94c0baaa2f
Protect private wikis by providing basic read restrictions, closely following the example of the action API. The BasicAccess module provides a narrow interface for this functionality, without exposing the whole session/user concept to the router. Also, add RouterTest and fix a bug in Router::getRelativePath() thus discovered. Change-Id: I82319d56f08b2eec4a585ff6dbd348ccdbadc5b5
46 lines
1 KiB
PHP
46 lines
1 KiB
PHP
<?php
|
|
|
|
namespace MediaWiki\Rest\BasicAccess;
|
|
|
|
use MediaWiki\Rest\Handler;
|
|
use MediaWiki\Rest\RequestInterface;
|
|
|
|
/**
|
|
* A request authorizer which checks needsReadAccess() in the
|
|
* handler and calls isReadAllowed() in the subclass
|
|
* accordingly.
|
|
*
|
|
* @internal
|
|
*/
|
|
abstract class BasicRequestAuthorizer {
|
|
protected $request;
|
|
protected $handler;
|
|
|
|
/**
|
|
* @param RequestInterface $request
|
|
* @param Handler $handler
|
|
*/
|
|
public function __construct( RequestInterface $request, Handler $handler ) {
|
|
$this->request = $request;
|
|
$this->handler = $handler;
|
|
}
|
|
|
|
/**
|
|
* @see BasicAuthorizerInterface::authorize()
|
|
* @return string|null If the request is denied, the string error code. If
|
|
* the request is allowed, null.
|
|
*/
|
|
public function authorize() {
|
|
if ( $this->handler->needsReadAccess() && !$this->isReadAllowed() ) {
|
|
return 'rest-read-denied';
|
|
}
|
|
return null;
|
|
}
|
|
|
|
/**
|
|
* Check if the current user is allowed to read from the wiki
|
|
*
|
|
* @return bool
|
|
*/
|
|
abstract protected function isReadAllowed();
|
|
}
|