mirror of
https://gerrit.wikimedia.org/r/mediawiki/extensions/AbuseFilter.git
synced 2024-12-18 08:30:52 +00:00
bf28dbce0e
Some exposed variables (eg. `user_ip`) used in filters are sensitive and need to only be available to restricted groups of users. Back-end changes: - Add `AbuseFilterProtectedVariables` which defines what variables are protected by the new right `abusefilter-access-protected-vars` - Add the concept of a `protected` variable, the use of which will denote the entire filter as protected via a flag on `af_hidden` New UX features: - Display changes to the protected status of filters on history and diff pages - Check for protected variables and the right to see them in filter validation and don't allow a filter to be saved if it uses a variable that the user doesn't have access to - Check for the right to view protected variables before allowing access and edits to existing filters that use them Bug: T364465 Bug: T363906 Change-Id: I828bbb4015e87040f69a8e10c7888273c4f24dd3
126 lines
2.4 KiB
PHP
126 lines
2.4 KiB
PHP
<?php
|
|
|
|
namespace MediaWiki\Extension\AbuseFilter\Filter;
|
|
|
|
/**
|
|
* (Mutable) value object to represent flags that can be *manually* set on a filter.
|
|
*/
|
|
class Flags {
|
|
/** @var bool */
|
|
private $enabled;
|
|
/** @var bool */
|
|
private $deleted;
|
|
/** @var bool */
|
|
private $hidden;
|
|
/** @var bool */
|
|
private $protected;
|
|
/** @var int */
|
|
private $privacyLevel;
|
|
/** @var bool */
|
|
private $global;
|
|
|
|
public const FILTER_PUBLIC = 0b00;
|
|
public const FILTER_HIDDEN = 0b01;
|
|
public const FILTER_USES_PROTECTED_VARS = 0b10;
|
|
|
|
/**
|
|
* @param bool $enabled
|
|
* @param bool $deleted
|
|
* @param int $hidden
|
|
* @param bool $global
|
|
*/
|
|
public function __construct( bool $enabled, bool $deleted, int $hidden, bool $global ) {
|
|
$this->enabled = $enabled;
|
|
$this->deleted = $deleted;
|
|
$this->hidden = (bool)( self::FILTER_HIDDEN & $hidden );
|
|
$this->protected = (bool)( self::FILTER_USES_PROTECTED_VARS & $hidden );
|
|
$this->privacyLevel = $hidden;
|
|
$this->global = $global;
|
|
}
|
|
|
|
/**
|
|
* @return bool
|
|
*/
|
|
public function getEnabled(): bool {
|
|
return $this->enabled;
|
|
}
|
|
|
|
/**
|
|
* @param bool $enabled
|
|
*/
|
|
public function setEnabled( bool $enabled ): void {
|
|
$this->enabled = $enabled;
|
|
}
|
|
|
|
/**
|
|
* @return bool
|
|
*/
|
|
public function getDeleted(): bool {
|
|
return $this->deleted;
|
|
}
|
|
|
|
/**
|
|
* @param bool $deleted
|
|
*/
|
|
public function setDeleted( bool $deleted ): void {
|
|
$this->deleted = $deleted;
|
|
}
|
|
|
|
/**
|
|
* @return bool
|
|
*/
|
|
public function getHidden(): bool {
|
|
return $this->hidden;
|
|
}
|
|
|
|
/**
|
|
* @param bool $hidden
|
|
*/
|
|
public function setHidden( bool $hidden ): void {
|
|
$this->hidden = $hidden;
|
|
$this->updatePrivacyLevel();
|
|
}
|
|
|
|
/**
|
|
* @return bool
|
|
*/
|
|
public function getProtected(): bool {
|
|
return $this->protected;
|
|
}
|
|
|
|
/**
|
|
* @param bool $protected
|
|
*/
|
|
public function setProtected( bool $protected ): void {
|
|
$this->protected = $protected;
|
|
$this->updatePrivacyLevel();
|
|
}
|
|
|
|
private function updatePrivacyLevel() {
|
|
$hidden = $this->hidden ? self::FILTER_HIDDEN : 0;
|
|
$protected = $this->protected ? self::FILTER_USES_PROTECTED_VARS : 0;
|
|
$this->privacyLevel = $hidden | $protected;
|
|
}
|
|
|
|
/**
|
|
* @return int
|
|
*/
|
|
public function getPrivacyLevel(): int {
|
|
return $this->privacyLevel;
|
|
}
|
|
|
|
/**
|
|
* @return bool
|
|
*/
|
|
public function getGlobal(): bool {
|
|
return $this->global;
|
|
}
|
|
|
|
/**
|
|
* @param bool $global
|
|
*/
|
|
public function setGlobal( bool $global ): void {
|
|
$this->global = $global;
|
|
}
|
|
}
|