2021-07-26 13:24:22 +00:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
namespace MediaWiki\Permissions;
|
|
|
|
|
|
|
|
|
|
use DBAccessObjectUtils;
|
|
|
|
|
use IDBAccessObject;
|
|
|
|
|
use MediaWiki\Cache\CacheKeyHelper;
|
2024-02-08 19:09:50 +00:00
|
|
|
use MediaWiki\Cache\LinkCache;
|
2022-12-28 21:50:03 +00:00
|
|
|
use MediaWiki\CommentStore\CommentStore;
|
2021-07-26 13:24:22 +00:00
|
|
|
use MediaWiki\Config\ServiceOptions;
|
|
|
|
|
use MediaWiki\HookContainer\HookContainer;
|
|
|
|
|
use MediaWiki\HookContainer\HookRunner;
|
2022-05-12 09:12:38 +00:00
|
|
|
use MediaWiki\Linker\LinksMigration;
|
2022-04-26 15:48:03 +00:00
|
|
|
use MediaWiki\MainConfigNames;
|
2021-07-26 13:24:22 +00:00
|
|
|
use MediaWiki\Page\PageIdentity;
|
|
|
|
|
use MediaWiki\Page\PageIdentityValue;
|
|
|
|
|
use MediaWiki\Page\PageStore;
|
2023-03-01 20:33:26 +00:00
|
|
|
use MediaWiki\Title\Title;
|
2023-09-18 13:56:39 +00:00
|
|
|
use MediaWiki\Title\TitleValue;
|
2021-07-26 13:24:22 +00:00
|
|
|
use stdClass;
|
|
|
|
|
use WANObjectCache;
|
|
|
|
|
use Wikimedia\Rdbms\Database;
|
|
|
|
|
use Wikimedia\Rdbms\ILoadBalancer;
|
2023-05-22 12:25:10 +00:00
|
|
|
use Wikimedia\Rdbms\IReadableDatabase;
|
2021-07-26 13:24:22 +00:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @since 1.37
|
|
|
|
|
*/
|
|
|
|
|
class RestrictionStore {
|
|
|
|
|
|
|
|
|
|
/** @internal */
|
|
|
|
|
public const CONSTRUCTOR_OPTIONS = [
|
2022-04-26 15:48:03 +00:00
|
|
|
MainConfigNames::NamespaceProtection,
|
|
|
|
|
MainConfigNames::RestrictionLevels,
|
|
|
|
|
MainConfigNames::RestrictionTypes,
|
|
|
|
|
MainConfigNames::SemiprotectedRestrictionLevels,
|
2021-07-26 13:24:22 +00:00
|
|
|
];
|
|
|
|
|
|
2024-07-30 22:04:51 +00:00
|
|
|
private ServiceOptions $options;
|
|
|
|
|
private WANObjectCache $wanCache;
|
|
|
|
|
private ILoadBalancer $loadBalancer;
|
|
|
|
|
private LinkCache $linkCache;
|
|
|
|
|
private LinksMigration $linksMigration;
|
|
|
|
|
private CommentStore $commentStore;
|
|
|
|
|
private HookContainer $hookContainer;
|
|
|
|
|
private HookRunner $hookRunner;
|
|
|
|
|
private PageStore $pageStore;
|
2021-07-26 13:24:22 +00:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @var array[] Caching various restrictions data in the following format:
|
|
|
|
|
* cache key => [
|
|
|
|
|
* string[] `restrictions` => restrictions loaded for pages
|
|
|
|
|
* ?string `expiry` => restrictions expiry data for pages
|
|
|
|
|
* ?array `create_protection` => value for getCreateProtection
|
|
|
|
|
* bool `cascade` => cascade restrictions on this page to included templates and images?
|
|
|
|
|
* array[] `cascade_sources` => the results of getCascadeProtectionSources
|
|
|
|
|
* bool `has_cascading` => Are cascading restrictions in effect on this page?
