const RIGOR_SECURE = 'secure';
/**
- * TODO Make this const when HHVM support is dropped (T192166)
- *
* @since 1.34
* @var array
*/
- public static $constructorOptions = [
+ public const CONSTRUCTOR_OPTIONS = [
'WhitelistRead',
'WhitelistReadRegexp',
'EmailConfirmToEdit',
/** @var NamespaceInfo */
private $nsInfo;
- /** @var string[] Cached results of getAllRights() */
- private $allRights = false;
+ /** @var string[]|null Cached results of getAllRights() */
+ private $allRights;
/** @var string[][] Cached user rights */
private $usersRights = null;
*/
private $temporaryUserRights = [];
- /** @var string[] Cached rights for isEveryoneAllowed */
+ /** @var bool[] Cached rights for isEveryoneAllowed, [ right => allowed ] */
private $cachedRights = [];
/**
RevisionLookup $revisionLookup,
NamespaceInfo $nsInfo
) {
- $options->assertRequiredOptions( self::$constructorOptions );
+ $options->assertRequiredOptions( self::CONSTRUCTOR_OPTIONS );
$this->options = $options;
$this->specialPageFactory = $specialPageFactory;
$this->revisionLookup = $revisionLookup;
return !count( $this->getPermissionErrorsInternal( $action, $user, $page, $rigor, true ) );
}
+ /**
+ * A convenience method for calling PermissionManager::userCan
+ * with PermissionManager::RIGOR_QUICK
+ *
+ * Suitable for use for nonessential UI controls in common cases, but
+ * _not_ for functional access control.
+ * May provide false positives, but should never provide a false negative.
+ *
+ * @see PermissionManager::userCan()
+ *
+ * @param string $action
+ * @param User $user
+ * @param LinkTarget $page
+ * @return bool
+ */
+ public function quickUserCan( $action, User $user, LinkTarget $page ) {
+ return $this->userCan( $action, $user, $page, self::RIGOR_QUICK );
+ }
+
/**
* Can $user perform $action on a page?
*
* Check if user is allowed to make any action
*
* @param UserIdentity $user
- * // TODO: HHVM can't create mocks with variable params @param string ...$actions
+ * // TODO: HHVM bug T228695#5450847 @param string ...$actions
+ * @suppress PhanCommentParamWithoutRealParam
* @return bool True if user is allowed to perform *any* of the given actions
* @since 1.34
*/
* Check if user is allowed to make all actions
*
* @param UserIdentity $user
- * // TODO: HHVM can't create mocks with variable params @param string ...$actions
+ * // TODO: HHVM bug T228695#5450847 @param string ...$actions
+ * @suppress PhanCommentParamWithoutRealParam
* @return bool True if user is allowed to perform *all* of the given actions
* @since 1.34
*/
*/
public function getUserPermissions( UserIdentity $user ) {
$user = User::newFromIdentity( $user );
- if ( !isset( $this->usersRights[ $user->getId() ] ) ) {
- $this->usersRights[ $user->getId() ] = $this->getGroupPermissions(
+ $rightsCacheKey = $this->getRightsCacheKey( $user );
+ if ( !isset( $this->usersRights[ $rightsCacheKey ] ) ) {
+ $this->usersRights[ $rightsCacheKey ] = $this->getGroupPermissions(
$user->getEffectiveGroups()
);
- Hooks::run( 'UserGetRights', [ $user, &$this->usersRights[ $user->getId() ] ] );
+ Hooks::run( 'UserGetRights', [ $user, &$this->usersRights[ $rightsCacheKey ] ] );
// Deny any rights denied by the user's session, unless this
// endpoint has no sessions.
// FIXME: $user->getRequest().. need to be replaced with something else
$allowedRights = $user->getRequest()->getSession()->getAllowedUserRights();
if ( $allowedRights !== null ) {
- $this->usersRights[ $user->getId() ] = array_intersect(
- $this->usersRights[ $user->getId() ],
+ $this->usersRights[ $rightsCacheKey ] = array_intersect(
+ $this->usersRights[ $rightsCacheKey ],
$allowedRights
);
}
}
- Hooks::run( 'UserGetRightsRemove', [ $user, &$this->usersRights[ $user->getId() ] ] );
+ Hooks::run( 'UserGetRightsRemove', [ $user, &$this->usersRights[ $rightsCacheKey ] ] );
// Force reindexation of rights when a hook has unset one of them
- $this->usersRights[ $user->getId() ] = array_values(
- array_unique( $this->usersRights[ $user->getId() ] )
+ $this->usersRights[ $rightsCacheKey ] = array_values(
+ array_unique( $this->usersRights[ $rightsCacheKey ] )
);
if (
$user->getBlock()
) {
$anon = new User;
- $this->usersRights[ $user->getId() ] = array_intersect(
- $this->usersRights[ $user->getId() ],
+ $this->usersRights[ $rightsCacheKey ] = array_intersect(
+ $this->usersRights[ $rightsCacheKey ],
$this->getUserPermissions( $anon )
);
}
}
- $rights = $this->usersRights[ $user->getId() ];
+ $rights = $this->usersRights[ $rightsCacheKey ];
foreach ( $this->temporaryUserRights[ $user->getId() ] ?? [] as $overrides ) {
$rights = array_values( array_unique( array_merge( $rights, $overrides ) ) );
}
*/
public function invalidateUsersRightsCache( $user = null ) {
if ( $user !== null ) {
- if ( isset( $this->usersRights[ $user->getId() ] ) ) {
- unset( $this->usersRights[$user->getId()] );
+ $rightsCacheKey = $this->getRightsCacheKey( $user );
+ if ( isset( $this->usersRights[ $rightsCacheKey ] ) ) {
+ unset( $this->usersRights[ $rightsCacheKey ] );
}
} else {
$this->usersRights = null;
}
}
+ /**
+ * Gets a unique key for user rights cache.
+ * @param UserIdentity $user
+ * @return string
+ */
+ private function getRightsCacheKey( UserIdentity $user ) {
+ return $user->isRegistered() ? "u:{$user->getId()}" : "anon:{$user->getName()}";
+ }
+
/**
* Check, if the given group has the given permission
*
* @return string[] Array of permission names
*/
public function getAllPermissions() {
- if ( $this->allRights === false ) {
+ if ( $this->allRights === null ) {
if ( count( $this->options->get( 'AvailableRights' ) ) ) {
$this->allRights = array_unique( array_merge(
$this->coreRights,
if ( !defined( 'MW_PHPUNIT_TEST' ) ) {
throw new Exception( __METHOD__ . ' can not be called outside of tests' );
}
- $this->usersRights[ $user->getId() ] = is_array( $rights ) ? $rights : [ $rights ];
+ $this->usersRights[ $this->getRightsCacheKey( $user ) ] =
+ is_array( $rights ) ? $rights : [ $rights ];
}
}
dépôts / lhc / web / wiklou.git / blobdiff