diff options
| author | Petr Pchelko <ppchelko@wikimedia.org> | 2019-08-20 19:01:06 -0700 |
|---|---|---|
| committer | Petr Pchelko <ppchelko@wikimedia.org> | 2019-09-11 16:00:03 -0700 |
| commit | 7b4eafda0d986180d20f37f2489b70e8eca00df4 (patch) | |
| tree | fd0179afe8958ff2546a47dae6d618c6357dcac3 | |
| parent | f379b3f897d54623b6bb8e62fabdb64a7a6a6158 (diff) | |
| download | mediawikicore-7b4eafda0d986180d20f37f2489b70e8eca00df4.tar.gz mediawikicore-7b4eafda0d986180d20f37f2489b70e8eca00df4.zip | |
Replace usages of deprecated User::isAllowed. Step 2.
Bug: T220191
Depends-On: I509cd88355cfd0cc074f4135ec86399b4075f89f
Change-Id: I2341e6f1d108c92924620fba3c64ec090cb09918
68 files changed, 497 insertions, 212 deletions
diff --git a/includes/Revision/RevisionRecord.php b/includes/Revision/RevisionRecord.php index ff9ac579e8d0..759180a98408 100644 --- a/includes/Revision/RevisionRecord.php +++ b/includes/Revision/RevisionRecord.php @@ -531,8 +531,6 @@ abstract class RevisionRecord { $text = $title->getPrefixedText(); wfDebug( "Checking for $permissionlist on $text due to $field match on $bitfield\n" ); - $permissionManager = MediaWikiServices::getInstance()->getPermissionManager(); - foreach ( $permissions as $perm ) { if ( $permissionManager->userCan( $perm, $user, $title ) ) { return true; diff --git a/includes/Storage/DerivedPageDataUpdater.php b/includes/Storage/DerivedPageDataUpdater.php index 4903cf00950f..b2c003ab4c2a 100644 --- a/includes/Storage/DerivedPageDataUpdater.php +++ b/includes/Storage/DerivedPageDataUpdater.php @@ -1531,7 +1531,9 @@ class DerivedPageDataUpdater implements IDBAccessObject, LoggerAwareInterface { if ( $this->options['changed'] && $title->getNamespace() == NS_USER_TALK && $shortTitle != $legacyUser->getTitleKey() - && !( $this->revision->isMinor() && $legacyUser->isAllowed( 'nominornewtalk' ) ) + && !( $this->revision->isMinor() && MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $legacyUser, 'nominornewtalk' ) ) ) { $recipient = User::newFromName( $shortTitle, false ); if ( !$recipient ) { diff --git a/includes/actions/InfoAction.php b/includes/actions/InfoAction.php index 207721e58333..9a8949f587c5 100644 --- a/includes/actions/InfoAction.php +++ b/includes/actions/InfoAction.php @@ -280,11 +280,10 @@ class InfoAction extends FormlessAction { // Language in which the page content is (supposed to be) written $pageLang = $title->getPageLanguage()->getCode(); - $permissionManager = $services->getPermissionManager(); - $pageLangHtml = $pageLang . ' - ' . Language::fetchLanguageName( $pageLang, $lang->getCode() ); // Link to Special:PageLanguage with pre-filled page title if user has permissions + $permissionManager = $services->getPermissionManager(); if ( $config->get( 'PageLanguageUseDB' ) && $permissionManager->userCan( 'pagelang', $user, $title ) ) { @@ -344,8 +343,7 @@ class InfoAction extends FormlessAction { ]; $unwatchedPageThreshold = $config->get( 'UnwatchedPageThreshold' ); - if ( - $services->getPermissionManager()->userHasRight( $user, 'unwatchedpages' ) || + if ( $permissionManager->userHasRight( $user, 'unwatchedpages' ) || ( $unwatchedPageThreshold !== false && $pageCounts['watchers'] >= $unwatchedPageThreshold ) ) { @@ -360,7 +358,7 @@ class InfoAction extends FormlessAction { ) { $minToDisclose = $config->get( 'UnwatchedPageSecret' ); if ( $pageCounts['visitingWatchers'] > $minToDisclose || - $services->getPermissionManager()->userHasRight( $user, 'unwatchedpages' ) ) { + $permissionManager->userHasRight( $user, 'unwatchedpages' ) ) { $pageInfo['header-basic'][] = [ $this->msg( 'pageinfo-visiting-watchers' ), $lang->formatNum( $pageCounts['visitingWatchers'] ) diff --git a/includes/api/ApiResetPassword.php b/includes/api/ApiResetPassword.php index 77838269b493..6b1c217017f3 100644 --- a/includes/api/ApiResetPassword.php +++ b/includes/api/ApiResetPassword.php @@ -21,6 +21,7 @@ */ use MediaWiki\Auth\AuthManager; +use MediaWiki\MediaWikiServices; /** * Reset password, with AuthManager @@ -63,7 +64,11 @@ class ApiResetPassword extends ApiBase { $this->requireOnlyOneParameter( $params, 'user', 'email' ); - $passwordReset = new PasswordReset( $this->getConfig(), AuthManager::singleton() ); + $passwordReset = new PasswordReset( + $this->getConfig(), + AuthManager::singleton(), + MediaWikiServices::getInstance()->getPermissionManager() + ); $status = $passwordReset->isAllowed( $this->getUser() ); if ( !$status->isOK() ) { diff --git a/includes/logging/BlockLogFormatter.php b/includes/logging/BlockLogFormatter.php index d27643ce0d53..d49e3c5710d8 100644 --- a/includes/logging/BlockLogFormatter.php +++ b/includes/logging/BlockLogFormatter.php @@ -22,6 +22,8 @@ * @since 1.25 */ +use MediaWiki\MediaWikiServices; + /** * This class formats block log entries. * @@ -138,7 +140,9 @@ class BlockLogFormatter extends LogFormatter { $linkRenderer = $this->getLinkRenderer(); if ( $this->entry->isDeleted( LogPage::DELETED_ACTION ) // Action is hidden || !( $subtype === 'block' || $subtype === 'reblock' ) - || !$this->context->getUser()->isAllowed( 'block' ) + || !MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $this->context->getUser(), 'block' ) ) { return ''; } diff --git a/includes/logging/ContentModelLogFormatter.php b/includes/logging/ContentModelLogFormatter.php index e05357cd6836..23c582c30f22 100644 --- a/includes/logging/ContentModelLogFormatter.php +++ b/includes/logging/ContentModelLogFormatter.php @@ -1,5 +1,7 @@ <?php +use MediaWiki\MediaWikiServices; + class ContentModelLogFormatter extends LogFormatter { protected function getMessageParameters() { $lang = $this->context->getLanguage(); @@ -12,7 +14,9 @@ class ContentModelLogFormatter extends LogFormatter { public function getActionLinks() { if ( $this->entry->isDeleted( LogPage::DELETED_ACTION ) // Action is hidden || $this->entry->getSubtype() !== 'change' - || !$this->context->getUser()->isAllowed( 'editcontentmodel' ) + || !MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $this->context->getUser(), 'editcontentmodel' ) ) { return ''; } diff --git a/includes/logging/DeleteLogFormatter.php b/includes/logging/DeleteLogFormatter.php index 3bc19ffd3725..0abb6f62c4e9 100644 --- a/includes/logging/DeleteLogFormatter.php +++ b/includes/logging/DeleteLogFormatter.php @@ -23,6 +23,7 @@ * @since 1.22 */ +use MediaWiki\MediaWikiServices; use MediaWiki\Storage\RevisionRecord; /** @@ -136,7 +137,8 @@ class DeleteLogFormatter extends LogFormatter { public function getActionLinks() { $user = $this->context->getUser(); $linkRenderer = $this->getLinkRenderer(); - if ( !$user->isAllowed( 'deletedhistory' ) + $permissionManager = MediaWikiServices::getInstance()->getPermissionManager(); + if ( !$permissionManager->userHasRight( $user, 'deletedhistory' ) || $this->entry->isDeleted( LogPage::DELETED_ACTION ) ) { return ''; @@ -145,7 +147,7 @@ class DeleteLogFormatter extends LogFormatter { switch ( $this->entry->getSubtype() ) { case 'delete': // Show undelete link case 'delete_redir': - if ( $user->isAllowed( 'undelete' ) ) { + if ( $permissionManager->userHasRight( $user, 'undelete' ) ) { $message = 'undeletelink'; } else { $message = 'undeleteviewlink'; diff --git a/includes/logging/LogEventsList.php b/includes/logging/LogEventsList.php index 6791503bf740..2e7f065bf1c9 100644 --- a/includes/logging/LogEventsList.php +++ b/includes/logging/LogEventsList.php @@ -233,7 +233,10 @@ class LogEventsList extends ContextSource { foreach ( LogPage::validTypes() as $type ) { $page = new LogPage( $type ); $restriction = $page->getRestriction(); - if ( $this->getUser()->isAllowed( $restriction ) ) { + if ( MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $this->getUser(), $restriction ) + ) { $typesByName[$type] = $page->getName()->text(); } } @@ -450,11 +453,12 @@ class LogEventsList extends ContextSource { } $del = ''; + $permissionManager = MediaWikiServices::getInstance()->getPermissionManager(); // Don't show useless checkbox to people who cannot hide log entries - if ( $user->isAllowed( 'deletedhistory' ) ) { - $canHide = $user->isAllowed( 'deletelogentry' ); - $canViewSuppressedOnly = $user->isAllowed( 'viewsuppressed' ) && - !$user->isAllowed( 'suppressrevision' ); + if ( $permissionManager->userHasRight( $user, 'deletedhistory' ) ) { + $canHide = $permissionManager->userHasRight( $user, 'deletelogentry' ); + $canViewSuppressedOnly = $permissionManager->userHasRight( $user, 'viewsuppressed' ) && + !$permissionManager->userHasRight( $user, 'suppressrevision' ); $entryIsSuppressed = self::isDeleted( $row, LogPage::DELETED_RESTRICTED ); $canViewThisSuppressedEntry = $canViewSuppressedOnly && $entryIsSuppressed; if ( $row->log_deleted || $canHide ) { @@ -508,7 +512,9 @@ class LogEventsList extends ContextSource { in_array( $row->log_action, $action ) : $row->log_action == $action; if ( $match && $right ) { global $wgUser; - $match = $wgUser->isAllowed( $right ); + $match = MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $wgUser, $right ); } } @@ -572,7 +578,10 @@ class LogEventsList extends ContextSource { $user = $wgUser; } $logRestrictions = MediaWikiServices::getInstance()->getMainConfig()->get( 'LogRestrictions' ); - if ( isset( $logRestrictions[$type] ) && !$user->isAllowed( $logRestrictions[$type] ) ) { + if ( isset( $logRestrictions[$type] ) && !MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $user, $logRestrictions[$type] ) + ) { return false; } return true; @@ -783,7 +792,10 @@ class LogEventsList extends ContextSource { // Don't show private logs to unprivileged users foreach ( $wgLogRestrictions as $logType => $right ) { - if ( $audience == 'public' || !$user->isAllowed( $right ) ) { + if ( $audience == 'public' || !MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $user, $right ) + ) { $hiddenLogs[] = $logType; } } diff --git a/includes/logging/LogFormatter.php b/includes/logging/LogFormatter.php index 9e63ffee647e..b4a682583c28 100644 --- a/includes/logging/LogFormatter.php +++ b/includes/logging/LogFormatter.php @@ -163,7 +163,9 @@ class LogFormatter { $logRestrictions = $this->context->getConfig()->get( 'LogRestrictions' ); $type = $this->entry->getType(); return !isset( $logRestrictions[$type] ) - || $this->context->getUser()->isAllowed( $logRestrictions[$type] ); + || MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $this->context->getUser(), $logRestrictions[$type] ); } /** diff --git a/includes/logging/LogPager.php b/includes/logging/LogPager.php index 38710477cb77..47aed56a641c 100644 --- a/includes/logging/LogPager.php +++ b/includes/logging/LogPager.php @@ -146,7 +146,9 @@ class LogPager extends ReverseChronologicalPager { $needReindex = false; foreach ( $types as $type ) { if ( isset( $wgLogRestrictions[$type] ) - && !$user->isAllowed( $wgLogRestrictions[$type] ) + && !MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $user, $wgLogRestrictions[$type] ) ) { $needReindex = true; $types = array_diff( $types, [ $type ] ); @@ -462,12 +464,10 @@ class LogPager extends ReverseChronologicalPager { } $this->actionRestrictionsEnforced = true; $user = $this->getUser(); - if ( !