|
|
|
|
|
* ]
|
|
|
|
|
*/
|
|
|
|
|
private $cache = [];
|
|
|
|
|
|
|
|
|
|
public function __construct(
|
|
|
|
|
ServiceOptions $options,
|
|
|
|
|
WANObjectCache $wanCache,
|
|
|
|
|
ILoadBalancer $loadBalancer,
|
|
|
|
|
LinkCache $linkCache,
|
2022-05-12 09:12:38 +00:00
|
|
|
LinksMigration $linksMigration,
|
2021-07-26 13:24:22 +00:00
|
|
|
CommentStore $commentStore,
|
|
|
|
|
HookContainer $hookContainer,
|
|
|
|
|
PageStore $pageStore
|
|
|
|
|
) {
|
|
|
|
|
$options->assertRequiredOptions( self::CONSTRUCTOR_OPTIONS );
|
|
|
|
|
$this->options = $options;
|
|
|
|
|
$this->wanCache = $wanCache;
|
|
|
|
|
$this->loadBalancer = $loadBalancer;
|
|
|
|
|
$this->linkCache = $linkCache;
|
2022-05-12 09:12:38 +00:00
|
|
|
$this->linksMigration = $linksMigration;
|
2021-07-26 13:24:22 +00:00
|
|
|
$this->commentStore = $commentStore;
|
|
|
|
|
$this->hookContainer = $hookContainer;
|
|
|
|
|
$this->hookRunner = new HookRunner( $hookContainer );
|
|
|
|
|
$this->pageStore = $pageStore;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Returns list of restrictions for specified page
|
|
|
|
|
*
|
|
|
|
|
* @param PageIdentity $page Must be local
|
|
|
|
|
* @param string $action Action that restrictions need to be checked for
|
|
|
|
|
* @return string[] Restriction levels needed to take the action. All levels are required. Note
|
|
|
|
|
* that restriction levels are normally user rights, but 'sysop' and 'autoconfirmed' are also
|
|
|
|
|
* allowed for backwards compatibility. These should be mapped to 'editprotected' and
|
|
|
|
|
* 'editsemiprotected' respectively. Returns an empty array if there are no restrictions set
|
|
|
|
|
* for this action (including for unrecognized actions).
|
|
|
|
|
*/
|
|
|
|
|
public function getRestrictions( PageIdentity $page, string $action ): array {
|
|
|
|
|
$page->assertWiki( PageIdentity::LOCAL );
|
|
|
|
|
|
2023-07-14 10:36:46 +00:00
|
|
|
// Optimization: Avoid repeatedly fetching page restrictions (from cache or DB)
|
|
|
|
|
// for repeated PermissionManager::userCan calls, if this action cannot be restricted
|
|
|
|
|
// in the first place. This is primarily to improve batch rendering on RecentChanges,
|
|
|
|
|
// where as of writing this will save 0.5s on a 8.0s response. (T341319)
|
|
|
|
|
$restrictionTypes = $this->listApplicableRestrictionTypes( $page );
|
|
|
|
|
if ( !in_array( $action, $restrictionTypes ) ) {
|
|
|
|
|
return [];
|
|
|
|
|
}
|
|
|
|
|
|
2021-07-26 13:24:22 +00:00
|
|
|
$restrictions = $this->getAllRestrictions( $page );
|
|
|
|
|
return $restrictions[$action] ?? [];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Returns the restricted actions and their restrictions for the specified page
|
|
|
|
|
*
|
|
|
|
|
* @param PageIdentity $page Must be local
|
|
|
|
|
* @return string[][] Keys are actions, values are arrays as returned by
|
|
|
|
|
* RestrictionStore::getRestrictions(). Empty if no restrictions are in place.
|
|
|
|
|
*/
|
|
|
|
|
public function getAllRestrictions( PageIdentity $page ): array {
|
|
|
|
|
$page->assertWiki( PageIdentity::LOCAL );
|
|
|
|
|
|
|
|
|
|
if ( !$this->areRestrictionsLoaded( $page ) ) {
|
|
|
|
|
$this->loadRestrictions( $page );
|
|
|
|
|
}
|
|
|
|
|
return $this->cache[CacheKeyHelper::getKeyForPage( $page )]['restrictions'] ?? [];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get the expiry time for the restriction against a given action
|
|
|
|
|
*
|
|
|
|
|
* @param PageIdentity $page Must be local
|
|
|
|
|
* @param string $action
|
|
|
|
|
* @return ?string 14-char timestamp, or 'infinity' if the page is protected forever or not
|
2023-05-09 19:15:34 +00:00
|
|
|
* protected at all, or null if the action is not recognized.
|
2021-07-26 13:24:22 +00:00
|
|
|
*/
|
|
|
|
|
public function getRestrictionExpiry( PageIdentity $page, string $action ): ?string {
|
|
|
|
|
$page->assertWiki( PageIdentity::LOCAL );
|
|
|
|
|
|
|
|
|
|
if ( !$this->areRestrictionsLoaded( $page ) ) {
|
|
|
|
|
$this->loadRestrictions( $page );
|
|
|
|
|
}
|
|
|
|
|
return $this->cache[CacheKeyHelper::getKeyForPage( $page )]['expiry'][$action] ?? null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Is this title subject to protection against creation?
|
|
|
|
|
*
|
|
|
|
|
* @param PageIdentity $page Must be local
|
|
|
|
|
* @return ?array Null if no restrictions. Otherwise an array with the following keys:
|
|
|
|
|
* - user: user id
|
|
|
|
|
* - expiry: 14-digit timestamp or 'infinity'
|
|
|
|
|
* - permission: string (pt_create_perm)
|
|
|
|
|
* - reason: string
|
|
|
|
|
* @internal Only to be called by Title::getTitleProtection. When that is discontinued, this
|
|
|
|
|
* will be too, in favor of getRestrictions( $page, 'create' ). If someone wants to know who
|
|
|
|
|
* protected it or the reason, there should be a method that exposes that for all restriction
|
|
|
|
|
* types.
