This reverts commit 8d57c5e32c.
Reason for revert: 'Session' is a final class and cannot be mocked.
Added a comment to explain this.
Change-Id: Ic8bbd82aa668916766ab8434018299a22d31224d
Added:
- ContentHandlerFactory
Tests:
- PHPUnit
Changed
- Calls of changed and deprecated
- DI for some service/api
Deprecated:
- ContentHandler::* then similar to ContentHandlerFactory
- ContentHandler::getForTitle
- ContentHandler::$handlers
Bug: T235165
Change-Id: I59246938c7ad7b3e70e46c9e698708ef9bc672c6
The motivations behind this change is T227892 and that a blocker for a System or
Composite block provides no useful information for the end user.
Here is what's changing:
* Move the $blocker property to DatabaseBlock, since this is the only type of
block that can be created by a user.
* Move handling of the 'by' and 'byName' constructor option from AbstractBlock to
DatabaseBlock.
* getBy(), getByName(), are now abstracts methods and each block type have to provide
their own implementation
* getBlocker(), setBlocker() are being deprecated in AbstractBlock and moved as internal
methods into DatabaseBlock
Bug: T227892
Depends-On: Ie2aa00cfec5e166460bcaeddba3c601fe0627c13
Change-Id: I1b17c652b12d98de3d996d309d4d3f22074be411
Update PermissionManagerTest and FormSpecialPageTestCase to use a
mock User object that returns a specified block.
Before this commit, these tests manipulate the public properties
User::mBlock and User::mBlockedby in order to change the user's
block. There is no advantage to doing this over mocking: it is not
more realistic, and is sensitive to changes in the code. These tests
need updating in order to deprecate public access to these properties
(see T229035).
Also, PermissionManager::testUserBlock is a large, complicated method
that tests three different things, so split it into three smaller
methods, each testing one thing:
* testCheckUserBlockActions: A blocked user is blocked/unblocked
correctly from certain actions, depending on their block.
* testCheckUserBlockMessage: The correct block message key and
parameters are returned, depending on the block.
* testCheckUserBlockEmailConfirmToEdit: A user is or isn't asked to
provide email confirmation in order to edit, as specified by the
config.
Change-Id: I0bb9252b476131c2b255d4c503c0dab5dfff94be
The main reasons for adding this service layer are:
* It allows error messages to be more consistent, by defining
a set of reportable information that can describe any block
type and is consistently formatted.
* It decouples formatting from the block classes, removing
their dependency on language, for the most part.
The service provides one public method, getMessage, which
returns a Message object whose key and parameters are
determined by the type of block. This should be used instead
of the deprecated AbstractBlock::getPermissionsError and
AbstractBlock::getBlockErrorParams.
Calls to AbstractBlock::getPermissionsError are replaced in
this patch.
Bug: T227174
Change-Id: I8caae7e30a46ef7120a86a4e5e6f30ae00855063
assertEquals( false, … ) still succeeds when the actual value is 0, null,
an empty string, even an empty array. All these should be reported as a
failure, I would argue.
Note this patch previously also touched assertSame( false ). I reverted
these. The only benefit would have been consistency within this codebase,
but there is no strict reason to prefer one over the other. assertFalse()
and assertSame( false ) are functionally identical.
Change-Id: Ic5f1c7d504e7249002d3184520012e03313137b4
Public methods for checking and setting these properties already
exist where needed. Also update the remaining direct uses of these
properties in core.
Change-Id: Icdef025c9700e625aeb2a07975e69f1b1cc2466c
Require a new editmyuserjsredirect permission for users to edit
Javascript redirects in their userspace when the redirect target
is not in their userspace (unless they have edituserjs and can
edit any user JS anyway). This is to prevent attacks where a
popular userscript has been moved into the system namespace or
another safe location but many users still load it through the
original userspace redirect, and the attacker manages to take
over the userspace by compromising the account or getting it
renamed.
Since this is only a concern on large community wikis, by
default all users have the editmyuserjsredirect permission.
