namespace MediaWiki\Tests\Permissions;
use Action;
+use ContentHandler;
use FauxRequest;
-use MediaWiki\Session\SessionId;
-use MediaWiki\Session\TestUtils;
-use MediaWikiLangTestCase;
-use RequestContext;
-use stdClass;
-use Title;
-use User;
+use LoggedServiceOptions;
use MediaWiki\Block\DatabaseBlock;
use MediaWiki\Block\Restriction\NamespaceRestriction;
use MediaWiki\Block\Restriction\PageRestriction;
use MediaWiki\Block\SystemBlock;
+use MediaWiki\Linker\LinkTarget;
use MediaWiki\MediaWikiServices;
use MediaWiki\Permissions\PermissionManager;
+use MediaWiki\Revision\MutableRevisionRecord;
+use MediaWiki\Revision\RevisionLookup;
+use TestAllServiceOptionsUsed;
use Wikimedia\ScopedCallback;
+use MediaWiki\Session\SessionId;
+use MediaWiki\Session\TestUtils;
+use MediaWikiLangTestCase;
+use RequestContext;
+use stdClass;
+use Title;
+use User;
use Wikimedia\TestingAccessWrapper;
/**
* @covers \MediaWiki\Permissions\PermissionManager
*/
class PermissionManagerTest extends MediaWikiLangTestCase {
+ use TestAllServiceOptionsUsed;
/**
* @var string
);
}
+ public function testJsConfigRedirectEditPermissions() {
+ $revision = null;
+ $user = $this->getTestUser()->getUser();
+ $otherUser = $this->getTestUser( 'sysop' )->getUser();
+ $localJsTitle = Title::newFromText( 'User:' . $user->getName() . '/foo.js' );
+ $otherLocalJsTitle = Title::newFromText( 'User:' . $user->getName() . '/foo2.js' );
+ $nonlocalJsTitle = Title::newFromText( 'User:' . $otherUser->getName() . '/foo.js' );
+
+ $services = MediaWikiServices::getInstance();
+ $revisionLookup = $this->getMockBuilder( RevisionLookup::class )
+ ->setMethods( [ 'getRevisionByTitle' ] )
+ ->getMockForAbstractClass();
+ $revisionLookup->method( 'getRevisionByTitle' )
+ ->willReturnCallback( function ( LinkTarget $page ) use (
+ $services, &$revision, $localJsTitle
+ ) {
+ if ( $localJsTitle->equals( Title::newFromLinkTarget( $page ) ) ) {
+ return $revision;
+ } else {
+ return $services->getRevisionLookup()->getRevisionByTitle( $page );
+ }
+ } );
+ $permissionManager = new PermissionManager(
+ new LoggedServiceOptions(
+ self::$serviceOptionsAccessLog,
+ PermissionManager::$constructorOptions,
+ [
+ 'WhitelistRead' => [],
+ 'WhitelistReadRegexp' => [],
+ 'EmailConfirmToEdit' => false,
+ 'BlockDisablesLogin' => false,
+ 'GroupPermissions' => [],
+ 'RevokePermissions' => [],
+ 'AvailableRights' => []
+ ]
+ ),
+ $services->getSpecialPageFactory(),
+ $revisionLookup,
+ MediaWikiServices::getInstance()->getNamespaceInfo()
+ );
+ $this->setService( 'PermissionManager', $permissionManager );
+
+ $permissionManager->overrideUserRightsForTesting( $user, [ 'edit', 'editmyuserjs' ] );
+
+ $revision = $this->getJavascriptRevision( $localJsTitle, $user, '/* script */' );
+ $errors = $permissionManager->getPermissionErrors( 'edit', $user, $localJsTitle );
+ $this->assertSame( [], $errors );
+
+ $revision = $this->getJavascriptRedirectRevision( $localJsTitle, $otherLocalJsTitle, $user );
+ $errors = $permissionManager->getPermissionErrors( 'edit', $user, $localJsTitle );
+ $this->assertSame( [], $errors );
+
+ $revision = $this->getJavascriptRedirectRevision( $localJsTitle, $nonlocalJsTitle, $user );
+ $errors = $permissionManager->getPermissionErrors( 'edit', $user, $localJsTitle );
