Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wiki.techinc.nl/includes/Permissions/SimpleAuthority.php
Thiemo Kreuz 369b947d33 Make some generic array type hints in PHPDocs more specific 
This patch focusses on permission related stuff.

"Policies" is particularly confusing in this patch. In some cases the
word refers to a list of policies (one such policy being e.g. "minimum
password length = 8 characters"). But sometimes it's a list of lists
of such policies, keyed by user group.

Change-Id: I0346e59c7b79839114dd0d0bc7ee38289c1b06a1
2021-12-08 09:12:22 +01:00

206 lines
4.5 KiB
PHP
Raw Blame History

<?php
/**
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* http://www.gnu.org/copyleft/gpl.html
*
* @file
*/
namespace MediaWiki\Permissions;
use InvalidArgumentException;
use MediaWiki\Block\Block;
use MediaWiki\Page\PageIdentity;
use MediaWiki\User\UserIdentity;
/**
* Represents an authority that has a specific set of permissions
* which are specified explicitly. This is useful for testing, but
* may also be used to represent a fixed set of permissions to be
* used in some context, e.g. in an asynchronous job.
*
* @since 1.36
* @newable
*/
class SimpleAuthority implements Authority {
/** @var UserIdentity */
private $actor;
/** @var true[] permissions (stored in the keys, values are ignored) */
private $permissions;
/**
* @stable to call
* @param UserIdentity $actor
* @param string[] $permissions A list of permissions to grant to the actor
*/
public function __construct( UserIdentity $actor, array $permissions ) {
$this->actor = $actor;
$this->permissions = array_fill_keys( $permissions, true );
}
/**
* The user identity associated with this authority.
*
* @return UserIdentity
*/
public function getUser(): UserIdentity {
return $this->actor;
}
/**
* @param int $freshness
*
* @return ?Block always null
* @since 1.37
*/
public function getBlock( int $freshness = self::READ_NORMAL ): ?Block {
return null;
}
/**
* @inheritDoc
*
* @param string $permission
*
* @return bool
*/
public function isAllowed( string $permission ): bool {
return isset( $this->permissions[ $permission ] );
}
/**
* @inheritDoc
*
* @param string ...$permissions
*
* @return bool
*/
public function isAllowedAny( ...$permissions ): bool {
if ( !$permissions ) {
throw new InvalidArgumentException( 'At least one permission must be specified' );
}
foreach ( $permissions as $perm ) {
if ( $this->isAllowed( $perm ) ) {
return true;
}
}
return false;
}
/**
* @inheritDoc
*
* @param string ...$permissions
*
* @return bool
*/
public function isAllowedAll( ...$permissions ): bool {
if ( !$permissions ) {
throw new InvalidArgumentException( 'At least one permission must be specified' );
}
foreach ( $permissions as $perm ) {
if ( !$this->isAllowed( $perm ) ) {
return false;
}
}
return true;
}
private function checkPermission( string $permission, ?PermissionStatus $status ): bool {
$ok = $this->isAllowed( $permission );
if ( !$ok && $status ) {
// TODO: use a message that at includes the permission name
$status->fatal( 'permissionserrors' );
}
return $ok;
}
/**
* @inheritDoc
*
* @param string $action
* @param PageIdentity $target
* @param PermissionStatus|null $status
*
* @return bool
*/
public function probablyCan(
string $action,
PageIdentity $target,
PermissionStatus $status = null
): bool {
return $this->checkPermission( $action, $status );
}
/**
* @inheritDoc
*
* @param string $action
* @param PageIdentity $target
* @param PermissionStatus|null $status
*
* @return bool
*/
public function definitelyCan(
string $action,
PageIdentity $target,
PermissionStatus $status = null
): bool {
return $this->checkPermission( $action, $status );
}
/**
* @inheritDoc
*
* @param string $action
* @param PageIdentity $target
* @param PermissionStatus|null $status
*
* @return bool
*/
public function authorizeRead(
string $action,
PageIdentity $target,
PermissionStatus $status = null
): bool {
return $this->checkPermission( $action, $status );
}
/**
* @inheritDoc
*
* @param string $action
* @param PageIdentity $target
* @param PermissionStatus|null $status
*
* @return bool
*/
public function authorizeWrite(
string $action,
PageIdentity $target,
PermissionStatus $status = null
): bool {
return $this->checkPermission( $action, $status );
}
}
Reference in a new issue View git blame Copy permalink