diff --git a/includes/Rest/Handler/MediaFileHandler.php b/includes/Rest/Handler/MediaFileHandler.php index dfad7550e14..7e1df5f8150 100644 --- a/includes/Rest/Handler/MediaFileHandler.php +++ b/includes/Rest/Handler/MediaFileHandler.php @@ -10,7 +10,6 @@ use MediaWiki\Rest\LocalizedHttpException; use MediaWiki\Rest\Response; use MediaWiki\Rest\SimpleHandler; use RepoGroup; -use User; use Wikimedia\Message\MessageValue; use Wikimedia\ParamValidator\ParamValidator; @@ -66,10 +65,8 @@ class MediaFileHandler extends SimpleHandler { private function getFile(): ?File { if ( $this->file === false ) { $page = $this->getPage(); - // TODO: make RepoGroup::findFile take Authority - $user = User::newFromIdentity( $this->getAuthority()->getUser() ); $this->file = - $this->repoGroup->findFile( $page, [ 'private' => $user ] ) ?: null; + $this->repoGroup->findFile( $page, [ 'private' => $this->getAuthority() ] ) ?: null; } return $this->file; } diff --git a/includes/Rest/Handler/MediaLinksHandler.php b/includes/Rest/Handler/MediaLinksHandler.php index 919140476ad..edd9227a7cc 100644 --- a/includes/Rest/Handler/MediaLinksHandler.php +++ b/includes/Rest/Handler/MediaLinksHandler.php @@ -9,7 +9,6 @@ use MediaWiki\Rest\LocalizedHttpException; use MediaWiki\Rest\Response; use MediaWiki\Rest\SimpleHandler; use RepoGroup; -use User; use Wikimedia\Message\MessageValue; use Wikimedia\ParamValidator\ParamValidator; use Wikimedia\Rdbms\ILoadBalancer; @@ -124,12 +123,11 @@ class MediaLinksHandler extends SimpleHandler { private function processDbResults( $results ) { // Using "private" here means an equivalent of the Action API's "anon-public-user-private" // caching model would be necessary, if caching is ever added to this endpoint. - // TODO: make RepoGroup::findFiles take Authority - $user = User::newFromIdentity( $this->getAuthority()->getUser() ); - $findTitles = array_map( static function ( $title ) use ( $user ) { + $performer = $this->getAuthority(); + $findTitles = array_map( static function ( $title ) use ( $performer ) { return [ 'title' => $title, - 'private' => $user, + 'private' => $performer, ]; }, $results ); @@ -146,7 +144,7 @@ class MediaLinksHandler extends SimpleHandler { ]; $response = []; foreach ( $files as $file ) { - $response[] = $this->getFileInfo( $file, $user, $transforms ); + $response[] = $this->getFileInfo( $file, $performer, $transforms ); } $response = [ diff --git a/includes/api/ApiQueryImageInfo.php b/includes/api/ApiQueryImageInfo.php index 8468b3c93ca..7e7a0ea8684 100644 --- a/includes/api/ApiQueryImageInfo.php +++ b/includes/api/ApiQueryImageInfo.php @@ -87,11 +87,11 @@ class ApiQueryImageInfo extends ApiQueryBase { } } - $user = $this->getUser(); - $findTitles = array_map( static function ( $title ) use ( $user ) { + $performer = $this->getAuthority(); + $findTitles = array_map( static function ( $title ) use ( $performer ) { return [ 'title' => $title, - 'private' => $user, + 'private' => $performer, ]; }, $titles ); diff --git a/includes/filerepo/FileRepo.php b/includes/filerepo/FileRepo.php index f0ce8e8e405..4889258da70 100644 --- a/includes/filerepo/FileRepo.php +++ b/includes/filerepo/FileRepo.php @@ -10,6 +10,7 @@ use MediaWiki\Linker\LinkTarget; use MediaWiki\MediaWikiServices; use MediaWiki\Page\PageIdentity; +use MediaWiki\Permissions\Authority; use MediaWiki\User\UserIdentity; /** @@ -446,18 +447,19 @@ class FileRepo { * current version. An image object will be returned which was * created at the specified time (which may be archived or current). * ignoreRedirect: If true, do not follow file redirects - * private: If a User object, return restricted (deleted) files if the - * user is allowed to view them. Otherwise, such files will not - * be found. If set and not a User object, throws an exception + * private: If an Authority object, return restricted (deleted) files if the + * performer is allowed to view them. Otherwise, such files will not + * be found. If set and not an Authority object, throws an exception. + * Authority is only accepted since 1.37, User was required before. * latest: If true, load from the latest available data into File objects * @return File|bool False on failure * @throws InvalidArgumentException */ public function findFile( $title, $options = [] ) { - if ( !empty( $options['private'] ) && !( $options['private'] instanceof User ) ) { + if ( !empty( $options['private'] ) && !( $options['private'] instanceof Authority ) ) { throw new InvalidArgumentException( __METHOD__ . ' called with the `private` option set to something ' . - 'other than a User object' + 'other than an Authority object' ); } @@ -488,7 +490,7 @@ class FileRepo { if ( !$img->isDeleted( File::DELETED_FILE ) ) { return $img; // always OK } elseif ( - // If its not empty, its a User object + // If its not empty, its an Authority object !empty( $options['private'] ) && $img->userCan( File::DELETED_FILE, $options['private'] ) ) { @@ -546,9 +548,9 @@ class FileRepo { if ( !empty( $options['private'] ) && - !