3 namespace MediaWiki\Tests\Permissions
;
7 use MediaWiki\Session\SessionId
;
8 use MediaWiki\Session\TestUtils
;
9 use MediaWikiLangTestCase
;
14 use MediaWiki\Block\DatabaseBlock
;
15 use MediaWiki\Block\Restriction\NamespaceRestriction
;
16 use MediaWiki\Block\Restriction\PageRestriction
;
17 use MediaWiki\Block\SystemBlock
;
18 use MediaWiki\MediaWikiServices
;
19 use MediaWiki\Permissions\PermissionManager
;
20 use Wikimedia\TestingAccessWrapper
;
25 * @covers \MediaWiki\Permissions\PermissionManager
27 class PermissionManagerTest
extends MediaWikiLangTestCase
{
32 protected $userName, $altUserName;
42 protected $user, $anonUser, $userUser, $altUser;
45 * @var PermissionManager
47 protected $permissionManager;
49 /** Constant for self::testIsBlockedFrom */
50 const USER_TALK_PAGE
= '<user talk page>';
52 protected function setUp() {
56 $localOffset = date( 'Z' ) / 60;
58 $this->setMwGlobals( [
59 'wgLocaltimezone' => $localZone,
60 'wgLocalTZoffset' => $localOffset,
61 'wgNamespaceProtection' => [
62 NS_MEDIAWIKI
=> 'editinterface',
64 'wgRevokePermissions' => [
69 'wgAvailableRights' => [
79 $this->setGroupPermissions( 'unittesters', 'test', true );
80 $this->setGroupPermissions( 'unittesters', 'runtest', true );
81 $this->setGroupPermissions( 'unittesters', 'writetest', false );
82 $this->setGroupPermissions( 'unittesters', 'nukeworld', false );
84 $this->setGroupPermissions( 'testwriters', 'test', true );
85 $this->setGroupPermissions( 'testwriters', 'writetest', true );
86 $this->setGroupPermissions( 'testwriters', 'modifytest', true );
88 $this->setGroupPermissions( '*', 'editmyoptions', true );
90 // Without this testUserBlock will use a non-English context on non-English MediaWiki
91 // installations (because of how Title::checkUserBlock is implemented) and fail.
92 RequestContext
::resetMain();
94 $this->userName
= 'Useruser';
95 $this->altUserName
= 'Altuseruser';
96 date_default_timezone_set( $localZone );
98 $this->title
= Title
::makeTitle( NS_MAIN
, "Main Page" );
99 if ( !isset( $this->userUser
) ||
!( $this->userUser
instanceof User
) ) {
100 $this->userUser
= User
::newFromName( $this->userName
);
102 if ( !$this->userUser
->getId() ) {
103 $this->userUser
= User
::createNew( $this->userName
, [
104 "email" => "test@example.com",
105 "real_name" => "Test User" ] );
106 $this->userUser
->load();
109 $this->altUser
= User
::newFromName( $this->altUserName
);
110 if ( !$this->altUser
->getId() ) {
111 $this->altUser
= User
::createNew( $this->altUserName
, [
112 "email" => "alttest@example.com",
113 "real_name" => "Test User Alt" ] );
114 $this->altUser
->load();
117 $this->anonUser
= User
::newFromId( 0 );
119 $this->user
= $this->userUser
;
122 $this->overrideMwServices();
125 public function tearDown() {
127 $this->restoreMwServices();
130 protected function setTitle( $ns, $title = "Main_Page" ) {
131 $this->title
= Title
::makeTitle( $ns, $title );
134 protected function setUser( $userName = null ) {
135 if ( $userName === 'anon' ) {
136 $this->user
= $this->anonUser
;
137 } elseif ( $userName === null ||
$userName === $this->userName
) {
138 $this->user
= $this->userUser
;
140 $this->user
= $this->altUser
;
142 $this->overrideMwServices();
146 * @todo This test method should be split up into separate test methods and
149 * This test is failing per T201776.
152 * @covers \MediaWiki\Permissions\PermissionManager::checkQuickPermissions
154 public function testQuickPermissions() {
155 $prefix = MediaWikiServices
::getInstance()->getContentLanguage()->
156 getFormattedNsText( NS_PROJECT
);
158 $this->setUser( 'anon' );
159 $this->setTitle( NS_TALK
);
160 $this->overrideUserPermissions( $this->user
, "createtalk" );
161 $res = MediaWikiServices
::getInstance()->getPermissionManager()
162 ->getPermissionErrors( 'create', $this->user
, $this->title
);
163 $this->assertEquals( [], $res );
165 $this->setTitle( NS_TALK
);
166 $this->overrideUserPermissions( $this->user
, "createpage" );
167 $res = MediaWikiServices
::getInstance()->getPermissionManager()
168 ->getPermissionErrors( 'create', $this->user
, $this->title
);
169 $this->assertEquals( [ [ "nocreatetext" ] ], $res );
171 $this->setTitle( NS_TALK
);
172 $this->overrideUserPermissions( $this->user
, "" );
173 $res = MediaWikiServices
::getInstance()->getPermissionManager()
174 ->getPermissionErrors( 'create', $this->user
, $this->title
);
175 $this->assertEquals( [ [ 'nocreatetext' ] ], $res );
177 $this->setTitle( NS_MAIN
);
178 $this->overrideUserPermissions( $this->user
, "createpage" );
179 $res = MediaWikiServices
::getInstance()->getPermissionManager()
180 ->getPermissionErrors( 'create', $this->user
, $this->title
);
181 $this->assertEquals( [], $res );
183 $this->setTitle( NS_MAIN
);
184 $this->overrideUserPermissions( $this->user
, "createtalk" );
185 $res = MediaWikiServices
::getInstance()->getPermissionManager()
186 ->getPermissionErrors( 'create', $this->user
, $this->title
);
187 $this->assertEquals( [ [ 'nocreatetext' ] ], $res );
189 $this->setUser( $this->userName
);
190 $this->setTitle( NS_TALK
);
191 $this->overrideUserPermissions( $this->user
, "createtalk" );
192 $res = MediaWikiServices
::getInstance()->getPermissionManager()
193 ->getPermissionErrors( 'create', $this->user
, $this->title
);
194 $this->assertEquals( [], $res );
196 $this->setTitle( NS_TALK
);
197 $this->overrideUserPermissions( $this->user
, "createpage" );
198 $res = MediaWikiServices
::getInstance()->getPermissionManager()
199 ->getPermissionErrors( 'create', $this->user
, $this->title
);
200 $this->assertEquals( [ [ 'nocreate-loggedin' ] ], $res );
202 $this->setTitle( NS_TALK
);
203 $this->overrideUserPermissions( $this->user
, "" );
204 $res = MediaWikiServices
::getInstance()->getPermissionManager()
205 ->getPermissionErrors( 'create', $this->user
, $this->title
);
206 $this->assertEquals( [ [ 'nocreate-loggedin' ] ], $res );
208 $this->setTitle( NS_MAIN
);
209 $this->overrideUserPermissions( $this->user
, "createpage" );
210 $res = MediaWikiServices
::getInstance()->getPermissionManager()
211 ->getPermissionErrors( 'create', $this->user
, $this->title
);
212 $this->assertEquals( [], $res );
214 $this->setTitle( NS_MAIN
);
215 $this->overrideUserPermissions( $this->user
, "createtalk" );
216 $res = MediaWikiServices
::getInstance()->getPermissionManager()
217 ->getPermissionErrors( 'create', $this->user
, $this->title
);
218 $this->assertEquals( [ [ 'nocreate-loggedin' ] ], $res );
220 $this->setTitle( NS_MAIN
);
221 $this->overrideUserPermissions( $this->user
, "" );
222 $res = MediaWikiServices
::getInstance()->getPermissionManager()
223 ->getPermissionErrors( 'create', $this->user
, $this->title
);
224 $this->assertEquals( [ [ 'nocreate-loggedin' ] ], $res );
226 $this->setUser( 'anon' );
227 $this->setTitle( NS_USER
, $this->userName
. '' );
228 $this->overrideUserPermissions( $this->user
, "" );
229 $res = MediaWikiServices
::getInstance()->getPermissionManager()
230 ->getPermissionErrors( 'move', $this->user
, $this->title
);
231 $this->assertEquals( [ [ 'cant-move-user-page' ], [ 'movenologintext' ] ], $res );
233 $this->setTitle( NS_USER
, $this->userName
. '/subpage' );
234 $this->overrideUserPermissions( $this->user
, "" );
235 $res = MediaWikiServices
::getInstance()->getPermissionManager()
236 ->getPermissionErrors( 'move', $this->user
