3 namespace MediaWiki\Tests\Permissions
;
8 use LoggedServiceOptions
;
9 use MediaWiki\Block\DatabaseBlock
;
10 use MediaWiki\Block\Restriction\NamespaceRestriction
;
11 use MediaWiki\Block\Restriction\PageRestriction
;
12 use MediaWiki\Block\SystemBlock
;
13 use MediaWiki\Linker\LinkTarget
;
14 use MediaWiki\MediaWikiServices
;
15 use MediaWiki\Permissions\PermissionManager
;
16 use MediaWiki\Revision\MutableRevisionRecord
;
17 use MediaWiki\Revision\RevisionLookup
;
19 use TestAllServiceOptionsUsed
;
20 use Wikimedia\ScopedCallback
;
21 use MediaWiki\Session\SessionId
;
22 use MediaWiki\Session\TestUtils
;
23 use MediaWikiLangTestCase
;
28 use Wikimedia\TestingAccessWrapper
;
33 * @covers \MediaWiki\Permissions\PermissionManager
35 class PermissionManagerTest
extends MediaWikiLangTestCase
{
36 use TestAllServiceOptionsUsed
;
41 protected $userName, $altUserName;
51 protected $user, $anonUser, $userUser, $altUser;
53 /** Constant for self::testIsBlockedFrom */
54 const USER_TALK_PAGE
= '<user talk page>';
56 protected function setUp() {
60 $localOffset = date( 'Z' ) / 60;
62 $this->setMwGlobals( [
63 'wgLocaltimezone' => $localZone,
64 'wgLocalTZoffset' => $localOffset,
65 'wgNamespaceProtection' => [
66 NS_MEDIAWIKI
=> 'editinterface',
68 'wgRevokePermissions' => [
73 'wgAvailableRights' => [
83 $this->setGroupPermissions( 'unittesters', 'test', true );
84 $this->setGroupPermissions( 'unittesters', 'runtest', true );
85 $this->setGroupPermissions( 'unittesters', 'writetest', false );
86 $this->setGroupPermissions( 'unittesters', 'nukeworld', false );
88 $this->setGroupPermissions( 'testwriters', 'test', true );
89 $this->setGroupPermissions( 'testwriters', 'writetest', true );
90 $this->setGroupPermissions( 'testwriters', 'modifytest', true );
92 $this->setGroupPermissions( '*', 'editmyoptions', true );
94 // Without this testUserBlock will use a non-English context on non-English MediaWiki
95 // installations (because of how Title::checkUserBlock is implemented) and fail.
96 RequestContext
::resetMain();
98 $this->userName
= 'Useruser';
99 $this->altUserName
= 'Altuseruser';
100 date_default_timezone_set( $localZone );
102 $this->title
= Title
::makeTitle( NS_MAIN
, "Main Page" );
103 if ( !isset( $this->userUser
) ||
!( $this->userUser
instanceof User
) ) {
104 $this->userUser
= User
::newFromName( $this->userName
);
106 if ( !$this->userUser
->getId() ) {
107 $this->userUser
= User
::createNew( $this->userName
, [
108 "email" => "test@example.com",
109 "real_name" => "Test User" ] );
110 $this->userUser
->load();
113 $this->altUser
= User
::newFromName( $this->altUserName
);
114 if ( !$this->altUser
->getId() ) {
115 $this->altUser
= User
::createNew( $this->altUserName
, [
116 "email" => "alttest@example.com",
117 "real_name" => "Test User Alt" ] );
118 $this->altUser
->load();
121 $this->anonUser
= User
::newFromId( 0 );
123 $this->user
= $this->userUser
;
127 public function tearDown() {
129 $this->restoreMwServices();
132 protected function setTitle( $ns, $title = "Main_Page" ) {
133 $this->title
= Title
::makeTitle( $ns, $title );
136 protected function setUser( $userName = null ) {
137 if ( $userName === 'anon' ) {
138 $this->user
= $this->anonUser
;
139 } elseif ( $userName === null ||
$userName === $this->userName
) {
140 $this->user
= $this->userUser
;
142 $this->user
= $this->altUser
;
147 * @todo This test method should be split up into separate test methods and
150 * This test is failing per T201776.
153 * @covers \MediaWiki\Permissions\PermissionManager::checkQuickPermissions
155 public function testQuickPermissions() {
156 $prefix = MediaWikiServices
::getInstance()->getContentLanguage()->
157 getFormattedNsText( NS_PROJECT
);
159 $this->setUser( 'anon' );
160 $this->setTitle( NS_TALK
);
161 $this->overrideUserPermissions( $this->user
, "createtalk" );
162 $res = MediaWikiServices
::getInstance()->getPermissionManager()
163 ->getPermissionErrors( 'create', $this->user
, $this->title
);
164 $this->assertEquals( [], $res );
166 $this->setTitle( NS_TALK
);
167 $this->overrideUserPermissions( $this->user
, "createpage" );
168 $res = MediaWikiServices
::getInstance()->getPermissionManager()
169 ->getPermissionErrors( 'create', $this->user
, $this->title
);
170 $this->assertEquals( [ [ "nocreatetext" ] ], $res );
172 $this->setTitle( NS_TALK
);
173 $this->overrideUserPermissions( $this->user
, "" );
174 $res = MediaWikiServices
::getInstance()->getPermissionManager()
175 ->getPermissionErrors( 'create', $this->user
, $this->title
);
176 $this->assertEquals( [ [ 'nocreatetext' ] ], $res );
178 $this->setTitle( NS_MAIN
);
179 $this->overrideUserPermissions( $this->user
, "createpage" );
180 $res = MediaWikiServices
::getInstance()->getPermissionManager()
181 ->getPermissionErrors( 'create', $this->user
, $this->title
);
182 $this->assertEquals( [], $res );
184 $this->setTitle( NS_MAIN
);
185 $this->overrideUserPermissions( $this->user
, "createtalk" );
186 $res = MediaWikiServices
::getInstance()->getPermissionManager()
187 ->getPermissionErrors( 'create', $this->user
, $this->title
);
188 $this->assertEquals( [ [ 'nocreatetext' ] ], $res );
190 $this->setUser( $this->userName
);
191 $this->setTitle( NS_TALK
);
192 $this->overrideUserPermissions( $this->user
, "createtalk" );
193 $res = MediaWikiServices
::getInstance()->getPermissionManager()
194 ->getPermissionErrors( 'create', $this->user
, $this->title
);
195 $this->assertEquals( [], $res );
197 $this->setTitle( NS_TALK
);
198 $this->overrideUserPermissions( $this->user
, "createpage" );
199 $res = MediaWikiServices
::getInstance()->getPermissionManager()
200 ->getPermissionErrors( 'create', $this->user
, $this->title
);
201 $this->assertEquals( [ [ 'nocreate-loggedin' ] ], $res );
203 $this->setTitle( NS_TALK
);
204 $this->overrideUserPermissions( $this->user
, "" );
205 $res = MediaWikiServices
::getInstance()->getPermissionManager()
206 ->getPermissionErrors( 'create', $this->user
, $this->title
);
207 $this->assertEquals( [ [ 'nocreate-loggedin' ] ], $res );
209 $this->setTitle( NS_MAIN
);
210 $this->overrideUserPermissions( $this->user
, "createpage" );
211 $res = MediaWikiServices
::getInstance()->getPermissionManager()
212 ->getPermissionErrors( 'create', $this->user
, $this->title
);
213 $this->assertEquals( [], $res );
215 $this->setTitle( NS_MAIN
);
216 $this->overrideUserPermissions( $this->user
, "createtalk" );
217 $res = MediaWikiServices
::getInstance()->getPermissionManager()
218 ->getPermissionErrors( 'create', $this->user
, $this->title
);
219 $this->assertEquals( [ [ 'nocreate-loggedin' ] ], $res );
221 $this->setTitle( NS_MAIN
);
222 $this->overrideUserPermissions( $this->user
, "" );
223 $res = MediaWikiServices
::getInstance()->getPermissionManager()
224 ->getPermissionErrors( 'create', $this->user
, $this->title
);
225 $this->assertEquals( [ [ 'nocreate-loggedin' ] ], $res );
227 $this->setUser( 'anon' );
228 $this->setTitle( NS_USER
, $this->userName
. '' );
229 $this->overrideUserPermissions( $this->user
, "" );
230 $res = MediaWikiServices
::getInstance()->getPermissionManager()
231 ->getPermissionErrors( 'move', $this->user
, $this->title
);
232 $this->assertEquals( [ [ 'cant-move-user-page' ], [ 'movenologintext' ] ], $res );
234 $this->setTitle( NS_USER
, $this->userName
. '/subpage' );
235 $this->overrideUserPermissions( $this->user
, "" );
236 $res = MediaWikiServices
::getInstance()->getPermissionManager()
237 ->getPermissionErrors( 'move', $this->user
, $this->title
);
238 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
240 $this->setTitle( NS_USER
, $this->userName
. '' );
241 $this->overrideUserPermissions( $this->user
, "move-rootuserpages" );
242 $res = MediaWikiServices
::getInstance()->getPermissionManager()
243 ->getPermissionErrors( 'move', $this->user
, $this->title
);
244 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
246 $this->setTitle( NS_USER
, $this->userName
. '/subpage' );
247 $this->overrideUserPermissions( $this->user
, "move-rootuserpages" );
248 $res = MediaWikiServices
::getInstance()->getPermissionManager()
249 ->getPermissionErrors( 'move', $this->user
, $this->title
);
250 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
252 $this->setTitle( NS_USER
, $this->userName
. '' );
253 $this->overrideUserPermissions( $this->user
, "" );
254 $res = MediaWikiServices
::getInstance()->getPermissionManager()
255 ->getPermissionErrors( 'move', $this->user
, $this->title
);
256 $this->assertEquals( [ [ 'cant-move-user-page' ], [ 'movenologintext' ] ], $res );
258 $this->setTitle( NS_USER
, $this->userName
. '/subpage' );
259 $this->overrideUserPermissions( $this->user
, "" );
260 $res = MediaWikiServices
::getInstance()->getPermissionManager()
261 ->getPermissionErrors( 'move', $this->user
, $this->title
);
262 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
264 $this->setTitle( NS_USER
, $this->userName
. '' );
265 $this->overrideUserPermissions( $this->user
, "move-rootuserpages" );
266 $res = MediaWikiServices
::getInstance()->getPermissionManager()
267 ->getPermissionErrors( 'move', $this->user
, $this->title
);
268 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
270 $this->setTitle( NS_USER
, $this->userName
. '/subpage' );
271 $this->overrideUserPermissions( $this->user
, "move-rootuserpages" );
272 $res = MediaWikiServices
::getInstance()->getPermissionManager()
273 ->getPermissionErrors( 'move', $this->user
, $this->title
);
274 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
276 $this->setUser( $this->userName
);
277 $this->setTitle( NS_FILE
, "img.png" );
278 $this->overrideUserPermissions( $this->user
, "" );
279 $res = MediaWikiServices
::getInstance()->getPermissionManager()
