mirror of
https://gerrit.wikimedia.org/r/mediawiki/extensions/AbuseFilter.git
synced 2024-11-12 00:38:23 +00:00
Convert remaining permissions checks to use Authority
Change-Id: I5e996cac37bc806db6c3d7ad5c666a606cd79236
This commit is contained in:
Matěj Suchánek
parent
f3ec0063ac
commit
799e1db093
|
|
@ -6,12 +6,12 @@ use MediaWiki\Extension\AbuseFilter\AbuseFilterPermissionManager;
|
|||
use MediaWiki\Extension\AbuseFilter\KeywordsManager;
|
||||
use MediaWiki\Extension\AbuseFilter\Parser\AbuseFilterTokenizer;
|
||||
use MediaWiki\Extension\AbuseFilter\Parser\FilterEvaluator;
|
||||
use MediaWiki\Permissions\Authority;
|
||||
use MessageLocalizer;
|
||||
use OOUI\ButtonWidget;
|
||||
use OOUI\HorizontalLayout;
|
||||
use OOUI\Widget;
|
||||
use OutputPage;
|
||||
use User;
|
||||
use Xml;
|
||||
|
||||
/**
|
||||
|
|
@ -30,11 +30,11 @@ class AceEditBoxBuiler extends EditBoxBuilder {
|
|||
AbuseFilterPermissionManager $afPermManager,
|
||||
KeywordsManager $keywordsManager,
|
||||
MessageLocalizer $messageLocalizer,
|
||||
User $user,
|
||||
Authority $authority,
|
||||
OutputPage $output,
|
||||
PlainEditBoxBuiler $plainBuilder
|
||||
) {
|
||||
parent::__construct( $afPermManager, $keywordsManager, $messageLocalizer, $user, $output );
|
||||
parent::__construct( $afPermManager, $keywordsManager, $messageLocalizer, $authority, $output );
|
||||
$this->plainBuilder = $plainBuilder;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ namespace MediaWiki\Extension\AbuseFilter\EditBox;
|
|||
|
||||
use MediaWiki\Extension\AbuseFilter\AbuseFilterPermissionManager;
|
||||
use MediaWiki\Extension\AbuseFilter\KeywordsManager;
|
||||
use MediaWiki\Permissions\Authority;
|
||||
use MessageLocalizer;
|
||||
use OOUI\ButtonWidget;
|
||||
use OOUI\DropdownInputWidget;
|
||||
|
|
@ -11,7 +12,6 @@ use OOUI\FieldLayout;
|
|||
use OOUI\FieldsetLayout;
|
||||
use OOUI\Widget;
|
||||
use OutputPage;
|
||||
use User;
|
||||
use Xml;
|
||||
|
||||
/**
|
||||
|
|
@ -27,8 +27,8 @@ abstract class EditBoxBuilder {
|
|||
/** @var MessageLocalizer */
|
||||
protected $localizer;
|
||||
|
||||
/** @var User */
|
||||
protected $user;
|
||||
/** @var Authority */
|
||||
protected $authority;
|
||||
|
||||
/** @var OutputPage */
|
||||
protected $output;
|
||||
|
|
@ -37,20 +37,20 @@ abstract class EditBoxBuilder {
|
|||
* @param AbuseFilterPermissionManager $afPermManager
|
||||
* @param KeywordsManager $keywordsManager
|
||||
* @param MessageLocalizer $messageLocalizer
|
||||
* @param User $user
|
||||
* @param Authority $authority
|
||||
* @param OutputPage $output
|
||||
*/
|
||||
public function __construct(
|
||||
AbuseFilterPermissionManager $afPermManager,
|
||||
KeywordsManager $keywordsManager,
|
||||
MessageLocalizer $messageLocalizer,
|
||||
User $user,
|
||||
Authority $authority,
|
||||
OutputPage $output
|
||||
) {
|
||||
$this->afPermManager = $afPermManager;
|
||||
$this->keywordsManager = $keywordsManager;
|
||||
$this->localizer = $messageLocalizer;
|
||||
$this->user = $user;
|
||||
$this->authority = $authority;
|
||||
$this->output = $output;
|
||||
}
|
||||
|
||||
|
|
@ -72,8 +72,8 @@ abstract class EditBoxBuilder {
|
|||
$this->output->enableOOUI();
|
||||
|
||||
$isUserAllowed = $needsModifyRights ?
