* Check restrictions on cascading pages.
*
* @param string $action The action to check
- * @param User $user User to check
+ * @param UserIdentity $user User to check
* @param array $errors List of current errors
* @param string $rigor One of PermissionManager::RIGOR_ constants
* - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
*/
private function checkCascadingSourcesRestrictions(
$action,
- User $user,
+ UserIdentity $user,
$errors,
$rigor,
$short,
if ( $right == 'autoconfirmed' ) {
$right = 'editsemiprotected';
}
- if ( $right != '' && !$user->isAllowedAll( 'protect', $right ) ) {
+ if ( $right != '' && !$this->userHasAllRights( $user, 'protect', $right ) ) {
$wikiPages = '';
/** @var Title $wikiPage */
foreach ( $cascadingSources as $wikiPage ) {
* Check CSS/JSON/JS sub-page permissions
*
* @param string $action The action to check
- * @param User $user User to check
+ * @param UserIdentity $user User to check
* @param array $errors List of current errors
* @param string $rigor One of PermissionManager::RIGOR_ constants
* - RIGOR_QUICK : does cheap permission checks from replica DBs (usable for GUI creation)
*/
private function checkUserConfigPermissions(
$action,
- User $user,
+ UserIdentity $user,
$errors,
$rigor,
$short,
// Users need editmyuser* to edit their own CSS/JSON/JS subpages.
if (
$title->isUserCssConfigPage()
- && !$user->isAllowedAny( 'editmyusercss', 'editusercss' )
+ && !$this->userHasAnyRight( $user, 'editmyusercss', 'editusercss' )
) {
$errors[] = [ 'mycustomcssprotected', $action ];
} elseif (
$title->isUserJsonConfigPage()
- && !$user->isAllowedAny( 'editmyuserjson', 'edituserjson' )
+ && !$this->userHasAnyRight( $user, 'editmyuserjson', 'edituserjson' )
) {
$errors[] = [ 'mycustomjsonprotected', $action ];
} elseif (
$title->isUserJsConfigPage()
- && !$user->isAllowedAny( 'editmyuserjs', 'edituserjs' )
+ && !$this->userHasAnyRight( $user, 'editmyuserjs', 'edituserjs' )
) {
$errors[] = [ 'mycustomjsprotected', $action ];
} elseif (
$title->isUserJsConfigPage()
- && !$user->isAllowedAny( 'edituserjs', 'editmyuserjsredirect' )
+ && !$this->userHasAnyRight( $user, 'edituserjs', 'editmyuserjsredirect' )
) {
// T207750 - do not allow users to edit a redirect if they couldn't edit the target
$rev = $this->revisionLookup->getRevisionByTitle( $title );
return in_array( $action, $this->getUserPermissions( $user ), true );
}
+ /**
+ * Check if user is allowed to make any action
+ *
+ * @param UserIdentity $user
+ * @param string[] ...$actions
+ * @return bool True if user is allowed to perform *any* of the given actions
+ * @since 1.34
+ */
+ public function userHasAnyRight( UserIdentity $user, ...$actions ) {
+ foreach ( $actions as $action ) {
+ if ( $this->userHasRight( $user, $action ) ) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ /**
+ * Check if user is allowed to make all actions
+ *
+ * @param UserIdentity $user
+ * @param string[] ...$actions
+ * @return bool True if user is allowed to perform *all* of the given actions
+ * @since 1.34
+ */
+ public function userHasAllRights( UserIdentity $user, ...$actions ) {
+ foreach ( $actions as $action ) {
+ if ( !$this->userHasRight( $user, $action ) ) {
+ return false;
+ }
+ }
+ return true;
+ }
+
/**
* Get the permissions this user has.
