dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge "Add Special:Users as a synonym for Special:ListUsers"
[lhc/web/wiklou.git] / tests / phpunit / includes / Permissions / PermissionManagerTest.php
1 <?php
2
3 namespace MediaWiki\Tests\Permissions;
4
5 use Action;
6 use Block;
7 use MediaWikiLangTestCase;
8 use RequestContext;
9 use Title;
10 use User;
11 use MediaWiki\Block\Restriction\NamespaceRestriction;
12 use MediaWiki\Block\Restriction\PageRestriction;
13 use MediaWiki\MediaWikiServices;
14 use MediaWiki\Permissions\PermissionManager;
15
16 /**
17 * @group Database
18 *
19 * @covers \MediaWiki\Permissions\PermissionManager
20 */
21 class PermissionManagerTest extends MediaWikiLangTestCase {
22
23 /**
24 * @var string
25 */
26 protected $userName, $altUserName;
27
28 /**
29 * @var Title
30 */
31 protected $title;
32
33 /**
34 * @var User
35 */
36 protected $user, $anonUser, $userUser, $altUser;
37
38 /**
39 * @var PermissionManager
40 */
41 protected $permissionManager;
42
43 /** Constant for self::testIsBlockedFrom */
44 const USER_TALK_PAGE = '<user talk page>';
45
46 protected function setUp() {
47 parent::setUp();
48
49 $localZone = 'UTC';
50 $localOffset = date( 'Z' ) / 60;
51
52 $this->setMwGlobals( [
53 'wgLocaltimezone' => $localZone,
54 'wgLocalTZoffset' => $localOffset,
55 'wgNamespaceProtection' => [
56 NS_MEDIAWIKI => 'editinterface',
57 ],
58 ] );
59 // Without this testUserBlock will use a non-English context on non-English MediaWiki
60 // installations (because of how Title::checkUserBlock is implemented) and fail.
61 RequestContext::resetMain();
62
63 $this->userName = 'Useruser';
64 $this->altUserName = 'Altuseruser';
65 date_default_timezone_set( $localZone );
66
67 $this->title = Title::makeTitle( NS_MAIN, "Main Page" );
68 if ( !isset( $this->userUser ) || !( $this->userUser instanceof User ) ) {
69 $this->userUser = User::newFromName( $this->userName );
70
71 if ( !$this->userUser->getId() ) {
72 $this->userUser = User::createNew( $this->userName, [
73 "email" => "test@example.com",
74 "real_name" => "Test User" ] );
75 $this->userUser->load();
76 }
77
78 $this->altUser = User::newFromName( $this->altUserName );
79 if ( !$this->altUser->getId() ) {
80 $this->altUser = User::createNew( $this->altUserName, [
81 "email" => "alttest@example.com",
82 "real_name" => "Test User Alt" ] );
83 $this->altUser->load();
84 }
85
86 $this->anonUser = User::newFromId( 0 );
87
88 $this->user = $this->userUser;
89 }
90
91 $this->permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
92
93 $this->overrideMwServices();
94 }
95
96 protected function setUserPerm( $perm ) {
97 // Setting member variables is evil!!!
98
99 if ( is_array( $perm ) ) {
100 $this->user->mRights = $perm;
101 } else {
102 $this->user->mRights = [ $perm ];
103 }
104 }
105
106 protected function setTitle( $ns, $title = "Main_Page" ) {
107 $this->title = Title::makeTitle( $ns, $title );
108 }
109
110 protected function setUser( $userName = null ) {
111 if ( $userName === 'anon' ) {
112 $this->user = $this->anonUser;
113 } elseif ( $userName === null || $userName === $this->userName ) {
114 $this->user = $this->userUser;
115 } else {
116 $this->user = $this->altUser;
117 }
118 }
119
120 /**
121 * @todo This test method should be split up into separate test methods and
122 * data providers
123 *
124 * This test is failing per T201776.
125 *
126 * @group Broken
127 * @covers \MediaWiki\Permissions\PermissionManager::checkQuickPermissions
128 */
129 public function testQuickPermissions() {
130 $prefix = MediaWikiServices::getInstance()->getContentLanguage()->
131 getFormattedNsText( NS_PROJECT );
132
133 $this->setUser( 'anon' );
134 $this->setTitle( NS_TALK );
135 $this->setUserPerm( "createtalk" );
136 $res = $this->permissionManager
137 ->getPermissionErrors( 'create', $this->user, $this->title );
138 $this->assertEquals( [], $res );
139
140 $this->setTitle( NS_TALK );
141 $this->setUserPerm( "createpage" );
142 $res = $this->permissionManager
143 ->getPermissionErrors( 'create', $this->user, $this->title );
144 $this->assertEquals( [ [ "nocreatetext" ] ], $res );
145
146 $this->setTitle( NS_TALK );
147 $this->setUserPerm( "" );
148 $res = $this->permissionManager
149 ->getPermissionErrors( 'create', $this->user, $this->title );
150 $this->assertEquals( [ [ 'nocreatetext' ] ], $res );
151
152 $this->setTitle( NS_MAIN );
153 $this->setUserPerm( "createpage" );
154 $res = $this->permissionManager
155 ->getPermissionErrors( 'create', $this->user, $this->title );
156 $this->assertEquals( [], $res );
157
158 $this->setTitle( NS_MAIN );
159 $this->setUserPerm( "createtalk" );
160 $res = $this->permissionManager
161 ->getPermissionErrors( 'create', $this->user, $this->title );
162 $this->assertEquals( [ [ 'nocreatetext' ] ], $res );
163
164 $this->setUser( $this->userName );
165 $this->setTitle( NS_TALK );
166 $this->setUserPerm( "createtalk" );
167 $res = $this->permissionManager
168 ->getPermissionErrors( 'create', $this->user, $this->title );
169 $this->assertEquals( [], $res );
170
171 $this->setTitle( NS_TALK );
172 $this->setUserPerm( "createpage" );
173 $res = $this->permissionManager
174 ->getPermissionErrors( 'create', $this->user, $this->title );
175 $this->assertEquals( [ [ 'nocreate-loggedin' ] ], $res );
176
177 $this->setTitle( NS_TALK );
178 $this->setUserPerm( "" );
179 $res = $this->permissionManager
180 ->getPermissionErrors( 'create', $this->user, $this->title );
181 $this->assertEquals( [ [ 'nocreate-loggedin' ] ], $res );
182
183 $this->setTitle( NS_MAIN );
184 $this->setUserPerm( "createpage" );
185 $res = $this->permissionManager
186 ->getPermissionErrors( 'create', $this->user, $this->title );
187 $this->assertEquals( [], $res );
188
189 $this->setTitle( NS_MAIN );
190 $this->setUserPerm( "createtalk" );
191 $res = $this->permissionManager
192 ->getPermissionErrors( 'create', $this->user, $this->title );
193 $this->assertEquals( [ [ 'nocreate-loggedin' ] ], $res );
194
195 $this->setTitle( NS_MAIN );
196 $this->setUserPerm( "" );
197 $res = $this->permissionManager
198 ->getPermissionErrors( 'create', $this->user, $this->title );
199 $this->assertEquals( [ [ 'nocreate-loggedin' ] ], $res );
200
201 $this->setUser( 'anon' );
202 $this->setTitle( NS_USER, $this->userName . '' );
203 $this->setUserPerm( "" );
204 $res = $this->permissionManager
205 ->getPermissionErrors( 'move', $this->user, $this->title );
206 $this->assertEquals( [ [ 'cant-move-user-page' ], [ 'movenologintext' ] ], $res );
207
208 $this->setTitle( NS_USER, $this->userName . '/subpage' );
209 $this->setUserPerm( "" );
210 $res = $this->permissionManager
211 ->getPermissionErrors( 'move', $this->user, $this->title );
