3 use MediaWiki\Block\DatabaseBlock
;
4 use MediaWiki\Block\Restriction\PageRestriction
;
5 use MediaWiki\Block\SystemBlock
;
6 use MediaWiki\MediaWikiServices
;
11 * @covers \MediaWiki\Permissions\PermissionManager::getPermissionErrors
12 * @covers \MediaWiki\Permissions\PermissionManager::getPermissionErrorsInternal
14 class TitlePermissionTest
extends MediaWikiLangTestCase
{
19 protected $userName, $altUserName;
29 protected $user, $anonUser, $userUser, $altUser;
31 protected function setUp() {
35 $localOffset = date( 'Z' ) / 60;
37 $this->setMwGlobals( [
38 'wgLocaltimezone' => $localZone,
39 'wgLocalTZoffset' => $localOffset,
40 'wgNamespaceProtection' => [
41 NS_MEDIAWIKI
=> 'editinterface',
44 // Without this testUserBlock will use a non-English context on non-English MediaWiki
45 // installations (because of how Title::checkUserBlock is implemented) and fail.
46 RequestContext
::resetMain();
48 $this->userName
= 'Useruser';
49 $this->altUserName
= 'Altuseruser';
50 date_default_timezone_set( $localZone );
52 $this->title
= Title
::makeTitle( NS_MAIN
, "Main Page" );
53 if ( !isset( $this->userUser
) ||
!( $this->userUser
instanceof User
) ) {
54 $this->userUser
= User
::newFromName( $this->userName
);
56 if ( !$this->userUser
->getId() ) {
57 $this->userUser
= User
::createNew( $this->userName
, [
58 "email" => "test@example.com",
59 "real_name" => "Test User" ] );
60 $this->userUser
->load();
63 $this->altUser
= User
::newFromName( $this->altUserName
);
64 if ( !$this->altUser
->getId() ) {
65 $this->altUser
= User
::createNew( $this->altUserName
, [
66 "email" => "alttest@example.com",
67 "real_name" => "Test User Alt" ] );
68 $this->altUser
->load();
71 $this->anonUser
= User
::newFromId( 0 );
73 $this->user
= $this->userUser
;
75 $this->overrideMwServices();
78 protected function setUserPerm( $perm ) {
79 // Setting member variables is evil!!!
81 if ( is_array( $perm ) ) {
82 $this->user
->mRights
= $perm;
84 $this->user
->mRights
= [ $perm ];
88 protected function setTitle( $ns, $title = "Main_Page" ) {
89 $this->title
= Title
::makeTitle( $ns, $title );
92 protected function setUser( $userName = null ) {
93 if ( $userName === 'anon' ) {
94 $this->user
= $this->anonUser
;
95 } elseif ( $userName === null ||
$userName === $this->userName
) {
96 $this->user
= $this->userUser
;
98 $this->user
= $this->altUser
;
103 * @todo This test method should be split up into separate test methods and
106 * This test is failing per T201776.
109 * @covers \MediaWiki\Permissions\PermissionManager::checkQuickPermissions
111 public function testQuickPermissions() {
112 $prefix = MediaWikiServices
::getInstance()->getContentLanguage()->
113 getFormattedNsText( NS_PROJECT
);
115 $this->setUser( 'anon' );
116 $this->setTitle( NS_TALK
);
117 $this->setUserPerm( "createtalk" );
118 $res = $this->title
->getUserPermissionsErrors( 'create', $this->user
);
119 $this->assertEquals( [], $res );
121 $this->setTitle( NS_TALK
);
122 $this->setUserPerm( "createpage" );
123 $res = $this->title
->getUserPermissionsErrors( 'create', $this->user
);
124 $this->assertEquals( [ [ "nocreatetext" ] ], $res );
126 $this->setTitle( NS_TALK
);
127 $this->setUserPerm( "" );
128 $res = $this->title
->getUserPermissionsErrors( 'create', $this->user
);
129 $this->assertEquals( [ [ 'nocreatetext' ] ], $res );
131 $this->setTitle( NS_MAIN
);
132 $this->setUserPerm( "createpage" );
133 $res = $this->title
->getUserPermissionsErrors( 'create', $this->user
);
134 $this->assertEquals( [], $res );
136 $this->setTitle( NS_MAIN
);
137 $this->setUserPerm( "createtalk" );
138 $res = $this->title
->getUserPermissionsErrors( 'create', $this->user
);
139 $this->assertEquals( [ [ 'nocreatetext' ] ], $res );
141 $this->setUser( $this->userName
);
142 $this->setTitle( NS_TALK
);
143 $this->setUserPerm( "createtalk" );
144 $res = $this->title
->getUserPermissionsErrors( 'create', $this->user
);
145 $this->assertEquals( [], $res );
147 $this->setTitle( NS_TALK
);
148 $this->setUserPerm( "createpage" );
149 $res = $this->title
->getUserPermissionsErrors( 'create', $this->user
);
150 $this->assertEquals( [ [ 'nocreate-loggedin' ] ], $res );
152 $this->setTitle( NS_TALK
);
153 $this->setUserPerm( "" );
154 $res = $this->title
->getUserPermissionsErrors( 'create', $this->user
);
155 $this->assertEquals( [ [ 'nocreate-loggedin' ] ], $res );
157 $this->setTitle( NS_MAIN
);
158 $this->setUserPerm( "createpage" );
159 $res = $this->title
->getUserPermissionsErrors( 'create', $this->user
);
160 $this->assertEquals( [], $res );
162 $this->setTitle( NS_MAIN
);
163 $this->setUserPerm( "createtalk" );
164 $res = $this->title
->getUserPermissionsErrors( 'create', $this->user
);
165 $this->assertEquals( [ [ 'nocreate-loggedin' ] ], $res );
167 $this->setTitle( NS_MAIN
);
168 $this->setUserPerm( "" );
169 $res = $this->title
->getUserPermissionsErrors( 'create', $this->user
);
170 $this->assertEquals( [ [ 'nocreate-loggedin' ] ], $res );
172 $this->setUser( 'anon' );
173 $this->setTitle( NS_USER
, $this->userName
. '' );
174 $this->setUserPerm( "" );
175 $res = $this->title
->getUserPermissionsErrors( 'move', $this->user
);