, $this->title
);
237 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
239 $this->setTitle( NS_USER
, $this->userName
. '' );
240 $this->overrideUserPermissions( $this->user
, "move-rootuserpages" );
241 $res = MediaWikiServices
::getInstance()->getPermissionManager()
242 ->getPermissionErrors( 'move', $this->user
, $this->title
);
243 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
245 $this->setTitle( NS_USER
, $this->userName
. '/subpage' );
246 $this->overrideUserPermissions( $this->user
, "move-rootuserpages" );
247 $res = MediaWikiServices
::getInstance()->getPermissionManager()
248 ->getPermissionErrors( 'move', $this->user
, $this->title
);
249 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
251 $this->setTitle( NS_USER
, $this->userName
. '' );
252 $this->overrideUserPermissions( $this->user
, "" );
253 $res = MediaWikiServices
::getInstance()->getPermissionManager()
254 ->getPermissionErrors( 'move', $this->user
, $this->title
);
255 $this->assertEquals( [ [ 'cant-move-user-page' ], [ 'movenologintext' ] ], $res );
257 $this->setTitle( NS_USER
, $this->userName
. '/subpage' );
258 $this->overrideUserPermissions( $this->user
, "" );
259 $res = MediaWikiServices
::getInstance()->getPermissionManager()
260 ->getPermissionErrors( 'move', $this->user
, $this->title
);
261 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
263 $this->setTitle( NS_USER
, $this->userName
. '' );
264 $this->overrideUserPermissions( $this->user
, "move-rootuserpages" );
265 $res = MediaWikiServices
::getInstance()->getPermissionManager()
266 ->getPermissionErrors( 'move', $this->user
, $this->title
);
267 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
269 $this->setTitle( NS_USER
, $this->userName
. '/subpage' );
270 $this->overrideUserPermissions( $this->user
, "move-rootuserpages" );
271 $res = MediaWikiServices
::getInstance()->getPermissionManager()
272 ->getPermissionErrors( 'move', $this->user
, $this->title
);
273 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
275 $this->setUser( $this->userName
);
276 $this->setTitle( NS_FILE
, "img.png" );
277 $this->overrideUserPermissions( $this->user
, "" );
278 $res = MediaWikiServices
::getInstance()->getPermissionManager()
279 ->getPermissionErrors( 'move', $this->user
, $this->title
);
280 $this->assertEquals( [ [ 'movenotallowedfile' ], [ 'movenotallowed' ] ], $res );
282 $this->setTitle( NS_FILE
, "img.png" );
283 $this->overrideUserPermissions( $this->user
, "movefile" );
284 $res = MediaWikiServices
::getInstance()->getPermissionManager()
285 ->getPermissionErrors( 'move', $this->user
, $this->title
);
286 $this->assertEquals( [ [ 'movenotallowed' ] ], $res );
288 $this->setUser( 'anon' );
289 $this->setTitle( NS_FILE
, "img.png" );
290 $this->overrideUserPermissions( $this->user
, "" );
291 $res = MediaWikiServices
::getInstance()->getPermissionManager()
292 ->getPermissionErrors( 'move', $this->user
, $this->title
);
293 $this->assertEquals( [ [ 'movenotallowedfile' ], [ 'movenologintext' ] ], $res );
295 $this->setTitle( NS_FILE
, "img.png" );
296 $this->overrideUserPermissions( $this->user
, "movefile" );
297 $res = MediaWikiServices
::getInstance()->getPermissionManager()
298 ->getPermissionErrors( 'move', $this->user
, $this->title
);
299 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
301 $this->setUser( $this->userName
);
302 // $this->setUserPerm( "move" );
303 $this->runGroupPermissions( 'move', 'move', [ [ 'movenotallowedfile' ] ] );
305 // $this->setUserPerm( "" );
306 $this->runGroupPermissions(
309 [ [ 'movenotallowedfile' ], [ 'movenotallowed' ] ]
312 $this->setUser( 'anon' );
313 //$this->setUserPerm( "move" );
314 $this->runGroupPermissions( 'move', 'move', [ [ 'movenotallowedfile' ] ] );
316 // $this->setUserPerm( "" );
317 $this->runGroupPermissions(
320 [ [ 'movenotallowedfile' ], [ 'movenotallowed' ] ],
321 [ [ 'movenotallowedfile' ], [ 'movenologintext' ] ]
324 if ( $this->isWikitextNS( NS_MAIN
) ) {
325 // NOTE: some content models don't allow moving
326 // @todo find a Wikitext namespace for testing
328 $this->setTitle( NS_MAIN
);
329 $this->setUser( 'anon' );
330 // $this->setUserPerm( "move" );
331 $this->runGroupPermissions( 'move', 'move', [] );
333 // $this->setUserPerm( "" );
334 $this->runGroupPermissions( '', 'move', [ [ 'movenotallowed' ] ],
335 [ [ 'movenologintext' ] ] );
337 $this->setUser( $this->userName
);
338 // $this->setUserPerm( "" );
339 $this->runGroupPermissions( '', 'move', [ [ 'movenotallowed' ] ] );
341 //$this->setUserPerm( "move" );
342 $this->runGroupPermissions( 'move', 'move', [] );
344 $this->setUser( 'anon' );
345 $this->overrideUserPermissions( $this->user
, 'move' );
346 $res = MediaWikiServices
::getInstance()->getPermissionManager()
347 ->getPermissionErrors( 'move-target', $this->user
, $this->title
);
348 $this->assertEquals( [], $res );
350 $this->overrideUserPermissions( $this->user
, '' );
351 $res = MediaWikiServices
::getInstance()->getPermissionManager()
352 ->getPermissionErrors( 'move-target', $this->user
, $this->title
);
353 $this->assertEquals( [ [ 'movenotallowed' ] ], $res );
356 $this->setTitle( NS_USER
);
357 $this->setUser( $this->userName
);
358 $this->overrideUserPermissions( $this->user
, [ "move", "move-rootuserpages" ] );
359 $res = MediaWikiServices
::getInstance()->getPermissionManager()
360 ->getPermissionErrors( 'move-target', $this->user
, $this->title
);
361 $this->assertEquals( [], $res );
363 $this->overrideUserPermissions( $this->user
, "move" );
364 $res = MediaWikiServices
::getInstance()->getPermissionManager()
365 ->getPermissionErrors( 'move-target', $this->user
, $this->title
);
366 $this->assertEquals( [ [ 'cant-move-to-user-page' ] ], $res );
368 $this->setUser( 'anon' );
369 $this->overrideUserPermissions( $this->user
, [ "move", "move-rootuserpages" ] );
370 $res = MediaWikiServices
::getInstance()->getPermissionManager()
371 ->getPermissionErrors( 'move-target', $this->user
, $this->title
);
372 $this->assertEquals( [], $res );
374 $this->setTitle( NS_USER
, "User/subpage" );
375 $this->overrideUserPermissions( $this->user
, [ "move", "move-rootuserpages" ] );
376 $res = MediaWikiServices
::getInstance()->getPermissionManager()
377 ->getPermissionErrors( 'move-target', $this->user
, $this->title
);
378 $this->assertEquals( [], $res );
380 $this->overrideUserPermissions( $this->user
, "move" );
381 $res = MediaWikiServices
::getInstance()->getPermissionManager()
382 ->getPermissionErrors( 'move-target', $this->user
, $this->title
);
383 $this->assertEquals( [], $res );
385 $this->setUser( 'anon' );
388 [ [ 'badaccess-groups', "*, [[$prefix:Users|Users]]", 2 ] ],
389 [ [ 'badaccess-group0' ] ],
396 "[[$prefix:Administrators|Administrators]]", 1 ],
399 [ [ 'badaccess-group0' ], [ 'protect-cantedit' ] ],
400 [ [ 'protect-cantedit' ] ],
403 '' => [ [], [], [], true ]
406 foreach ( [ "edit", "protect", "" ] as $action ) {
407 $this->overrideUserPermissions( $this->user
);
408 $this->assertEquals( $check[$action][0],
409 MediaWikiServices
::getInstance()->getPermissionManager()
410 ->getPermissionErrors( $action, $this->user
, $this->title
, true ) );
411 $this->assertEquals( $check[$action][0],
412 MediaWikiServices
::getInstance()->getPermissionManager()
413 ->getPermissionErrors( $action, $this->user
, $this->title
, 'full' ) );