$user->isAllowed( 'deletedhistory' ) ) { + $permissionManager = MediaWikiServices::getInstance()->getPermissionManager(); + if ( !$permissionManager->userHasRight( $user, 'deletedhistory' ) ) { $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_ACTION ) . ' = 0'; - } elseif ( !MediaWikiServices::getInstance() - ->getPermissionManager() - ->userHasAnyRight( $user, 'suppressrevision', 'viewsuppressed' ) - ) { + } elseif ( !$permissionManager->userHasAnyRight( $user, 'suppressrevision', 'viewsuppressed' ) ) { $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_ACTION ) . ' != ' . LogPage::SUPPRESSED_USER; } @@ -483,12 +483,10 @@ class LogPager extends ReverseChronologicalPager { } $this->performerRestrictionsEnforced = true; $user = $this->getUser(); - if ( !$user->isAllowed( 'deletedhistory' ) ) { + $permissionManager = MediaWikiServices::getInstance()->getPermissionManager(); + if ( !$permissionManager->userHasRight( $user, 'deletedhistory' ) ) { $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_USER ) . ' = 0'; - } elseif ( !MediaWikiServices::getInstance() - ->getPermissionManager() - ->userHasAnyRight( $user, 'suppressrevision', 'viewsuppressed' ) - ) { + } elseif ( !$permissionManager->userHasAnyRight( $user, 'suppressrevision', 'viewsuppressed' ) ) { $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_USER ) . ' != ' . LogPage::SUPPRESSED_ACTION; } diff --git a/includes/logging/MergeLogFormatter.php b/includes/logging/MergeLogFormatter.php index 7a6fb9df4876..925c976d7ad8 100644 --- a/includes/logging/MergeLogFormatter.php +++ b/includes/logging/MergeLogFormatter.php @@ -22,6 +22,8 @@ * @since 1.25 */ +use MediaWiki\MediaWikiServices; + /** * This class formats merge log entries. * @@ -47,7 +49,9 @@ class MergeLogFormatter extends LogFormatter { public function getActionLinks() { if ( $this->entry->isDeleted( LogPage::DELETED_ACTION ) // Action is hidden - || !$this->context->getUser()->isAllowed( 'mergehistory' ) + || !MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $this->context->getUser(), 'mergehistory' ) ) { return ''; } diff --git a/includes/logging/MoveLogFormatter.php b/includes/logging/MoveLogFormatter.php index 637a8e7821e9..6797f98f04bb 100644 --- a/includes/logging/MoveLogFormatter.php +++ b/includes/logging/MoveLogFormatter.php @@ -23,6 +23,8 @@ * @since 1.22 */ +use MediaWiki\MediaWikiServices; + /** * This class formats move log entries. * @@ -60,7 +62,9 @@ class MoveLogFormatter extends LogFormatter { public function getActionLinks() { if ( $this->entry->isDeleted( LogPage::DELETED_ACTION ) // Action is hidden || $this->entry->getSubtype() !== 'move' - || !$this->context->getUser()->isAllowed( 'move' ) + || !MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $this->context->getUser(), 'move' ) ) { return ''; } diff --git a/includes/logging/ProtectLogFormatter.php b/includes/logging/ProtectLogFormatter.php index ba0245731975..6e3b26b17f85 100644 --- a/includes/logging/ProtectLogFormatter.php +++ b/includes/logging/ProtectLogFormatter.php @@ -101,7 +101,10 @@ class ProtectLogFormatter extends LogFormatter { ]; // Show change protection link - if ( $this->context->getUser()->isAllowed( 'protect' ) ) { + if ( !MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $this->context->getUser(), 'protect' ) + ) { $links[] = $linkRenderer->makeKnownLink( $title, $this->msg( 'protect_change' )->text(), diff --git a/includes/mail/EmailNotification.php b/includes/mail/EmailNotification.php index cba68ef58791..4d176fb0bcc2 100644 --- a/includes/mail/EmailNotification.php +++ b/includes/mail/EmailNotification.php @@ -129,7 +129,10 @@ class EmailNotification { if ( $watchers === [] && !count( $wgUsersNotifiedOnAllChanges ) ) { $sendEmail = false; // Only send notification for non minor edits, unless $wgEnotifMinorEdits - if ( !$minorEdit || ( $wgEnotifMinorEdits && !$editor->isAllowed( 'nominornewtalk' ) ) ) { + if ( !$minorEdit || ( $wgEnotifMinorEdits && !MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $editor, 'nominornewtalk' ) ) + ) { $isUserTalkPage = ( $title->getNamespace() == NS_USER_TALK ); if ( $wgEnotifUserTalk && $isUserTalkPage @@ -214,7 +217,10 @@ class EmailNotification { $userTalkId = false; - if ( !$minorEdit || ( $wgEnotifMinorEdits && !$editor->isAllowed( 'nominornewtalk' ) ) ) { + if ( !$minorEdit || ( $wgEnotifMinorEdits && !MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $editor, 'nominornewtalk' ) ) + ) { if ( $wgEnotifUserTalk && $isUserTalkPage && $this->canSendUserTalkEmail( $editor, $title, $minorEdit ) diff --git a/includes/page/Article.php b/includes/page/Article.php index 1c2e782b6b1b..4bede965ab7f 100644 --- a/includes/page/Article.php +++ b/includes/page/Article.php @@ -1310,7 +1310,10 @@ class Article implements Page { } $outputPage->preventClickjacking(); - if ( $user->isAllowed( 'writeapi' ) ) { + if ( MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $user, 'writeapi' ) + ) { $outputPage->addModules( 'mediawiki.page.patrol.ajax' ); } @@ -1827,7 +1830,10 @@ class Article implements Page { [ 'delete', $this->getTitle()->getPrefixedText() ] ) ) { # Flag to hide all contents of the archived revisions - $suppress = $request->getCheck( 'wpSuppress' ) && $user->isAllowed( 'suppressrevision' ); + + $suppress = $request->getCheck( 'wpSuppress' ) && MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $user, 'suppressrevision' ); $this->doDelete( $reason, $suppress ); @@ -1986,8 +1992,8 @@ class Article implements Page { ] ); } - - if ( $user->isAllowed( 'suppressrevision' ) ) { + $permissionManager = MediaWikiServices::getInstance()->getPermissionManager(); + if ( $permissionManager->userHasRight( $user, 'suppressrevision' ) ) { $fields[] = new OOUI\FieldLayout( new OOUI\CheckboxInputWidget( [ 'name' => 'wpSuppress', @@ -2045,7 +2051,7 @@ class Article implements Page { ] ) ); - if ( $user->isAllowed( 'editinterface' ) ) { + if ( $permissionManager->userHasRight( $user, 'editinterface' ) ) { $link = Linker::linkKnown( $ctx->msg( 'deletereason-dropdown' )->inContentLanguage()->getTitle(), wfMessage( 'delete-edit-reasonlist' )->escaped(), diff --git a/includes/page/ImageHistoryList.php b/includes/page/ImageHistoryList.php index 9edacccd52fa..cf2497f94e49 100644 --- a/includes/page/ImageHistoryList.php +++ b/includes/page/ImageHistoryList.php @@ -130,11 +130,10 @@ class ImageHistoryList extends ContextSource { $row = $selected = ''; // Deletion link - if ( $local && ( $pm->userHasAnyRight( $user, 'delete', 'deletedhistory' ) ) - ) { + if ( $local && ( $pm->userHasAnyRight( $user, 'delete', 'deletedhistory' ) ) ) { $row .= '<td>'; # Link to remove from history - if ( $user->isAllowed( 'delete' ) ) { + if ( $pm->userHasRight( $user, 'delete' ) ) { $q = [ 'action' => 'delete' ]; if ( !$iscur ) { $q['oldimage'] = $img; @@ -146,9 +145,10 @@ class ImageHistoryList extends ContextSource { ); } # Link to hide content. Don't show useless link to people who cannot hide revisions. - $canHide = $user->isAllowed( 'deleterevision' ); - if ( $canHide || ( $user->isAllowed( 'deletedhistory' ) && $file->getVisibility() ) ) { - if ( $user->isAllowed( 'delete' ) ) { + $canHide = $pm->userHasRight( $user, 'deleterevision' ); + if ( $canHide || ( $pm->userHasRight( $user, 'deletedhistory' ) + && $file->getVisibility() ) ) { + if ( $pm->userHasRight( $user, 'delete' ) ) { $row .= '<br />'; } // If file is top revision or locked from this user, don't link diff --git a/includes/page/ImagePage.php b/includes/page/ImagePage.php index 653e443a6628..bb15532c1e57 100644 --- a/includes/page/ImagePage.php +++ b/includes/page/ImagePage.php @@ -603,7 +603,10 @@ EOT ); } - if ( $wgEnableUploads && $user->isAllowed( 'upload' ) ) { + if ( $wgEnableUploads && MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $user, 'upload' ) + ) { // Only show an upload link if the user can upload $uploadTitle = SpecialPage::getTitleFor( 'Upload' ); $nofile = [ diff --git a/includes/page/WikiPage.php b/includes/page/WikiPage.php index bad75da4fbf0..f0a656dd9987 100644 --- a/includes/page/WikiPage.php +++ b/includes/page/WikiPage.php @@ -1896,7 +1896,8 @@ class WikiPage implements Page, IDBAccessObject { // TODO: this check is here for backwards-compatibility with 1.31 behavior. // Checking the minoredit right should be done in the same place the 'bot' right is // checked for the EDIT_FORCE_BOT flag, which is currently in EditPage::attemptSave. - if ( ( $flags & EDIT_MINOR ) && !$user->isAllowed( 'minoredit' ) ) { + $permissionManager = MediaWikiServices::getInstance()->getPermissionManager(); + if ( ( $flags & EDIT_MINOR ) && !$permissionManager->userHasRight( $user, 'minoredit' ) ) { $flags = ( $flags & ~EDIT_MINOR ); } @@ -1916,7 +1917,6 @@ class WikiPage implements Page, IDBAccessObject { // TODO: this logic should not be in the storage layer, it's here for compatibility // with 1.31 behavior. Applying the 'autopatrol' right should be done in the same // place the 'bot' right is handled, which is currently in EditPage::attemptSave. - $permissionManager = MediaWikiServices::getInstance()->getPermissionManager(); if ( $needsPatrol && $permissionManager->userCan( 'autopatrol', $user, $this->getTitle() @@ -3249,14 +3249,12 @@ class WikiPage implements Page, IDBAccessObject { // Save $flags = EDIT_UPDATE | EDIT_INTERNAL; - if ( $guser->isAllowed( 'minoredit' ) ) { + $permissionManager = MediaWikiServices::getInstance()->getPermissionManager(); + if ( $permissionManager->userHasRight( $guser, 'minoredit' ) ) { $flags |= EDIT_MINOR; } - if ( $bot && ( MediaWikiServices::getInstance() - ->getPermissionManager() - ->userHasAnyRight( $guser, 'markbotedits', 'bot' ) ) - ) { + if ( $bot && ( $permissionManager->userHasAnyRight( $guser, 'markbotedits', 'bot' ) ) ) { $flags |= EDIT_FORCE_BOT; } @@ -3291,7 +3289,6 @@ class WikiPage implements Page, IDBAccessObject { // TODO: this logic should not be in the storage layer, it's here for compatibility // with 1.31 behavior. Applying the 'autopatrol' right should be done in the same // place the 'bot' right is handled, which is currently in EditPage::attemptSave. - $permissionManager = MediaWikiServices::getInstance()->getPermissionManager(); if ( $wgUseRCPatrol && $permissionManager->userCan( 'autopatrol', $guser, $this->getTitle() @@ -3308,7 +3305,7 @@ class WikiPage implements Page, IDBAccessObject { // Set patrolling and bot flag on the edits, which gets rollbacked. // This is done even on edit failure to have patrolling in that case (T64157). $set = []; - if ( $bot && $guser->isAllowed( 'markbotedits' ) ) { + if ( $bot && $permissionManager->userHasRight( $guser, 'markbotedits' ) ) { // Mark all reverted edits as bot $set['rc_bot'] = 1; } diff --git a/includes/skins/SkinTemplate.php b/includes/skins/SkinTemplate.php index 70df73bc2132..327061c68120 100644 --- a/includes/skins/SkinTemplate.php +++ b/includes/skins/SkinTemplate.php @@ -595,7 +595,7 @@ class SkinTemplate extends Skin { # $this->getTitle() will just give Special:Badtitle, which is # not especially useful as a returnto parameter. Use the title # from the request instead, if there was one. - if ( $this->getUser()->isAllowed( 'read' ) ) { + if ( $permissionManager->userHasRight( $this->getUser(), 'read' ) ) { $page = $this->getTitle(); } else { $page = Title::newFromText( $request->getVal( 'title', '' ) ); @@ -636,7 +636,7 @@ class SkinTemplate extends Skin { 'active' => ( $href == $pageurl ) ]; - if ( $this->getUser()->isAllowed( 'viewmywatchlist' ) ) { + if ( $permissionManager->userHasRight( $this->getUser(), 'viewmywatchlist' ) ) { $href = self::makeSpecialUrl( 'Watchlist' ); $personal_urls['watchlist'] = [ 'text' => $this->msg( 'mywatchlist' )->text(), @@ -689,9 +689,8 @@ class SkinTemplate extends Skin { $useCombinedLoginLink = false; } - $loginlink = $this->getUser()->isAllowed( 'createaccount' ) && $useCombinedLoginLink - ? 