3 use MediaWiki\Block\DatabaseBlock
;
4 use MediaWiki\Block\Restriction\PageRestriction
;
5 use MediaWiki\Block\SystemBlock
;
6 use MediaWiki\MediaWikiServices
;
11 * @covers \MediaWiki\Permissions\PermissionManager::getPermissionErrors
12 * @covers \MediaWiki\Permissions\PermissionManager::getPermissionErrorsInternal
14 class TitlePermissionTest
extends MediaWikiLangTestCase
{
19 protected $userName, $altUserName;
29 protected $user, $anonUser, $userUser, $altUser;
31 protected function setUp() {
35 $localOffset = date( 'Z' ) / 60;
37 $this->setMwGlobals( [
38 'wgLocaltimezone' => $localZone,
39 'wgLocalTZoffset' => $localOffset,
40 'wgNamespaceProtection' => [
41 NS_MEDIAWIKI
=> 'editinterface',
44 // Without this testUserBlock will use a non-English context on non-English MediaWiki
45 // installations (because of how Title::checkUserBlock is implemented) and fail.
46 RequestContext
::resetMain();
48 $this->userName
= 'Useruser';
49 $this->altUserName
= 'Altuseruser';
50 date_default_timezone_set( $localZone );
52 $this->title
= Title
::makeTitle( NS_MAIN
, "Main Page" );
53 if ( !isset( $this->userUser
) ||
!( $this->userUser
instanceof User
) ) {
54 $this->userUser
= User
::newFromName( $this->userName
);
56 if ( !$this->userUser
->getId() ) {
57 $this->userUser
= User
::createNew( $this->userName
, [
58 "email" => "test@example.com",
59 "real_name" => "Test User" ] );
60 $this->userUser
->load();
63 $this->altUser
= User
::newFromName( $this->altUserName
);
64 if ( !$this->altUser
->getId() ) {
65 $this->altUser
= User
::createNew( $this->altUserName
, [
66 "email" => "alttest@example.com",
67 "real_name" => "Test User Alt" ] );
68 $this->altUser
->load();
71 $this->anonUser
= User
::newFromId( 0 );
73 $this->user
= $this->userUser
;
77 protected function setTitle( $ns, $title = "Main_Page" ) {
78 $this->title
= Title
::makeTitle( $ns, $title );
81 protected function setUser( $userName = null ) {
82 if ( $userName === 'anon' ) {
83 $this->user
= $this->anonUser
;
84 } elseif ( $userName === null ||
$userName === $this->userName
) {
85 $this->user
= $this->userUser
;
87 $this->user
= $this->altUser
;
92 * @todo This test method should be split up into separate test methods and
95 * This test is failing per T201776.
98 * @covers \MediaWiki\Permissions\PermissionManager::checkQuickPermissions
100 public function testQuickPermissions() {
101 $prefix = MediaWikiServices
::getInstance()->getContentLanguage()->
102 getFormattedNsText( NS_PROJECT
);
104 $this->setUser( 'anon' );
105 $this->setTitle( NS_TALK
);
106 $this->overrideUserPermissions( $this->user
, "createtalk" );
107 $res = $this->title
->getUserPermissionsErrors( 'create', $this->user
);
108 $this->assertEquals( [], $res );
110 $this->setTitle( NS_TALK
);
111 $this->overrideUserPermissions( $this->user
, "createpage" );
112 $res = $this->title
->getUserPermissionsErrors( 'create', $this->user
);
113 $this->assertEquals( [ [ "nocreatetext" ] ], $res );
115 $this->setTitle( NS_TALK
);
116 $this->overrideUserPermissions( $this->user
, "" );
117 $res = $this->title
->getUserPermissionsErrors( 'create', $this->user
);
118 $this->assertEquals( [ [ 'nocreatetext' ] ], $res );
120 $this->setTitle( NS_MAIN
);
121 $this->overrideUserPermissions( $this->user
, "createpage" );
122 $res = $this->title
->getUserPermissionsErrors( 'create', $this->user
);
123 $this->assertEquals( [], $res );
125 $this->setTitle( NS_MAIN
);
126 $this->overrideUserPermissions( $this->user
, "createtalk" );
127 $res = $this->title
->getUserPermissionsErrors( 'create', $this->user
);
128 $this->assertEquals( [ [ 'nocreatetext' ] ], $res );
130 $this->setUser( $this->userName
);
131 $this->setTitle( NS_TALK
);
132 $this->overrideUserPermissions( $this->user
, "createtalk" );
133 $res = $this->title
->getUserPermissionsErrors( 'create', $this->user
);
134 $this->assertEquals( [], $res );
136 $this->setTitle( NS_TALK
);
137 $this->overrideUserPermissions( $this->user
, "createpage" );
138 $res = $this->title
->getUserPermissionsErrors( 'create', $this->user
);
139 $this->assertEquals( [ [ 'nocreate-loggedin' ] ], $res );
141 $this->setTitle( NS_TALK
);
142 $this->overrideUserPermissions( $this->user
);
143 $res = $this->title
->getUserPermissionsErrors( 'create', $this->user
);
144 $this->assertEquals( [ [ 'nocreate-loggedin' ] ], $res );
146 $this->setTitle( NS_MAIN
);
147 $this->overrideUserPermissions( $this->user
, "createpage" );
148 $res = $this->title
->getUserPermissionsErrors( 'create', $this->user
);
149 $this->assertEquals( [], $res );
151 $this->setTitle( NS_MAIN
);
152 $this->overrideUserPermissions( $this->user
, "createtalk" );
153 $res = $this->title
->getUserPermissionsErrors( 'create', $this->user
);
154 $this->assertEquals( [ [ 'nocreate-loggedin' ] ], $res );
156 $this->setTitle( NS_MAIN
);
157 $this->overrideUserPermissions( $this->user
);
158 $res = $this->title
->getUserPermissionsErrors( 'create', $this->user
);
159 $this->assertEquals( [ [ 'nocreate-loggedin' ] ], $res );
