// Setup uselang. This doesn't use $this->getParameter()
// because we're not ready to handle errors yet.
- $uselang = $request->getVal( 'uselang', self::API_DEFAULT_USELANG );
+ // Optimisation: Avoid slow getVal(), this isn't user-generated content.
+ $uselang = $request->getRawVal( 'uselang', self::API_DEFAULT_USELANG );
if ( $uselang === 'user' ) {
// Assume the parent context is going to return the user language
// for uselang=user (see T85635).
// Set up the error formatter. This doesn't use $this->getParameter()
// because we're not ready to handle errors yet.
- $errorFormat = $request->getVal( 'errorformat', 'bc' );
- $errorLangCode = $request->getVal( 'errorlang', 'uselang' );
+ // Optimisation: Avoid slow getVal(), this isn't user-generated content.
+ $errorFormat = $request->getRawVal( 'errorformat', 'bc' );
+ $errorLangCode = $request->getRawVal( 'errorlang', 'uselang' );
$errorsUseDB = $request->getCheck( 'errorsuselocal' );
if ( in_array( $errorFormat, [ 'plaintext', 'wikitext', 'html', 'raw', 'none' ], true ) ) {
if ( $errorLangCode === 'uselang' ) {
// Printer may not be initialized if the extractRequestParams() fails for the main module
$this->createErrorPrinter();
+ // Get desired HTTP code from an ApiUsageException. Don't use codes from other
+ // exception types, as they are unlikely to be intended as an HTTP code.
+ $httpCode = $e instanceof ApiUsageException ? $e->getCode() : 0;
+
$failed = false;
try {
- $this->printResult( $e->getCode() );
+ $this->printResult( $httpCode );
} catch ( ApiUsageException $ex ) {
// The error printer itself is failing. Try suppressing its request
// parameters and redo.
$this->mPrinter = null;
$this->createErrorPrinter();
$this->mPrinter->forceDefaultParams();
- if ( $e->getCode() ) {
+ if ( $httpCode ) {
$response->statusHeader( 200 ); // Reset in case the fallback doesn't want a non-200
}
- $this->printResult( $e->getCode() );
+ $this->printResult( $httpCode );
}
}
*/
protected function checkExecutePermissions( $module ) {
$user = $this->getUser();
- if ( $module->isReadMode() && !User::isEveryoneAllowed( 'read' ) &&
- !$user->isAllowed( 'read' )
+ if ( $module->isReadMode() && !$this->getPermissionManager()->isEveryoneAllowed( 'read' ) &&
+ !$this->getPermissionManager()->userHasRight( $user, 'read' )
) {
$this->dieWithError( 'apierror-readapidenied' );
}
if ( $module->isWriteMode() ) {
if ( !$this->mEnableWrite ) {
$this->dieWithError( 'apierror-noapiwrite' );
- } elseif ( !$user->isAllowed( 'writeapi' ) ) {
+ } elseif ( !$this->getPermissionManager()->userHasRight( $user, 'writeapi' ) ) {
$this->dieWithError( 'apierror-writeapidenied' );
} elseif ( $this->getRequest()->getHeader( 'Promise-Non-Write-API-Action' ) ) {
$this->dieWithError( 'apierror-promised-nonwrite-api' );
}
break;
case 'bot':
- if ( !$user->isAllowed( 'bot' ) ) {
+ if ( !$this->getPermissionManager()->userHasRight( $user, 'bot' ) ) {
$this->dieWithError( 'apierror-assertbotfailed' );
}
break;
$this->dieWithErrorOrDebug( [ 'apierror-mustbeposted', $this->mAction ] );
}
+ if ( $request->wasPosted() && !$request->getHeader( 'Content-Type' ) ) {
+ $this->addDeprecation(
+ 'apiwarn-deprecation-post-without-content-type', 'post-without-content-type'
+ );
+ }
+
// See if custom printer is used
$this->mPrinter = $module->getCustomPrinter();
if ( is_null( $this->mPrinter ) ) {
$groups = array_map( function ( $group ) {
return $group == '*' ? 'all' : $group;
- }, User::getGroupsWithPermission( $right ) );
+ }, $this->getPermissionManager()->getGroupsWithPermission( $right ) );
$help['permissions'] .= Html::rawElement( 'dd', null,
$this->msg( 'api-help-permissions-granted-to' )
*/
public function canApiHighLimits() {
if ( !isset( $this->mCanApiHighLimits ) ) {
- $this->mCanApiHighLimits = $this->getUser()->isAllowed( 'apihighlimits' );
+ $this->mCanApiHighLimits = $this->getPermissionManager()
+ ->userHasRight( $this->getUser(), 'apihighlimits' );
}
return $this->mCanApiHighLimits;