Bug: T207750
Change-Id: I36a879d5da04cb6f49ed1bc40dbe144f6862c6a1
Depends-On: I072cf857c1fff4578402904aa9cb5a0c8833f16f
Add a mechanism for adding temporary user rights that only exist
for the current request. This is occasionally needed to let normal
users act with a bot flag; traditionally the fact that User::$mRights
was public has been abused to do it, but I88992403 broke that.
Bug: T227772
Change-Id: Ife8f9d8affa750701e4e5d646ed8cd153c1d867b
This fixes parameters returned by AbstractBlock::getBlockErrorParams,
but not those from ApiBlockInfoTrait.
Change-Id: I122017808766de1e9a9035f2f39a7b08607e56c1
Was reverted by I549810a4cd2e424cc4a438887d2f24614a24cc00 due to
T224607.
Original change by Vedmaka Wakalaka was
Ia0d840b772ea5f20c9594ce151cc57adc270e48b.
Original commit message:
The following methods should are factored out of the User class into PermissionManager,
leaving only deprecated stubs:
- User::isAllowed -> PermissionManager::userHasRight
- User::getRights -> PermissionManager::getUserPermissions
- User::groupHasPermission -> PermissionManager::groupHasPermission
- User::getGroupPermissions -> PermissionManager::getGroupPermissions
-User::getGroupsWithPermission -> PermissionManager::getGroupsWithPermission
- User::groupHasPermission -> PermissionManager::groupHasPermission
- User::isEveryoneAllowed -> PermissionManager::isEveryoneAllowed
- User::getAllRights -> PermissionManager::getAllPermissions
Depends-On: I7909e9bd6bbfbd708c0a00b861a9b22a38c6665d
Bug: T218558
Bug: T223294
Change-Id: I8899240378f636ea70f447616710516c0a3c5c31
Keep Block as a deprecated class alias for DatabaseBlock.
Update calls to the Block constructor and Block static
methods from external classes.
Also update documentation in several places that refer to
blocks as Blocks.
Bug: T222737
Change-Id: I6d96b63ca0a84bee19486471e0a16a53a79d768a
This commit splits the existing Block class into AbstractBlock, Block
and SystemBlock.
Before this patch, the Block class represents several types of
blocks, which can be separated into blocks stored in the database,
and temporary blocks created by the system. These are now
represented by Block and SystemBlock, which inherit from
AbstractBlock.
This lays the foundations for:
* enforcing block parameters from multiple blocks that apply to a
user/IP address
* improvements to the Block API, including the addition of services
Breaking changes: functions expecting a Block object should still
expect a Block object if it came from the database, but other
functions may now need to expect an AbstractBlock or SystemBlock
object. (Note that an alternative naming scheme, in which the
abstract class is called Block and the subclasses are DatabaseBlock
and SystemBlock, avoids this breakage. However, it introduces more
breakages to calls to static Block methods and new Block
instantiations.)
Changes to tests: system blocks don't set the $blockCreateAccount or
$mExipry block properties, so remove/change any tests that assume
they do.
Bug: T222737
Change-Id: I83bceb5e5049e254c90ace060f8f8fad44696c67
First iteration of adding a PermissionManager service as a replacement
for Title::userCan and User::isBlockedFrom methods.
- Created PermissionManager service
- Migrated Title::userCan to PermissionManager::userCan and deprecated the first
- Migrated Title::quickUserCan to PermissionManager::quickUserCan and deprecated the first
- Migrated User::isBlockedFrom to PermissionManager::isBlockedFrom and deprecated the first
Same for User::isBlockedFrom and PermissionManager::isBlockedFrom - the
$user parameter is now required so the declaration is changed from
isBlockedFrom( $title, ... ) to isBlockedFrom( $user, $title, .. ) which
means before User::isBlockedFrom removal all calls to it need to be updated.
Added PermissionManagerTest, it copies TitlePermissionTest but uses
PermissionManager instance instead of Title methods, this way keeping both tests
in place, we can ensure that nothing was broken and both are in working state
during the deprecation phase.
Bug: T208768
Change-Id: I94479b44afb3068695f8e327b46bda38e44e691f