176 $this->assertEquals( [ [ 'cant-move-user-page' ], [ 'movenologintext' ] ], $res );
178 $this->setTitle( NS_USER
, $this->userName
. '/subpage' );
179 $this->setUserPerm( "" );
180 $res = $this->title
->getUserPermissionsErrors( 'move', $this->user
);
181 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
183 $this->setTitle( NS_USER
, $this->userName
. '' );
184 $this->setUserPerm( "move-rootuserpages" );
185 $res = $this->title
->getUserPermissionsErrors( 'move', $this->user
);
186 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
188 $this->setTitle( NS_USER
, $this->userName
. '/subpage' );
189 $this->setUserPerm( "move-rootuserpages" );
190 $res = $this->title
->getUserPermissionsErrors( 'move', $this->user
);
191 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
193 $this->setTitle( NS_USER
, $this->userName
. '' );
194 $this->setUserPerm( "" );
195 $res = $this->title
->getUserPermissionsErrors( 'move', $this->user
);
196 $this->assertEquals( [ [ 'cant-move-user-page' ], [ 'movenologintext' ] ], $res );
198 $this->setTitle( NS_USER
, $this->userName
. '/subpage' );
199 $this->setUserPerm( "" );
200 $res = $this->title
->getUserPermissionsErrors( 'move', $this->user
);
201 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
203 $this->setTitle( NS_USER
, $this->userName
. '' );
204 $this->setUserPerm( "move-rootuserpages" );
205 $res = $this->title
->getUserPermissionsErrors( 'move', $this->user
);
206 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
208 $this->setTitle( NS_USER
, $this->userName
. '/subpage' );
209 $this->setUserPerm( "move-rootuserpages" );
210 $res = $this->title
->getUserPermissionsErrors( 'move', $this->user
);
211 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
213 $this->setUser( $this->userName
);
214 $this->setTitle( NS_FILE
, "img.png" );
215 $this->setUserPerm( "" );
216 $res = $this->title
->getUserPermissionsErrors( 'move', $this->user
);
217 $this->assertEquals( [ [ 'movenotallowedfile' ], [ 'movenotallowed' ] ], $res );
219 $this->setTitle( NS_FILE
, "img.png" );
220 $this->setUserPerm( "movefile" );
221 $res = $this->title
->getUserPermissionsErrors( 'move', $this->user
);
222 $this->assertEquals( [ [ 'movenotallowed' ] ], $res );
224 $this->setUser( 'anon' );
225 $this->setTitle( NS_FILE
, "img.png" );
226 $this->setUserPerm( "" );
227 $res = $this->title
->getUserPermissionsErrors( 'move', $this->user
);
228 $this->assertEquals( [ [ 'movenotallowedfile' ], [ 'movenologintext' ] ], $res );
230 $this->setTitle( NS_FILE
, "img.png" );
231 $this->setUserPerm( "movefile" );
232 $res = $this->title
->getUserPermissionsErrors( 'move', $this->user
);
233 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
235 $this->setUser( $this->userName
);
236 $this->setUserPerm( "move" );
237 $this->runGroupPermissions( 'move', [ [ 'movenotallowedfile' ] ] );
239 $this->setUserPerm( "" );
240 $this->runGroupPermissions(
242 [ [ 'movenotallowedfile' ], [ 'movenotallowed' ] ]
245 $this->setUser( 'anon' );
246 $this->setUserPerm( "move" );
247 $this->runGroupPermissions( 'move', [ [ 'movenotallowedfile' ] ] );
249 $this->setUserPerm( "" );
250 $this->runGroupPermissions(
252 [ [ 'movenotallowedfile' ], [ 'movenotallowed' ] ],
253 [ [ 'movenotallowedfile' ], [ 'movenologintext' ] ]
256 if ( $this->isWikitextNS( NS_MAIN
) ) {
257 // NOTE: some content models don't allow moving
258 // @todo find a Wikitext namespace for testing
260 $this->setTitle( NS_MAIN
);
261 $this->setUser( 'anon' );
262 $this->setUserPerm( "move" );
263 $this->runGroupPermissions( 'move', [] );
265 $this->setUserPerm( "" );
266 $this->runGroupPermissions( 'move', [ [ 'movenotallowed' ] ],
267 [ [ 'movenologintext' ] ] );
269 $this->setUser( $this->userName
);
270 $this->setUserPerm( "" );
271 $this->runGroupPermissions( 'move', [ [ 'movenotallowed' ] ] );
273 $this->setUserPerm( "move" );
274 $this->runGroupPermissions( 'move', [] );
276 $this->setUser( 'anon' );
277 $this->setUserPerm( 'move' );
278 $res = $this->title
->getUserPermissionsErrors( 'move-target', $this->user
);
279 $this->assertEquals( [], $res );
281 $this->setUserPerm( '' );
282 $res = $this->title
->getUserPermissionsErrors( 'move-target', $this->user
);
283 $this->assertEquals( [ [ 'movenotallowed' ] ], $res );
286 $this->setTitle( NS_USER
);
287 $this->setUser( $this->userName
);
288 $this->setUserPerm( [ "move", "move-rootuserpages" ] );
289 $res = $this->title
->getUserPermissionsErrors( 'move-target', $this->user
);
290 $this->assertEquals( [], $res );
292 $this->setUserPerm( "move" );
293 $res = $this->title
->getUserPermissionsErrors( 'move-target', $this->user
);
294 $this->assertEquals( [ [ 'cant-move-to-user-page' ] ], $res );
296 $this->setUser( 'anon' );
297 $this->setUserPerm( [ "move", "move-rootuserpages" ] );
298 $res = $this->title
->getUserPermissionsErrors( 'move-target', $this->user
);
299 $this->assertEquals( [], $res );
301 $this->setTitle( NS_USER
, "User/subpage" );
302 $this->setUserPerm( [ "move", "move-rootuserpages" ] );
303 $res = $this->title
->getUserPermissionsErrors( 'move-target', $this->user
);
304 $this->assertEquals( [], $res );
306 $this->setUserPerm( "move" );
