function wfImageAuthMain() {
global $wgImgAuthUrlPathMap;
+ $permissionManager = \MediaWiki\MediaWikiServices::getInstance()->getPermissionManager();
$request = RequestContext::getMain()->getRequest();
- $publicWiki = in_array( 'read', User::getGroupPermissions( [ '*' ] ), true );
+ $publicWiki = in_array( 'read', $permissionManager->getGroupPermissions( [ '*' ] ), true );
// Get the requested file path (source file or thumbnail)
$matches = WebRequest::getPathInfo();
// Check user authorization for this title
// Checks Whitelist too
- $permissionManager = \MediaWiki\MediaWikiServices::getInstance()->getPermissionManager();
if ( !$permissionManager->userCan( 'read', $user, $title ) ) {
wfForbidden( 'img-auth-accessdenied', 'img-auth-noread', $name );
* @file
*/
+use MediaWiki\MediaWikiServices;
+
/**
* This class checks if user can get extra rights
* because of conditions specified in $wgAutopromote
case APCOND_BLOCKED:
return $user->getBlock() && $user->getBlock()->isSitewide();
case APCOND_ISBOT:
- return in_array( 'bot', User::getGroupPermissions( $user->getGroups() ) );
+ return in_array( 'bot', MediaWikiServices::getInstance()
+ ->getPermissionManager()
+ ->getGroupPermissions( $user->getGroups() ) );
default:
$result = null;
Hooks::run( 'AutopromoteCondition', [ $cond[0],
* @param string|null $action Action that was denied or null if unknown
*/
public function showPermissionsErrorPage( array $errors, $action = null ) {
+ $services = MediaWikiServices::getInstance();
+ $permissionManager = $services->getPermissionManager();
foreach ( $errors as $key => $error ) {
$errors[$key] = (array)$error;
}
// 1. the user is not logged in
// 2. the only error is insufficient permissions (i.e. no block or something else)
// 3. the error can be avoided simply by logging in
+
if ( in_array( $action, [ 'read', 'edit', 'createpage', 'createtalk', 'upload' ] )
&& $this->getUser()->isAnon() && count( $errors ) == 1 && isset( $errors[0][0] )
&& ( $errors[0][0] == 'badaccess-groups' || $errors[0][0] == 'badaccess-group0' )
- && ( User::groupHasPermission( 'user', $action )
- || User::groupHasPermission( 'autoconfirmed', $action ) )
+ && ( $permissionManager->groupHasPermission( 'user', $action )
+ || $permissionManager->groupHasPermission( 'autoconfirmed', $action ) )
) {
$displayReturnto = null;
}
}
- $services = MediaWikiServices::getInstance();
-
$title = SpecialPage::getTitleFor( 'Userlogin' );
$linkRenderer = $services->getLinkRenderer();
$loginUrl = $title->getLinkURL( $query, false, PROTO_RELATIVE );
$this->prepareErrorPage( $this->msg( 'loginreqtitle' ) );
$this->addHTML( $this->msg( $msg )->rawParams( $loginLink )->params( $loginUrl )->parse() );
- $permissionManager = $services->getPermissionManager();
-
# Don't return to a page the user can't read otherwise
# we'll end up in a pointless loop
if ( $displayReturnto && $permissionManager->userCan(
$groups = array_map( function ( $group ) {
return $group == '*' ? 'all' : $group;
- }, User::getGroupsWithPermission( $right ) );
+ }, $this->getPermissionManager()->getGroupsWithPermission( $right ) );
$help['permissions'] .= Html::rawElement( 'dd', null,
$this->msg( 'api-help-permissions-granted-to' )
$this->addJoinConds( [ 'user_groups' => [
'LEFT JOIN',
[
- 'ug_group' => User::getGroupsWithPermission( 'bot' ),
+ 'ug_group' => $this->getPermissionManager()->getGroupsWithPermission( 'bot' ),
'ug_user = ' . $actorQuery['fields']['img_user'],
'ug_expiry IS NULL OR ug_expiry >= ' . $db->addQuotes( $db->timestamp() )
]
if ( !is_null( $params['rights'] ) && count( $params['rights'] ) ) {
$groups = [];
foreach ( $params['rights'] as $r ) {
- $groups = array_merge( $groups, User::getGroupsWithPermission( $r ) );
+ $groups = array_merge( $groups, $this->getPermissionManager()
+ ->getGroupsWithPermission( $r ) );
}
// no group with the given right(s) exists, no need for a query
}
if ( $fld_rights ) {
- $data['rights'] = User::getGroupPermissions( $groups );
+ $data['rights'] = $this->getPermissionManager()->getGroupPermissions( $groups );
ApiResult::setIndexedTagName( $data['rights'], 'r' );
ApiResult::setArrayType( $data['rights'], 'array' );
}
} elseif ( $params['rights'] ) {
$excludeGroups = false;
foreach ( $params['rights'] as $r ) {
- $limitGroups = array_merge( $limitGroups, User::getGroupsWithPermission( $r ) );
+ $limitGroups = array_merge( $limitGroups, $this->getPermissionManager()
+ ->getGroupsWithPermission( $r ) );
}
// If no group has the rights requested, no need to query
} elseif ( $params['excluderights'] ) {
$excludeGroups = true;
foreach ( $params['excluderights'] as $r ) {
- $limitGroups = array_merge( $limitGroups, User::getGroupsWithPermission( $r ) );
+ $limitGroups = array_merge( $limitGroups, $this->getPermissionManager()
+ ->getGroupsWithPermission( $r ) );
}
}
* @file
*/
+use MediaWiki\MediaWikiServices;
+
/**
* Show an error when a user tries to do something they do not have the necessary
* permissions for.
if ( !count( $errors ) ) {
$groups = [];
- foreach ( User::getGroupsWithPermission( $this->permission ) as $group ) {
+ foreach ( MediaWikiServices::getInstance()
+ ->getPermissionManager()
+ ->getGroupsWithPermission( $this->permission ) as $group ) {
$groups[] = UserGroupMembership::getLink( $group, RequestContext::getMain(), 'wiki' );
}
$request = $this->getRequest();
$pageurl = $title->getLocalURL();
$authManager = AuthManager::singleton();
+ $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
/* set up the default links for the personal toolbar */
$personal_urls = [];
];
// No need to show Talk and Contributions to anons if they can't contribute!