*
$user = $this->getUser();
}
$rights = (array)$rights;
- if ( !$user->isAllowedAny( ...$rights ) ) {
+ if ( !$this->getPermissionManager()
+ ->userHasAnyRight( $user, ...$rights )
+ ) {
$this->dieWithError( [ 'apierror-permissiondenied', $this->msg( "action-{$rights[0]}" ) ] );
}
}
*/
private function getRevisionById( $id ) {
$rev = $this->revisionStore->getRevisionById( $id );
- if ( !$rev && $this->getUser()->isAllowedAny( 'deletedtext', 'undelete' ) ) {
+ if ( !$rev && $this->getPermissionManager()
+ ->userHasAnyRight( $this->getUser(), 'deletedtext', 'undelete' )
+ ) {
// Try the 'archive' table
$arQuery = $this->revisionStore->getArchiveQueryInfo();
$row = $this->getDB()->selectRow(
// check it again just in case)
if ( !$this->getPermissionManager()->userHasRight( $user, 'deletedhistory' ) ) {
$bitmask = RevisionRecord::DELETED_USER;
- } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
+ } elseif ( !$this->getPermissionManager()
+ ->userHasAnyRight( $user, 'suppressrevision', 'viewsuppressed' )
+ ) {
$bitmask = RevisionRecord::DELETED_USER | RevisionRecord::DELETED_RESTRICTED;
} else {
$bitmask = 0;
// Paranoia: avoid brute force searches (T19342)
if ( !$this->getPermissionManager()->userHasRight( $this->getUser(), 'deletedhistory' ) ) {
$bitmask = RevisionRecord::DELETED_USER;
- } elseif ( !$this->getUser()->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
+ } elseif ( !$this->getPermissionManager()
+ ->userHasAnyRight( $this->getUser(), 'suppressrevision', 'viewsuppressed' )
+ ) {
$bitmask = RevisionRecord::DELETED_USER | RevisionRecord::DELETED_RESTRICTED;
} else {
$bitmask = 0;
* @return bool
*/
public function userCanSeeRevDel() {
- return $this->getUser()->isAllowedAny(
+ return $this->getPermissionManager()->userHasAnyRight(
+ $this->getUser(),
'deletedhistory',
'deletedtext',
'suppressrevision',
// check it again just in case)
if ( !$this->getPermissionManager()->userHasRight( $user, 'deletedhistory' ) ) {
$bitmask = RevisionRecord::DELETED_USER;
- } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
+ } elseif ( !$this->getPermissionManager()
+ ->userHasAnyRight( $this->getUser(), 'suppressrevision', 'viewsuppressed' )
+ ) {
$bitmask = RevisionRecord::DELETED_USER | RevisionRecord::DELETED_RESTRICTED;
} else {
$bitmask = 0;
// check it again just in case)
if ( !$this->getPermissionManager()->userHasRight( $user, 'deletedhistory' ) ) {
$bitmask = RevisionRecord::DELETED_USER;
- } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
+ } elseif ( !$this->getPermissionManager()
+ ->userHasAnyRight( $user, 'suppressrevision', 'viewsuppressed' )
+ ) {
$bitmask = RevisionRecord::DELETED_USER | RevisionRecord::DELETED_RESTRICTED;
} else {
$bitmask = 0;
// Exclude files this user can't view.
if ( !$this->getPermissionManager()->userHasRight( $user, 'deletedtext' ) ) {
$bitmask = File::DELETED_FILE;
- } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
+ } elseif ( !$this->getPermissionManager()
+ ->userHasAnyRight( $user, 'suppressrevision', 'viewsuppressed' )
+ ) {
$bitmask = File::DELETED_FILE | File::DELETED_RESTRICTED;
} else {
$bitmask = 0;
*/
public static function getImportToken( $pageid, $title ) {
global $wgUser;
- if ( !$wgUser->isAllowedAny( 'import', 'importupload' ) ) {
+ if ( !MediaWikiServices::getInstance()
+ ->getPermissionManager()
+ ->userHasAnyRight( $wgUser, 'import', 'importupload' ) ) {
return false;
}
if ( !$this->getPermissionManager()->userHasRight( $this->getUser(), 'deletedhistory' ) ) {
$titleBits = LogPage::DELETED_ACTION;
$userBits = LogPage::DELETED_USER;
- } elseif ( !$this->getUser()->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
+ } elseif ( !$this->getPermissionManager()
+ ->userHasAnyRight( $this->getUser(), 'suppressrevision', 'viewsuppressed' )
+ ) {
$titleBits = LogPage::DELETED_ACTION | LogPage::DELETED_RESTRICTED;
$userBits = LogPage::DELETED_USER | LogPage::DELETED_RESTRICTED;
} else {
if ( !is_null( $params['user'] ) || !is_null( $params['excludeuser'] ) ) {
if ( !$this->getPermissionManager()->userHasRight( $user, 'deletedhistory' ) ) {
$bitmask = RevisionRecord::DELETED_USER;
- } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
+ } elseif ( !$this->getPermissionManager()
+ ->userHasAnyRight( $user, 'suppressrevision', 'viewsuppressed' )
+ ) {
$bitmask = RevisionRecord::DELETED_USER | RevisionRecord::DELETED_RESTRICTED;
} else {
$bitmask = 0;
// LogPage::DELETED_ACTION hides the affected page, too.