307 $res = $this->title
->getUserPermissionsErrors( 'move-target', $this->user
);
308 $this->assertEquals( [], $res );
310 $this->setUser( 'anon' );
313 [ [ 'badaccess-groups', "*, [[$prefix:Users|Users]]", 2 ] ],
314 [ [ 'badaccess-group0' ] ],
321 "[[$prefix:Administrators|Administrators]]", 1 ],
324 [ [ 'badaccess-group0' ], [ 'protect-cantedit' ] ],
325 [ [ 'protect-cantedit' ] ],
328 '' => [ [], [], [], true ]
331 foreach ( [ "edit", "protect", "" ] as $action ) {
332 $this->setUserPerm( null );
333 $this->assertEquals( $check[$action][0],
334 $this->title
->getUserPermissionsErrors( $action, $this->user
, true ) );
335 $this->assertEquals( $check[$action][0],
336 $this->title
->getUserPermissionsErrors( $action, $this->user
, 'full' ) );
337 $this->assertEquals( $check[$action][0],
338 $this->title
->getUserPermissionsErrors( $action, $this->user
, 'secure' ) );
340 global $wgGroupPermissions;
341 $old = $wgGroupPermissions;
342 $wgGroupPermissions = [];
344 $this->assertEquals( $check[$action][1],
345 $this->title
->getUserPermissionsErrors( $action, $this->user
, true ) );
346 $this->assertEquals( $check[$action][1],
347 $this->title
->getUserPermissionsErrors( $action, $this->user
, 'full' ) );
348 $this->assertEquals( $check[$action][1],
349 $this->title
->getUserPermissionsErrors( $action, $this->user
, 'secure' ) );
350 $wgGroupPermissions = $old;
352 $this->setUserPerm( $action );
353 $this->assertEquals( $check[$action][2],
354 $this->title
->getUserPermissionsErrors( $action, $this->user
, true ) );
355 $this->assertEquals( $check[$action][2],
356 $this->title
->getUserPermissionsErrors( $action, $this->user
, 'full' ) );
357 $this->assertEquals( $check[$action][2],
358 $this->title
->getUserPermissionsErrors( $action, $this->user
, 'secure' ) );
360 $this->setUserPerm( $action );
361 $this->assertEquals( $check[$action][3],
362 $this->title
->userCan( $action, $this->user
, true ) );
363 $this->assertEquals( $check[$action][3],
364 $this->title
->quickUserCan( $action, $this->user
) );
365 # count( User::getGroupsWithPermissions( $action ) ) < 1
369 protected function runGroupPermissions( $action, $result, $result2 = null ) {
370 global $wgGroupPermissions;
372 if ( $result2 === null ) {
376 $wgGroupPermissions['autoconfirmed']['move'] = false;
377 $wgGroupPermissions['user']['move'] = false;
378 $res = $this->title
->getUserPermissionsErrors( $action, $this->user
);
379 $this->assertEquals( $result, $res );
381 $wgGroupPermissions['autoconfirmed']['move'] = true;
382 $wgGroupPermissions['user']['move'] = false;
383 $res = $this->title
->getUserPermissionsErrors( $action, $this->user
);
384 $this->assertEquals( $result2, $res );
386 $wgGroupPermissions['autoconfirmed']['move'] = true;
387 $wgGroupPermissions['user']['move'] = true;
388 $res = $this->title
->getUserPermissionsErrors( $action, $this->user
);
389 $this->assertEquals( $result2, $res );
391 $wgGroupPermissions['autoconfirmed']['move'] = false;
392 $wgGroupPermissions['user']['move'] = true;
393 $res = $this->title
->getUserPermissionsErrors( $action, $this->user
);
394 $this->assertEquals( $result2, $res );
398 * @todo This test method should be split up into separate test methods and
400 * @covers \MediaWiki\Permissions\PermissionManager::checkSpecialsAndNSPermissions
402 public function testSpecialsAndNSPermissions() {
403 global $wgNamespaceProtection;
404 $this->setUser( $this->userName
);
406 $this->setTitle( NS_SPECIAL
);
408 $this->assertEquals( [ [ 'badaccess-group0' ], [ 'ns-specialprotected' ] ],
409 $this->title
->getUserPermissionsErrors( 'bogus', $this->user
) );
411 $this->setTitle( NS_MAIN
);
412 $this->setUserPerm( 'bogus' );
413 $this->assertEquals( [],
414 $this->title
->getUserPermissionsErrors( 'bogus', $this->user
) );
416 $this->setTitle( NS_MAIN
);
417 $this->setUserPerm( '' );
418 $this->assertEquals( [ [ 'badaccess-group0' ] ],
419 $this->title
->getUserPermissionsErrors( 'bogus', $this->user
) );
421 $wgNamespaceProtection[NS_USER
] = [ 'bogus' ];
423 $this->setTitle( NS_USER
);
424 $this->setUserPerm( '' );
425 $this->assertEquals( [ [ 'badaccess-group0' ],
426 [ 'namespaceprotected', 'User', 'bogus' ] ],
427 $this->title
->getUserPermissionsErrors( 'bogus', $this->user
) );
429 $this->setTitle( NS_MEDIAWIKI
);
430 $this->setUserPerm( 'bogus' );
431 $this->assertEquals( [ [ 'protectedinterface', 'bogus' ] ],
432 $this->title
->getUserPermissionsErrors( 'bogus', $this->user
) );
434 $this->setTitle( NS_MEDIAWIKI
);
435 $this->setUserPerm( 'bogus' );
436 $this->assertEquals( [ [ 'protectedinterface', 'bogus' ] ],
437 $this->title
->getUserPermissionsErrors( 'bogus', $this->user
) );
439 $wgNamespaceProtection = null;
441 $this->setUserPerm( 'bogus' );
442 $this->assertEquals( [],
443 $this->title
->getUserPermissionsErrors( 'bogus', $this->user
) );
444 $this->assertEquals( true,
445 $this->title
->userCan( 'bogus', $this->user
) );
447 $this->setUserPerm( '' );
448 $this->assertEquals( [ [ 'badaccess-group0' ] ],
449 $this->title
->getUserPermissionsErrors( 'bogus', $this->user
) );
450 $this->assertEquals( false,
451 $this->title
->userCan( 'bogus', $this->user
) );