161 $this->setUser( 'anon' );
162 $this->setTitle( NS_USER
, $this->userName
. '' );
163 $this->overrideUserPermissions( $this->user
);
164 $res = $this->title
->getUserPermissionsErrors( 'move', $this->user
);
165 $this->assertEquals( [ [ 'cant-move-user-page' ], [ 'movenologintext' ] ], $res );
167 $this->setTitle( NS_USER
, $this->userName
. '/subpage' );
168 $this->overrideUserPermissions( $this->user
);
169 $res = $this->title
->getUserPermissionsErrors( 'move', $this->user
);
170 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
172 $this->setTitle( NS_USER
, $this->userName
. '' );
173 $this->overrideUserPermissions( $this->user
, "move-rootuserpages" );
174 $res = $this->title
->getUserPermissionsErrors( 'move', $this->user
);
175 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
177 $this->setTitle( NS_USER
, $this->userName
. '/subpage' );
178 $this->overrideUserPermissions( $this->user
, "move-rootuserpages" );
179 $res = $this->title
->getUserPermissionsErrors( 'move', $this->user
);
180 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
182 $this->setTitle( NS_USER
, $this->userName
. '' );
183 $this->overrideUserPermissions( $this->user
, "" );
184 $res = $this->title
->getUserPermissionsErrors( 'move', $this->user
);
185 $this->assertEquals( [ [ 'cant-move-user-page' ], [ 'movenologintext' ] ], $res );
187 $this->setTitle( NS_USER
, $this->userName
. '/subpage' );
188 $this->overrideUserPermissions( $this->user
, "" );
189 $res = $this->title
->getUserPermissionsErrors( 'move', $this->user
);
190 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
192 $this->setTitle( NS_USER
, $this->userName
. '' );
193 $this->overrideUserPermissions( $this->user
, "move-rootuserpages" );
194 $res = $this->title
->getUserPermissionsErrors( 'move', $this->user
);
195 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
197 $this->setTitle( NS_USER
, $this->userName
. '/subpage' );
198 $this->overrideUserPermissions( $this->user
, "move-rootuserpages" );
199 $res = $this->title
->getUserPermissionsErrors( 'move', $this->user
);
200 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
202 $this->setUser( $this->userName
);
203 $this->setTitle( NS_FILE
, "img.png" );
204 $this->overrideUserPermissions( $this->user
);
205 $res = $this->title
->getUserPermissionsErrors( 'move', $this->user
);
206 $this->assertEquals( [ [ 'movenotallowedfile' ], [ 'movenotallowed' ] ], $res );
208 $this->setTitle( NS_FILE
, "img.png" );
209 $this->overrideUserPermissions( $this->user
, "movefile" );
210 $res = $this->title
->getUserPermissionsErrors( 'move', $this->user
);
211 $this->assertEquals( [ [ 'movenotallowed' ] ], $res );
213 $this->setUser( 'anon' );
214 $this->setTitle( NS_FILE
, "img.png" );
215 $this->overrideUserPermissions( $this->user
);
216 $res = $this->title
->getUserPermissionsErrors( 'move', $this->user
);
217 $this->assertEquals( [ [ 'movenotallowedfile' ], [ 'movenologintext' ] ], $res );
219 $this->setTitle( NS_FILE
, "img.png" );
220 $this->overrideUserPermissions( $this->user
, "movefile" );
221 $res = $this->title
->getUserPermissionsErrors( 'move', $this->user
);
222 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
224 $this->setUser( $this->userName
);
225 $this->overrideUserPermissions( $this->user
, "move" );
226 $this->runGroupPermissions( 'move', [ [ 'movenotallowedfile' ] ] );
228 $this->overrideUserPermissions( $this->user
);
229 $this->runGroupPermissions(
231 [ [ 'movenotallowedfile' ], [ 'movenotallowed' ] ]
234 $this->setUser( 'anon' );
235 $this->overrideUserPermissions( $this->user
, "move" );
236 $this->runGroupPermissions( 'move', [ [ 'movenotallowedfile' ] ] );
238 $this->overrideUserPermissions( $this->user
);
239 $this->runGroupPermissions(
241 [ [ 'movenotallowedfile' ], [ 'movenotallowed' ] ],
242 [ [ 'movenotallowedfile' ], [ 'movenologintext' ] ]
245 if ( $this->isWikitextNS( NS_MAIN
) ) {
246 // NOTE: some content models don't allow moving
247 // @todo find a Wikitext namespace for testing
249 $this->setTitle( NS_MAIN
);
250 $this->setUser( 'anon' );
251 $this->overrideUserPermissions( $this->user
, "move" );
252 $this->runGroupPermissions( 'move', [] );
254 $this->overrideUserPermissions( $this->user
, "" );
255 $this->runGroupPermissions( 'move', [ [ 'movenotallowed' ] ],
256 [ [ 'movenologintext' ] ] );
258 $this->setUser( $this->userName
);
259 $this->overrideUserPermissions( $this->user
, "" );
260 $this->runGroupPermissions( 'move', [ [ 'movenotallowed' ] ] );
262 $this->overrideUserPermissions( $this->user
, "move" );
263 $this->runGroupPermissions( 'move', [] );
265 $this->setUser( 'anon' );
266 $this->overrideUserPermissions( $this->user
, 'move' );
267 $res = $this->title
->getUserPermissionsErrors( 'move-target', $this->user
);
268 $this->assertEquals( [], $res );
270 $this->overrideUserPermissions( $this->user
);
271 $res = $this->title
->getUserPermissionsErrors( 'move-target', $this->user
);
272 $this->assertEquals( [ [ 'movenotallowed' ] ], $res );