414 $this->assertEquals( $check[$action][0],
415 MediaWikiServices
::getInstance()->getPermissionManager()
416 ->getPermissionErrors( $action, $this->user
, $this->title
, 'secure' ) );
418 global $wgGroupPermissions;
419 $old = $wgGroupPermissions;
420 $wgGroupPermissions = [];
421 $this->overrideMwServices();
423 $this->assertEquals( $check[$action][1],
424 MediaWikiServices
::getInstance()->getPermissionManager()
425 ->getPermissionErrors( $action, $this->user
, $this->title
, true ) );
426 $this->assertEquals( $check[$action][1],
427 MediaWikiServices
::getInstance()->getPermissionManager()
428 ->getPermissionErrors( $action, $this->user
, $this->title
, 'full' ) );
429 $this->assertEquals( $check[$action][1],
430 MediaWikiServices
::getInstance()->getPermissionManager()
431 ->getPermissionErrors( $action, $this->user
, $this->title
, 'secure' ) );
432 $wgGroupPermissions = $old;
433 $this->overrideMwServices();
435 $this->overrideUserPermissions( $this->user
, $action );
436 $this->assertEquals( $check[$action][2],
437 MediaWikiServices
::getInstance()->getPermissionManager()
438 ->getPermissionErrors( $action, $this->user
, $this->title
, true ) );
439 $this->assertEquals( $check[$action][2],
440 MediaWikiServices
::getInstance()->getPermissionManager()
441 ->getPermissionErrors( $action, $this->user
, $this->title
, 'full' ) );
442 $this->assertEquals( $check[$action][2],
443 MediaWikiServices
::getInstance()->getPermissionManager()
444 ->getPermissionErrors( $action, $this->user
, $this->title
, 'secure' ) );
446 $this->overrideUserPermissions( $this->user
, $action );
447 $this->assertEquals( $check[$action][3],
448 MediaWikiServices
::getInstance()->getPermissionManager()
449 ->userCan( $action, $this->user
, $this->title
, true ) );
450 $this->assertEquals( $check[$action][3],
451 MediaWikiServices
::getInstance()->getPermissionManager()
452 ->userCan( $action, $this->user
, $this->title
,
453 PermissionManager
::RIGOR_QUICK
) );
454 # count( User::getGroupsWithPermissions( $action ) ) < 1
458 protected function runGroupPermissions( $perm, $action, $result, $result2 = null ) {
459 global $wgGroupPermissions;
461 if ( $result2 === null ) {
465 $wgGroupPermissions['autoconfirmed']['move'] = false;
466 $wgGroupPermissions['user']['move'] = false;
467 $this->overrideMwServices();
468 $this->overrideUserPermissions( $this->user
, $perm );
469 $res = MediaWikiServices
::getInstance()->getPermissionManager()
470 ->getPermissionErrors( $action, $this->user
, $this->title
);
471 $this->assertEquals( $result, $res );
473 $wgGroupPermissions['autoconfirmed']['move'] = true;
474 $wgGroupPermissions['user']['move'] = false;
475 $this->overrideMwServices();
476 $this->overrideUserPermissions( $this->user
, $perm );
477 $res = MediaWikiServices
::getInstance()->getPermissionManager()
478 ->getPermissionErrors( $action, $this->user
, $this->title
);
479 $this->assertEquals( $result2, $res );
481 $wgGroupPermissions['autoconfirmed']['move'] = true;
482 $wgGroupPermissions['user']['move'] = true;
483 $this->overrideMwServices();
484 $this->overrideUserPermissions( $this->user
, $perm );
485 $res = MediaWikiServices
::getInstance()->getPermissionManager()
486 ->getPermissionErrors( $action, $this->user
, $this->title
);
487 $this->assertEquals( $result2, $res );
489 $wgGroupPermissions['autoconfirmed']['move'] = false;
490 $wgGroupPermissions['user']['move'] = true;
491 $this->overrideMwServices();
492 $this->overrideUserPermissions( $this->user
, $perm );
493 $res = MediaWikiServices
::getInstance()->getPermissionManager()
494 ->getPermissionErrors( $action, $this->user
, $this->title
);
495 $this->assertEquals( $result2, $res );
499 * @todo This test method should be split up into separate test methods and
501 * @covers MediaWiki\Permissions\PermissionManager::checkSpecialsAndNSPermissions
503 public function testSpecialsAndNSPermissions() {
504 global $wgNamespaceProtection;
505 $this->setUser( $this->userName
);
507 $this->setTitle( NS_SPECIAL
);
509 $this->assertEquals( [ [ 'badaccess-group0' ], [ 'ns-specialprotected' ] ],
510 MediaWikiServices
::getInstance()->getPermissionManager()
511 ->getPermissionErrors( 'bogus', $this->user
, $this->title
) );
513 $this->setTitle( NS_MAIN
);
514 $this->overrideUserPermissions( $this->user
, 'bogus' );
515 $this->assertEquals( [],
516 MediaWikiServices
::getInstance()->getPermissionManager()
517 ->getPermissionErrors( 'bogus', $this->user
, $this->title
) );
519 $this->setTitle( NS_MAIN
);
520 $this->overrideUserPermissions( $this->user
, '' );
521 $this->assertEquals( [ [ 'badaccess-group0' ] ],
522 MediaWikiServices
::getInstance()->getPermissionManager()
523 ->getPermissionErrors( 'bogus', $this->user
, $this->title
) );
525 $wgNamespaceProtection[NS_USER
] = [ 'bogus' ];
527 $this->setTitle( NS_USER
);
528 $this->overrideUserPermissions( $this->user
, '' );
529 $this->assertEquals( [ [ 'badaccess-group0' ],
530 [ 'namespaceprotected', 'User', 'bogus' ] ],
531 MediaWikiServices
::getInstance()->getPermissionManager()
532 ->getPermissionErrors( 'bogus', $this->user
, $this->title
) );
534 $this->setTitle( NS_MEDIAWIKI
);
535 $this->overrideUserPermissions( $this->user
, 'bogus' );
536 $this->assertEquals( [ [ 'protectedinterface', 'bogus' ] ],
537 MediaWikiServices
::getInstance()->getPermissionManager()
538 ->getPermissionErrors( 'bogus', $this->user
, $this->title
) );
540 $this->setTitle( NS_MEDIAWIKI
);
541 $this->overrideUserPermissions( $this->user
, 'bogus' );
542 $this->assertEquals( [ [ 'protectedinterface', 'bogus' ] ],
543 MediaWikiServices
::getInstance()->getPermissionManager()
544 ->getPermissionErrors( 'bogus', $this->user
, $this->title
) );
546 $wgNamespaceProtection = null;
548 $this->overrideUserPermissions( $this->user
, 'bogus' );
549 $this->assertEquals( [],
550 MediaWikiServices
::getInstance()->getPermissionManager()
551 ->getPermissionErrors( 'bogus', $this->user
, $this->title
) );
552 $this->assertEquals( true,
553 MediaWikiServices
::getInstance()->getPermissionManager()
554 ->userCan( 'bogus', $this->user
, $this->title
) );
556 $this->overrideUserPermissions( $this->user
, '' );
557 $this->assertEquals( [ [ 'badaccess-group0' ] ],
558 MediaWikiServices
::getInstance()->getPermissionManager()
559 ->getPermissionErrors( 'bogus', $this->user
, $this->title
) );
560 $this->assertEquals( false,
561 MediaWikiServices
::getInstance()->getPermissionManager()
562 ->userCan( 'bogus', $this->user
, $this->title
) );
566 * @todo This test method should be split up into separate test methods and
568 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
570 public function testJsConfigEditPermissions() {
571 $this->setUser( $this->userName
);
573 $this->setTitle( NS_USER
, $this->userName
. '/test.js' );
574 $this->runConfigEditPermissions(
575 [ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
577 [ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
578 [ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
579 [ [ 'badaccess-group0' ] ],
581 [ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
582 [ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
583 [ [ 'badaccess-group0' ] ],
584 [ [ 'badaccess-groups' ] ]
589 * @todo This test method should be split up into separate test methods and
591 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