'nav-login-createaccount' - : 'pt-login'; + $loginlink = $permissionManager->userHasRight( $this->getUser(), 'createaccount' ) + && $useCombinedLoginLink ? 'nav-login-createaccount' : 'pt-login'; $login_url = [ 'text' => $this->msg( $loginlink )->text(), @@ -727,7 +726,7 @@ class SkinTemplate extends Skin { if ( $authManager->canCreateAccounts() - && $this->getUser()->isAllowed( 'createaccount' ) + && $permissionManager->userHasRight( $this->getUser(), 'createaccount' ) && !$useCombinedLoginLink ) { $personal_urls['createaccount'] = $createaccount_url; @@ -1074,8 +1073,7 @@ class SkinTemplate extends Skin { if ( $permissionManager->quickUserCan( 'protect', $user, $title ) && $title->getRestrictionTypes() && - $permissionManager->getNamespaceRestrictionLevels( $title->getNamespace(), - $user ) !== [ '' ] + $permissionManager->getNamespaceRestrictionLevels( $title->getNamespace(), $user ) !== [ '' ] ) { $mode = $title->isProtected() ? 'unprotect' : 'protect'; $content_navigation['actions'][$mode] = [ @@ -1345,7 +1343,10 @@ class SkinTemplate extends Skin { 'href' => self::makeSpecialUrlSubpage( 'Log', $rootUser ) ]; - if ( $this->getUser()->isAllowed( 'block' ) ) { + if ( MediawikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $this->getUser(), 'block' ) + ) { $nav_urls['blockip'] = [ 'text' => $this->msg( 'blockip', $rootUser )->text(), 'href' => self::makeSpecialUrlSubpage( 'Block', $rootUser ) diff --git a/includes/specialpage/LoginSignupSpecialPage.php b/includes/specialpage/LoginSignupSpecialPage.php index e5a28d930774..94be8521a340 100644 --- a/includes/specialpage/LoginSignupSpecialPage.php +++ b/includes/specialpage/LoginSignupSpecialPage.php @@ -975,7 +975,11 @@ abstract class LoginSignupSpecialPage extends AuthManagerSpecialPage { } } if ( !$this->isSignup() && $this->showExtraInformation() ) { - $passwordReset = new PasswordReset( $this->getConfig(), AuthManager::singleton() ); + $passwordReset = new PasswordReset( + $this->getConfig(), + AuthManager::singleton(), + MediaWikiServices::getInstance()->getPermissionManager() + ); if ( $passwordReset->isAllowed( $this->getUser() )->isGood() ) { $fieldDefinitions['passwordReset'] = [ 'type' => 'info', @@ -1072,7 +1076,10 @@ abstract class LoginSignupSpecialPage extends AuthManagerSpecialPage { private function showCreateAccountLink() { if ( $this->isSignup() ) { return true; - } elseif ( $this->getUser()->isAllowed( 'createaccount' ) ) { + } elseif ( MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $this->getUser(), 'createaccount' ) + ) { return true; } else { return false; diff --git a/includes/specialpage/SpecialPage.php b/includes/specialpage/SpecialPage.php index 7d3303584deb..ba8e318bcd29 100644 --- a/includes/specialpage/SpecialPage.php +++ b/includes/specialpage/SpecialPage.php @@ -292,7 +292,9 @@ class SpecialPage implements MessageLocalizer { * @return bool Does the user have permission to view the page? */ public function userCanExecute( User $user ) { - return $user->isAllowed( $this->mRestriction ); + return MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $user, $this->mRestriction ); } /** diff --git a/includes/specials/SpecialApiSandbox.php b/includes/specials/SpecialApiSandbox.php index 9e496845f8e0..f4a33c8c54c5 100644 --- a/includes/specials/SpecialApiSandbox.php +++ b/includes/specials/SpecialApiSandbox.php @@ -21,6 +21,8 @@ * @ingroup SpecialPage */ +use MediaWiki\MediaWikiServices; + /** * @ingroup SpecialPage * @since 1.27 @@ -35,7 +37,10 @@ class SpecialApiSandbox extends SpecialPage { $out = $this->getOutput(); $this->addHelpLink( 'Help:ApiSandbox' ); - $out->addJsConfigVars( 'apihighlimits', $this->getUser()->isAllowed( 'apihighlimits' ) ); + $out->addJsConfigVars( 'apihighlimits', MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $this->getUser(), 'apihighlimits' ) + ); $out->addModuleStyles( [ 'mediawiki.special', 'mediawiki.hlist', diff --git a/includes/specials/SpecialAutoblockList.php b/includes/specials/SpecialAutoblockList.php index 34c3371bf269..3f98e93045aa 100644 --- a/includes/specials/SpecialAutoblockList.php +++ b/includes/specials/SpecialAutoblockList.php @@ -21,6 +21,8 @@ * @ingroup SpecialPage */ +use MediaWiki\MediaWikiServices; + /** * A special page that lists autoblocks * @@ -81,7 +83,10 @@ class SpecialAutoblockList extends SpecialPage { 'ipb_parent_block_id IS NOT NULL' ]; # Is the user allowed to see hidden blocks? - if ( !$this->getUser()->isAllowed( 'hideuser' ) ) { + if ( !MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $this->getUser(), 'hideuser' ) + ) { $conds['ipb_deleted'] = 0; } diff --git a/includes/specials/SpecialBlock.php b/includes/specials/SpecialBlock.php index 07214af4fa43..1b0db7345c4c 100644 --- a/includes/specials/SpecialBlock.php +++ b/includes/specials/SpecialBlock.php @@ -25,6 +25,7 @@ use MediaWiki\Block\DatabaseBlock; use MediaWiki\Block\Restriction\PageRestriction; use MediaWiki\Block\Restriction\NamespaceRestriction; use MediaWiki\MediaWikiServices; +use MediaWiki\User\UserIdentity; /** * A special page that allows users with 'block' right to block users from @@ -269,7 +270,10 @@ class SpecialBlock extends FormSpecialPage { ]; # Allow some users to hide name from block log, blocklist and listusers - if ( $user->isAllowed( 'hideuser' ) ) { + if ( MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $user, 'hideuser' ) + ) { $a['HideUser'] = [ 'type' => 'check', 'label-message' => 'ipbhidename', @@ -363,7 +367,10 @@ class SpecialBlock extends FormSpecialPage { // If the username was hidden (ipb_deleted == 1), don't show the reason // unless this user also has rights to hideuser: T37839 - if ( !$block->getHideName() || $this->getUser()->isAllowed( 'hideuser' ) ) { + if ( !$block->getHideName() || MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $this->getUser(), 'hideuser' ) + ) { $fields['Reason']['default'] = $block->getReason(); } else { $fields['Reason']['default'] = ''; @@ -545,7 +552,8 @@ class SpecialBlock extends FormSpecialPage { $user = $this->getUser(); # Link to edit the block dropdown reasons, if applicable - if ( $user->isAllowed( 'editinterface' ) ) { + $permissionManager = MediaWikiServices::getInstance()->getPermissionManager(); + if ( $permissionManager->userHasRight( $user, 'editinterface' ) ) { $links[] = $linkRenderer->makeKnownLink( $this->msg( 'ipbreason-dropdown' )->inContentLanguage()->getTitle(), $this->msg( 'ipb-edit-dropdown' )->text(), @@ -579,7 +587,7 @@ class SpecialBlock extends FormSpecialPage { $text .= $out; # Add suppression block entries if allowed - if ( $user->isAllowed( 'suppressionlog' ) ) { + if ( $permissionManager->userHasRight( $user, 'suppressionlog' ) ) { LogEventsList::showLogExtract( $out, 'suppress', @@ -828,7 +836,10 @@ class SpecialBlock extends FormSpecialPage { } if ( $data['HideUser'] ) { - if ( !$performer->isAllowed( 'hideuser' ) ) { + if ( !MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $performer, 'hideuser' ) + ) { # this codepath is unreachable except by a malicious user spoofing forms, # or by race conditions (user has hideuser and block rights, loads block form, # and loses hideuser rights before submission); so need to fail completely @@ -938,7 +949,10 @@ class SpecialBlock extends FormSpecialPage { } # If the name was hidden and the blocking user cannot hide # names, then don't allow any block changes... - if ( $currentBlock->getHideName() && !$performer->isAllowed( 'hideuser' ) ) { + if ( $currentBlock->getHideName() && !MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $performer, 'hideuser' ) + ) { return [ 'cant-see-hidden-user' ]; } @@ -1106,13 +1120,15 @@ class SpecialBlock extends FormSpecialPage { /** * Can we do an email block? - * @param User $user The sysop wanting to make a block + * @param UserIdentity $user The sysop wanting to make a block * @return bool */ - public static function canBlockEmail( $user ) { + public static function canBlockEmail( UserIdentity $user ) { global $wgEnableUserEmail, $wgSysopEmailBans; - return ( $wgEnableUserEmail && $wgSysopEmailBans && $user->isAllowed( 'blockemail' ) ); + return ( $wgEnableUserEmail && $wgSysopEmailBans && MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $user, 'blockemail' ) ); } /** @@ -1138,7 +1154,10 @@ class SpecialBlock extends FormSpecialPage { if ( $performer->getBlock() ) { if ( $target instanceof User && $target->getId() == $performer->getId() ) { # User is trying to unblock themselves - if ( $performer->isAllowed( 'unblockself' ) ) { + if ( MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $performer, 'unblockself' ) + ) { return true; # User blocked themselves and is now trying to reverse it } elseif ( $performer->blockedBy() === $performer->getName() ) { diff --git a/includes/specials/SpecialBlockList.php b/includes/specials/SpecialBlockList.php index 638535940da8..2dd682f3052c 100644 --- a/includes/specials/SpecialBlockList.php +++ b/includes/specials/SpecialBlockList.php @@ -22,6 +22,7 @@ */ use MediaWiki\Block\DatabaseBlock; +use MediaWiki\MediaWikiServices; /** * A special page that lists existing blocks @@ -139,7 +140,10 @@ class SpecialBlockList extends SpecialPage { $conds = []; $db = $this->getDB(); # Is the user allowed to see hidden blocks? - if ( !