275 $this->setTitle( NS_USER
);
276 $this->setUser( $this->userName
);
277 $this->overrideUserPermissions( $this->user
, [ "move", "move-rootuserpages" ] );
278 $res = $this->title
->getUserPermissionsErrors( 'move-target', $this->user
);
279 $this->assertEquals( [], $res );
281 $this->overrideUserPermissions( $this->user
, "move" );
282 $res = $this->title
->getUserPermissionsErrors( 'move-target', $this->user
);
283 $this->assertEquals( [ [ 'cant-move-to-user-page' ] ], $res );
285 $this->setUser( 'anon' );
286 $this->overrideUserPermissions( $this->user
, [ "move", "move-rootuserpages" ] );
287 $res = $this->title
->getUserPermissionsErrors( 'move-target', $this->user
);
288 $this->assertEquals( [], $res );
290 $this->setTitle( NS_USER
, "User/subpage" );
291 $this->overrideUserPermissions( $this->user
, [ "move", "move-rootuserpages" ] );
292 $res = $this->title
->getUserPermissionsErrors( 'move-target', $this->user
);
293 $this->assertEquals( [], $res );
295 $this->overrideUserPermissions( $this->user
, "move" );
296 $res = $this->title
->getUserPermissionsErrors( 'move-target', $this->user
);
297 $this->assertEquals( [], $res );
299 $this->setUser( 'anon' );
302 [ [ 'badaccess-groups', "*, [[$prefix:Users|Users]]", 2 ] ],
303 [ [ 'badaccess-group0' ] ],
310 "[[$prefix:Administrators|Administrators]]", 1 ],
313 [ [ 'badaccess-group0' ], [ 'protect-cantedit' ] ],
314 [ [ 'protect-cantedit' ] ],
317 '' => [ [], [], [], true ]
320 foreach ( [ "edit", "protect", "" ] as $action ) {
321 $this->overrideUserPermissions( $this->user
);
322 $this->assertEquals( $check[$action][0],
323 $this->title
->getUserPermissionsErrors( $action, $this->user
, true ) );
324 $this->assertEquals( $check[$action][0],
325 $this->title
->getUserPermissionsErrors( $action, $this->user
, 'full' ) );
326 $this->assertEquals( $check[$action][0],
327 $this->title
->getUserPermissionsErrors( $action, $this->user
, 'secure' ) );
329 global $wgGroupPermissions;
330 $old = $wgGroupPermissions;
331 $this->setMwGlobals( 'wgGroupPermissions', [] );
333 $this->assertEquals( $check[$action][1],
334 $this->title
->getUserPermissionsErrors( $action, $this->user
, true ) );
335 $this->assertEquals( $check[$action][1],
336 $this->title
->getUserPermissionsErrors( $action, $this->user
, 'full' ) );
337 $this->assertEquals( $check[$action][1],
338 $this->title
->getUserPermissionsErrors( $action, $this->user
, 'secure' ) );
340 $this->setMwGlobals( 'wgGroupPermissions', $old );
342 $this->overrideUserPermissions( $this->user
, $action );
343 $this->assertEquals( $check[$action][2],
344 $this->title
->getUserPermissionsErrors( $action, $this->user
, true ) );
345 $this->assertEquals( $check[$action][2],
346 $this->title
->getUserPermissionsErrors( $action, $this->user
, 'full' ) );
347 $this->assertEquals( $check[$action][2],
348 $this->title
->getUserPermissionsErrors( $action, $this->user
, 'secure' ) );
350 $this->overrideUserPermissions( $this->user
, $action );
351 $this->assertEquals( $check[$action][3],
352 $this->title
->userCan( $action, $this->user
, true ) );
353 $this->assertEquals( $check[$action][3],
354 $this->title
->quickUserCan( $action, $this->user
) );
355 # count( User::getGroupsWithPermissions( $action ) ) < 1
359 protected function runGroupPermissions( $action, $result, $result2 = null ) {
360 if ( $result2 === null ) {
364 // XXX: there could be a better way to handle this, but since we need to
365 // override PermissionManager service each time globals are changed
366 // and in the same time we need to keep user permissions overrides from the outside
367 // the best we can do inside this method is to save & restore faked user perms
369 $userPermsOverrides = MediaWikiServices
::getInstance()->getPermissionManager()
370 ->getUserPermissions( $this->user
);
372 $this->setGroupPermissions( 'autoconfirmed', 'move', false );
373 $this->setGroupPermissions( 'user', 'move', false );
374 $this->overrideUserPermissions( $this->user
, $userPermsOverrides );
375 $res = $this->title
->getUserPermissionsErrors( $action, $this->user
);
376 $this->assertEquals( $result, $res );
378 $this->setGroupPermissions( 'autoconfirmed', 'move', true );
379 $this->setGroupPermissions( 'user', 'move', false );
380 $this->overrideUserPermissions( $this->user
, $userPermsOverrides );
381 $res = $this->title
->getUserPermissionsErrors( $action, $this->user
);
382 $this->assertEquals( $result2, $res );
384 $this->setGroupPermissions( 'autoconfirmed', 'move', true );
385 $this->setGroupPermissions( 'user', 'move', true );
386 $this->overrideUserPermissions( $this->user
, $userPermsOverrides );
387 $res = $this->title
->getUserPermissionsErrors( $action, $this->user
);
388 $this->assertEquals( $result2, $res );
390 $this->setGroupPermissions( 'autoconfirmed', 'move', false );
391 $this->setGroupPermissions( 'user', 'move', true );
392 $this->overrideUserPermissions( $this->user
, $userPermsOverrides );
393 $res = $this->title
->getUserPermissionsErrors( $action, $this->user