212 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
213
214 $this->setTitle( NS_USER, $this->userName . '' );
215 $this->setUserPerm( "move-rootuserpages" );
216 $res = $this->permissionManager
217 ->getPermissionErrors( 'move', $this->user, $this->title );
218 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
219
220 $this->setTitle( NS_USER, $this->userName . '/subpage' );
221 $this->setUserPerm( "move-rootuserpages" );
222 $res = $this->permissionManager
223 ->getPermissionErrors( 'move', $this->user, $this->title );
224 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
225
226 $this->setTitle( NS_USER, $this->userName . '' );
227 $this->setUserPerm( "" );
228 $res = $this->permissionManager
229 ->getPermissionErrors( 'move', $this->user, $this->title );
230 $this->assertEquals( [ [ 'cant-move-user-page' ], [ 'movenologintext' ] ], $res );
231
232 $this->setTitle( NS_USER, $this->userName . '/subpage' );
233 $this->setUserPerm( "" );
234 $res = $this->permissionManager
235 ->getPermissionErrors( 'move', $this->user, $this->title );
236 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
237
238 $this->setTitle( NS_USER, $this->userName . '' );
239 $this->setUserPerm( "move-rootuserpages" );
240 $res = $this->permissionManager
241 ->getPermissionErrors( 'move', $this->user, $this->title );
242 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
243
244 $this->setTitle( NS_USER, $this->userName . '/subpage' );
245 $this->setUserPerm( "move-rootuserpages" );
246 $res = $this->permissionManager
247 ->getPermissionErrors( 'move', $this->user, $this->title );
248 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
249
250 $this->setUser( $this->userName );
251 $this->setTitle( NS_FILE, "img.png" );
252 $this->setUserPerm( "" );
253 $res = $this->permissionManager
254 ->getPermissionErrors( 'move', $this->user, $this->title );
255 $this->assertEquals( [ [ 'movenotallowedfile' ], [ 'movenotallowed' ] ], $res );
256
257 $this->setTitle( NS_FILE, "img.png" );
258 $this->setUserPerm( "movefile" );
259 $res = $this->permissionManager
260 ->getPermissionErrors( 'move', $this->user, $this->title );
261 $this->assertEquals( [ [ 'movenotallowed' ] ], $res );
262
263 $this->setUser( 'anon' );
264 $this->setTitle( NS_FILE, "img.png" );
265 $this->setUserPerm( "" );
266 $res = $this->permissionManager
267 ->getPermissionErrors( 'move', $this->user, $this->title );
268 $this->assertEquals( [ [ 'movenotallowedfile' ], [ 'movenologintext' ] ], $res );
269
270 $this->setTitle( NS_FILE, "img.png" );
271 $this->setUserPerm( "movefile" );
272 $res = $this->permissionManager
273 ->getPermissionErrors( 'move', $this->user, $this->title );
274 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
275
276 $this->setUser( $this->userName );
277 $this->setUserPerm( "move" );
278 $this->runGroupPermissions( 'move', [ [ 'movenotallowedfile' ] ] );
279
280 $this->setUserPerm( "" );
281 $this->runGroupPermissions(
282 'move',
283 [ [ 'movenotallowedfile' ], [ 'movenotallowed' ] ]
284 );
285
286 $this->setUser( 'anon' );
287 $this->setUserPerm( "move" );
288 $this->runGroupPermissions( 'move', [ [ 'movenotallowedfile' ] ] );
289
290 $this->setUserPerm( "" );
291 $this->runGroupPermissions(
292 'move',
293 [ [ 'movenotallowedfile' ], [ 'movenotallowed' ] ],
294 [ [ 'movenotallowedfile' ], [ 'movenologintext' ] ]
295 );
296
297 if ( $this->isWikitextNS( NS_MAIN ) ) {
298 // NOTE: some content models don't allow moving
299 // @todo find a Wikitext namespace for testing
300
301 $this->setTitle( NS_MAIN );
302 $this->setUser( 'anon' );
303 $this->setUserPerm( "move" );
304 $this->runGroupPermissions( 'move', [] );
305
306 $this->setUserPerm( "" );
307 $this->runGroupPermissions( 'move', [ [ 'movenotallowed' ] ],
308 [ [ 'movenologintext' ] ] );
309
310 $this->setUser( $this->userName );
311 $this->setUserPerm( "" );
312 $this->runGroupPermissions( 'move', [ [ 'movenotallowed' ] ] );
313
314 $this->setUserPerm( "move" );
315 $this->runGroupPermissions( 'move', [] );
316
317 $this->setUser( 'anon' );
318 $this->setUserPerm( 'move' );
319 $res = $this->permissionManager
320 ->getPermissionErrors( 'move-target', $this->user, $this->title );
321 $this->assertEquals( [], $res );
322
323 $this->setUserPerm( '' );
324 $res = $this->permissionManager
325 ->getPermissionErrors( 'move-target', $this->user, $this->title );
326 $this->assertEquals( [ [ 'movenotallowed' ] ], $res );
327 }
328
329 $this->setTitle( NS_USER );
330 $this->setUser( $this->userName );
331 $this->setUserPerm( [ "move", "move-rootuserpages" ] );
332 $res = $this->permissionManager
333 ->getPermissionErrors( 'move-target', $this->user, $this->title );
334 $this->assertEquals( [], $res );
335
336 $this->setUserPerm( "move" );
337 $res = $this->permissionManager
338 ->getPermissionErrors( 'move-target', $this->user, $this->title );
339 $this->assertEquals( [ [ 'cant-move-to-user-page' ] ], $res );
340
341 $this->setUser( 'anon' );
342 $this->setUserPerm( [ "move", "move-rootuserpages" ] );
343 $res = $this->permissionManager
344 ->getPermissionErrors( 'move-target', $this->user, $this->title );
345 $this->assertEquals( [], $res );
346
347 $this->setTitle( NS_USER, "User/subpage" );
348 $this->setUserPerm( [ "move", "move-rootuserpages" ] );
349 $res = $this->permissionManager
350 ->getPermissionErrors( 'move-target', $this->user, $this->title );
351 $this->assertEquals( [], $res );
352
353 $this->setUserPerm( "move" );
354 $res = $this->permissionManager
355 ->getPermissionErrors( 'move-target', $this->user, $this->title );
356 $this->assertEquals( [], $res );
357
358 $this->setUser( 'anon' );
359 $check = [
360 'edit' => [
361 [ [ 'badaccess-groups', "*, [[$prefix:Users|Users]]", 2 ] ],
362 [ [ 'badaccess-group0' ] ],
363 [],
364 true
365 ],
366 'protect' => [
367 [ [
368 'badaccess-groups',
369 "[[$prefix:Administrators|Administrators]]", 1 ],
370 [ 'protect-cantedit'
371 ] ],
372 [ [ 'badaccess-group0' ], [ 'protect-cantedit' ] ],
373 [ [ 'protect-cantedit' ] ],
374 false
375 ],
376 '' => [ [], [], [], true ]
377 ];
378
379 foreach ( [ "edit", "protect", "" ] as $action ) {
380 $this->setUserPerm( null );
381 $this->assertEquals( $check[$action][0],
382 $this->permissionManager
383 ->getPermissionErrors( $action, $this->user, $this->title, true ) );
384 $this->assertEquals( $check[$action][0],
385 $this->permissionManager
386 ->getPermissionErrors( $action, $this->user, $this->title, 'full' ) );
387 $this->assertEquals( $check[$action][0],
388 $this->permissionManager
389 ->getPermissionErrors( $action, $this->user, $this->title, 'secure' ) );
390
391 global $wgGroupPermissions;