|
||||
$this->afPermManager->canEdit( $this->user ) :
|
||||
$this->afPermManager->canUseTestTools( $this->user );
|
||||
$this->afPermManager->canEdit( $this->authority ) :
|
||||
$this->afPermManager->canUseTestTools( $this->authority );
|
||||
if ( !$isUserAllowed ) {
|
||||
$addResultDiv = false;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,9 +5,9 @@ namespace MediaWiki\Extension\AbuseFilter\EditBox;
|
|||
use BadMethodCallException;
|
||||
use MediaWiki\Extension\AbuseFilter\AbuseFilterPermissionManager;
|
||||
use MediaWiki\Extension\AbuseFilter\KeywordsManager;
|
||||
use MediaWiki\Permissions\Authority;
|
||||
use MessageLocalizer;
|
||||
use OutputPage;
|
||||
use User;
|
||||
|
||||
/**
|
||||
* Factory for EditBoxBuilder objects
|
||||
|
|
@ -43,49 +43,49 @@ class EditBoxBuilderFactory {
|
|||
/**
|
||||
* Returns a builder, preferring the Ace version if available
|
||||
* @param MessageLocalizer $messageLocalizer
|
||||
* @param User $user
|
||||
* @param Authority $authority
|
||||
* @param OutputPage $output
|
||||
* @return EditBoxBuilder
|
||||
*/
|
||||
public function newEditBoxBuilder(
|
||||
MessageLocalizer $messageLocalizer,
|
||||
User $user,
|
||||
Authority $authority,
|
||||
OutputPage $output
|
||||
): EditBoxBuilder {
|
||||
return $this->isCodeEditorLoaded
|
||||
? $this->newAceBoxBuilder( $messageLocalizer, $user, $output )
|
||||
: $this->newPlainBoxBuilder( $messageLocalizer, $user, $output );
|
||||
? $this->newAceBoxBuilder( $messageLocalizer, $authority, $output )
|
||||
: $this->newPlainBoxBuilder( $messageLocalizer, $authority, $output );
|
||||
}
|
||||
|
||||
/**
|
||||
* @param MessageLocalizer $messageLocalizer
|
||||
* @param User $user
|
||||
* @param Authority $authority
|
||||
* @param OutputPage $output
|
||||
* @return PlainEditBoxBuiler
|
||||
*/
|
||||
public function newPlainBoxBuilder(
|
||||
MessageLocalizer $messageLocalizer,
|
||||
User $user,
|
||||
Authority $authority,
|
||||
OutputPage $output
|
||||
): PlainEditBoxBuiler {
|
||||
return new PlainEditBoxBuiler(
|
||||
$this->afPermManager,
|
||||
$this->keywordsManager,
|
||||
$messageLocalizer,
|
||||
$user,
|
||||
$authority,
|
||||
$output
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param MessageLocalizer $messageLocalizer
|
||||
* @param User $user
|
||||
* @param Authority $authority
|
||||
* @param OutputPage $output
|
||||
* @return AceEditBoxBuiler
|
||||
*/
|
||||
public function newAceBoxBuilder(
|
||||
MessageLocalizer $messageLocalizer,
|
||||
User $user,
|
||||