);
394 $this->assertEquals( $result2, $res );
398 * @todo This test method should be split up into separate test methods and
400 * @covers \MediaWiki\Permissions\PermissionManager::checkSpecialsAndNSPermissions
402 public function testSpecialsAndNSPermissions() {
403 $this->setUser( $this->userName
);
405 $this->setTitle( NS_SPECIAL
);
407 $this->assertEquals( [ [ 'badaccess-group0' ], [ 'ns-specialprotected' ] ],
408 $this->title
->getUserPermissionsErrors( 'bogus', $this->user
) );
410 $this->setTitle( NS_MAIN
);
411 $this->overrideUserPermissions( $this->user
, 'bogus' );
412 $this->assertEquals( [],
413 $this->title
->getUserPermissionsErrors( 'bogus', $this->user
) );
415 $this->setTitle( NS_MAIN
);
416 $this->overrideUserPermissions( $this->user
);
417 $this->assertEquals( [ [ 'badaccess-group0' ] ],
418 $this->title
->getUserPermissionsErrors( 'bogus', $this->user
) );
420 $this->mergeMwGlobalArrayValue( 'wgNamespaceProtection', [
421 NS_USER
=> [ 'bogus' ]
423 $this->resetServices();
424 $this->setTitle( NS_USER
);
425 $this->overrideUserPermissions( $this->user
);
426 $this->assertEquals( [ [ 'badaccess-group0' ],
427 [ 'namespaceprotected', 'User', 'bogus' ] ],
428 $this->title
->getUserPermissionsErrors( 'bogus', $this->user
) );
430 $this->setTitle( NS_MEDIAWIKI
);
431 $this->overrideUserPermissions( $this->user
, 'bogus' );
432 $this->assertEquals( [ [ 'protectedinterface', 'bogus' ] ],
433 $this->title
->getUserPermissionsErrors( 'bogus', $this->user
) );
435 $this->setTitle( NS_MEDIAWIKI
);
436 $this->overrideUserPermissions( $this->user
, 'bogus' );
437 $this->assertEquals( [ [ 'protectedinterface', 'bogus' ] ],
438 $this->title
->getUserPermissionsErrors( 'bogus', $this->user
) );
440 $this->setMwGlobals( 'wgNamespaceProtection', null );
441 $this->resetServices();
442 $this->overrideUserPermissions( $this->user
, 'bogus' );
443 $this->assertEquals( [],
444 $this->title
->getUserPermissionsErrors( 'bogus', $this->user
) );
445 $this->assertEquals( true,
446 $this->title
->userCan( 'bogus', $this->user
) );
448 $this->overrideUserPermissions( $this->user
);
449 $this->assertEquals( [ [ 'badaccess-group0' ] ],
450 $this->title
->getUserPermissionsErrors( 'bogus', $this->user
) );
451 $this->assertEquals( false,
452 $this->title
->userCan( 'bogus', $this->user
) );
456 * @todo This test method should be split up into separate test methods and
458 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
460 public function testJsConfigEditPermissions() {
461 $this->setUser( $this->userName
);
463 $this->setTitle( NS_USER
, $this->userName
. '/test.js' );
464 $this->runConfigEditPermissions(
465 [ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
467 [ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
468 [ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
469 [ [ 'badaccess-group0' ] ],
471 [ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
472 [ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
473 [ [ 'badaccess-group0' ] ],
474 [ [ 'badaccess-groups' ] ]
479 * @todo This test method should be split up into separate test methods and
481 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
483 public function testJsonConfigEditPermissions() {
484 $prefix = MediaWikiServices
::getInstance()->getContentLanguage()->
485 getFormattedNsText( NS_PROJECT
);
486 $this->setUser( $this->userName
);
488 $this->setTitle( NS_USER
, $this->userName
. '/test.json' );
489 $this->runConfigEditPermissions(
490 [ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
492 [ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
493 [ [ 'badaccess-group0' ] ],
494 [ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
496 [ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
497 [ [ 'badaccess-group0' ] ],
498 [ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
499 [ [ 'badaccess-groups' ] ]
504 * @todo This test method should be split up into separate test methods and
506 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
508 public function testCssConfigEditPermissions() {
509 $this->setUser( $this->userName
);
511 $this->setTitle( NS_USER
, $this->userName
. '/test.css' );
512 $this->runConfigEditPermissions(
513 [ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
515 [ [ 'badaccess-group0' ] ],
516 [ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
517 [ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
519 [ [ 'badaccess-group0' ] ],
520 [ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
521 [ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
522 [ [ 'badaccess-groups' ] ]
527 * @todo This test method should be split up into separate test methods and
529 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
531 public function testOtherJsConfigEditPermissions() {
532 $this->setUser( $this->userName
);
534 $this->setTitle( NS_USER
, $this->altUserName
. '/test.js' );
535 $this->runConfigEditPermissions(
536 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