$this->getUser()->isAllowed( 'hideuser' ) ) { + if ( !MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $this->getUser(), 'hideuser' ) + ) { $conds['ipb_deleted'] = 0; } diff --git a/includes/specials/SpecialBrokenRedirects.php b/includes/specials/SpecialBrokenRedirects.php index 9431cefbafcb..392b4e970d0f 100644 --- a/includes/specials/SpecialBrokenRedirects.php +++ b/includes/specials/SpecialBrokenRedirects.php @@ -21,6 +21,7 @@ * @ingroup SpecialPage */ +use MediaWiki\MediaWikiServices; use Wikimedia\Rdbms\IResultWrapper; use Wikimedia\Rdbms\IDatabase; @@ -114,6 +115,8 @@ class SpecialBrokenRedirects extends QueryPage { } $linkRenderer = $this->getLinkRenderer(); + $permissionManager = MediaWikiServices::getInstance()->getPermissionManager(); + // $toObj may very easily be false if the $result list is cached if ( !is_object( $toObj ) ) { return '<del>' . $linkRenderer->makeLink( $fromObj ) . '</del>'; @@ -129,7 +132,7 @@ class SpecialBrokenRedirects extends QueryPage { // if the page is editable, add an edit link if ( // check user permissions - $this->getUser()->isAllowed( 'edit' ) && + $permissionManager->userHasRight( $this->getUser(), 'edit' ) && // check, if the content model is editable through action=edit ContentHandler::getForTitle( $fromObj )->supportsDirectEditing() ) { @@ -145,7 +148,7 @@ class SpecialBrokenRedirects extends QueryPage { $out = $from . $this->msg( 'word-separator' )->escaped(); - if ( $this->getUser()->isAllowed( 'delete' ) ) { + if ( $permissionManager->userHasRight( $this->getUser(), 'delete' ) ) { $links[] = $linkRenderer->makeKnownLink( $fromObj, $this->msg( 'brokenredirects-delete' )->text(), diff --git a/includes/specials/SpecialChangeContentModel.php b/includes/specials/SpecialChangeContentModel.php index 01f7e567699c..46fa17e054d4 100644 --- a/includes/specials/SpecialChangeContentModel.php +++ b/includes/specials/SpecialChangeContentModel.php @@ -1,5 +1,7 @@ <?php +use MediaWiki\MediaWikiServices; + class SpecialChangeContentModel extends FormSpecialPage { public function __construct() { @@ -226,7 +228,10 @@ class SpecialChangeContentModel extends FormSpecialPage { $flags = $this->oldRevision ? EDIT_UPDATE : EDIT_NEW; $flags |= EDIT_INTERNAL; - if ( $user->isAllowed( 'bot' ) ) { + if ( MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $user, 'bot' ) + ) { $flags |= EDIT_FORCE_BOT; } diff --git a/includes/specials/SpecialChangeEmail.php b/includes/specials/SpecialChangeEmail.php index c95aa1b558bb..7331cd7c2bee 100644 --- a/includes/specials/SpecialChangeEmail.php +++ b/includes/specials/SpecialChangeEmail.php @@ -23,6 +23,7 @@ use MediaWiki\Auth\AuthManager; use MediaWiki\Logger\LoggerFactory; +use MediaWiki\MediaWikiServices; /** * Let users change their email address. @@ -74,7 +75,10 @@ class SpecialChangeEmail extends FormSpecialPage { // This could also let someone check the current email address, so // require both permissions. - if ( !$this->getUser()->isAllowed( 'viewmyprivateinfo' ) ) { + if ( !MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $this->getUser(), 'viewmyprivateinfo' ) + ) { throw new PermissionsError( 'viewmyprivateinfo' ); } diff --git a/includes/specials/SpecialConfirmEmail.php b/includes/specials/SpecialConfirmEmail.php index f86a133a1325..2c42cd386adb 100644 --- a/includes/specials/SpecialConfirmEmail.php +++ b/includes/specials/SpecialConfirmEmail.php @@ -21,6 +21,8 @@ * @ingroup SpecialPage */ +use MediaWiki\MediaWikiServices; + /** * Special page allows users to request email confirmation message, and handles * processing of the confirmation code when the link in the email is followed @@ -57,7 +59,10 @@ class SpecialConfirmEmail extends UnlistedSpecialPage { // This could also let someone check the current email address, so // require both permissions. - if ( !$this->getUser()->isAllowed( 'viewmyprivateinfo' ) ) { + if ( !MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $this->getUser(), 'viewmyprivateinfo' ) + ) { throw new PermissionsError( 'viewmyprivateinfo' ); } diff --git a/includes/specials/SpecialContributions.php b/includes/specials/SpecialContributions.php index 40c0edf542a0..e8b85fa024a0 100644 --- a/includes/specials/SpecialContributions.php +++ b/includes/specials/SpecialContributions.php @@ -126,7 +126,10 @@ class SpecialContributions extends IncludableSpecialPage { // Allows reverts to have the bot flag in recent changes. It is just here to // be passed in the form at the top of the page - if ( $user->isAllowed( 'markbotedits' ) && $request->getBool( 'bot' ) ) { + if ( MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $user, 'markbotedits' ) && $request->getBool( 'bot' ) + ) { $this->opts['bot'] = '1'; } @@ -373,7 +376,9 @@ class SpecialContributions extends IncludableSpecialPage { ); } - if ( $sp->getUser()->isAllowed( 'block' ) ) { # Block / Change block / Unblock links + # Block / Change block / Unblock links + $permissionManager = MediaWikiServices::getInstance()->getPermissionManager(); + if ( $permissionManager->userHasRight( $sp->getUser(), 'block' ) ) { if ( $target->getBlock() && $target->getBlock()->getType() != DatabaseBlock::TYPE_AUTO ) { $tools['block'] = $linkRenderer->makeKnownLink( # Change block link SpecialPage::getTitleFor( 'Block', $username ), @@ -400,7 +405,7 @@ class SpecialContributions extends IncludableSpecialPage { ); # Suppression log link (T61120) - if ( $sp->getUser()->isAllowed( 'suppressionlog' ) ) { + if ( $permissionManager->userHasRight( $sp->getUser(), 'suppressionlog' ) ) { $tools['log-suppression'] = $linkRenderer->makeKnownLink( SpecialPage::getTitleFor( 'Log', 'suppress' ), $sp->msg( 'sp-contributions-suppresslog', $username )->text(), @@ -412,7 +417,7 @@ class SpecialContributions extends IncludableSpecialPage { # Don't show some links for IP ranges if ( !$isRange ) { # Uploads: hide if IPs cannot upload (T220674) - if ( !$isIP || $target->isAllowed( 'upload' ) ) { + if ( !$isIP || $permissionManager->userHasRight( $target, 'upload' ) ) { $tools['uploads'] = $linkRenderer->makeKnownLink( SpecialPage::getTitleFor( 'Listfiles', $username ), $sp->msg( 'sp-contributions-uploads' )->text() @@ -428,7 +433,7 @@ class SpecialContributions extends IncludableSpecialPage { # Add link to deleted user contributions for priviledged users # Todo: T183457 - if ( $sp->getUser()->isAllowed( 'deletedhistory' ) ) { + if ( $permissionManager->userHasRight( $sp->getUser(), 'deletedhistory' ) ) { $tools['deletedcontribs'] = $linkRenderer->makeKnownLink( SpecialPage::getTitleFor( 'DeletedContributions', $username ), $sp->msg( 'sp-contributions-deleted', $username )->text() @@ -628,7 +633,10 @@ class SpecialContributions extends IncludableSpecialPage { $filters = []; - if ( $this->getUser()->isAllowed( 'deletedhistory' ) ) { + if ( MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $this->getUser(), 'deletedhistory' ) + ) { $filters[] = Html::rawElement( 'span', [ 'class' => 'mw-input-with-label' ], diff --git a/includes/specials/SpecialCreateAccount.php b/includes/specials/SpecialCreateAccount.php index cc2fc80970d9..637025c9859c 100644 --- a/includes/specials/SpecialCreateAccount.php +++ b/includes/specials/SpecialCreateAccount.php @@ -57,7 +57,9 @@ class SpecialCreateAccount extends LoginSignupSpecialPage { } public function userCanExecute( User $user ) { - return $user->isAllowed( 'createaccount' ); + return MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $user, 'createaccount' ); } public function checkPermissions() { diff --git a/includes/specials/SpecialDoubleRedirects.php b/includes/specials/SpecialDoubleRedirects.php index cccca5063aa1..540ac5aaefc5 100644 --- a/includes/specials/SpecialDoubleRedirects.php +++ b/includes/specials/SpecialDoubleRedirects.php @@ -21,6 +21,7 @@ * @ingroup SpecialPage */ +use MediaWiki\MediaWikiServices; use Wikimedia\Rdbms\IResultWrapper; use Wikimedia\Rdbms\IDatabase; @@ -155,7 +156,9 @@ class SpecialDoubleRedirects extends QueryPage { // if the page is editable, add an edit link if ( // check user permissions - $this->getUser()->isAllowed( 'edit' ) && + MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $this->getUser(), 'edit' ) && // check, if the content model is editable through action=edit ContentHandler::getForTitle( $titleA )->supportsDirectEditing() ) { diff --git a/includes/specials/SpecialEditTags.php b/includes/specials/SpecialEditTags.php index 1dd19694c9ad..48357aa7ad57 100644 --- a/includes/specials/SpecialEditTags.php +++ b/includes/specials/SpecialEditTags.php @@ -129,7 +129,7 @@ class SpecialEditTags extends UnlistedSpecialPage { $this->ids ); - $this->isAllowed = $user->isAllowed( 'changetags' ); + $this->isAllowed = $this->permissionManager->userHasRight( $user, 'changetags' ); $this->reason = $request->getVal( 'wpReason' ); // We need a target page! diff --git a/includes/specials/SpecialEmailUser.php b/includes/specials/SpecialEmailUser.php index b42cdea08ad1..c8b92bd10db4 100644 --- a/includes/specials/SpecialEmailUser.php +++ b/includes/specials/SpecialEmailUser.php @@ -253,7 +253,10 @@ class SpecialEmailUser extends UnlistedSpecialPage { return 'mailnologin'; } - if ( !$user->isAllowed( 'sendemail' ) ) { + if ( !MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $user, 'sendemail' ) + ) { return 'badaccess'; } diff --git a/includes/specials/SpecialExpandTemplates.php b/includes/specials/SpecialExpandTemplates.php index a466f2943686..72e881f96729 100644 --- a/includes/specials/SpecialExpandTemplates.php +++ b/includes/specials/SpecialExpandTemplates.php @@ -273,7 +273,10 @@ class SpecialExpandTemplates extends SpecialPage { // allowed and a valid edit token is not provided (T73111). However, MediaWiki // does not currently provide logged-out users with CSRF protection; in that case, // do not show the preview unless anonymous editing is allowed. - if ( $user->isAnon() && !$user->isAllowed( 'edit' ) ) { + if ( $user->isAnon() && !MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $user, 'edit' ) + ) { $error = [ 'expand_templates_preview_fail_html_anon' ]; } elseif ( !$user->matchEditToken( $request->getVal( 'wpEditToken' ), '', $request ) ) { $error = [ 'expand_templates_preview_fail_html' ]; diff --git a/includes/specials/SpecialExport.php b/includes/specials/SpecialExport.php index 5a6358147f2a..e680d240c0fb 100644 --- a/includes/specials/SpecialExport.php +++ b/includes/specials/SpecialExport.php @@ -327,7 +327,9 @@ class SpecialExport extends SpecialPage { * @return bool */ private function userCanOverrideExportDepth() { - return $this->getUser()->isAllowed( 'override-export-depth' ); + return MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $this->getUser(), 'override-export-depth' ); } /** diff --git a/includes/specials/SpecialImport.php b/includes/specials/SpecialImport.php index f21c20651b39..cfefa4764216 100644 --- a/includes/specials/SpecialImport.php +++ b/includes/specials/SpecialImport.php @@ -135,18 +135,19 @@ class SpecialImport extends SpecialPage { } $user = $this->getUser(); + $permissionManager = MediaWikiServices::getInstance()->getPermissionManager(); if ( !$user->matchEditToken( $request->getVal( 'editToken' ) ) ) { $source = Status::newFatal( 'import-token-mismatch' ); } elseif ( $this->sourceName === 'upload' ) { $isUpload = true; $this->usernamePrefix = $this->fullInterwikiPrefix = $request->getVal( 'usernamePrefix' ); - if ( $user->isAllowed( 'importupload' ) ) { + if ( $permissionManager->userHasRight( $user, 'importupload' ) ) { $source = ImportStreamSource::newFromUpload( "xmlimport" ); } else { throw new PermissionsError( 'importupload' ); } } elseif ( $this->sourceName === 'interwiki' ) { - if ( !$user->isAllowed( 'import' ) ) { + if ( !