3 namespace MediaWiki\Tests\Permissions
;
7 use MediaWiki\Session\SessionId
;
8 use MediaWiki\Session\TestUtils
;
9 use MediaWikiLangTestCase
;
14 use MediaWiki\Block\DatabaseBlock
;
15 use MediaWiki\Block\Restriction\NamespaceRestriction
;
16 use MediaWiki\Block\Restriction\PageRestriction
;
17 use MediaWiki\Block\SystemBlock
;
18 use MediaWiki\MediaWikiServices
;
19 use MediaWiki\Permissions\PermissionManager
;
20 use Wikimedia\ScopedCallback
;
21 use Wikimedia\TestingAccessWrapper
;
26 * @covers \MediaWiki\Permissions\PermissionManager
28 class PermissionManagerTest
extends MediaWikiLangTestCase
{
33 protected $userName, $altUserName;
43 protected $user, $anonUser, $userUser, $altUser;
45 /** Constant for self::testIsBlockedFrom */
46 const USER_TALK_PAGE
= '<user talk page>';
48 protected function setUp() {
52 $localOffset = date( 'Z' ) / 60;
54 $this->setMwGlobals( [
55 'wgLocaltimezone' => $localZone,
56 'wgLocalTZoffset' => $localOffset,
57 'wgNamespaceProtection' => [
58 NS_MEDIAWIKI
=> 'editinterface',
60 'wgRevokePermissions' => [
65 'wgAvailableRights' => [
75 $this->setGroupPermissions( 'unittesters', 'test', true );
76 $this->setGroupPermissions( 'unittesters', 'runtest', true );
77 $this->setGroupPermissions( 'unittesters', 'writetest', false );
78 $this->setGroupPermissions( 'unittesters', 'nukeworld', false );
80 $this->setGroupPermissions( 'testwriters', 'test', true );
81 $this->setGroupPermissions( 'testwriters', 'writetest', true );
82 $this->setGroupPermissions( 'testwriters', 'modifytest', true );
84 $this->setGroupPermissions( '*', 'editmyoptions', true );
86 // Without this testUserBlock will use a non-English context on non-English MediaWiki
87 // installations (because of how Title::checkUserBlock is implemented) and fail.
88 RequestContext
::resetMain();
90 $this->userName
= 'Useruser';
91 $this->altUserName
= 'Altuseruser';
92 date_default_timezone_set( $localZone );
94 $this->title
= Title
::makeTitle( NS_MAIN
, "Main Page" );
95 if ( !isset( $this->userUser
) ||
!( $this->userUser
instanceof User
) ) {
96 $this->userUser
= User
::newFromName( $this->userName
);
98 if ( !$this->userUser
->getId() ) {
99 $this->userUser
= User
::createNew( $this->userName
, [
100 "email" => "test@example.com",
101 "real_name" => "Test User" ] );
102 $this->userUser
->load();
105 $this->altUser
= User
::newFromName( $this->altUserName
);
106 if ( !$this->altUser
->getId() ) {
107 $this->altUser
= User
::createNew( $this->altUserName
, [
108 "email" => "alttest@example.com",
109 "real_name" => "Test User Alt" ] );
110 $this->altUser
->load();
113 $this->anonUser
= User
::newFromId( 0 );
115 $this->user
= $this->userUser
;
118 $this->resetServices();
121 public function tearDown() {
123 $this->restoreMwServices();
126 protected function setTitle( $ns, $title = "Main_Page" ) {
127 $this->title
= Title
::makeTitle( $ns, $title );
130 protected function setUser( $userName = null ) {
131 if ( $userName === 'anon' ) {
132 $this->user
= $this->anonUser
;
133 } elseif ( $userName === null ||
$userName === $this->userName
) {
134 $this->user
= $this->userUser
;
136 $this->user
= $this->altUser
;
138 $this->resetServices();
142 * @todo This test method should be split up into separate test methods and
145 * This test is failing per T201776.
148 * @covers \MediaWiki\Permissions\PermissionManager::checkQuickPermissions
150 public function testQuickPermissions() {
151 $prefix = MediaWikiServices
::getInstance()->getContentLanguage()->
152 getFormattedNsText( NS_PROJECT
);
154 $this->setUser( 'anon' );
155 $this->setTitle( NS_TALK
);
156 $this->overrideUserPermissions( $this->user
, "createtalk" );
157 $res = MediaWikiServices
::getInstance()->getPermissionManager()
158 ->getPermissionErrors( 'create', $this->user
, $this->title
);
159 $this->assertEquals( [], $res );
161 $this->setTitle( NS_TALK
);
162 $this->overrideUserPermissions( $this->user
, "createpage" );
163 $res = MediaWikiServices
::getInstance()->getPermissionManager()
164 ->getPermissionErrors( 'create', $this->user
, $this->title
);
165 $this->assertEquals( [ [ "nocreatetext" ] ], $res );
167 $this->setTitle( NS_TALK
);
168 $this->overrideUserPermissions( $this->user
, "" );
169 $res = MediaWikiServices
::getInstance()->getPermissionManager()
170 ->getPermissionErrors( 'create', $this->user
, $this->title
);
171 $this->assertEquals( [ [ 'nocreatetext' ] ], $res );
173 $this->setTitle( NS_MAIN
);
174 $this->overrideUserPermissions( $this->user
, "createpage" );
175 $res = MediaWikiServices
::getInstance()->getPermissionManager()
176 ->getPermissionErrors( 'create', $this->user
, $this->title
);
177 $this->assertEquals( [], $res );
179 $this->setTitle( NS_MAIN
);
180 $this->overrideUserPermissions( $this->user
, "createtalk" );
181 $res = MediaWikiServices
::getInstance()->getPermissionManager()
182 ->getPermissionErrors( 'create', $this->user
, $this->title
);
183 $this->assertEquals( [ [ 'nocreatetext' ] ], $res );
185 $this->setUser( $this->userName
);
186 $this->setTitle( NS_TALK
);
187 $this->overrideUserPermissions( $this->user
, "createtalk" );
188 $res = MediaWikiServices
::getInstance()->getPermissionManager()
189 ->getPermissionErrors( 'create', $this->user
, $this->title
);
190 $this->assertEquals( [], $res );
192 $this->setTitle( NS_TALK
);
193 $this->overrideUserPermissions( $this->user
, "createpage" );
194 $res = MediaWikiServices
::getInstance()->getPermissionManager()
195 ->getPermissionErrors( 'create', $this->user
, $this->title
);
196 $this->assertEquals( [ [ 'nocreate-loggedin' ] ], $res );
198 $this->setTitle( NS_TALK
);
199 $this->overrideUserPermissions( $this->user
, "" );
200 $res = MediaWikiServices
::getInstance()->getPermissionManager()
201 ->getPermissionErrors( 'create', $this->user
, $this->title
);
202 $this->assertEquals( [ [ 'nocreate-loggedin' ] ], $res );
204 $this->setTitle( NS_MAIN
);
205 $this->overrideUserPermissions( $this->user
, "createpage" );
206 $res = MediaWikiServices
::getInstance()->getPermissionManager()
207 ->getPermissionErrors( 'create', $this->user
, $this->title
);
208 $this->assertEquals( [], $res );
210 $this->setTitle( NS_MAIN
);
211 $this->overrideUserPermissions( $this->user
, "createtalk" );
212 $res = MediaWikiServices
::getInstance()->getPermissionManager()
213 ->getPermissionErrors( 'create', $this->user
, $this->title
);
214 $this->assertEquals( [ [ 'nocreate-loggedin' ] ], $res );
216 $this->setTitle( NS_MAIN
);
217 $this->overrideUserPermissions( $this->user
, "" );
218 $res = MediaWikiServices
::getInstance()->getPermissionManager()
219 ->getPermissionErrors( 'create', $this->user
, $this->title
);
220 $this->assertEquals( [ [ 'nocreate-loggedin' ] ], $res );
222 $this->setUser( 'anon' );
223 $this->setTitle( NS_USER
, $this->userName
. '' );
224 $this->overrideUserPermissions( $this->user
, "" );
225 $res = MediaWikiServices
::getInstance()->getPermissionManager()
226 ->getPermissionErrors( 'move', $this->user
, $this->title
);
227 $this->assertEquals( [ [ 'cant-move-user-page' ], [ 'movenologintext' ] ], $res );
229 $this->setTitle( NS_USER
, $this->userName
. '/subpage' );
230 $this->overrideUserPermissions( $this->user
, "" );
231 $res = MediaWikiServices
::getInstance()->getPermissionManager()
232 ->getPermissionErrors( 'move', $this->user
, $this->title
);
233 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
235 $this->setTitle( NS_USER
, $this->userName
. '' );
236 $this->overrideUserPermissions( $this->user
, "move-rootuserpages" );
237 $res = MediaWikiServices
::getInstance()->getPermissionManager()
238 ->getPermissionErrors( 'move', $this->user
, $this->title
);
239 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
241 $this->setTitle( NS_USER
, $this->userName
. '/subpage' );
242 $this->overrideUserPermissions( $this->user
, "move-rootuserpages" );
243 $res = MediaWikiServices
::getInstance()->getPermissionManager()
244 ->getPermissionErrors( 'move', $this->user
, $this->title
);
245 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
247 $this->setTitle( NS_USER
, $this->userName
. '' );
248 $this->overrideUserPermissions( $this->user
, "" );
249 $res = MediaWikiServices
::getInstance()->getPermissionManager()
250 ->getPermissionErrors( 'move', $this->user
, $this->title
);
251 $this->assertEquals( [ [ 'cant-move-user-page' ], [ 'movenologintext' ] ], $res );
253 $this->setTitle( NS_USER
, $this->userName
. '/subpage' );
254 $this->overrideUserPermissions( $this->user
, "" );
255 $res = MediaWikiServices
::getInstance()->getPermissionManager()
256 ->getPermissionErrors( 'move', $this->user
, $this->title
);
257 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
259 $this->setTitle( NS_USER
, $this->userName
. '' );
260 $this->overrideUserPermissions( $this->user
