Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wiki.techinc.nl/includes/api/ApiEmailUser.php
daniel 710867ebc3 EmailUser: use authorizeAction() 
EmailUser should distinguish between pre-checking permission, and
authorizing the sending of emails, so we can call authorizeAction()
at the appropriate time. This way, rate limits get enforced
implicitly.

This change demonstrates the motivation behind Iebd62b0487a
and I0c2ce8bdf07.

Change-Id: Ic30c36f82ab142130b5f4167c13284aeed899231
2023-09-26 21:20:32 +02:00

130 lines
3.5 KiB
PHP
Raw Blame History

<?php
/**
* Copyright © 2008 Bryan Tong Minh <Bryan.TongMinh@Gmail.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* http://www.gnu.org/copyleft/gpl.html
*
* @file
*/
use MediaWiki\Specials\SpecialEmailUser;
use MediaWiki\Status\Status;
use MediaWiki\User\User;
use Wikimedia\ParamValidator\ParamValidator;
/**
* API Module to facilitate sending of emails to users
* @ingroup API
*/
class ApiEmailUser extends ApiBase {
public function execute() {
$params = $this->extractRequestParams();
// Validate target
$targetUser = SpecialEmailUser::getTarget( $params['target'], $this->getUser() );
if ( !( $targetUser instanceof User ) ) {
switch ( $targetUser ) {
case 'notarget':
$this->dieWithError( 'apierror-notarget' );
// dieWithError prevents continuation
case 'noemail':
$this->dieWithError( [ 'noemail', $params['target'] ] );
// dieWithError prevents continuation
case 'nowikiemail':
$this->dieWithError( 'nowikiemailtext', 'nowikiemail' );
// dieWithError prevents continuation
default:
$this->dieWithError( [ 'apierror-unknownerror', $targetUser ] );
}
}
// Check permissions and errors
$error = SpecialEmailUser::getPermissionsError(
$this->getUser(),
$params['token'],
$this->getConfig(),
true // authorize!
);
if ( $error ) {
$this->dieWithError( $error );
}
$data = [
'Target' => $targetUser->getName(),
'Text' => $params['text'],
'Subject' => $params['subject'],
'CCMe' => $params['ccme'],
];
$retval = SpecialEmailUser::submit( $data, $this->getContext() );
if ( !$retval instanceof Status ) {
// This is probably the reason
$retval = Status::newFatal( 'hookaborted' );
}
$result = array_filter( [
'result' => $retval->isGood() ? 'Success' : ( $retval->isOK() ? 'Warnings' : 'Failure' ),
'warnings' => $this->getErrorFormatter()->arrayFromStatus( $retval, 'warning' ),
'errors' => $this->getErrorFormatter()->arrayFromStatus( $retval, 'error' ),
] );
$this->getResult()->addValue( null, $this->getModuleName(), $result );
}
public function mustBePosted() {
return true;
}
public function isWriteMode() {
return true;
}
public function getAllowedParams() {
return [
'target' => [
ParamValidator::PARAM_TYPE => 'string',
ParamValidator::PARAM_REQUIRED => true
],
'subject' => [
ParamValidator::PARAM_TYPE => 'string',
ParamValidator::PARAM_REQUIRED => true
],
'text' => [
ParamValidator::PARAM_TYPE => 'text',
ParamValidator::PARAM_REQUIRED => true
],
'ccme' => false,
];
}
public function needsToken() {
return 'csrf';
}
protected function getExamplesMessages() {
return [
'action=emailuser&target=WikiSysop&text=Content&token=123ABC'
=> 'apihelp-emailuser-example-email',
];
}
public function getHelpUrls() {
return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Email';
}
}
Reference in a new issue View git blame Copy permalink