455 * @todo This test method should be split up into separate test methods and
457 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
459 public function testJsConfigEditPermissions() {
460 $this->setUser( $this->userName
);
462 $this->setTitle( NS_USER
, $this->userName
. '/test.js' );
463 $this->runConfigEditPermissions(
464 [ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
466 [ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
467 [ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
468 [ [ 'badaccess-group0' ] ],
470 [ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
471 [ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
472 [ [ 'badaccess-group0' ] ],
473 [ [ 'badaccess-groups' ] ]
478 * @todo This test method should be split up into separate test methods and
480 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
482 public function testJsonConfigEditPermissions() {
483 $prefix = MediaWikiServices
::getInstance()->getContentLanguage()->
484 getFormattedNsText( NS_PROJECT
);
485 $this->setUser( $this->userName
);
487 $this->setTitle( NS_USER
, $this->userName
. '/test.json' );
488 $this->runConfigEditPermissions(
489 [ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
491 [ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
492 [ [ 'badaccess-group0' ] ],
493 [ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
495 [ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
496 [ [ 'badaccess-group0' ] ],
497 [ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
498 [ [ 'badaccess-groups' ] ]
503 * @todo This test method should be split up into separate test methods and
505 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
507 public function testCssConfigEditPermissions() {
508 $this->setUser( $this->userName
);
510 $this->setTitle( NS_USER
, $this->userName
. '/test.css' );
511 $this->runConfigEditPermissions(
512 [ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
514 [ [ 'badaccess-group0' ] ],
515 [ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
516 [ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
518 [ [ 'badaccess-group0' ] ],
519 [ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
520 [ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
521 [ [ 'badaccess-groups' ] ]
526 * @todo This test method should be split up into separate test methods and
528 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
530 public function testOtherJsConfigEditPermissions() {
531 $this->setUser( $this->userName
);
533 $this->setTitle( NS_USER
, $this->altUserName
. '/test.js' );
534 $this->runConfigEditPermissions(
535 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
537 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
538 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
539 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
541 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
542 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
543 [ [ 'badaccess-group0' ] ],
544 [ [ 'badaccess-groups' ] ]
549 * @todo This test method should be split up into separate test methods and
551 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
553 public function testOtherJsonConfigEditPermissions() {
554 $this->setUser( $this->userName
);
556 $this->setTitle( NS_USER
, $this->altUserName
. '/test.json' );
557 $this->runConfigEditPermissions(
558 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
560 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
561 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
562 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
564 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
565 [ [ 'badaccess-group0' ] ],
566 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
567 [ [ 'badaccess-groups' ] ]
572 * @todo This test method should be split up into separate test methods and
574 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
576 public function testOtherCssConfigEditPermissions() {
577 $this->setUser( $this->userName
);
579 $this->setTitle( NS_USER
, $this->altUserName
. '/test.css' );
580 $this->runConfigEditPermissions(
581 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
583 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
584 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
585 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
587 [ [ 'badaccess-group0' ] ],
588 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
589 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
590 [ [ 'badaccess-groups' ] ]
595 * @todo This test method should be split up into separate test methods and
597 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
599 public function testOtherNonConfigEditPermissions() {
600 $this->setUser( $this->userName
);
602 $this->setTitle( NS_USER
, $this->altUserName
. '/tempo' );
603 $this->runConfigEditPermissions(
604 [ [ 'badaccess-group0' ] ],
606 [ [ 'badaccess-group0' ] ],
607 [ [ 'badaccess-group0' ] ],
608 [ [ 'badaccess-group0' ] ],
610 [ [ 'badaccess-group0' ] ],
611 [ [ 'badaccess-group0' ] ],
612 [ [ 'badaccess-group0' ] ],
613 [ [ 'badaccess-groups' ] ]
618 * @todo This should use data providers like the other methods here.