392 $old = $wgGroupPermissions;
393 $wgGroupPermissions = [];
394
395 $this->assertEquals( $check[$action][1],
396 $this->permissionManager
397 ->getPermissionErrors( $action, $this->user, $this->title, true ) );
398 $this->assertEquals( $check[$action][1],
399 $this->permissionManager
400 ->getPermissionErrors( $action, $this->user, $this->title, 'full' ) );
401 $this->assertEquals( $check[$action][1],
402 $this->permissionManager
403 ->getPermissionErrors( $action, $this->user, $this->title, 'secure' ) );
404 $wgGroupPermissions = $old;
405
406 $this->setUserPerm( $action );
407 $this->assertEquals( $check[$action][2],
408 $this->permissionManager
409 ->getPermissionErrors( $action, $this->user, $this->title, true ) );
410 $this->assertEquals( $check[$action][2],
411 $this->permissionManager
412 ->getPermissionErrors( $action, $this->user, $this->title, 'full' ) );
413 $this->assertEquals( $check[$action][2],
414 $this->permissionManager
415 ->getPermissionErrors( $action, $this->user, $this->title, 'secure' ) );
416
417 $this->setUserPerm( $action );
418 $this->assertEquals( $check[$action][3],
419 $this->permissionManager->userCan( $action, $this->user, $this->title, true ) );
420 $this->assertEquals( $check[$action][3],
421 $this->permissionManager->userCan( $action, $this->user, $this->title,
422 PermissionManager::RIGOR_QUICK ) );
423 # count( User::getGroupsWithPermissions( $action ) ) < 1
424 }
425 }
426
427 protected function runGroupPermissions( $action, $result, $result2 = null ) {
428 global $wgGroupPermissions;
429
430 if ( $result2 === null ) {
431 $result2 = $result;
432 }
433
434 $wgGroupPermissions['autoconfirmed']['move'] = false;
435 $wgGroupPermissions['user']['move'] = false;
436 $res = $this->permissionManager
437 ->getPermissionErrors( $action, $this->user, $this->title );
438 $this->assertEquals( $result, $res );
439
440 $wgGroupPermissions['autoconfirmed']['move'] = true;
441 $wgGroupPermissions['user']['move'] = false;
442 $res = $this->permissionManager
443 ->getPermissionErrors( $action, $this->user, $this->title );
444 $this->assertEquals( $result2, $res );
445
446 $wgGroupPermissions['autoconfirmed']['move'] = true;
447 $wgGroupPermissions['user']['move'] = true;
448 $res = $this->permissionManager
449 ->getPermissionErrors( $action, $this->user, $this->title );
450 $this->assertEquals( $result2, $res );
451
452 $wgGroupPermissions['autoconfirmed']['move'] = false;
453 $wgGroupPermissions['user']['move'] = true;
454 $res = $this->permissionManager
455 ->getPermissionErrors( $action, $this->user, $this->title );
456 $this->assertEquals( $result2, $res );
457 }
458
459 /**
460 * @todo This test method should be split up into separate test methods and
461 * data providers
462 * @covers MediaWiki\Permissions\PermissionManager::checkSpecialsAndNSPermissions
463 */
464 public function testSpecialsAndNSPermissions() {
465 global $wgNamespaceProtection;
466 $this->setUser( $this->userName );
467
468 $this->setTitle( NS_SPECIAL );
469
470 $this->assertEquals( [ [ 'badaccess-group0' ], [ 'ns-specialprotected' ] ],
471 $this->permissionManager
472 ->getPermissionErrors( 'bogus', $this->user, $this->title ) );
473
474 $this->setTitle( NS_MAIN );
475 $this->setUserPerm( 'bogus' );
476 $this->assertEquals( [],
477 $this->permissionManager
478 ->getPermissionErrors( 'bogus', $this->user, $this->title ) );
479
480 $this->setTitle( NS_MAIN );
481 $this->setUserPerm( '' );
482 $this->assertEquals( [ [ 'badaccess-group0' ] ],
483 $this->permissionManager
484 ->getPermissionErrors( 'bogus', $this->user, $this->title ) );
485
486 $wgNamespaceProtection[NS_USER] = [ 'bogus' ];
487
488 $this->setTitle( NS_USER );
489 $this->setUserPerm( '' );
490 $this->assertEquals( [ [ 'badaccess-group0' ],
491 [ 'namespaceprotected', 'User', 'bogus' ] ],
492 $this->permissionManager
493 ->getPermissionErrors( 'bogus', $this->user, $this->title ) );
494
495 $this->setTitle( NS_MEDIAWIKI );
496 $this->setUserPerm( 'bogus' );
497 $this->assertEquals( [ [ 'protectedinterface', 'bogus' ] ],
498 $this->permissionManager
499 ->getPermissionErrors( 'bogus', $this->user, $this->title ) );
500
501 $this->setTitle( NS_MEDIAWIKI );
502 $this->setUserPerm( 'bogus' );
503 $this->assertEquals( [ [ 'protectedinterface', 'bogus' ] ],
504 $this->permissionManager
505 ->getPermissionErrors( 'bogus', $this->user, $this->title ) );
506
507 $wgNamespaceProtection = null;
508
509 $this->setUserPerm( 'bogus' );
510 $this->assertEquals( [],
511 $this->permissionManager
512 ->getPermissionErrors( 'bogus', $this->user, $this->title ) );
513 $this->assertEquals( true,
514 $this->permissionManager->userCan( 'bogus', $this->user, $this->title ) );
515
516 $this->setUserPerm( '' );
517 $this->assertEquals( [ [ 'badaccess-group0' ] ],
518 $this->permissionManager
519 ->getPermissionErrors( 'bogus', $this->user, $this->title ) );
520 $this->assertEquals( false,
521 $this->permissionManager->userCan( 'bogus', $this->user, $this->title ) );
522 }
523
524 /**
525 * @todo This test method should be split up into separate test methods and
526 * data providers
527 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
528 */
529 public function testJsConfigEditPermissions() {
530 $this->setUser( $this->userName );
531
532 $this->setTitle( NS_USER, $this->userName . '/test.js' );
533 $this->runConfigEditPermissions(
534 [ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
535
536 [ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
537 [ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
538 [ [ 'badaccess-group0' ] ],
539
540 [ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
541 [ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
542 [ [ 'badaccess-group0' ] ],
543 [ [ 'badaccess-groups' ] ]
544 );
545 }
546
547 /**
548 * @todo This test method should be split up into separate test methods and
549 * data providers
550 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
551 */
552 public function testJsonConfigEditPermissions() {
553 $prefix = MediaWikiServices::getInstance()->getContentLanguage()->
554 getFormattedNsText( NS_PROJECT );
555 $this->setUser( $this->userName );
556
557 $this->setTitle( NS_USER, $this->userName . '/test.json' );
558 $this->runConfigEditPermissions(
559 [ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
560
561 [ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
562 [ [ 'badaccess-group0' ] ],
563 [ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
564
565 [ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
566 [ [ 'badaccess-group0' ] ],
567 [ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
568 [ [ 'badaccess-groups' ] ]
569 );
570 }
571
572 /**
