From acaa3e31368a040dc9b888386d11c42a355f4c9f Mon Sep 17 00:00:00 2001 From: Petr Pchelko Date: Wed, 21 Aug 2019 19:22:26 -0700 Subject: [PATCH] Remove deprecated User groups/permission static calls. Bug: T220191 Change-Id: Ifa8afa90c432723b0bba0033a46b6a499c77e6fc --- img_auth.php | 4 ++-- includes/Autopromote.php | 6 +++++- includes/OutputPage.php | 11 +++++------ includes/api/ApiMain.php | 2 +- includes/api/ApiQueryAllImages.php | 2 +- includes/api/ApiQueryAllUsers.php | 5 +++-- includes/api/ApiQueryContributors.php | 6 ++++-- includes/exception/PermissionsError.php | 6 +++++- includes/skins/SkinTemplate.php | 5 +++-- includes/specialpage/SpecialPage.php | 4 +++- includes/specials/SpecialCreateAccount.php | 4 +++- includes/specials/SpecialNewpages.php | 6 +++++- includes/specials/pagers/ContribsPager.php | 4 +++- includes/specials/pagers/NewFilesPager.php | 4 +++- includes/specials/pagers/NewPagesPager.php | 4 +++- includes/user/User.php | 4 +++- maintenance/rebuildrecentchanges.php | 4 +++- thumb.php | 4 ++-- 18 files changed, 57 insertions(+), 28 deletions(-) diff --git a/img_auth.php b/img_auth.php index 914014d85f..6e45e4eba5 100644 --- a/img_auth.php +++ b/img_auth.php @@ -53,9 +53,10 @@ $mediawiki->doPostOutputShutdown( 'fast' ); function wfImageAuthMain() { global $wgImgAuthUrlPathMap; + $permissionManager = \MediaWiki\MediaWikiServices::getInstance()->getPermissionManager(); $request = RequestContext::getMain()->getRequest(); - $publicWiki = in_array( 'read', User::getGroupPermissions( [ '*' ] ), true ); + $publicWiki = in_array( 'read', $permissionManager->getGroupPermissions( [ '*' ] ), true ); // Get the requested file path (source file or thumbnail) $matches = WebRequest::getPathInfo(); @@ -160,7 +161,6 @@ function wfImageAuthMain() { // Check user authorization for this title // Checks Whitelist too - $permissionManager = \MediaWiki\MediaWikiServices::getInstance()->getPermissionManager(); if ( !$permissionManager->userCan( 'read', $user, $title ) ) { wfForbidden( 'img-auth-accessdenied', 'img-auth-noread', $name ); diff --git a/includes/Autopromote.php b/includes/Autopromote.php index b17f1ab1c6..2156787886 100644 --- a/includes/Autopromote.php +++ b/includes/Autopromote.php @@ -21,6 +21,8 @@ * @file */ +use MediaWiki\MediaWikiServices; + /** * This class checks if user can get extra rights * because of conditions specified in $wgAutopromote @@ -200,7 +202,9 @@ class Autopromote { case APCOND_BLOCKED: return $user->getBlock() && $user->getBlock()->isSitewide(); case APCOND_ISBOT: - return in_array( 'bot', User::getGroupPermissions( $user->getGroups() ) ); + return in_array( 'bot', MediaWikiServices::getInstance() + ->getPermissionManager() + ->getGroupPermissions( $user->getGroups() ) ); default: $result = null; Hooks::run( 'AutopromoteCondition', [ $cond[0], diff --git a/includes/OutputPage.php b/includes/OutputPage.php index b7341e3b7a..f8b7502710 100644 --- a/includes/OutputPage.php +++ b/includes/OutputPage.php @@ -2666,6 +2666,8 @@ class OutputPage extends ContextSource { * @param string|null $action Action that was denied or null if unknown */ public function showPermissionsErrorPage( array $errors, $action = null ) { + $services = MediaWikiServices::getInstance(); + $permissionManager = $services->getPermissionManager(); foreach ( $errors as $key => $error ) { $errors[$key] = (array)$error; } @@ -2675,11 +2677,12 @@ class OutputPage extends ContextSource { // 1. the user is not logged in // 2. the only error is insufficient permissions (i.e. no block or something else) // 3. the error can be avoided simply by logging in + if ( in_array( $action, [ 'read', 'edit', 'createpage', 'createtalk', 'upload' ] ) && $this->getUser()->isAnon() && count( $errors ) == 1 && isset( $errors[0][0] ) && ( $errors[0][0] == 'badaccess-groups' || $errors[0][0] == 'badaccess-group0' ) - && ( User::groupHasPermission( 'user', $action ) - || User::groupHasPermission( 'autoconfirmed', $action ) ) + && ( $permissionManager->groupHasPermission( 'user', $action ) + || $permissionManager->groupHasPermission( 'autoconfirmed', $action ) ) ) { $displayReturnto = null; @@ -2715,8 +2718,6 @@ class OutputPage extends ContextSource { } } - $services = MediaWikiServices::getInstance(); - $title = SpecialPage::getTitleFor( 'Userlogin' ); $linkRenderer = $services->getLinkRenderer(); $loginUrl = $title->getLinkURL( $query, false, PROTO_RELATIVE ); @@ -2730,8 +2731,6 @@ class OutputPage extends ContextSource { $this->prepareErrorPage( $this->msg( 'loginreqtitle' ) ); $this->addHTML( $this->msg( $msg )->rawParams( $loginLink )->params( $loginUrl )->parse() ); - $permissionManager = $services->getPermissionManager(); - # Don't return to a page the user can't read otherwise # we'll end up in a pointless loop if ( $displayReturnto && $permissionManager->userCan( diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php index 6b9e4ac541..6577c7b4c6 100644 --- a/includes/api/ApiMain.php +++ b/includes/api/ApiMain.php @@ -1939,7 +1939,7 @@ class ApiMain extends ApiBase { $groups = array_map( function ( $group ) { return $group == '*' ? 'all' : $group; - }, User::getGroupsWithPermission( $right ) ); + }, $this->getPermissionManager()->getGroupsWithPermission( $right ) ); $help['permissions'] .= Html::rawElement( 'dd', null, $this->msg( 'api-help-permissions-granted-to' ) diff --git a/includes/api/ApiQueryAllImages.php b/includes/api/ApiQueryAllImages.php index 40cd149181..b181710558 100644 --- a/includes/api/ApiQueryAllImages.php +++ b/includes/api/ApiQueryAllImages.php @@ -205,7 +205,7 @@ class ApiQueryAllImages extends ApiQueryGeneratorBase { $this->addJoinConds( [ 'user_groups' => [ 'LEFT JOIN', [ - 'ug_group' => User::getGroupsWithPermission( 'bot' ), + 'ug_group' => $this->getPermissionManager()->getGroupsWithPermission( 'bot' ), 'ug_user = ' . $actorQuery['fields']['img_user'], 'ug_expiry IS NULL OR ug_expiry >= ' . $db->addQuotes( $db->timestamp() ) ] diff --git a/includes/api/ApiQueryAllUsers.php b/includes/api/ApiQueryAllUsers.php index 59e92e1538..023b88fea9 100644 --- a/includes/api/ApiQueryAllUsers.php +++ b/includes/api/ApiQueryAllUsers.php @@ -90,7 +90,8 @@ class ApiQueryAllUsers extends ApiQueryBase { if ( !is_null( $params['rights'] ) && count( $params['rights'] ) ) { $groups = []; foreach ( $params['rights'] as $r ) { - $groups = array_merge( $groups, User::getGroupsWithPermission( $r ) ); + $groups = array_merge( $groups, $this->getPermissionManager() + ->getGroupsWithPermission( $r ) ); } // no group with the given right(s) exists, no need for a query @@ -312,7 +313,7 @@ class ApiQueryAllUsers extends ApiQueryBase { } if ( $fld_rights ) { - $data['rights'] = User::getGroupPermissions( $groups ); + $data['rights'] = $this->getPermissionManager()->getGroupPermissions( $groups ); ApiResult::setIndexedTagName( $data['rights'], 'r' ); ApiResult::setArrayType( $data['rights'], 'array' ); } diff --git a/includes/api/ApiQueryContributors.php b/includes/api/ApiQueryContributors.php index 9057f1055b..fd2d199b80 100644 --- a/includes/api/ApiQueryContributors.php +++ b/includes/api/ApiQueryContributors.php @@ -152,7 +152,8 @@ class ApiQueryContributors extends ApiQueryBase { } elseif ( $params['rights'] ) { $excludeGroups = false; foreach ( $params['rights'] as $r ) { - $limitGroups = array_merge( $limitGroups, User::getGroupsWithPermission( $r ) ); + $limitGroups = array_merge( $limitGroups, $this->getPermissionManager() + ->getGroupsWithPermission( $r ) ); } // If no group has the rights requested, no need to query @@ -168,7 +169,8 @@ class ApiQueryContributors extends ApiQueryBase { } elseif ( $params['excluderights'] ) { $excludeGroups = true; foreach ( $params['excluderights'] as $r ) { - $limitGroups = array_merge( $limitGroups, User::getGroupsWithPermission( $r ) ); + $limitGroups = array_merge( $limitGroups, $this->getPermissionManager() + ->getGroupsWithPermission( $r ) ); } } diff --git a/includes/exception/PermissionsError.php b/includes/exception/PermissionsError.php index cc69a762c1..87a3dc2819 100644 --- a/includes/exception/PermissionsError.php +++ b/includes/exception/PermissionsError.php @@ -18,6 +18,8 @@ * @file */ +use MediaWiki\MediaWikiServices; + /** * Show an error when a user tries to do something they do not have the necessary * permissions for. @@ -46,7 +48,9 @@ class PermissionsError extends ErrorPageError { if ( !count( $errors ) ) { $groups = []; - foreach ( User::getGroupsWithPermission( $this->permission ) as $group ) { + foreach ( MediaWikiServices::getInstance() + ->getPermissionManager() + ->getGroupsWithPermission( $this->permission ) as $group ) { $groups[] = UserGroupMembership::getLink( $group, RequestContext::getMain(), 'wiki' ); } diff --git a/includes/skins/SkinTemplate.php b/includes/skins/SkinTemplate.php index af7ec294e9..7cfec2b579 100644 --- a/includes/skins/SkinTemplate.php +++ b/includes/skins/SkinTemplate.php @@ -585,6 +585,7 @@ class SkinTemplate extends Skin { $request = $this->getRequest(); $pageurl = $title->getLocalURL(); $authManager = AuthManager::singleton(); + $permissionManager = MediaWikiServices::getInstance()->getPermissionManager(); /* set up the default links for the personal toolbar */ $personal_urls = []; @@ -704,7 +705,7 @@ class SkinTemplate extends Skin { ]; // No need to show Talk and Contributions to anons if they can't contribute! - if ( User::groupHasPermission( '*', 'edit' ) ) { + if ( $permissionManager->groupHasPermission( '*', 'edit' ) ) { // Because of caching, we can't link directly to the IP talk and // contributions pages. Instead we use the special page shortcuts // (which work correctly regardless of caching). This means we can't @@ -732,7 +733,7 @@ class SkinTemplate extends Skin { } if ( $authManager->canAuthenticateNow() ) { - $key = User::groupHasPermission( '*', 'read' ) + $key = $permissionManager->groupHasPermission( '*', 'read' ) ? 'login' : 'login-private'; $personal_urls[$key] = $login_url; diff --git a/includes/specialpage/SpecialPage.php b/includes/specialpage/SpecialPage.php index d7e39d5129..7d3303584d 100644 --- a/includes/specialpage/SpecialPage.php +++ b/includes/specialpage/SpecialPage.php @@ -278,7 +278,9 @@ class SpecialPage implements MessageLocalizer { */ public function isRestricted() { // DWIM: If anons can do something, then it is not restricted - return $this->mRestriction != '' && !User::groupHasPermission( '*', $this->mRestriction ); + return $this->mRestriction != '' && !MediaWikiServices::getInstance() + ->getPermissionManager() + ->groupHasPermission( '*', $this->mRestriction ); } /** diff --git a/includes/specials/SpecialCreateAccount.php b/includes/specials/SpecialCreateAccount.php index 9b5dd3f4ba..cc2fc80970 100644 --- a/includes/specials/SpecialCreateAccount.php +++ b/includes/specials/SpecialCreateAccount.php @@ -51,7 +51,9 @@ class SpecialCreateAccount extends LoginSignupSpecialPage { } public function isRestricted() { - return !User::groupHasPermission( '*', 'createaccount' ); + return !MediaWikiServices::getInstance() + ->getPermissionManager() + ->groupHasPermission( '*', 'createaccount' ); } public function userCanExecute( User $user ) { diff --git a/includes/specials/SpecialNewpages.php b/includes/specials/SpecialNewpages.php index 711d4474fa..493f6dbf08 100644 --- a/includes/specials/SpecialNewpages.php +++ b/includes/specials/SpecialNewpages.php @@ -21,6 +21,8 @@ * @ingroup SpecialPage */ +use MediaWiki\MediaWikiServices; + /** * A special page that list newly created pages * @@ -184,7 +186,9 @@ class SpecialNewpages extends IncludableSpecialPage { } // Disable some if needed - if ( !User::groupHasPermission( '*', 'createpage' ) ) { + if ( !MediaWikiServices::getInstance()->getPermissionManager() + ->groupHasPermission( '*', 'createpage' ) + ) { unset( $filters['hideliu'] ); } if ( !