280 ->getPermissionErrors( 'move', $this->user
, $this->title
);
281 $this->assertEquals( [ [ 'movenotallowedfile' ], [ 'movenotallowed' ] ], $res );
283 $this->setTitle( NS_FILE
, "img.png" );
284 $this->overrideUserPermissions( $this->user
, "movefile" );
285 $res = MediaWikiServices
::getInstance()->getPermissionManager()
286 ->getPermissionErrors( 'move', $this->user
, $this->title
);
287 $this->assertEquals( [ [ 'movenotallowed' ] ], $res );
289 $this->setUser( 'anon' );
290 $this->setTitle( NS_FILE
, "img.png" );
291 $this->overrideUserPermissions( $this->user
, "" );
292 $res = MediaWikiServices
::getInstance()->getPermissionManager()
293 ->getPermissionErrors( 'move', $this->user
, $this->title
);
294 $this->assertEquals( [ [ 'movenotallowedfile' ], [ 'movenologintext' ] ], $res );
296 $this->setTitle( NS_FILE
, "img.png" );
297 $this->overrideUserPermissions( $this->user
, "movefile" );
298 $res = MediaWikiServices
::getInstance()->getPermissionManager()
299 ->getPermissionErrors( 'move', $this->user
, $this->title
);
300 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
302 $this->setUser( $this->userName
);
303 // $this->setUserPerm( "move" );
304 $this->runGroupPermissions( 'move', 'move', [ [ 'movenotallowedfile' ] ] );
306 // $this->setUserPerm( "" );
307 $this->runGroupPermissions(
310 [ [ 'movenotallowedfile' ], [ 'movenotallowed' ] ]
313 $this->setUser( 'anon' );
314 //$this->setUserPerm( "move" );
315 $this->runGroupPermissions( 'move', 'move', [ [ 'movenotallowedfile' ] ] );
317 // $this->setUserPerm( "" );
318 $this->runGroupPermissions(
321 [ [ 'movenotallowedfile' ], [ 'movenotallowed' ] ],
322 [ [ 'movenotallowedfile' ], [ 'movenologintext' ] ]
325 if ( $this->isWikitextNS( NS_MAIN
) ) {
326 // NOTE: some content models don't allow moving
327 // @todo find a Wikitext namespace for testing
329 $this->setTitle( NS_MAIN
);
330 $this->setUser( 'anon' );
331 // $this->setUserPerm( "move" );
332 $this->runGroupPermissions( 'move', 'move', [] );
334 // $this->setUserPerm( "" );
335 $this->runGroupPermissions( '', 'move', [ [ 'movenotallowed' ] ],
336 [ [ 'movenologintext' ] ] );
338 $this->setUser( $this->userName
);
339 // $this->setUserPerm( "" );
340 $this->runGroupPermissions( '', 'move', [ [ 'movenotallowed' ] ] );
342 //$this->setUserPerm( "move" );
343 $this->runGroupPermissions( 'move', 'move', [] );
345 $this->setUser( 'anon' );
346 $this->overrideUserPermissions( $this->user
, 'move' );
347 $res = MediaWikiServices
::getInstance()->getPermissionManager()
348 ->getPermissionErrors( 'move-target', $this->user
, $this->title
);
349 $this->assertEquals( [], $res );
351 $this->overrideUserPermissions( $this->user
, '' );
352 $res = MediaWikiServices
::getInstance()->getPermissionManager()
353 ->getPermissionErrors( 'move-target', $this->user
, $this->title
);
354 $this->assertEquals( [ [ 'movenotallowed' ] ], $res );
357 $this->setTitle( NS_USER
);
358 $this->setUser( $this->userName
);
359 $this->overrideUserPermissions( $this->user
, [ "move", "move-rootuserpages" ] );
360 $res = MediaWikiServices
::getInstance()->getPermissionManager()
361 ->getPermissionErrors( 'move-target', $this->user
, $this->title
);
362 $this->assertEquals( [], $res );
364 $this->overrideUserPermissions( $this->user
, "move" );
365 $res = MediaWikiServices
::getInstance()->getPermissionManager()
366 ->getPermissionErrors( 'move-target', $this->user
, $this->title
);
367 $this->assertEquals( [ [ 'cant-move-to-user-page' ] ], $res );
369 $this->setUser( 'anon' );
370 $this->overrideUserPermissions( $this->user
, [ "move", "move-rootuserpages" ] );
371 $res = MediaWikiServices
::getInstance()->getPermissionManager()
372 ->getPermissionErrors( 'move-target', $this->user
, $this->title
);
373 $this->assertEquals( [], $res );
375 $this->setTitle( NS_USER
, "User/subpage" );
376 $this->overrideUserPermissions( $this->user
, [ "move", "move-rootuserpages" ] );
377 $res = MediaWikiServices
::getInstance()->getPermissionManager()
378 ->getPermissionErrors( 'move-target', $this->user
, $this->title
);
379 $this->assertEquals( [], $res );
381 $this->overrideUserPermissions( $this->user
, "move" );
382 $res = MediaWikiServices
::getInstance()->getPermissionManager()
383 ->getPermissionErrors( 'move-target', $this->user
, $this->title
);
384 $this->assertEquals( [], $res );
386 $this->setUser( 'anon' );
389 [ [ 'badaccess-groups', "*, [[$prefix:Users|Users]]", 2 ] ],
390 [ [ 'badaccess-group0' ] ],
397 "[[$prefix:Administrators|Administrators]]", 1 ],
400 [ [ 'badaccess-group0' ], [ 'protect-cantedit' ] ],
401 [ [ 'protect-cantedit' ] ],
404 '' => [ [], [], [], true ]
407 foreach ( [ "edit", "protect", "" ] as $action ) {
408 $this->overrideUserPermissions( $this->user
);
409 $this->assertEquals( $check[$action][0],
410 MediaWikiServices
::getInstance()->getPermissionManager()
411 ->getPermissionErrors( $action, $this->user
, $this->title
, true ) );
412 $this->assertEquals( $check[$action][0],
413 MediaWikiServices
::getInstance()->getPermissionManager()
414 ->getPermissionErrors( $action, $this->user
, $this->title
, 'full' ) );
415 $this->assertEquals( $check[$action][0],
416 MediaWikiServices
::getInstance()->getPermissionManager()
417 ->getPermissionErrors( $action, $this->user
, $this->title
, 'secure' ) );
419 global $wgGroupPermissions;
420 $old = $wgGroupPermissions;
421 $this->setMwGlobals( 'wgGroupPermissions', [] );
423 $this->assertEquals( $check[$action][1],
424 MediaWikiServices
::getInstance()->getPermissionManager()
425 ->getPermissionErrors( $action, $this->user
, $this->title
, true ) );
426 $this->assertEquals( $check[$action][1],
427 MediaWikiServices
::getInstance()->getPermissionManager()
428 ->getPermissionErrors( $action, $this->user
, $this->title
, 'full' ) );
429 $this->assertEquals( $check[$action][1],
430 MediaWikiServices
::getInstance()->getPermissionManager()
431 ->getPermissionErrors( $action, $this->user
, $this->title
, 'secure' ) );
432 $this->setMwGlobals( 'wgGroupPermissions', $old );
434 $this->overrideUserPermissions( $this->user
, $action );
435 $this->assertEquals( $check[$action][2],
436 MediaWikiServices
::getInstance()->getPermissionManager()
437 ->getPermissionErrors( $action, $this->user
, $this->title
, true ) );
438 $this->assertEquals( $check[$action][2],
439 MediaWikiServices
::getInstance()->getPermissionManager()
440 ->getPermissionErrors( $action, $this->user
, $this->title
, 'full' ) );
441 $this->assertEquals( $check[$action][2],
442 MediaWikiServices
::getInstance()->getPermissionManager()
443 ->getPermissionErrors( $action, $this->user
, $this->title
, 'secure' ) );
445 $this->overrideUserPermissions( $this->user
, $action );
446 $this->assertEquals( $check[$action][3],
447 MediaWikiServices
::getInstance()->getPermissionManager()
448 ->userCan( $action, $this->user
, $this->title
, true ) );
449 $this->assertEquals( $check[$action][3],
450 MediaWikiServices
::getInstance()->getPermissionManager()
451 ->quickUserCan( $action, $this->user
, $this->title
) );
452 # count( User::getGroupsWithPermissions( $action ) ) < 1
456 protected function runGroupPermissions( $perm, $action, $result, $result2 = null ) {
457 if ( $result2 === null ) {
461 $this->setGroupPermissions( 'autoconfirmed', 'move', false );
462 $this->setGroupPermissions( 'user', 'move', false );
463 $this->overrideUserPermissions( $this->user
, $perm );
464 $res = MediaWikiServices
::getInstance()->getPermissionManager()
465 ->getPermissionErrors( $action, $this->user
, $this->title
);
466 $this->assertEquals( $result, $res );
468 $this->setGroupPermissions( 'autoconfirmed', 'move', true );
469 $this->setGroupPermissions( 'user', 'move', false );
470 $this->overrideUserPermissions( $this->user
, $perm );
471 $res = MediaWikiServices
::getInstance()->getPermissionManager()
472 ->getPermissionErrors( $action, $this->user
, $this->title
);
473 $this->assertEquals( $result2, $res );
475 $this->setGroupPermissions( 'autoconfirmed', 'move', true );
476 $this->setGroupPermissions( 'user', 'move', true );
477 $this->overrideUserPermissions( $this->user
, $perm );
478 $res = MediaWikiServices
::getInstance()->getPermissionManager()
479 ->getPermissionErrors( $action, $this->user
, $this->title
);
480 $this->assertEquals( $result2, $res );
482 $this->setGroupPermissions( 'autoconfirmed', 'move', false );
483 $this->setGroupPermissions( 'user', 'move', true );
484 $this->overrideUserPermissions( $this->user
, $perm );
485 $res = MediaWikiServices
::getInstance()->getPermissionManager()
486 ->getPermissionErrors( $action, $this->user
, $this->title
);
487 $this->assertEquals( $result2, $res );
491 * @todo This test method should be split up into separate test methods and
493 * @covers MediaWiki\Permissions\PermissionManager::checkSpecialsAndNSPermissions
495 public function testSpecialsAndNSPermissions() {
496 $this->setUser( $this->userName
);
498 $this->setTitle( NS_SPECIAL
);
500 $this->assertEquals( [ [ 'badaccess-group0' ], [ 'ns-specialprotected' ] ],
501 MediaWikiServices
::getInstance()->getPermissionManager()
502 ->getPermissionErrors( 'bogus', $this->user
, $this->title
) );
504 $this->setTitle( NS_MAIN
);
505 $this->overrideUserPermissions( $this->user
, 'bogus' );
506 $this->assertEquals( [],
507 MediaWikiServices
::getInstance()->getPermissionManager()
508 ->getPermissionErrors( 'bogus', $this->user
, $this->title
) );
510 $this->setTitle( NS_MAIN
);
511 $this->overrideUserPermissions( $this->user
, '' );
512 $this->assertEquals( [ [ 'badaccess-group0' ] ],
513 MediaWikiServices
::getInstance()->getPermissionManager()
514 ->getPermissionErrors( 'bogus', $this->user
, $this->title
) );