538 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
539 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
540 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
542 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
543 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
544 [ [ 'badaccess-group0' ] ],
545 [ [ 'badaccess-groups' ] ]
550 * @todo This test method should be split up into separate test methods and
552 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
554 public function testOtherJsonConfigEditPermissions() {
555 $this->setUser( $this->userName
);
557 $this->setTitle( NS_USER
, $this->altUserName
. '/test.json' );
558 $this->runConfigEditPermissions(
559 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
561 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
562 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
563 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
565 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
566 [ [ 'badaccess-group0' ] ],
567 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
568 [ [ 'badaccess-groups' ] ]
573 * @todo This test method should be split up into separate test methods and
575 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
577 public function testOtherCssConfigEditPermissions() {
578 $this->setUser( $this->userName
);
580 $this->setTitle( NS_USER
, $this->altUserName
. '/test.css' );
581 $this->runConfigEditPermissions(
582 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
584 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
585 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
586 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
588 [ [ 'badaccess-group0' ] ],
589 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
590 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
591 [ [ 'badaccess-groups' ] ]
596 * @todo This test method should be split up into separate test methods and
598 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
600 public function testOtherNonConfigEditPermissions() {
601 $this->setUser( $this->userName
);
603 $this->setTitle( NS_USER
, $this->altUserName
. '/tempo' );
604 $this->runConfigEditPermissions(
605 [ [ 'badaccess-group0' ] ],
607 [ [ 'badaccess-group0' ] ],
608 [ [ 'badaccess-group0' ] ],
609 [ [ 'badaccess-group0' ] ],
611 [ [ 'badaccess-group0' ] ],
612 [ [ 'badaccess-group0' ] ],
613 [ [ 'badaccess-group0' ] ],
614 [ [ 'badaccess-groups' ] ]
619 * @todo This should use data providers like the other methods here.
620 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
622 public function testPatrolActionConfigEditPermissions() {
623 $this->setUser( 'anon' );
624 $this->setTitle( NS_USER
, 'ToPatrolOrNotToPatrol' );
625 $this->runConfigEditPermissions(
626 [ [ 'badaccess-group0' ] ],
628 [ [ 'badaccess-group0' ] ],
629 [ [ 'badaccess-group0' ] ],
630 [ [ 'badaccess-group0' ] ],
632 [ [ 'badaccess-group0' ] ],
633 [ [ 'badaccess-group0' ] ],
634 [ [ 'badaccess-group0' ] ],
635 [ [ 'badaccess-groups' ] ]
639 protected function runConfigEditPermissions(
649 $this->overrideUserPermissions( $this->user
);
650 $result = $this->title
->getUserPermissionsErrors( 'bogus', $this->user
);
651 $this->assertEquals( $resultNone, $result );
653 $this->overrideUserPermissions( $this->user
, 'editmyusercss' );
654 $result = $this->title
->getUserPermissionsErrors( 'bogus', $this->user
);
655 $this->assertEquals( $resultMyCss, $result );
657 $this->overrideUserPermissions( $this->user
, 'editmyuserjson' );
658 $result = $this->title
->getUserPermissionsErrors( 'bogus', $this->user
);
659 $this->assertEquals( $resultMyJson, $result );
661 $this->overrideUserPermissions( $this->user
, 'editmyuserjs' );
662 $result = $this->title
->getUserPermissionsErrors( 'bogus', $this->user
);
663 $this->assertEquals( $resultMyJs, $result );
665 $this->overrideUserPermissions( $this->user
, 'editusercss' );
666 $result = $this->title
->getUserPermissionsErrors( 'bogus', $this->user
);
667 $this->assertEquals( $resultUserCss, $result );
669 $this->overrideUserPermissions( $this->user
, 'edituserjson' );
670 $result = $this->title
->getUserPermissionsErrors( 'bogus', $this->user
);
671 $this->assertEquals( $resultUserJson, $result );
673 $this->overrideUserPermissions( $this->user
, 'edituserjs' );
674 $result = $this->title
->getUserPermissionsErrors( 'bogus', $this->user
);
675 $this->assertEquals( $resultUserJs, $result );
677 $this->overrideUserPermissions( $this->user
);
678 $result = $this->title
->getUserPermissionsErrors( 'patrol', $this->user
);
679 $this->assertEquals( reset( $resultPatrol[0] ), reset( $result[0] ) );
681 $this->overrideUserPermissions( $this->user
, [ 'edituserjs', 'edituserjson', 'editusercss' ] );
682 $result = $this->title
->getUserPermissionsErrors( 'bogus', $this->user
);
683 $this->assertEquals( [ [ 'badaccess-group0' ] ], $result );
687 * @todo This test method should be split up into separate test methods and
690 * This test is failing per T201776.