|
|
|
|
|
*/
|
|
|
|
|
public function getCreateProtection( PageIdentity $page ): ?array {
|
|
|
|
|
$page->assertWiki( PageIdentity::LOCAL );
|
|
|
|
|
|
|
|
|
|
$protection = $this->getCreateProtectionInternal( $page );
|
|
|
|
|
// TODO: the remapping below probably need to be migrated into other method one day
|
|
|
|
|
if ( $protection ) {
|
|
|
|
|
if ( $protection['permission'] == 'sysop' ) {
|
|
|
|
|
$protection['permission'] = 'editprotected'; // B/C
|
|
|
|
|
}
|
|
|
|
|
if ( $protection['permission'] == 'autoconfirmed' ) {
|
|
|
|
|
$protection['permission'] = 'editsemiprotected'; // B/C
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return $protection;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Remove any title creation protection due to page existing
|
|
|
|
|
*
|
|
|
|
|
* @param PageIdentity $page Must be local
|
|
|
|
|
* @internal Only to be called by WikiPage::onArticleCreate.
|
|
|
|
|
*/
|
|
|
|
|
public function deleteCreateProtection( PageIdentity $page ): void {
|
|
|
|
|
$page->assertWiki( PageIdentity::LOCAL );
|
|
|
|
|
|
2024-04-17 12:47:05 +00:00
|
|
|
$dbw = $this->loadBalancer->getConnection( DB_PRIMARY );
|
2023-06-20 19:31:41 +00:00
|
|
|
$dbw->newDeleteQueryBuilder()
|
In query builders, use insertInto() and deleteFrom() instead of insert() and delete()
The design principle for SelectQueryBuilder was to make the chained
builder calls look as much like SQL as possible, so that developers
could leverage their knowledge of SQL to understand what the query
builder is doing.
That's why SelectQueryBuilder::select() takes a list of fields, and by
the same principle, it makes sense for UpdateQueryBuilder::update() to
take a table. However with "insert" and "delete", the SQL designers
chose to add prepositions "into" and "from", and I think it makes sense
to follow that here.
In terms of natural language, we update a table, but we don't delete a
table, or insert a table. We delete rows from a table, or insert rows
into a table. The table is not the object of the verb.
So, add insertInto() as an alias for insert(), and add deleteFrom() as
an alias for delete(). Use the new methods in MW core callers where
PHPStorm knows the type.
Change-Id: Idb327a54a57a0fb2288ea067472c1e9727016000
2023-09-08 00:06:59 +00:00
|
|
|
->deleteFrom( 'protected_titles' )
|
2023-06-20 19:31:41 +00:00
|
|
|
->where( [ 'pt_namespace' => $page->getNamespace(), 'pt_title' => $page->getDBkey() ] )
|
|
|
|
|
->caller( __METHOD__ )->execute();
|
2021-07-26 13:24:22 +00:00
|
|
|
$this->cache[CacheKeyHelper::getKeyForPage( $page )]['create_protection'] = null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Is this page "semi-protected" - the *only* protection levels are listed in
|
|
|
|
|
* $wgSemiprotectedRestrictionLevels?
|
|
|
|
|
*
|
|
|
|
|
* @param PageIdentity $page Must be local
|
|
|
|
|
* @param string $action Action to check (default: edit)
|
|
|
|
|
* @return bool
|
|
|
|
|
*/
|
|
|
|
|
public function isSemiProtected( PageIdentity $page, string $action = 'edit' ): bool {
|
|
|
|
|
$page->assertWiki( PageIdentity::LOCAL );
|
|
|
|
|
|
|
|
|
|
$restrictions = $this->getRestrictions( $page, $action );
|
2022-04-26 15:48:03 +00:00
|
|
|
$semi = $this->options->get( MainConfigNames::SemiprotectedRestrictionLevels );
|
2021-07-26 13:24:22 +00:00
|
|
|
if ( !$restrictions || !$semi ) {
|
|
|
|
|
// Not protected, or all protection is full protection
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Remap autoconfirmed to editsemiprotected for BC
|
|
|
|
|
foreach ( array_keys( $semi, 'editsemiprotected' ) as $key ) {
|
|
|
|
|
$semi[$key] = 'autoconfirmed';
|
|
|
|
|
}
|
|
|
|
|
foreach ( array_keys( $restrictions, 'editsemiprotected' ) as $key ) {
|
|
|
|
|
$restrictions[$key] = 'autoconfirmed';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return !array_diff( $restrictions, $semi );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Does the title correspond to a protected article?
|
|
|
|
|
*
|
|
|
|
|
* @param PageIdentity $page Must be local
|
|
|
|
|
* @param string $action The action the page is protected from, by default checks all actions.
