2007-12-06 16:06:22 +00:00
|
|
|
<?php
|
2010-02-26 13:18:56 +00:00
|
|
|
/**
|
2023-03-16 17:27:37 +00:00
|
|
|
* Copyright © 2007 Roan Kattouw <roan.kattouw@gmail.com>
|
2007-12-06 16:06:22 +00:00
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License along
|
|
|
|
|
* with this program; if not, write to the Free Software Foundation, Inc.,
|
2010-06-21 13:13:32 +00:00
|
|
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
2007-12-06 16:06:22 +00:00
|
|
|
* http://www.gnu.org/copyleft/gpl.html
|
2010-08-07 19:59:42 +00:00
|
|
|
*
|
|
|
|
|
* @file
|
2007-12-06 16:06:22 +00:00
|
|
|
*/
|
|
|
|
|
|
2024-09-25 16:17:29 +00:00
|
|
|
namespace MediaWiki\Api;
|
|
|
|
|
|
2024-01-02 19:29:55 +00:00
|
|
|
use MediaWiki\Block\Block;
|
2020-04-23 19:33:03 +00:00
|
|
|
use MediaWiki\Block\BlockPermissionCheckerFactory;
|
|
|
|
|
use MediaWiki\Block\UnblockUserFactory;
|
2023-03-08 21:42:41 +00:00
|
|
|
use MediaWiki\MainConfigNames;
|
2019-08-21 19:53:53 +00:00
|
|
|
use MediaWiki\ParamValidator\TypeDef\UserDef;
|
2023-03-08 21:42:41 +00:00
|
|
|
use MediaWiki\Title\Title;
|
2023-11-29 10:21:43 +00:00
|
|
|
use MediaWiki\User\Options\UserOptionsLookup;
|
2021-06-30 21:08:01 +00:00
|
|
|
use MediaWiki\User\UserIdentityLookup;
|
2024-05-21 20:19:18 +00:00
|
|
|
use MediaWiki\Watchlist\WatchedItemStoreInterface;
|
2023-03-08 21:42:41 +00:00
|
|
|
use MediaWiki\Watchlist\WatchlistManager;
|
2022-06-05 23:18:50 +00:00
|
|
|
use Wikimedia\ParamValidator\ParamValidator;
|
2023-03-08 21:42:41 +00:00
|
|
|
use Wikimedia\ParamValidator\TypeDef\ExpiryDef;
|
2019-05-13 14:18:07 +00:00
|
|
|
|
2007-12-06 16:06:22 +00:00
|
|
|
/**
|
2008-01-12 07:08:17 +00:00
|
|
|
* API module that facilitates the unblocking of users. Requires API write mode
|
|
|
|
|
* to be enabled.
|
|
|
|
|
*
|
WARNING: HUGE COMMIT
Doxygen documentation update:
* Changed alls @addtogroup to @ingroup. @addtogroup adds the comment to the group description, but doesn't add the file, class, function, ... to the group like @ingroup does. See for example http://svn.wikimedia.org/doc/group__SpecialPage.html where it's impossible to see related files, classes, ... that should belong to that group.
* Added @file to file description, it seems that it should be explicitely decalred for file descriptions, otherwise doxygen will think that the comment document the first class, variabled, function, ... that is in that file.
* Removed some empty comments
* Removed some ?>
Added following groups:
* ExternalStorage
* JobQueue
* MaintenanceLanguage
One more thing: there are still a lot of warnings when generating the doc.
