Merge "Convert BlockPermissionChecker to Authority"
This commit is contained in:
jenkins-bot
Gerrit Code Review
commit
dfb3fe9bee
3 changed files with 34 additions and 28 deletions
|
|
@ -232,7 +232,7 @@ return [
|
|||
BlockPermissionCheckerFactory::CONSTRUCTOR_OPTIONS,
|
||||
$services->getMainConfig()
|
||||
),
|
||||
$services->getPermissionManager()
|
||||
$services->getUserFactory()
|
||||
);
|
||||
},
|
||||
|
||||
|
|
|
|||
|
|
@ -22,9 +22,9 @@
|
|||
namespace MediaWiki\Block;
|
||||
|
||||
use MediaWiki\Config\ServiceOptions;
|
||||
use MediaWiki\Permissions\PermissionManager;
|
||||
use MediaWiki\Permissions\Authority;
|
||||
use MediaWiki\User\UserFactory;
|
||||
use MediaWiki\User\UserIdentity;
|
||||
use User;
|
||||
|
||||
/**
|
||||
* Block permissions
|
||||
|
|
@ -48,7 +48,7 @@ class BlockPermissionChecker {
|
|||
private $targetType = null;
|
||||
|
||||
/**
|
||||
* @var User Block performer
|
||||
* @var Authority Block performer
|
||||
*/
|
||||
private $performer;
|
||||
|
||||
|
|
@ -65,25 +65,25 @@ class BlockPermissionChecker {
|
|||
private $options;
|
||||
|
||||
/**
|
||||
* @var PermissionManager
|
||||
* @var UserFactory
|
||||
*/
|
||||
private $permissionManager;
|
||||
private $userFactory;
|
||||
|
||||
/**
|
||||
* @param ServiceOptions $options
|
||||
* @param PermissionManager $permissionManager
|
||||
* @param UserFactory $userFactory
|
||||
* @param UserIdentity|string|null $target
|
||||
* @param User $performer
|
||||
* @param Authority $performer
|
||||
*/
|
||||
public function __construct(
|
||||
ServiceOptions $options,
|
||||
PermissionManager $permissionManager,
|
||||
UserFactory $userFactory,
|
||||
$target,
|
||||
User $performer
|
||||
Authority $performer
|
||||
) {
|
||||
$options->assertRequiredOptions( self::CONSTRUCTOR_OPTIONS );
|
||||
$this->options = $options;
|
||||
$this->permissionManager = $permissionManager;
|
||||
$this->userFactory = $userFactory;
|
||||
list( $this->target, $this->targetType ) = AbstractBlock::parseTarget( $target );
|
||||
$this->performer = $performer;
|
||||
}
|
||||
|
|
@ -96,13 +96,13 @@ class BlockPermissionChecker {
|
|||
* @return bool|string
|
||||
*/
|
||||
public function checkBasePermissions( $checkHideuser = false ) {
|
||||
if ( !$this->permissionManager->userHasRight( $this->performer, 'block' ) ) {
|
||||
if ( !$this->performer->isAllowed( 'block' ) ) {
|
||||
return 'badaccess-group0';
|
||||
}
|
||||
|
||||
if (
|
||||
$checkHideuser &&
|
||||
!$this->permissionManager->userHasRight( $this->performer, 'hideuser' )
|
||||
!$this->performer->isAllowed( 'hideuser' )
|
||||
) {
|
||||
return 'unblock-hideuser';
|
||||
}
|
||||
|
|
@ -122,7 +122,10 @@ class BlockPermissionChecker {
|
|||
* @return bool|string True when checks passed, message code for failures
|
||||
*/
|
||||
public function checkBlockPermissions() {
|
||||
$block = $this->performer->getBlock();
|
||||
$performerIdentity = $this->performer->getUser();
|
||||
$legacyUser = $this->userFactory->newFromUserIdentity( $performerIdentity );
|
||||
|
||||
$block = $legacyUser->getBlock();
|
||||
if ( !$block ) {
|
||||
// User is not blocked, process as normal
|
||||
return true;
|
||||
|
|
@ -135,17 +138,17 @@ class BlockPermissionChecker {
|
|||
|
||||