693 * @covers \MediaWiki\Permissions\PermissionManager::checkPageRestrictions
695 public function testPageRestrictions() {
696 $prefix = MediaWikiServices
::getInstance()->getContentLanguage()->
697 getFormattedNsText( NS_PROJECT
);
699 $this->setTitle( NS_MAIN
);
700 $this->title
->mRestrictionsLoaded
= true;
701 $this->overrideUserPermissions( $this->user
, "edit" );
702 $this->title
->mRestrictions
= [ "bogus" => [ 'bogus', "sysop", "protect", "" ] ];
704 $this->assertEquals( [],
705 $this->title
->getUserPermissionsErrors( 'edit',
708 $this->assertEquals( true,
709 $this->title
->quickUserCan( 'edit', $this->user
) );
710 $this->title
->mRestrictions
= [ "edit" => [ 'bogus', "sysop", "protect", "" ],
711 "bogus" => [ 'bogus', "sysop", "protect", "" ] ];
713 $this->assertEquals( [ [ 'badaccess-group0' ],
714 [ 'protectedpagetext', 'bogus', 'bogus' ],
715 [ 'protectedpagetext', 'editprotected', 'bogus' ],
716 [ 'protectedpagetext', 'protect', 'bogus' ] ],
717 $this->title
->getUserPermissionsErrors( 'bogus',
719 $this->assertEquals( [ [ 'protectedpagetext', 'bogus', 'edit' ],
720 [ 'protectedpagetext', 'editprotected', 'edit' ],
721 [ 'protectedpagetext', 'protect', 'edit' ] ],
722 $this->title
->getUserPermissionsErrors( 'edit',
724 $this->overrideUserPermissions( $this->user
);
725 $this->assertEquals( [ [ 'badaccess-group0' ],
726 [ 'protectedpagetext', 'bogus', 'bogus' ],
727 [ 'protectedpagetext', 'editprotected', 'bogus' ],
728 [ 'protectedpagetext', 'protect', 'bogus' ] ],
729 $this->title
->getUserPermissionsErrors( 'bogus',
731 $this->assertEquals( [ [ 'badaccess-groups', "*, [[$prefix:Users|Users]]", 2 ],
732 [ 'protectedpagetext', 'bogus', 'edit' ],
733 [ 'protectedpagetext', 'editprotected', 'edit' ],
734 [ 'protectedpagetext', 'protect', 'edit' ] ],
735 $this->title
->getUserPermissionsErrors( 'edit',
737 $this->overrideUserPermissions( $this->user
, [ "edit", "editprotected" ] );
738 $this->assertEquals( [ [ 'badaccess-group0' ],
739 [ 'protectedpagetext', 'bogus', 'bogus' ],
740 [ 'protectedpagetext', 'protect', 'bogus' ] ],
741 $this->title
->getUserPermissionsErrors( 'bogus',
743 $this->assertEquals( [
744 [ 'protectedpagetext', 'bogus', 'edit' ],
745 [ 'protectedpagetext', 'protect', 'edit' ] ],
746 $this->title
->getUserPermissionsErrors( 'edit',
749 $this->title
->mCascadeRestriction
= true;
750 $this->overrideUserPermissions( $this->user
, "edit" );
751 $this->assertEquals( false,
752 $this->title
->quickUserCan( 'bogus', $this->user
) );
753 $this->assertEquals( false,
754 $this->title
->quickUserCan( 'edit', $this->user
) );
755 $this->assertEquals( [ [ 'badaccess-group0' ],
756 [ 'protectedpagetext', 'bogus', 'bogus' ],
757 [ 'protectedpagetext', 'editprotected', 'bogus' ],
758 [ 'protectedpagetext', 'protect', 'bogus' ] ],
759 $this->title
->getUserPermissionsErrors( 'bogus',
761 $this->assertEquals( [ [ 'protectedpagetext', 'bogus', 'edit' ],
762 [ 'protectedpagetext', 'editprotected', 'edit' ],
763 [ 'protectedpagetext', 'protect', 'edit' ] ],
764 $this->title
->getUserPermissionsErrors( 'edit',
767 $this->overrideUserPermissions( $this->user
, [ "edit", "editprotected" ] );
768 $this->assertEquals( false,
769 $this->title
->quickUserCan( 'bogus', $this->user
) );
770 $this->assertEquals( false,
771 $this->title
->quickUserCan( 'edit', $this->user
) );
772 $this->assertEquals( [ [ 'badaccess-group0' ],
773 [ 'protectedpagetext', 'bogus', 'bogus' ],
774 [ 'protectedpagetext', 'protect', 'bogus' ],
775 [ 'protectedpagetext', 'protect', 'bogus' ] ],
776 $this->title
->getUserPermissionsErrors( 'bogus',
778 $this->assertEquals( [ [ 'protectedpagetext', 'bogus', 'edit' ],
779 [ 'protectedpagetext', 'protect', 'edit' ],