if ( !$this->getPermissionManager()->userHasRight( $user, 'deletedhistory' ) ) {
$bitmask = LogPage::DELETED_ACTION;
- } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
+ } elseif ( !$this->getPermissionManager()
+ ->userHasAnyRight( $user, 'suppressrevision', 'viewsuppressed' )
+ ) {
$bitmask = LogPage::DELETED_ACTION | LogPage::DELETED_RESTRICTED;
} else {
$bitmask = 0;
// Paranoia: avoid brute force searches (T19342)
if ( !$this->getPermissionManager()->userHasRight( $this->getUser(), 'deletedhistory' ) ) {
$bitmask = RevisionRecord::DELETED_USER;
- } elseif ( !$this->getUser()->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
+ } elseif ( !$this->getPermissionManager()
+ ->userHasAnyRight( $this->getUser(), 'suppressrevision', 'viewsuppressed' )
+ ) {
$bitmask = RevisionRecord::DELETED_USER | RevisionRecord::DELETED_RESTRICTED;
} else {
$bitmask = 0;
$user = $this->getUser();
if ( !$this->getPermissionManager()->userHasRight( $user, 'deletedhistory' ) ) {
$bitmask = RevisionRecord::DELETED_USER;
- } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
+ } elseif ( !$this->getPermissionManager()
+ ->userHasAnyRight( $user, 'suppressrevision', 'viewsuppressed' )
+ ) {
$bitmask = RevisionRecord::DELETED_USER | RevisionRecord::DELETED_RESTRICTED;
} else {
$bitmask = 0;
// Is the IP user able to create accounts?
$anon = new User;
- if ( $source !== self::AUTOCREATE_SOURCE_MAINT &&
- !$anon->isAllowedAny( 'createaccount', 'autocreateaccount' )
+ if ( $source !== self::AUTOCREATE_SOURCE_MAINT && !MediaWikiServices::getInstance()
+ ->getPermissionManager()
+ ->userHasAnyRight( $anon, 'createaccount', 'autocreateaccount' )
) {
$this->logger->debug( __METHOD__ . ': IP lacks the ability to create or autocreate accounts', [
'username' => $username,
}
$permissionlist = implode( ', ', $permissions );
wfDebug( "Checking for $permissionlist due to $field match on $bitfield\n" );
- return $user->isAllowedAny( ...$permissions );
+ return MediaWikiServices::getInstance()
+ ->getPermissionManager()
+ ->userHasAnyRight( $user, ...$permissions );
}
return true;
}
* @file
*/
+use MediaWiki\MediaWikiServices;
+
/**
* @ingroup Pager
*/
$user = $this->getUser();
if ( !$user->isAllowed( 'deletedhistory' ) ) {
$this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_ACTION ) . ' = 0';
- } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
+ } elseif ( !MediaWikiServices::getInstance()
+ ->getPermissionManager()
+ ->userHasAnyRight( $user, 'suppressrevision', 'viewsuppressed' )
+ ) {
$this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_ACTION ) .
' != ' . LogPage::SUPPRESSED_USER;
}
$user = $this->getUser();
if ( !$user->isAllowed( 'deletedhistory' ) ) {
$this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_USER ) . ' = 0';
- } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
+ } elseif ( !MediaWikiServices::getInstance()
+ ->getPermissionManager()
+ ->userHasAnyRight( $user, 'suppressrevision', 'viewsuppressed' )
+ ) {
$this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_USER ) .