+ $this->assertSame( [ [ 'mycustomjsredirectprotected', 'edit' ] ], $errors );
+
+ $permissionManager->overrideUserRightsForTesting( $user,
+ [ 'edit', 'editmyuserjs', 'editmyuserjsredirect' ] );
+
+ $revision = $this->getJavascriptRedirectRevision( $localJsTitle, $nonlocalJsTitle, $user );
+ $errors = $permissionManager->getPermissionErrors( 'edit', $user, $localJsTitle );
+ $this->assertSame( [], $errors );
+ }
+
/**
* @todo This test method should be split up into separate test methods and
* data providers
'auto' => true,
'expiry' => 0
] );
- $this->user->mBlock->mTimestamp = 0;
+ $this->user->mBlock->setTimestamp( 0 );
$this->assertEquals( [ [ 'autoblockedtext',
"[[User:Useruser|\u{202A}Useruser\u{202C}]]", 'no reason given', '127.0.0.1',
"\u{202A}Useruser\u{202C}", null, 'infinite', '127.0.8.1',
$user = $this->getTestUser( [ 'unittesters', 'testwriters' ] )->getUser();
$userWrapper = TestingAccessWrapper::newFromObject( $user );
- $rights = MediaWikiServices::getInstance()->getPermissionManager()
+ $rights = MediaWikiServices::getInstance()
+ ->getPermissionManager()
->getUserPermissions( $user );
$this->assertContains( 'test', $rights, 'sanity check' );
$this->assertContains( 'runtest', $rights, 'sanity check' );
$this->assertNotContains( 'nukeworld', $rights, 'sanity check' );
// Add a hook manipluating the rights
- $this->mergeMwGlobalArrayValue( 'wgHooks', [ 'UserGetRights' => [ function ( $user, &$rights ) {
+ $this->setTemporaryHook( 'UserGetRights', function ( $user, &$rights ) {
$rights[] = 'nukeworld';
$rights = array_diff( $rights, [ 'writetest' ] );
- } ] ] );
+ } );
$this->resetServices();
- $rights = MediaWikiServices::getInstance()->getPermissionManager()
+ $rights = MediaWikiServices::getInstance()
+ ->getPermissionManager()
->getUserPermissions( $user );
$this->assertContains( 'test', $rights );
$this->assertContains( 'runtest', $rights );
$userWrapper->mRequest = $mockRequest;
$this->resetServices();
- $rights = MediaWikiServices::getInstance()->getPermissionManager()
+ $rights = MediaWikiServices::getInstance()
+ ->getPermissionManager()
->getUserPermissions( $user );
$this->assertContains( 'test', $rights );
$this->assertNotContains( 'runtest', $rights );
$this->assertFalse( $permissionManager->userHasRight( $this->user, 'move' ) );
}
+ /**
+ * Create a RevisionRecord with a single Javascript main slot.
+ * @param Title $title
+ * @param User $user
+ * @param string $text
+ * @return MutableRevisionRecord
+ */
+ private function getJavascriptRevision( Title $title, User $user, $text ) {
+ $content = ContentHandler::makeContent( $text, $title, CONTENT_MODEL_JAVASCRIPT );
+ $revision = new MutableRevisionRecord( $title );
+ $revision->setContent( 'main', $content );
+ return $revision;
+ }
+
+ /**
+ * Create a RevisionRecord with a single Javascript redirect main slot.
+ * @param Title $title
+ * @param Title $redirectTargetTitle
+ * @param User $user
+ * @return MutableRevisionRecord
+ */
+ private function getJavascriptRedirectRevision(
+ Title $title, Title $redirectTargetTitle, User $user
+ ) {
+ $content = ContentHandler::getForModelID( CONTENT_MODEL_JAVASCRIPT )
+ ->makeRedirectContent( $redirectTargetTitle );
+ $revision = new MutableRevisionRecord( $title );
+ $revision->setContent( 'main', $content );
+ return $revision;
+ }
+
}