780 [ 'protectedpagetext', 'protect', 'edit' ] ],
781 $this->title
->getUserPermissionsErrors( 'edit',
786 * @covers \MediaWiki\Permissions\PermissionManager::checkCascadingSourcesRestrictions
788 public function testCascadingSourcesRestrictions() {
789 $this->setTitle( NS_MAIN
, "test page" );
790 $this->overrideUserPermissions( $this->user
, [ "edit", "bogus" ] );
792 $this->title
->mCascadeSources
= [
793 Title
::makeTitle( NS_MAIN
, "Bogus" ),
794 Title
::makeTitle( NS_MAIN
, "UnBogus" )
796 $this->title
->mCascadingRestrictions
= [
797 "bogus" => [ 'bogus', "sysop", "protect", "" ]
800 $this->assertEquals( false,
801 $this->title
->userCan( 'bogus', $this->user
) );
802 $this->assertEquals( [
803 [ "cascadeprotected", 2, "* [[:Bogus]]\n* [[:UnBogus]]\n", 'bogus' ],
804 [ "cascadeprotected", 2, "* [[:Bogus]]\n* [[:UnBogus]]\n", 'bogus' ],
805 [ "cascadeprotected", 2, "* [[:Bogus]]\n* [[:UnBogus]]\n", 'bogus' ] ],
806 $this->title
->getUserPermissionsErrors( 'bogus', $this->user
) );
808 $this->assertEquals( true,
809 $this->title
->userCan( 'edit', $this->user
) );
810 $this->assertEquals( [],
811 $this->title
->getUserPermissionsErrors( 'edit', $this->user
) );
815 * @todo This test method should be split up into separate test methods and
817 * @covers \MediaWiki\Permissions\PermissionManager::checkActionPermissions
819 public function testActionPermissions() {
820 $this->overrideUserPermissions( $this->user
, [ "createpage" ] );
821 $this->setTitle( NS_MAIN
, "test page" );
822 $this->title
->mTitleProtection
['permission'] = '';
823 $this->title
->mTitleProtection
['user'] = $this->user
->getId();
824 $this->title
->mTitleProtection
['expiry'] = 'infinity';
825 $this->title
->mTitleProtection
['reason'] = 'test';
826 $this->title
->mCascadeRestriction
= false;
828 $this->assertEquals( [ [ 'titleprotected', 'Useruser', 'test' ] ],
829 $this->title
->getUserPermissionsErrors( 'create', $this->user
) );
830 $this->assertEquals( false,
831 $this->title
->userCan( 'create', $this->user
) );
833 $this->title
->mTitleProtection
['permission'] = 'editprotected';
834 $this->overrideUserPermissions( $this->user
, [ 'createpage', 'protect' ] );
835 $this->assertEquals( [ [ 'titleprotected', 'Useruser', 'test' ] ],
836 $this->title
->getUserPermissionsErrors( 'create', $this->user
) );
837 $this->assertEquals( false,
838 $this->title
->userCan( 'create', $this->user
) );
840 $this->overrideUserPermissions( $this->user
, [ 'createpage', 'editprotected' ] );
841 $this->assertEquals( [],
842 $this->title
->getUserPermissionsErrors( 'create', $this->user
) );
843 $this->assertEquals( true,
844 $this->title
->userCan( 'create', $this->user
) );
846 $this->overrideUserPermissions( $this->user
, [ 'createpage' ] );
847 $this->assertEquals( [ [ 'titleprotected', 'Useruser', 'test' ] ],
848 $this->title
->getUserPermissionsErrors( 'create', $this->user
) );
849 $this->assertEquals( false,
850 $this->title
->userCan( 'create', $this->user
) );
852 $this->setTitle( NS_MEDIA
, "test page" );
853 $this->overrideUserPermissions( $this->user
, [ "move" ] );
854 $this->assertEquals( false,
855 $this->title
->userCan( 'move', $this->user
) );
856 $this->assertEquals( [ [ 'immobile-source-namespace', 'Media' ] ],
857 $this->title
->getUserPermissionsErrors( 'move', $this->user
) );
859 $this->setTitle( NS_HELP
, "test page" );
860 $this->assertEquals( [],
861 $this->title
->getUserPermissionsErrors( 'move', $this->user
) );
862 $this->assertEquals( true,
863 $this->title
->userCan( 'move', $this->user
) );
865 $this->title
->mInterwiki
= "no";
866 $this->assertEquals( [ [ 'immobile-source-page' ] ],
867 $this->title
->getUserPermissionsErrors( 'move', $this->user