573 * @todo This test method should be split up into separate test methods and
574 * data providers
575 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
576 */
577 public function testCssConfigEditPermissions() {
578 $this->setUser( $this->userName );
579
580 $this->setTitle( NS_USER, $this->userName . '/test.css' );
581 $this->runConfigEditPermissions(
582 [ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
583
584 [ [ 'badaccess-group0' ] ],
585 [ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
586 [ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
587
588 [ [ 'badaccess-group0' ] ],
589 [ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
590 [ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
591 [ [ 'badaccess-groups' ] ]
592 );
593 }
594
595 /**
596 * @todo This test method should be split up into separate test methods and
597 * data providers
598 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
599 */
600 public function testOtherJsConfigEditPermissions() {
601 $this->setUser( $this->userName );
602
603 $this->setTitle( NS_USER, $this->altUserName . '/test.js' );
604 $this->runConfigEditPermissions(
605 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
606
607 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
608 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
609 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
610
611 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
612 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
613 [ [ 'badaccess-group0' ] ],
614 [ [ 'badaccess-groups' ] ]
615 );
616 }
617
618 /**
619 * @todo This test method should be split up into separate test methods and
620 * data providers
621 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
622 */
623 public function testOtherJsonConfigEditPermissions() {
624 $this->setUser( $this->userName );
625
626 $this->setTitle( NS_USER, $this->altUserName . '/test.json' );
627 $this->runConfigEditPermissions(
628 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
629
630 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
631 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
632 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
633
634 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
635 [ [ 'badaccess-group0' ] ],
636 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
637 [ [ 'badaccess-groups' ] ]
638 );
639 }
640
641 /**
642 * @todo This test method should be split up into separate test methods and
643 * data providers
644 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
645 */
646 public function testOtherCssConfigEditPermissions() {
647 $this->setUser( $this->userName );
648
649 $this->setTitle( NS_USER, $this->altUserName . '/test.css' );
650 $this->runConfigEditPermissions(
651 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
652
653 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
654 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
655 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
656
657 [ [ 'badaccess-group0' ] ],
658 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
659 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
660 [ [ 'badaccess-groups' ] ]
661 );
662 }
663
664 /**
665 * @todo This test method should be split up into separate test methods and
666 * data providers
667 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
668 */
669 public function testOtherNonConfigEditPermissions() {
670 $this->setUser( $this->userName );
671
672 $this->setTitle( NS_USER, $this->altUserName . '/tempo' );
673 $this->runConfigEditPermissions(
674 [ [ 'badaccess-group0' ] ],
675
676 [ [ 'badaccess-group0' ] ],
677 [ [ 'badaccess-group0' ] ],
678 [ [ 'badaccess-group0' ] ],
679
680 [ [ 'badaccess-group0' ] ],
681 [ [ 'badaccess-group0' ] ],
682 [ [ 'badaccess-group0' ] ],
683 [ [ 'badaccess-groups' ] ]
684 );
685 }
686
687 /**
688 * @todo This should use data providers like the other methods here.
689 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
690 */
691 public function testPatrolActionConfigEditPermissions() {
692 $this->setUser( 'anon' );
693 $this->setTitle( NS_USER, 'ToPatrolOrNotToPatrol' );
694 $this->runConfigEditPermissions(
695 [ [ 'badaccess-group0' ] ],
696
697 [ [ 'badaccess-group0' ] ],
698 [ [ 'badaccess-group0' ] ],
699 [ [ 'badaccess-group0' ] ],
700
701 [ [ 'badaccess-group0' ] ],
702 [ [ 'badaccess-group0' ] ],
703 [ [ 'badaccess-group0' ] ],
704 [ [ 'badaccess-groups' ] ]
705 );
706 }
707
708 protected function runConfigEditPermissions(
709 $resultNone,
710 $resultMyCss,
711 $resultMyJson,
712 $resultMyJs,
713 $resultUserCss,
714 $resultUserJson,
715 $resultUserJs,
716 $resultPatrol
717 ) {
718 $this->setUserPerm( '' );
719 $result = $this->permissionManager
720 ->getPermissionErrors( 'bogus', $this->user, $this->title );
721 $this->assertEquals( $resultNone, $result );
722
723 $this->setUserPerm( 'editmyusercss' );
724 $result = $this->permissionManager
725 ->getPermissionErrors( 'bogus', $this->user, $this->title );
726 $this->assertEquals( $resultMyCss, $result );
727
728 $this->setUserPerm( 'editmyuserjson' );
729 $result = $this->permissionManager
730 ->getPermissionErrors( 'bogus', $this->user, $this->title );
731 $this->assertEquals( $resultMyJson, $result );
732
733 $this->setUserPerm( 'editmyuserjs' );
734 $result = $this->permissionManager
735 ->getPermissionErrors( 'bogus', $this->user, $this->title );
736 $this->assertEquals( $resultMyJs, $result );
737
738 $this->setUserPerm( 'editusercss' );
739 $result = $this->permissionManager
740 ->getPermissionErrors( 'bogus', $this->user, $this->title );
741 $this->assertEquals( $resultUserCss, $result );
742
743 $this->setUserPerm( 'edituserjson' );
744 $result = $this->permissionManager
745 ->getPermissionErrors( 'bogus', $this->user, $this->title );
746 $this->assertEquals( $resultUserJson, $result );
747
748 $this->setUserPerm( 'edituserjs' );
749 $result = $this->permissionManager
750 ->getPermissionErrors( 'bogus', $this->user, $this->title );
751 $this->assertEquals( $resultUserJs, $result );
752
753 $this->setUserPerm( '' );
754 $result = $this->permissionManager
755 ->getPermissionErrors( 'patrol', $this->user, $this->title );
756 $this->assertEquals( reset( $resultPatrol[0] ), reset( $result[0] ) );
757
758 $this->setUserPerm( [ 'edituserjs', 'edituserjson', 'editusercss' ] );
759 $result = $this->permissionManager
760 ->getPermissionErrors( 'bogus', $this->user, $this->title );
761 $this->assertEquals( [ [ 'badaccess-group0' ] ], $result );
762 }
763
764 /**
765 * @todo This test method should be split up into separate test methods and
766 * data providers
767 *
768 * This test is failing per T201776.