|
|
|
|
|
* @return bool
|
|
|
|
|
*/
|
|
|
|
|
public function isProtected( PageIdentity $page, string $action = '' ): bool {
|
|
|
|
|
$page->assertWiki( PageIdentity::LOCAL );
|
|
|
|
|
|
|
|
|
|
// Special pages have inherent protection (TODO: remove after switch to ProperPageIdentity)
|
|
|
|
|
if ( $page->getNamespace() === NS_SPECIAL ) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check regular protection levels
|
|
|
|
|
$applicableTypes = $this->listApplicableRestrictionTypes( $page );
|
|
|
|
|
|
|
|
|
|
if ( $action === '' ) {
|
|
|
|
|
foreach ( $applicableTypes as $type ) {
|
|
|
|
|
if ( $this->isProtected( $page, $type ) ) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ( !in_array( $action, $applicableTypes ) ) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (bool)array_diff(
|
|
|
|
|
array_intersect(
|
|
|
|
|
$this->getRestrictions( $page, $action ),
|
2022-04-26 15:48:03 +00:00
|
|
|
$this->options->get( MainConfigNames::RestrictionLevels )
|
2021-07-26 13:24:22 +00:00
|
|
|
),
|
|
|
|
|
[ '' ]
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Cascading protection: Return true if cascading restrictions apply to this page, false if not.
|
|
|
|
|
*
|
|
|
|
|
* @param PageIdentity $page Must be local
|
|
|
|
|
* @return bool If the page is subject to cascading restrictions.
|
|
|
|
|
*/
|
|
|
|
|
public function isCascadeProtected( PageIdentity $page ): bool {
|
|
|
|
|
$page->assertWiki( PageIdentity::LOCAL );
|
|
|
|
|
|
|
|
|
|
return $this->getCascadeProtectionSourcesInternal( $page, true );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Returns restriction types for the current page
|
|
|
|
|
*
|
|
|
|
|
* @param PageIdentity $page Must be local
|
|
|
|
|
* @return string[] Applicable restriction types
|
|
|
|
|
*/
|
|
|
|
|
public function listApplicableRestrictionTypes( PageIdentity $page ): array {
|
|
|
|
|
$page->assertWiki( PageIdentity::LOCAL );
|
|
|
|
|
|
|
|
|
|
if ( !$page->canExist() ) {
|
|
|
|
|
return [];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$types = $this->listAllRestrictionTypes( $page->exists() );
|
|
|
|
|
|
|
|
|
|
if ( $page->getNamespace() !== NS_FILE ) {
|
|
|
|
|
// Remove the upload restriction for non-file titles
|
|
|
|
|
$types = array_values( array_diff( $types, [ 'upload' ] ) );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ( $this->hookContainer->isRegistered( 'TitleGetRestrictionTypes' ) ) {
|
|
|
|
|
$this->hookRunner->onTitleGetRestrictionTypes(
|
2023-04-22 13:57:00 +00:00
|
|
|
Title::newFromPageIdentity( $page ), $types );
|
2021-07-26 13:24:22 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $types;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get a filtered list of all restriction types supported by this wiki.
|
|
|
|
|
*
|
|
|
|
|
* @param bool $exists True to get all restriction types that apply to titles that do exist,
|
|
|
|
|
* false for all restriction types that apply to titles that do not exist
|
|
|
|
|
* @return string[]
|
|
|
|
|
*/
|
|
|
|
|
public function listAllRestrictionTypes( bool $exists = true ): array {
|
2022-04-26 15:48:03 +00:00
|
|
|
$types = $this->options->get( MainConfigNames::RestrictionTypes );
|
2021-07-26 13:24:22 +00:00
|
|
|
if ( $exists ) {
|
|
|
|
|
// Remove the create restriction for existing titles
|
|
|
|
|
return array_values( array_diff( $types, [ 'create' ] ) );
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-02 21:13:33 +00:00
|
|
|
// Only the create restrictions apply to non-existing titles
|
|
|
|
|
return array_values( array_intersect( $types, [ 'create' ] ) );
|
2021-07-26 13:24:22 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Load restrictions from page.page_restrictions and the page_restrictions table
|
|
|
|
|
*
|
|
|
|
|
* @param PageIdentity $page Must be local
|
|
|
|
|
* @param int $flags IDBAccessObject::READ_XXX constants (e.g., READ_LATEST to read from
|
|
|
|
|
* primary DB)
|
2022-04-13 20:58:13 +00:00
|
|
|
* @internal Public for use in WikiPage only
|
2021-07-26 13:24:22 +00:00
|
|
|
*/
|
|
|
|
|
public function loadRestrictions(
|