593 public function testJsonConfigEditPermissions() {
594 $prefix = MediaWikiServices
::getInstance()->getContentLanguage()->
595 getFormattedNsText( NS_PROJECT
);
596 $this->setUser( $this->userName
);
598 $this->setTitle( NS_USER
, $this->userName
. '/test.json' );
599 $this->runConfigEditPermissions(
600 [ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
602 [ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
603 [ [ 'badaccess-group0' ] ],
604 [ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
606 [ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
607 [ [ 'badaccess-group0' ] ],
608 [ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
609 [ [ 'badaccess-groups' ] ]
614 * @todo This test method should be split up into separate test methods and
616 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
618 public function testCssConfigEditPermissions() {
619 $this->setUser( $this->userName
);
621 $this->setTitle( NS_USER
, $this->userName
. '/test.css' );
622 $this->runConfigEditPermissions(
623 [ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
625 [ [ 'badaccess-group0' ] ],
626 [ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
627 [ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
629 [ [ 'badaccess-group0' ] ],
630 [ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
631 [ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
632 [ [ 'badaccess-groups' ] ]
637 * @todo This test method should be split up into separate test methods and
639 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
641 public function testOtherJsConfigEditPermissions() {
642 $this->setUser( $this->userName
);
644 $this->setTitle( NS_USER
, $this->altUserName
. '/test.js' );
645 $this->runConfigEditPermissions(
646 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
648 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
649 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
650 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
652 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
653 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
654 [ [ 'badaccess-group0' ] ],
655 [ [ 'badaccess-groups' ] ]
660 * @todo This test method should be split up into separate test methods and
662 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
664 public function testOtherJsonConfigEditPermissions() {
665 $this->setUser( $this->userName
);
667 $this->setTitle( NS_USER
, $this->altUserName
. '/test.json' );
668 $this->runConfigEditPermissions(
669 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
671 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
672 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
673 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
675 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
676 [ [ 'badaccess-group0' ] ],
677 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
678 [ [ 'badaccess-groups' ] ]
683 * @todo This test method should be split up into separate test methods and
685 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
687 public function testOtherCssConfigEditPermissions() {
688 $this->setUser( $this->userName
);
690 $this->setTitle( NS_USER
, $this->altUserName
. '/test.css' );
691 $this->runConfigEditPermissions(
692 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
694 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
695 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
696 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
698 [ [ 'badaccess-group0' ] ],
699 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
700 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
701 [ [ 'badaccess-groups' ] ]
706 * @todo This test method should be split up into separate test methods and
708 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
710 public function testOtherNonConfigEditPermissions() {
711 $this->setUser( $this->userName
);
713 $this->setTitle( NS_USER
, $this->altUserName
. '/tempo' );
714 $this->runConfigEditPermissions(
715 [ [ 'badaccess-group0' ] ],
717 [ [ 'badaccess-group0' ] ],
718 [ [ 'badaccess-group0' ] ],
719 [ [ 'badaccess-group0' ] ],
721 [ [ 'badaccess-group0' ] ],
722 [ [ 'badaccess-group0' ] ],
723 [ [ 'badaccess-group0' ] ],
724 [ [ 'badaccess-groups' ] ]
729 * @todo This should use data providers like the other methods here.
730 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
732 public function testPatrolActionConfigEditPermissions() {
733 $this->setUser( 'anon' );
734 $this->setTitle( NS_USER
, 'ToPatrolOrNotToPatrol' );
735 $this->runConfigEditPermissions(
736 [ [ 'badaccess-group0' ] ],
738 [ [ 'badaccess-group0' ] ],
739 [ [ 'badaccess-group0' ] ],
740 [ [ 'badaccess-group0' ] ],
742 [ [ 'badaccess-group0' ] ],
743 [ [ 'badaccess-group0' ] ],
744 [ [ 'badaccess-group0' ] ],
745 [ [ 'badaccess-groups' ] ]
749 protected function runConfigEditPermissions(
759 $this->overrideUserPermissions( $this->user
);
760 $result = MediaWikiServices
::getInstance()->getPermissionManager()
761 ->getPermissionErrors( 'bogus', $this->user
, $this->title
);
762 $this->assertEquals( $resultNone, $result );
764 $this->overrideUserPermissions( $this->user
, 'editmyusercss' );
765 $result = MediaWikiServices
::getInstance()->getPermissionManager()
766 ->getPermissionErrors( 'bogus', $this->user
, $this->title
);
767 $this->assertEquals( $resultMyCss, $result );
769 $this->overrideUserPermissions( $this->user
, 'editmyuserjson' );
770 $result = MediaWikiServices
::getInstance()->getPermissionManager()
771 ->getPermissionErrors( 'bogus', $this->user
, $this->title
);
772 $this->assertEquals( $resultMyJson, $result );
774 $this->overrideUserPermissions( $this->user
, 'editmyuserjs' );
775 $result = MediaWikiServices
::getInstance()->getPermissionManager()
776 ->getPermissionErrors( 'bogus', $this->user
, $this->title
);
777 $this->assertEquals( $resultMyJs, $result );
779 $this->overrideUserPermissions( $this->user
, 'editusercss' );
780 $result = MediaWikiServices
::getInstance()->getPermissionManager()
781 ->getPermissionErrors( 'bogus', $this->user
, $this->title
);
782 $this->assertEquals( $resultUserCss, $result );
784 $this->overrideUserPermissions( $this->user
, 'edituserjson' );
785 $result = MediaWikiServices
::getInstance()->getPermissionManager()
786 ->getPermissionErrors( 'bogus', $this->user
, $this->title
);
787 $this->assertEquals( $resultUserJson, $result );
789 $this->overrideUserPermissions( $this->user
, 'edituserjs' );
790 $result = MediaWikiServices
::getInstance()->getPermissionManager()
791 ->getPermissionErrors( 'bogus', $this->user
, $this->title
);
792 $this->assertEquals( $resultUserJs, $result );
794 $this->overrideUserPermissions( $this->user
);
795 $result = MediaWikiServices
::getInstance()->getPermissionManager()
796 ->getPermissionErrors( 'patrol', $this->user
, $this->title
);
797 $this->assertEquals( reset( $resultPatrol[0] ), reset( $result[0] ) );
799 $this->overrideUserPermissions( $this->user
, [ 'edituserjs', 'edituserjson', 'editusercss' ] );
800 $result = MediaWikiServices
::getInstance()->getPermissionManager()
801 ->getPermissionErrors( 'bogus', $this->user
, $this->title
);
802 $this->assertEquals( [ [ 'badaccess-group0' ] ], $result );
806 * @todo This test method should be split up into separate test methods and
809 * This test is failing per T201776.