769 *
770 * @group Broken
771 * @covers \MediaWiki\Permissions\PermissionManager::checkPageRestrictions
772 */
773 public function testPageRestrictions() {
774 $prefix = MediaWikiServices::getInstance()->getContentLanguage()->
775 getFormattedNsText( NS_PROJECT );
776
777 $this->setTitle( NS_MAIN );
778 $this->title->mRestrictionsLoaded = true;
779 $this->setUserPerm( "edit" );
780 $this->title->mRestrictions = [ "bogus" => [ 'bogus', "sysop", "protect", "" ] ];
781
782 $this->assertEquals( [],
783 $this->permissionManager->getPermissionErrors( 'edit',
784 $this->user, $this->title ) );
785
786 $this->assertEquals( true,
787 $this->permissionManager->userCan( 'edit', $this->user, $this->title,
788 PermissionManager::RIGOR_QUICK ) );
789
790 $this->title->mRestrictions = [ "edit" => [ 'bogus', "sysop", "protect", "" ],
791 "bogus" => [ 'bogus', "sysop", "protect", "" ] ];
792
793 $this->assertEquals( [ [ 'badaccess-group0' ],
794 [ 'protectedpagetext', 'bogus', 'bogus' ],
795 [ 'protectedpagetext', 'editprotected', 'bogus' ],
796 [ 'protectedpagetext', 'protect', 'bogus' ] ],
797 $this->permissionManager->getPermissionErrors( 'bogus',
798 $this->user, $this->title ) );
799 $this->assertEquals( [ [ 'protectedpagetext', 'bogus', 'edit' ],
800 [ 'protectedpagetext', 'editprotected', 'edit' ],
801 [ 'protectedpagetext', 'protect', 'edit' ] ],
802 $this->permissionManager->getPermissionErrors( 'edit',
803 $this->user, $this->title ) );
804 $this->setUserPerm( "" );
805 $this->assertEquals( [ [ 'badaccess-group0' ],
806 [ 'protectedpagetext', 'bogus', 'bogus' ],
807 [ 'protectedpagetext', 'editprotected', 'bogus' ],
808 [ 'protectedpagetext', 'protect', 'bogus' ] ],
809 $this->permissionManager->getPermissionErrors( 'bogus',
810 $this->user, $this->title ) );
811 $this->assertEquals( [ [ 'badaccess-groups', "*, [[$prefix:Users|Users]]", 2 ],
812 [ 'protectedpagetext', 'bogus', 'edit' ],
813 [ 'protectedpagetext', 'editprotected', 'edit' ],
814 [ 'protectedpagetext', 'protect', 'edit' ] ],
815 $this->permissionManager->getPermissionErrors( 'edit',
816 $this->user, $this->title ) );
817 $this->setUserPerm( [ "edit", "editprotected" ] );
818 $this->assertEquals( [ [ 'badaccess-group0' ],
819 [ 'protectedpagetext', 'bogus', 'bogus' ],
820 [ 'protectedpagetext', 'protect', 'bogus' ] ],
821 $this->permissionManager->getPermissionErrors( 'bogus',
822 $this->user, $this->title ) );
823 $this->assertEquals( [
824 [ 'protectedpagetext', 'bogus', 'edit' ],
825 [ 'protectedpagetext', 'protect', 'edit' ] ],
826 $this->permissionManager->getPermissionErrors( 'edit',
827 $this->user, $this->title ) );
828
829 $this->title->mCascadeRestriction = true;
830 $this->setUserPerm( "edit" );
831
832 $this->assertEquals( false,
833 $this->permissionManager->userCan( 'bogus', $this->user, $this->title,
834 PermissionManager::RIGOR_QUICK ) );
835
836 $this->assertEquals( false,
837 $this->permissionManager->userCan( 'edit', $this->user, $this->title,
838 PermissionManager::RIGOR_QUICK ) );
839
840 $this->assertEquals( [ [ 'badaccess-group0' ],
841 [ 'protectedpagetext', 'bogus', 'bogus' ],
842 [ 'protectedpagetext', 'editprotected', 'bogus' ],
843 [ 'protectedpagetext', 'protect', 'bogus' ] ],
844 $this->permissionManager->getPermissionErrors( 'bogus',
845 $this->user, $this->title ) );
846 $this->assertEquals( [ [ 'protectedpagetext', 'bogus', 'edit' ],
847 [ 'protectedpagetext', 'editprotected', 'edit' ],
848 [ 'protectedpagetext', 'protect', 'edit' ] ],
849 $this->permissionManager->getPermissionErrors( 'edit',
850 $this->user, $this->title ) );
851
852 $this->setUserPerm( [ "edit", "editprotected" ] );
853 $this->assertEquals( false,
854 $this->permissionManager->userCan( 'bogus', $this->user, $this->title,
855 PermissionManager::RIGOR_QUICK ) );
856
857 $this->assertEquals( false,
858 $this->permissionManager->userCan( 'edit', $this->user, $this->title,
859 PermissionManager::RIGOR_QUICK ) );
860
861 $this->assertEquals( [ [ 'badaccess-group0' ],
862 [ 'protectedpagetext', 'bogus', 'bogus' ],
863 [ 'protectedpagetext', 'protect', 'bogus' ],
864 [ 'protectedpagetext', 'protect', 'bogus' ] ],
865 $this->permissionManager->getPermissionErrors( 'bogus',
866 $this->user, $this->title ) );
867 $this->assertEquals( [ [ 'protectedpagetext', 'bogus', 'edit' ],
868 [ 'protectedpagetext', 'protect', 'edit' ],
869 [ 'protectedpagetext', 'protect', 'edit' ] ],
870 $this->permissionManager->getPermissionErrors( 'edit',
871 $this->user, $this->title ) );
872 }
873
874 /**
875 * @covers \MediaWiki\Permissions\PermissionManager::checkCascadingSourcesRestrictions
876 */
877 public function testCascadingSourcesRestrictions() {
878 $this->setTitle( NS_MAIN, "test page" );
879 $this->setUserPerm( [ "edit", "bogus" ] );
880
881 $this->title->mCascadeSources = [
882 Title::makeTitle( NS_MAIN, "Bogus" ),
883 Title::makeTitle( NS_MAIN, "UnBogus" )
884 ];
885 $this->title->mCascadingRestrictions = [
886 "bogus" => [ 'bogus', "sysop", "protect", "" ]
887 ];
888
889 $this->assertEquals( false,
890 $this->permissionManager->userCan( 'bogus', $this->user, $this->title ) );
891 $this->assertEquals( [
892 [ "cascadeprotected", 2, "* [[:Bogus]]\n* [[:UnBogus]]\n", 'bogus' ],
893 [ "cascadeprotected", 2, "* [[:Bogus]]\n* [[:UnBogus]]\n", 'bogus' ],
894 [ "cascadeprotected", 2, "* [[:Bogus]]\n* [[:UnBogus]]\n", 'bogus' ] ],
895 $this->permissionManager->getPermissionErrors( 'bogus', $this->user, $this->title ) );
896
897 $this->assertEquals( true,
898 $this->permissionManager->userCan( 'edit', $this->user, $this->title ) );
899 $this->assertEquals( [],
900 $this->permissionManager->getPermissionErrors( 'edit', $this->user, $this->title ) );
901 }
902
903 /**
904 * @todo This test method should be split up into separate test methods and
905 * data providers
906 * @covers \MediaWiki\Permissions\PermissionManager::checkActionPermissions
907 */
908 public function testActionPermissions() {
909 $this->setUserPerm( [ "createpage" ] );
910 $this->setTitle( NS_MAIN, "test page" );
911 $this->title->mTitleProtection['permission'] = '';
912 $this->title->mTitleProtection['user'] = $this->user->getId();
913 $this->title->mTitleProtection['expiry'] = 'infinity';
914 $this->title->mTitleProtection['reason'] = 'test';
915 $this->title->mCascadeRestriction = false;
916
917 $this->assertEquals( [ [ 'titleprotected', 'Useruser', 'test' ] ],
918 $this->permissionManager
919 ->getPermissionErrors( 'create', $this->user, $this->title ) );
920 $this->assertEquals( false,
921 $this->permissionManager->userCan( 'create', $this->user, $this->title ) );
922
923 $this->title->mTitleProtection['permission'] = 'editprotected';
924 $this->setUserPerm( [ 'createpage', 'protect' ] );
925 $this->assertEquals( [ [ 'titleprotected', 'Useruser', 'test' ] ],