516 $this->mergeMwGlobalArrayValue( 'wgNamespaceProtection', [
517 NS_USER
=> [ 'bogus' ]
519 $this->resetServices();
520 $this->overrideUserPermissions( $this->user
, '' );
522 $this->setTitle( NS_USER
);
523 $this->assertEquals( [ [ 'badaccess-group0' ],
524 [ 'namespaceprotected', 'User', 'bogus' ] ],
525 MediaWikiServices
::getInstance()->getPermissionManager()
526 ->getPermissionErrors( 'bogus', $this->user
, $this->title
) );
528 $this->setTitle( NS_MEDIAWIKI
);
529 $this->overrideUserPermissions( $this->user
, 'bogus' );
530 $this->assertEquals( [ [ 'protectedinterface', 'bogus' ] ],
531 MediaWikiServices
::getInstance()->getPermissionManager()
532 ->getPermissionErrors( 'bogus', $this->user
, $this->title
) );
534 $this->setTitle( NS_MEDIAWIKI
);
535 $this->overrideUserPermissions( $this->user
, 'bogus' );
536 $this->assertEquals( [ [ 'protectedinterface', 'bogus' ] ],
537 MediaWikiServices
::getInstance()->getPermissionManager()
538 ->getPermissionErrors( 'bogus', $this->user
, $this->title
) );
540 $this->setMwGlobals( 'wgNamespaceProtection', null );
541 $this->resetServices();
542 $this->overrideUserPermissions( $this->user
, 'bogus' );
544 $this->assertEquals( [],
545 MediaWikiServices
::getInstance()->getPermissionManager()
546 ->getPermissionErrors( 'bogus', $this->user
, $this->title
) );
547 $this->assertEquals( true,
548 MediaWikiServices
::getInstance()->getPermissionManager()
549 ->userCan( 'bogus', $this->user
, $this->title
) );
551 $this->overrideUserPermissions( $this->user
, '' );
552 $this->assertEquals( [ [ 'badaccess-group0' ] ],
553 MediaWikiServices
::getInstance()->getPermissionManager()
554 ->getPermissionErrors( 'bogus', $this->user
, $this->title
) );
555 $this->assertEquals( false,
556 MediaWikiServices
::getInstance()->getPermissionManager()
557 ->userCan( 'bogus', $this->user
, $this->title
) );
561 * @todo This test method should be split up into separate test methods and
563 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
565 public function testJsConfigEditPermissions() {
566 $this->setUser( $this->userName
);
568 $this->setTitle( NS_USER
, $this->userName
. '/test.js' );
569 $this->runConfigEditPermissions(
570 [ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
572 [ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
573 [ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
574 [ [ 'badaccess-group0' ] ],
576 [ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
577 [ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
578 [ [ 'badaccess-group0' ] ],
579 [ [ 'badaccess-groups' ] ]
584 * @todo This test method should be split up into separate test methods and
586 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
588 public function testJsonConfigEditPermissions() {
589 $prefix = MediaWikiServices
::getInstance()->getContentLanguage()->
590 getFormattedNsText( NS_PROJECT
);
591 $this->setUser( $this->userName
);
593 $this->setTitle( NS_USER
, $this->userName
. '/test.json' );
594 $this->runConfigEditPermissions(
595 [ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
597 [ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
598 [ [ 'badaccess-group0' ] ],
599 [ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
601 [ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
602 [ [ 'badaccess-group0' ] ],
603 [ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
604 [ [ 'badaccess-groups' ] ]
609 * @todo This test method should be split up into separate test methods and
611 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
613 public function testCssConfigEditPermissions() {
614 $this->setUser( $this->userName
);
616 $this->setTitle( NS_USER
, $this->userName
. '/test.css' );
617 $this->runConfigEditPermissions(
618 [ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
620 [ [ 'badaccess-group0' ] ],
621 [ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
622 [ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
624 [ [ 'badaccess-group0' ] ],
625 [ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
626 [ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
627 [ [ 'badaccess-groups' ] ]
632 * @todo This test method should be split up into separate test methods and
634 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
636 public function testOtherJsConfigEditPermissions() {
637 $this->setUser( $this->userName
);
639 $this->setTitle( NS_USER
, $this->altUserName
. '/test.js' );
640 $this->runConfigEditPermissions(
641 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
643 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
644 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
645 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
647 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
648 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
649 [ [ 'badaccess-group0' ] ],
650 [ [ 'badaccess-groups' ] ]
655 * @todo This test method should be split up into separate test methods and
657 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
659 public function testOtherJsonConfigEditPermissions() {
660 $this->setUser( $this->userName
);
662 $this->setTitle( NS_USER
, $this->altUserName
. '/test.json' );
663 $this->runConfigEditPermissions(
664 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
666 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
667 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
668 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
670 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
671 [ [ 'badaccess-group0' ] ],
672 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
673 [ [ 'badaccess-groups' ] ]
678 * @todo This test method should be split up into separate test methods and
680 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
682 public function testOtherCssConfigEditPermissions() {
683 $this->setUser( $this->userName
);
685 $this->setTitle( NS_USER
, $this->altUserName
. '/test.css' );
686 $this->runConfigEditPermissions(
687 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
689 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
690 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
691 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
693 [ [ 'badaccess-group0' ] ],
694 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
695 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
696 [ [ 'badaccess-groups' ] ]
700 public function testJsConfigRedirectEditPermissions() {
702 $user = $this->getTestUser()->getUser();
703 $otherUser = $this->getTestUser( 'sysop' )->getUser();
704 $localJsTitle = Title
::newFromText( 'User:' . $user->getName() . '/foo.js' );
705 $otherLocalJsTitle = Title
::newFromText( 'User:' . $user->getName() . '/foo2.js' );
706 $nonlocalJsTitle = Title
::newFromText( 'User:' . $otherUser->getName() . '/foo.js' );
708 $services = MediaWikiServices
::getInstance();
709 $revisionLookup = $this->getMockBuilder( RevisionLookup
::class )
710 ->setMethods( [ 'getRevisionByTitle' ] )
711 ->getMockForAbstractClass();
712 $revisionLookup->method( 'getRevisionByTitle' )
713 ->willReturnCallback( function ( LinkTarget
$page ) use (
714 $services, &$revision, $localJsTitle
716 if ( $localJsTitle->equals( Title
::newFromLinkTarget( $page ) ) ) {
719 return $services->getRevisionLookup()->getRevisionByTitle( $page );
722 $permissionManager = new PermissionManager(
723 new LoggedServiceOptions(
724 self
::$serviceOptionsAccessLog,
725 PermissionManager
::$constructorOptions,
727 'WhitelistRead' => [],
728 'WhitelistReadRegexp' => [],
729 'EmailConfirmToEdit' => false,
730 'BlockDisablesLogin' => false,
731 'GroupPermissions' => [],
732 'RevokePermissions' => [],
733 'AvailableRights' => [],
734 'NamespaceProtection' => [],
735 'RestrictionLevels' => []
738 $services->getSpecialPageFactory(),
740 MediaWikiServices
::getInstance()->getNamespaceInfo()
742 $this->setService( 'PermissionManager', $permissionManager );
744 $permissionManager->overrideUserRightsForTesting( $user, [ 'edit', 'editmyuserjs' ] );
746 $revision = $this->getJavascriptRevision( $localJsTitle, $user, '/* script */' );
747 $errors = $permissionManager->getPermissionErrors( 'edit', $user, $localJsTitle );
748 $this->assertSame( [], $errors );
750 $revision = $this->getJavascriptRedirectRevision( $localJsTitle, $otherLocalJsTitle, $user );
751 $errors = $permissionManager->getPermissionErrors( 'edit', $user, $localJsTitle );
752 $this->assertSame( [], $errors );
754 $revision = $this->getJavascriptRedirectRevision( $localJsTitle, $nonlocalJsTitle, $user );
755 $errors = $permissionManager->getPermissionErrors( 'edit', $user, $localJsTitle );
756 $this->assertSame( [ [ 'mycustomjsredirectprotected', 'edit' ] ], $errors );
758 $permissionManager->overrideUserRightsForTesting( $user,
759 [ 'edit', 'editmyuserjs', 'editmyuserjsredirect' ] );
761 $revision = $this->getJavascriptRedirectRevision( $localJsTitle, $nonlocalJsTitle, $user );
762 $errors = $permissionManager->getPermissionErrors( 'edit', $user, $localJsTitle );
763 $this->assertSame( [], $errors );
767 * @todo This test method should be split up into separate test methods and
769 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
771 public function testOtherNonConfigEditPermissions() {
772 $this->setUser( $this->userName
);
774 $this->setTitle( NS_USER
, $this->altUserName
. '/tempo' );
775 $this->runConfigEditPermissions(
776 [ [ 'badaccess-group0' ] ],
778 [ [ 'badaccess-group0' ] ],
779 [ [ 'badaccess-group0' ] ],
780 [ [ 'badaccess-group0' ] ],
782 [ [ 'badaccess-group0' ] ],
783 [ [ 'badaccess-group0' ] ],
784 [ [ 'badaccess-group0' ] ],
785 [ [ 'badaccess-groups' ] ]
790 * @todo This should use data providers like the other methods here.