, "move-rootuserpages" );
261 $res = MediaWikiServices
::getInstance()->getPermissionManager()
262 ->getPermissionErrors( 'move', $this->user
, $this->title
);
263 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
265 $this->setTitle( NS_USER
, $this->userName
. '/subpage' );
266 $this->overrideUserPermissions( $this->user
, "move-rootuserpages" );
267 $res = MediaWikiServices
::getInstance()->getPermissionManager()
268 ->getPermissionErrors( 'move', $this->user
, $this->title
);
269 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
271 $this->setUser( $this->userName
);
272 $this->setTitle( NS_FILE
, "img.png" );
273 $this->overrideUserPermissions( $this->user
, "" );
274 $res = MediaWikiServices
::getInstance()->getPermissionManager()
275 ->getPermissionErrors( 'move', $this->user
, $this->title
);
276 $this->assertEquals( [ [ 'movenotallowedfile' ], [ 'movenotallowed' ] ], $res );
278 $this->setTitle( NS_FILE
, "img.png" );
279 $this->overrideUserPermissions( $this->user
, "movefile" );
280 $res = MediaWikiServices
::getInstance()->getPermissionManager()
281 ->getPermissionErrors( 'move', $this->user
, $this->title
);
282 $this->assertEquals( [ [ 'movenotallowed' ] ], $res );
284 $this->setUser( 'anon' );
285 $this->setTitle( NS_FILE
, "img.png" );
286 $this->overrideUserPermissions( $this->user
, "" );
287 $res = MediaWikiServices
::getInstance()->getPermissionManager()
288 ->getPermissionErrors( 'move', $this->user
, $this->title
);
289 $this->assertEquals( [ [ 'movenotallowedfile' ], [ 'movenologintext' ] ], $res );
291 $this->setTitle( NS_FILE
, "img.png" );
292 $this->overrideUserPermissions( $this->user
, "movefile" );
293 $res = MediaWikiServices
::getInstance()->getPermissionManager()
294 ->getPermissionErrors( 'move', $this->user
, $this->title
);
295 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
297 $this->setUser( $this->userName
);
298 // $this->setUserPerm( "move" );
299 $this->runGroupPermissions( 'move', 'move', [ [ 'movenotallowedfile' ] ] );
301 // $this->setUserPerm( "" );
302 $this->runGroupPermissions(
305 [ [ 'movenotallowedfile' ], [ 'movenotallowed' ] ]
308 $this->setUser( 'anon' );
309 //$this->setUserPerm( "move" );
310 $this->runGroupPermissions( 'move', 'move', [ [ 'movenotallowedfile' ] ] );
312 // $this->setUserPerm( "" );
313 $this->runGroupPermissions(
316 [ [ 'movenotallowedfile' ], [ 'movenotallowed' ] ],
317 [ [ 'movenotallowedfile' ], [ 'movenologintext' ] ]
320 if ( $this->isWikitextNS( NS_MAIN
) ) {
321 // NOTE: some content models don't allow moving
322 // @todo find a Wikitext namespace for testing
324 $this->setTitle( NS_MAIN
);
325 $this->setUser( 'anon' );
326 // $this->setUserPerm( "move" );
327 $this->runGroupPermissions( 'move', 'move', [] );
329 // $this->setUserPerm( "" );
330 $this->runGroupPermissions( '', 'move', [ [ 'movenotallowed' ] ],
331 [ [ 'movenologintext' ] ] );
333 $this->setUser( $this->userName
);
334 // $this->setUserPerm( "" );
335 $this->runGroupPermissions( '', 'move', [ [ 'movenotallowed' ] ] );
337 //$this->setUserPerm( "move" );
338 $this->runGroupPermissions( 'move', 'move', [] );
340 $this->setUser( 'anon' );
341 $this->overrideUserPermissions( $this->user
, 'move' );
342 $res = MediaWikiServices
::getInstance()->getPermissionManager()
343 ->getPermissionErrors( 'move-target', $this->user
, $this->title
);
344 $this->assertEquals( [], $res );
346 $this->overrideUserPermissions( $this->user
, '' );
347 $res = MediaWikiServices
::getInstance()->getPermissionManager()
348 ->getPermissionErrors( 'move-target', $this->user
, $this->title
);
349 $this->assertEquals( [ [ 'movenotallowed' ] ], $res );
352 $this->setTitle( NS_USER
);
353 $this->setUser( $this->userName
);
354 $this->overrideUserPermissions( $this->user
, [ "move", "move-rootuserpages" ] );
355 $res = MediaWikiServices
::getInstance()->getPermissionManager()
356 ->getPermissionErrors( 'move-target', $this->user
, $this->title
);
357 $this->assertEquals( [], $res );
359 $this->overrideUserPermissions( $this->user
, "move" );
360 $res = MediaWikiServices
::getInstance()->getPermissionManager()
361 ->getPermissionErrors( 'move-target', $this->user
, $this->title
);
362 $this->assertEquals( [ [ 'cant-move-to-user-page' ] ], $res );
364 $this->setUser( 'anon' );
365 $this->overrideUserPermissions( $this->user
, [ "move", "move-rootuserpages" ] );
366 $res = MediaWikiServices
::getInstance()->getPermissionManager()
367 ->getPermissionErrors( 'move-target', $this->user
, $this->title
);
368 $this->assertEquals( [], $res );
370 $this->setTitle( NS_USER
, "User/subpage" );
371 $this->overrideUserPermissions( $this->user
, [ "move", "move-rootuserpages" ] );
372 $res = MediaWikiServices
::getInstance()->getPermissionManager()
373 ->getPermissionErrors( 'move-target', $this->user
, $this->title
);
374 $this->assertEquals( [], $res );
376 $this->overrideUserPermissions( $this->user
, "move" );
377 $res = MediaWikiServices
::getInstance()->getPermissionManager()
378 ->getPermissionErrors( 'move-target', $this->user
, $this->title
);
379 $this->assertEquals( [], $res );
381 $this->setUser( 'anon' );
384 [ [ 'badaccess-groups', "*, [[$prefix:Users|Users]]", 2 ] ],
385 [ [ 'badaccess-group0' ] ],
392 "[[$prefix:Administrators|Administrators]]", 1 ],
395 [ [ 'badaccess-group0' ], [ 'protect-cantedit' ] ],
396 [ [ 'protect-cantedit' ] ],
399 '' => [ [], [], [], true ]
402 foreach ( [ "edit", "protect", "" ] as $action ) {
403 $this->overrideUserPermissions( $this->user
);
404 $this->assertEquals( $check[$action][0],
405 MediaWikiServices
::getInstance()->getPermissionManager()
406 ->getPermissionErrors( $action, $this->user
, $this->title
, true ) );
407 $this->assertEquals( $check[$action][0],
408 MediaWikiServices
::getInstance()->getPermissionManager()
409 ->getPermissionErrors( $action, $this->user
, $this->title
, 'full' ) );
410 $this->assertEquals( $check[$action][0],
411 MediaWikiServices
::getInstance()->getPermissionManager()
412 ->getPermissionErrors( $action, $this->user
, $this->title
, 'secure' ) );
414 global $wgGroupPermissions;
415 $old = $wgGroupPermissions;
416 $wgGroupPermissions = [];
417 $this->resetServices();
419 $this->assertEquals( $check[$action][1],
420 MediaWikiServices
::getInstance()->getPermissionManager()
421 ->getPermissionErrors( $action, $this->user
, $this->title
, true ) );
422 $this->assertEquals( $check[$action][1],
423 MediaWikiServices
::getInstance()->getPermissionManager()
424 ->getPermissionErrors( $action, $this->user
, $this->title
, 'full' ) );
425 $this->assertEquals( $check[$action][1],
426 MediaWikiServices
::getInstance()->getPermissionManager()
427 ->getPermissionErrors( $action, $this->user
, $this->title
, 'secure' ) );
428 $wgGroupPermissions = $old;
429 $this->resetServices();
431 $this->overrideUserPermissions( $this->user
, $action );
432 $this->assertEquals( $check[$action][2],
433 MediaWikiServices
::getInstance()->getPermissionManager()
434 ->getPermissionErrors( $action, $this->user
, $this->title
, true ) );
435 $this->assertEquals( $check[$action][2],
436 MediaWikiServices
::getInstance()->getPermissionManager()
437 ->getPermissionErrors( $action, $this->user
, $this->title
, 'full' ) );
438 $this->assertEquals( $check[$action][2],
439 MediaWikiServices
::getInstance()->getPermissionManager()
440 ->getPermissionErrors( $action, $this->user
, $this->title
, 'secure' ) );
442 $this->overrideUserPermissions( $this->user
, $action );
443 $this->assertEquals( $check[$action][3],
444 MediaWikiServices
::getInstance()->getPermissionManager()
445 ->userCan( $action, $this->user
, $this->title
, true ) );
446 $this->assertEquals( $check[$action][3],
447 MediaWikiServices
::getInstance()->getPermissionManager()
448 ->userCan( $action, $this->user
, $this->title
,
449 PermissionManager
::RIGOR_QUICK
) );
450 # count( User::getGroupsWithPermissions( $action ) ) < 1
454 protected function runGroupPermissions( $perm, $action, $result, $result2 = null ) {
455 global $wgGroupPermissions;
457 if ( $result2 === null ) {
461 $wgGroupPermissions['autoconfirmed']['move'] = false;
462 $wgGroupPermissions['user']['move'] = false;
463 $this->resetServices();
464 $this->overrideUserPermissions( $this->user
, $perm );
465 $res = MediaWikiServices
::getInstance()->getPermissionManager()
466 ->getPermissionErrors( $action, $this->user
, $this->title
);
467 $this->assertEquals( $result, $res );
469 $wgGroupPermissions['autoconfirmed']['move'] = true;
470 $wgGroupPermissions['user']['move'] = false;
471 $this->resetServices();
472 $this->overrideUserPermissions( $this->user
, $perm );
473 $res = MediaWikiServices
::getInstance()->getPermissionManager()
474 ->getPermissionErrors( $action, $this->user
, $this->title
);