' != ' . LogPage::SUPPRESSED_ACTION;
}
. Xml::openElement( 'table', [ 'class' => 'wikitable filehistory' ] ) . "\n"
. '<tr><th></th>'
. ( $this->current->isLocal()
- && ( $this->getUser()->isAllowedAny( 'delete', 'deletedhistory' ) ) ? '<th></th>' : '' )
+ && ( MediaWikiServices::getInstance()
+ ->getPermissionManager()
+ ->userHasAnyRight( $this->getUser(), 'delete', 'deletedhistory' ) ) ? '<th></th>' : '' )
. '<th>' . $this->msg( 'filehist-datetime' )->escaped() . '</th>'
. ( $this->showThumb ? '<th>' . $this->msg( 'filehist-thumb' )->escaped() . '</th>' : '' )
. '<th>' . $this->msg( 'filehist-dimensions' )->escaped() . '</th>'
$row = $selected = '';
// Deletion link
- if ( $local && ( $user->isAllowedAny( 'delete', 'deletedhistory' ) ) ) {
+ if ( $local && ( MediaWikiServices::getInstance()
+ ->getPermissionManager()
+ ->userHasAnyRight( $user, 'delete', 'deletedhistory' ) )
+ ) {
$row .= '<td>';
# Link to remove from history
if ( $user->isAllowed( 'delete' ) ) {
$flags |= EDIT_MINOR;
}
- if ( $bot && ( $guser->isAllowedAny( 'markbotedits', 'bot' ) ) ) {
+ if ( $bot && ( MediaWikiServices::getInstance()
+ ->getPermissionManager()
+ ->userHasAnyRight( $guser, 'markbotedits', 'bot' ) )
+ ) {
$flags |= EDIT_FORCE_BOT;
}
// Add various resources if required
if ( $user->isLoggedIn()
- && $user->isAllowedAll( 'writeapi', 'viewmywatchlist', 'editmywatchlist' )
+ && MediaWikiServices::getInstance()
+ ->getPermissionManager()
+ ->userHasAllRights( $user, 'writeapi', 'viewmywatchlist', 'editmywatchlist' )
&& $this->getRelevantTitle()->canExist()
) {
$modules['watch'][] = 'mediawiki.page.watch.ajax';
}
// Checks if the user is logged in
- if ( $this->loggedin && $user->isAllowedAll( 'viewmywatchlist', 'editmywatchlist' ) ) {
+ if ( $this->loggedin && MediaWikiServices::getInstance()
+ ->getPermissionManager()
+ ->userHasAllRights( $user, 'viewmywatchlist', 'editmywatchlist' )
+ ) {
/**
* The following actions use messages which, if made particular to
* the any specific skins, would break the Ajax code which makes this
* @ingroup SpecialPage
*/
+use MediaWiki\MediaWikiServices;
use MediaWiki\Permissions\PermissionManager;
/**
Hooks::run( 'ImportSources', [ &$this->importSources ] );
$user = $this->getUser();
- if ( !$user->isAllowedAny( 'import', 'importupload' ) ) {
+ if ( !MediaWikiServices::getInstance()
+ ->getPermissionManager()
+ ->userHasAnyRight( $user, 'import', 'importupload' )
+ ) {
throw new PermissionsError( 'import' );
}
* @ingroup SpecialPage
*/
+use MediaWiki\MediaWikiServices;
use Wikimedia\Timestamp\TimestampException;
/**
private function getActionButtons( $formcontents ) {
$user = $this->getUser();
- $canRevDelete = $user->isAllowedAll( 'deletedhistory', 'deletelogentry' );
+ $canRevDelete = MediaWikiServices::getInstance()
+ ->getPermissionManager()
+ ->userHasAllRights( $user, 'deletedhistory', 'deletelogentry' );
$showTagEditUI = ChangeTags::showTagEditingUI( $user );
# If the user doesn't have the ability to delete log entries nor edit tags,
# don't bother showing them the button(s).
// the necessary rights.
if ( !$user->isAllowed( 'deletedhistory' ) ) {
$bitmask = LogPage::DELETED_ACTION;
- } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
+ } elseif ( !MediaWikiServices::getInstance()
+ ->getPermissionManager()
+ ->userHasAnyRight( $user, 'suppressrevision', 'viewsuppressed' )
+ ) {
$bitmask = LogPage::DELETED_ACTION | LogPage::DELETED_RESTRICTED;
} else {
$bitmask = 0;
* @file
*/
+use MediaWiki\MediaWikiServices;
+
/**
* Form to edit user preferences.