926 $this->permissionManager
927 ->getPermissionErrors( 'create', $this->user, $this->title ) );
928 $this->assertEquals( false,
929 $this->permissionManager->userCan( 'create', $this->user, $this->title ) );
930
931 $this->setUserPerm( [ 'createpage', 'editprotected' ] );
932 $this->assertEquals( [],
933 $this->permissionManager
934 ->getPermissionErrors( 'create', $this->user, $this->title ) );
935 $this->assertEquals( true,
936 $this->permissionManager->userCan( 'create', $this->user, $this->title ) );
937
938 $this->setUserPerm( [ 'createpage' ] );
939 $this->assertEquals( [ [ 'titleprotected', 'Useruser', 'test' ] ],
940 $this->permissionManager
941 ->getPermissionErrors( 'create', $this->user, $this->title ) );
942 $this->assertEquals( false,
943 $this->permissionManager->userCan( 'create', $this->user, $this->title ) );
944
945 $this->setTitle( NS_MEDIA, "test page" );
946 $this->setUserPerm( [ "move" ] );
947 $this->assertEquals( false,
948 $this->permissionManager->userCan( 'move', $this->user, $this->title ) );
949 $this->assertEquals( [ [ 'immobile-source-namespace', 'Media' ] ],
950 $this->permissionManager
951 ->getPermissionErrors( 'move', $this->user, $this->title ) );
952
953 $this->setTitle( NS_HELP, "test page" );
954 $this->assertEquals( [],
955 $this->permissionManager
956 ->getPermissionErrors( 'move', $this->user, $this->title ) );
957 $this->assertEquals( true,
958 $this->permissionManager->userCan( 'move', $this->user, $this->title ) );
959
960 $this->title->mInterwiki = "no";
961 $this->assertEquals( [ [ 'immobile-source-page' ] ],
962 $this->permissionManager
963 ->getPermissionErrors( 'move', $this->user, $this->title ) );
964 $this->assertEquals( false,
965 $this->permissionManager->userCan( 'move', $this->user, $this->title ) );
966
967 $this->setTitle( NS_MEDIA, "test page" );
968 $this->assertEquals( false,
969 $this->permissionManager->userCan( 'move-target', $this->user, $this->title ) );
970 $this->assertEquals( [ [ 'immobile-target-namespace', 'Media' ] ],
971 $this->permissionManager
972 ->getPermissionErrors( 'move-target', $this->user, $this->title ) );
973
974 $this->setTitle( NS_HELP, "test page" );
975 $this->assertEquals( [],
976 $this->permissionManager
977 ->getPermissionErrors( 'move-target', $this->user, $this->title ) );
978 $this->assertEquals( true,
979 $this->permissionManager->userCan( 'move-target', $this->user, $this->title ) );
980
981 $this->title->mInterwiki = "no";
982 $this->assertEquals( [ [ 'immobile-target-page' ] ],
983 $this->permissionManager
984 ->getPermissionErrors( 'move-target', $this->user, $this->title ) );
985 $this->assertEquals( false,
986 $this->permissionManager->userCan( 'move-target', $this->user, $this->title ) );
987 }
988
989 /**
990 * @covers \MediaWiki\Permissions\PermissionManager::checkUserBlock
991 */
992 public function testUserBlock() {
993 $this->setMwGlobals( [
994 'wgEmailConfirmToEdit' => true,
995 'wgEmailAuthentication' => true,
996 ] );
997
998 $this->overrideMwServices();
999 $this->permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
1000
1001 $this->setUserPerm( [
1002 'createpage',
1003 'edit',
1004 'move',
1005 'rollback',
1006 'patrol',
1007 'upload',
1008 'purge'
1009 ] );
1010 $this->setTitle( NS_HELP, "test page" );
1011
1012 # $wgEmailConfirmToEdit only applies to 'edit' action
1013 $this->assertEquals( [],
1014 $this->permissionManager->getPermissionErrors( 'move-target',
1015 $this->user, $this->title ) );
1016 $this->assertContains( [ 'confirmedittext' ],
1017 $this->permissionManager
1018 ->getPermissionErrors( 'edit', $this->user, $this->title ) );
1019
1020 $this->setMwGlobals( 'wgEmailConfirmToEdit', false );
1021 $this->overrideMwServices();
1022 $this->permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
1023
1024 $this->assertNotContains( [ 'confirmedittext' ],
1025 $this->permissionManager
1026 ->getPermissionErrors( 'edit', $this->user, $this->title ) );
1027
1028 # $wgEmailConfirmToEdit && !$user->isEmailConfirmed() && $action != 'createaccount'
1029 $this->assertEquals( [],
1030 $this->permissionManager->getPermissionErrors( 'move-target',
1031 $this->user, $this->title ) );
1032
1033 global $wgLang;
1034 $prev = time();
1035 $now = time() + 120;
1036 $this->user->mBlockedby = $this->user->getId();
1037 $this->user->mBlock = new Block( [
1038 'address' => '127.0.8.1',
1039 'by' => $this->user->getId(),
1040 'reason' => 'no reason given',
1041 'timestamp' => $prev + 3600,
1042 'auto' => true,
1043 'expiry' => 0
1044 ] );
1045 $this->user->mBlock->mTimestamp = 0;
1046 $this->assertEquals( [ [ 'autoblockedtext',
1047 '[[User:Useruser|Useruser]]', 'no reason given', '127.0.0.1',
1048 'Useruser', null, 'infinite', '127.0.8.1',
1049 $wgLang->timeanddate( wfTimestamp( TS_MW, $prev ), true ) ] ],
1050 $this->permissionManager->getPermissionErrors( 'move-target',
1051 $this->user, $this->title ) );
1052
1053 $this->assertEquals( false, $this->permissionManager
1054 ->userCan( 'move-target', $this->user, $this->title ) );
1055 // quickUserCan should ignore user blocks
1056 $this->assertEquals( true, $this->permissionManager
1057 ->userCan( 'move-target', $this->user, $this->title,
1058 PermissionManager::RIGOR_QUICK ) );
1059
1060 global $wgLocalTZoffset;
1061 $wgLocalTZoffset = -60;
1062 $this->user->mBlockedby = $this->user->getName();
1063 $this->user->mBlock = new Block( [
1064 'address' => '127.0.8.1',
1065 'by' => $this->user->getId(),
1066 'reason' => 'no reason given',
1067 'timestamp' => $now,
1068 'auto' => false,
1069 'expiry' => 10,
1070 ] );
1071 $this->assertEquals( [ [ 'blockedtext',
1072 '[[User:Useruser|Useruser]]', 'no reason given', '127.0.0.1',
1073 'Useruser', null, '23:00, 31 December 1969', '127.0.8.1',
1074 $wgLang->timeanddate( wfTimestamp( TS_MW, $now ), true ) ] ],
1075 $this->permissionManager
1076 ->getPermissionErrors( 'move-target', $this->user, $this->title ) );
1077 # $action != 'read' && $action != 'createaccount' && $user->isBlockedFrom( $this )
1078 # $user->blockedFor() == ''
1079 # $user->mBlock->mExpiry == 'infinity'
1080
1081 $this->user->mBlockedby = $this->user->getName();
1082 $this->user->mBlock = new Block( [
1083 'address' => '127.0.8.1',
1084 'by' => $this->user->getId(),
1085 'reason' => 'no reason given',
1086 'timestamp' => $now,
1087 'auto' => false,
1088 'expiry' => 10,
1089 'systemBlock' => 'test',
1090 ] );
1091
1092 $errors = [ [ 'systemblockedtext',
1093 '[[User:Useruser|Useruser]]', 'no reason given', '127.0.0.1',
1094 'Useruser', 'test', '23:00, 31 December 1969', '127.0.8.1',
1095 $wgLang->timeanddate( wfTimestamp( TS_MW, $now ), true ) ] ];
1096
1097 $this->assertEquals( $errors,
1098 $this->permissionManager
1099 ->getPermissionErrors( 'edit', $this->user, $this->title ) );
