namespace MediaWiki\Rest\BasicAccess;
-use User;
use MediaWiki\Permissions\PermissionManager;
use MediaWiki\Rest\Handler;
use MediaWiki\Rest\RequestInterface;
+use MediaWiki\User\UserIdentity;
/**
- * A factory for MWBasicRequestAuthorizer which passes through a User object
+ * A factory for MWBasicRequestAuthorizer which passes through a UserIdentity.
*
* @internal
*/
class MWBasicAuthorizer extends BasicAuthorizerBase {
- /** @var User */
+ /** @var UserIdentity */
private $user;
/** @var PermissionManager */
private $permissionManager;
- public function __construct( User $user, PermissionManager $permissionManager ) {
+ public function __construct( UserIdentity $user, PermissionManager $permissionManager ) {
$this->user = $user;
$this->permissionManager = $permissionManager;
}
namespace MediaWiki\Rest\BasicAccess;
-use User;
+use MediaWiki\User\UserIdentity;
use MediaWiki\Permissions\PermissionManager;
use MediaWiki\Rest\Handler;
use MediaWiki\Rest\RequestInterface;
* @internal
*/
class MWBasicRequestAuthorizer extends BasicRequestAuthorizer {
- /** @var User */
+ /** @var UserIdentity */
private $user;
/** @var PermissionManager */
private $permissionManager;
public function __construct( RequestInterface $request, Handler $handler,
- User $user, PermissionManager $permissionManager
+ UserIdentity $user, PermissionManager $permissionManager
) {
parent::__construct( $request, $handler );
$this->user = $user;
$services->getPermissionManager() );
// @phan-suppress-next-line PhanAccessMethodInternal
- $restValidator = new Validator( $objectFactory, $request, RequestContext::getMain()->getUser() );
+ $restValidator = new Validator( $objectFactory,
+ $services->getPermissionManager(),
+ $request,
+ RequestContext::getMain()->getUser()
+ );
global $IP;
$router = new Router(
namespace MediaWiki\Rest\Validator;
use InvalidArgumentException;
+use MediaWiki\Permissions\PermissionManager;
use MediaWiki\Rest\RequestInterface;
+use MediaWiki\User\UserIdentity;
use Psr\Http\Message\UploadedFileInterface;
-use User;
use Wikimedia\ParamValidator\Callbacks;
use Wikimedia\ParamValidator\ValidationException;
class ParamValidatorCallbacks implements Callbacks {
+ /** @var PermissionManager */
+ private $permissionManager;
+
/** @var RequestInterface */
private $request;
- /** @var User */
+ /** @var UserIdentity */
private $user;
- public function __construct( RequestInterface $request, User $user ) {
+ public function __construct(
+ PermissionManager $permissionManager,
+ RequestInterface $request,
+ UserIdentity $user
+ ) {
+ $this->permissionManager = $permissionManager;
$this->request = $request;
$this->user = $user;
}
}
public function useHighLimits( array $options ) {
- return $this->user->isAllowed( 'apihighlimits' );
+ return $this->permissionManager->userHasRight( $this->user, 'apihighlimits' );
}
}
namespace MediaWiki\Rest\Validator;
+use MediaWiki\Permissions\PermissionManager;
use MediaWiki\Rest\Handler;
use MediaWiki\Rest\HttpException;
use MediaWiki\Rest\RequestInterface;
-use User;
+use MediaWiki\User\UserIdentity;
use Wikimedia\ObjectFactory;
use Wikimedia\ParamValidator\ParamValidator;
use Wikimedia\ParamValidator\TypeDef\BooleanDef;
private $paramValidator;
/**
- * @internal
* @param ObjectFactory $objectFactory
+ * @param PermissionManager $permissionManager
* @param RequestInterface $request
- * @param User $user
+ * @param UserIdentity $user
+ * @internal
*/
public function __construct(
- ObjectFactory $objectFactory, RequestInterface $request, User $user
+ ObjectFactory $objectFactory,
+ PermissionManager $permissionManager,
+ RequestInterface $request,
+ UserIdentity $user
) {
$this->paramValidator = new ParamValidator(
- new ParamValidatorCallbacks( $request, $user ),
+ new ParamValidatorCallbacks( $permissionManager, $request, $user ),
$objectFactory,
[
'typeDefs' => self::$typeDefs,
namespace MediaWiki\Tests\Rest\BasicAccess;
use GuzzleHttp\Psr7\Uri;
-use MediaWiki\MediaWikiServices;
+use MediaWiki\Permissions\PermissionManager;
use MediaWiki\Rest\BasicAccess\MWBasicAuthorizer;
use MediaWiki\Rest\Handler;
use MediaWiki\Rest\RequestData;
class MWBasicRequestAuthorizerTest extends MediaWikiTestCase {
private function createRouter( $userRights, $request ) {
$user = User::newFromName( 'Test user' );
- // Don't allow the rights to everybody so that user rights kick in.
