288 行
8.3 KiB
PHP
288 行
8.3 KiB
PHP
<?php
|
|
|
|
/**
|
|
* API userrights module
|
|
*
|
|
* Copyright © 2009 Roan Kattouw <roan.kattouw@gmail.com>
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License along
|
|
* with this program; if not, write to the Free Software Foundation, Inc.,
|
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
* http://www.gnu.org/copyleft/gpl.html
|
|
*
|
|
* @file
|
|
*/
|
|
|
|
use MediaWiki\MainConfigNames;
|
|
use MediaWiki\ParamValidator\TypeDef\UserDef;
|
|
use MediaWiki\Permissions\Authority;
|
|
use MediaWiki\Specials\SpecialUserRights;
|
|
use MediaWiki\Title\Title;
|
|
use MediaWiki\User\UserGroupManager;
|
|
use MediaWiki\User\UserIdentity;
|
|
use MediaWiki\User\UserOptionsLookup;
|
|
use MediaWiki\Watchlist\WatchlistManager;
|
|
use Wikimedia\ParamValidator\ParamValidator;
|
|
use Wikimedia\ParamValidator\TypeDef\ExpiryDef;
|
|
|
|
/**
|
|
* @ingroup API
|
|
*/
|
|
class ApiUserrights extends ApiBase {
|
|
|
|
use ApiWatchlistTrait;
|
|
|
|
/** @var UserIdentity|null */
|
|
private $mUser = null;
|
|
|
|
private UserGroupManager $userGroupManager;
|
|
private WatchedItemStoreInterface $watchedItemStore;
|
|
|
|
/**
|
|
* @param ApiMain $mainModule
|
|
* @param string $moduleName
|
|
* @param UserGroupManager $userGroupManager
|
|
* @param WatchedItemStoreInterface $watchedItemStore
|
|
* @param WatchlistManager $watchlistManager
|
|
* @param UserOptionsLookup $userOptionsLookup
|
|
*/
|
|
public function __construct(
|
|
ApiMain $mainModule,
|
|
$moduleName,
|
|
UserGroupManager $userGroupManager,
|
|
WatchedItemStoreInterface $watchedItemStore,
|
|
WatchlistManager $watchlistManager,
|
|
UserOptionsLookup $userOptionsLookup
|
|
) {
|
|
parent::__construct( $mainModule, $moduleName );
|
|
$this->userGroupManager = $userGroupManager;
|
|
$this->watchedItemStore = $watchedItemStore;
|
|
|
|
// Variables needed in ApiWatchlistTrait trait
|
|
$this->watchlistExpiryEnabled = $this->getConfig()->get( MainConfigNames::WatchlistExpiry );
|
|
$this->watchlistMaxDuration =
|
|
$this->getConfig()->get( MainConfigNames::WatchlistExpiryMaxDuration );
|
|
$this->watchlistManager = $watchlistManager;
|
|
$this->userOptionsLookup = $userOptionsLookup;
|
|
}
|
|
|
|
public function execute() {
|
|
$pUser = $this->getUser();
|
|
|
|
// Deny if the user is blocked and doesn't have the full 'userrights' permission.
|
|
// This matches what Special:UserRights does for the web UI.
