
|
|
|
|
|
->getAllPermissions()
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
2019-08-20 20:59:49 +00:00
|
|
|
/**
|
|
|
|
|
* @covers \MediaWiki\Permissions\PermissionManager::getRightsCacheKey
|
|
|
|
|
* @throws \Exception
|
|
|
|
|
*/
|
|
|
|
|
public function testAnonPermissionsNotClash() {
|
|
|
|
|
$user1 = User::newFromName( 'User1' );
|
|
|
|
|
$user2 = User::newFromName( 'User2' );
|
|
|
|
|
$pm = MediaWikiServices::getInstance()->getPermissionManager();
|
|
|
|
|
$pm->overrideUserRightsForTesting( $user2, [] );
|
|
|
|
|
$this->assertNotSame( $pm->getUserPermissions( $user1 ), $pm->getUserPermissions( $user2 ) );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @covers \MediaWiki\Permissions\PermissionManager::getRightsCacheKey
|
|
|
|
|
*/
|
|
|
|
|
public function testAnonPermissionsNotClashOneRegistered() {
|
|
|
|
|
$user1 = User::newFromName( 'User1' );
|
|
|
|
|
$user2 = $this->getTestSysop()->getUser();
|
|
|
|
|
$pm = MediaWikiServices::getInstance()->getPermissionManager();
|
|
|
|
|
$this->assertNotSame( $pm->getUserPermissions( $user1 ), $pm->getUserPermissions( $user2 ) );
|
|
|
|
|
}
|
2019-03-07 20:02:07 +00:00
|
|
|
}
|