Authority $authority,
|
||||
OutputPage $output
|
||||
): AceEditBoxBuiler {
|
||||
if ( !$this->isCodeEditorLoaded ) {
|
||||
|
|
@ -95,11 +95,11 @@ class EditBoxBuilderFactory {
|
|||
$this->afPermManager,
|
||||
$this->keywordsManager,
|
||||
$messageLocalizer,
|
||||
$user,
|
||||
$authority,
|
||||
$output,
|
||||
$this->newPlainBoxBuilder(
|
||||
$messageLocalizer,
|
||||
$user,
|
||||
$authority,
|
||||
$output
|
||||
)
|
||||
);
|
||||
|
|
|
|||
|
|
@ -7,9 +7,9 @@ use MediaWiki\Extension\AbuseFilter\ChangeTags\ChangeTagsManager;
|
|||
use MediaWiki\Extension\AbuseFilter\Consequences\ConsequencesRegistry;
|
||||
use MediaWiki\Extension\AbuseFilter\Filter\Filter;
|
||||
use MediaWiki\Extension\AbuseFilter\Special\SpecialAbuseFilter;
|
||||
use MediaWiki\Permissions\Authority;
|
||||
use MediaWiki\User\UserIdentity;
|
||||
use Status;
|
||||
use User;
|
||||
use Wikimedia\Rdbms\ILoadBalancer;
|
||||
|
||||
/**
|
||||
|
|
@ -80,19 +80,19 @@ class FilterStore {
|
|||
* - OK with errors if a validation error occurred
|
||||
* - Fatal in case of a permission-related error
|
||||
*
|
||||
* @param User $user
|
||||
* @param Authority $performer
|
||||
* @param int|null $filterId
|
||||
* @param Filter $newFilter
|
||||
* @param Filter $originalFilter
|
||||
* @return Status
|
||||
*/
|
||||
public function saveFilter(
|
||||
User $user,
|
||||
Authority $performer,
|
||||
?int $filterId,
|
||||
Filter $newFilter,
|
||||
Filter $originalFilter
|
||||
): Status {
|
||||
$validationStatus = $this->filterValidator->checkAll( $newFilter, $originalFilter, $user );
|
||||
$validationStatus = $this->filterValidator->checkAll( $newFilter, $originalFilter, $performer );
|
||||
if ( !$validationStatus->isGood() ) {
|
||||
return $validationStatus;
|
||||
}
|
||||
|
|
@ -105,7 +105,8 @@ class FilterStore {
|
|||
|
||||
// Everything went fine, so let's save the filter
|
||||
$wasGlobal = $originalFilter->isGlobal();
|
||||
[ $newID, $historyID ] = $this->doSaveFilter( $user, $newFilter, $differences, $filterId, $wasGlobal );
|
||||
[ $newID, $historyID ] = $this->doSaveFilter(
|
||||
$performer->getUser(), $newFilter, $differences, $filterId, $wasGlobal );
|
||||
return Status::newGood( [ $newID, $historyID ] );
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -10,7 +10,6 @@ use MediaWiki\Extension\AbuseFilter\Parser\RuleCheckerFactory;
|
|||
use MediaWiki\Permissions\Authority;
|
||||
use Message;
|
||||
use Status;
|
||||
use User;
|
||||
|
||||
/**
|
||||
* This class validates filters, e.g. before saving.