- if ( User::groupHasPermission( '*', 'edit' ) ) {
+ if ( $permissionManager->groupHasPermission( '*', 'edit' ) ) {
// Because of caching, we can't link directly to the IP talk and
// contributions pages. Instead we use the special page shortcuts
// (which work correctly regardless of caching). This means we can't
}
if ( $authManager->canAuthenticateNow() ) {
- $key = User::groupHasPermission( '*', 'read' )
+ $key = $permissionManager->groupHasPermission( '*', 'read' )
? 'login'
: 'login-private';
$personal_urls[$key] = $login_url;
*/
public function isRestricted() {
// DWIM: If anons can do something, then it is not restricted
- return $this->mRestriction != '' && !User::groupHasPermission( '*', $this->mRestriction );
+ return $this->mRestriction != '' && !MediaWikiServices::getInstance()
+ ->getPermissionManager()
+ ->groupHasPermission( '*', $this->mRestriction );
}
/**
}
public function isRestricted() {
- return !User::groupHasPermission( '*', 'createaccount' );
+ return !MediaWikiServices::getInstance()
+ ->getPermissionManager()
+ ->groupHasPermission( '*', 'createaccount' );
}
public function userCanExecute( User $user ) {
* @ingroup SpecialPage
*/
+use MediaWiki\MediaWikiServices;
+
/**
* A special page that list newly created pages
*
}
// Disable some if needed
- if ( !User::groupHasPermission( '*', 'createpage' ) ) {
+ if ( !MediaWikiServices::getInstance()->getPermissionManager()
+ ->groupHasPermission( '*', 'createpage' )
+ ) {
unset( $filters['hideliu'] );
}
if ( !$this->getUser()->useNPPatrol() ) {
$queryInfo['conds'][] = $revQuery['fields']['rev_user'] . ' >' . (int)( $max - $max / 100 );
# ignore local groups with the bot right
# @todo FIXME: Global groups may have 'bot' rights
- $groupsWithBotPermission = User::getGroupsWithPermission( 'bot' );
+ $groupsWithBotPermission = MediaWikiServices::getInstance()
+ ->getPermissionManager()
+ ->getGroupsWithPermission( 'bot' );
if ( count( $groupsWithBotPermission ) ) {
$queryInfo['tables'][] = 'user_groups';
$queryInfo['conds'][] = 'ug_group IS NULL';
}
if ( !$opts->getValue( 'showbots' ) ) {
- $groupsWithBotPermission = User::getGroupsWithPermission( 'bot' );
+ $groupsWithBotPermission = MediaWikiServices::getInstance()
+ ->getPermissionManager()
+ ->getGroupsWithPermission( 'bot' );
if ( count( $groupsWithBotPermission ) ) {
$dbr = wfGetDB( DB_REPLICA );
$conds[] = ActorMigration::newMigration()->getWhere(
$this->mDb, 'rc_user', User::newFromName( $user->getText(), false ), false
)['conds'];
- } elseif ( User::groupHasPermission( '*', 'createpage' ) &&
+ } elseif ( MediaWikiServices::getInstance()
+ ->getPermissionManager()
+ ->groupHasPermission( '*', 'createpage' ) &&
$this->opts->getValue( 'hideliu' )
) {
# If anons cannot make new pages, don't "exclude logged in users"!
global $wgLang;
$groups = [];
- foreach ( self::getGroupsWithPermission( $permission ) as $group ) {
+ foreach ( MediaWikiServices::getInstance()
+ ->getPermissionManager()
+ ->getGroupsWithPermission( $permission ) as $group ) {
$groups[] = UserGroupMembership::getLink( $group, RequestContext::getMain(), 'wiki' );
}
# @NOTE: users with 'bot' rights choose when edits are bot edits or not. That information
# may be lost at this point (aside from joining on the patrol log table entries).
$botgroups = [ 'bot' ];
- $autopatrolgroups = $wgUseRCPatrol ? User::getGroupsWithPermission( 'autopatrol' ) : [];
+ $autopatrolgroups = $wgUseRCPatrol ? MediaWikiServices::getInstance()
+ ->getPermissionManager()
+ ->getGroupsWithPermission( 'autopatrol' ) : [];
# Flag our recent bot edits
if ( $botgroups ) {
*/
function wfStreamThumb( array $params ) {
global $wgVaryOnXFP;
+ $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
$headers = []; // HTTP headers to send
// Check permissions if there are read restrictions
$varyHeader = [];
- if ( !in_array( 'read', User::getGroupPermissions( [ '*' ] ), true ) ) {
+ if ( !in_array( 'read', $permissionManager->getGroupPermissions( [ '*' ] ), true ) ) {
$user = RequestContext::getMain()->getUser();
- $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
$imgTitle = $img->getTitle();
if ( !$imgTitle || !$permissionManager->userCan( 'read', $user, $imgTitle ) ) {