$permissionManager->userHasRight( $user, 'import' ) ) { throw new PermissionsError( 'import' ); } $this->interwiki = $this->fullInterwikiPrefix = $request->getVal( 'interwiki' ); @@ -325,10 +326,11 @@ class SpecialImport extends SpecialPage { private function showForm() { $action = $this->getPageTitle()->getLocalURL( [ 'action' => 'submit' ] ); $user = $this->getUser(); + $permissionManager = MediaWikiServices::getInstance()->getPermissionManager(); $out = $this->getOutput(); $this->addHelpLink( 'https://meta.wikimedia.org/wiki/Special:MyLanguage/Help:Import', true ); - if ( $user->isAllowed( 'importupload' ) ) { + if ( $permissionManager->userHasRight( $user, 'importupload' ) ) { $mappingSelection = $this->getMappingFormPart( 'upload' ); $out->addHTML( Xml::fieldset( $this->msg( 'import-upload' )->text() ) . @@ -401,7 +403,7 @@ class SpecialImport extends SpecialPage { $out->addWikiMsg( 'importnosources' ); } - if ( $user->isAllowed( 'import' ) && !empty( $this->importSources ) ) { + if ( $permissionManager->userHasRight( $user, 'import' ) && !empty( $this->importSources ) ) { # Show input field for import depth only if $wgExportMaxLinkDepth > 0 $importDepth = ''; if ( $this->getConfig()->get( 'ExportMaxLinkDepth' ) > 0 ) { diff --git a/includes/specials/SpecialLog.php b/includes/specials/SpecialLog.php index ac8baa12c1c4..7c858147e174 100644 --- a/includes/specials/SpecialLog.php +++ b/includes/specials/SpecialLog.php @@ -94,7 +94,9 @@ class SpecialLog extends SpecialPage { if ( !LogPage::isLogType( $type ) ) { $opts->setValue( 'type', '' ); } elseif ( isset( $logRestrictions[$type] ) - && !$this->getUser()->isAllowed( $logRestrictions[$type] ) + && !MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $this->getUser(), $logRestrictions[$type] ) ) { throw new PermissionsError( $logRestrictions[$type] ); } diff --git a/includes/specials/SpecialMovepage.php b/includes/specials/SpecialMovepage.php index 6da362dd1bdf..0767fafe6732 100644 --- a/includes/specials/SpecialMovepage.php +++ b/includes/specials/SpecialMovepage.php @@ -209,7 +209,9 @@ class MovePageForm extends UnlistedSpecialPage { } if ( count( $err ) == 1 && isset( $err[0][0] ) && $err[0][0] == 'file-exists-sharedrepo' - && $user->isAllowed( 'reupload-shared' ) + && MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $user, 'reupload-shared' ) ) { $out->wrapWikiMsg( "<div class='warningbox'>\n$1\n</div>\n", @@ -374,7 +376,10 @@ class MovePageForm extends UnlistedSpecialPage { ); } - if ( $user->isAllowed( 'suppressredirect' ) ) { + if ( MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $user, 'suppressredirect' ) + ) { if ( $handlerSupportsRedirects ) { $isChecked = $this->leaveRedirect; $isDisabled = false; @@ -520,6 +525,7 @@ class MovePageForm extends UnlistedSpecialPage { function doSubmit() { $user = $this->getUser(); + $permissionManager = MediaWikiServices::getInstance()->getPermissionManager(); if ( $user->pingLimiter( 'move' ) ) { throw new ThrottledError; @@ -540,7 +546,7 @@ class MovePageForm extends UnlistedSpecialPage { # Show a warning if the target file exists on a shared repo $repoGroup = $services->getRepoGroup(); if ( $nt->getNamespace() == NS_FILE - && !( $this->moveOverShared && $user->isAllowed( 'reupload-shared' ) ) + && !( $this->moveOverShared && $permissionManager->userHasRight( $user, 'reupload-shared' ) ) && !$repoGroup->getLocalRepo()->findFile( $nt ) && $repoGroup->findFile( $nt ) ) { @@ -551,7 +557,7 @@ class MovePageForm extends UnlistedSpecialPage { # Delete to make way if requested if ( $this->deleteAndMove ) { - $permErrors = $nt->getUserPermissionsErrors( 'delete', $user ); + $permErrors = $permissionManager->getPermissionErrors( 'delete', $user, $nt ); if ( count( $permErrors ) ) { # Only show the first error $this->showForm( $permErrors, true ); @@ -592,7 +598,7 @@ class MovePageForm extends UnlistedSpecialPage { if ( !$handler->supportsRedirects() ) { $createRedirect = false; - } elseif ( $user->isAllowed( 'suppressredirect' ) ) { + } elseif ( $permissionManager->userHasRight( $user, 'suppressredirect' ) ) { $createRedirect = $this->leaveRedirect; } else { $createRedirect = true; @@ -607,7 +613,6 @@ class MovePageForm extends UnlistedSpecialPage { $this->moveTalk = false; } if ( $this->moveSubpages ) { - $permissionManager = $services->getPermissionManager(); $this->moveSubpages = $permissionManager->userCan( 'move-subpages', $user, $ot ); } diff --git a/includes/specials/SpecialPasswordReset.php b/includes/specials/SpecialPasswordReset.php index 3524d79e65cf..2ef96ad85412 100644 --- a/includes/specials/SpecialPasswordReset.php +++ b/includes/specials/SpecialPasswordReset.php @@ -22,6 +22,7 @@ */ use MediaWiki\Auth\AuthManager; +use MediaWiki\MediaWikiServices; /** * Special page for requesting a password reset email. @@ -52,7 +53,11 @@ class SpecialPasswordReset extends FormSpecialPage { private function getPasswordReset() { if ( $this->passwordReset === null ) { - $this->passwordReset = new PasswordReset( $this->getConfig(), AuthManager::singleton() ); + $this->passwordReset = new PasswordReset( + $this->getConfig(), + AuthManager::singleton(), + MediaWikiServices::getInstance()->getPermissionManager() + ); } return $this->passwordReset; } diff --git a/includes/specials/SpecialPreferences.php b/includes/specials/SpecialPreferences.php index 0bc9147fad5c..d541eadcd6b3 100644 --- a/includes/specials/SpecialPreferences.php +++ b/includes/specials/SpecialPreferences.php @@ -115,7 +115,10 @@ class SpecialPreferences extends SpecialPage { } protected function showResetForm() { - if ( !$this->getUser()->isAllowed( 'editmyoptions' ) ) { + if ( !MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $this->getUser(), 'editmyoptions' ) + ) { throw new PermissionsError( 'editmyoptions' ); } @@ -134,7 +137,10 @@ class SpecialPreferences extends SpecialPage { } public function submitReset( $formData ) { - if ( !$this->getUser()->isAllowed( 'editmyoptions' ) ) { + if ( !MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $this->getUser(), 'editmyoptions' ) + ) { throw new PermissionsError( 'editmyoptions' ); } diff --git a/includes/specials/SpecialRecentChanges.php b/includes/specials/SpecialRecentChanges.php index 0bfe1855df0f..4683fe68613c 100644 --- a/includes/specials/SpecialRecentChanges.php +++ b/includes/specials/SpecialRecentChanges.php @@ -185,7 +185,9 @@ class SpecialRecentChanges extends ChangesListSpecialPage { if ( !$this->including() && $this->getUser()->isLoggedIn() && - $this->getUser()->isAllowed( 'viewmywatchlist' ) + MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $this->getUser(), 'viewmywatchlist' ) ) { $this->registerFiltersFromDefinitions( [ $this->watchlistFilterGroupDefinition ] ); $watchlistGroup = $this->getFilterGroup( 'watchlist' ); @@ -279,7 +281,10 @@ class SpecialRecentChanges extends ChangesListSpecialPage { $join_conds = array_merge( $join_conds, $rcQuery['joins'] ); // JOIN on watchlist for users - if ( $user->isLoggedIn() && $user->isAllowed( 'viewmywatchlist' ) ) { + if ( $user->isLoggedIn() && MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $user, 'viewmywatchlist' ) + ) { $tables[] = 'watchlist'; $fields[] = 'wl_user'; $fields[] = 'wl_notificationtimestamp'; diff --git a/includes/specials/SpecialRecentChangesLinked.php b/includes/specials/SpecialRecentChangesLinked.php index 26f36655978a..0921adaab875 100644 --- a/includes/specials/SpecialRecentChangesLinked.php +++ b/includes/specials/SpecialRecentChangesLinked.php @@ -21,6 +21,8 @@ * @ingroup SpecialPage */ +use MediaWiki\MediaWikiServices; + /** * This is to display changes made to all articles linked in an article. * @@ -91,7 +93,10 @@ class SpecialRecentChangesLinked extends SpecialRecentChanges { // left join with watchlist table to highlight watched rows $uid = $this->getUser()->getId(); - if ( $uid && $this->getUser()->isAllowed( 'viewmywatchlist' ) ) { + if ( $uid && MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $this->getUser(), 'viewmywatchlist' ) + ) { $tables[] = 'watchlist'; $select[] = 'wl_user'; $join_conds['watchlist'] = [ 'LEFT JOIN', [ diff --git a/includes/specials/SpecialRevisionDelete.php b/includes/specials/SpecialRevisionDelete.php index 437263f186b3..698e5907cfac 100644 --- a/includes/specials/SpecialRevisionDelete.php +++ b/includes/specials/SpecialRevisionDelete.php @@ -21,6 +21,7 @@ * @ingroup SpecialPage */ +use MediaWiki\MediaWikiServices; use MediaWiki\Storage\RevisionRecord; use MediaWiki\Permissions\PermissionManager; @@ -192,9 +193,11 @@ class SpecialRevisionDelete extends UnlistedSpecialPage { $this->typeLabels = self::$UILabels[$this->typeName]; $list = $this->getList(); $list->reset(); - $this->mIsAllowed = $user->isAllowed( RevisionDeleter::getRestriction( $this->typeName ) ); - $canViewSuppressedOnly = $this->getUser()->isAllowed( 'viewsuppressed' ) && - !$this->getUser()->isAllowed( 'suppressrevision' ); + $permissionManager = MediaWikiServices::getInstance()->getPermissionManager(); + $this->mIsAllowed = $permissionManager->userHasRight( $user, + RevisionDeleter::getRestriction( $this->typeName ) ); + $canViewSuppressedOnly = $permissionManager->userHasRight( $user, 'viewsuppressed' ) && + !$permissionManager->userHasRight( $user, 'suppressrevision' ); $pageIsSuppressed = $list->areAnySuppressed(); $this->mIsAllowed = $this->mIsAllowed && !( $canViewSuppressedOnly && $pageIsSuppressed ); @@ -211,7 +214,7 @@ class SpecialRevisionDelete extends UnlistedSpecialPage { [ 'revdelete-hide-comment', 'wpHideComment', RevisionRecord::DELETED_COMMENT ], [ 'revdelete-hide-user', 'wpHideUser', RevisionRecord::DELETED_USER ] ]; - if ( $user->isAllowed( 'suppressrevision' ) ) { + if ( $permissionManager->userHasRight( $user, 'suppressrevision' ) ) { $this->checks[] = [ 'revdelete-hide-restricted', 'wpHideRestricted', RevisionRecord::DELETED_RESTRICTED ]; } @@ -223,7 +226,7 @@ class SpecialRevisionDelete extends UnlistedSpecialPage { $this->showForm(); } - if ( $user->isAllowed( 'deletedhistory' ) ) { + if ( $permissionManager->userHasRight( $user, 'deletedhistory' ) ) { $qc = $this->getLogQueryCond(); # Show relevant lines from the deletion log $deleteLogPage = new LogPage( 'delete' ); @@ -237,7 +240,7 @@ class SpecialRevisionDelete extends UnlistedSpecialPage { ); } # Show relevant lines from the suppression log - if ( $user->isAllowed( 'suppressionlog' ) ) { + if ( $permissionManager->userHasRight( $user, 'suppressionlog' ) ) { $suppressLogPage = new LogPage( 'suppress' ); $output->addHTML( "<h2>" . $suppressLogPage->getName()->escaped() . "</h2>\n" ); LogEventsList::showLogExtract( @@ -276,7 +279,10 @@ class SpecialRevisionDelete extends UnlistedSpecialPage { [ 'action' => 'history' ] ); # Link to deleted edits - if ( $this->getUser()->isAllowed( 'undelete' ) ) { + if ( MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $this->getUser(), 'undelete' ) + ) { $undelete = SpecialPage::getTitleFor( 'Undelete' ); $links[] = $linkRenderer->makeKnownLink( $undelete, @@ -480,7 +486,10 @@ class SpecialRevisionDelete extends UnlistedSpecialPage { Xml::closeElement( 'fieldset' ) . "\n" . Xml::closeElement( 'form' ) . "\n"; // Show link to edit the dropdown reasons - if ( $this->getUser()->isAllowed( 'editinterface' ) ) { + if ( MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $this->getUser(), 'editinterface' ) + ) { $link = $this->getLinkRenderer()->makeKnownLink( $this->msg( 'revdelete-reason-dropdown' )->inContentLanguage()->getTitle(), $this->msg( 'revdelete-edit-reasonlist' )->text(), @@ -506,7 +515,10 @@ class SpecialRevisionDelete extends UnlistedSpecialPage { 'revdelete-text-others' ); - if ( $this->getUser()->isAllowed( 'suppressrevision' ) ) { + if ( MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $this->getUser(), 'suppressrevision' ) + ) { $this->getOutput()->addWikiMsg( 'revdelete-suppress-text' ); } @@ -611,7 +623,9 @@ class SpecialRevisionDelete extends UnlistedSpecialPage { } # Can the user set this field? if ( $bitParams[RevisionRecord::DELETED_RESTRICTED] == 1 - && !