2022-05-09 07:00:17 +00:00
|
|
|
PageIdentity $page, int $flags = IDBAccessObject::READ_NORMAL
|
2021-07-26 13:24:22 +00:00
|
|
|
): void {
|
|
|
|
|
$page->assertWiki( PageIdentity::LOCAL );
|
|
|
|
|
|
|
|
|
|
if ( !$page->canExist() ) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$readLatest = DBAccessObjectUtils::hasFlags( $flags, IDBAccessObject::READ_LATEST );
|
|
|
|
|
|
|
|
|
|
if ( $this->areRestrictionsLoaded( $page ) && !$readLatest ) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$cacheEntry = &$this->cache[CacheKeyHelper::getKeyForPage( $page )];
|
|
|
|
|
|
|
|
|
|
$cacheEntry['restrictions'] = [];
|
|
|
|
|
|
|
|
|
|
// XXX Work around https://phabricator.wikimedia.org/T287575
|
|
|
|
|
if ( $readLatest ) {
|
|
|
|
|
$page = $this->pageStore->getPageByReference( $page, $flags ) ?? $page;
|
|
|
|
|
}
|
|
|
|
|
$id = $page->getId();
|
|
|
|
|
if ( $id ) {
|
|
|
|
|
$fname = __METHOD__;
|
2023-05-22 12:25:10 +00:00
|
|
|
$loadRestrictionsFromDb = static function ( IReadableDatabase $dbr ) use ( $fname, $id ) {
|
2021-07-26 13:24:22 +00:00
|
|
|
return iterator_to_array(
|
2022-09-30 14:03:56 +00:00
|
|
|
$dbr->newSelectQueryBuilder()
|
2024-04-19 22:25:15 +00:00
|
|
|
->select( [ 'pr_type', 'pr_expiry', 'pr_level', 'pr_cascade' ] )
|
|
|
|
|
->from( 'page_restrictions' )
|
|
|
|
|
->where( [ 'pr_page' => $id ] )
|
|
|
|
|
->caller( $fname )->fetchResultSet()
|
2021-07-26 13:24:22 +00:00
|
|
|
);
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
if ( $readLatest ) {
|
2024-04-17 12:47:05 +00:00
|
|
|
$dbr = $this->loadBalancer->getConnection( DB_PRIMARY );
|
2021-07-26 13:24:22 +00:00
|
|
|
$rows = $loadRestrictionsFromDb( $dbr );
|
|
|
|
|
} else {
|
2024-05-05 12:12:00 +00:00
|
|
|
$this->pageStore->getPageForLink( TitleValue::newFromPage( $page ) )->getId();
|
2021-07-26 13:24:22 +00:00
|
|
|
$latestRev = $this->linkCache->getGoodLinkFieldObj( $page, 'revision' );
|
2022-09-11 17:43:06 +00:00
|
|
|
if ( !$latestRev ) {
|
|
|
|
|
// This method can get called in the middle of page creation
|
|
|
|
|
// (WikiPage::doUserEditContent) where a page might have an
|
|
|
|
|
// id but no revisions, while checking the "autopatrol" permission.
|
|
|
|
|
$rows = [];
|
|
|
|
|
} else {
|
|
|
|
|
$rows = $this->wanCache->getWithSetCallback(
|
|
|
|
|
// Page protections always leave a new null revision
|
|
|
|
|
$this->wanCache->makeKey( 'page-restrictions', 'v1', $id, $latestRev ),
|
|
|
|
|
$this->wanCache::TTL_DAY,
|
|
|
|
|
function ( $curValue, &$ttl, array &$setOpts ) use ( $loadRestrictionsFromDb ) {
|
2024-04-17 12:47:05 +00:00
|
|
|
$dbr = $this->loadBalancer->getConnection( DB_REPLICA );
|
2022-09-11 17:43:06 +00:00
|
|
|
$setOpts += Database::getCacheSetOptions( $dbr );
|
|
|
|
|
if ( $this->loadBalancer->hasOrMadeRecentPrimaryChanges() ) {
|
|
|
|
|
// TODO: cleanup Title cache and caller assumption mess in general
|
|
|
|
|
$ttl = WANObjectCache::TTL_UNCACHEABLE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $loadRestrictionsFromDb( $dbr );
|
2021-07-26 13:24:22 +00:00
|
|
|
}
|
2022-09-11 17:43:06 +00:00
|
|
|
);
|
|
|
|
|
}
|
2021-07-26 13:24:22 +00:00
|
|
|
}
|
|
|
|
|
|
2022-05-09 07:00:17 +00:00
|
|
|
$this->loadRestrictionsFromRows( $page, $rows );
|
2021-07-26 13:24:22 +00:00
|
|
|
} else {
|
|
|
|
|
$titleProtection = $this->getCreateProtectionInternal( $page );
|
|
|
|
|
|
|
|
|
|
if ( $titleProtection ) {
|
|
|
|
|
$now = wfTimestampNow();
|
|
|
|
|
$expiry = $titleProtection['expiry'];
|
|
|
|
|
|
|
|
|
|
if ( !$expiry || $expiry > $now ) {
|
|
|
|
|
// Apply the restrictions
|
|
|
|
|
$cacheEntry['expiry']['create'] = $expiry ?: null;
|
|
|
|
|
$cacheEntry['restrictions']['create'] =
|
|
|
|
|
explode( ',', trim( $titleProtection['permission'] ) );
|
|
|
|
|
} else {
|
|
|
|
|
// Get rid of the old restrictions
|
|
|
|
|
$cacheEntry['create_protection'] = null;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
$cacheEntry['expiry']['create'] = 'infinity';
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Compiles list of active page restrictions for this existing page.
