Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wiki.techinc.nl/includes/api/ApiUnblock.php
David Barratt e86a060284
Deprecate User::isBlocked() 
The method User::isBlocked() attempts to answer two questions:
(1) Does the user have a block?
(2) Is the user prevented from performing this action?
The method can answer #1, but it cannot answer #2. Since User::getBlock() can
also answer #1, this method is redundant. The method cannot answer #2 because
there is not enough context in order to answer that question.

If access is being checked against a Title object, all access checks can be
performed with PermissionManager:userCan() which will also check the user's
blocks.

If performing all access checks is not desirable, using
PermissionManager::isBlockedFrom() is also acceptable for only checking if the
user is blocked. This method does *not* determine if the action is allowed,
only that the user's block applies to that Title.

If access is being checked without an existing Title, User::getBlock() can be
used to get the user's block. Then Block::appliesToRight() can be used to
determine if the block applies explicitly to a right (or returns null if
it is unknown or false if explicitly allowed). If the user is creating a new
Title, but the text of the title is not yet known (as in the case of Wikibase),
access should be checked with Block::appliesToNamespace().

Bug: T209004
Change-Id: Ic0ad1b92e957797fee8dcd00bd1092fe69fa58f1
2019-04-25 11:47:44 -04:00

134 lines
3.7 KiB
PHP
Raw Blame History

<?php
/**
* Copyright © 2007 Roan Kattouw "<Firstname>.<Lastname>@gmail.com"
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* http://www.gnu.org/copyleft/gpl.html
*
* @file
*/
/**
* API module that facilitates the unblocking of users. Requires API write mode
* to be enabled.
*
* @ingroup API
*/
class ApiUnblock extends ApiBase {
/**
* Unblocks the specified user or provides the reason the unblock failed.
*/
public function execute() {
$user = $this->getUser();
$params = $this->extractRequestParams();
$this->requireOnlyOneParameter( $params, 'id', 'user', 'userid' );
if ( !$user->isAllowed( 'block' ) ) {
$this->dieWithError( 'apierror-permissiondenied-unblock', 'permissiondenied' );
}
# T17810: blocked admins should have limited access here
$block = $user->getBlock();
if ( $block ) {
$status = SpecialBlock::checkUnblockSelf( $params['user'], $user );
if ( $status !== true ) {
$this->dieWithError(
$status,
null,
[ 'blockinfo' => ApiQueryUserInfo::getBlockInfo( $block ) ]
);
}
}
// Check if user can add tags
if ( !is_null( $params['tags'] ) ) {
$ableToTag = ChangeTags::canAddTagsAccompanyingChange( $params['tags'], $user );
if ( !$ableToTag->isOK() ) {
$this->dieStatus( $ableToTag );
}
}
if ( $params['userid'] !== null ) {
$username = User::whoIs( $params['userid'] );
if ( $username === false ) {
$this->dieWithError( [ 'apierror-nosuchuserid', $params['userid'] ], 'nosuchuserid' );
} else {
$params['user'] = $username;
}
}
$data = [
'Target' => is_null( $params['id'] ) ? $params['user'] : "#{$params['id']}",
'Reason' => $params['reason'],
'Tags' => $params['tags']
];
$block = Block::newFromTarget( $data['Target'] );
$retval = SpecialUnblock::processUnblock( $data, $this->getContext() );
if ( $retval !== true ) {
$this->dieStatus( $this->errorArrayToStatus( $retval ) );
}
$res['id'] = $block->getId();
$target = $block->getType() == Block::TYPE_AUTO ? '' : $block->getTarget();
$res['user'] = $target instanceof User ? $target->getName() : $target;
$res['userid'] = $target instanceof User ? $target->getId() : 0;
$res['reason'] = $params['reason'];
$this->getResult()->addValue( null, $this->getModuleName(), $res );
}
public function mustBePosted() {
return true;
}
public function isWriteMode() {
return true;
}
public function getAllowedParams() {
return [
'id' => [
ApiBase::PARAM_TYPE => 'integer',
],
'user' => null,
'userid' => [
ApiBase::PARAM_TYPE => 'integer'
],
'reason' => '',
'tags' => [
ApiBase::PARAM_TYPE => 'tags',
ApiBase::PARAM_ISMULTI => true,
],
];
}
public function needsToken() {
return 'csrf';
}
protected function getExamplesMessages() {
return [
'action=unblock&id=105'
=> 'apihelp-unblock-example-id',
'action=unblock&user=Bob&reason=Sorry%20Bob'
=> 'apihelp-unblock-example-user',
];
}
public function getHelpUrls() {
return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Block';
}
}
Reference in a new issue View git blame Copy permalink