1100 $this->assertEquals( $errors,
1101 $this->permissionManager
1102 ->getPermissionErrors( 'move-target', $this->user, $this->title ) );
1103 $this->assertEquals( $errors,
1104 $this->permissionManager
1105 ->getPermissionErrors( 'rollback', $this->user, $this->title ) );
1106 $this->assertEquals( $errors,
1107 $this->permissionManager
1108 ->getPermissionErrors( 'patrol', $this->user, $this->title ) );
1109 $this->assertEquals( $errors,
1110 $this->permissionManager
1111 ->getPermissionErrors( 'upload', $this->user, $this->title ) );
1112 $this->assertEquals( [],
1113 $this->permissionManager
1114 ->getPermissionErrors( 'purge', $this->user, $this->title ) );
1115
1116 // partial block message test
1117 $this->user->mBlockedby = $this->user->getName();
1118 $this->user->mBlock = new Block( [
1119 'address' => '127.0.8.1',
1120 'by' => $this->user->getId(),
1121 'reason' => 'no reason given',
1122 'timestamp' => $now,
1123 'sitewide' => false,
1124 'expiry' => 10,
1125 ] );
1126
1127 $this->assertEquals( [],
1128 $this->permissionManager
1129 ->getPermissionErrors( 'edit', $this->user, $this->title ) );
1130 $this->assertEquals( [],
1131 $this->permissionManager
1132 ->getPermissionErrors( 'move-target', $this->user, $this->title ) );
1133 $this->assertEquals( [],
1134 $this->permissionManager
1135 ->getPermissionErrors( 'rollback', $this->user, $this->title ) );
1136 $this->assertEquals( [],
1137 $this->permissionManager
1138 ->getPermissionErrors( 'patrol', $this->user, $this->title ) );
1139 $this->assertEquals( [],
1140 $this->permissionManager
1141 ->getPermissionErrors( 'upload', $this->user, $this->title ) );
1142 $this->assertEquals( [],
1143 $this->permissionManager
1144 ->getPermissionErrors( 'purge', $this->user, $this->title ) );
1145
1146 $this->user->mBlock->setRestrictions( [
1147 ( new PageRestriction( 0, $this->title->getArticleID() ) )->setTitle( $this->title ),
1148 ] );
1149
1150 $errors = [ [ 'blockedtext-partial',
1151 '[[User:Useruser|Useruser]]', 'no reason given', '127.0.0.1',
1152 'Useruser', null, '23:00, 31 December 1969', '127.0.8.1',
1153 $wgLang->timeanddate( wfTimestamp( TS_MW, $now ), true ) ] ];
1154
1155 $this->assertEquals( $errors,
1156 $this->permissionManager
1157 ->getPermissionErrors( 'edit', $this->user, $this->title ) );
1158 $this->assertEquals( $errors,
1159 $this->permissionManager
1160 ->getPermissionErrors( 'move-target', $this->user, $this->title ) );
1161 $this->assertEquals( $errors,
1162 $this->permissionManager
1163 ->getPermissionErrors( 'rollback', $this->user, $this->title ) );
1164 $this->assertEquals( $errors,
1165 $this->permissionManager
1166 ->getPermissionErrors( 'patrol', $this->user, $this->title ) );
1167 $this->assertEquals( [],
1168 $this->permissionManager
1169 ->getPermissionErrors( 'upload', $this->user, $this->title ) );
1170 $this->assertEquals( [],
1171 $this->permissionManager
1172 ->getPermissionErrors( 'purge', $this->user, $this->title ) );
1173
1174 // Test no block.
1175 $this->user->mBlockedby = null;
1176 $this->user->mBlock = null;
1177
1178 $this->assertEquals( [],
1179 $this->permissionManager
1180 ->getPermissionErrors( 'edit', $this->user, $this->title ) );
1181 }
1182
1183 /**
1184 * @covers \MediaWiki\Permissions\PermissionManager::checkUserBlock
1185 *
1186 * Tests to determine that the passed in permission does not get mixed up with
1187 * an action of the same name.
1188 */
1189 public function testUserBlockAction() {
1190 global $wgLang;
1191
1192 $tester = $this->getMockBuilder( Action::class )
1193 ->disableOriginalConstructor()
1194 ->getMock();
1195 $tester->method( 'getName' )
1196 ->willReturn( 'tester' );
1197 $tester->method( 'getRestriction' )
1198 ->willReturn( 'test' );
1199 $tester->method( 'requiresUnblock' )
1200 ->willReturn( false );
1201
1202 $this->setMwGlobals( [
1203 'wgActions' => [
1204 'tester' => $tester,
1205 ],
1206 'wgGroupPermissions' => [
1207 '*' => [
1208 'tester' => true,
1209 ],
1210 ],
1211 ] );
1212
1213 $now = time();
1214 $this->user->mBlockedby = $this->user->getName();
1215 $this->user->mBlock = new Block( [
1216 'address' => '127.0.8.1',
1217 'by' => $this->user->getId(),
1218 'reason' => 'no reason given',
1219 'timestamp' => $now,
1220 'auto' => false,
1221 'expiry' => 'infinity',
1222 ] );
1223
1224 $errors = [ [ 'blockedtext',
1225 '[[User:Useruser|Useruser]]', 'no reason given', '127.0.0.1',
1226 'Useruser', null, 'infinite', '127.0.8.1',
1227 $wgLang->timeanddate( wfTimestamp( TS_MW, $now ), true ) ] ];
1228
1229 $this->assertEquals( $errors,
1230 $this->permissionManager
1231 ->getPermissionErrors( 'tester', $this->user, $this->title ) );
1232 }
1233
1234 /**
1235 * @covers \MediaWiki\Permissions\PermissionManager::isBlockedFrom
1236 */
1237 public function testBlockInstanceCache() {
1238 // First, check the user isn't blocked
1239 $user = $this->getMutableTestUser()->getUser();
1240 $ut = Title::makeTitle( NS_USER_TALK, $user->getName() );
1241 $this->assertNull( $user->getBlock( false ), 'sanity check' );
1242 //$this->assertSame( '', $user->blockedBy(), 'sanity check' );
1243 //$this->assertSame( '', $user->blockedFor(), 'sanity check' );
1244 //$this->assertFalse( (bool)$user->isHidden(), 'sanity check' );
1245 $this->assertFalse( $this->permissionManager
1246 ->isBlockedFrom( $user, $ut ), 'sanity check' );
1247
1248 // Block the user
1249 $blocker = $this->getTestSysop()->getUser();
1250 $block = new Block( [
1251 'hideName' => true,
1252 'allowUsertalk' => false,
1253 'reason' => 'Because',
1254 ] );
1255 $block->setTarget( $user );
1256 $block->setBlocker( $blocker );
1257 $res = $block->insert();
1258 $this->assertTrue( (bool)$res['id'], 'sanity check: Failed to insert block' );
1259
1260 // Clear cache and confirm it loaded the block properly
1261 $user->clearInstanceCache();
1262 $this->assertInstanceOf( Block::class, $user->getBlock( false ) );
1263 //$this->assertSame( $blocker->getName(), $user->blockedBy() );
1264 //$this->assertSame( 'Because', $user->blockedFor() );
1265 //$this->assertTrue( (bool)$user->isHidden() );
1266 $this->assertTrue( $this->permissionManager->isBlockedFrom( $user, $ut ) );
1267
1268 // Unblock
1269 $block->delete();
1270
1271 // Clear cache and confirm it loaded the not-blocked properly
1272 $user->clearInstanceCache();
1273 $this->assertNull( $user->getBlock( false ) );
1274 //$this->assertSame( '', $user->blockedBy() );
1275 //$this->assertSame( '', $user->blockedFor() );
1276 //$this->assertFalse( (bool)$user->isHidden() );
1277 $this->assertFalse( $this->permissionManager->isBlockedFrom( $user, $ut ) );
1278 }
1279
1280 /**
1281 * @covers \MediaWiki\Permissions\PermissionManager::isBlockedFrom
1282 * @dataProvider provideIsBlockedFrom
1283 * @param string|null $title Title to test.