791 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
793 public function testPatrolActionConfigEditPermissions() {
794 $this->setUser( 'anon' );
795 $this->setTitle( NS_USER
, 'ToPatrolOrNotToPatrol' );
796 $this->runConfigEditPermissions(
797 [ [ 'badaccess-group0' ] ],
799 [ [ 'badaccess-group0' ] ],
800 [ [ 'badaccess-group0' ] ],
801 [ [ 'badaccess-group0' ] ],
803 [ [ 'badaccess-group0' ] ],
804 [ [ 'badaccess-group0' ] ],
805 [ [ 'badaccess-group0' ] ],
806 [ [ 'badaccess-groups' ] ]
810 protected function runConfigEditPermissions(
820 $this->overrideUserPermissions( $this->user
);
821 $result = MediaWikiServices
::getInstance()->getPermissionManager()
822 ->getPermissionErrors( 'bogus', $this->user
, $this->title
);
823 $this->assertEquals( $resultNone, $result );
825 $this->overrideUserPermissions( $this->user
, 'editmyusercss' );
826 $result = MediaWikiServices
::getInstance()->getPermissionManager()
827 ->getPermissionErrors( 'bogus', $this->user
, $this->title
);
828 $this->assertEquals( $resultMyCss, $result );
830 $this->overrideUserPermissions( $this->user
, 'editmyuserjson' );
831 $result = MediaWikiServices
::getInstance()->getPermissionManager()
832 ->getPermissionErrors( 'bogus', $this->user
, $this->title
);
833 $this->assertEquals( $resultMyJson, $result );
835 $this->overrideUserPermissions( $this->user
, 'editmyuserjs' );
836 $result = MediaWikiServices
::getInstance()->getPermissionManager()
837 ->getPermissionErrors( 'bogus', $this->user
, $this->title
);
838 $this->assertEquals( $resultMyJs, $result );
840 $this->overrideUserPermissions( $this->user
, 'editusercss' );
841 $result = MediaWikiServices
::getInstance()->getPermissionManager()
842 ->getPermissionErrors( 'bogus', $this->user
, $this->title
);
843 $this->assertEquals( $resultUserCss, $result );
845 $this->overrideUserPermissions( $this->user
, 'edituserjson' );
846 $result = MediaWikiServices
::getInstance()->getPermissionManager()
847 ->getPermissionErrors( 'bogus', $this->user
, $this->title
);
848 $this->assertEquals( $resultUserJson, $result );
850 $this->overrideUserPermissions( $this->user
, 'edituserjs' );
851 $result = MediaWikiServices
::getInstance()->getPermissionManager()
852 ->getPermissionErrors( 'bogus', $this->user
, $this->title
);
853 $this->assertEquals( $resultUserJs, $result );
855 $this->overrideUserPermissions( $this->user
);
856 $result = MediaWikiServices
::getInstance()->getPermissionManager()
857 ->getPermissionErrors( 'patrol', $this->user
, $this->title
);
858 $this->assertEquals( reset( $resultPatrol[0] ), reset( $result[0] ) );
860 $this->overrideUserPermissions( $this->user
, [ 'edituserjs', 'edituserjson', 'editusercss' ] );
861 $result = MediaWikiServices
::getInstance()->getPermissionManager()
862 ->getPermissionErrors( 'bogus', $this->user
, $this->title
);
863 $this->assertEquals( [ [ 'badaccess-group0' ] ], $result );
867 * @todo This test method should be split up into separate test methods and
870 * This test is failing per T201776.
873 * @covers \MediaWiki\Permissions\PermissionManager::checkPageRestrictions
875 public function testPageRestrictions() {
876 $prefix = MediaWikiServices
::getInstance()->getContentLanguage()->
877 getFormattedNsText( NS_PROJECT
);
879 $this->setTitle( NS_MAIN
);
880 $this->title
->mRestrictionsLoaded
= true;
881 $this->overrideUserPermissions( $this->user
, "edit" );
882 $this->title
->mRestrictions
= [ "bogus" => [ 'bogus', "sysop", "protect", "" ] ];
884 $this->assertEquals( [],
885 MediaWikiServices
::getInstance()->getPermissionManager()
886 ->getPermissionErrors( 'edit', $this->user
, $this->title
) );
888 $this->assertEquals( true,
889 MediaWikiServices
::getInstance()->getPermissionManager()
890 ->quickUserCan( 'edit', $this->user
, $this->title
) );
892 $this->title
->mRestrictions
= [ "edit" => [ 'bogus', "sysop", "protect", "" ],
893 "bogus" => [ 'bogus', "sysop", "protect", "" ] ];
895 $this->assertEquals( [ [ 'badaccess-group0' ],
896 [ 'protectedpagetext', 'bogus', 'bogus' ],
897 [ 'protectedpagetext', 'editprotected', 'bogus' ],
898 [ 'protectedpagetext', 'protect', 'bogus' ] ],
899 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
900 'bogus', $this->user
, $this->title
) );
901 $this->assertEquals( [ [ 'protectedpagetext', 'bogus', 'edit' ],
902 [ 'protectedpagetext', 'editprotected', 'edit' ],
903 [ 'protectedpagetext', 'protect', 'edit' ] ],
904 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
905 'edit', $this->user
, $this->title
) );
906 $this->overrideUserPermissions( $this->user
);
907 $this->assertEquals( [ [ 'badaccess-group0' ],
908 [ 'protectedpagetext', 'bogus', 'bogus' ],
909 [ 'protectedpagetext', 'editprotected', 'bogus' ],
910 [ 'protectedpagetext', 'protect', 'bogus' ] ],
911 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
912 'bogus', $this->user
, $this->title
) );
913 $this->assertEquals( [ [ 'badaccess-groups', "*, [[$prefix:Users|Users]]", 2 ],
914 [ 'protectedpagetext', 'bogus', 'edit' ],
915 [ 'protectedpagetext', 'editprotected', 'edit' ],
916 [ 'protectedpagetext', 'protect', 'edit' ] ],
917 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
918 'edit', $this->user
, $this->title
) );
919 $this->overrideUserPermissions( $this->user
, [ "edit", "editprotected" ] );
920 $this->assertEquals( [ [ 'badaccess-group0' ],
921 [ 'protectedpagetext', 'bogus', 'bogus' ],
922 [ 'protectedpagetext', 'protect', 'bogus' ] ],
923 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
924 'bogus', $this->user
, $this->title
) );
925 $this->assertEquals( [
926 [ 'protectedpagetext', 'bogus', 'edit' ],
927 [ 'protectedpagetext', 'protect', 'edit' ] ],
928 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
929 'edit', $this->user
, $this->title
) );
931 $this->title
->mCascadeRestriction
= true;
932 $this->overrideUserPermissions( $this->user
, "edit" );
934 $this->assertEquals( false,
935 MediaWikiServices
::getInstance()->getPermissionManager()
936 ->quickUserCan( 'bogus', $this->user
, $this->title
) );
938 $this->assertEquals( false,
939 MediaWikiServices
::getInstance()->getPermissionManager()->quickUserCan(
940 'edit', $this->user
, $this->title
) );
942 $this->assertEquals( [ [ 'badaccess-group0' ],
943 [ 'protectedpagetext', 'bogus', 'bogus' ],
944 [ 'protectedpagetext', 'editprotected', 'bogus' ],
945 [ 'protectedpagetext', 'protect', 'bogus' ] ],
946 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
947 'bogus', $this->user
, $this->title
) );
948 $this->assertEquals( [ [ 'protectedpagetext', 'bogus', 'edit' ],
949 [ 'protectedpagetext', 'editprotected', 'edit' ],
950 [ 'protectedpagetext', 'protect', 'edit' ] ],
951 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
952 'edit', $this->user
, $this->title
) );
954 $this->overrideUserPermissions( $this->user
, [ "edit", "editprotected" ] );
955 $this->assertEquals( false,
956 MediaWikiServices
::getInstance()->getPermissionManager()->quickUserCan(
957 'bogus', $this->user
, $this->title
) );
959 $this->assertEquals( false,
960 MediaWikiServices
::getInstance()->getPermissionManager()->quickUserCan(
961 'edit', $this->user
, $this->title
) );
963 $this->assertEquals( [ [ 'badaccess-group0' ],
964 [ 'protectedpagetext', 'bogus', 'bogus' ],
965 [ 'protectedpagetext', 'protect', 'bogus' ],
966 [ 'protectedpagetext', 'protect', 'bogus' ] ],
967 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
968 'bogus', $this->user
, $this->title
) );
969 $this->assertEquals( [ [ 'protectedpagetext', 'bogus', 'edit' ],
970 [ 'protectedpagetext', 'protect', 'edit' ],
971 [ 'protectedpagetext', 'protect', 'edit' ] ],
972 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
973 'edit', $this->user
, $this->title
) );
977 * @covers \MediaWiki\Permissions\PermissionManager::checkCascadingSourcesRestrictions
979 public function testCascadingSourcesRestrictions() {
980 $this->setTitle( NS_MAIN
, "test page" );
981 $this->overrideUserPermissions( $this->user
, [ "edit", "bogus" ] );
983 $this->title
->mCascadeSources
= [
984 Title
::makeTitle( NS_MAIN
, "Bogus" ),
985 Title
::makeTitle( NS_MAIN
, "UnBogus" )
987 $this->title
->mCascadingRestrictions
= [
988 "bogus" => [ 'bogus', "sysop", "protect", "" ]