619 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
621 public function testPatrolActionConfigEditPermissions() {
622 $this->setUser( 'anon' );
623 $this->setTitle( NS_USER
, 'ToPatrolOrNotToPatrol' );
624 $this->runConfigEditPermissions(
625 [ [ 'badaccess-group0' ] ],
627 [ [ 'badaccess-group0' ] ],
628 [ [ 'badaccess-group0' ] ],
629 [ [ 'badaccess-group0' ] ],
631 [ [ 'badaccess-group0' ] ],
632 [ [ 'badaccess-group0' ] ],
633 [ [ 'badaccess-group0' ] ],
634 [ [ 'badaccess-groups' ] ]
638 protected function runConfigEditPermissions(
648 $this->setUserPerm( '' );
649 $result = $this->title
->getUserPermissionsErrors( 'bogus', $this->user
);
650 $this->assertEquals( $resultNone, $result );
652 $this->setUserPerm( 'editmyusercss' );
653 $result = $this->title
->getUserPermissionsErrors( 'bogus', $this->user
);
654 $this->assertEquals( $resultMyCss, $result );
656 $this->setUserPerm( 'editmyuserjson' );
657 $result = $this->title
->getUserPermissionsErrors( 'bogus', $this->user
);
658 $this->assertEquals( $resultMyJson, $result );
660 $this->setUserPerm( 'editmyuserjs' );
661 $result = $this->title
->getUserPermissionsErrors( 'bogus', $this->user
);
662 $this->assertEquals( $resultMyJs, $result );
664 $this->setUserPerm( 'editusercss' );
665 $result = $this->title
->getUserPermissionsErrors( 'bogus', $this->user
);
666 $this->assertEquals( $resultUserCss, $result );
668 $this->setUserPerm( 'edituserjson' );
669 $result = $this->title
->getUserPermissionsErrors( 'bogus', $this->user
);
670 $this->assertEquals( $resultUserJson, $result );
672 $this->setUserPerm( 'edituserjs' );
673 $result = $this->title
->getUserPermissionsErrors( 'bogus', $this->user
);
674 $this->assertEquals( $resultUserJs, $result );
676 $this->setUserPerm( '' );
677 $result = $this->title
->getUserPermissionsErrors( 'patrol', $this->user
);
678 $this->assertEquals( reset( $resultPatrol[0] ), reset( $result[0] ) );
680 $this->setUserPerm( [ 'edituserjs', 'edituserjson', 'editusercss' ] );
681 $result = $this->title
->getUserPermissionsErrors( 'bogus', $this->user
);
682 $this->assertEquals( [ [ 'badaccess-group0' ] ], $result );
686 * @todo This test method should be split up into separate test methods and
689 * This test is failing per T201776.
692 * @covers \MediaWiki\Permissions\PermissionManager::checkPageRestrictions
694 public function testPageRestrictions() {
695 $prefix = MediaWikiServices
::getInstance()->getContentLanguage()->
696 getFormattedNsText( NS_PROJECT
);
698 $this->setTitle( NS_MAIN
);
699 $this->title
->mRestrictionsLoaded
= true;
700 $this->setUserPerm( "edit" );
701 $this->title
->mRestrictions
= [ "bogus" => [ 'bogus', "sysop", "protect", "" ] ];
703 $this->assertEquals( [],
704 $this->title
->getUserPermissionsErrors( 'edit',
707 $this->assertEquals( true,
708 $this->title
->quickUserCan( 'edit', $this->user
) );
709 $this->title
->mRestrictions
= [ "edit" => [ 'bogus', "sysop", "protect", "" ],
710 "bogus" => [ 'bogus', "sysop", "protect", "" ] ];
712 $this->assertEquals( [ [ 'badaccess-group0' ],
713 [ 'protectedpagetext', 'bogus', 'bogus' ],
714 [ 'protectedpagetext', 'editprotected', 'bogus' ],
715 [ 'protectedpagetext', 'protect', 'bogus' ] ],
716 $this->title
->getUserPermissionsErrors( 'bogus',
718 $this->assertEquals( [ [ 'protectedpagetext', 'bogus', 'edit' ],
719 [ 'protectedpagetext', 'editprotected', 'edit' ],
720 [ 'protectedpagetext', 'protect', 'edit' ] ],
721 $this->title
->getUserPermissionsErrors( 'edit',
723 $this->setUserPerm( "" );
724 $this->assertEquals( [ [ 'badaccess-group0' ],
725 [ 'protectedpagetext', 'bogus', 'bogus' ],
726 [ 'protectedpagetext', 'editprotected', 'bogus' ],
727 [ 'protectedpagetext', 'protect', 'bogus' ] ],
728 $this->title
->getUserPermissionsErrors( 'bogus',
730 $this->assertEquals( [ [ 'badaccess-groups', "*, [[$prefix:Users|Users]]", 2 ],
731 [ 'protectedpagetext', 'bogus', 'edit' ],
732 [ 'protectedpagetext', 'editprotected', 'edit' ],
733 [ 'protectedpagetext', 'protect', 'edit' ] ],
734 $this->title
->getUserPermissionsErrors( 'edit',
736 $this->setUserPerm( [ "edit", "editprotected" ] );
737 $this->assertEquals( [ [ 'badaccess-group0' ],
738 [ 'protectedpagetext', 'bogus', 'bogus' ],
739 [ 'protectedpagetext', 'protect', 'bogus' ] ],
740 $this->title
->getUserPermissionsErrors( 'bogus',