2008-05-20 17:13:28 +00:00
|
|
|
* @ingroup API
|
2007-12-06 16:06:22 +00:00
|
|
|
*/
|
|
|
|
|
class ApiUnblock extends ApiBase {
|
|
|
|
|
|
2019-04-29 07:47:31 +00:00
|
|
|
use ApiBlockInfoTrait;
|
2023-03-08 21:42:41 +00:00
|
|
|
use ApiWatchlistTrait;
|
2019-04-29 07:47:31 +00:00
|
|
|
|
2023-08-28 15:32:58 +00:00
|
|
|
private BlockPermissionCheckerFactory $permissionCheckerFactory;
|
|
|
|
|
private UnblockUserFactory $unblockUserFactory;
|
|
|
|
|
private UserIdentityLookup $userIdentityLookup;
|
|
|
|
|
private WatchedItemStoreInterface $watchedItemStore;
|
2023-03-08 21:42:41 +00:00
|
|
|
|
2020-04-23 19:33:03 +00:00
|
|
|
public function __construct(
|
|
|
|
|
ApiMain $main,
|
2024-10-14 20:12:27 +00:00
|
|
|
string $action,
|
2020-04-23 19:33:03 +00:00
|
|
|
BlockPermissionCheckerFactory $permissionCheckerFactory,
|
|
|
|
|
UnblockUserFactory $unblockUserFactory,
|
2023-03-08 21:42:41 +00:00
|
|
|
UserIdentityLookup $userIdentityLookup,
|
|
|
|
|
WatchedItemStoreInterface $watchedItemStore,
|
|
|
|
|
WatchlistManager $watchlistManager,
|
|
|
|
|
UserOptionsLookup $userOptionsLookup
|
2020-04-23 19:33:03 +00:00
|
|
|
) {
|
|
|
|
|
parent::__construct( $main, $action );
|
|
|
|
|
|
|
|
|
|
$this->permissionCheckerFactory = $permissionCheckerFactory;
|
|
|
|
|
$this->unblockUserFactory = $unblockUserFactory;
|
2021-06-30 21:08:01 +00:00
|
|
|
$this->userIdentityLookup = $userIdentityLookup;
|
2023-03-08 21:42:41 +00:00
|
|
|
$this->watchedItemStore = $watchedItemStore;
|
|
|
|
|
|
|
|
|
|
// Variables needed in ApiWatchlistTrait trait
|
|
|
|
|
$this->watchlistExpiryEnabled = $this->getConfig()->get( MainConfigNames::WatchlistExpiry );
|
|
|
|
|
$this->watchlistMaxDuration =
|
|
|
|
|
$this->getConfig()->get( MainConfigNames::WatchlistExpiryMaxDuration );
|
|
|
|
|
$this->watchlistManager = $watchlistManager;
|
|
|
|
|
$this->userOptionsLookup = $userOptionsLookup;
|
2020-10-04 01:28:04 +00:00
|
|
|
}
|
|
|
|
|
|
2008-01-12 07:08:17 +00:00
|
|
|
/**
|
|
|
|
|
* Unblocks the specified user or provides the reason the unblock failed.
|
2008-04-14 07:45:50 +00:00
|
|
|
*/
|
2007-12-06 16:06:22 +00:00
|
|
|
public function execute() {
|
2020-04-23 19:33:03 +00:00
|
|
|
$performer = $this->getUser();
|
2007-12-06 16:06:22 +00:00
|
|
|
$params = $this->extractRequestParams();
|
|
|
|
|
|
2016-12-07 17:04:02 +00:00
|
|
|
$this->requireOnlyOneParameter( $params, 'id', 'user', 'userid' );
|
2010-02-15 23:53:43 +00:00
|
|
|
|
2021-01-11 15:26:02 +00:00
|
|
|
if ( !$this->getAuthority()->isAllowed( 'block' ) ) {
|
2016-10-19 16:54:25 +00:00
|
|
|
$this->dieWithError( 'apierror-permissiondenied-unblock', 'permissiondenied' );
|
2010-02-26 13:18:56 +00:00
|
|
|
}
|
2016-01-25 04:11:36 +00:00
|
|
|
|
2016-12-07 17:04:02 +00:00
|
|
|
if ( $params['userid'] !== null ) {
|
2021-06-30 21:08:01 +00:00
|
|
|
$identity = $this->userIdentityLookup->getUserIdentityByUserId( $params['userid'] );
|
|
|
|
|
if ( !$identity ) {
|
2016-12-07 17:04:02 +00:00
|
|
|
$this->dieWithError( [ 'apierror-nosuchuserid', $params['userid'] ], 'nosuchuserid' );
|
|
|
|
|
}
|
2021-06-30 21:08:01 +00:00
|
|
|
$params['user'] = $identity->getName();
|
2016-12-07 17:04:02 +00:00
|
|
|
}
|
|
|
|
|
|
2020-04-23 19:33:03 +00:00
|
|
|
$target = $params['id'] === null ? $params['user'] : "#{$params['id']}";
|
|
|
|
|
|
|
|
|
|
# T17810: blocked admins should have limited access here
|
|
|
|
|
$status = $this->permissionCheckerFactory
|
|
|
|
|
