wikimedia/mediawiki-core

View on GitHub
includes/api/ApiUserrights.php

Summary

Maintainability
C
1 day
Test Coverage
<?php

/**
 * API userrights module
 *
 * Copyright © 2009 Roan Kattouw <roan.kattouw@gmail.com>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 * http://www.gnu.org/copyleft/gpl.html
 *
 * @file
 */

use MediaWiki\MainConfigNames;
use MediaWiki\ParamValidator\TypeDef\UserDef;
use MediaWiki\Specials\SpecialUserRights;
use MediaWiki\Title\Title;
use MediaWiki\User\Options\UserOptionsLookup;
use MediaWiki\User\UserGroupManager;
use MediaWiki\User\UserIdentity;
use MediaWiki\Watchlist\WatchedItemStoreInterface;
use MediaWiki\Watchlist\WatchlistManager;
use Wikimedia\ParamValidator\ParamValidator;
use Wikimedia\ParamValidator\TypeDef\ExpiryDef;

/**
 * @ingroup API
 */
class ApiUserrights extends ApiBase {

    use ApiWatchlistTrait;

    /** @var UserIdentity|null */
    private $mUser = null;

    private UserGroupManager $userGroupManager;
    private WatchedItemStoreInterface $watchedItemStore;

    /**
     * @param ApiMain $mainModule
     * @param string $moduleName
     * @param UserGroupManager $userGroupManager
     * @param WatchedItemStoreInterface $watchedItemStore
     * @param WatchlistManager $watchlistManager
     * @param UserOptionsLookup $userOptionsLookup
     */
    public function __construct(
        ApiMain $mainModule,
        $moduleName,
        UserGroupManager $userGroupManager,
        WatchedItemStoreInterface $watchedItemStore,
        WatchlistManager $watchlistManager,
        UserOptionsLookup $userOptionsLookup
    ) {
        parent::__construct( $mainModule, $moduleName );
        $this->userGroupManager = $userGroupManager;
        $this->watchedItemStore = $watchedItemStore;

        // Variables needed in ApiWatchlistTrait trait
        $this->watchlistExpiryEnabled = $this->getConfig()->get( MainConfigNames::WatchlistExpiry );
        $this->watchlistMaxDuration =
            $this->getConfig()->get( MainConfigNames::WatchlistExpiryMaxDuration );
        $this->watchlistManager = $watchlistManager;
        $this->userOptionsLookup = $userOptionsLookup;
    }

    public function execute() {
        $pUser = $this->getUser();

        // Deny if the user is blocked and doesn't have the full 'userrights' permission.
        // This matches what Special:UserRights does for the web UI.
        if ( !$this->getAuthority()->isAllowed( 'userrights' ) ) {
            $block = $pUser->getBlock( IDBAccessObject::READ_LATEST );
            if ( $block && $block->isSitewide() ) {
                $this->dieBlocked( $block );
            }
        }

        $params = $this->extractRequestParams();

        // Figure out expiry times from the input
        $expiry = (array)$params['expiry'];
        $add = (array)$params['add'];
        if ( !$add ) {
            $expiry = [];
        } elseif ( count( $expiry ) !== count( $add ) ) {
            if ( count( $expiry ) === 1 ) {
                $expiry = array_fill( 0, count( $add ), $expiry[0] );
            } else {
                $this->dieWithError( [
                    'apierror-toofewexpiries',
                    count( $expiry ),
                    count( $add )
                ] );
            }
        }

        // Validate the expiries
        $groupExpiries = [];
        foreach ( $expiry as $index => $expiryValue ) {
            $group = $add[$index];
            $groupExpiries[$group] = SpecialUserRights::expiryToTimestamp( $expiryValue );

            if ( $groupExpiries[$group] === false ) {
                $this->dieWithError( [ 'apierror-invalidexpiry', wfEscapeWikiText( $expiryValue ) ] );
            }

            // not allowed to have things expiring in the past
            if ( $groupExpiries[$group] && $groupExpiries[$group] < wfTimestampNow() ) {
                $this->dieWithError( [ 'apierror-pastexpiry', wfEscapeWikiText( $expiryValue ) ] );
            }
        }

        $user = $this->getUrUser( $params );

        $tags = $params['tags'];

        // Check if user can add tags
        if ( $tags !== null ) {
            $ableToTag = ChangeTags::canAddTagsAccompanyingChange( $tags, $this->getAuthority() );
            if ( !$ableToTag->isOK() ) {
                $this->dieStatus( $ableToTag );
            }
        }