742 $this->assertEquals( [
743 [ 'protectedpagetext', 'bogus', 'edit' ],
744 [ 'protectedpagetext', 'protect', 'edit' ] ],
745 $this->title
->getUserPermissionsErrors( 'edit',
748 $this->title
->mCascadeRestriction
= true;
749 $this->setUserPerm( "edit" );
750 $this->assertEquals( false,
751 $this->title
->quickUserCan( 'bogus', $this->user
) );
752 $this->assertEquals( false,
753 $this->title
->quickUserCan( 'edit', $this->user
) );
754 $this->assertEquals( [ [ 'badaccess-group0' ],
755 [ 'protectedpagetext', 'bogus', 'bogus' ],
756 [ 'protectedpagetext', 'editprotected', 'bogus' ],
757 [ 'protectedpagetext', 'protect', 'bogus' ] ],
758 $this->title
->getUserPermissionsErrors( 'bogus',
760 $this->assertEquals( [ [ 'protectedpagetext', 'bogus', 'edit' ],
761 [ 'protectedpagetext', 'editprotected', 'edit' ],
762 [ 'protectedpagetext', 'protect', 'edit' ] ],
763 $this->title
->getUserPermissionsErrors( 'edit',
766 $this->setUserPerm( [ "edit", "editprotected" ] );
767 $this->assertEquals( false,
768 $this->title
->quickUserCan( 'bogus', $this->user
) );
769 $this->assertEquals( false,
770 $this->title
->quickUserCan( 'edit', $this->user
) );
771 $this->assertEquals( [ [ 'badaccess-group0' ],
772 [ 'protectedpagetext', 'bogus', 'bogus' ],
773 [ 'protectedpagetext', 'protect', 'bogus' ],
774 [ 'protectedpagetext', 'protect', 'bogus' ] ],
775 $this->title
->getUserPermissionsErrors( 'bogus',
777 $this->assertEquals( [ [ 'protectedpagetext', 'bogus', 'edit' ],
778 [ 'protectedpagetext', 'protect', 'edit' ],
779 [ 'protectedpagetext', 'protect', 'edit' ] ],
780 $this->title
->getUserPermissionsErrors( 'edit',
785 * @covers \MediaWiki\Permissions\PermissionManager::checkCascadingSourcesRestrictions
787 public function testCascadingSourcesRestrictions() {
788 $this->setTitle( NS_MAIN
, "test page" );
789 $this->setUserPerm( [ "edit", "bogus" ] );
791 $this->title
->mCascadeSources
= [
792 Title
::makeTitle( NS_MAIN
, "Bogus" ),
793 Title
::makeTitle( NS_MAIN
, "UnBogus" )
795 $this->title
->mCascadingRestrictions
= [
796 "bogus" => [ 'bogus', "sysop", "protect", "" ]
799 $this->assertEquals( false,
800 $this->title
->userCan( 'bogus', $this->user
) );
801 $this->assertEquals( [
802 [ "cascadeprotected", 2, "* [[:Bogus]]\n* [[:UnBogus]]\n", 'bogus' ],
803 [ "cascadeprotected", 2, "* [[:Bogus]]\n* [[:UnBogus]]\n", 'bogus' ],
804 [ "cascadeprotected", 2, "* [[:Bogus]]\n* [[:UnBogus]]\n", 'bogus' ] ],
805 $this->title
->getUserPermissionsErrors( 'bogus', $this->user
) );
807 $this->assertEquals( true,
808 $this->title
->userCan( 'edit', $this->user
) );
809 $this->assertEquals( [],
810 $this->title
->getUserPermissionsErrors( 'edit', $this->user
) );
814 * @todo This test method should be split up into separate test methods and
816 * @covers \MediaWiki\Permissions\PermissionManager::checkActionPermissions
818 public function testActionPermissions() {
819 $this->setUserPerm( [ "createpage" ] );
820 $this->setTitle( NS_MAIN
, "test page" );
821 $this->title
->mTitleProtection
['permission'] = '';
822 $this->title
->mTitleProtection
['user'] = $this->user
->getId();
823 $this->title
->mTitleProtection
['expiry'] = 'infinity';
824 $this->title
->mTitleProtection
['reason'] = 'test';
825 $this->title
->mCascadeRestriction
= false;
827 $this->assertEquals( [ [ 'titleprotected', 'Useruser', 'test' ] ],
828 $this->title
->getUserPermissionsErrors( 'create', $this->user
) );
829 $this->assertEquals( false,
830 $this->title
->userCan( 'create', $this->user
) );
832 $this->title
->mTitleProtection
['permission'] = 'editprotected';
833 $this->setUserPerm( [ 'createpage', 'protect' ] );
834 $this->assertEquals( [ [ 'titleprotected', 'Useruser', 'test' ] ],
835 $this->title
->getUserPermissionsErrors( 'create', $this->user
) );
836 $this->assertEquals( false,
837 $this->title
->userCan( 'create', $this->user
) );
839 $this->setUserPerm( [ 'createpage', 'editprotected' ] );
840 $this->assertEquals( [],
841 $this->title
->getUserPermissionsErrors( 'create', $this->user
) );
842 $this->assertEquals( true,
843 $this->title
->userCan( 'create', $this->user
) );
845 $this->setUserPerm( [ 'createpage' ] );
846 $this->assertEquals( [ [ 'titleprotected', 'Useruser', 'test' ] ],
847 $this->title
->getUserPermissionsErrors( 'create', $this->user
) );
848 $this->assertEquals( false,