475 $this->assertEquals( $result2, $res );
477 $wgGroupPermissions['autoconfirmed']['move'] = true;
478 $wgGroupPermissions['user']['move'] = true;
479 $this->resetServices();
480 $this->overrideUserPermissions( $this->user
, $perm );
481 $res = MediaWikiServices
::getInstance()->getPermissionManager()
482 ->getPermissionErrors( $action, $this->user
, $this->title
);
483 $this->assertEquals( $result2, $res );
485 $wgGroupPermissions['autoconfirmed']['move'] = false;
486 $wgGroupPermissions['user']['move'] = true;
487 $this->resetServices();
488 $this->overrideUserPermissions( $this->user
, $perm );
489 $res = MediaWikiServices
::getInstance()->getPermissionManager()
490 ->getPermissionErrors( $action, $this->user
, $this->title
);
491 $this->assertEquals( $result2, $res );
495 * @todo This test method should be split up into separate test methods and
497 * @covers MediaWiki\Permissions\PermissionManager::checkSpecialsAndNSPermissions
499 public function testSpecialsAndNSPermissions() {
500 global $wgNamespaceProtection;
501 $this->setUser( $this->userName
);
503 $this->setTitle( NS_SPECIAL
);
505 $this->assertEquals( [ [ 'badaccess-group0' ], [ 'ns-specialprotected' ] ],
506 MediaWikiServices
::getInstance()->getPermissionManager()
507 ->getPermissionErrors( 'bogus', $this->user
, $this->title
) );
509 $this->setTitle( NS_MAIN
);
510 $this->overrideUserPermissions( $this->user
, 'bogus' );
511 $this->assertEquals( [],
512 MediaWikiServices
::getInstance()->getPermissionManager()
513 ->getPermissionErrors( 'bogus', $this->user
, $this->title
) );
515 $this->setTitle( NS_MAIN
);
516 $this->overrideUserPermissions( $this->user
, '' );
517 $this->assertEquals( [ [ 'badaccess-group0' ] ],
518 MediaWikiServices
::getInstance()->getPermissionManager()
519 ->getPermissionErrors( 'bogus', $this->user
, $this->title
) );
521 $wgNamespaceProtection[NS_USER
] = [ 'bogus' ];
523 $this->setTitle( NS_USER
);
524 $this->overrideUserPermissions( $this->user
, '' );
525 $this->assertEquals( [ [ 'badaccess-group0' ],
526 [ 'namespaceprotected', 'User', 'bogus' ] ],
527 MediaWikiServices
::getInstance()->getPermissionManager()
528 ->getPermissionErrors( 'bogus', $this->user
, $this->title
) );
530 $this->setTitle( NS_MEDIAWIKI
);
531 $this->overrideUserPermissions( $this->user
, 'bogus' );
532 $this->assertEquals( [ [ 'protectedinterface', 'bogus' ] ],
533 MediaWikiServices
::getInstance()->getPermissionManager()
534 ->getPermissionErrors( 'bogus', $this->user
, $this->title
) );
536 $this->setTitle( NS_MEDIAWIKI
);
537 $this->overrideUserPermissions( $this->user
, 'bogus' );
538 $this->assertEquals( [ [ 'protectedinterface', 'bogus' ] ],
539 MediaWikiServices
::getInstance()->getPermissionManager()
540 ->getPermissionErrors( 'bogus', $this->user
, $this->title
) );
542 $wgNamespaceProtection = null;
544 $this->overrideUserPermissions( $this->user
, 'bogus' );
545 $this->assertEquals( [],
546 MediaWikiServices
::getInstance()->getPermissionManager()
547 ->getPermissionErrors( 'bogus', $this->user
, $this->title
) );
548 $this->assertEquals( true,
549 MediaWikiServices
::getInstance()->getPermissionManager()
550 ->userCan( 'bogus', $this->user
, $this->title
) );
552 $this->overrideUserPermissions( $this->user
, '' );
553 $this->assertEquals( [ [ 'badaccess-group0' ] ],
554 MediaWikiServices
::getInstance()->getPermissionManager()
555 ->getPermissionErrors( 'bogus', $this->user
, $this->title
) );
556 $this->assertEquals( false,
557 MediaWikiServices
::getInstance()->getPermissionManager()
558 ->userCan( 'bogus', $this->user
, $this->title
) );
562 * @todo This test method should be split up into separate test methods and
564 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
566 public function testJsConfigEditPermissions() {
567 $this->setUser( $this->userName
);
569 $this->setTitle( NS_USER
, $this->userName
. '/test.js' );
570 $this->runConfigEditPermissions(
571 [ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
573 [ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
574 [ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
575 [ [ 'badaccess-group0' ] ],
577 [ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
578 [ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
579 [ [ 'badaccess-group0' ] ],
580 [ [ 'badaccess-groups' ] ]
585 * @todo This test method should be split up into separate test methods and
587 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
589 public function testJsonConfigEditPermissions() {
590 $prefix = MediaWikiServices
::getInstance()->getContentLanguage()->
591 getFormattedNsText( NS_PROJECT
);
592 $this->setUser( $this->userName
);
594 $this->setTitle( NS_USER
, $this->userName
. '/test.json' );
595 $this->runConfigEditPermissions(
596 [ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
598 [ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
599 [ [ 'badaccess-group0' ] ],
600 [ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
602 [ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
603 [ [ 'badaccess-group0' ] ],
604 [ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
605 [ [ 'badaccess-groups' ] ]
610 * @todo This test method should be split up into separate test methods and
612 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
614 public function testCssConfigEditPermissions() {
615 $this->setUser( $this->userName
);
617 $this->setTitle( NS_USER
, $this->userName
. '/test.css' );
618 $this->runConfigEditPermissions(
619 [ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
621 [ [ 'badaccess-group0' ] ],
622 [ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
623 [ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
625 [ [ 'badaccess-group0' ] ],
626 [ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
627 [ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
628 [ [ 'badaccess-groups' ] ]
633 * @todo This test method should be split up into separate test methods and
635 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
637 public function testOtherJsConfigEditPermissions() {
638 $this->setUser( $this->userName
);
640 $this->setTitle( NS_USER
, $this->altUserName
. '/test.js' );
641 $this->runConfigEditPermissions(
642 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
644 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
645 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
646 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
648 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
649 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
650 [ [ 'badaccess-group0' ] ],
651 [ [ 'badaccess-groups' ] ]
656 * @todo This test method should be split up into separate test methods and
658 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
660 public function testOtherJsonConfigEditPermissions() {
661 $this->setUser( $this->userName
);
663 $this->setTitle( NS_USER
, $this->altUserName
. '/test.json' );
664 $this->runConfigEditPermissions(
665 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
667 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
668 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
669 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
671 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
672 [ [ 'badaccess-group0' ] ],
673 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
674 [ [ 'badaccess-groups' ] ]
679 * @todo This test method should be split up into separate test methods and
681 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
683 public function testOtherCssConfigEditPermissions() {
684 $this->setUser( $this->userName
);
686 $this->setTitle( NS_USER
, $this->altUserName
. '/test.css' );
687 $this->runConfigEditPermissions(
688 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
690 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
691 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
692 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
694 [ [ 'badaccess-group0' ] ],
695 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
696 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
697 [ [ 'badaccess-groups' ] ]
702 * @todo This test method should be split up into separate test methods and
704 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
706 public function testOtherNonConfigEditPermissions() {
707 $this->setUser( $this->userName
);
709 $this->setTitle( NS_USER
, $this->altUserName
. '/tempo' );
710 $this->runConfigEditPermissions(
711 [ [ 'badaccess-group0' ] ],
713 [ [ 'badaccess-group0' ] ],
714 [ [ 'badaccess-group0' ] ],
715 [ [ 'badaccess-group0' ] ],
717 [ [ 'badaccess-group0' ] ],
718 [ [ 'badaccess-group0' ] ],
719 [ [ 'badaccess-group0' ] ],
720 [ [ 'badaccess-groups' ] ]
725 * @todo This should use data providers like the other methods here.
