use Action;
use ContentHandler;
use FauxRequest;
+use LoggedServiceOptions;
use MediaWiki\Block\DatabaseBlock;
use MediaWiki\Block\Restriction\NamespaceRestriction;
use MediaWiki\Block\Restriction\PageRestriction;
use MediaWiki\Permissions\PermissionManager;
use MediaWiki\Revision\MutableRevisionRecord;
use MediaWiki\Revision\RevisionLookup;
+use MWException;
+use TestAllServiceOptionsUsed;
use Wikimedia\ScopedCallback;
use MediaWiki\Session\SessionId;
use MediaWiki\Session\TestUtils;
* @covers \MediaWiki\Permissions\PermissionManager
*/
class PermissionManagerTest extends MediaWikiLangTestCase {
+ use TestAllServiceOptionsUsed;
/**
* @var string
* @covers MediaWiki\Permissions\PermissionManager::checkSpecialsAndNSPermissions
*/
public function testSpecialsAndNSPermissions() {
- global $wgNamespaceProtection;
$this->setUser( $this->userName );
$this->setTitle( NS_SPECIAL );
MediaWikiServices::getInstance()->getPermissionManager()
->getPermissionErrors( 'bogus', $this->user, $this->title ) );
- $wgNamespaceProtection[NS_USER] = [ 'bogus' ];
+ $this->mergeMwGlobalArrayValue( 'wgNamespaceProtection', [
+ NS_USER => [ 'bogus' ]
+ ] );
+ $this->resetServices();
+ $this->overrideUserPermissions( $this->user, '' );
$this->setTitle( NS_USER );
- $this->overrideUserPermissions( $this->user, '' );
$this->assertEquals( [ [ 'badaccess-group0' ],
[ 'namespaceprotected', 'User', 'bogus' ] ],
MediaWikiServices::getInstance()->getPermissionManager()
MediaWikiServices::getInstance()->getPermissionManager()
->getPermissionErrors( 'bogus', $this->user, $this->title ) );
- $wgNamespaceProtection = null;
-
+ $this->setMwGlobals( 'wgNamespaceProtection', null );
+ $this->resetServices();
$this->overrideUserPermissions( $this->user, 'bogus' );
+
$this->assertEquals( [],
MediaWikiServices::getInstance()->getPermissionManager()
->getPermissionErrors( 'bogus', $this->user, $this->title ) );
}
} );
$permissionManager = new PermissionManager(
+ new LoggedServiceOptions(
+ self::$serviceOptionsAccessLog,
+ PermissionManager::$constructorOptions,
+ [
+ 'WhitelistRead' => [],
+ 'WhitelistReadRegexp' => [],
+ 'EmailConfirmToEdit' => false,
+ 'BlockDisablesLogin' => false,
+ 'GroupPermissions' => [],
+ 'RevokePermissions' => [],
+ 'AvailableRights' => [],
+ 'NamespaceProtection' => [],
+ 'RestrictionLevels' => []
+ ]
+ ),
$services->getSpecialPageFactory(),
$revisionLookup,
- [],
- [],
- false,
- false,
- [],
- [],
- [],
MediaWikiServices::getInstance()->getNamespaceInfo()
);
$this->setService( 'PermissionManager', $permissionManager );
$user = $this->getTestUser( [ 'unittesters', 'testwriters' ] )->getUser();
$userWrapper = TestingAccessWrapper::newFromObject( $user );
- $rights = MediaWikiServices::getInstance()->getPermissionManager()
+ $rights = MediaWikiServices::getInstance()
+ ->getPermissionManager()
->getUserPermissions( $user );
$this->assertContains( 'test', $rights, 'sanity check' );
$this->assertContains( 'runtest', $rights, 'sanity check' );
$this->assertNotContains( 'nukeworld', $rights, 'sanity check' );
// Add a hook manipluating the rights
- $this->mergeMwGlobalArrayValue( 'wgHooks', [ 'UserGetRights' => [ function ( $user, &$rights ) {
+ $this->setTemporaryHook( 'UserGetRights', function ( $user, &$rights ) {
$rights[] = 'nukeworld';
$rights = array_diff( $rights, [ 'writetest' ] );
- } ] ] );
+ } );
$this->resetServices();
- $rights = MediaWikiServices::getInstance()->getPermissionManager()
+ $rights = MediaWikiServices::getInstance()
+ ->getPermissionManager()
->getUserPermissions( $user );
$this->assertContains( 'test', $rights );