849 $this->title
->userCan( 'create', $this->user
) );
851 $this->setTitle( NS_MEDIA
, "test page" );
852 $this->setUserPerm( [ "move" ] );
853 $this->assertEquals( false,
854 $this->title
->userCan( 'move', $this->user
) );
855 $this->assertEquals( [ [ 'immobile-source-namespace', 'Media' ] ],
856 $this->title
->getUserPermissionsErrors( 'move', $this->user
) );
858 $this->setTitle( NS_HELP
, "test page" );
859 $this->assertEquals( [],
860 $this->title
->getUserPermissionsErrors( 'move', $this->user
) );
861 $this->assertEquals( true,
862 $this->title
->userCan( 'move', $this->user
) );
864 $this->title
->mInterwiki
= "no";
865 $this->assertEquals( [ [ 'immobile-source-page' ] ],
866 $this->title
->getUserPermissionsErrors( 'move', $this->user
) );
867 $this->assertEquals( false,
868 $this->title
->userCan( 'move', $this->user
) );
870 $this->setTitle( NS_MEDIA
, "test page" );
871 $this->assertEquals( false,
872 $this->title
->userCan( 'move-target', $this->user
) );
873 $this->assertEquals( [ [ 'immobile-target-namespace', 'Media' ] ],
874 $this->title
->getUserPermissionsErrors( 'move-target', $this->user
) );
876 $this->setTitle( NS_HELP
, "test page" );
877 $this->assertEquals( [],
878 $this->title
->getUserPermissionsErrors( 'move-target', $this->user
) );
879 $this->assertEquals( true,
880 $this->title
->userCan( 'move-target', $this->user
) );
882 $this->title
->mInterwiki
= "no";
883 $this->assertEquals( [ [ 'immobile-target-page' ] ],
884 $this->title
->getUserPermissionsErrors( 'move-target', $this->user
) );
885 $this->assertEquals( false,
886 $this->title
->userCan( 'move-target', $this->user
) );
890 * @covers \MediaWiki\Permissions\PermissionManager::checkUserBlock
892 public function testUserBlock() {
893 $this->setMwGlobals( [
894 'wgEmailConfirmToEdit' => true,
895 'wgEmailAuthentication' => true,
896 'wgBlockDisablesLogin' => false,
898 $this->overrideMwServices();
900 $this->setUserPerm( [ 'createpage', 'edit', 'move', 'rollback', 'patrol', 'upload', 'purge' ] );
901 $this->setTitle( NS_HELP
, "test page" );
903 # $wgEmailConfirmToEdit only applies to 'edit' action
904 $this->assertEquals( [],
905 $this->title
->getUserPermissionsErrors( 'move-target', $this->user
) );
906 $this->assertContains( [ 'confirmedittext' ],
907 $this->title
->getUserPermissionsErrors( 'edit', $this->user
) );
909 $this->setMwGlobals( 'wgEmailConfirmToEdit', false );
910 $this->overrideMwServices();
912 $this->assertNotContains( [ 'confirmedittext' ],
913 $this->title
->getUserPermissionsErrors( 'edit', $this->user
) );
915 # $wgEmailConfirmToEdit && !$user->isEmailConfirmed() && $action != 'createaccount'
916 $this->assertEquals( [],
917 $this->title
->getUserPermissionsErrors( 'move-target',
923 $this->user
->mBlockedby
= $this->user
->getId();
924 $this->user
->mBlock
= new DatabaseBlock( [
925 'address' => '127.0.8.1',
926 'by' => $this->user
->getId(),
927 'reason' => 'no reason given',
928 'timestamp' => $prev +
3600,
932 $this->user
->mBlock
->setTimestamp( 0 );
933 $this->assertEquals( [ [ 'autoblockedtext',
934 '[[User:Useruser|Useruser]]', 'no reason given', '127.0.0.1',
935 'Useruser', null, 'infinite', '127.0.8.1',
936 $wgLang->timeanddate( wfTimestamp( TS_MW
, $prev ), true ) ] ],
937 $this->title
->getUserPermissionsErrors( 'move-target',
940 $this->assertEquals( false, $this->title
->userCan( 'move-target', $this->user
) );
941 // quickUserCan should ignore user blocks
942 $this->assertEquals( true, $this->title
->quickUserCan( 'move-target', $this->user
) );
944 global $wgLocalTZoffset;
945 $wgLocalTZoffset = -60;
946 $this->user
->mBlockedby
= $this->user
->getName();
947 $this->user
->mBlock
= new DatabaseBlock( [
948 'address' => '127.0.8.1',
949 'by' => $this->user
->getId(),
950 'reason' => 'no reason given',
955 $this->assertEquals( [ [ 'blockedtext',
956 '[[User:Useruser|Useruser]]', 'no reason given', '127.0.0.1',
957 'Useruser', null, '23:00, 31 December 1969', '127.0.8.1',
958 $wgLang->timeanddate( wfTimestamp( TS_MW
, $now ), true ) ] ],
959 $this->title
->getUserPermissionsErrors( 'move-target', $this->user
) );
960 # $action != 'read' && $action != 'createaccount' && $user->isBlockedFrom( $this )
961 # $user->blockedFor() == ''
962 # $user->mBlock->mExpiry == 'infinity'
964 $this->user
->mBlockedby