726 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
728 public function testPatrolActionConfigEditPermissions() {
729 $this->setUser( 'anon' );
730 $this->setTitle( NS_USER
, 'ToPatrolOrNotToPatrol' );
731 $this->runConfigEditPermissions(
732 [ [ 'badaccess-group0' ] ],
734 [ [ 'badaccess-group0' ] ],
735 [ [ 'badaccess-group0' ] ],
736 [ [ 'badaccess-group0' ] ],
738 [ [ 'badaccess-group0' ] ],
739 [ [ 'badaccess-group0' ] ],
740 [ [ 'badaccess-group0' ] ],
741 [ [ 'badaccess-groups' ] ]
745 protected function runConfigEditPermissions(
755 $this->overrideUserPermissions( $this->user
);
756 $result = MediaWikiServices
::getInstance()->getPermissionManager()
757 ->getPermissionErrors( 'bogus', $this->user
, $this->title
);
758 $this->assertEquals( $resultNone, $result );
760 $this->overrideUserPermissions( $this->user
, 'editmyusercss' );
761 $result = MediaWikiServices
::getInstance()->getPermissionManager()
762 ->getPermissionErrors( 'bogus', $this->user
, $this->title
);
763 $this->assertEquals( $resultMyCss, $result );
765 $this->overrideUserPermissions( $this->user
, 'editmyuserjson' );
766 $result = MediaWikiServices
::getInstance()->getPermissionManager()
767 ->getPermissionErrors( 'bogus', $this->user
, $this->title
);
768 $this->assertEquals( $resultMyJson, $result );
770 $this->overrideUserPermissions( $this->user
, 'editmyuserjs' );
771 $result = MediaWikiServices
::getInstance()->getPermissionManager()
772 ->getPermissionErrors( 'bogus', $this->user
, $this->title
);
773 $this->assertEquals( $resultMyJs, $result );
775 $this->overrideUserPermissions( $this->user
, 'editusercss' );
776 $result = MediaWikiServices
::getInstance()->getPermissionManager()
777 ->getPermissionErrors( 'bogus', $this->user
, $this->title
);
778 $this->assertEquals( $resultUserCss, $result );
780 $this->overrideUserPermissions( $this->user
, 'edituserjson' );
781 $result = MediaWikiServices
::getInstance()->getPermissionManager()
782 ->getPermissionErrors( 'bogus', $this->user
, $this->title
);
783 $this->assertEquals( $resultUserJson, $result );
785 $this->overrideUserPermissions( $this->user
, 'edituserjs' );
786 $result = MediaWikiServices
::getInstance()->getPermissionManager()
787 ->getPermissionErrors( 'bogus', $this->user
, $this->title
);
788 $this->assertEquals( $resultUserJs, $result );
790 $this->overrideUserPermissions( $this->user
);
791 $result = MediaWikiServices
::getInstance()->getPermissionManager()
792 ->getPermissionErrors( 'patrol', $this->user
, $this->title
);
793 $this->assertEquals( reset( $resultPatrol[0] ), reset( $result[0] ) );
795 $this->overrideUserPermissions( $this->user
, [ 'edituserjs', 'edituserjson', 'editusercss' ] );
796 $result = MediaWikiServices
::getInstance()->getPermissionManager()
797 ->getPermissionErrors( 'bogus', $this->user
, $this->title
);
798 $this->assertEquals( [ [ 'badaccess-group0' ] ], $result );
802 * @todo This test method should be split up into separate test methods and
805 * This test is failing per T201776.
808 * @covers \MediaWiki\Permissions\PermissionManager::checkPageRestrictions
810 public function testPageRestrictions() {
811 $prefix = MediaWikiServices
::getInstance()->getContentLanguage()->
812 getFormattedNsText( NS_PROJECT
);
814 $this->setTitle( NS_MAIN
);
815 $this->title
->mRestrictionsLoaded
= true;
816 $this->overrideUserPermissions( $this->user
, "edit" );
817 $this->title
->mRestrictions
= [ "bogus" => [ 'bogus', "sysop", "protect", "" ] ];
819 $this->assertEquals( [],
820 MediaWikiServices
::getInstance()->getPermissionManager()
821 ->getPermissionErrors( 'edit', $this->user
, $this->title
) );
823 $this->assertEquals( true,
824 MediaWikiServices
::getInstance()->getPermissionManager()
825 ->userCan( 'edit', $this->user
, $this->title
, PermissionManager
::RIGOR_QUICK
) );
827 $this->title
->mRestrictions
= [ "edit" => [ 'bogus', "sysop", "protect", "" ],
828 "bogus" => [ 'bogus', "sysop", "protect", "" ] ];
830 $this->assertEquals( [ [ 'badaccess-group0' ],
831 [ 'protectedpagetext', 'bogus', 'bogus' ],
832 [ 'protectedpagetext', 'editprotected', 'bogus' ],
833 [ 'protectedpagetext', 'protect', 'bogus' ] ],
834 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
835 'bogus', $this->user
, $this->title
) );
836 $this->assertEquals( [ [ 'protectedpagetext', 'bogus', 'edit' ],
837 [ 'protectedpagetext', 'editprotected', 'edit' ],
838 [ 'protectedpagetext', 'protect', 'edit' ] ],
839 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
840 'edit', $this->user
, $this->title
) );
841 $this->overrideUserPermissions( $this->user
);
842 $this->assertEquals( [ [ 'badaccess-group0' ],
843 [ 'protectedpagetext', 'bogus', 'bogus' ],
844 [ 'protectedpagetext', 'editprotected', 'bogus' ],
845 [ 'protectedpagetext', 'protect', 'bogus' ] ],
846 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
847 'bogus', $this->user
, $this->title
) );
848 $this->assertEquals( [ [ 'badaccess-groups', "*, [[$prefix:Users|Users]]", 2 ],
849 [ 'protectedpagetext', 'bogus', 'edit' ],
850 [ 'protectedpagetext', 'editprotected', 'edit' ],
851 [ 'protectedpagetext', 'protect', 'edit' ] ],
852 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
853 'edit', $this->user
, $this->title
) );
854 $this->overrideUserPermissions( $this->user
, [ "edit", "editprotected" ] );
855 $this->assertEquals( [ [ 'badaccess-group0' ],
856 [ 'protectedpagetext', 'bogus', 'bogus' ],
857 [ 'protectedpagetext', 'protect', 'bogus' ] ],
858 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
859 'bogus', $this->user
, $this->title
) );
860 $this->assertEquals( [
861 [ 'protectedpagetext', 'bogus', 'edit' ],
862 [ 'protectedpagetext', 'protect', 'edit' ] ],
863 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
864 'edit', $this->user
, $this->title
) );
866 $this->title
->mCascadeRestriction
= true;
867 $this->overrideUserPermissions( $this->user
, "edit" );
869 $this->assertEquals( false,
870 MediaWikiServices
::getInstance()->getPermissionManager()
871 ->userCan( 'bogus', $this->user
, $this->title
, PermissionManager
::RIGOR_QUICK
) );
873 $this->assertEquals( false,
874 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
875 'edit', $this->user
, $this->title
, PermissionManager
::RIGOR_QUICK
) );
877 $this->assertEquals( [ [ 'badaccess-group0' ],
878 [ 'protectedpagetext', 'bogus', 'bogus' ],
879 [ 'protectedpagetext', 'editprotected', 'bogus' ],
880 [ 'protectedpagetext', 'protect', 'bogus' ] ],
881 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
882 'bogus', $this->user
, $this->title
) );
883 $this->assertEquals( [ [ 'protectedpagetext', 'bogus', 'edit' ],
884 [ 'protectedpagetext', 'editprotected', 'edit' ],
885 [ 'protectedpagetext', 'protect', 'edit' ] ],
886 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
887 'edit', $this->user
, $this->title
) );
889 $this->overrideUserPermissions( $this->user
, [ "edit", "editprotected" ] );
890 $this->assertEquals( false,
891 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
892 'bogus', $this->user
, $this->title
, PermissionManager
::RIGOR_QUICK
) );
894 $this->assertEquals( false,
895 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