991 $this->assertEquals( false,
992 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
993 'bogus', $this->user
, $this->title
) );
994 $this->assertEquals( [
995 [ "cascadeprotected", 2, "* [[:Bogus]]\n* [[:UnBogus]]\n", 'bogus' ],
996 [ "cascadeprotected", 2, "* [[:Bogus]]\n* [[:UnBogus]]\n", 'bogus' ],
997 [ "cascadeprotected", 2, "* [[:Bogus]]\n* [[:UnBogus]]\n", 'bogus' ] ],
998 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
999 'bogus', $this->user
, $this->title
) );
1001 $this->assertEquals( true,
1002 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
1003 'edit', $this->user
, $this->title
) );
1004 $this->assertEquals( [],
1005 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
1006 'edit', $this->user
, $this->title
) );
1010 * @todo This test method should be split up into separate test methods and
1012 * @covers \MediaWiki\Permissions\PermissionManager::checkActionPermissions
1014 public function testActionPermissions() {
1015 $this->overrideUserPermissions( $this->user
, [ "createpage" ] );
1016 $this->setTitle( NS_MAIN
, "test page" );
1017 $this->title
->mTitleProtection
['permission'] = '';
1018 $this->title
->mTitleProtection
['user'] = $this->user
->getId();
1019 $this->title
->mTitleProtection
['expiry'] = 'infinity';
1020 $this->title
->mTitleProtection
['reason'] = 'test';
1021 $this->title
->mCascadeRestriction
= false;
1023 $this->assertEquals( [ [ 'titleprotected', 'Useruser', 'test' ] ],
1024 MediaWikiServices
::getInstance()->getPermissionManager()
1025 ->getPermissionErrors( 'create', $this->user
, $this->title
) );
1026 $this->assertEquals( false,
1027 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
1028 'create', $this->user
, $this->title
) );
1030 $this->title
->mTitleProtection
['permission'] = 'editprotected';
1031 $this->overrideUserPermissions( $this->user
, [ 'createpage', 'protect' ] );
1032 $this->assertEquals( [ [ 'titleprotected', 'Useruser', 'test' ] ],
1033 MediaWikiServices
::getInstance()->getPermissionManager()
1034 ->getPermissionErrors( 'create', $this->user
, $this->title
) );
1035 $this->assertEquals( false,
1036 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
1037 'create', $this->user
, $this->title
) );
1039 $this->overrideUserPermissions( $this->user
, [ 'createpage', 'editprotected' ] );
1040 $this->assertEquals( [],
1041 MediaWikiServices
::getInstance()->getPermissionManager()
1042 ->getPermissionErrors( 'create', $this->user
, $this->title
) );
1043 $this->assertEquals( true,
1044 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
1045 'create', $this->user
, $this->title
) );
1047 $this->overrideUserPermissions( $this->user
, [ 'createpage' ] );
1048 $this->assertEquals( [ [ 'titleprotected', 'Useruser', 'test' ] ],
1049 MediaWikiServices
::getInstance()->getPermissionManager()
1050 ->getPermissionErrors( 'create', $this->user
, $this->title
) );
1051 $this->assertEquals( false,
1052 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
1053 'create', $this->user
, $this->title
) );
1055 $this->setTitle( NS_MEDIA
, "test page" );
1056 $this->overrideUserPermissions( $this->user
, [ "move" ] );
1057 $this->assertEquals( false,
1058 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
1059 'move', $this->user
, $this->title
) );
1060 $this->assertEquals( [ [ 'immobile-source-namespace', 'Media' ] ],
1061 MediaWikiServices
::getInstance()->getPermissionManager()
1062 ->getPermissionErrors( 'move', $this->user
, $this->title
) );
1064 $this->setTitle( NS_HELP
, "test page" );
1065 $this->assertEquals( [],
1066 MediaWikiServices
::getInstance()->getPermissionManager()
1067 ->getPermissionErrors( 'move', $this->user
, $this->title
) );
1068 $this->assertEquals( true,
1069 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
1070 'move', $this->user
, $this->title
) );
1072 $this->title
->mInterwiki
= "no";
1073 $this->assertEquals( [ [ 'immobile-source-page' ] ],
1074 MediaWikiServices
::getInstance()->getPermissionManager()
1075 ->getPermissionErrors( 'move', $this->user
, $this->title
) );
1076 $this->assertEquals( false,
1077 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
1078 'move', $this->user
, $this->title
) );
1080 $this->setTitle( NS_MEDIA
, "test page" );
1081 $this->assertEquals( false,
1082 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
1083 'move-target', $this->user
, $this->title
) );
1084 $this->assertEquals( [ [ 'immobile-target-namespace', 'Media' ] ],
1085 MediaWikiServices
::getInstance()->getPermissionManager()
1086 ->getPermissionErrors( 'move-target', $this->user
, $this->title
) );
1088 $this->setTitle( NS_HELP
, "test page" );
1089 $this->assertEquals( [],
1090 MediaWikiServices
::getInstance()->getPermissionManager()
1091 ->getPermissionErrors( 'move-target', $this->user
, $this->title
) );
1092 $this->assertEquals( true,
1093 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
1094 'move-target', $this->user
, $this->title
) );
1096 $this->title
->mInterwiki
= "no";
1097 $this->assertEquals( [ [ 'immobile-target-page' ] ],
1098 MediaWikiServices
::getInstance()->getPermissionManager()
1099 ->getPermissionErrors( 'move-target', $this->user
, $this->title
) );
1100 $this->assertEquals( false,
1101 MediaWikiServices
::getInstance()->getPermissionManager()->userCan(
1102 'move-target', $this->user
, $this->title
) );
1106 * @covers \MediaWiki\Permissions\PermissionManager::checkUserBlock
1108 public function testUserBlock() {
1109 $this->setMwGlobals( [
1110 'wgEmailConfirmToEdit' => true,
1111 'wgEmailAuthentication' => true,
1112 'wgBlockDisablesLogin' => false,
1115 $this->overrideUserPermissions( $this->user
, [
1124 $this->setTitle( NS_HELP
, "test page" );
1126 # $wgEmailConfirmToEdit only applies to 'edit' action
1127 $this->assertEquals( [],
1128 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
1129 'move-target', $this->user
, $this->title
) );
1130 $this->assertContains( [ 'confirmedittext' ],
1131 MediaWikiServices
::getInstance()->getPermissionManager()
1132 ->getPermissionErrors( 'edit', $this->user
, $this->title
) );
1134 $this->setMwGlobals( 'wgEmailConfirmToEdit', false );
1135 $this->overrideUserPermissions( $this->user
, [
1145 $this->assertNotContains( [ 'confirmedittext' ],
1146 MediaWikiServices
::getInstance()->getPermissionManager()
1147 ->getPermissionErrors( 'edit', $this->user
, $this->title
) );
1149 # $wgEmailConfirmToEdit && !$user->isEmailConfirmed() && $action != 'createaccount'
1150 $this->assertEquals( [],
1151 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
1152 'move-target', $this->user
, $this->title
) );
1156 $now = time() +
120;
1157 $this->user
->mBlockedby
= $this->user
->getId();
1158 $this->user
->mBlock
= new DatabaseBlock( [
1159 'address' => '127.0.8.1',
1160 'by' => $this->user
->getId(),
1161 'reason' => 'no reason given',
1162 'timestamp' => $prev +
3600,
1166 $this->user
->mBlock
->setTimestamp( 0 );
1167 $this->assertEquals( [ [ 'autoblockedtext',
1168 "[[User:Useruser|\u{202A}Useruser\u{202C}]]", 'no reason given', '127.0.0.1',
1169 "\u{202A}Useruser\u{202C}", null, 'infinite', '127.0.8.1',
1170 $wgLang->timeanddate( wfTimestamp( TS_MW
, $prev ), true ) ] ],
1171 MediaWikiServices
::getInstance()->getPermissionManager()->getPermissionErrors(
1172 'move-target', $this->user
, $this->title
) );
1174 $this->assertEquals( false, MediaWikiServices
::getInstance()->getPermissionManager()
1175 ->userCan( 'move-target', $this->user
, $this->title
) );
1176 // quickUserCan should ignore user blocks
1177 $this->assertEquals( true, MediaWikiServices
::getInstance()->getPermissionManager()
1178 ->quickUserCan( 'move-target', $this->user
, $this->title
) );
1180 global $wgLocalTZoffset;
1181 $wgLocalTZoffset = -60;
1182 $this->user
->mBlockedby
= $this->user
->getName();
1183 $this->user
->mBlock
= new DatabaseBlock( [
1184 'address' => '127.0.8.1',
1185 'by' => $this->user
->getId(),
1186 'reason' => 'no reason given',
1187 'timestamp' => $now,
1191 $this->assertEquals( [ [ 'blockedtext',
1192 "[[User:Useruser|\u{202A}Useruser\u{202C}]]", 'no reason given', '127.0.0.1',
1193 "\u{202A}Useruser\u{202C}", null, '23:00, 31 December 1969', '127.0.8.1',