812 * @covers \MediaWiki\Permissions\PermissionManager::checkPageRestrictions
814 public function testPageRestrictions() {
815 $prefix = MediaWikiServices
::getInstance()->getContentLanguage()->
816 getFormattedNsText( NS_PROJECT
);
818 $this->setTitle( NS_MAIN
);
819 $this->title
->mRestrictionsLoaded
= true;
820 $this->overrideUserPermissions( $this->user
, "edit" );
821 $this->title
->mRestrictions
= [ "bogus" => [ 'bogus', "sysop", "protect", "" ] ];
823 $this->assertEquals( [],
824 MediaWikiServices
::getInstance()->getPermissionManager()
825 ->getPermissionErrors( 'edit', $this->user
, $this->title
) );
827 $this->assertEquals( true,
828 MediaWikiServices
::getInstance()->getPermissionManager()
829 ->userCan( 'edit', $this->user
, $this->title
, PermissionManager
::RIGOR_QUICK
) );
831 $this->title
->mRestrictions
= [ "edit" => [ 'bogus', "sysop", "protect", "" ],
832 "bogus" => [ 'bogus', "sysop", "protect", "" ] ];
834 $this->assertEquals( [ [ 'badaccess-group0' ],
835 [ 'protectedpagetext', 'bogus', 'bogus' ],
836 [ 'protectedpagetext', 'editprotected', 'bogus' ],
837 [ 'protectedpagetext', 'protect', 'bogus' ] ],
838 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
839 'bogus', $this->user
, $this->title
) );
840 $this->assertEquals( [ [ 'protectedpagetext', 'bogus', 'edit' ],
841 [ 'protectedpagetext', 'editprotected', 'edit' ],
842 [ 'protectedpagetext', 'protect', 'edit' ] ],
843 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
844 'edit', $this->user
, $this->title
) );
845 $this->overrideUserPermissions( $this->user
);
846 $this->assertEquals( [ [ 'badaccess-group0' ],
847 [ 'protectedpagetext', 'bogus', 'bogus' ],
848 [ 'protectedpagetext', 'editprotected', 'bogus' ],
849 [ 'protectedpagetext', 'protect', 'bogus' ] ],
850 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
851 'bogus', $this->user
, $this->title
) );
852 $this->assertEquals( [ [ 'badaccess-groups', "*, [[$prefix:Users|Users]]", 2 ],
853 [ 'protectedpagetext', 'bogus', 'edit' ],
854 [ 'protectedpagetext', 'editprotected', 'edit' ],
855 [ 'protectedpagetext', 'protect', 'edit' ] ],
856 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
857 'edit', $this->user
, $this->title
) );
858 $this->overrideUserPermissions( $this->user
, [ "edit", "editprotected" ] );
859 $this->assertEquals( [ [ 'badaccess-group0' ],
860 [ 'protectedpagetext', 'bogus', 'bogus' ],
861 [ 'protectedpagetext', 'protect', 'bogus' ] ],
862 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
863 'bogus', $this->user
, $this->title
) );
864 $this->assertEquals( [
865 [ 'protectedpagetext', 'bogus', 'edit' ],
866 [ 'protectedpagetext', 'protect', 'edit' ] ],
867 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
868 'edit', $this->user
, $this->title
) );
870 $this->title
->mCascadeRestriction
= true;
871 $this->overrideUserPermissions( $this->user
, "edit" );
873 $this->assertEquals( false,
874 MediaWikiServices
::getInstance()->getPermissionManager()
875 ->userCan( 'bogus', $this->user
, $this->title
, PermissionManager
::RIGOR_QUICK
) );
877 $this->assertEquals( false,
878 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
879 'edit', $this->user
, $this->title
, PermissionManager
::RIGOR_QUICK
) );
881 $this->assertEquals( [ [ 'badaccess-group0' ],
882 [ 'protectedpagetext', 'bogus', 'bogus' ],
883 [ 'protectedpagetext', 'editprotected', 'bogus' ],
884 [ 'protectedpagetext', 'protect', 'bogus' ] ],
885 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
886 'bogus', $this->user
, $this->title
) );
887 $this->assertEquals( [ [ 'protectedpagetext', 'bogus', 'edit' ],
888 [ 'protectedpagetext', 'editprotected', 'edit' ],
889 [ 'protectedpagetext', 'protect', 'edit' ] ],
890 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
891 'edit', $this->user
, $this->title
) );
893 $this->overrideUserPermissions( $this->user
, [ "edit", "editprotected" ] );
894 $this->assertEquals( false,
895 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
896 'bogus', $this->user
, $this->title
, PermissionManager
::RIGOR_QUICK
) );
898 $this->assertEquals( false,
899 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
900 'edit', $this->user
, $this->title
, PermissionManager
::RIGOR_QUICK
) );
902 $this->assertEquals( [ [ 'badaccess-group0' ],
903 [ 'protectedpagetext', 'bogus', 'bogus' ],
904 [ 'protectedpagetext', 'protect', 'bogus' ],
905 [ 'protectedpagetext', 'protect', 'bogus' ] ],
906 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
907 'bogus', $this->user
, $this->title
) );
908 $this->assertEquals( [ [ 'protectedpagetext', 'bogus', 'edit' ],
909 [ 'protectedpagetext', 'protect', 'edit' ],
910 [ 'protectedpagetext', 'protect', 'edit' ] ],
911 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
912 'edit', $this->user
, $this->title
) );
916 * @covers \MediaWiki\Permissions\PermissionManager::checkCascadingSourcesRestrictions
918 public function testCascadingSourcesRestrictions() {
919 $this->setTitle( NS_MAIN
, "test page" );
920 $this->overrideUserPermissions( $this->user
, [ "edit", "bogus" ] );
922 $this->title
->mCascadeSources
= [
923 Title
::makeTitle( NS_MAIN
, "Bogus" ),
924 Title
::makeTitle( NS_MAIN
, "UnBogus" )
926 $this->title
->mCascadingRestrictions
= [
927 "bogus" => [ 'bogus', "sysop", "protect", "" ]
930 $this->assertEquals( false,
931 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
932 'bogus', $this->user
, $this->title
) );
933 $this->assertEquals( [
934 [ "cascadeprotected", 2, "* [[:Bogus]]\n* [[:UnBogus]]\n", 'bogus' ],
935 [ "cascadeprotected", 2, "* [[:Bogus]]\n* [[:UnBogus]]\n", 'bogus' ],
936 [ "cascadeprotected", 2, "* [[:Bogus]]\n* [[:UnBogus]]\n", 'bogus' ] ],
937 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
938 'bogus', $this->user
, $this->title
) );
940 $this->assertEquals( true,
941 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
942 'edit', $this->user
, $this->title
) );
943 $this->assertEquals( [],
944 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
945 'edit', $this->user
, $this->title
) );
949 * @todo This test method should be split up into separate test methods and
951 * @covers \MediaWiki\Permissions\PermissionManager::checkActionPermissions
953 public function testActionPermissions() {
954 $this->overrideUserPermissions( $this->user
, [ "createpage" ] );
955 $this->setTitle( NS_MAIN
, "test page" );
956 $this->title
->mTitleProtection
['permission'] = '';
957 $this->title
->mTitleProtection
['user'] = $this->user
->getId();
958 $this->title
->mTitleProtection
['expiry'] = 'infinity';
959 $this->title
->mTitleProtection
['reason'] = 'test';
960 $this->title
->mCascadeRestriction
= false;
962 $this->assertEquals( [ [ 'titleprotected', 'Useruser', 'test' ] ],
963 MediaWikiServices
::getInstance()->getPermissionManager()
964 ->getPermissionErrors( 'create', $this->user
, $this->title
) );
965 $this->assertEquals( false,
966 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
967 'create', $this->user
, $this->title
) );
969 $this->title
->mTitleProtection
['permission'] = 'editprotected';
970 $this->overrideUserPermissions( $this->user
, [ 'createpage', 'protect' ] );
971 $this->assertEquals( [ [ 'titleprotected', 'Useruser', 'test' ] ],
972 MediaWikiServices
::getInstance()->getPermissionManager()
973 ->getPermissionErrors( 'create', $this->user
, $this->title
) );
974 $this->assertEquals( false,
975 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
976 'create', $this->user
, $this->title
) );
978 $this->overrideUserPermissions( $this->user
, [ 'createpage', 'editprotected' ] );
979 $this->assertEquals( [],
980 MediaWikiServices
::getInstance()->getPermissionManager()
981 ->getPermissionErrors( 'create', $this->user
, $this->title
) );
982 $this->assertEquals( true,
983 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
984 'create', $this->user
, $this->title
) );
986 $this->overrideUserPermissions( $this->user
, [ 'createpage' ] );
987 $this->assertEquals( [ [ 'titleprotected', 'Useruser', 'test' ] ],
988 MediaWikiServices
::getInstance()->getPermissionManager()
989 ->getPermissionErrors( 'create', $this->user
, $this->title
) );
990 $this->assertEquals( false,
991 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
992 'create', $this->user
, $this->title
) );
994 $this->setTitle( NS_MEDIA
, "test page" );
995 $this->overrideUserPermissions( $this->user
, [ "move" ] );
996 $this->assertEquals( false,
997 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
998 'move', $this->user
, $this->title
) );
999 $this->assertEquals( [ [ 'immobile-source-namespace', 'Media' ] ],
1000 MediaWikiServices
::getInstance()->getPermissionManager()
1001 ->getPermissionErrors( 'move', $this->user
, $this->title
) );
1003 $this->setTitle( NS_HELP
, "test page" );
1004 $this->assertEquals( [],
1005 MediaWikiServices
::getInstance()->getPermissionManager()
1006 ->getPermissionErrors( 'move', $this->user
, $this->title
) );
1007 $this->assertEquals( true,
1008 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
1009 'move', $this->user
, $this->title
) );
1011 $this->title
->mInterwiki
= "no";
1012 $this->assertEquals( [ [ 'immobile-source-page' ] ],