$this->getUser()->isAllowed( 'suppressrevision' ) + && !MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $this->getUser(), 'suppressrevision' ) ) { throw new PermissionsError( 'suppressrevision' ); } diff --git a/includes/specials/SpecialTags.php b/includes/specials/SpecialTags.php index 9a95249c759a..2c8d43297da3 100644 --- a/includes/specials/SpecialTags.php +++ b/includes/specials/SpecialTags.php @@ -21,6 +21,8 @@ * @ingroup SpecialPage */ +use MediaWiki\MediaWikiServices; + /** * A special page that lists tags for edits * @@ -77,9 +79,10 @@ class SpecialTags extends SpecialPage { $out->wrapWikiMsg( "<div class='mw-tags-intro'>\n$1\n</div>", 'tags-intro' ); $user = $this->getUser(); - $userCanManage = $user->isAllowed( 'managechangetags' ); - $userCanDelete = $user->isAllowed( 'deletechangetags' ); - $userCanEditInterface = $user->isAllowed( 'editinterface' ); + $permissionManager = MediaWikiServices::getInstance()->getPermissionManager(); + $userCanManage = $permissionManager->userHasRight( $user, 'managechangetags' ); + $userCanDelete = $permissionManager->userHasRight( $user, 'deletechangetags' ); + $userCanEditInterface = $permissionManager->userHasRight( $user, 'editinterface' ); // Show form to create a tag if ( $userCanManage ) { @@ -329,7 +332,9 @@ class SpecialTags extends SpecialPage { protected function showDeleteTagForm( $tag ) { $user = $this->getUser(); - if ( !$user->isAllowed( 'deletechangetags' ) ) { + if ( !MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $user, 'deletechangetags' ) ) { throw new PermissionsError( 'deletechangetags' ); } @@ -388,7 +393,9 @@ class SpecialTags extends SpecialPage { $actionStr = $activate ? 'activate' : 'deactivate'; $user = $this->getUser(); - if ( !$user->isAllowed( 'managechangetags' ) ) { + if ( !MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $user, 'managechangetags' ) ) { throw new PermissionsError( 'managechangetags' ); } diff --git a/includes/specials/SpecialUnblock.php b/includes/specials/SpecialUnblock.php index 9b8022b7c2be..931b179a36b6 100644 --- a/includes/specials/SpecialUnblock.php +++ b/includes/specials/SpecialUnblock.php @@ -22,6 +22,7 @@ */ use MediaWiki\Block\DatabaseBlock; +use MediaWiki\MediaWikiServices; /** * A special page for unblocking users @@ -208,7 +209,10 @@ class SpecialUnblock extends SpecialPage { # If the name was hidden and the blocking user cannot hide # names, then don't allow any block removals... - if ( !$performer->isAllowed( 'hideuser' ) && $block->getHideName() ) { + if ( !MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $performer, 'hideuser' ) && $block->getHideName() + ) { return [ 'unblock-hideuser' ]; } diff --git a/includes/specials/SpecialUndelete.php b/includes/specials/SpecialUndelete.php index fe629dba8b3e..d3d3bd7b06dd 100644 --- a/includes/specials/SpecialUndelete.php +++ b/includes/specials/SpecialUndelete.php @@ -102,7 +102,9 @@ class SpecialUndelete extends SpecialPage { $this->mDiff = $request->getCheck( 'diff' ); $this->mDiffOnly = $request->getBool( 'diffonly', $this->getUser()->getOption( 'diffonly' ) ); $this->mComment = $request->getText( 'wpComment' ); - $this->mUnsuppress = $request->getVal( 'wpUnsuppress' ) && $user->isAllowed( 'suppressrevision' ); + $this->mUnsuppress = $request->getVal( 'wpUnsuppress' ) && MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $user, 'suppressrevision' ); $this->mToken = $request->getVal( 'token' ); $block = $user->getBlock(); @@ -153,7 +155,7 @@ class SpecialUndelete extends SpecialPage { if ( $this->mTargetObj !== null ) { return $permissionManager->userCan( $permission, $user, $this->mTargetObj ); } else { - return $user->isAllowed( $permission ); + return $permissionManager->userHasRight( $user, $permission ); } } @@ -179,7 +181,10 @@ class SpecialUndelete extends SpecialPage { $out->addWikiMsg( 'undelete-header' ); # Not all users can just browse every deleted page from the list - if ( $user->isAllowed( 'browsearchive' ) ) { + if ( MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $user, 'browsearchive' ) + ) { $this->showSearchForm(); } @@ -774,7 +779,8 @@ class SpecialUndelete extends SpecialPage { LogEventsList::showLogExtract( $out, 'delete', $this->mTargetObj ); # Show relevant lines from the suppression log: $suppressLogPage = new LogPage( 'suppress' ); - if ( $this->getUser()->isAllowed( 'suppressionlog' ) ) { + $permissionManager = MediaWikiServices::getInstance()->getPermissionManager(); + if ( $permissionManager->userHasRight( $this->getUser(), 'suppressionlog' ) ) { $out->addHTML( Xml::element( 'h2', null, $suppressLogPage->getName()->text() ) . "\n" ); LogEventsList::showLogExtract( $out, 'suppress', $this->mTargetObj ); } @@ -826,7 +832,7 @@ class SpecialUndelete extends SpecialPage { ] ) ); - if ( $this->getUser()->isAllowed( 'suppressrevision' ) ) { + if ( $permissionManager->userHasRight( $this->getUser(), 'suppressrevision' ) ) { $fields[] = new OOUI\FieldLayout( new OOUI\CheckboxInputWidget( [ 'name' => 'wpUnsuppress', @@ -866,7 +872,7 @@ class SpecialUndelete extends SpecialPage { if ( $haveRevisions ) { # Show the page's stored (deleted) history - if ( $this->getUser()->isAllowed( 'deleterevision' ) ) { + if ( $permissionManager->userHasRight( $this->getUser(), 'deleterevision' ) ) { $history .= Html::element( 'button', [ diff --git a/includes/specials/SpecialUpload.php b/includes/specials/SpecialUpload.php index 81c9d567f1da..e7c2e42a77da 100644 --- a/includes/specials/SpecialUpload.php +++ b/includes/specials/SpecialUpload.php @@ -311,16 +311,18 @@ class SpecialUpload extends SpecialPage { protected function showViewDeletedLinks() { $title = Title::makeTitleSafe( NS_FILE, $this->mDesiredDestName ); $user = $this->getUser(); + $permissionManager = MediaWikiServices::getInstance()->getPermissionManager(); // Show a subtitle link to deleted revisions (to sysops et al only) if ( $title instanceof Title ) { $count = $title->isDeleted(); - if ( $count > 0 && $user->isAllowed( 'deletedhistory' ) ) { + if ( $count > 0 && $permissionManager->userHasRight( $user, 'deletedhistory' ) ) { $restorelink = $this->getLinkRenderer()->makeKnownLink( SpecialPage::getTitleFor( 'Undelete', $title->getPrefixedText() ), $this->msg( 'restorelink' )->numParams( $count )->text() ); - $link = $this->msg( $user->isAllowed( 'delete' ) ? 'thisisdeleted' : 'viewdeleted' ) - ->rawParams( $restorelink )->parseAsBlock(); + $link = $this->msg( + $permissionManager->userHasRight( $user, 'delete' ) ? 'thisisdeleted' : 'viewdeleted' + )->rawParams( $restorelink )->parseAsBlock(); $this->getOutput()->addHTML( Html::rawElement( 'div', diff --git a/includes/specials/SpecialUserrights.php b/includes/specials/SpecialUserrights.php index 5747f67b83c9..585699ddd0c2 100644 --- a/includes/specials/SpecialUserrights.php +++ b/includes/specials/SpecialUserrights.php @@ -21,6 +21,8 @@ * @ingroup SpecialPage */ +use MediaWiki\MediaWikiServices; + /** * Special page to allow managing user group membership * @@ -161,7 +163,10 @@ class UserrightsPage extends SpecialPage { * (e.g. they don't have the userrights permission), then don't * allow them to change any user rights. */ - if ( !$user->isAllowed( 'userrights' ) ) { + if ( !MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $user, 'userrights' ) + ) { $block = $user->getBlock(); if ( $block && $block->isSitewide() ) { throw new UserBlockedError( $block ); @@ -515,7 +520,10 @@ class UserrightsPage extends SpecialPage { if ( WikiMap::isCurrentWikiId( $dbDomain ) ) { $dbDomain = ''; } else { - if ( $writing && !$this->getUser()->isAllowed( 'userrights-interwiki' ) ) { + if ( $writing && !MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $this->getUser(), 'userrights-interwiki' ) + ) { return Status::newFatal( 'userrights-no-interwiki' ); } if ( !UserRightsProxy::validDatabase( $dbDomain ) ) { diff --git a/includes/specials/SpecialWatchlist.php b/includes/specials/SpecialWatchlist.php index 3d563309de93..84b3331d5c02 100644 --- a/includes/specials/SpecialWatchlist.php +++ b/includes/specials/SpecialWatchlist.php @@ -381,12 +381,10 @@ class SpecialWatchlist extends ChangesListSpecialPage { // Log entries with DELETED_ACTION must not show up unless the user has // the necessary rights. - if ( !$user->isAllowed( 'deletedhistory' ) ) { + $permissionManager = MediaWikiServices::getInstance()->getPermissionManager(); + if ( !$permissionManager->userHasRight( $user, 'deletedhistory' ) ) { $bitmask = LogPage::DELETED_ACTION; - } elseif ( !MediaWikiServices::getInstance() - ->getPermissionManager() - ->userHasAnyRight( $user, 'suppressrevision', 'viewsuppressed' ) - ) { + } elseif ( !$permissionManager->userHasAnyRight( $user, 'suppressrevision', 'viewsuppressed' ) ) { $bitmask = LogPage::DELETED_ACTION | LogPage::DELETED_RESTRICTED; } else { $bitmask = 0; diff --git a/includes/specials/SpecialWhatLinksHere.php b/includes/specials/SpecialWhatLinksHere.php index 284008652617..5fe3605a9375 100644 --- a/includes/specials/SpecialWhatLinksHere.php +++ b/includes/specials/SpecialWhatLinksHere.php @@ -21,6 +21,7 @@ * @todo Use some variant of Pager or something; the pagination here is lousy. */ +use MediaWiki\MediaWikiServices; use Wikimedia\Rdbms\IDatabase; /** @@ -416,7 +417,9 @@ class SpecialWhatLinksHere extends IncludableSpecialPage { // if the page is editable, add an edit link if ( // check user permissions - $this->getUser()->isAllowed( 'edit' ) && + MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $this->getUser(), 'edit' ) && // check, if the content model is editable through action=edit ContentHandler::getForTitle( $target )->supportsDirectEditing() ) { diff --git a/includes/specials/forms/PreferencesFormOOUI.php b/includes/specials/forms/PreferencesFormOOUI.php index ea23973de494..b1bfd0bb32e3 100644 --- a/includes/specials/forms/PreferencesFormOOUI.php +++ b/includes/specials/forms/PreferencesFormOOUI.php @@ -73,16 +73,18 @@ class PreferencesFormOOUI extends OOUIHTMLForm { * @return string */ function getButtons() { - if ( !MediaWikiServices::getInstance() - ->getPermissionManager() - ->userHasAnyRight( $this->getModifiedUser(), 'editmyprivateinfo', 'editmyoptions' ) - ) { + $permissionManager = MediaWikiServices::getInstance()->getPermissionManager(); + if ( !$permissionManager->userHasAnyRight( + $this->getModifiedUser(), + 'editmyprivateinfo', + 'editmyoptions' + ) ) { return ''; } $html = parent::getButtons(); - if ( $this->getModifiedUser()->isAllowed( 'editmyoptions' ) ) { + if ( $permissionManager->userHasRight( $this->getModifiedUser(), 'editmyoptions' ) ) { $t = $this->getTitle()->getSubpage( 'reset' ); $html .