896 'edit', $this->user
, $this->title
, PermissionManager
::RIGOR_QUICK
) );
898 $this->assertEquals( [ [ 'badaccess-group0' ],
899 [ 'protectedpagetext', 'bogus', 'bogus' ],
900 [ 'protectedpagetext', 'protect', 'bogus' ],
901 [ 'protectedpagetext', 'protect', 'bogus' ] ],
902 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
903 'bogus', $this->user
, $this->title
) );
904 $this->assertEquals( [ [ 'protectedpagetext', 'bogus', 'edit' ],
905 [ 'protectedpagetext', 'protect', 'edit' ],
906 [ 'protectedpagetext', 'protect', 'edit' ] ],
907 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
908 'edit', $this->user
, $this->title
) );
912 * @covers \MediaWiki\Permissions\PermissionManager::checkCascadingSourcesRestrictions
914 public function testCascadingSourcesRestrictions() {
915 $this->setTitle( NS_MAIN
, "test page" );
916 $this->overrideUserPermissions( $this->user
, [ "edit", "bogus" ] );
918 $this->title
->mCascadeSources
= [
919 Title
::makeTitle( NS_MAIN
, "Bogus" ),
920 Title
::makeTitle( NS_MAIN
, "UnBogus" )
922 $this->title
->mCascadingRestrictions
= [
923 "bogus" => [ 'bogus', "sysop", "protect", "" ]
926 $this->assertEquals( false,
927 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
928 'bogus', $this->user
, $this->title
) );
929 $this->assertEquals( [
930 [ "cascadeprotected", 2, "* [[:Bogus]]\n* [[:UnBogus]]\n", 'bogus' ],
931 [ "cascadeprotected", 2, "* [[:Bogus]]\n* [[:UnBogus]]\n", 'bogus' ],
932 [ "cascadeprotected", 2, "* [[:Bogus]]\n* [[:UnBogus]]\n", 'bogus' ] ],
933 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
934 'bogus', $this->user
, $this->title
) );
936 $this->assertEquals( true,
937 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
938 'edit', $this->user
, $this->title
) );
939 $this->assertEquals( [],
940 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
941 'edit', $this->user
, $this->title
) );
945 * @todo This test method should be split up into separate test methods and
947 * @covers \MediaWiki\Permissions\PermissionManager::checkActionPermissions
949 public function testActionPermissions() {
950 $this->overrideUserPermissions( $this->user
, [ "createpage" ] );
951 $this->setTitle( NS_MAIN
, "test page" );
952 $this->title
->mTitleProtection
['permission'] = '';
953 $this->title
->mTitleProtection
['user'] = $this->user
->getId();
954 $this->title
->mTitleProtection
['expiry'] = 'infinity';
955 $this->title
->mTitleProtection
['reason'] = 'test';
956 $this->title
->mCascadeRestriction
= false;
958 $this->assertEquals( [ [ 'titleprotected', 'Useruser', 'test' ] ],
959 MediaWikiServices
::getInstance()->getPermissionManager()
960 ->getPermissionErrors( 'create', $this->user
, $this->title
) );
961 $this->assertEquals( false,
962 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
963 'create', $this->user
, $this->title
) );
965 $this->title
->mTitleProtection
['permission'] = 'editprotected';
966 $this->overrideUserPermissions( $this->user
, [ 'createpage', 'protect' ] );
967 $this->assertEquals( [ [ 'titleprotected', 'Useruser', 'test' ] ],
968 MediaWikiServices
::getInstance()->getPermissionManager()
969 ->getPermissionErrors( 'create', $this->user
, $this->title
) );
970 $this->assertEquals( false,
971 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
972 'create', $this->user
, $this->title
) );
974 $this->overrideUserPermissions( $this->user
, [ 'createpage', 'editprotected' ] );
975 $this->assertEquals( [],
976 MediaWikiServices
::getInstance()->getPermissionManager()
977 ->getPermissionErrors( 'create', $this->user
, $this->title
) );
978 $this->assertEquals( true,
979 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
980 'create', $this->user
, $this->title
) );
982 $this->overrideUserPermissions( $this->user
, [ 'createpage' ] );
983 $this->assertEquals( [ [ 'titleprotected', 'Useruser', 'test' ] ],
984 MediaWikiServices
::getInstance()->getPermissionManager()
985 ->getPermissionErrors( 'create', $this->user
, $this->title
) );
986 $this->assertEquals( false,
987 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
988 'create', $this->user
, $this->title
) );
990 $this->setTitle( NS_MEDIA
, "test page" );
991 $this->overrideUserPermissions( $this->user
, [ "move" ] );
992 $this->assertEquals( false,
993 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
994 'move', $this->user
, $this->title
) );
995 $this->assertEquals( [ [ 'immobile-source-namespace', 'Media' ] ],
996 MediaWikiServices
::getInstance()->getPermissionManager()
997 ->getPermissionErrors( 'move', $this->user
, $this->title
) );
999 $this->setTitle( NS_HELP
, "test page" );
1000 $this->assertEquals( [],
1001 MediaWikiServices
::getInstance()->getPermissionManager()
1002 ->getPermissionErrors( 'move', $this->user
, $this->title
) );
1003 $this->assertEquals( true,
1004 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
1005 'move', $this->user
, $this->title
) );
1007 $this->title
->mInterwiki
= "no";
1008 $this->assertEquals( [ [ 'immobile-source-page' ] ],
1009 MediaWikiServices
::getInstance()->getPermissionManager()
1010 ->getPermissionErrors( 'move', $this->user
, $this->title
) );
1011 $this->assertEquals( false,
1012 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
1013 'move', $this->user
, $this->title
) );
1015 $this->setTitle( NS_MEDIA
, "test page" );
1016 $this->assertEquals( false,
1017 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
1018 'move-target', $this->user
, $this->title
) );
1019 $this->assertEquals( [ [ 'immobile-target-namespace', 'Media' ] ],
1020 MediaWikiServices
::getInstance()->getPermissionManager()
1021 ->getPermissionErrors( 'move-target', $this->user
, $this->title
) );
1023 $this->setTitle( NS_HELP
, "test page" );
1024 $this->assertEquals( [],
1025 MediaWikiServices
::getInstance()->getPermissionManager()
1026 ->getPermissionErrors( 'move-target', $this->user
, $this->title
) );
1027 $this->assertEquals( true,
1028 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
1029 'move-target', $this->user
, $this->title
) );
1031 $this->title
->mInterwiki
= "no";
1032 $this->assertEquals( [ [ 'immobile-target-page' ] ],
1033 MediaWikiServices
::getInstance()->getPermissionManager()
1034 ->getPermissionErrors( 'move-target', $this->user
, $this->title
) );
1035 $this->assertEquals( false,
1036 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
1037 'move-target', $this->user
, $this->title
) );
1041 * @covers \MediaWiki\Permissions\PermissionManager::checkUserBlock
1043 public function testUserBlock() {
1044 $this->setMwGlobals( [
1045 'wgEmailConfirmToEdit' => true,
1046 'wgEmailAuthentication' => true,
1047 'wgBlockDisablesLogin' => false,
1050 $this->overrideUserPermissions( $this->user
, [
1059 $this->setTitle( NS_HELP
, "test page" );
1061 # $wgEmailConfirmToEdit only applies to 'edit' action
1062 $this->assertEquals( [],
1063 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
1064 'move-target', $this->user
, $this->title
) );
1065 $this->assertContains( [ 'confirmedittext' ],
1066 MediaWikiServices
::getInstance()->getPermissionManager()
1067 ->getPermissionErrors( 'edit', $this->user
, $this->title