1013 MediaWikiServices
::getInstance()->getPermissionManager()
1014 ->getPermissionErrors( 'move', $this->user
, $this->title
) );
1015 $this->assertEquals( false,
1016 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
1017 'move', $this->user
, $this->title
) );
1019 $this->setTitle( NS_MEDIA
, "test page" );
1020 $this->assertEquals( false,
1021 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
1022 'move-target', $this->user
, $this->title
) );
1023 $this->assertEquals( [ [ 'immobile-target-namespace', 'Media' ] ],
1024 MediaWikiServices
::getInstance()->getPermissionManager()
1025 ->getPermissionErrors( 'move-target', $this->user
, $this->title
) );
1027 $this->setTitle( NS_HELP
, "test page" );
1028 $this->assertEquals( [],
1029 MediaWikiServices
::getInstance()->getPermissionManager()
1030 ->getPermissionErrors( 'move-target', $this->user
, $this->title
) );
1031 $this->assertEquals( true,
1032 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
1033 'move-target', $this->user
, $this->title
) );
1035 $this->title
->mInterwiki
= "no";
1036 $this->assertEquals( [ [ 'immobile-target-page' ] ],
1037 MediaWikiServices
::getInstance()->getPermissionManager()
1038 ->getPermissionErrors( 'move-target', $this->user
, $this->title
) );
1039 $this->assertEquals( false,
1040 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
1041 'move-target', $this->user
, $this->title
) );
1045 * @covers \MediaWiki\Permissions\PermissionManager::checkUserBlock
1047 public function testUserBlock() {
1048 $this->setMwGlobals( [
1049 'wgEmailConfirmToEdit' => true,
1050 'wgEmailAuthentication' => true,
1051 'wgBlockDisablesLogin' => false,
1054 $this->overrideUserPermissions( $this->user
, [
1063 $this->setTitle( NS_HELP
, "test page" );
1065 # $wgEmailConfirmToEdit only applies to 'edit' action
1066 $this->assertEquals( [],
1067 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
1068 'move-target', $this->user
, $this->title
) );
1069 $this->assertContains( [ 'confirmedittext' ],
1070 MediaWikiServices
::getInstance()->getPermissionManager()
1071 ->getPermissionErrors( 'edit', $this->user
, $this->title
) );
1073 $this->setMwGlobals( 'wgEmailConfirmToEdit', false );
1074 $this->overrideMwServices();
1075 $this->overrideUserPermissions( $this->user
, [
1085 $this->assertNotContains( [ 'confirmedittext' ],
1086 MediaWikiServices
::getInstance()->getPermissionManager()
1087 ->getPermissionErrors( 'edit', $this->user
, $this->title
) );
1089 # $wgEmailConfirmToEdit && !$user->isEmailConfirmed() && $action != 'createaccount'
1090 $this->assertEquals( [],
1091 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
1092 'move-target', $this->user
, $this->title
) );
1096 $now = time() +
120;
1097 $this->user
->mBlockedby
= $this->user
->getId();
1098 $this->user
->mBlock
= new DatabaseBlock( [
1099 'address' => '127.0.8.1',
1100 'by' => $this->user
->getId(),
1101 'reason' => 'no reason given',
1102 'timestamp' => $prev +
3600,
1106 $this->user
->mBlock
->mTimestamp
= 0;
1107 $this->assertEquals( [ [ 'autoblockedtext',
1108 '[[User:Useruser|Useruser]]', 'no reason given', '127.0.0.1',
1109 'Useruser', null, 'infinite', '127.0.8.1',
1110 $wgLang->timeanddate( wfTimestamp( TS_MW
, $prev ), true ) ] ],
1111 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
1112 'move-target', $this->user
, $this->title
) );
1114 $this->assertEquals( false, MediaWikiServices
::getInstance()->getPermissionManager()
1115 ->userCan( 'move-target', $this->user
, $this->title
) );
1116 // quickUserCan should ignore user blocks
1117 $this->assertEquals( true, MediaWikiServices
::getInstance()->getPermissionManager()
1118 ->userCan( 'move-target', $this->user
, $this->title
,
1119 PermissionManager
::RIGOR_QUICK
) );
1121 global $wgLocalTZoffset;
1122 $wgLocalTZoffset = -60;
1123 $this->user
->mBlockedby
= $this->user
->getName();
1124 $this->user
->mBlock
= new DatabaseBlock( [
1125 'address' => '127.0.8.1',
1126 'by' => $this->user
->getId(),
1127 'reason' => 'no reason given',
1128 'timestamp' => $now,
1132 $this->assertEquals( [ [ 'blockedtext',
1133 '[[User:Useruser|Useruser]]', 'no reason given', '127.0.0.1',
1134 'Useruser', null, '23:00, 31 December 1969', '127.0.8.1',
1135 $wgLang->timeanddate( wfTimestamp( TS_MW
, $now ), true ) ] ],
1136 MediaWikiServices
::getInstance()->getPermissionManager()
1137 ->getPermissionErrors( 'move-target', $this->user
, $this->title
) );
1138 # $action != 'read' && $action != 'createaccount' && $user->isBlockedFrom( $this )
1139 # $user->blockedFor() == ''
1140 # $user->mBlock->mExpiry == 'infinity'
1142 $this->user
->mBlockedby
= $this->user
->getName();
1143 $this->user
->mBlock
= new SystemBlock( [
1144 'address' => '127.0.8.1',
1145 'by' => $this->user
->getId(),
1146 'reason' => 'no reason given',
1147 'timestamp' => $now,
1149 'systemBlock' => 'test',
1152 $errors = [ [ 'systemblockedtext',
1153 '[[User:Useruser|Useruser]]', 'no reason given', '127.0.0.1',
1154 'Useruser', 'test', 'infinite', '127.0.8.1',
1155 $wgLang->timeanddate( wfTimestamp( TS_MW
, $now ), true ) ] ];
1157 $this->assertEquals( $errors,
1158 MediaWikiServices
::getInstance()->getPermissionManager()
1159 ->getPermissionErrors( 'edit', $this->user
, $this->title
) );
1160 $this->assertEquals( $errors,
1161 MediaWikiServices
::getInstance()->getPermissionManager()
1162 ->getPermissionErrors( 'move-target', $this->user
, $this->title
) );
1163 $this->assertEquals( $errors,
1164 MediaWikiServices
::getInstance()->getPermissionManager()
1165 ->getPermissionErrors( 'rollback', $this->user
, $this->title
) );
1166 $this->assertEquals( $errors,
1167 MediaWikiServices
::getInstance()->getPermissionManager()
1168 ->getPermissionErrors( 'patrol', $this->user
, $this->title
) );
1169 $this->assertEquals( $errors,
1170 MediaWikiServices
::getInstance()->getPermissionManager()
1171 ->getPermissionErrors( 'upload', $this->user
, $this->title
) );
1172 $this->assertEquals( [],
1173 MediaWikiServices
::getInstance()->getPermissionManager()
1174 ->getPermissionErrors( 'purge', $this->user
, $this->title
) );
1176 // partial block message test
1177 $this->user
->mBlockedby
= $this->user
->getName();
1178 $this->user
->mBlock
= new DatabaseBlock( [
1179 'address' => '127.0.8.1',
1180 'by' => $this->user
->getId(),
1181 'reason' => 'no reason given',
1182 'timestamp' => $now,
1183 'sitewide' => false,
1187 $this->assertEquals( [],
1188 MediaWikiServices
::getInstance()->getPermissionManager()
1189 ->getPermissionErrors( 'edit', $this->user
, $this->title
) );
1190 $this->assertEquals( [],
1191 MediaWikiServices
::getInstance()->getPermissionManager()
1192 ->getPermissionErrors( 'move-target', $this->user
, $this->title
) );
1193 $this->assertEquals( [],
1194 MediaWikiServices
::getInstance()->getPermissionManager()
1195 ->getPermissionErrors( 'rollback', $this->user
, $this->title
) );
1196 $this->assertEquals( [],
1197 MediaWikiServices
::getInstance()->getPermissionManager()
1198 ->getPermissionErrors( 'patrol', $this->user
, $this->title
) );
1199 $this->assertEquals( [],
1200 MediaWikiServices
::getInstance()->getPermissionManager()
1201 ->getPermissionErrors( 'upload', $this->user
, $this->title
) );
1202 $this->assertEquals( [],
1203 MediaWikiServices
::getInstance()->getPermissionManager()
1204 ->getPermissionErrors( 'purge', $this->user
, $this->title
) );
1206 $this->user
->mBlock
->setRestrictions( [
1207 ( new PageRestriction( 0, $this->title
->getArticleID() ) )->setTitle( $this->title
),
1210 $errors = [ [ 'blockedtext-partial',
1211 '[[User:Useruser|Useruser]]', 'no reason given', '127.0.0.1',
1212 'Useruser', null, '23:00, 31 December 1969', '127.0.8.1',
1213 $wgLang->timeanddate( wfTimestamp( TS_MW
, $now ), true ) ] ];
1215 $this->assertEquals( $errors,
1216 MediaWikiServices
::getInstance()->getPermissionManager()
1217 ->getPermissionErrors( 'edit', $this->user
, $this->title
) );
1218 $this->assertEquals( $errors,
1219 MediaWikiServices
::getInstance()->getPermissionManager()
1220 ->getPermissionErrors( 'move-target', $this->user
, $this->title
) );
1221 $this->assertEquals( $errors,
1222 MediaWikiServices
::getInstance()->getPermissionManager()
1223 ->getPermissionErrors( 'rollback', $this->user
, $this->title
) );
1224 $this->assertEquals( $errors,
1225 MediaWikiServices
::getInstance()->getPermissionManager()
1226 ->getPermissionErrors( 'patrol', $this->user
, $this->title
) );
1227 $this->assertEquals( [],
1228 MediaWikiServices
::getInstance()->getPermissionManager()
1229 ->getPermissionErrors( 'upload', $this->user
, $this->title
) );
1230 $this->assertEquals( [],
1231 MediaWikiServices
::getInstance()->getPermissionManager()
1232 ->getPermissionErrors( 'purge', $this->user
, $this->title
) );
1235 $this->user
->mBlockedby
= null;
1236 $this->user
->mBlock
= null;
1238 $this->assertEquals( [],
1239 MediaWikiServices
::getInstance()->getPermissionManager()
1240 ->getPermissionErrors( 'edit', $this->user
, $this->title
) );
1244 * @covers \MediaWiki\Permissions\PermissionManager::checkUserBlock
1246 * Tests to determine that the passed in permission does not get mixed up with
1247 * an action of the same name.
