2021-01-05 22:08:41 +00:00
|
|
|
<?php
|
|
|
|
|
/**
|
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License along
|
|
|
|
|
* with this program; if not, write to the Free Software Foundation, Inc.,
|
|
|
|
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
|
|
|
* http://www.gnu.org/copyleft/gpl.html
|
|
|
|
|
*
|
|
|
|
|
* @file
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
namespace MediaWiki\Permissions;
|
|
|
|
|
|
|
|
|
|
use InvalidArgumentException;
|
2021-03-10 19:40:33 +00:00
|
|
|
use MediaWiki\Block\Block;
|
2021-01-05 22:08:41 +00:00
|
|
|
use MediaWiki\Page\PageIdentity;
|
|
|
|
|
use MediaWiki\User\UserIdentity;
|
2024-09-27 16:12:27 +00:00
|
|
|
use Wikimedia\Rdbms\IDBAccessObject;
|
2021-01-05 22:08:41 +00:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Represents an authority that has a specific set of permissions
|
|
|
|
|
* which are specified explicitly. This is useful for testing, but
|
|
|
|
|
* may also be used to represent a fixed set of permissions to be
|
|
|
|
|
* used in some context, e.g. in an asynchronous job.
|
|
|
|
|
*
|
|
|
|
|
* @since 1.36
|
2021-04-13 18:38:36 +00:00
|
|
|
* @newable
|
2021-01-05 22:08:41 +00:00
|
|
|
*/
|
|
|
|
|
class SimpleAuthority implements Authority {
|
|
|
|
|
|
|
|
|
|
/** @var UserIdentity */
|
|
|
|
|
private $actor;
|
|
|
|
|
|
2022-02-28 03:05:58 +00:00
|
|
|
/** @var bool */
|
|
|
|
|
private $isTemp;
|
|
|
|
|
|
2021-12-08 08:12:22 +00:00
|
|
|
/** @var true[] permissions (stored in the keys, values are ignored) */
|
2021-01-05 22:08:41 +00:00
|
|
|
private $permissions;
|
|
|
|
|
|
|
|
|
|
/**
|
2021-04-13 18:38:36 +00:00
|
|
|
* @stable to call
|
2021-01-05 22:08:41 +00:00
|
|
|
* @param UserIdentity $actor
|
|
|
|
|
* @param string[] $permissions A list of permissions to grant to the actor
|
2022-02-28 03:05:58 +00:00
|
|
|
* @param bool $isTemp Whether the user is auto-created (since 1.39)
|
2021-01-05 22:08:41 +00:00
|
|
|
*/
|
2022-02-28 03:05:58 +00:00
|
|
|
public function __construct(
|
|
|
|
|
UserIdentity $actor,
|
|
|
|
|
array $permissions,
|
|
|
|
|
bool $isTemp = false
|
|
|
|
|
) {
|
2021-01-05 22:08:41 +00:00
|
|
|
$this->actor = $actor;
|
2022-02-28 03:05:58 +00:00
|
|
|
$this->isTemp = $isTemp;
|
2021-06-11 02:52:06 +00:00
|
|
|
$this->permissions = array_fill_keys( $permissions, true );
|
2021-01-05 22:08:41 +00:00
|
|
|
}
|
|
|
|
|
|
2023-07-20 13:09:23 +00:00
|
|
|
/** @inheritDoc */
|
2021-03-04 19:45:28 +00:00
|
|
|
public function getUser(): UserIdentity {
|
2021-01-05 22:08:41 +00:00
|
|
|
return $this->actor;
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-20 13:09:23 +00:00
|
|
|
/** @inheritDoc */
|
2024-01-23 14:01:06 +00:00
|
|
|
public function getBlock( int $freshness = IDBAccessObject::READ_NORMAL ): ?Block {
|
2021-03-10 19:40:33 +00:00
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-20 13:09:23 +00:00
|
|
|
/** @inheritDoc */
|
2024-10-16 18:58:33 +00:00
|
|
|
public function isAllowed( string $permission, ?PermissionStatus $status = null ): bool {
|
2021-01-05 22:08:41 +00:00
|
|
|
return isset( $this->permissions[ $permission ] );
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-20 13:09:23 +00:00
|
|
|
/** @inheritDoc */
|
2021-01-05 22:08:41 +00:00
|
|
|
public function isAllowedAny( ...$permissions ): bool {
|
|
|
|
|
if ( !$permissions ) {
|
|
|
|
|
throw new InvalidArgumentException( 'At least one permission must be specified' );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
foreach ( $permissions as $perm ) {
|
|
|
|
|
if ( $this->isAllowed( $perm ) ) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-20 13:09:23 +00:00