1194 $wgLang->timeanddate( wfTimestamp( TS_MW
, $now ), true ) ] ],
1195 MediaWikiServices
::getInstance()->getPermissionManager()
1196 ->getPermissionErrors( 'move-target', $this->user
, $this->title
) );
1197 # $action != 'read' && $action != 'createaccount' && $user->isBlockedFrom( $this )
1198 # $user->blockedFor() == ''
1199 # $user->mBlock->mExpiry == 'infinity'
1201 $this->user
->mBlockedby
= $this->user
->getName();
1202 $this->user
->mBlock
= new SystemBlock( [
1203 'address' => '127.0.8.1',
1204 'by' => $this->user
->getId(),
1205 'reason' => 'no reason given',
1206 'timestamp' => $now,
1208 'systemBlock' => 'test',
1211 $errors = [ [ 'systemblockedtext',
1212 "[[User:Useruser|\u{202A}Useruser\u{202C}]]", 'no reason given', '127.0.0.1',
1213 "\u{202A}Useruser\u{202C}", 'test', 'infinite', '127.0.8.1',
1214 $wgLang->timeanddate( wfTimestamp( TS_MW
, $now ), true ) ] ];
1216 $this->assertEquals( $errors,
1217 MediaWikiServices
::getInstance()->getPermissionManager()
1218 ->getPermissionErrors( 'edit', $this->user
, $this->title
) );
1219 $this->assertEquals( $errors,
1220 MediaWikiServices
::getInstance()->getPermissionManager()
1221 ->getPermissionErrors( 'move-target', $this->user
, $this->title
) );
1222 $this->assertEquals( $errors,
1223 MediaWikiServices
::getInstance()->getPermissionManager()
1224 ->getPermissionErrors( 'rollback', $this->user
, $this->title
) );
1225 $this->assertEquals( $errors,
1226 MediaWikiServices
::getInstance()->getPermissionManager()
1227 ->getPermissionErrors( 'patrol', $this->user
, $this->title
) );
1228 $this->assertEquals( $errors,
1229 MediaWikiServices
::getInstance()->getPermissionManager()
1230 ->getPermissionErrors( 'upload', $this->user
, $this->title
) );
1231 $this->assertEquals( [],
1232 MediaWikiServices
::getInstance()->getPermissionManager()
1233 ->getPermissionErrors( 'purge', $this->user
, $this->title
) );
1235 // partial block message test
1236 $this->user
->mBlockedby
= $this->user
->getName();
1237 $this->user
->mBlock
= new DatabaseBlock( [
1238 'address' => '127.0.8.1',
1239 'by' => $this->user
->getId(),
1240 'reason' => 'no reason given',
1241 'timestamp' => $now,
1242 'sitewide' => false,
1246 $this->assertEquals( [],
1247 MediaWikiServices
::getInstance()->getPermissionManager()
1248 ->getPermissionErrors( 'edit', $this->user
, $this->title
) );
1249 $this->assertEquals( [],
1250 MediaWikiServices
::getInstance()->getPermissionManager()
1251 ->getPermissionErrors( 'move-target', $this->user
, $this->title
) );
1252 $this->assertEquals( [],
1253 MediaWikiServices
::getInstance()->getPermissionManager()
1254 ->getPermissionErrors( 'rollback', $this->user
, $this->title
) );
1255 $this->assertEquals( [],
1256 MediaWikiServices
::getInstance()->getPermissionManager()
1257 ->getPermissionErrors( 'patrol', $this->user
, $this->title
) );
1258 $this->assertEquals( [],
1259 MediaWikiServices
::getInstance()->getPermissionManager()
1260 ->getPermissionErrors( 'upload', $this->user
, $this->title
) );
1261 $this->assertEquals( [],
1262 MediaWikiServices
::getInstance()->getPermissionManager()
1263 ->getPermissionErrors( 'purge', $this->user
, $this->title
) );
1265 $this->user
->mBlock
->setRestrictions( [
1266 ( new PageRestriction( 0, $this->title
->getArticleID() ) )->setTitle( $this->title
),
1269 $errors = [ [ 'blockedtext-partial',
1270 "[[User:Useruser|\u{202A}Useruser\u{202C}]]", 'no reason given', '127.0.0.1',
1271 "\u{202A}Useruser\u{202C}", null, '23:00, 31 December 1969', '127.0.8.1',
1272 $wgLang->timeanddate( wfTimestamp( TS_MW
, $now ), true ) ] ];
1274 $this->assertEquals( $errors,
1275 MediaWikiServices
::getInstance()->getPermissionManager()
1276 ->getPermissionErrors( 'edit', $this->user
, $this->title
) );
1277 $this->assertEquals( $errors,
1278 MediaWikiServices
::getInstance()->getPermissionManager()
1279 ->getPermissionErrors( 'move-target', $this->user
, $this->title
) );
1280 $this->assertEquals( $errors,
1281 MediaWikiServices
::getInstance()->getPermissionManager()
1282 ->getPermissionErrors( 'rollback', $this->user
, $this->title
) );
1283 $this->assertEquals( $errors,
1284 MediaWikiServices
::getInstance()->getPermissionManager()
1285 ->getPermissionErrors( 'patrol', $this->user
, $this->title
) );
1286 $this->assertEquals( [],
1287 MediaWikiServices
::getInstance()->getPermissionManager()
1288 ->getPermissionErrors( 'upload', $this->user
, $this->title
) );
1289 $this->assertEquals( [],
1290 MediaWikiServices
::getInstance()->getPermissionManager()
1291 ->getPermissionErrors( 'purge', $this->user
, $this->title
) );
1294 $this->user
->mBlockedby
= null;
1295 $this->user
->mBlock
= null;
1297 $this->assertEquals( [],
1298 MediaWikiServices
::getInstance()->getPermissionManager()
1299 ->getPermissionErrors( 'edit', $this->user
, $this->title
) );
1303 * @covers \MediaWiki\Permissions\PermissionManager::checkUserBlock
1305 * Tests to determine that the passed in permission does not get mixed up with
1306 * an action of the same name.
1308 public function testUserBlockAction() {
1311 $tester = $this->getMockBuilder( Action
::class )
1312 ->disableOriginalConstructor()
1314 $tester->method( 'getName' )
1315 ->willReturn( 'tester' );
1316 $tester->method( 'getRestriction' )
1317 ->willReturn( 'test' );
1318 $tester->method( 'requiresUnblock' )
1319 ->willReturn( false );
1321 $this->setMwGlobals( [
1323 'tester' => $tester,
1325 'wgGroupPermissions' => [
1333 $this->user
->mBlockedby
= $this->user
->getName();
1334 $this->user
->mBlock
= new DatabaseBlock( [
1335 'address' => '127.0.8.1',
1336 'by' => $this->user
->getId(),
1337 'reason' => 'no reason given',
1338 'timestamp' => $now,
1340 'expiry' => 'infinity',
1343 $errors = [ [ 'blockedtext',
1344 "[[User:Useruser|\u{202A}Useruser\u{202C}]]", 'no reason given', '127.0.0.1',
1345 "\u{202A}Useruser\u{202C}", null, 'infinite', '127.0.8.1',
1346 $wgLang->timeanddate( wfTimestamp( TS_MW
, $now ), true ) ] ];
1348 $this->assertEquals( $errors,
1349 MediaWikiServices
::getInstance()->getPermissionManager()
1350 ->getPermissionErrors( 'tester', $this->user
, $this->title
) );
1354 * @covers \MediaWiki\Permissions\PermissionManager::isBlockedFrom
1356 public function testBlockInstanceCache() {
1357 // First, check the user isn't blocked
1358 $user = $this->getMutableTestUser()->getUser();
1359 $ut = Title
::makeTitle( NS_USER_TALK
, $user->getName() );
1360 $this->assertNull( $user->getBlock( false ), 'sanity check' );
1361 //$this->assertSame( '', $user->blockedBy(), 'sanity check' );
1362 //$this->assertSame( '', $user->blockedFor(), 'sanity check' );
1363 //$this->assertFalse( (bool)$user->isHidden(), 'sanity check' );
1364 $this->assertFalse( MediaWikiServices
::getInstance()->getPermissionManager()
1365 ->isBlockedFrom( $user, $ut ), 'sanity check' );
1368 $blocker = $this->getTestSysop()->getUser();
1369 $block = new DatabaseBlock( [
1371 'allowUsertalk' => false,
1372 'reason' => 'Because',
1374 $block->setTarget( $user );
1375 $block->setBlocker( $blocker );
1376 $res = $block->insert();
1377 $this->assertTrue( (bool)$res['id'], 'sanity check: Failed to insert block' );
1379 // Clear cache and confirm it loaded the block properly
1380 $user->clearInstanceCache();
1381 $this->assertInstanceOf( DatabaseBlock
::class, $user->getBlock( false ) );
1382 //$this->assertSame( $blocker->getName(), $user->blockedBy() );
1383 //$this->assertSame( 'Because', $user->blockedFor() );
1384 //$this->assertTrue( (bool)$user->isHidden() );
1385 $this->assertTrue( MediaWikiServices
::getInstance()->getPermissionManager()
1386 ->isBlockedFrom( $user, $ut ) );
1391 // Clear cache and confirm it loaded the not-blocked properly
1392 $user->clearInstanceCache();
1393 $this->assertNull( $user->getBlock( false ) );
1394 //$this->assertSame( '', $user->blockedBy() );
1395 //$this->assertSame( '', $user->blockedFor() );
1396 //$this->assertFalse( (bool)$user->isHidden() );
1397 $this->assertFalse( MediaWikiServices
::getInstance()->getPermissionManager()
1398 ->isBlockedFrom( $user, $ut ) );
1402 * @covers \MediaWiki\Permissions\PermissionManager::isBlockedFrom
1403 * @dataProvider provideIsBlockedFrom
1404 * @param string|null $title Title to test.