1284 * @param bool $expect Expected result from User::isBlockedFrom()
1285 * @param array $options Additional test options:
1286 * - 'blockAllowsUTEdit': (bool, default true) Value for $wgBlockAllowsUTEdit
1287 * - 'allowUsertalk': (bool, default false) Passed to Block::__construct()
1288 * - 'pageRestrictions': (array|null) If non-empty, page restriction titles for the block.
1289 */
1290 public function testIsBlockedFrom( $title, $expect, array $options = [] ) {
1291 $this->setMwGlobals( [
1292 'wgBlockAllowsUTEdit' => $options['blockAllowsUTEdit'] ?? true,
1293 ] );
1294
1295 $user = $this->getTestUser()->getUser();
1296
1297 if ( $title === self::USER_TALK_PAGE ) {
1298 $title = $user->getTalkPage();
1299 } else {
1300 $title = Title::newFromText( $title );
1301 }
1302
1303 $restrictions = [];
1304 foreach ( $options['pageRestrictions'] ?? [] as $pagestr ) {
1305 $page = $this->getExistingTestPage(
1306 $pagestr === self::USER_TALK_PAGE ? $user->getTalkPage() : $pagestr
1307 );
1308 $restrictions[] = new PageRestriction( 0, $page->getId() );
1309 }
1310 foreach ( $options['namespaceRestrictions'] ?? [] as $ns ) {
1311 $restrictions[] = new NamespaceRestriction( 0, $ns );
1312 }
1313
1314 $block = new Block( [
1315 'expiry' => wfTimestamp( TS_MW, wfTimestamp() + ( 40 * 60 * 60 ) ),
1316 'allowUsertalk' => $options['allowUsertalk'] ?? false,
1317 'sitewide' => !$restrictions,
1318 ] );
1319 $block->setTarget( $user );
1320 $block->setBlocker( $this->getTestSysop()->getUser() );
1321 if ( $restrictions ) {
1322 $block->setRestrictions( $restrictions );
1323 }
1324 $block->insert();
1325
1326 try {
1327 $this->assertSame( $expect, $this->permissionManager->isBlockedFrom( $user, $title ) );
1328 } finally {
1329 $block->delete();
1330 }
1331 }
1332
1333 public static function provideIsBlockedFrom() {
1334 return [
1335 'Sitewide block, basic operation' => [ 'Test page', true ],
1336 'Sitewide block, not allowing user talk' => [
1337 self::USER_TALK_PAGE, true, [
1338 'allowUsertalk' => false,
1339 ]
1340 ],
1341 'Sitewide block, allowing user talk' => [
1342 self::USER_TALK_PAGE, false, [
1343 'allowUsertalk' => true,
1344 ]
1345 ],
1346 'Sitewide block, allowing user talk but $wgBlockAllowsUTEdit is false' => [
1347 self::USER_TALK_PAGE, true, [
1348 'allowUsertalk' => true,
1349 'blockAllowsUTEdit' => false,
1350 ]
1351 ],
1352 'Partial block, blocking the page' => [
1353 'Test page', true, [
1354 'pageRestrictions' => [ 'Test page' ],
1355 ]
1356 ],
1357 'Partial block, not blocking the page' => [
1358 'Test page 2', false, [
1359 'pageRestrictions' => [ 'Test page' ],
1360 ]
1361 ],
1362 'Partial block, not allowing user talk but user talk page is not blocked' => [
1363 self::USER_TALK_PAGE, false, [
1364 'allowUsertalk' => false,
1365 'pageRestrictions' => [ 'Test page' ],
1366 ]
1367 ],
1368 'Partial block, allowing user talk but user talk page is blocked' => [
1369 self::USER_TALK_PAGE, true, [
1370 'allowUsertalk' => true,
1371 'pageRestrictions' => [ self::USER_TALK_PAGE ],
1372 ]
1373 ],
1374 'Partial block, user talk page is not blocked but $wgBlockAllowsUTEdit is false' => [
1375 self::USER_TALK_PAGE, false, [
1376 'allowUsertalk' => false,
1377 'pageRestrictions' => [ 'Test page' ],
1378 'blockAllowsUTEdit' => false,
1379 ]
1380 ],
1381 'Partial block, user talk page is blocked and $wgBlockAllowsUTEdit is false' => [
1382 self::USER_TALK_PAGE, true, [
1383 'allowUsertalk' => true,
1384 'pageRestrictions' => [ self::USER_TALK_PAGE ],
1385 'blockAllowsUTEdit' => false,
1386 ]
1387 ],
1388 'Partial user talk namespace block, not allowing user talk' => [
1389 self::USER_TALK_PAGE, true, [
1390 'allowUsertalk' => false,
1391 'namespaceRestrictions' => [ NS_USER_TALK ],
1392 ]
1393 ],
1394 'Partial user talk namespace block, allowing user talk' => [
1395 self::USER_TALK_PAGE, false, [
1396 'allowUsertalk' => true,
1397 'namespaceRestrictions' => [ NS_USER_TALK ],
1398 ]
1399 ],
1400 'Partial user talk namespace block, where $wgBlockAllowsUTEdit is false' => [
1401 self::USER_TALK_PAGE, true, [
1402 'allowUsertalk' => true,
1403 'namespaceRestrictions' => [ NS_USER_TALK ],
1404 'blockAllowsUTEdit' => false,
1405 ]
1406 ],
1407 ];
1408 }
1409
1410 }
Wiklou, le Wiki du Wiklou