|
||||
|
|
@ -60,10 +59,12 @@ class FilterValidator {
|
|||
/**
|
||||
* @param AbstractFilter $newFilter
|
||||
* @param AbstractFilter $originalFilter
|
||||
* @param User $user
|
||||
* @param Authority $performer
|
||||
* @return Status
|
||||
*/
|
||||
public function checkAll( AbstractFilter $newFilter, AbstractFilter $originalFilter, User $user ): Status {
|
||||
public function checkAll(
|
||||
AbstractFilter $newFilter, AbstractFilter $originalFilter, Authority $performer
|
||||
): Status {
|
||||
// TODO We might consider not bailing at the first error, so we can show all errors at the first attempt
|
||||
|
||||
$syntaxStatus = $this->checkValidSyntax( $newFilter );
|
||||
|
|
@ -101,7 +102,7 @@ class FilterValidator {
|
|||
}
|
||||
}
|
||||
|
||||
$globalPermStatus = $this->checkGlobalFilterEditPermission( $user, $newFilter, $originalFilter );
|
||||
$globalPermStatus = $this->checkGlobalFilterEditPermission( $performer, $newFilter, $originalFilter );
|
||||
if ( !$globalPermStatus->isGood() ) {
|
||||
return $globalPermStatus;
|
||||
}
|
||||
|
|
@ -111,7 +112,7 @@ class FilterValidator {
|
|||
return $globalFilterMsgStatus;
|
||||
}
|
||||
|
||||
$restrictedActionsStatus = $this->checkRestrictedActions( $user, $newFilter, $originalFilter );
|
||||
$restrictedActionsStatus = $this->checkRestrictedActions( $performer, $newFilter, $originalFilter );
|
||||
if ( !$restrictedActionsStatus->isGood() ) {
|
||||
return $restrictedActionsStatus;
|
||||
}
|
||||
|
|
@ -285,19 +286,19 @@ class FilterValidator {
|
|||
}
|
||||
|
||||
/**
|
||||
* @param User $user
|
||||
* @param Authority $performer
|
||||
* @param AbstractFilter $newFilter
|
||||
* @param AbstractFilter $originalFilter
|
||||
* @return Status
|
||||
*/
|
||||
public function checkGlobalFilterEditPermission(
|
||||
User $user,
|
||||
Authority $performer,
|
||||
AbstractFilter $newFilter,
|
||||
AbstractFilter $originalFilter
|
||||
): Status {
|
||||
if (
|
||||
!$this->permManager->canEditFilter( $user, $newFilter ) ||
|
||||
!$this->permManager->canEditFilter( $user, $originalFilter )
|
||||
!$this->permManager->canEditFilter( $performer, $newFilter ) ||
|
||||
!$this->permManager->canEditFilter( $performer, $originalFilter )
|
||||
) {
|
||||
return Status::newFatal( 'abusefilter-edit-notallowed-global' );
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,10 +8,10 @@ use MediaWiki\Extension\AbuseFilter\EditBox\AceEditBoxBuiler;
|
|||
use MediaWiki\Extension\AbuseFilter\EditBox\EditBoxBuilderFactory;
|
||||
use MediaWiki\Extension\AbuseFilter\EditBox\PlainEditBoxBuiler;
|
||||
use MediaWiki\Extension\AbuseFilter\KeywordsManager;
|
||||
use MediaWiki\Permissions\Authority;
|
||||
use MediaWikiUnitTestCase;
|
||||
use MessageLocalizer;
|
||||
use OutputPage;
|
||||
use User;
|
||||
|
||||
/**
|
||||
* @coversDefaultClass \MediaWiki\Extension\AbuseFilter\Editbox\EditBoxBuilderFactory
|
||||
|
|
@ -40,7 +40,7 @@ class EditBoxBuilderFactoryTest extends MediaWikiUnitTestCase {
|
|||
public function testNewEditBoxBuilder( bool $isCodeEditorLoaded ) {
|
||||
$builder = $this->getFactory( $isCodeEditorLoaded )->newEditBoxBuilder(
|
||||
$this->createMock( MessageLocalizer::class ),
|
||||
$this->createMock( User::class ),
|
||||
$this->createMock( Authority::class ),
|
||||
$this->createMock( OutputPage::class )
|
||||
);
|
||||
$isCodeEditorLoaded
|
||||
|
|