1405 * @param bool $expect Expected result from User::isBlockedFrom()
1406 * @param array $options Additional test options:
1407 * - 'blockAllowsUTEdit': (bool, default true) Value for $wgBlockAllowsUTEdit
1408 * - 'allowUsertalk': (bool, default false) Passed to DatabaseBlock::__construct()
1409 * - 'pageRestrictions': (array|null) If non-empty, page restriction titles for the block.
1411 public function testIsBlockedFrom( $title, $expect, array $options = [] ) {
1412 $this->setMwGlobals( [
1413 'wgBlockAllowsUTEdit' => $options['blockAllowsUTEdit'] ??
true,
1416 $user = $this->getTestUser()->getUser();
1418 if ( $title === self
::USER_TALK_PAGE
) {
1419 $title = $user->getTalkPage();
1421 $title = Title
::newFromText( $title );
1425 foreach ( $options['pageRestrictions'] ??
[] as $pagestr ) {
1426 $page = $this->getExistingTestPage(
1427 $pagestr === self
::USER_TALK_PAGE ?
$user->getTalkPage() : $pagestr
1429 $restrictions[] = new PageRestriction( 0, $page->getId() );
1431 foreach ( $options['namespaceRestrictions'] ??
[] as $ns ) {
1432 $restrictions[] = new NamespaceRestriction( 0, $ns );
1435 $block = new DatabaseBlock( [
1436 'expiry' => wfTimestamp( TS_MW
, wfTimestamp() +
( 40 * 60 * 60 ) ),
1437 'allowUsertalk' => $options['allowUsertalk'] ??
false,
1438 'sitewide' => !$restrictions,
1440 $block->setTarget( $user );
1441 $block->setBlocker( $this->getTestSysop()->getUser() );
1442 if ( $restrictions ) {
1443 $block->setRestrictions( $restrictions );
1448 $this->assertSame( $expect, MediaWikiServices
::getInstance()->getPermissionManager()
1449 ->isBlockedFrom( $user, $title ) );
1455 public static function provideIsBlockedFrom() {
1457 'Sitewide block, basic operation' => [ 'Test page', true ],
1458 'Sitewide block, not allowing user talk' => [
1459 self
::USER_TALK_PAGE
, true, [
1460 'allowUsertalk' => false,
1463 'Sitewide block, allowing user talk' => [
1464 self
::USER_TALK_PAGE
, false, [
1465 'allowUsertalk' => true,
1468 'Sitewide block, allowing user talk but $wgBlockAllowsUTEdit is false' => [
1469 self
::USER_TALK_PAGE
, true, [
1470 'allowUsertalk' => true,
1471 'blockAllowsUTEdit' => false,
1474 'Partial block, blocking the page' => [
1475 'Test page', true, [
1476 'pageRestrictions' => [ 'Test page' ],
1479 'Partial block, not blocking the page' => [
1480 'Test page 2', false, [
1481 'pageRestrictions' => [ 'Test page' ],
1484 'Partial block, not allowing user talk but user talk page is not blocked' => [
1485 self
::USER_TALK_PAGE
, false, [
1486 'allowUsertalk' => false,
1487 'pageRestrictions' => [ 'Test page' ],
1490 'Partial block, allowing user talk but user talk page is blocked' => [
1491 self
::USER_TALK_PAGE
, true, [
1492 'allowUsertalk' => true,
1493 'pageRestrictions' => [ self
::USER_TALK_PAGE
],
1496 'Partial block, user talk page is not blocked but $wgBlockAllowsUTEdit is false' => [
1497 self
::USER_TALK_PAGE
, false, [
1498 'allowUsertalk' => false,
1499 'pageRestrictions' => [ 'Test page' ],
1500 'blockAllowsUTEdit' => false,
1503 'Partial block, user talk page is blocked and $wgBlockAllowsUTEdit is false' => [
1504 self
::USER_TALK_PAGE
, true, [
1505 'allowUsertalk' => true,
1506 'pageRestrictions' => [ self
::USER_TALK_PAGE
],
1507 'blockAllowsUTEdit' => false,
1510 'Partial user talk namespace block, not allowing user talk' => [
1511 self
::USER_TALK_PAGE
, true, [
1512 'allowUsertalk' => false,
1513 'namespaceRestrictions' => [ NS_USER_TALK
],
1516 'Partial user talk namespace block, allowing user talk' => [
1517 self
::USER_TALK_PAGE
, false, [
1518 'allowUsertalk' => true,
1519 'namespaceRestrictions' => [ NS_USER_TALK
],
1522 'Partial user talk namespace block, where $wgBlockAllowsUTEdit is false' => [
1523 self
::USER_TALK_PAGE
, true, [
1524 'allowUsertalk' => true,
1525 'namespaceRestrictions' => [ NS_USER_TALK
],
1526 'blockAllowsUTEdit' => false,
1533 * @covers \MediaWiki\Permissions\PermissionManager::getUserPermissions
1535 public function testGetUserPermissions() {
1536 $user = $this->getTestUser( [ 'unittesters' ] )->getUser();
1537 $rights = MediaWikiServices
::getInstance()->getPermissionManager()
1538 ->getUserPermissions( $user );
1539 $this->assertContains( 'runtest', $rights );
1540 $this->assertNotContains( 'writetest', $rights );
1541 $this->assertNotContains( 'modifytest', $rights );
1542 $this->assertNotContains( 'nukeworld', $rights );
1546 * @covers \MediaWiki\Permissions\PermissionManager::getUserPermissions
1548 public function testGetUserPermissionsHooks() {
1549 $user = $this->getTestUser( [ 'unittesters', 'testwriters' ] )->getUser();
1550 $userWrapper = TestingAccessWrapper
::newFromObject( $user );
1552 $rights = MediaWikiServices
::getInstance()
1553 ->getPermissionManager()
1554 ->getUserPermissions( $user );
1555 $this->assertContains( 'test', $rights, 'sanity check' );
1556 $this->assertContains( 'runtest', $rights, 'sanity check' );
1557 $this->assertContains( 'writetest', $rights, 'sanity check' );
1558 $this->assertNotContains( 'nukeworld', $rights, 'sanity check' );
1560 // Add a hook manipluating the rights
1561 $this->setTemporaryHook( 'UserGetRights', function ( $user, &$rights ) {
1562 $rights[] = 'nukeworld';
1563 $rights = array_diff( $rights, [ 'writetest' ] );
1566 $rights = MediaWikiServices
::getInstance()
1567 ->getPermissionManager()
1568 ->getUserPermissions( $user );
1569 $this->assertContains( 'test', $rights );
1570 $this->assertContains( 'runtest', $rights );
1571 $this->assertNotContains( 'writetest', $rights );
1572 $this->assertContains( 'nukeworld', $rights );
1574 // Add a Session that limits rights
1575 $mock = $this->getMockBuilder( stdClass
::class )
1576 ->setMethods( [ 'getAllowedUserRights', 'deregisterSession', 'getSessionId' ] )
1578 $mock->method( 'getAllowedUserRights' )->willReturn( [ 'test', 'writetest' ] );
1579 $mock->method( 'getSessionId' )->willReturn(
1580 new SessionId( str_repeat( 'X', 32 ) )
1582 $session = TestUtils
::getDummySession( $mock );
1583 $mockRequest = $this->getMockBuilder( FauxRequest
::class )
1584 ->setMethods( [ 'getSession' ] )
1586 $mockRequest->method( 'getSession' )->willReturn( $session );
1587 $userWrapper->mRequest
= $mockRequest;
1589 $this->resetServices();
1590 $rights = MediaWikiServices
::getInstance()
1591 ->getPermissionManager()
1592 ->getUserPermissions( $user );
1593 $this->assertContains( 'test', $rights );
1594 $this->assertNotContains( 'runtest', $rights );
1595 $this->assertNotContains( 'writetest', $rights );
1596 $this->assertNotContains( 'nukeworld', $rights );
1600 * @covers \MediaWiki\Permissions\PermissionManager::getGroupPermissions
1602 public function testGroupPermissions() {
1603 $rights = MediaWikiServices
::getInstance()->getPermissionManager()
1604 ->getGroupPermissions( [ 'unittesters' ] );
1605 $this->assertContains( 'runtest', $rights );
1606 $this->assertNotContains( 'writetest', $rights );
1607 $this->assertNotContains( 'modifytest', $rights );
1608 $this->assertNotContains( 'nukeworld', $rights );
1610 $rights = MediaWikiServices
::getInstance()->getPermissionManager()
1611 ->getGroupPermissions( [ 'unittesters', 'testwriters' ] );
1612 $this->assertContains( 'runtest', $rights );
1613 $this->assertContains( 'writetest', $rights );
1614 $this->assertContains( 'modifytest', $rights );
1615 $this->assertNotContains( 'nukeworld', $rights );
1619 * @covers \MediaWiki\Permissions\PermissionManager::getGroupPermissions
1621 public function testRevokePermissions() {
1622 $rights = MediaWikiServices
::getInstance()->getPermissionManager()
1623 ->getGroupPermissions( [ 'unittesters', 'formertesters' ] );
1624 $this->assertNotContains( 'runtest', $rights );
1625 $this->assertNotContains( 'writetest', $rights );