->newBlockPermissionChecker(
|
|
|
|
|
$target,
|
2021-03-16 01:37:57 +00:00
|
|
|
$this->getAuthority()
|
2020-04-23 19:33:03 +00:00
|
|
|
)->checkBlockPermissions();
|
|
|
|
|
if ( $status !== true ) {
|
|
|
|
|
$this->dieWithError(
|
|
|
|
|
$status,
|
|
|
|
|
null,
|
2021-10-25 19:15:52 +00:00
|
|
|
// @phan-suppress-next-line PhanTypeMismatchArgumentNullable Block is checked and not null
|
2020-04-23 19:33:03 +00:00
|
|
|
[ 'blockinfo' => $this->getBlockDetails( $performer->getBlock() ) ]
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$status = $this->unblockUserFactory->newUnblockUser(
|
|
|
|
|
$target,
|
2021-03-16 01:37:57 +00:00
|
|
|
$this->getAuthority(),
|
2020-04-23 19:33:03 +00:00
|
|
|
$params['reason'],
|
|
|
|
|
$params['tags'] ?? []
|
|
|
|
|
)->unblock();
|
|
|
|
|
|
|
|
|
|
if ( !$status->isOK() ) {
|
|
|
|
|
$this->dieStatus( $status );
|
2010-02-26 13:18:56 +00:00
|
|
|
}
|
2007-12-06 16:06:22 +00:00
|
|
|
|
2020-04-23 19:33:03 +00:00
|
|
|
$block = $status->getValue();
|
2023-03-08 21:42:41 +00:00
|
|
|
$targetType = $block->getType();
|
2024-01-02 19:29:55 +00:00
|
|
|
$targetName = $targetType === Block::TYPE_AUTO ? '' : $block->getTargetName();
|
2021-06-03 10:25:17 +00:00
|
|
|
$targetUserId = $block->getTargetUserIdentity() ? $block->getTargetUserIdentity()->getId() : 0;
|
2023-03-08 21:42:41 +00:00
|
|
|
|
|
|
|
|
$watchlistExpiry = $this->getExpiryFromParams( $params );
|
|
|
|
|
$watchuser = $params['watchuser'];
|
|
|
|
|
$userPage = Title::makeTitle( NS_USER, $targetName );
|
2024-01-02 19:29:55 +00:00
|
|
|
if ( $watchuser && $targetType !== Block::TYPE_RANGE && $targetType !== Block::TYPE_AUTO ) {
|
2023-03-08 21:42:41 +00:00
|
|
|
$this->setWatch( 'watch', $userPage, $this->getUser(), null, $watchlistExpiry );
|
|
|
|
|
} else {
|
|
|
|
|
$watchuser = false;
|
|
|
|
|
$watchlistExpiry = null;
|
|
|
|
|
}
|
|
|
|
|
|
2019-08-30 17:56:27 +00:00
|
|
|
$res = [
|
|
|
|
|
'id' => $block->getId(),
|
2021-06-03 10:25:17 +00:00
|
|
|
'user' => $targetName,
|
|
|
|
|
'userid' => $targetUserId,
|
2023-03-08 21:42:41 +00:00
|
|
|
'reason' => $params['reason'],
|
|
|
|
|
'watchuser' => $watchuser,
|
2019-08-30 17:56:27 +00:00
|
|
|
];
|
2023-03-08 21:42:41 +00:00
|
|
|
if ( $watchlistExpiry !== null ) {
|
|
|
|
|
$res['watchlistexpiry'] = $this->getWatchlistExpiry(
|
|
|
|
|
$this->watchedItemStore,
|
|
|
|
|
$userPage,
|
|
|
|
|
$this->getUser()
|
|
|
|
|
);
|
|
|
|
|
}
|
2010-01-11 15:55:52 +00:00
|
|
|
$this->getResult()->addValue( null, $this->getModuleName(), $res );
|
2007-12-06 16:06:22 +00:00
|
|
|
}
|
2008-04-14 07:45:50 +00:00
|
|
|
|
2010-02-14 21:12:11 +00:00
|
|
|
public function mustBePosted() {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
2007-12-06 16:06:22 +00:00
|
|
|
|
2009-03-06 13:49:44 +00:00
|
|
|
public function isWriteMode() {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2008-01-28 19:05:26 +00:00
|
|
|
public function getAllowedParams() {
|
2023-03-08 21:42:41 +00:00
|
|
|
$params = [
|
2016-02-17 09:09:32 +00:00
|
|
|
'id' => [
|
2022-06-05 23:18:50 +00:00
|
|
|
ParamValidator::PARAM_TYPE => 'integer',
|
2016-02-17 09:09:32 +00:00
|
|
|
],
|
2019-08-21 19:53:53 +00:00
|
|
|
'user' => [
|
2022-06-05 23:18:50 +00:00
|
|
|
ParamValidator::PARAM_TYPE => 'user',
|
Add 'temp' to allowed user types in various APIs
Why:
* Before this task, when an API parameter specifies allowed user
types, temporary users and permanent users are in the same
category: 'name'.