|
|
if ( !$this->getAuthority()->isAllowed( 'userrights' ) ) {
|
|
$block = $pUser->getBlock( Authority::READ_LATEST );
|
|
if ( $block && $block->isSitewide() ) {
|
|
$this->dieBlocked( $block );
|
|
}
|
|
}
|
|
|
|
$params = $this->extractRequestParams();
|
|
|
|
// Figure out expiry times from the input
|
|
$expiry = (array)$params['expiry'];
|
|
$add = (array)$params['add'];
|
|
if ( !$add ) {
|
|
$expiry = [];
|
|
} elseif ( count( $expiry ) !== count( $add ) ) {
|
|
if ( count( $expiry ) === 1 ) {
|
|
$expiry = array_fill( 0, count( $add ), $expiry[0] );
|
|
} else {
|
|
$this->dieWithError( [
|
|
'apierror-toofewexpiries',
|
|
count( $expiry ),
|
|
count( $add )
|
|
] );
|
|
}
|
|
}
|
|
|
|
// Validate the expiries
|
|
$groupExpiries = [];
|
|
foreach ( $expiry as $index => $expiryValue ) {
|
|
$group = $add[$index];
|
|
$groupExpiries[$group] = SpecialUserRights::expiryToTimestamp( $expiryValue );
|
|
|
|
if ( $groupExpiries[$group] === false ) {
|
|
$this->dieWithError( [ 'apierror-invalidexpiry', wfEscapeWikiText( $expiryValue ) ] );
|
|
}
|
|
|
|
// not allowed to have things expiring in the past
|
|
if ( $groupExpiries[$group] && $groupExpiries[$group] < wfTimestampNow() ) {
|
|
$this->dieWithError( [ 'apierror-pastexpiry', wfEscapeWikiText( $expiryValue ) ] );
|
|
}
|
|
}
|
|
|
|
$user = $this->getUrUser( $params );
|
|
|
|
$tags = $params['tags'];
|
|
|
|
// Check if user can add tags
|
|
if ( $tags !== null ) {
|
|
$ableToTag = ChangeTags::canAddTagsAccompanyingChange( $tags, $this->getAuthority() );
|
|
if ( !$ableToTag->isOK() ) {
|
|
$this->dieStatus( $ableToTag );
|
|
}
|
|
}
|
|
|
|
$form = new SpecialUserRights();
|
|
$form->setContext( $this->getContext() );
|
|
$r = [];
|
|
$r['user'] = $user->getName();
|
|
$r['userid'] = $user->getId( $user->getWikiId() );
|
|
[ $r['added'], $r['removed'] ] = $form->doSaveUserGroups(
|
|
// Don't pass null to doSaveUserGroups() for array params, cast to empty array
|
|
$user, $add, (array)$params['remove'],
|
|
$params['reason'], (array)$tags, $groupExpiries
|
|
);
|
|
|
|
$watchlistExpiry = $this->getExpiryFromParams( $params );
|
|
$watchuser = $params['watchuser'];
|
|
$userPage = Title::makeTitle( NS_USER, $user->getName() );
|
|
if ( $watchuser && $user->getWikiId() === UserIdentity::LOCAL ) {
|
|
$this->setWatch( 'watch', $userPage, $this->getUser(), null, $watchlistExpiry );
|
|
} else {
|
|
$watchuser = false;
|
|
$watchlistExpiry = null;
|
|
}
|
|
$r['watchuser'] = $watchuser;
|
|
if ( $watchlistExpiry !== null ) {
|
|
$r['watchlistexpiry'] = $this->getWatchlistExpiry(
|
|
$this->watchedItemStore,
|
|
$userPage,
|
|
$this->getUser()
|
|
);
|
|
}
|
|
|
|
$result = $this->getResult();
|
|
ApiResult::setIndexedTagName( $r['added'], 'group' );
|
|
ApiResult::setIndexedTagName( $r['removed'], 'group' );
|
|
$result->addValue( null, $this->getModuleName(), $r );
|
|
}
|
|
|
|
/**
|
|
* @param array $params
|
|
* @return UserIdentity
|
|
*/
|
|
private function getUrUser( array $params ) {
|
|
if ( $this->mUser !== null ) {