|
|
|
|
|
* Public for usage by LiquidThreads.
|
|
|
|
|
*
|
|
|
|
|
* @param PageIdentity $page Must be local
|
|
|
|
|
* @param stdClass[] $rows Array of db result objects
|
|
|
|
|
*/
|
|
|
|
|
public function loadRestrictionsFromRows(
|
2022-05-09 07:00:17 +00:00
|
|
|
PageIdentity $page, array $rows
|
2021-07-26 13:24:22 +00:00
|
|
|
): void {
|
|
|
|
|
$page->assertWiki( PageIdentity::LOCAL );
|
|
|
|
|
|
|
|
|
|
$cacheEntry = &$this->cache[CacheKeyHelper::getKeyForPage( $page )];
|
|
|
|
|
|
|
|
|
|
$restrictionTypes = $this->listApplicableRestrictionTypes( $page );
|
|
|
|
|
|
|
|
|
|
foreach ( $restrictionTypes as $type ) {
|
|
|
|
|
$cacheEntry['restrictions'][$type] = [];
|
|
|
|
|
$cacheEntry['expiry'][$type] = 'infinity';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$cacheEntry['cascade'] = false;
|
|
|
|
|
|
|
|
|
|
if ( !$rows ) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// New restriction format -- load second to make them override old-style restrictions.
|
|
|
|
|
$now = wfTimestampNow();
|
|
|
|
|
|
|
|
|
|
// Cycle through all the restrictions.
|
|
|
|
|
foreach ( $rows as $row ) {
|
|
|
|
|
// Don't take care of restrictions types that aren't allowed
|
|
|
|
|
if ( !in_array( $row->pr_type, $restrictionTypes ) ) {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2024-04-17 12:47:05 +00:00
|
|
|
$dbr = $this->loadBalancer->getConnection( DB_REPLICA );
|
2021-07-26 13:24:22 +00:00
|
|
|
$expiry = $dbr->decodeExpiry( $row->pr_expiry );
|
|
|
|
|
|
|
|
|
|
// Only apply the restrictions if they haven't expired!
|
|
|
|
|
// XXX Why would !$expiry ever be true? It should always be either 'infinity' or a
|
|
|
|
|
// string consisting of 14 digits. Likewise for the ?: below.
|
|
|
|
|
if ( !$expiry || $expiry > $now ) {
|
|
|
|
|
$cacheEntry['expiry'][$row->pr_type] = $expiry ?: null;
|
|
|
|
|
$cacheEntry['restrictions'][$row->pr_type]
|
|
|
|
|
= explode( ',', trim( $row->pr_level ) );
|
|
|
|
|
if ( $row->pr_cascade ) {
|
|
|
|
|
$cacheEntry['cascade'] = true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Fetch title protection settings
|
|
|
|
|
*
|
|
|
|
|
* To work correctly, $this->loadRestrictions() needs to have access to the actual protections
|
|
|
|
|
* in the database without munging 'sysop' => 'editprotected' and 'autoconfirmed' =>
|
|
|
|
|
* 'editsemiprotected'.
|
|
|
|
|
*
|
|
|
|
|
* @param PageIdentity $page Must be local
|
|
|
|
|
* @return ?array Same format as getCreateProtection().
|
|
|
|
|
*/
|
|
|
|
|
private function getCreateProtectionInternal( PageIdentity $page ): ?array {
|
|
|
|
|
// Can't protect pages in special namespaces
|
|
|
|
|
if ( !$page->canExist() ) {
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Can't apply this type of protection to pages that exist.