1249 public function testUserBlockAction() {
1252 $tester = $this->getMockBuilder( Action
::class )
1253 ->disableOriginalConstructor()
1255 $tester->method( 'getName' )
1256 ->willReturn( 'tester' );
1257 $tester->method( 'getRestriction' )
1258 ->willReturn( 'test' );
1259 $tester->method( 'requiresUnblock' )
1260 ->willReturn( false );
1262 $this->setMwGlobals( [
1264 'tester' => $tester,
1266 'wgGroupPermissions' => [
1274 $this->user
->mBlockedby
= $this->user
->getName();
1275 $this->user
->mBlock
= new DatabaseBlock( [
1276 'address' => '127.0.8.1',
1277 'by' => $this->user
->getId(),
1278 'reason' => 'no reason given',
1279 'timestamp' => $now,
1281 'expiry' => 'infinity',
1284 $errors = [ [ 'blockedtext',
1285 '[[User:Useruser|Useruser]]', 'no reason given', '127.0.0.1',
1286 'Useruser', null, 'infinite', '127.0.8.1',
1287 $wgLang->timeanddate( wfTimestamp( TS_MW
, $now ), true ) ] ];
1289 $this->assertEquals( $errors,
1290 MediaWikiServices
::getInstance()->getPermissionManager()
1291 ->getPermissionErrors( 'tester', $this->user
, $this->title
) );
1295 * @covers \MediaWiki\Permissions\PermissionManager::isBlockedFrom
1297 public function testBlockInstanceCache() {
1298 // First, check the user isn't blocked
1299 $user = $this->getMutableTestUser()->getUser();
1300 $ut = Title
::makeTitle( NS_USER_TALK
, $user->getName() );
1301 $this->assertNull( $user->getBlock( false ), 'sanity check' );
1302 //$this->assertSame( '', $user->blockedBy(), 'sanity check' );
1303 //$this->assertSame( '', $user->blockedFor(), 'sanity check' );
1304 //$this->assertFalse( (bool)$user->isHidden(), 'sanity check' );
1305 $this->assertFalse( MediaWikiServices
::getInstance()->getPermissionManager()
1306 ->isBlockedFrom( $user, $ut ), 'sanity check' );
1309 $blocker = $this->getTestSysop()->getUser();
1310 $block = new DatabaseBlock( [
1312 'allowUsertalk' => false,
1313 'reason' => 'Because',
1315 $block->setTarget( $user );
1316 $block->setBlocker( $blocker );
1317 $res = $block->insert();
1318 $this->assertTrue( (bool)$res['id'], 'sanity check: Failed to insert block' );
1320 // Clear cache and confirm it loaded the block properly
1321 $user->clearInstanceCache();
1322 $this->assertInstanceOf( DatabaseBlock
::class, $user->getBlock( false ) );
1323 //$this->assertSame( $blocker->getName(), $user->blockedBy() );
1324 //$this->assertSame( 'Because', $user->blockedFor() );
1325 //$this->assertTrue( (bool)$user->isHidden() );
1326 $this->assertTrue( MediaWikiServices
::getInstance()->getPermissionManager()
1327 ->isBlockedFrom( $user, $ut ) );
1332 // Clear cache and confirm it loaded the not-blocked properly
1333 $user->clearInstanceCache();
1334 $this->assertNull( $user->getBlock( false ) );
1335 //$this->assertSame( '', $user->blockedBy() );
1336 //$this->assertSame( '', $user->blockedFor() );
1337 //$this->assertFalse( (bool)$user->isHidden() );
1338 $this->assertFalse( MediaWikiServices
::getInstance()->getPermissionManager()
1339 ->isBlockedFrom( $user, $ut ) );
1343 * @covers \MediaWiki\Permissions\PermissionManager::isBlockedFrom
1344 * @dataProvider provideIsBlockedFrom
1345 * @param string|null $title Title to test.
1346 * @param bool $expect Expected result from User::isBlockedFrom()
1347 * @param array $options Additional test options:
1348 * - 'blockAllowsUTEdit': (bool, default true) Value for $wgBlockAllowsUTEdit
1349 * - 'allowUsertalk': (bool, default false) Passed to DatabaseBlock::__construct()
1350 * - 'pageRestrictions': (array|null) If non-empty, page restriction titles for the block.
1352 public function testIsBlockedFrom( $title, $expect, array $options = [] ) {
1353 $this->setMwGlobals( [
1354 'wgBlockAllowsUTEdit' => $options['blockAllowsUTEdit'] ??
true,
1357 $user = $this->getTestUser()->getUser();
1359 if ( $title === self
::USER_TALK_PAGE
) {
1360 $title = $user->getTalkPage();
1362 $title = Title
::newFromText( $title );
1366 foreach ( $options['pageRestrictions'] ??
[] as $pagestr ) {
1367 $page = $this->getExistingTestPage(
1368 $pagestr === self
::USER_TALK_PAGE ?
$user->getTalkPage() : $pagestr
1370 $restrictions[] = new PageRestriction( 0, $page->getId() );
1372 foreach ( $options['namespaceRestrictions'] ??
[] as $ns ) {
1373 $restrictions[] = new NamespaceRestriction( 0, $ns );
1376 $block = new DatabaseBlock( [
1377 'expiry' => wfTimestamp( TS_MW
, wfTimestamp() +
( 40 * 60 * 60 ) ),
1378 'allowUsertalk' => $options['allowUsertalk'] ??