= new OOUI\ButtonWidget( [ diff --git a/includes/specials/forms/UploadForm.php b/includes/specials/forms/UploadForm.php index 1e5f8168d69e..0b4e0589c095 100644 --- a/includes/specials/forms/UploadForm.php +++ b/includes/specials/forms/UploadForm.php @@ -76,7 +76,10 @@ class UploadForm extends HTMLForm { parent::__construct( $descriptor, $context, 'upload' ); # Add a link to edit MediaWiki:Licenses - if ( $this->getUser()->isAllowed( 'editinterface' ) ) { + if ( MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $this->getUser(), 'editinterface' ) + ) { $this->getOutput()->addModuleStyles( 'mediawiki.special' ); $licensesLink = $linkRenderer->makeKnownLink( $this->msg( 'licenses' )->inContentLanguage()->getTitle(), diff --git a/includes/specials/pagers/ActiveUsersPager.php b/includes/specials/pagers/ActiveUsersPager.php index 0abe842e79ea..c9c3b07f81a0 100644 --- a/includes/specials/pagers/ActiveUsersPager.php +++ b/includes/specials/pagers/ActiveUsersPager.php @@ -19,6 +19,8 @@ * @ingroup Pager */ +use MediaWiki\MediaWikiServices; + /** * This class is used to get a list of active users. The ones with specials * rights (sysop, bureaucrat, developer) will have them displayed @@ -124,7 +126,10 @@ class ActiveUsersPager extends UsersPager { ] ]; $conds['ug2.ug_user'] = null; } - if ( !$this->getUser()->isAllowed( 'hideuser' ) ) { + if ( !MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $this->getUser(), 'hideuser' ) + ) { $conds[] = 'NOT EXISTS (' . $dbr->selectSQLText( 'ipblocks', '1', [ 'ipb_user=user_id', 'ipb_deleted' => 1 ] ) . ')'; diff --git a/includes/specials/pagers/BlockListPager.php b/includes/specials/pagers/BlockListPager.php index 4441a333141d..718da6da0f2d 100644 --- a/includes/specials/pagers/BlockListPager.php +++ b/includes/specials/pagers/BlockListPager.php @@ -137,7 +137,10 @@ class BlockListPager extends TablePager { $value, /* User preference timezone */true ) ); - if ( $this->getUser()->isAllowed( 'block' ) ) { + if ( MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $this->getUser(), 'block' ) + ) { $links = []; if ( $row->ipb_auto ) { $links[] = $linkRenderer->makeKnownLink( @@ -358,7 +361,10 @@ class BlockListPager extends TablePager { $info['conds'][] = 'ipb_expiry > ' . $db->addQuotes( $db->timestamp() ); # Is the user allowed to see hidden blocks? - if ( !$this->getUser()->isAllowed( 'hideuser' ) ) { + if ( !MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $this->getUser(), 'hideuser' ) + ) { $info['conds']['ipb_deleted'] = 0; } diff --git a/includes/specials/pagers/ContribsPager.php b/includes/specials/pagers/ContribsPager.php index d76dfb88254f..3a56a87ede75 100644 --- a/includes/specials/pagers/ContribsPager.php +++ b/includes/specials/pagers/ContribsPager.php @@ -269,6 +269,7 @@ class ContribsPager extends RangeChronologicalPager { 'options' => [], 'join_conds' => $revQuery['joins'], ]; + $permissionManager = MediaWikiServices::getInstance()->getPermissionManager(); // WARNING: Keep this in sync with getTargetTable()! $user = User::newFromName( $this->target, false ); @@ -313,14 +314,11 @@ class ContribsPager extends RangeChronologicalPager { $queryInfo['conds'] = array_merge( $queryInfo['conds'], $this->getNamespaceCond() ); // Paranoia: avoid brute force searches (T19342) - if ( !$user->isAllowed( 'deletedhistory' ) ) { + if ( !$permissionManager->userHasRight( $user, 'deletedhistory' ) ) { $queryInfo['conds'][] = $this->mDb->bitAnd( 'rev_deleted', RevisionRecord::DELETED_USER ) . ' = 0'; - } elseif ( !MediaWikiServices::getInstance() - ->getPermissionManager() - ->userHasAnyRight( $user, 'suppressrevision', 'viewsuppressed' ) - ) { + } elseif ( !$permissionManager->userHasAnyRight( $user, 'suppressrevision', 'viewsuppressed' ) ) { $queryInfo['conds'][] = $this->mDb->bitAnd( 'rev_deleted', RevisionRecord::SUPPRESSED_USER ) . ' != ' . RevisionRecord::SUPPRESSED_USER; diff --git a/includes/specials/pagers/DeletedContribsPager.php b/includes/specials/pagers/DeletedContribsPager.php index cd6294d67f29..2893759eae70 100644 --- a/includes/specials/pagers/DeletedContribsPager.php +++ b/includes/specials/pagers/DeletedContribsPager.php @@ -90,13 +90,11 @@ class DeletedContribsPager extends IndexPager { ]; $conds = array_merge( $userCond, $this->getNamespaceCond() ); $user = $this->getUser(); + $permissionManager = MediaWikiServices::getInstance()->getPermissionManager(); // Paranoia: avoid brute force searches (T19792) - if ( !$user->isAllowed( 'deletedhistory' ) ) { + if ( !$permissionManager->userHasRight( $user, 'deletedhistory' ) ) { $conds[] = $this->mDb->bitAnd( 'ar_deleted', RevisionRecord::DELETED_USER ) . ' = 0'; - } elseif ( !MediaWikiServices::getInstance() - ->getPermissionManager() - ->userHasAnyRight( $user, 'suppressrevision', 'viewsuppressed' ) - ) { + } elseif ( !$permissionManager->userHasAnyRight( $user, 'suppressrevision', 'viewsuppressed' ) ) { $conds[] = $this->mDb->bitAnd( 'ar_deleted', RevisionRecord::SUPPRESSED_USER ) . ' != ' . RevisionRecord::SUPPRESSED_USER; } @@ -325,8 +323,9 @@ class DeletedContribsPager extends IndexPager { ); $user = $this->getUser(); + $permissionManager = MediaWikiServices::getInstance()->getPermissionManager(); - if ( $user->isAllowed( 'deletedtext' ) ) { + if ( $permissionManager->userHasRight( $user, 'deletedtext' ) ) { $last = $linkRenderer->makeKnownLink( $undelete, $this->messages['diff'], @@ -344,7 +343,9 @@ class DeletedContribsPager extends IndexPager { $comment = Linker::revComment( $rev ); $date = $this->getLanguage()->userTimeAndDate( $rev->getTimestamp(), $user ); - if ( !$user->isAllowed( 'undelete' ) || !$rev->userCan( RevisionRecord::DELETED_TEXT, $user ) ) { + if ( !$permissionManager->userHasRight( $user, 'undelete' ) || + !$rev->userCan( RevisionRecord::DELETED_TEXT, $user ) + ) { $link = htmlspecialchars( $date ); // unusable link } else { $link = $linkRenderer->makeKnownLink( diff --git a/includes/specials/pagers/ProtectedPagesPager.php b/includes/specials/pagers/ProtectedPagesPager.php index 747dea284ac9..bb5592ce9530 100644 --- a/includes/specials/pagers/ProtectedPagesPager.php +++ b/includes/specials/pagers/ProtectedPagesPager.php @@ -20,6 +20,7 @@ */ use MediaWiki\Linker\LinkRenderer; +use MediaWiki\MediaWikiServices; class ProtectedPagesPager extends TablePager { @@ -159,7 +160,10 @@ class ProtectedPagesPager extends TablePager { $formatted = htmlspecialchars( $this->getLanguage()->formatExpiry( $value, /* User preference timezone */true ) ); $title = Title::makeTitleSafe( $row->page_namespace, $row->page_title ); - if ( $this->getUser()->isAllowed( 'protect' ) && $title ) { + if ( $title && MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $this->getUser(), 'protect' ) + ) { $changeProtection = $linkRenderer->makeKnownLink( $title, $this->msg( 'protect_change' )->text(), diff --git a/includes/specials/pagers/UsersPager.php b/includes/specials/pagers/UsersPager.php index ba078e9f3c0d..ee0ac003ae9d 100644 --- a/includes/specials/pagers/UsersPager.php +++ b/includes/specials/pagers/UsersPager.php @@ -23,6 +23,8 @@ * @ingroup Pager */ +use MediaWiki\MediaWikiServices; + /** * This class is used to get a list of user. The ones with specials * rights (sysop, bureaucrat, developer) will have them displayed @@ -123,7 +125,10 @@ class UsersPager extends AlphabeticPager { $conds = []; // Don't show hidden names - if ( !$this->getUser()->isAllowed( 'hideuser' ) ) { + if ( !MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $this->getUser(), 'hideuser' ) + ) { $conds[] = 'ipb_deleted IS NULL OR ipb_deleted = 0'; } diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php index 3368e29aedd1..d7dfffa39fb8 100644 --- a/includes/upload/UploadBase.php +++ b/includes/upload/UploadBase.php @@ -20,7 +20,10 @@ * @file * @ingroup Upload */ + +use MediaWiki\MediaWikiServices; use MediaWiki\Shell\Shell; +use MediaWiki\User\UserIdentity; /** * @defgroup Upload Upload related @@ -145,12 +148,13 @@ abstract class UploadBase { * identifying the missing permission. * Can be overridden by subclasses. * - * @param User $user + * @param UserIdentity $user * @return bool|string */ - public static function isAllowed( $user ) { + public static function isAllowed( UserIdentity $user ) { + $permissionManager = MediaWikiServices::getInstance()->getPermissionManager(); foreach ( [ 'upload', 'edit' ] as $permission ) { - if ( !$user->isAllowed( $permission ) ) { + if ( !$permissionManager->userHasRight( $user, $permission ) ) { return $permission; } } @@ -1954,7 +1958,10 @@ abstract class UploadBase { * wfFindFile finds a file, it exists in a shared repository. */ $file = wfFindFile( $this->getTitle(), [ 'latest' => true ] ); - if ( $file && !$user->isAllowed( 'reupload-shared' ) ) { + if ( $file && !MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $user, 'reupload-shared' ) + ) { return [ 'fileexists-shared-forbidden', $file->getName() ]; } @@ -1969,9 +1976,10 @@ abstract class UploadBase { * @return bool */ public static function userCanReUpload( User $user, File $img ) { - if ( $user->isAllowed( 'reupload' ) ) { + $permissionManager = MediaWikiServices::getInstance()->getPermissionManager(); + if ( $permissionManager->userHasRight( $user, 'reupload' ) ) { return true; // non-conditional - } elseif ( !$user->isAllowed( 'reupload-own' ) ) { + } elseif ( !$permissionManager->userHasRight( $user, 'reupload-own' ) ) { return false; } diff --git a/includes/upload/UploadFromUrl.php b/includes/upload/UploadFromUrl.php index b92fcc5aa91a..b87810d540fb 100644 --- a/includes/upload/UploadFromUrl.php +++ b/includes/upload/UploadFromUrl.php @@ -1,7 +1,4 @@ <?php - -use MediaWiki\MediaWikiServices; - /** * Backend for uploading files from a HTTP resource. * @@ -24,6 +21,9 @@ use MediaWiki\MediaWikiServices; * @ingroup Upload */ +use MediaWiki\MediaWikiServices; +use MediaWiki\User\UserIdentity; + /** * Implements uploading from a HTTP resource. * @@ -43,12 +43,15 @@ class UploadFromUrl extends UploadBase { * user is not allowed, return the name of the user right as a string. If * the user is allowed, have the parent do further permissions checking. * - * @param User $user + * @param UserIdentity $user * * @return bool|string */ - public static function isAllowed( $user ) { - if ( !$user->isAllowed( 'upload_by_url' ) ) { + public static function isAllowed( UserIdentity $user ) { + if ( !MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $user, 'upload_by_url' ) + ) { return 'upload_by_url'; } @@ -167,7 +170,9 @@ class UploadFromUrl extends UploadBase { $url = $request->getVal( 'wpUploadFileURL' ); return !empty( $url ) - && $wgUser->isAllowed( 'upload_by_url' ); + && MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $wgUser, 'upload_by_url' ); } /** diff --git a/includes/user/LocalIdLookup.php b/includes/user/LocalIdLookup.php index ca3db5b07d50..4c9099e8b6fd 100644 --- a/includes/user/LocalIdLookup.php +++ b/includes/user/LocalIdLookup.php @@ -20,6 +20,8 @@ * @file */ +use MediaWiki\MediaWikiServices; + /** * A CentralIdLookup provider that just uses local IDs. Useful if the wiki * isn't part of a cluster or you're using shared user tables. @@ -69,7 +71,10 @@ class LocalIdLookup extends CentralIdLookup { 'user_id' => array_map( 'intval', array_keys( $idToName ) ), ]; $join = []; - if ( $audience && !