|
|
|
|
|
if ( $page->exists() ) {
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$cacheEntry = &$this->cache[CacheKeyHelper::getKeyForPage( $page )];
|
|
|
|
|
|
|
|
|
|
if ( !$cacheEntry || !array_key_exists( 'create_protection', $cacheEntry ) ) {
|
2024-04-17 12:47:05 +00:00
|
|
|
$dbr = $this->loadBalancer->getConnection( DB_REPLICA );
|
2021-07-26 13:24:22 +00:00
|
|
|
$commentQuery = $this->commentStore->getJoin( 'pt_reason' );
|
2024-05-04 10:28:31 +00:00
|
|
|
$row = $dbr->newSelectQueryBuilder()
|
|
|
|
|
->select( [ 'pt_user', 'pt_expiry', 'pt_create_perm' ] )
|
|
|
|
|
->from( 'protected_titles' )
|
|
|
|
|
->where( [ 'pt_namespace' => $page->getNamespace(), 'pt_title' => $page->getDBkey() ] )
|
|
|
|
|
->queryInfo( $commentQuery )
|
|
|
|
|
->caller( __METHOD__ )
|
|
|
|
|
->fetchRow();
|
2021-07-26 13:24:22 +00:00
|
|
|
|
|
|
|
|
if ( $row ) {
|
|
|
|
|
$cacheEntry['create_protection'] = [
|
|
|
|
|
'user' => $row->pt_user,
|
|
|
|
|
'expiry' => $dbr->decodeExpiry( $row->pt_expiry ),
|
|
|
|
|
'permission' => $row->pt_create_perm,
|
|
|
|
|
'reason' => $this->commentStore->getComment( 'pt_reason', $row )->text,
|
|
|
|
|
];
|
|
|
|
|
} else {
|
|
|
|
|
$cacheEntry['create_protection'] = null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $cacheEntry['create_protection'];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Cascading protection: Get the source of any cascading restrictions on this page.
|
|
|
|
|
*
|
|
|
|
|
* @param PageIdentity $page Must be local
|
|
|
|
|
* @return array[] Two elements: First is an array of PageIdentity objects of the pages from
|
|
|
|
|
* which cascading restrictions have come, which may be empty. Second is an array like that
|
2023-05-09 19:15:34 +00:00
|
|
|
* returned by getAllRestrictions().
|
2021-07-26 13:24:22 +00:00
|
|
|
*/
|
|
|
|
|
public function getCascadeProtectionSources( PageIdentity $page ): array {
|
|
|
|
|
$page->assertWiki( PageIdentity::LOCAL );
|
|
|
|
|
|
|
|
|
|
return $this->getCascadeProtectionSourcesInternal( $page, false );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Cascading protection: Get the source of any cascading restrictions on this page.
|
|
|
|
|
*
|
|
|
|
|
* @param PageIdentity $page Must be local
|
|
|
|
|
* @param bool $shortCircuit If true, just return true or false instead of the actual lists.
|
|
|
|
|
* @return array|bool If $shortCircuit is true, return true if there is some cascading
|
|
|
|
|
* protection and false otherwise. Otherwise, same as getCascadeProtectionSources().
|
|
|
|
|
*/
|
|
|
|
|
private function getCascadeProtectionSourcesInternal(
|
|
|
|
|
PageIdentity $page, bool $shortCircuit = false
|
|
|
|
|
) {
|
2022-05-23 20:57:58 +00:00
|
|
|
if ( !$page->canExist() ) {
|
|
|
|
|
return $shortCircuit ? false : [ [], [] ];
|
|
|
|
|
}
|
|
|
|
|
|
2021-07-26 13:24:22 +00:00
|
|
|
$cacheEntry = &$this->cache[CacheKeyHelper::getKeyForPage( $page )];
|
|
|
|
|
|
|
|
|
|
if ( !$shortCircuit && isset( $cacheEntry['cascade_sources'] ) ) {
|
|
|
|
|
return $cacheEntry['cascade_sources'];
|
|
|
|
|
} elseif ( $shortCircuit && isset( $cacheEntry['has_cascading'] ) ) {
|
|
|
|
|
return $cacheEntry['has_cascading'];
|
|
|
|
|
}
|
|
|
|
|
|
2024-04-17 12:47:05 +00:00
|
|
|
$dbr = $this->loadBalancer->getConnection( DB_REPLICA );
|
2022-09-30 14:03:56 +00:00
|
|
|
$queryBuilder = $dbr->newSelectQueryBuilder();
|
|
|
|
|
$queryBuilder->select( [ 'pr_expiry' ] )
|
|
|
|
|
->from( 'page_restrictions' )
|
|
|
|
|
->where( [ 'pr_cascade' => 1 ] );
|
|
|
|
|
|
2021-07-26 13:24:22 +00:00
|
|
|
if ( $page->getNamespace() === NS_FILE ) {
|
|
|
|
|
// Files transclusion may receive cascading protection in the future
|
|
|
|
|
// see https://phabricator.wikimedia.org/T241453
|
2022-09-30 14:03:56 +00:00
|
|
|
$queryBuilder->join( 'imagelinks', null, 'il_from=pr_page' );
|
|
|
|
|
$queryBuilder->andWhere( [ 'il_to' => $page->getDBkey() ] );
|
2021-07-26 13:24:22 +00:00
|
|
|
} else {
|
2022-09-30 14:03:56 +00:00
|
|
|
$queryBuilder->join( 'templatelinks', null, 'tl_from=pr_page' );