        $form = new SpecialUserRights();
        $form->setContext( $this->getContext() );
        $r = [];
        $r['user'] = $user->getName();
        $r['userid'] = $user->getId( $user->getWikiId() );
        [ $r['added'], $r['removed'] ] = $form->doSaveUserGroups(
            // Don't pass null to doSaveUserGroups() for array params, cast to empty array
            $user, $add, (array)$params['remove'],
            $params['reason'], (array)$tags, $groupExpiries
        );

        $watchlistExpiry = $this->getExpiryFromParams( $params );
        $watchuser = $params['watchuser'];
        $userPage = Title::makeTitle( NS_USER, $user->getName() );
        if ( $watchuser && $user->getWikiId() === UserIdentity::LOCAL ) {
            $this->setWatch( 'watch', $userPage, $this->getUser(), null, $watchlistExpiry );
        } else {
            $watchuser = false;
            $watchlistExpiry = null;
        }
        $r['watchuser'] = $watchuser;
        if ( $watchlistExpiry !== null ) {
            $r['watchlistexpiry'] = $this->getWatchlistExpiry(
                $this->watchedItemStore,
                $userPage,
                $this->getUser()
            );
        }

        $result = $this->getResult();
        ApiResult::setIndexedTagName( $r['added'], 'group' );
        ApiResult::setIndexedTagName( $r['removed'], 'group' );
        $result->addValue( null, $this->getModuleName(), $r );
    }

    /**
     * @param array $params
     * @return UserIdentity
     */
    private function getUrUser( array $params ) {
        if ( $this->mUser !== null ) {
            return $this->mUser;
        }

        $this->requireOnlyOneParameter( $params, 'user', 'userid' );

        $user = $params['user'] ?? '#' . $params['userid'];

        $form = new SpecialUserRights();
        $form->setContext( $this->getContext() );
        $status = $form->fetchUser( $user );
        if ( !$status->isOK() ) {
            $this->dieStatus( $status );
        }

        $this->mUser = $status->value;

        return $status->value;
    }

    public function mustBePosted() {
        return true;
    }

    public function isWriteMode() {
        return true;
    }

    public function getAllowedParams( $flags = 0 ) {
        $allGroups = $this->userGroupManager->listAllGroups();

        if ( $flags & ApiBase::GET_VALUES_FOR_HELP ) {
            sort( $allGroups );
        }

        $params = [
            'user' => [
                ParamValidator::PARAM_TYPE => 'user',
                UserDef::PARAM_ALLOWED_USER_TYPES => [ 'name', 'id' ],
            ],
            'userid' => [
                ParamValidator::PARAM_TYPE => 'integer',
                ParamValidator::PARAM_DEPRECATED => true,
            ],
            'add' => [
                ParamValidator::PARAM_TYPE => $allGroups,
                ParamValidator::PARAM_ISMULTI => true
            ],
            'expiry' => [
                ParamValidator::PARAM_ISMULTI => true,
                ParamValidator::PARAM_ALLOW_DUPLICATES => true,
                ParamValidator::PARAM_DEFAULT => 'infinite',
            ],
            'remove' => [
                ParamValidator::PARAM_TYPE => $allGroups,
                ParamValidator::PARAM_ISMULTI => true
            ],
            'reason' => [
                ParamValidator::PARAM_DEFAULT => ''
            ],
            'token' => [
                // Standard definition automatically inserted
                ApiBase::PARAM_HELP_MSG_APPEND => [ 'api-help-param-token-webui' ],
            ],
            'tags' => [
                ParamValidator::PARAM_TYPE => 'tags',
                ParamValidator::PARAM_ISMULTI => true
            ],
            'watchuser' => false,
        ];

        // Params appear in the docs in the order they are defined,
        // which is why this is here and not at the bottom.
        // @todo Find better way to support insertion at arbitrary position
        if ( $this->watchlistExpiryEnabled ) {
            $params += [
                'watchlistexpiry' => [
                    ParamValidator::PARAM_TYPE => 'expiry',
                    ExpiryDef::PARAM_MAX => $this->watchlistMaxDuration,
                    ExpiryDef::PARAM_USE_MAX => true,
                ]
            ];
        }

        return $params;
    }

    public function needsToken() {
        return 'userrights';
    }

    protected function getWebUITokenSalt( array $params ) {
        return $this->getUrUser( $params )->getName();
    }

    protected function getExamplesMessages() {
        return [
            'action=userrights&user=FooBot&add=bot&remove=sysop|bureaucrat&token=123ABC'
                => 'apihelp-userrights-example-user',
            'action=userrights&userid=123&add=bot&remove=sysop|bureaucrat&token=123ABC'
                => 'apihelp-userrights-example-userid',
            'action=userrights&user=SometimeSysop&add=sysop&expiry=1%20month&token=123ABC'
                => 'apihelp-userrights-example-expiry',
        ];
    }

    public function getHelpUrls() {
        return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:User_group_membership';
    }
}