- $this->mergeMwGlobalArrayValue( 'wgGroupPermissions', [ '*' => $userRights ] );
- $this->overrideUserPermissions(
- $user,
- array_keys( array_filter( $userRights ), function ( $value ) {
- return $value === true;
- } )
- );
-
- global $IP;
-
$objectFactory = new ObjectFactory(
$this->getMockForAbstractClass( ContainerInterface::class )
);
+ $permissionManager = $this->createMock( PermissionManager::class );
+ // Don't allow the rights to everybody so that user rights kick in.
+ $permissionManager->method( 'isEveryoneAllowed' )->willReturn( false );
+ $permissionManager->method( 'userHasRight' )
+ ->will( $this->returnCallback( function ( $user, $action ) use ( $userRights ) {
+ return isset( $userRights[$action] ) && $userRights[$action];
+ } ) );
+
+ global $IP;
return new Router(
[ "$IP/tests/phpunit/unit/includes/Rest/testRoutes.json" ],
'/rest',
new \EmptyBagOStuff(),
new ResponseFactory( [] ),
- new MWBasicAuthorizer( $user, MediaWikiServices::getInstance()->getPermissionManager() ),
+ new MWBasicAuthorizer( $user, $permissionManager ),
$objectFactory,
- new Validator( $objectFactory, $request, $user )
+ new Validator( $objectFactory, $permissionManager, $request, $user )
);
}
use EmptyBagOStuff;
use GuzzleHttp\Psr7\Uri;
use GuzzleHttp\Psr7\Stream;
+use MediaWiki\Permissions\PermissionManager;
use MediaWiki\Rest\BasicAccess\StaticBasicAuthorizer;
use MediaWiki\Rest\Handler;
use MediaWiki\Rest\EntryPoint;
$objectFactory = new ObjectFactory(
$this->getMockForAbstractClass( ContainerInterface::class )
);
+ $permissionManager = $this->createMock( PermissionManager::class );
return new Router(
[ "$IP/tests/phpunit/unit/includes/Rest/testRoutes.json" ],
new ResponseFactory( [] ),
new StaticBasicAuthorizer(),
$objectFactory,
- new Validator( $objectFactory, $request, new User )
+ new Validator( $objectFactory, $permissionManager, $request, new User )
);
}
use EmptyBagOStuff;
use GuzzleHttp\Psr7\Uri;
+use MediaWiki\Permissions\PermissionManager;
use MediaWiki\Rest\BasicAccess\StaticBasicAuthorizer;
use MediaWiki\Rest\RequestData;
use MediaWiki\Rest\ResponseFactory;
$objectFactory = new ObjectFactory(
$this->getMockForAbstractClass( ContainerInterface::class )
);
-
+ $permissionManager = $this->createMock( PermissionManager::class );
$request = new RequestData( $requestInfo );
$router = new Router(
[ __DIR__ . '/../testRoutes.json' ],
new ResponseFactory( [] ),
new StaticBasicAuthorizer(),
$objectFactory,
- new Validator( $objectFactory, $request, new User )
+ new Validator( $objectFactory, $permissionManager, $request, new User )
);
$response = $router->execute( $request );
if ( isset( $responseInfo['statusCode'] ) ) {
namespace MediaWiki\Tests\Rest;
use GuzzleHttp\Psr7\Uri;
+use MediaWiki\Permissions\PermissionManager;
use MediaWiki\Rest\BasicAccess\StaticBasicAuthorizer;
use MediaWiki\Rest\Handler;
use MediaWiki\Rest\HttpException;
$objectFactory = new ObjectFactory(
$this->getMockForAbstractClass( ContainerInterface::class )
);
+ $permissionManager = $this->createMock( PermissionManager::class );
return new Router(
[ __DIR__ . '/testRoutes.json' ],
[],
new ResponseFactory( [] ),
new StaticBasicAuthorizer( $authError ),
$objectFactory,
- new Validator( $objectFactory, $request, new User )
+ new Validator( $objectFactory, $permissionManager, $request, new User )
);
}