|
|
return $this->mUser;
|
|
}
|
|
|
|
$this->requireOnlyOneParameter( $params, 'user', 'userid' );
|
|
|
|
$user = $params['user'] ?? '#' . $params['userid'];
|
|
|
|
$form = new SpecialUserRights();
|
|
$form->setContext( $this->getContext() );
|
|
$status = $form->fetchUser( $user );
|
|
if ( !$status->isOK() ) {
|
|
$this->dieStatus( $status );
|
|
}
|
|
|
|
$this->mUser = $status->value;
|
|
|
|
return $status->value;
|
|
}
|
|
|
|
public function mustBePosted() {
|
|
return true;
|
|
}
|
|
|
|
public function isWriteMode() {
|
|
return true;
|
|
}
|
|
|
|
public function getAllowedParams( $flags = 0 ) {
|
|
$allGroups = $this->userGroupManager->listAllGroups();
|
|
|
|
if ( $flags & ApiBase::GET_VALUES_FOR_HELP ) {
|
|
sort( $allGroups );
|
|
}
|
|
|
|
$params = [
|
|
'user' => [
|
|
ParamValidator::PARAM_TYPE => 'user',
|
|
UserDef::PARAM_ALLOWED_USER_TYPES => [ 'name', 'id' ],
|
|
],
|
|
'userid' => [
|
|
ParamValidator::PARAM_TYPE => 'integer',
|
|
ParamValidator::PARAM_DEPRECATED => true,
|
|
],
|
|
'add' => [
|
|
ParamValidator::PARAM_TYPE => $allGroups,
|
|
ParamValidator::PARAM_ISMULTI => true
|
|
],
|
|
'expiry' => [
|
|
ParamValidator::PARAM_ISMULTI => true,
|
|
ParamValidator::PARAM_ALLOW_DUPLICATES => true,
|
|
ParamValidator::PARAM_DEFAULT => 'infinite',
|
|
],
|
|
'remove' => [
|
|
ParamValidator::PARAM_TYPE => $allGroups,
|
|
ParamValidator::PARAM_ISMULTI => true
|
|
],
|
|
'reason' => [
|
|
ParamValidator::PARAM_DEFAULT => ''
|
|
],
|
|
'token' => [
|
|
// Standard definition automatically inserted
|
|
ApiBase::PARAM_HELP_MSG_APPEND => [ 'api-help-param-token-webui' ],
|
|
],
|
|
'tags' => [
|
|
ParamValidator::PARAM_TYPE => 'tags',
|
|
ParamValidator::PARAM_ISMULTI => true
|
|
],
|
|
'watchuser' => false,
|
|
];
|
|
|
|
// Params appear in the docs in the order they are defined,
|
|
// which is why this is here and not at the bottom.
|
|
// @todo Find better way to support insertion at arbitrary position
|
|
if ( $this->watchlistExpiryEnabled ) {
|
|
$params += [
|
|
'watchlistexpiry' => [
|
|
ParamValidator::PARAM_TYPE => 'expiry',
|
|
ExpiryDef::PARAM_MAX => $this->watchlistMaxDuration,
|
|
ExpiryDef::PARAM_USE_MAX => true,
|
|
]
|
|
];
|
|
}
|
|
|
|
return $params;
|
|
}
|
|
|
|
public function needsToken() {
|
|
return 'userrights';
|
|
}
|
|
|
|
protected function getWebUITokenSalt( array $params ) {
|
|
return $this->getUrUser( $params )->getName();
|
|
}
|
|
|
|
protected function getExamplesMessages() {
|
|
return [
|
|
'action=userrights&user=FooBot&add=bot&remove=sysop|bureaucrat&token=123ABC'
|
|
=> 'apihelp-userrights-example-user',
|
|
'action=userrights&userid=123&add=bot&remove=sysop|bureaucrat&token=123ABC'
|
|
=> 'apihelp-userrights-example-userid',
|
|
'action=userrights&user=SometimeSysop&add=sysop&expiry=1%20month&token=123ABC'
|
|
=> 'apihelp-userrights-example-expiry',
|
|
];
|
|
}
|
|
|
|
public function getHelpUrls() {
|
|
return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:User_group_membership';
|
|
}
|
|
}
|