( $options['private'] instanceof User ) + !( $options['private'] instanceof Authority ) ) { - $options['private'] = RequestContext::getMain()->getUser(); + $options['private'] = RequestContext::getMain()->getAuthority(); } } else { $title = $item; @@ -579,13 +581,13 @@ class FileRepo { * @param string $sha1 Base 36 SHA-1 hash * @param array $options Option array, same as findFile(). * @return File|bool False on failure - * @throws InvalidArgumentException if the `private` option is set and not a User object + * @throws InvalidArgumentException if the `private` option is set and not an Authority object */ public function findFileFromKey( $sha1, $options = [] ) { - if ( !empty( $options['private'] ) && !( $options['private'] instanceof User ) ) { + if ( !empty( $options['private'] ) && !( $options['private'] instanceof Authority ) ) { throw new InvalidArgumentException( __METHOD__ . ' called with the `private` option set to something ' . - 'other than a User object' + 'other than an Authority object' ); } @@ -605,7 +607,7 @@ class FileRepo { if ( !$img->isDeleted( File::DELETED_FILE ) ) { return $img; // always OK } elseif ( - // If its not empty, its a User object + // If its not empty, its an Authority object !empty( $options['private'] ) && $img->userCan( File::DELETED_FILE, $options['private'] ) ) { diff --git a/includes/filerepo/LocalRepo.php b/includes/filerepo/LocalRepo.php index b5cd4a710e7..921c7da9b04 100644 --- a/includes/filerepo/LocalRepo.php +++ b/includes/filerepo/LocalRepo.php @@ -25,6 +25,7 @@ use MediaWiki\Linker\LinkTarget; use MediaWiki\MediaWikiServices; use MediaWiki\Page\PageIdentity; +use MediaWiki\Permissions\Authority; use Wikimedia\Rdbms\Database; use Wikimedia\Rdbms\IDatabase; use Wikimedia\Rdbms\IResultWrapper; @@ -275,10 +276,10 @@ class LocalRepo extends FileRepo { // Fallback to RequestContext::getMain should be replaced with a better // way of setting the user that should be used; currently it needs to be // set for each file individually. See T263033#6477586 - $contextUser = RequestContext::getMain()->getUser(); - $user = ( !empty( $search['private'] ) && $search['private'] instanceof User ) + $contextPerformer = RequestContext::getMain()->getAuthority(); + $performer = ( !empty( $search['private'] ) && $search['private'] instanceof Authority ) ? $search['private'] - : $contextUser; + : $contextPerformer; return ( $file->exists() && @@ -287,7 +288,7 @@ class LocalRepo extends FileRepo { ( !empty( $search['time'] ) && $search['time'] === $file->getTimestamp() ) ) && ( !empty( $search['private'] ) || !$file->isDeleted( File::DELETED_FILE ) ) && - $file->userCan( File::DELETED_FILE, $user ) + $file->userCan( File::DELETED_FILE, $performer ) ); }; diff --git a/includes/filerepo/RepoGroup.php b/includes/filerepo/RepoGroup.php index 8030c895956..694eb5ee312 100644 --- a/includes/filerepo/RepoGroup.php +++ b/includes/filerepo/RepoGroup.php @@ -113,11 +113,13 @@ class RepoGroup { * current version. An image object will be returned which was * created at the specified time. * ignoreRedirect: If true, do not follow file redirects - * private: If true, return restricted (deleted) files if the current - * user is allowed to view them. Otherwise, such files will not - * be found. + * private: If Authority object, return restricted (deleted) files if the + * performer is allowed to view them. Otherwise, such files will not + * be found. Authority is only accepted since 1.37, User was required + * before. * latest: If true, load from the latest available data into File objects - * @phan-param array{time?:mixed,ignoreRedirect?:bool,private?:bool,latest?:bool} $options + * @phpcs:ignore Generic.Files.LineLength + * @phan-param array{time?:mixed,ignoreRedirect?:bool,private?:bool|MediaWiki\Permissions\Authority,latest?:bool} $options * @return File|bool False if title is not found */ public function findFile( $title, $options = [] ) { diff --git a/includes/parser/Hook/BeforeParserFetchFileAndTitleHook.php b/includes/parser/Hook/BeforeParserFetchFileAndTitleHook.php index 91deb73c947..6d36de5f812 100644 --- a/includes/parser/Hook/BeforeParserFetchFileAndTitleHook.php +++ b/includes/parser/Hook/BeforeParserFetchFileAndTitleHook.php @@ -22,7 +22,7 @@ interface BeforeParserFetchFileAndTitleHook { * @param Title $nt Image title * @param array &$options Array of options to RepoGroup::findFile. If it contains 'broken' * as a key then the file will appear as a broken thumbnail. - * If it contains `private` as a key, the value must be a User object. + * If it contains `private` as a key, the value must be an Authority object. * @param string &$descQuery Query string to add to thumbnail URL * @return bool|void True or no return value to continue or false to abort */