@ -63,7 +63,7 @@ class EditBoxBuilderFactoryTest extends MediaWikiUnitTestCase {
|
|||
PlainEditBoxBuiler::class,
|
||||
$this->getFactory( false )->newPlainBoxBuilder(
|
||||
$this->createMock( MessageLocalizer::class ),
|
||||
$this->createMock( User::class ),
|
||||
$this->createMock( Authority::class ),
|
||||
$this->createMock( OutputPage::class )
|
||||
)
|
||||
);
|
||||
|
|
@ -77,7 +77,7 @@ class EditBoxBuilderFactoryTest extends MediaWikiUnitTestCase {
|
|||
AceEditBoxBuiler::class,
|
||||
$this->getFactory( true )->newAceBoxBuilder(
|
||||
$this->createMock( MessageLocalizer::class ),
|
||||
$this->createMock( User::class ),
|
||||
$this->createMock( Authority::class ),
|
||||
$this->createMock( OutputPage::class )
|
||||
)
|
||||
);
|
||||
|
|
@ -90,7 +90,7 @@ class EditBoxBuilderFactoryTest extends MediaWikiUnitTestCase {
|
|||
$this->expectException( BadMethodCallException::class );
|
||||
$this->getFactory( false )->newAceBoxBuilder(
|
||||
$this->createMock( MessageLocalizer::class ),
|
||||
$this->createMock( User::class ),
|
||||
$this->createMock( Authority::class ),
|
||||
$this->createMock( OutputPage::class )
|
||||
);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,10 +14,10 @@ use MediaWiki\Extension\AbuseFilter\Parser\Exception\UserVisibleException;
|
|||
use MediaWiki\Extension\AbuseFilter\Parser\FilterEvaluator;
|
||||
use MediaWiki\Extension\AbuseFilter\Parser\ParserStatus;
|
||||
use MediaWiki\Extension\AbuseFilter\Parser\RuleCheckerFactory;
|
||||
use MediaWiki\Permissions\Authority;
|
||||
use MediaWikiUnitTestCase;
|
||||
use PHPUnit\Framework\MockObject\MockObject;
|
||||
use Status;
|
||||
use User;
|
||||
|
||||
/**
|
||||
* @group Test
|
||||
|
|
@ -208,7 +208,7 @@ class FilterValidatorTest extends MediaWikiUnitTestCase {
|
|||
$permManager->method( 'canEditFilter' )->willReturnOnConsecutiveCalls( $canEditNew, $canEditOrig );
|
||||
$validator = $this->getFilterValidator( $permManager );
|
||||
$actual = $validator->checkGlobalFilterEditPermission(
|
||||
$this->createMock( User::class ),
|
||||
$this->createMock( Authority::class ),
|
||||
$this->createMock( AbstractFilter::class ),
|
||||
$this->createMock( AbstractFilter::class )
|
||||
);
|
||||
|
|
@ -283,10 +283,10 @@ class FilterValidatorTest extends MediaWikiUnitTestCase {
|
|||
?string $expected
|
||||
) {
|
||||
$validator = $this->getFilterValidator( $permManager, null, $restrictions );
|
||||
$user = $this->createMock( User::class );
|
||||
$performer = $this->createMock( Authority::class );
|
||||
$this->assertStatusMessageParams(
|
||||
$expected,
|
||||
$validator->checkRestrictedActions( $user, $newFilter, $oldFilter )
|
||||
$validator->checkRestrictedActions( $performer, $newFilter, $oldFilter )
|
||||
);
|
||||
}
|
||||
|
||||
|
|
@ -382,7 +382,7 @@ class FilterValidatorTest extends MediaWikiUnitTestCase {
|
|||
$validator = $this->getFilterValidator( $permissionManager, $ruleChecker, $restrictions );
|
||||
$origFilter = $this->createMock( AbstractFilter::class );
|
||||
|
||||
$status = $validator->checkAll( $newFilter, $origFilter, $this->createMock( User::class ) );
|
||||
$status = $validator->checkAll( $newFilter, $origFilter, $this->createMock( Authority::class ) );
|
||||
$actualError = $status->isGood() ? null : $status->getErrors()[0]['message'];
|
||||
$this->assertSame( $expected, $actualError );
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue