In order to perform all rate limit checks through Authority, we need
methods that authorize an action in the context of the current state
of the system. We already have userCan, authorizeRead and
authorizeWrite that do this, but they requrie a specific page for
context. We need to be able to do the same for actions that do not
apply to a specific page (e.g. resetting a user's password).
This patch fills the gap by introducing authorizeAction() and
isDefinitelyAllowed() for actions that do not apply to a specific
page.
This change makes use of the new methods in a couple of places to
illustrate the idea:
- ChangeTags uses authorizeAction instead of User::pingLimiter
As an aside, this moves newFatalPermissionDeniedStatus from the
User class into PermissionManager, to avoid the use of global state
and thus allow UserAuthorityTest to function without having to
initialize MediaWiki.
Bug: T310476
Change-Id: I0c2ce8bdf079c6892c6ffd6ddf0baf882b2adcb7
This ensures that assertions work in a uniform way,
and provides meaningful messages in cause of failure.
Change-Id: Ic01715b9a55444d3df6b5d4097e78cb8ac082b3e
Expose info about user blocks from Authority. This allows calling code
to provide more detailed information to the user about why they are
denied some action on the wiki.
Bug: T271494
Change-Id: Ia84e469888866d72752aad355292666c31e12bad
Code that needs to store an actor ID in the database to
represent a UserIdentity, or needs to construct a UserIdentity based on
an actor ID loaded from the database, should use the ActorNormalization
service.
Note: The getActorId() method is removed from the UserIdentity interface,
but all concrete classes continue to support it for now.
UsererIdentityValue::getActorId() is hard deprecated and should
be removed in 1.37. It always returns 0.
User::getActorId() is not deprecated at this point.
Bug: T274179
Depends-On: Id2b3ddf6a2a7cdf90f8936a69148d2cce6fde237
Change-Id: I9925906d11e47efaec3c1f48d5cb3f9896a982c1
We started to call Authority argument $performer everywhere,
and $performer->getPerformer() doesn't look that good.
Change-Id: Id2cf3f27b18340314e4ed1ea9931ad9404b4df6f
This introduces the Authority interface and an implementation of basic
functionality. This serves as a basis for spike exploring the concept.
Bug: T261963
Change-Id: Idd4e8bd934f191296eada443450bc69500102937