|
|
|
|
|
$queryBuilder->andWhere(
|
|
|
|
|
$this->linksMigration->getLinksConditions(
|
|
|
|
|
'templatelinks',
|
|
|
|
|
TitleValue::newFromPage( $page )
|
|
|
|
|
)
|
2022-05-12 09:12:38 +00:00
|
|
|
);
|
2021-07-26 13:24:22 +00:00
|
|
|
}
|
|
|
|
|
|
2022-09-30 14:03:56 +00:00
|
|
|
if ( !$shortCircuit ) {
|
|
|
|
|
$queryBuilder->fields( [ 'pr_page', 'page_namespace', 'page_title', 'pr_type', 'pr_level' ] );
|
|
|
|
|
$queryBuilder->join( 'page', null, 'page_id=pr_page' );
|
2021-07-26 13:24:22 +00:00
|
|
|
}
|
|
|
|
|
|
2022-09-30 14:03:56 +00:00
|
|
|
$res = $queryBuilder->caller( __METHOD__ )->fetchResultSet();
|
2021-07-26 13:24:22 +00:00
|
|
|
|
|
|
|
|
$sources = [];
|
|
|
|
|
$pageRestrictions = [];
|
|
|
|
|
$now = wfTimestampNow();
|
|
|
|
|
|
|
|
|
|
foreach ( $res as $row ) {
|
|
|
|
|
$expiry = $dbr->decodeExpiry( $row->pr_expiry );
|
|
|
|
|
if ( $expiry > $now ) {
|
|
|
|
|
if ( $shortCircuit ) {
|
|
|
|
|
$cacheEntry['has_cascading'] = true;
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$sources[$row->pr_page] = new PageIdentityValue( $row->pr_page,
|
|
|
|
|
$row->page_namespace, $row->page_title, PageIdentity::LOCAL );
|
|
|
|
|
// Add groups needed for each restriction type if its not already there
|
|
|
|
|
// Make sure this restriction type still exists
|
|
|
|
|
|
|
|
|
|
if ( !isset( $pageRestrictions[$row->pr_type] ) ) {
|
|
|
|
|
$pageRestrictions[$row->pr_type] = [];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ( !in_array( $row->pr_level, $pageRestrictions[$row->pr_type] ) ) {
|
|
|
|
|
$pageRestrictions[$row->pr_type][] = $row->pr_level;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$cacheEntry['has_cascading'] = (bool)$sources;
|
|
|
|
|
|
|
|
|
|
if ( $shortCircuit ) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$cacheEntry['cascade_sources'] = [ $sources, $pageRestrictions ];
|
|
|
|
|
return [ $sources, $pageRestrictions ];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @param PageIdentity $page Must be local
|
|
|
|
|
* @return bool Whether or not the page's restrictions have already been loaded from the
|
|
|
|
|
* database
|
|
|
|
|
*/
|
|
|
|
|
public function areRestrictionsLoaded( PageIdentity $page ): bool {
|
|
|
|
|
$page->assertWiki( PageIdentity::LOCAL );
|
|
|
|
|
|
|
|
|
|
return isset( $this->cache[CacheKeyHelper::getKeyForPage( $page )]['restrictions'] );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Determines whether cascading protection sources have already been loaded from the database.
|
|
|
|
|
*
|
|
|
|
|
* @param PageIdentity $page Must be local
|
|
|
|
|
* @return bool
|
|
|
|
|
*/
|
|
|
|
|
public function areCascadeProtectionSourcesLoaded( PageIdentity $page ): bool {
|
|
|
|
|
$page->assertWiki( PageIdentity::LOCAL );
|
|
|
|
|
|
|
|
|
|
return isset( $this->cache[CacheKeyHelper::getKeyForPage( $page )]['cascade_sources'] );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Checks if restrictions are cascading for the current page
|
|
|
|
|
*
|
|
|
|
|
* @param PageIdentity $page Must be local
|
|
|
|
|
* @return bool
|
|
|
|
|
*/
|
|
|
|
|
public function areRestrictionsCascading( PageIdentity $page ): bool {
|
|
|
|
|
$page->assertWiki( PageIdentity::LOCAL );
|
|
|
|
|
|
|
|
|
|
if ( !$this->areRestrictionsLoaded( $page ) ) {
|
|
|
|
|
$this->loadRestrictions( $page );
|
|
|
|
|
}
|
|
|
|
|
return $this->cache[CacheKeyHelper::getKeyForPage( $page )]['cascade'] ?? false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Flush the protection cache in this object and force reload from the database. This is used
|
|
|
|
|
* when updating protection from WikiPage::doUpdateRestrictions().
|
|
|
|
|
*
|
|
|
|
|
* @param PageIdentity $page Must be local
|
|
|
|
|
* @internal
|
|
|
|
|
*/
|
|
|
|
|
public function flushRestrictions( PageIdentity $page ): void {
|
|
|
|
|
$page->assertWiki( PageIdentity::LOCAL );
|
|
|
|
|
|
|
|
|
|
unset( $this->cache[CacheKeyHelper::getKeyForPage( $page )] );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