) );
1069 $this->setMwGlobals( 'wgEmailConfirmToEdit', false );
1070 $this->resetServices();
1071 $this->overrideUserPermissions( $this->user
, [
1081 $this->assertNotContains( [ 'confirmedittext' ],
1082 MediaWikiServices
::getInstance()->getPermissionManager()
1083 ->getPermissionErrors( 'edit', $this->user
, $this->title
) );
1085 # $wgEmailConfirmToEdit && !$user->isEmailConfirmed() && $action != 'createaccount'
1086 $this->assertEquals( [],
1087 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
1088 'move-target', $this->user
, $this->title
) );
1092 $now = time() +
120;
1093 $this->user
->mBlockedby
= $this->user
->getId();
1094 $this->user
->mBlock
= new DatabaseBlock( [
1095 'address' => '127.0.8.1',
1096 'by' => $this->user
->getId(),
1097 'reason' => 'no reason given',
1098 'timestamp' => $prev +
3600,
1102 $this->user
->mBlock
->mTimestamp
= 0;
1103 $this->assertEquals( [ [ 'autoblockedtext',
1104 "[[User:Useruser|\u{202A}Useruser\u{202C}]]", 'no reason given', '127.0.0.1',
1105 "\u{202A}Useruser\u{202C}", null, 'infinite', '127.0.8.1',
1106 $wgLang->timeanddate( wfTimestamp( TS_MW
, $prev ), true ) ] ],
1107 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
1108 'move-target', $this->user
, $this->title
) );
1110 $this->assertEquals( false, MediaWikiServices
::getInstance()->getPermissionManager()
1111 ->userCan( 'move-target', $this->user
, $this->title
) );
1112 // quickUserCan should ignore user blocks
1113 $this->assertEquals( true, MediaWikiServices
::getInstance()->getPermissionManager()
1114 ->userCan( 'move-target', $this->user
, $this->title
,
1115 PermissionManager
::RIGOR_QUICK
) );
1117 global $wgLocalTZoffset;
1118 $wgLocalTZoffset = -60;
1119 $this->user
->mBlockedby
= $this->user
->getName();
1120 $this->user
->mBlock
= new DatabaseBlock( [
1121 'address' => '127.0.8.1',
1122 'by' => $this->user
->getId(),
1123 'reason' => 'no reason given',
1124 'timestamp' => $now,
1128 $this->assertEquals( [ [ 'blockedtext',
1129 "[[User:Useruser|\u{202A}Useruser\u{202C}]]", 'no reason given', '127.0.0.1',
1130 "\u{202A}Useruser\u{202C}", null, '23:00, 31 December 1969', '127.0.8.1',
1131 $wgLang->timeanddate( wfTimestamp( TS_MW
, $now ), true ) ] ],
1132 MediaWikiServices
::getInstance()->getPermissionManager()
1133 ->getPermissionErrors( 'move-target', $this->user
, $this->title
) );
1134 # $action != 'read' && $action != 'createaccount' && $user->isBlockedFrom( $this )
1135 # $user->blockedFor() == ''
1136 # $user->mBlock->mExpiry == 'infinity'
1138 $this->user
->mBlockedby
= $this->user
->getName();
1139 $this->user
->mBlock
= new SystemBlock( [
1140 'address' => '127.0.8.1',
1141 'by' => $this->user
->getId(),
1142 'reason' => 'no reason given',
1143 'timestamp' => $now,
1145 'systemBlock' => 'test',
1148 $errors = [ [ 'systemblockedtext',
1149 "[[User:Useruser|\u{202A}Useruser\u{202C}]]", 'no reason given', '127.0.0.1',
1150 "\u{202A}Useruser\u{202C}", 'test', 'infinite', '127.0.8.1',
1151 $wgLang->timeanddate( wfTimestamp( TS_MW
, $now ), true ) ] ];
1153 $this->assertEquals( $errors,
1154 MediaWikiServices
::getInstance()->getPermissionManager()
1155 ->getPermissionErrors( 'edit', $this->user
, $this->title
) );
1156 $this->assertEquals( $errors,
1157 MediaWikiServices
::getInstance()->getPermissionManager()
1158 ->getPermissionErrors( 'move-target', $this->user
, $this->title
) );
1159 $this->assertEquals( $errors,
1160 MediaWikiServices
::getInstance()->getPermissionManager()
1161 ->getPermissionErrors( 'rollback', $this->user
, $this->title
) );
1162 $this->assertEquals( $errors,
1163 MediaWikiServices
::getInstance()->getPermissionManager()
1164 ->getPermissionErrors( 'patrol', $this->user
, $this->title
) );
1165 $this->assertEquals( $errors,
1166 MediaWikiServices
::getInstance()->getPermissionManager()
1167 ->getPermissionErrors( 'upload', $this->user
, $this->title
) );
1168 $this->assertEquals( [],
1169 MediaWikiServices
::getInstance()->getPermissionManager()
1170 ->getPermissionErrors( 'purge', $this->user
, $this->title
) );
1172 // partial block message test
1173 $this->user
->mBlockedby
= $this->user
->getName();
1174 $this->user
->mBlock
= new DatabaseBlock( [
1175 'address' => '127.0.8.1',
1176 'by' => $this->user
->getId(),
1177 'reason' => 'no reason given',
1178 'timestamp' => $now,
1179 'sitewide' => false,
1183 $this->assertEquals( [],
1184 MediaWikiServices
::getInstance()->getPermissionManager()
1185 ->getPermissionErrors( 'edit', $this->user
, $this->title
) );
1186 $this->assertEquals( [],
1187 MediaWikiServices
::getInstance()->getPermissionManager()
1188 ->getPermissionErrors( 'move-target', $this->user
, $this->title
) );
1189 $this->assertEquals( [],
1190 MediaWikiServices
::getInstance()->getPermissionManager()
1191 ->getPermissionErrors( 'rollback', $this->user
, $this->title
) );
1192 $this->assertEquals( [],
1193 MediaWikiServices
::getInstance()->getPermissionManager()
1194 ->getPermissionErrors( 'patrol', $this->user
, $this->title
) );
1195 $this->assertEquals( [],
1196 MediaWikiServices
::getInstance()->getPermissionManager()
1197 ->getPermissionErrors( 'upload', $this->user
, $this->title
) );
1198 $this->assertEquals( [],
1199 MediaWikiServices
::getInstance()->getPermissionManager()
1200 ->getPermissionErrors( 'purge', $this->user
, $this->title
) );
1202 $this->user
->mBlock
->setRestrictions( [
1203 ( new PageRestriction( 0, $this->title
->getArticleID() ) )->setTitle( $this->title
),
1206 $errors = [ [ 'blockedtext-partial',
1207 "[[User:Useruser|\u{202A}Useruser\u{202C}]]", 'no reason given', '127.0.0.1',
1208 "\u{202A}Useruser\u{202C}", null, '23:00, 31 December 1969', '127.0.8.1',
1209 $wgLang->timeanddate( wfTimestamp( TS_MW
, $now ), true ) ] ];
1211 $this->assertEquals( $errors,
1212 MediaWikiServices
::getInstance()->getPermissionManager()
1213 ->getPermissionErrors( 'edit', $this->user
, $this->title
) );
1214 $this->assertEquals( $errors,
1215 MediaWikiServices
::getInstance()->getPermissionManager()
1216 ->getPermissionErrors( 'move-target', $this->user
, $this->title
) );
1217 $this->assertEquals( $errors,
1218 MediaWikiServices
::getInstance()->getPermissionManager()
1219 ->getPermissionErrors( 'rollback', $this->user
, $this->title
) );
1220 $this->assertEquals( $errors,
1221 MediaWikiServices
::getInstance()->getPermissionManager()
1222 ->getPermissionErrors( 'patrol', $this->user
, $this->title
) );
1223 $this->assertEquals( [],
1224 MediaWikiServices
::getInstance()->getPermissionManager()
1225 ->getPermissionErrors( 'upload', $this->user
, $this->title
) );
1226 $this->assertEquals( [],
1227 MediaWikiServices
::getInstance()->getPermissionManager()
1228 ->getPermissionErrors( 'purge', $this->user
, $this->title
) );
1231 $this->user
->mBlockedby
= null;
1232 $this->user
->mBlock
= null;
1234 $this->assertEquals( [],
1235 MediaWikiServices
::getInstance()->getPermissionManager()
1236 ->getPermissionErrors( 'edit', $this->user
, $this->title
) );
1240 * @covers \MediaWiki\Permissions\PermissionManager::checkUserBlock
1242 * Tests to determine that the passed in permission does not get mixed up with
1243 * an action of the same name.