*
* @return string
*/
function getButtons() {
- if ( !$this->getModifiedUser()->isAllowedAny( 'editmyprivateinfo', 'editmyoptions' ) ) {
+ if ( !MediaWikiServices::getInstance()
+ ->getPermissionManager()
+ ->userHasAnyRight( $this->getModifiedUser(), 'editmyprivateinfo', 'editmyoptions' )
+ ) {
return '';
}
$queryInfo['conds'][] = $this->mDb->bitAnd(
'rev_deleted', RevisionRecord::DELETED_USER
) . ' = 0';
- } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
+ } elseif ( !MediaWikiServices::getInstance()
+ ->getPermissionManager()
+ ->userHasAnyRight( $user, 'suppressrevision', 'viewsuppressed' )
+ ) {
$queryInfo['conds'][] = $this->mDb->bitAnd(
'rev_deleted', RevisionRecord::SUPPRESSED_USER
) . ' != ' . RevisionRecord::SUPPRESSED_USER;
// Paranoia: avoid brute force searches (T19792)
if ( !$user->isAllowed( 'deletedhistory' ) ) {
$conds[] = $this->mDb->bitAnd( 'ar_deleted', RevisionRecord::DELETED_USER ) . ' = 0';
- } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
+ } elseif ( !MediaWikiServices::getInstance()
+ ->getPermissionManager()
+ ->userHasAnyRight( $user, 'suppressrevision', 'viewsuppressed' )
+ ) {
$conds[] = $this->mDb->bitAnd( 'ar_deleted', RevisionRecord::SUPPRESSED_USER ) .
' != ' . RevisionRecord::SUPPRESSED_USER;
}
/**
* Check if user is allowed to access a feature / make an action
*
+ * @deprecated since 1.34, use MediaWikiServices::getInstance()
+ * ->getPermissionManager()->userHasAnyRights(...) instead
+ *
* @param string $permissions,... Permissions to test
* @return bool True if user is allowed to perform *any* of the given actions
*/
public function isAllowedAny() {
- $permissions = func_get_args();
- foreach ( $permissions as $permission ) {
- if ( $this->isAllowed( $permission ) ) {
- return true;
- }
- }
- return false;
+ return MediaWikiServices::getInstance()
+ ->getPermissionManager()
+ ->userHasAnyRight( $this, ...func_get_args() );
}
/**
- *
+ * @deprecated since 1.34, use MediaWikiServices::getInstance()
+ * ->getPermissionManager()->userHasAllRights(...) instead
* @param string $permissions,... Permissions to test
* @return bool True if the user is allowed to perform *all* of the given actions
*/
public function isAllowedAll() {
- $permissions = func_get_args();
- foreach ( $permissions as $permission ) {
- if ( !$this->isAllowed( $permission ) ) {
- return false;
- }
- }
- return true;
+ return MediaWikiServices::getInstance()
+ ->getPermissionManager()
+ ->userHasAllRights( $this, ...func_get_args() );
}
/**
// Set up groups and rights
$this->mUserMock->expects( $this->any() )
->method( 'getEffectiveGroups' )->will( $this->returnValue( [ '*', 'user' ] ) );
- $this->mUserMock->expects( $this->any() )
- ->method( 'isAllowedAny' )->will( $this->returnValue( true ) );
// Set up callback for User::getOptionKinds
$this->mUserMock->expects( $this->any() )
$this->mContext->getContext()->setTitle( Title::newFromText( 'Test' ) );
$this->mContext->setUser( $this->mUserMock );
+ $this->overrideUserPermissions( $this->mUserMock, [ 'editmyoptions' ] );
$main = new ApiMain( $this->mContext );
// Empty session
public function testT43337() {
// Set a low limit
$this->setMwGlobals( 'wgMaxSigChars', 2 );
-
$user = $this->createMock( User::class );
$user->expects( $this->any() )
->method( 'isAnon' )
$user->method( 'getOptions' )
->willReturn( [] );
+ // isAnyAllowed used to return null from the mock,
+ // thus revoke it's permissions.
+ $this->overrideUserPermissions( $user, [] );
+
# Forge a request to call the special page
$context = new RequestContext();
$context->setRequest( new FauxRequest() );