* However, it is useful to separate them out, and sometimes
allow a permanent user but not a temporary user (e.g.
ApiResetPassword, since temporary users don't have passwords).
* We therefore re-defined the 'name' type only to refer to
permanent (named) users, and add a new 'temp' type.
* This fixes params that currently intend to allow temp users,
and that use 'name' to do so, by adding 'temp'.
What:
* Based on a search for `UserDef::PARAM_ALLOWED_USER_TYPES`,
add the 'temp' type where necessary.
* The following were not updated, because they shouldn't apply
to temporary users:
- owners for includes/api/ApiQueryWatchlist.php,
includes/api/ApiQueryWatchlistRaw.php
- users for includes/api/ApiResetPassword.php,
includes/api/ApiUserrights.php,
includes/api/ApiValidatePassword.php
Bug: T350701
Change-Id: If5ccf1d469327791acff74d013343307e411cca9
2023-11-29 12:21:16 +00:00
|
|
|
UserDef::PARAM_ALLOWED_USER_TYPES => [ 'name', 'ip', 'temp', 'cidr', 'id' ],
|
2019-08-21 19:53:53 +00:00
|
|
|
],
|
2016-12-07 17:04:02 +00:00
|
|
|
'userid' => [
|
2022-06-05 23:18:50 +00:00
|
|
|
ParamValidator::PARAM_TYPE => 'integer',
|
2022-06-06 01:24:41 +00:00
|
|
|
ParamValidator::PARAM_DEPRECATED => true,
|
2016-12-07 17:04:02 +00:00
|
|
|
],
|
2012-07-07 07:12:04 +00:00
|
|
|
'reason' => '',
|
2016-01-25 04:11:36 +00:00
|
|
|
'tags' => [
|
2022-06-05 23:18:50 +00:00
|
|
|
ParamValidator::PARAM_TYPE => 'tags',
|
|
|
|
|
ParamValidator::PARAM_ISMULTI => true,
|
2016-01-25 04:11:36 +00:00
|
|
|
],
|
2023-03-08 21:42:41 +00:00
|
|
|
'watchuser' => false,
|
2016-02-17 09:09:32 +00:00
|
|
|
];
|
2023-03-08 21:42:41 +00:00
|
|
|
|
|
|
|
|
// Params appear in the docs in the order they are defined,
|
|
|
|
|
// which is why this is here and not at the bottom.
|
|
|
|
|
// @todo Find better way to support insertion at arbitrary position
|
|
|
|
|
if ( $this->watchlistExpiryEnabled ) {
|
|
|
|
|
$params += [
|
|
|
|
|
'watchlistexpiry' => [
|
|
|
|
|
ParamValidator::PARAM_TYPE => 'expiry',
|
|
|
|
|
ExpiryDef::PARAM_MAX => $this->watchlistMaxDuration,
|
|
|
|
|
ExpiryDef::PARAM_USE_MAX => true,
|
|
|
|
|
]
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $params;
|
2007-12-06 16:06:22 +00:00
|
|
|
}
|
|
|
|
|
|
2010-10-01 20:12:50 +00:00
|
|
|
public function needsToken() {
|
2014-08-08 16:56:07 +00:00
|
|
|
return 'csrf';
|
2010-02-14 22:20:27 +00:00
|
|
|
}
|
2007-12-06 16:06:22 +00:00
|
|
|
|
2014-10-28 17:17:02 +00:00
|
|
|
protected function getExamplesMessages() {
|
2016-02-17 09:09:32 +00:00
|
|
|
return [
|
2014-09-18 17:38:23 +00:00
|
|
|
'action=unblock&id=105'
|
|
|
|
|
=> 'apihelp-unblock-example-id',
|
|
|
|
|
'action=unblock&user=Bob&reason=Sorry%20Bob'
|
|
|
|
|
=> 'apihelp-unblock-example-user',
|
2016-02-17 09:09:32 +00:00
|
|
|
];
|
2007-12-06 16:06:22 +00:00
|
|
|
}
|
|
|
|
|
|
2011-07-17 16:38:24 +00:00
|
|
|
public function getHelpUrls() {
|
2017-04-04 22:52:57 +00:00
|
|
|
return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Block';
|
2011-07-17 16:38:24 +00:00
|
|
|
}
|
2007-12-06 16:06:22 +00:00
|
|
|
}
|
2024-09-25 16:17:29 +00:00
|
|
|
|
|
|
|
|
/** @deprecated class alias since 1.43 */
|
|
|
|
|
class_alias( ApiUnblock::class, 'ApiUnblock' );
|