$this->getUser()->useNPPatrol() ) { diff --git a/includes/specials/pagers/ContribsPager.php b/includes/specials/pagers/ContribsPager.php index 1cb78b88db..9a2877f871 100644 --- a/includes/specials/pagers/ContribsPager.php +++ b/includes/specials/pagers/ContribsPager.php @@ -285,7 +285,9 @@ class ContribsPager extends RangeChronologicalPager { $queryInfo['conds'][] = $revQuery['fields']['rev_user'] . ' >' . (int)( $max - $max / 100 ); # ignore local groups with the bot right # @todo FIXME: Global groups may have 'bot' rights - $groupsWithBotPermission = User::getGroupsWithPermission( 'bot' ); + $groupsWithBotPermission = MediaWikiServices::getInstance() + ->getPermissionManager() + ->getGroupsWithPermission( 'bot' ); if ( count( $groupsWithBotPermission ) ) { $queryInfo['tables'][] = 'user_groups'; $queryInfo['conds'][] = 'ug_group IS NULL'; diff --git a/includes/specials/pagers/NewFilesPager.php b/includes/specials/pagers/NewFilesPager.php index 88dff6e02f..ed86e54273 100644 --- a/includes/specials/pagers/NewFilesPager.php +++ b/includes/specials/pagers/NewFilesPager.php @@ -87,7 +87,9 @@ class NewFilesPager extends RangeChronologicalPager { } if ( !$opts->getValue( 'showbots' ) ) { - $groupsWithBotPermission = User::getGroupsWithPermission( 'bot' ); + $groupsWithBotPermission = MediaWikiServices::getInstance() + ->getPermissionManager() + ->getGroupsWithPermission( 'bot' ); if ( count( $groupsWithBotPermission ) ) { $dbr = wfGetDB( DB_REPLICA ); diff --git a/includes/specials/pagers/NewPagesPager.php b/includes/specials/pagers/NewPagesPager.php index 8131671a53..c50563d7cd 100644 --- a/includes/specials/pagers/NewPagesPager.php +++ b/includes/specials/pagers/NewPagesPager.php @@ -68,7 +68,9 @@ class NewPagesPager extends ReverseChronologicalPager { $conds[] = ActorMigration::newMigration()->getWhere( $this->mDb, 'rc_user', User::newFromName( $user->getText(), false ), false )['conds']; - } elseif ( User::groupHasPermission( '*', 'createpage' ) && + } elseif ( MediaWikiServices::getInstance() + ->getPermissionManager() + ->groupHasPermission( '*', 'createpage' ) && $this->opts->getValue( 'hideliu' ) ) { # If anons cannot make new pages, don't "exclude logged in users"! diff --git a/includes/user/User.php b/includes/user/User.php index 7c2f0380fa..5cf1b12c20 100644 --- a/includes/user/User.php +++ b/includes/user/User.php @@ -5351,7 +5351,9 @@ class User implements IDBAccessObject, UserIdentity { global $wgLang; $groups = []; - foreach ( self::getGroupsWithPermission( $permission ) as $group ) { + foreach ( MediaWikiServices::getInstance() + ->getPermissionManager() + ->getGroupsWithPermission( $permission ) as $group ) { $groups[] = UserGroupMembership::getLink( $group, RequestContext::getMain(), 'wiki' ); } diff --git a/maintenance/rebuildrecentchanges.php b/maintenance/rebuildrecentchanges.php index 35af15c849..7267b2cac4 100644 --- a/maintenance/rebuildrecentchanges.php +++ b/maintenance/rebuildrecentchanges.php @@ -367,7 +367,9 @@ class RebuildRecentchanges extends Maintenance { # @NOTE: users with 'bot' rights choose when edits are bot edits or not. That information # may be lost at this point (aside from joining on the patrol log table entries). $botgroups = [ 'bot' ]; - $autopatrolgroups = $wgUseRCPatrol ? User::getGroupsWithPermission( 'autopatrol' ) : []; + $autopatrolgroups = $wgUseRCPatrol ? MediaWikiServices::getInstance() + ->getPermissionManager() + ->getGroupsWithPermission( 'autopatrol' ) : []; # Flag our recent bot edits if ( $botgroups ) { diff --git a/thumb.php b/thumb.php index 4e5c2134d3..13dbc0e767 100644 --- a/thumb.php +++ b/thumb.php @@ -91,6 +91,7 @@ function wfThumbHandle404() { */ function wfStreamThumb( array $params ) { global $wgVaryOnXFP; + $permissionManager = MediaWikiServices::getInstance()->getPermissionManager(); $headers = []; // HTTP headers to send @@ -154,9 +155,8 @@ function wfStreamThumb( array $params ) { // Check permissions if there are read restrictions $varyHeader = []; - if ( !in_array( 'read', User::getGroupPermissions( [ '*' ] ), true ) ) { + if ( !in_array( 'read', $permissionManager->getGroupPermissions( [ '*' ] ), true ) ) { $user = RequestContext::getMain()->getUser(); - $permissionManager = MediaWikiServices::getInstance()->getPermissionManager(); $imgTitle = $img->getTitle(); if ( !$imgTitle || !$permissionManager->userCan( 'read', $user, $imgTitle ) ) { -- 2.20.1