$audience->isAllowed( 'hideuser' ) ) { + if ( $audience && !MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $audience, 'hideuser' ) + ) { $tables[] = 'ipblocks'; $join['ipblocks'] = [ 'LEFT JOIN', 'ipb_user=user_id' ]; $fields[] = 'ipb_deleted'; @@ -100,7 +105,10 @@ class LocalIdLookup extends CentralIdLookup { 'user_name' => array_map( 'strval', array_keys( $nameToId ) ), ]; $join = []; - if ( $audience && !$audience->isAllowed( 'hideuser' ) ) { + if ( $audience && !MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $audience, 'hideuser' ) + ) { $tables[] = 'ipblocks'; $join['ipblocks'] = [ 'LEFT JOIN', 'ipb_user=user_id' ]; $where[] = 'ipb_deleted = 0 OR ipb_deleted IS NULL'; diff --git a/includes/user/PasswordReset.php b/includes/user/PasswordReset.php index fd8eb3fac167..38707dec5b2c 100644 --- a/includes/user/PasswordReset.php +++ b/includes/user/PasswordReset.php @@ -22,6 +22,7 @@ use MediaWiki\Auth\AuthManager; use MediaWiki\Auth\TemporaryPasswordAuthenticationRequest; +use MediaWiki\Permissions\PermissionManager; use Psr\Log\LoggerAwareInterface; use Psr\Log\LoggerInterface; use MediaWiki\Logger\LoggerFactory; @@ -40,6 +41,9 @@ class PasswordReset implements LoggerAwareInterface { /** @var AuthManager */ protected $authManager; + /** @var PermissionManager */ + private $permissionManager; + /** @var LoggerInterface */ protected $logger; @@ -50,9 +54,14 @@ class PasswordReset implements LoggerAwareInterface { */ private $permissionCache; - public function __construct( Config $config, AuthManager $authManager ) { + public function __construct( + Config $config, + AuthManager $authManager, + PermissionManager $permissionManager + ) { $this->config = $config; $this->authManager = $authManager; + $this->permissionManager = $permissionManager; $this->permissionCache = new MapCacheLRU( 1 ); $this->logger = LoggerFactory::getInstance( 'authentication' ); } @@ -93,7 +102,7 @@ class PasswordReset implements LoggerAwareInterface { } elseif ( !$this->config->get( 'EnableEmail' ) ) { // Maybe email features have been disabled $status = StatusValue::newFatal( 'passwordreset-emaildisabled' ); - } elseif ( !$user->isAllowed( 'editmyprivateinfo' ) ) { + } elseif ( !$this->permissionManager->userHasRight( $user, 'editmyprivateinfo' ) ) { // Maybe not all users have permission to change private data $status = StatusValue::newFatal( 'badaccess' ); } elseif ( $this->isBlocked( $user ) ) { diff --git a/includes/user/UserNamePrefixSearch.php b/includes/user/UserNamePrefixSearch.php index c185babcfb1e..b3489a2256f6 100644 --- a/includes/user/UserNamePrefixSearch.php +++ b/includes/user/UserNamePrefixSearch.php @@ -20,6 +20,8 @@ * @file */ +use MediaWiki\MediaWikiServices; + /** * Handles searching prefixes of user names * @@ -46,7 +48,10 @@ class UserNamePrefixSearch { $joinConds = []; // Filter out hidden user names - if ( $audience === 'public' || !$audience->isAllowed( 'hideuser' ) ) { + if ( $audience === 'public' || !MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $audience, 'hideuser' ) + ) { $tables[] = 'ipblocks'; $cond['ipb_deleted'] = [ 0, null ]; $joinConds['ipblocks'] = [ 'LEFT JOIN', 'user_id=ipb_user' ]; diff --git a/tests/phpunit/includes/Revision/RenderedRevisionTest.php b/tests/phpunit/includes/Revision/RenderedRevisionTest.php index 96658678ba57..7115515e8a01 100644 --- a/tests/phpunit/includes/Revision/RenderedRevisionTest.php +++ b/tests/phpunit/includes/Revision/RenderedRevisionTest.php @@ -4,6 +4,7 @@ namespace MediaWiki\Tests\Revision; use Content; use Language; +use MediaWiki\MediaWikiServices; use MediaWiki\Revision\MutableRevisionRecord; use MediaWiki\Revision\MutableRevisionSlots; use MediaWiki\Revision\RenderedRevision; @@ -122,7 +123,9 @@ class RenderedRevisionTest extends MediaWikiTestCase { $mock->expects( $this->any() ) ->method( 'userCan' ) ->willReturnCallback( function ( $perm, User $user ) use ( $mock ) { - return $user->isAllowed( $perm ); + return MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $user, $perm ); } ); return $mock; diff --git a/tests/phpunit/includes/user/LocalIdLookupTest.php b/tests/phpunit/includes/user/LocalIdLookupTest.php index e38d77b72be4..0e4674455c48 100644 --- a/tests/phpunit/includes/user/LocalIdLookupTest.php +++ b/tests/phpunit/includes/user/LocalIdLookupTest.php @@ -1,6 +1,7 @@ <?php use MediaWiki\Block\DatabaseBlock; +use MediaWiki\MediaWikiServices; /** * @covers LocalIdLookup @@ -47,12 +48,12 @@ class LocalIdLookupTest extends MediaWikiTestCase { public function testLookupCentralIds() { $lookup = new LocalIdLookup(); - + $permissionManager = MediaWikiServices::getInstance()->getPermissionManager(); $user1 = $this->getLookupUser(); $user2 = User::newFromName( 'UTLocalIdLookup2' ); - $this->assertTrue( $user1->isAllowed( 'hideuser' ), 'sanity check' ); - $this->assertFalse( $user2->isAllowed( 'hideuser' ), 'sanity check' ); + $this->assertTrue( $permissionManager->userHasRight( $user1, 'hideuser' ), 'sanity check' ); + $this->assertFalse( $permissionManager->userHasRight( $user2, 'hideuser' ), 'sanity check' ); $this->assertSame( [], $lookup->lookupCentralIds( [] ) ); @@ -76,11 +77,12 @@ class LocalIdLookupTest extends MediaWikiTestCase { public function testLookupUserNames() { $lookup = new LocalIdLookup(); + $permissionManager = MediaWikiServices::getInstance()->getPermissionManager(); $user1 = $this->getLookupUser(); $user2 = User::newFromName( 'UTLocalIdLookup2' ); - $this->assertTrue( $user1->isAllowed( 'hideuser' ), 'sanity check' ); - $this->assertFalse( $user2->isAllowed( 'hideuser' ), 'sanity check' ); + $this->assertTrue( $permissionManager->userHasRight( $user1, 'hideuser' ), 'sanity check' ); + $this->assertFalse( $permissionManager->userHasRight( $user2, 'hideuser' ), 'sanity check' ); $this->assertSame( [], $lookup->lookupUserNames( [] ) ); diff --git a/tests/phpunit/includes/user/PasswordResetTest.php b/tests/phpunit/includes/user/PasswordResetTest.php index b0c0fec6b2b4..4a7aa05b1464 100644 --- a/tests/phpunit/includes/user/PasswordResetTest.php +++ b/tests/phpunit/includes/user/PasswordResetTest.php @@ -4,6 +4,7 @@ use MediaWiki\Auth\AuthManager; use MediaWiki\Block\DatabaseBlock; use MediaWiki\Block\CompositeBlock; use MediaWiki\Block\SystemBlock; +use MediaWiki\Permissions\PermissionManager; /** * @covers PasswordReset @@ -30,16 +31,19 @@ class PasswordResetTest extends MediaWikiTestCase { $user->expects( $this->any() )->method( 'getName' )->willReturn( 'Foo' ); $user->expects( $this->any() )->method( 'getBlock' )->willReturn( $block ); $user->expects( $this->any() )->method( 'getGlobalBlock' )->willReturn( $globalBlock ); - $user->expects( $this->any() )->method( 'isAllowed' ) - ->will( $this->returnCallback( function ( $perm ) use ( $canEditPrivate ) { - if ( $perm === 'editmyprivateinfo' ) { - return $canEditPrivate; - } else { - $this->fail( 'Unexpected permission check' ); - } - } ) ); - $passwordReset = new PasswordReset( $config, $authManager ); + $permissionManager = $this->getMockBuilder( PermissionManager::class ) + ->disableOriginalConstructor() + ->getMock(); + $permissionManager->method( 'userHasRight' ) + ->with( $user, 'editmyprivateinfo' ) + ->willReturn( $canEditPrivate ); + + $passwordReset = new PasswordReset( + $config, + $authManager, + $permissionManager + ); $this->assertSame( $isAllowed, $passwordReset->isAllowed( $user )->isGood() ); } @@ -204,9 +208,16 @@ class PasswordResetTest extends MediaWikiTestCase { $request->setIP( '1.2.3.4' ); $performingUser = $this->getMockBuilder( User::class )->getMock(); $performingUser->expects( $this->any() )->method( 'getRequest' )->willReturn( $request ); - $performingUser->expects( $this->any() )->method( 'isAllowed' )->willReturn( true ); $performingUser->expects( $this->any() )->method( 'getName' )->willReturn( 'Performer' ); + $permissionManager = $this->getMockBuilder( PermissionManager::class ) + ->disableOriginalConstructor() + ->getMock(); + $permissionManager->expects( $this->once() ) + ->method( 'userHasRight' ) + ->with( $performingUser, 'editmyprivateinfo' ) + ->willReturn( true ); + $targetUser1 = $this->getMockBuilder( User::class )->getMock(); $targetUser2 = $this->getMockBuilder( User::class )->getMock(); $targetUser1->expects( $this->any() )->method( 'getName' )->willReturn( 'User1' ); @@ -217,7 +228,8 @@ class PasswordResetTest extends MediaWikiTestCase { $targetUser2->expects( $this->any() )->method( 'getEmail' )->willReturn( 'foo@bar.baz' ); $passwordReset = $this->getMockBuilder( PasswordReset::class ) - ->setMethods( [ 'getUsersByEmail' ] )->setConstructorArgs( [ $config, $authManager ] ) + ->setConstructorArgs( [ $config, $authManager, $permissionManager ] ) + ->setMethods( [ 'getUsersByEmail' ] ) ->getMock(); $passwordReset->expects( $this->any() )->method( 'getUsersByEmail' )->with( 'foo@bar.baz' ) ->willReturn( [ $targetUser1, $targetUser2 ] ); diff --git a/tests/phpunit/includes/user/UserGroupMembershipTest.php b/tests/phpunit/includes/user/UserGroupMembershipTest.php index 4862747b4f62..6f575789f51c 100644 --- a/tests/phpunit/includes/user/UserGroupMembershipTest.php +++ b/tests/phpunit/includes/user/UserGroupMembershipTest.php @@ -1,5 +1,7 @@ <?php +use MediaWiki\MediaWikiServices; + /** * @group Database */ @@ -61,7 +63,9 @@ class UserGroupMembershipTest extends MediaWikiTestCase { $user->clearInstanceCache(); $this->assertContains( 'unittesters', $user->getGroups() ); $this->assertArrayHasKey( 'unittesters', $user->getGroupMemberships() ); - $this->assertTrue( $user->isAllowed( 'runtest' ) ); + $this->assertTrue( MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $user, 'runtest' ) ); // try updating without allowUpdate. Should fail $ugm = new UserGroupMembership( $user->getId(), 'unittesters', $this->expiryTime ); @@ -72,7 +76,9 @@ class UserGroupMembershipTest extends MediaWikiTestCase { $user->clearInstanceCache(); $this->assertContains( 'unittesters', $user->getGroups() ); $this->assertArrayHasKey( 'unittesters', $user->getGroupMemberships() ); - $this->assertTrue( $user->isAllowed( 'runtest' ) ); + $this->assertTrue( MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $user, 'runtest' ) ); // try removing the group $ugm->delete(); @@ -81,7 +87,9 @@ class UserGroupMembershipTest extends MediaWikiTestCase { $this->logicalNot( $this->contains( 'unittesters' ) ) ); $this->assertThat( $user->getGroupMemberships(), $this->logicalNot( $this->arrayHasKey( 'unittesters' ) ) ); - $this->assertFalse( $user->isAllowed( 'runtest' ) ); + $this->assertFalse( MediaWikiServices::getInstance() + ->getPermissionManager() + ->userHasRight( $user, 'runtest' ) ); // check that the user group is now in user_former_groups $this->assertContains( 'unittesters', $user->getFormerGroups() ); |