if (
|
||||
$this->target instanceof UserIdentity &&
|
||||
$this->target->getId() === $this->performer->getId()
|
||||
$this->target->getId() === $performerIdentity->getId()
|
||||
) {
|
||||
// Blocked admin is trying to alter their own block
|
||||
|
||||
// Self-blocked admins can always remove or alter their block
|
||||
if ( $this->performer->blockedBy() === $this->performer->getName() ) {
|
||||
if ( $block->getByName() === $performerIdentity->getName() ) {
|
||||
return true;
|
||||
}
|
||||
|
||||
// Users with 'unblockself' right can unblock themselves or alter their own block
|
||||
if ( $this->permissionManager->userHasRight( $this->performer, 'unblockself' ) ) {
|
||||
if ( $this->performer->isAllowed( 'unblockself' ) ) {
|
||||
return true;
|
||||
} else {
|
||||
return 'ipbnounblockself';
|
||||
|
|
@ -154,7 +157,7 @@ class BlockPermissionChecker {
|
|||
|
||||
if (
|
||||
$this->target instanceof UserIdentity &&
|
||||
$this->performer->blockedBy() === $this->target->getName()
|
||||
$block->getByName() === $this->target->getName()
|
||||
) {
|
||||
// T150826: Blocked admins can always block the admin who blocked them
|
||||
return true;
|
||||
|
|
@ -172,6 +175,6 @@ class BlockPermissionChecker {
|
|||
*/
|
||||
public function checkEmailPermissions() {
|
||||
return $this->options->get( 'EnableUserEmail' ) &&
|
||||
$this->permissionManager->userHasRight( $this->performer, 'blockemail' );
|
||||
$this->performer->isAllowed( 'blockemail' );
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -22,7 +22,8 @@
|
|||
namespace MediaWiki\Block;
|
||||
|
||||
use MediaWiki\Config\ServiceOptions;
|
||||
use MediaWiki\Permissions\PermissionManager;
|
||||
use MediaWiki\Permissions\Authority;
|
||||
use MediaWiki\User\UserFactory;
|
||||
use MediaWiki\User\UserIdentity;
|
||||
use User;
|
||||
|
||||
|
|
@ -36,25 +37,27 @@ class BlockPermissionCheckerFactory {
|
|||
/** @var ServiceOptions */
|
||||
private $options;
|
||||
|
||||
/** @var PermissionManager */
|
||||
private $permissionManager;
|
||||
|
||||
/**
|
||||
* @internal only to be used by ServiceWiring
|
||||
*/
|
||||
public const CONSTRUCTOR_OPTIONS = BlockPermissionChecker::CONSTRUCTOR_OPTIONS;
|
||||
|
||||
/**
|
||||
* @var UserFactory
|
||||
*/
|
||||
private $userFactory;
|
||||
|
||||
/**
|
||||
* @param ServiceOptions $options
|
||||
* @param PermissionManager $permissionManager
|
||||
* @param UserFactory $userFactory
|
||||
*/
|
||||
public function __construct(
|
||||
ServiceOptions $options,
|
||||
PermissionManager $permissionManager
|
||||
UserFactory $userFactory
|
||||
) {
|
||||
$options->assertRequiredOptions( self::CONSTRUCTOR_OPTIONS );
|
||||
$this->options = $options;
|
||||
$this->permissionManager = $permissionManager;
|
||||
$this->userFactory = $userFactory;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -65,11 +68,11 @@ class BlockPermissionCheckerFactory {
|
|||
*/
|
||||
public function newBlockPermissionChecker(
|
||||
$target,
|
||||
User $performer
|
||||
Authority $performer
|
||||
) {
|
||||
return new BlockPermissionChecker(
|
||||
$this->options,
|
||||
$this->permissionManager,
|
||||
$this->userFactory,
|
||||
$target,
|
||||
$performer
|
||||
);
|
||||
|
|
|
|||
Loading…
Reference in a new issue