false,
1379 'sitewide' => !$restrictions,
1381 $block->setTarget( $user );
1382 $block->setBlocker( $this->getTestSysop()->getUser() );
1383 if ( $restrictions ) {
1384 $block->setRestrictions( $restrictions );
1389 $this->assertSame( $expect, MediaWikiServices
::getInstance()->getPermissionManager()
1390 ->isBlockedFrom( $user, $title ) );
1396 public static function provideIsBlockedFrom() {
1398 'Sitewide block, basic operation' => [ 'Test page', true ],
1399 'Sitewide block, not allowing user talk' => [
1400 self
::USER_TALK_PAGE
, true, [
1401 'allowUsertalk' => false,
1404 'Sitewide block, allowing user talk' => [
1405 self
::USER_TALK_PAGE
, false, [
1406 'allowUsertalk' => true,
1409 'Sitewide block, allowing user talk but $wgBlockAllowsUTEdit is false' => [
1410 self
::USER_TALK_PAGE
, true, [
1411 'allowUsertalk' => true,
1412 'blockAllowsUTEdit' => false,
1415 'Partial block, blocking the page' => [
1416 'Test page', true, [
1417 'pageRestrictions' => [ 'Test page' ],
1420 'Partial block, not blocking the page' => [
1421 'Test page 2', false, [
1422 'pageRestrictions' => [ 'Test page' ],
1425 'Partial block, not allowing user talk but user talk page is not blocked' => [
1426 self
::USER_TALK_PAGE
, false, [
1427 'allowUsertalk' => false,
1428 'pageRestrictions' => [ 'Test page' ],
1431 'Partial block, allowing user talk but user talk page is blocked' => [
1432 self
::USER_TALK_PAGE
, true, [
1433 'allowUsertalk' => true,
1434 'pageRestrictions' => [ self
::USER_TALK_PAGE
],
1437 'Partial block, user talk page is not blocked but $wgBlockAllowsUTEdit is false' => [
1438 self
::USER_TALK_PAGE
, false, [
1439 'allowUsertalk' => false,
1440 'pageRestrictions' => [ 'Test page' ],
1441 'blockAllowsUTEdit' => false,
1444 'Partial block, user talk page is blocked and $wgBlockAllowsUTEdit is false' => [
1445 self
::USER_TALK_PAGE
, true, [
1446 'allowUsertalk' => true,
1447 'pageRestrictions' => [ self
::USER_TALK_PAGE
],
1448 'blockAllowsUTEdit' => false,
1451 'Partial user talk namespace block, not allowing user talk' => [
1452 self
::USER_TALK_PAGE
, true, [
1453 'allowUsertalk' => false,
1454 'namespaceRestrictions' => [ NS_USER_TALK
],
1457 'Partial user talk namespace block, allowing user talk' => [
1458 self
::USER_TALK_PAGE
, false, [
1459 'allowUsertalk' => true,
1460 'namespaceRestrictions' => [ NS_USER_TALK
],
1463 'Partial user talk namespace block, where $wgBlockAllowsUTEdit is false' => [
1464 self
::USER_TALK_PAGE
, true, [
1465 'allowUsertalk' => true,
1466 'namespaceRestrictions' => [ NS_USER_TALK
],
1467 'blockAllowsUTEdit' => false,
1474 * @covers \MediaWiki\Permissions\PermissionManager::getUserPermissions
1476 public function testGetUserPermissions() {
1477 $user = $this->getTestUser( [ 'unittesters' ] )->getUser();
1478 $rights = MediaWikiServices
::getInstance()->getPermissionManager()
1479 ->getUserPermissions( $user );
1480 $this->assertContains( 'runtest', $rights );
1481 $this->assertNotContains( 'writetest', $rights );
1482 $this->assertNotContains( 'modifytest', $rights );
1483 $this->assertNotContains( 'nukeworld', $rights );
1487 * @covers \MediaWiki\Permissions\PermissionManager::getUserPermissions
1489 public function testGetUserPermissionsHooks() {
1490 $user = $this->getTestUser( [ 'unittesters', 'testwriters' ] )->getUser();
1491 $userWrapper = TestingAccessWrapper
::newFromObject( $user );
1493 $rights = MediaWikiServices
::getInstance()->getPermissionManager()
1494 ->getUserPermissions( $user );
1495 $this->assertContains( 'test', $rights, 'sanity check' );
1496 $this->assertContains( 'runtest', $rights, 'sanity check' );
1497 $this->assertContains( 'writetest', $rights, 'sanity check' );
1498 $this->assertNotContains( 'nukeworld', $rights, 'sanity check' );
1500 // Add a hook manipluating the rights
1501 $this->mergeMwGlobalArrayValue( 'wgHooks', [ 'UserGetRights' => [ function ( $user, &$rights ) {
1502 $rights[] = 'nukeworld';
1503 $rights = array_diff( $rights, [ 'writetest' ] );
1506 $this->overrideMwServices();
1507 $rights = MediaWikiServices
::getInstance()->getPermissionManager()
1508 ->getUserPermissions( $user );
1509 $this->assertContains( 'test', $rights );
1510 $this->assertContains( 'runtest', $rights );
1511 $this->assertNotContains( 'writetest', $rights );
1512 $this->assertContains( 'nukeworld', $rights );
1514 // Add a Session that limits rights
1515 $mock = $this->getMockBuilder( stdClass
::class )
1516 ->setMethods( [ 'getAllowedUserRights', 'deregisterSession', 'getSessionId' ] )
1518 $mock->method( 'getAllowedUserRights' )->willReturn( [ 'test', 'writetest' ] );
1519 $mock->method( 'getSessionId' )->willReturn(
1520 new SessionId( str_repeat( 'X', 32 ) )
1522 $session = TestUtils
::getDummySession( $mock );
1523 $mockRequest = $this->getMockBuilder( FauxRequest
::class )
1524 ->setMethods( [ 'getSession' ] )
1526 $mockRequest->method( 'getSession' )->willReturn( $session );
1527 $userWrapper->mRequest
= $mockRequest;
1529 $this->overrideMwServices();
1530 $rights = MediaWikiServices
::getInstance()->getPermissionManager()
1531 ->getUserPermissions( $user );
1532 $this->assertContains( 'test', $rights );
1533 $this->assertNotContains( 'runtest', $rights );
1534 $this->assertNotContains( 'writetest', $rights );
1535 $this->assertNotContains( 'nukeworld', $rights );
1539 * @covers \MediaWiki\Permissions\PermissionManager::getGroupPermissions
1541 public function testGroupPermissions() {
1542 $rights = MediaWikiServices
::getInstance()->getPermissionManager()
1543 ->getGroupPermissions( [ 'unittesters' ] );
1544 $this->assertContains( 'runtest', $rights );
1545 $this->assertNotContains( 'writetest', $rights );
1546 $this->assertNotContains( 'modifytest', $rights );
1547 $this->assertNotContains( 'nukeworld', $rights );
1549 $rights = MediaWikiServices
::getInstance()->getPermissionManager()
1550 ->getGroupPermissions( [ 'unittesters', 'testwriters' ] );
1551 $this->assertContains( 'runtest', $rights );
1552 $this->assertContains( 'writetest', $rights );
1553 $this->assertContains( 'modifytest', $rights );
1554 $this->assertNotContains( 'nukeworld', $rights );
1558 * @covers \MediaWiki\Permissions\PermissionManager::getGroupPermissions
1560 public function testRevokePermissions() {
1561 $rights = MediaWikiServices
::getInstance()->getPermissionManager()
1562 ->getGroupPermissions( [ 'unittesters', 'formertesters' ] );
1563 $this->assertNotContains( 'runtest', $rights );
1564 $this->assertNotContains( 'writetest', $rights );
1565 $this->assertNotContains( 'modifytest', $rights );
1566 $this->assertNotContains( 'nukeworld', $rights );
1570 * @dataProvider provideGetGroupsWithPermission
1571 * @covers \MediaWiki\Permissions\PermissionManager::getGroupsWithPermission
1573 public function testGetGroupsWithPermission( $expected, $right ) {
1574 $result = MediaWikiServices
::getInstance()->getPermissionManager()
1575 ->getGroupsWithPermission( $right );
1579 $this->assertEquals( $expected, $result, "Groups with permission $right" );
1582 public static function provideGetGroupsWithPermission() {
1585 [ 'unittesters', 'testwriters' ],
1604 * @covers \MediaWiki\Permissions\PermissionManager::userHasRight
1606 public function testUserHasRight() {
1607 $result = MediaWikiServices
::getInstance()->getPermissionManager()->userHasRight(
1608 $this->getTestUser( 'unittesters' )->getUser(),
1611 $this->assertTrue( $result );
1613 $result = MediaWikiServices
::getInstance()->getPermissionManager()->userHasRight(
1614 $this->getTestUser( 'formertesters' )->getUser(),
1617 $this->assertFalse( $result );
1619 $result = MediaWikiServices
::getInstance()->getPermissionManager()->userHasRight(
1620 $this->getTestUser( 'formertesters' )->getUser(),
1623 $this->assertTrue( $result );
1627 * @covers \MediaWiki\Permissions\PermissionManager::groupHasPermission
1629 public function testGroupHasPermission() {
1630 $result = MediaWikiServices
::getInstance()->getPermissionManager()->groupHasPermission(
1634 $this->assertTrue( $result );
1636 $result = MediaWikiServices
::getInstance()->getPermissionManager()->groupHasPermission(
1640 $this->assertFalse( $result );
1644 * @covers \MediaWiki\Permissions\PermissionManager::isEveryoneAllowed
1646 public function testIsEveryoneAllowed() {
1647 $result = MediaWikiServices
::getInstance()->getPermissionManager()
1648 ->isEveryoneAllowed( 'editmyoptions' );
1649 $this->assertTrue( $result );
1651 $result = MediaWikiServices
::getInstance()->getPermissionManager()
1652 ->isEveryoneAllowed( 'test' );
1653 $this->assertFalse( $result );