1245 public function testUserBlockAction() {
1248 $tester = $this->getMockBuilder( Action
::class )
1249 ->disableOriginalConstructor()
1251 $tester->method( 'getName' )
1252 ->willReturn( 'tester' );
1253 $tester->method( 'getRestriction' )
1254 ->willReturn( 'test' );
1255 $tester->method( 'requiresUnblock' )
1256 ->willReturn( false );
1258 $this->setMwGlobals( [
1260 'tester' => $tester,
1262 'wgGroupPermissions' => [
1270 $this->user
->mBlockedby
= $this->user
->getName();
1271 $this->user
->mBlock
= new DatabaseBlock( [
1272 'address' => '127.0.8.1',
1273 'by' => $this->user
->getId(),
1274 'reason' => 'no reason given',
1275 'timestamp' => $now,
1277 'expiry' => 'infinity',
1280 $errors = [ [ 'blockedtext',
1281 "[[User:Useruser|\u{202A}Useruser\u{202C}]]", 'no reason given', '127.0.0.1',
1282 "\u{202A}Useruser\u{202C}", null, 'infinite', '127.0.8.1',
1283 $wgLang->timeanddate( wfTimestamp( TS_MW
, $now ), true ) ] ];
1285 $this->assertEquals( $errors,
1286 MediaWikiServices
::getInstance()->getPermissionManager()
1287 ->getPermissionErrors( 'tester', $this->user
, $this->title
) );
1291 * @covers \MediaWiki\Permissions\PermissionManager::isBlockedFrom
1293 public function testBlockInstanceCache() {
1294 // First, check the user isn't blocked
1295 $user = $this->getMutableTestUser()->getUser();
1296 $ut = Title
::makeTitle( NS_USER_TALK
, $user->getName() );
1297 $this->assertNull( $user->getBlock( false ), 'sanity check' );
1298 //$this->assertSame( '', $user->blockedBy(), 'sanity check' );
1299 //$this->assertSame( '', $user->blockedFor(), 'sanity check' );
1300 //$this->assertFalse( (bool)$user->isHidden(), 'sanity check' );
1301 $this->assertFalse( MediaWikiServices
::getInstance()->getPermissionManager()
1302 ->isBlockedFrom( $user, $ut ), 'sanity check' );
1305 $blocker = $this->getTestSysop()->getUser();
1306 $block = new DatabaseBlock( [
1308 'allowUsertalk' => false,
1309 'reason' => 'Because',
1311 $block->setTarget( $user );
1312 $block->setBlocker( $blocker );
1313 $res = $block->insert();
1314 $this->assertTrue( (bool)$res['id'], 'sanity check: Failed to insert block' );
1316 // Clear cache and confirm it loaded the block properly
1317 $user->clearInstanceCache();
1318 $this->assertInstanceOf( DatabaseBlock
::class, $user->getBlock( false ) );
1319 //$this->assertSame( $blocker->getName(), $user->blockedBy() );
1320 //$this->assertSame( 'Because', $user->blockedFor() );
1321 //$this->assertTrue( (bool)$user->isHidden() );
1322 $this->assertTrue( MediaWikiServices
::getInstance()->getPermissionManager()
1323 ->isBlockedFrom( $user, $ut ) );
1328 // Clear cache and confirm it loaded the not-blocked properly
1329 $user->clearInstanceCache();
1330 $this->assertNull( $user->getBlock( false ) );
1331 //$this->assertSame( '', $user->blockedBy() );
1332 //$this->assertSame( '', $user->blockedFor() );
1333 //$this->assertFalse( (bool)$user->isHidden() );
1334 $this->assertFalse( MediaWikiServices
::getInstance()->getPermissionManager()
1335 ->isBlockedFrom( $user, $ut ) );
1339 * @covers \MediaWiki\Permissions\PermissionManager::isBlockedFrom
1340 * @dataProvider provideIsBlockedFrom
1341 * @param string|null $title Title to test.
1342 * @param bool $expect Expected result from User::isBlockedFrom()
1343 * @param array $options Additional test options:
1344 * - 'blockAllowsUTEdit': (bool, default true) Value for $wgBlockAllowsUTEdit
1345 * - 'allowUsertalk': (bool, default false) Passed to DatabaseBlock::__construct()
1346 * - 'pageRestrictions': (array|null) If non-empty, page restriction titles for the block.
1348 public function testIsBlockedFrom( $title, $expect, array $options = [] ) {
1349 $this->setMwGlobals( [
1350 'wgBlockAllowsUTEdit' => $options['blockAllowsUTEdit'] ??
true,
1353 $user = $this->getTestUser()->getUser();
1355 if ( $title === self
::USER_TALK_PAGE
) {
1356 $title = $user->getTalkPage();
1358 $title = Title
::newFromText( $title );
1362 foreach ( $options['pageRestrictions'] ??
[] as $pagestr ) {
1363 $page = $this->getExistingTestPage(
1364 $pagestr === self
::USER_TALK_PAGE ?
$user->getTalkPage() : $pagestr
1366 $restrictions[] = new PageRestriction( 0, $page->getId() );
1368 foreach ( $options['namespaceRestrictions'] ??
[] as $ns ) {
1369 $restrictions[] = new NamespaceRestriction( 0, $ns );
1372 $block = new DatabaseBlock( [
1373 'expiry' => wfTimestamp( TS_MW
, wfTimestamp() +
( 40 * 60 * 60 ) ),
1374 'allowUsertalk' => $options['allowUsertalk'] ??
false,
1375 'sitewide' => !$restrictions,
1377 $block->setTarget( $user );
1378 $block->setBlocker( $this->getTestSysop()->getUser() );
1379 if ( $restrictions ) {
1380 $block->setRestrictions( $restrictions );
1385 $this->assertSame( $expect, MediaWikiServices
::getInstance()->getPermissionManager()
1386 ->isBlockedFrom( $user, $title ) );
1392 public static function provideIsBlockedFrom() {
1394 'Sitewide block, basic operation' => [ 'Test page', true ],
1395 'Sitewide block, not allowing user talk' => [
1396 self
::USER_TALK_PAGE
, true, [
1397 'allowUsertalk' => false,
1400 'Sitewide block, allowing user talk' => [
1401 self
::USER_TALK_PAGE
, false, [
1402 'allowUsertalk' => true,
1405 'Sitewide block, allowing user talk but $wgBlockAllowsUTEdit is false' => [
1406 self
::USER_TALK_PAGE
, true, [
1407 'allowUsertalk' => true,
1408 'blockAllowsUTEdit' => false,
1411 'Partial block, blocking the page' => [
1412 'Test page', true, [
1413 'pageRestrictions' => [ 'Test page' ],
1416 'Partial block, not blocking the page' => [
1417 'Test page 2', false, [
1418 'pageRestrictions' => [ 'Test page' ],
1421 'Partial block, not allowing user talk but user talk page is not blocked' => [
1422 self
::USER_TALK_PAGE
, false, [
1423 'allowUsertalk' => false,
1424 'pageRestrictions' => [ 'Test page' ],
1427 'Partial block, allowing user talk but user talk page is blocked' => [
1428 self
::USER_TALK_PAGE
, true, [
1429 'allowUsertalk' => true,
1430 'pageRestrictions' => [ self
::USER_TALK_PAGE
],
1433 'Partial block, user talk page is not blocked but $wgBlockAllowsUTEdit is false' => [
1434 self
::USER_TALK_PAGE
, false, [
1435 'allowUsertalk' => false,
1436 'pageRestrictions' => [ 'Test page' ],
1437 'blockAllowsUTEdit' => false,
1440 'Partial block, user talk page is blocked and $wgBlockAllowsUTEdit is false' => [
1441 self
::USER_TALK_PAGE
, true, [
1442 'allowUsertalk' => true,
1443 'pageRestrictions' => [ self
::USER_TALK_PAGE
],
1444 'blockAllowsUTEdit' => false,
1447 'Partial user talk namespace block, not allowing user talk' => [
1448 self
::USER_TALK_PAGE
, true, [
1449 'allowUsertalk' => false,
1450 'namespaceRestrictions' => [ NS_USER_TALK
],
1453 'Partial user talk namespace block, allowing user talk' => [
1454 self
::USER_TALK_PAGE
, false, [
1455 'allowUsertalk' => true,
1456 'namespaceRestrictions' => [ NS_USER_TALK
],
1459 'Partial user talk namespace block, where $wgBlockAllowsUTEdit is false' => [
1460 self
::USER_TALK_PAGE
, true, [
1461 'allowUsertalk' => true,
1462 'namespaceRestrictions' => [ NS_USER_TALK
],
1463 'blockAllowsUTEdit' => false,
1470 * @covers \MediaWiki\Permissions\PermissionManager::getUserPermissions
1472 public function testGetUserPermissions() {
1473 $user = $this->getTestUser( [ 'unittesters' ] )->getUser();
1474 $rights = MediaWikiServices
::getInstance()->getPermissionManager()
1475 ->getUserPermissions( $user );