= $this->user
->getName();
965 $this->user
->mBlock
= new SystemBlock( [
966 'address' => '127.0.8.1',
967 'by' => $this->user
->getId(),
968 'reason' => 'no reason given',
970 'systemBlock' => 'test',
973 $errors = [ [ 'systemblockedtext',
974 '[[User:Useruser|Useruser]]', 'no reason given', '127.0.0.1',
975 'Useruser', 'test', 'infinite', '127.0.8.1',
976 $wgLang->timeanddate( wfTimestamp( TS_MW
, $now ), true ) ] ];
978 $this->assertEquals( $errors,
979 $this->title
->getUserPermissionsErrors( 'edit', $this->user
) );
980 $this->assertEquals( $errors,
981 $this->title
->getUserPermissionsErrors( 'move-target', $this->user
) );
982 $this->assertEquals( $errors,
983 $this->title
->getUserPermissionsErrors( 'rollback', $this->user
) );
984 $this->assertEquals( $errors,
985 $this->title
->getUserPermissionsErrors( 'patrol', $this->user
) );
986 $this->assertEquals( $errors,
987 $this->title
->getUserPermissionsErrors( 'upload', $this->user
) );
988 $this->assertEquals( [],
989 $this->title
->getUserPermissionsErrors( 'purge', $this->user
) );
991 // partial block message test
992 $this->user
->mBlockedby
= $this->user
->getName();
993 $this->user
->mBlock
= new DatabaseBlock( [
994 'address' => '127.0.8.1',
995 'by' => $this->user
->getId(),
996 'reason' => 'no reason given',
1002 $this->assertEquals( [],
1003 $this->title
->getUserPermissionsErrors( 'edit', $this->user
) );
1004 $this->assertEquals( [],
1005 $this->title
->getUserPermissionsErrors( 'move-target', $this->user
) );
1006 $this->assertEquals( [],
1007 $this->title
->getUserPermissionsErrors( 'rollback', $this->user
) );
1008 $this->assertEquals( [],
1009 $this->title
->getUserPermissionsErrors( 'patrol', $this->user
) );
1010 $this->assertEquals( [],
1011 $this->title
->getUserPermissionsErrors( 'upload', $this->user
) );
1012 $this->assertEquals( [],
1013 $this->title
->getUserPermissionsErrors( 'purge', $this->user
) );
1015 $this->user
->mBlock
->setRestrictions( [
1016 ( new PageRestriction( 0, $this->title
->getArticleID() ) )->setTitle( $this->title
),
1019 $errors = [ [ 'blockedtext-partial',
1020 '[[User:Useruser|Useruser]]', 'no reason given', '127.0.0.1',
1021 'Useruser', null, '23:00, 31 December 1969', '127.0.8.1',
1022 $wgLang->timeanddate( wfTimestamp( TS_MW
, $now ), true ) ] ];
1024 $this->assertEquals( $errors,
1025 $this->title
->getUserPermissionsErrors( 'edit', $this->user
) );
1026 $this->assertEquals( $errors,
1027 $this->title
->getUserPermissionsErrors( 'move-target', $this->user
) );
1028 $this->assertEquals( $errors,
1029 $this->title
->getUserPermissionsErrors( 'rollback', $this->user
) );
1030 $this->assertEquals( $errors,
1031 $this->title
->getUserPermissionsErrors( 'patrol', $this->user
) );
1032 $this->assertEquals( [],
1033 $this->title
->getUserPermissionsErrors( 'upload', $this->user
) );
1034 $this->assertEquals( [],
1035 $this->title
->getUserPermissionsErrors( 'purge', $this->user
) );
1038 $this->user
->mBlockedby
= null;
1039 $this->user
->mBlock
= null;
1041 $this->assertEquals( [],
1042 $this->title
->getUserPermissionsErrors( 'edit', $this->user
) );
1046 * @covers \MediaWiki\Permissions\PermissionManager::checkUserBlock
1048 * Tests to determine that the passed in permission does not get mixed up with
1049 * an action of the same name.
1051 public function testUserBlockAction() {
1054 $tester = $this->getMockBuilder( Action
::class )
1055 ->disableOriginalConstructor()
1057 $tester->method( 'getName' )
1058 ->willReturn( 'tester' );
1059 $tester->method( 'getRestriction' )
1060 ->willReturn( 'test' );
1061 $tester->method( 'requiresUnblock' )
1062 ->willReturn( false );
1064 $this->setMwGlobals( [
1066 'tester' => $tester,
1068 'wgGroupPermissions' => [
1076 $this->user
->mBlockedby
= $this->user
->getName();
1077 $this->user
->mBlock
= new DatabaseBlock( [
1078 'address' => '127.0.8.1',
1079 'by' => $this->user
->getId(),
1080 'reason' => 'no reason given',
1081 'timestamp' => $now,
1083 'expiry' => 'infinity',
1086 $errors = [ [ 'blockedtext',
1087 '[[User:Useruser|Useruser]]', 'no reason given', '127.0.0.1',
1088 'Useruser', null, 'infinite', '127.0.8.1',
1089 $wgLang->timeanddate( wfTimestamp( TS_MW
, $now ), true ) ] ];
1091 $this->assertEquals( $errors,
1092 $this->title
->getUserPermissionsErrors( 'tester', $this->user
) );