1626 $this->assertNotContains( 'modifytest', $rights );
1627 $this->assertNotContains( 'nukeworld', $rights );
1631 * @dataProvider provideGetGroupsWithPermission
1632 * @covers \MediaWiki\Permissions\PermissionManager::getGroupsWithPermission
1634 public function testGetGroupsWithPermission( $expected, $right ) {
1635 $result = MediaWikiServices
::getInstance()->getPermissionManager()
1636 ->getGroupsWithPermission( $right );
1640 $this->assertEquals( $expected, $result, "Groups with permission $right" );
1643 public static function provideGetGroupsWithPermission() {
1646 [ 'unittesters', 'testwriters' ],
1665 * @covers \MediaWiki\Permissions\PermissionManager::userHasRight
1667 public function testUserHasRight() {
1668 $result = MediaWikiServices
::getInstance()->getPermissionManager()->userHasRight(
1669 $this->getTestUser( 'unittesters' )->getUser(),
1672 $this->assertTrue( $result );
1674 $result = MediaWikiServices
::getInstance()->getPermissionManager()->userHasRight(
1675 $this->getTestUser( 'formertesters' )->getUser(),
1678 $this->assertFalse( $result );
1680 $result = MediaWikiServices
::getInstance()->getPermissionManager()->userHasRight(
1681 $this->getTestUser( 'formertesters' )->getUser(),
1684 $this->assertTrue( $result );
1688 * @covers \MediaWiki\Permissions\PermissionManager::groupHasPermission
1690 public function testGroupHasPermission() {
1691 $result = MediaWikiServices
::getInstance()->getPermissionManager()->groupHasPermission(
1695 $this->assertTrue( $result );
1697 $result = MediaWikiServices
::getInstance()->getPermissionManager()->groupHasPermission(
1701 $this->assertFalse( $result );
1705 * @covers \MediaWiki\Permissions\PermissionManager::isEveryoneAllowed
1707 public function testIsEveryoneAllowed() {
1708 $result = MediaWikiServices
::getInstance()->getPermissionManager()
1709 ->isEveryoneAllowed( 'editmyoptions' );
1710 $this->assertTrue( $result );
1712 $result = MediaWikiServices
::getInstance()->getPermissionManager()
1713 ->isEveryoneAllowed( 'test' );
1714 $this->assertFalse( $result );
1718 * @covers \MediaWiki\Permissions\PermissionManager::addTemporaryUserRights
1720 public function testAddTemporaryUserRights() {
1721 $permissionManager = MediaWikiServices
::getInstance()->getPermissionManager();
1722 $this->overrideUserPermissions( $this->user
, [ 'read', 'edit' ] );
1724 $this->assertEquals( [ 'read', 'edit' ], $permissionManager->getUserPermissions( $this->user
) );
1725 $this->assertFalse( $permissionManager->userHasRight( $this->user
, 'move' ) );
1727 $scope = $permissionManager->addTemporaryUserRights( $this->user
, [ 'move', 'delete' ] );
1728 $this->assertEquals( [ 'read', 'edit', 'move', 'delete' ],
1729 $permissionManager->getUserPermissions( $this->user
) );
1730 $this->assertTrue( $permissionManager->userHasRight( $this->user
, 'move' ) );
1732 $scope2 = $permissionManager->addTemporaryUserRights( $this->user
, [ 'delete', 'upload' ] );
1733 $this->assertEquals( [ 'read', 'edit', 'move', 'delete', 'upload' ],
1734 $permissionManager->getUserPermissions( $this->user
) );
1736 ScopedCallback
::consume( $scope );
1737 $this->assertEquals( [ 'read', 'edit', 'delete', 'upload' ],
1738 $permissionManager->getUserPermissions( $this->user
) );
1739 ScopedCallback
::consume( $scope2 );
1740 $this->assertEquals( [ 'read', 'edit' ],
1741 $permissionManager->getUserPermissions( $this->user
) );
1742 $this->assertFalse( $permissionManager->userHasRight( $this->user
, 'move' ) );
1744 ( function () use ( $permissionManager ) {
1745 $scope = $permissionManager->addTemporaryUserRights( $this->user
, 'move' );
1746 $this->assertTrue( $permissionManager->userHasRight( $this->user
, 'move' ) );
1748 $this->assertFalse( $permissionManager->userHasRight( $this->user
, 'move' ) );
1752 * Create a RevisionRecord with a single Javascript main slot.
1753 * @param Title $title
1755 * @param string $text
1756 * @return MutableRevisionRecord
1758 private function getJavascriptRevision( Title
$title, User
$user, $text ) {
1759 $content = ContentHandler
::makeContent( $text, $title, CONTENT_MODEL_JAVASCRIPT
);
1760 $revision = new MutableRevisionRecord( $title );
1761 $revision->setContent( 'main', $content );
1766 * Create a RevisionRecord with a single Javascript redirect main slot.
1767 * @param Title $title
1768 * @param Title $redirectTargetTitle
1770 * @return MutableRevisionRecord
1772 private function getJavascriptRedirectRevision(
1773 Title
$title, Title
$redirectTargetTitle, User
$user
1775 $content = ContentHandler
::getForModelID( CONTENT_MODEL_JAVASCRIPT
)
1776 ->makeRedirectContent( $redirectTargetTitle );
1777 $revision = new MutableRevisionRecord( $title );
1778 $revision->setContent( 'main', $content );
1782 public function provideGetRestrictionLevels() {
1784 'No namespace restriction' => [ [ '', 'autoconfirmed', 'sysop' ], NS_TALK
],
1785 'Restricted to autoconfirmed' => [ [ '', 'sysop' ], NS_MAIN
],
1786 'Restricted to sysop' => [ [ '' ], NS_USER
],
1787 'Restricted to someone in two groups' => [ [ '', 'sysop' ], 101 ],
1788 'No special permissions' => [
1793 'autoconfirmed' => [
1794 [ '', 'autoconfirmed' ],
1798 'autoconfirmed revoked' => [
1801 [ 'autoconfirmed', 'noeditsemiprotected' ]
1804 [ '', 'autoconfirmed', 'sysop' ],
1808 'sysop with autoconfirmed revoked (a bit silly)' => [
1811 [ 'sysop', 'noeditsemiprotected' ]
1817 * @dataProvider provideGetRestrictionLevels
1818 * @covers \MediaWiki\Permissions\PermissionManager::getNamespaceRestrictionLevels
1820 * @param array $expected
1822 * @param array|null $userGroups
1823 * @throws MWException
1825 public function testGetRestrictionLevels( array $expected, $ns, array $userGroups = null ) {
1826 $this->setMwGlobals( [
1827 'wgGroupPermissions' => [
1828 '*' => [ 'edit' => true ],
1829 'autoconfirmed' => [ 'editsemiprotected' => true ],
1831 'editsemiprotected' => true,
1832 'editprotected' => true,
1834 'privileged' => [ 'privileged' => true ],
1836 'wgRevokePermissions' => [
1837 'noeditsemiprotected' => [ 'editsemiprotected' => true ],
1839 'wgNamespaceProtection' => [
1840 NS_MAIN
=> 'autoconfirmed',
1842 101 => [ 'editsemiprotected', 'privileged' ],
1844 'wgRestrictionLevels' => [ '', 'autoconfirmed', 'sysop' ],
1845 'wgAutopromote' => []
1847 $user = is_null( $userGroups ) ?
null : $this->getTestUser( $userGroups )->getUser();
1848 $this->assertSame( $expected, MediaWikiServices
::getInstance()
1849 ->getPermissionManager()
1850 ->getNamespaceRestrictionLevels( $ns, $user ) );
1854 * @covers \MediaWiki\Permissions\PermissionManager::getAllPermissions
1856 public function testGetAllPermissions() {
1857 $this->setMwGlobals( [
1858 'wgAvailableRights' => [ 'test_right' ]
1860 $this->resetServices();
1861 $this->assertContains(
1863 MediaWikiServices
::getInstance()
1864 ->getPermissionManager()
1865 ->getAllPermissions()
1870 * @covers \MediaWiki\Permissions\PermissionManager::getRightsCacheKey
1871 * @throws \Exception
1873 public function testAnonPermissionsNotClash() {
1874 $user1 = User
::newFromName( 'User1' );
1875 $user2 = User
::newFromName( 'User2' );
1876 $pm = MediaWikiServices
::getInstance()->getPermissionManager();
1877 $pm->overrideUserRightsForTesting( $user2, [] );
1878 $this->assertNotSame( $pm->getUserPermissions( $user1 ), $pm->getUserPermissions( $user2 ) );
1882 * @covers \MediaWiki\Permissions\PermissionManager::getRightsCacheKey
1884 public function testAnonPermissionsNotClashOneRegistered() {
1885 $user1 = User
::newFromName( 'User1' );
1886 $user2 = $this->getTestSysop()->getUser();
1887 $pm = MediaWikiServices
::getInstance()->getPermissionManager();
1888 $this->assertNotSame( $pm->getUserPermissions( $user1 ), $pm->getUserPermissions( $user2 ) );