1476 $this->assertContains( 'runtest', $rights );
1477 $this->assertNotContains( 'writetest', $rights );
1478 $this->assertNotContains( 'modifytest', $rights );
1479 $this->assertNotContains( 'nukeworld', $rights );
1483 * @covers \MediaWiki\Permissions\PermissionManager::getUserPermissions
1485 public function testGetUserPermissionsHooks() {
1486 $user = $this->getTestUser( [ 'unittesters', 'testwriters' ] )->getUser();
1487 $userWrapper = TestingAccessWrapper
::newFromObject( $user );
1489 $rights = MediaWikiServices
::getInstance()->getPermissionManager()
1490 ->getUserPermissions( $user );
1491 $this->assertContains( 'test', $rights, 'sanity check' );
1492 $this->assertContains( 'runtest', $rights, 'sanity check' );
1493 $this->assertContains( 'writetest', $rights, 'sanity check' );
1494 $this->assertNotContains( 'nukeworld', $rights, 'sanity check' );
1496 // Add a hook manipluating the rights
1497 $this->mergeMwGlobalArrayValue( 'wgHooks', [ 'UserGetRights' => [ function ( $user, &$rights ) {
1498 $rights[] = 'nukeworld';
1499 $rights = array_diff( $rights, [ 'writetest' ] );
1502 $this->resetServices();
1503 $rights = MediaWikiServices
::getInstance()->getPermissionManager()
1504 ->getUserPermissions( $user );
1505 $this->assertContains( 'test', $rights );
1506 $this->assertContains( 'runtest', $rights );
1507 $this->assertNotContains( 'writetest', $rights );
1508 $this->assertContains( 'nukeworld', $rights );
1510 // Add a Session that limits rights
1511 $mock = $this->getMockBuilder( stdClass
::class )
1512 ->setMethods( [ 'getAllowedUserRights', 'deregisterSession', 'getSessionId' ] )
1514 $mock->method( 'getAllowedUserRights' )->willReturn( [ 'test', 'writetest' ] );
1515 $mock->method( 'getSessionId' )->willReturn(
1516 new SessionId( str_repeat( 'X', 32 ) )
1518 $session = TestUtils
::getDummySession( $mock );
1519 $mockRequest = $this->getMockBuilder( FauxRequest
::class )
1520 ->setMethods( [ 'getSession' ] )
1522 $mockRequest->method( 'getSession' )->willReturn( $session );
1523 $userWrapper->mRequest
= $mockRequest;
1525 $this->resetServices();
1526 $rights = MediaWikiServices
::getInstance()->getPermissionManager()
1527 ->getUserPermissions( $user );
1528 $this->assertContains( 'test', $rights );
1529 $this->assertNotContains( 'runtest', $rights );
1530 $this->assertNotContains( 'writetest', $rights );
1531 $this->assertNotContains( 'nukeworld', $rights );
1535 * @covers \MediaWiki\Permissions\PermissionManager::getGroupPermissions
1537 public function testGroupPermissions() {
1538 $rights = MediaWikiServices
::getInstance()->getPermissionManager()
1539 ->getGroupPermissions( [ 'unittesters' ] );
1540 $this->assertContains( 'runtest', $rights );
1541 $this->assertNotContains( 'writetest', $rights );
1542 $this->assertNotContains( 'modifytest', $rights );
1543 $this->assertNotContains( 'nukeworld', $rights );
1545 $rights = MediaWikiServices
::getInstance()->getPermissionManager()
1546 ->getGroupPermissions( [ 'unittesters', 'testwriters' ] );
1547 $this->assertContains( 'runtest', $rights );
1548 $this->assertContains( 'writetest', $rights );
1549 $this->assertContains( 'modifytest', $rights );
1550 $this->assertNotContains( 'nukeworld', $rights );
1554 * @covers \MediaWiki\Permissions\PermissionManager::getGroupPermissions
1556 public function testRevokePermissions() {
1557 $rights = MediaWikiServices
::getInstance()->getPermissionManager()
1558 ->getGroupPermissions( [ 'unittesters', 'formertesters' ] );
1559 $this->assertNotContains( 'runtest', $rights );
1560 $this->assertNotContains( 'writetest', $rights );
1561 $this->assertNotContains( 'modifytest', $rights );
1562 $this->assertNotContains( 'nukeworld', $rights );
1566 * @dataProvider provideGetGroupsWithPermission
1567 * @covers \MediaWiki\Permissions\PermissionManager::getGroupsWithPermission
1569 public function testGetGroupsWithPermission( $expected, $right ) {
1570 $result = MediaWikiServices
::getInstance()->getPermissionManager()
1571 ->getGroupsWithPermission( $right );
1575 $this->assertEquals( $expected, $result, "Groups with permission $right" );
1578 public static function provideGetGroupsWithPermission() {
1581 [ 'unittesters', 'testwriters' ],
1600 * @covers \MediaWiki\Permissions\PermissionManager::userHasRight
1602 public function testUserHasRight() {
1603 $result = MediaWikiServices
::getInstance()->getPermissionManager()->userHasRight(
1604 $this->getTestUser( 'unittesters' )->getUser(),
1607 $this->assertTrue( $result );
1609 $result = MediaWikiServices
::getInstance()->getPermissionManager()->userHasRight(
1610 $this->getTestUser( 'formertesters' )->getUser(),
1613 $this->assertFalse( $result );
1615 $result = MediaWikiServices
::getInstance()->getPermissionManager()->userHasRight(
1616 $this->getTestUser( 'formertesters' )->getUser(),
1619 $this->assertTrue( $result );
1623 * @covers \MediaWiki\Permissions\PermissionManager::groupHasPermission
1625 public function testGroupHasPermission() {
1626 $result = MediaWikiServices
::getInstance()->getPermissionManager()->groupHasPermission(
1630 $this->assertTrue( $result );
1632 $result = MediaWikiServices
::getInstance()->getPermissionManager()->groupHasPermission(
1636 $this->assertFalse( $result );
1640 * @covers \MediaWiki\Permissions\PermissionManager::isEveryoneAllowed
1642 public function testIsEveryoneAllowed() {
1643 $result = MediaWikiServices
::getInstance()->getPermissionManager()
1644 ->isEveryoneAllowed( 'editmyoptions' );
1645 $this->assertTrue( $result );
1647 $result = MediaWikiServices
::getInstance()->getPermissionManager()
1648 ->isEveryoneAllowed( 'test' );
1649 $this->assertFalse( $result );
1653 * @covers \MediaWiki\Permissions\PermissionManager::addTemporaryUserRights
1655 public function testAddTemporaryUserRights() {
1656 $permissionManager = MediaWikiServices
::getInstance()->getPermissionManager();
1657 $this->overrideUserPermissions( $this->user
, [ 'read', 'edit' ] );
1659 $this->assertEquals( [ 'read', 'edit' ], $permissionManager->getUserPermissions( $this->user
) );
1660 $this->assertFalse( $permissionManager->userHasRight( $this->user
, 'move' ) );
1662 $scope = $permissionManager->addTemporaryUserRights( $this->user
, [ 'move', 'delete' ] );
1663 $this->assertEquals( [ 'read', 'edit', 'move', 'delete' ],
1664 $permissionManager->getUserPermissions( $this->user
) );
1665 $this->assertTrue( $permissionManager->userHasRight( $this->user
, 'move' ) );
1667 $scope2 = $permissionManager->addTemporaryUserRights( $this->user
, [ 'delete', 'upload' ] );
1668 $this->assertEquals( [ 'read', 'edit', 'move', 'delete', 'upload' ],
1669 $permissionManager->getUserPermissions( $this->user
) );
1671 ScopedCallback
::consume( $scope );
1672 $this->assertEquals( [ 'read', 'edit', 'delete', 'upload' ],
1673 $permissionManager->getUserPermissions( $this->user
) );
1674 ScopedCallback
::consume( $scope2 );
1675 $this->assertEquals( [ 'read', 'edit' ],
1676 $permissionManager->getUserPermissions( $this->user
) );
1677 $this->assertFalse( $permissionManager->userHasRight( $this->user
, 'move' ) );
1679 ( function () use ( $permissionManager ) {
1680 $scope = $permissionManager->addTemporaryUserRights( $this->user
, 'move' );
1681 $this->assertTrue( $permissionManager->userHasRight( $this->user
, 'move' ) );
1683 $this->assertFalse( $permissionManager->userHasRight( $this->user
, 'move' ) );