|
|
|
/** @inheritDoc */
|
2021-01-05 22:08:41 +00:00
|
|
|
public function isAllowedAll( ...$permissions ): bool {
|
|
|
|
|
if ( !$permissions ) {
|
|
|
|
|
throw new InvalidArgumentException( 'At least one permission must be specified' );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
foreach ( $permissions as $perm ) {
|
|
|
|
|
if ( !$this->isAllowed( $perm ) ) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private function checkPermission( string $permission, ?PermissionStatus $status ): bool {
|
|
|
|
|
$ok = $this->isAllowed( $permission );
|
|
|
|
|
|
|
|
|
|
if ( !$ok && $status ) {
|
|
|
|
|
// TODO: use a message that at includes the permission name
|
|
|
|
|
$status->fatal( 'permissionserrors' );
|
2023-11-01 19:10:00 +00:00
|
|
|
$status->setPermission( $permission );
|
2021-01-05 22:08:41 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $ok;
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-20 13:09:23 +00:00
|
|
|
/** @inheritDoc */
|
2021-01-05 22:08:41 +00:00
|
|
|
public function probablyCan(
|
|
|
|
|
string $action,
|
|
|
|
|
PageIdentity $target,
|
2024-10-16 18:58:33 +00:00
|
|
|
?PermissionStatus $status = null
|
2021-01-05 22:08:41 +00:00
|
|
|
): bool {
|
|
|
|
|
return $this->checkPermission( $action, $status );
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-20 13:09:23 +00:00
|
|
|
/** @inheritDoc */
|
2021-01-05 22:08:41 +00:00
|
|
|
public function definitelyCan(
|
|
|
|
|
string $action,
|
|
|
|
|
PageIdentity $target,
|
2024-10-16 18:58:33 +00:00
|
|
|
?PermissionStatus $status = null
|
2021-01-05 22:08:41 +00:00
|
|
|
): bool {
|
|
|
|
|
return $this->checkPermission( $action, $status );
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-20 13:09:23 +00:00
|
|
|
/** @inheritDoc */
|
2024-10-16 18:58:33 +00:00
|
|
|
public function isDefinitelyAllowed( string $action, ?PermissionStatus $status = null ): bool {
|
2022-07-17 13:22:02 +00:00
|
|
|
return $this->checkPermission( $action, $status );
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-20 13:09:23 +00:00
|
|
|
/** @inheritDoc */
|
2024-10-16 18:58:33 +00:00
|
|
|
public function authorizeAction( string $action, ?PermissionStatus $status = null ): bool {
|
2022-07-17 13:22:02 +00:00
|
|
|
return $this->checkPermission( $action, $status );
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-20 13:09:23 +00:00
|
|
|
/** @inheritDoc */
|
2021-01-05 22:08:41 +00:00
|
|
|
public function authorizeRead(
|
|
|
|
|
string $action,
|
|
|
|
|
PageIdentity $target,
|
2024-10-16 18:58:33 +00:00
|
|
|
?PermissionStatus $status = null
|
2021-01-05 22:08:41 +00:00
|
|
|
): bool {
|
|
|
|
|
return $this->checkPermission( $action, $status );
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-20 13:09:23 +00:00
|
|
|
/** @inheritDoc */
|
2021-01-05 22:08:41 +00:00
|
|
|
public function authorizeWrite(
|
|
|
|
|
string $action,
|
|
|
|
|
PageIdentity $target,
|
2024-10-16 18:58:33 +00:00
|
|
|
?PermissionStatus $status = null
|
2021-01-05 22:08:41 +00:00
|
|
|
): bool {
|
|
|
|
|
return $this->checkPermission( $action, $status );
|
|
|
|
|
}
|
2021-03-10 19:40:33 +00:00
|
|
|
|
2022-02-28 03:05:58 +00:00
|
|
|
public function isRegistered(): bool {
|
|
|
|
|
return $this->actor->isRegistered();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function isTemp(): bool {
|
|
|
|
|
return $this->isTemp;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function isNamed(): bool {
|
|
|
|
|
return $this->isRegistered() && !$this->isTemp();
|
|
|
|
|
}
|
2021-01-05 22:08:41 +00:00
|
|
|
}
|