$this->assertContains( 'runtest', $rights );
$userWrapper->mRequest = $mockRequest;
$this->resetServices();
- $rights = MediaWikiServices::getInstance()->getPermissionManager()
+ $rights = MediaWikiServices::getInstance()
+ ->getPermissionManager()
->getUserPermissions( $user );
$this->assertContains( 'test', $rights );
$this->assertNotContains( 'runtest', $rights );
return $revision;
}
+ public function provideGetRestrictionLevels() {
+ return [
+ 'No namespace restriction' => [ [ '', 'autoconfirmed', 'sysop' ], NS_TALK ],
+ 'Restricted to autoconfirmed' => [ [ '', 'sysop' ], NS_MAIN ],
+ 'Restricted to sysop' => [ [ '' ], NS_USER ],
+ 'Restricted to someone in two groups' => [ [ '', 'sysop' ], 101 ],
+ 'No special permissions' => [
+ [ '' ],
+ NS_TALK,
+ []
+ ],
+ 'autoconfirmed' => [
+ [ '', 'autoconfirmed' ],
+ NS_TALK,
+ [ 'autoconfirmed' ]
+ ],
+ 'autoconfirmed revoked' => [
+ [ '' ],
+ NS_TALK,
+ [ 'autoconfirmed', 'noeditsemiprotected' ]
+ ],
+ 'sysop' => [
+ [ '', 'autoconfirmed', 'sysop' ],
+ NS_TALK,
+ [ 'sysop' ]
+ ],
+ 'sysop with autoconfirmed revoked (a bit silly)' => [
+ [ '', 'sysop' ],
+ NS_TALK,
+ [ 'sysop', 'noeditsemiprotected' ]
+ ],
+ ];
+ }
+
+ /**
+ * @dataProvider provideGetRestrictionLevels
+ * @covers \MediaWiki\Permissions\PermissionManager::getNamespaceRestrictionLevels
+ *
+ * @param array $expected
+ * @param int $ns
+ * @param array|null $userGroups
+ * @throws MWException
+ */
+ public function testGetRestrictionLevels( array $expected, $ns, array $userGroups = null ) {
+ $this->setMwGlobals( [
+ 'wgGroupPermissions' => [
+ '*' => [ 'edit' => true ],
+ 'autoconfirmed' => [ 'editsemiprotected' => true ],
+ 'sysop' => [
+ 'editsemiprotected' => true,
+ 'editprotected' => true,
+ ],
+ 'privileged' => [ 'privileged' => true ],
+ ],
+ 'wgRevokePermissions' => [
+ 'noeditsemiprotected' => [ 'editsemiprotected' => true ],
+ ],
+ 'wgNamespaceProtection' => [
+ NS_MAIN => 'autoconfirmed',
+ NS_USER => 'sysop',
+ 101 => [ 'editsemiprotected', 'privileged' ],
+ ],
+ 'wgRestrictionLevels' => [ '', 'autoconfirmed', 'sysop' ],
+ 'wgAutopromote' => []
+ ] );
+ $this->resetServices();
+ $user = is_null( $userGroups ) ? null : $this->getTestUser( $userGroups )->getUser();
+ $this->assertSame( $expected, MediaWikiServices::getInstance()
+ ->getPermissionManager()
+ ->getNamespaceRestrictionLevels( $ns, $user ) );
+ }
+
+ /**
+ * @covers \MediaWiki\Permissions\PermissionManager::getAllPermissions
+ */
+ public function testGetAllPermissions() {
+ $this->setMwGlobals( [
+ 'wgAvailableRights' => [ 'test_right' ]
+ ] );
+ $this->resetServices();
+ $this->assertContains(
+ 'test_right',
+ MediaWikiServices::getInstance()
+ ->getPermissionManager()
+ ->getAllPermissions()
+ );
+ }
+
+ /**
+ * @covers \MediaWiki\Permissions\PermissionManager::getRightsCacheKey
+ * @throws \Exception
+ */
+ public function testAnonPermissionsNotClash() {
+ $user1 = User::newFromName( 'User1' );
+ $user2 = User::newFromName( 'User2' );
+ $pm = MediaWikiServices::getInstance()->getPermissionManager();
+ $pm->overrideUserRightsForTesting( $user2, [] );
+ $this->assertNotSame( $pm->getUserPermissions( $user1 ), $pm->getUserPermissions( $user2 ) );
+ }
+
+ /**
+ * @covers \MediaWiki\Permissions\PermissionManager::getRightsCacheKey
+ */
+ public function testAnonPermissionsNotClashOneRegistered() {
+ $user1 = User::newFromName( 'User1' );
+ $user2 = $this->getTestSysop()->getUser();
+ $pm = MediaWikiServices::getInstance()->getPermissionManager();
+ $this->assertNotSame( $pm->getUserPermissions( $user1 ), $pm->getUserPermissions( $user2 ) );
+ }
}