) );
868 $this->assertEquals( false,
869 $this->title
->userCan( 'move', $this->user
) );
871 $this->setTitle( NS_MEDIA
, "test page" );
872 $this->assertEquals( false,
873 $this->title
->userCan( 'move-target', $this->user
) );
874 $this->assertEquals( [ [ 'immobile-target-namespace', 'Media' ] ],
875 $this->title
->getUserPermissionsErrors( 'move-target', $this->user
) );
877 $this->setTitle( NS_HELP
, "test page" );
878 $this->assertEquals( [],
879 $this->title
->getUserPermissionsErrors( 'move-target', $this->user
) );
880 $this->assertEquals( true,
881 $this->title
->userCan( 'move-target', $this->user
) );
883 $this->title
->mInterwiki
= "no";
884 $this->assertEquals( [ [ 'immobile-target-page' ] ],
885 $this->title
->getUserPermissionsErrors( 'move-target', $this->user
) );
886 $this->assertEquals( false,
887 $this->title
->userCan( 'move-target', $this->user
) );
891 * @covers \MediaWiki\Permissions\PermissionManager::checkUserBlock
893 public function testUserBlock() {
894 $this->setMwGlobals( [
895 'wgEmailConfirmToEdit' => true,
896 'wgEmailAuthentication' => true,
897 'wgBlockDisablesLogin' => false,
900 $this->overrideUserPermissions(
902 [ 'createpage', 'edit', 'move', 'rollback', 'patrol', 'upload', 'purge' ]
904 $this->setTitle( NS_HELP
, "test page" );
906 # $wgEmailConfirmToEdit only applies to 'edit' action
907 $this->assertEquals( [],
908 $this->title
->getUserPermissionsErrors( 'move-target', $this->user
) );
909 $this->assertContains( [ 'confirmedittext' ],
910 $this->title
->getUserPermissionsErrors( 'edit', $this->user
) );
912 $this->setMwGlobals( 'wgEmailConfirmToEdit', false );
913 $this->overrideUserPermissions(
915 [ 'createpage', 'edit', 'move', 'rollback', 'patrol', 'upload', 'purge' ]
918 $this->assertNotContains( [ 'confirmedittext' ],
919 $this->title
->getUserPermissionsErrors( 'edit', $this->user
) );
921 # $wgEmailConfirmToEdit && !$user->isEmailConfirmed() && $action != 'createaccount'
922 $this->assertEquals( [],
923 $this->title
->getUserPermissionsErrors( 'move-target',
929 $this->user
->mBlockedby
= $this->user
->getId();
930 $this->user
->mBlock
= new DatabaseBlock( [
931 'address' => '127.0.8.1',
932 'by' => $this->user
->getId(),
933 'reason' => 'no reason given',
934 'timestamp' => $prev,
938 $this->assertEquals( [ [ 'autoblockedtext',
939 "[[User:Useruser|\u{202A}Useruser\u{202C}]]", 'no reason given', '127.0.0.1',
940 "\u{202A}Useruser\u{202C}", null, 'infinite', '127.0.8.1',
941 $wgLang->timeanddate( wfTimestamp( TS_MW
, $prev ), true ) ] ],
942 $this->title
->getUserPermissionsErrors( 'move-target',
945 $this->assertEquals( false, $this->title
->userCan( 'move-target', $this->user
) );
946 // quickUserCan should ignore user blocks
947 $this->assertEquals( true, $this->title
->quickUserCan( 'move-target', $this->user
) );
949 global $wgLocalTZoffset;
950 $wgLocalTZoffset = -60;
951 $this->user
->mBlockedby
= $this->user
->getName();
952 $this->user
->mBlock
= new DatabaseBlock( [
953 'address' => '127.0.8.1',
954 'by' => $this->user
->getId(),
955 'reason' => 'no reason given',
960 $this->assertEquals( [ [ 'blockedtext',
961 "[[User:Useruser|\u{202A}Useruser\u{202C}]]", 'no reason given', '127.0.0.1',
962 "\u{202A}Useruser\u{202C}", null, '23:00, 31 December 1969', '127.0.8.1',
963 $wgLang->timeanddate( wfTimestamp( TS_MW
, $now ), true ) ] ],
964 $this->title
->getUserPermissionsErrors( 'move-target', $this->user
) );
965 # $action != 'read' && $action != 'createaccount' && $user->isBlockedFrom( $this )
966 # $user->blockedFor() == ''
967 # $user->mBlock->mExpiry == 'infinity'
969 $this->user
->mBlockedby
= $this->user
->getName();
970 $this->user
->mBlock
= new SystemBlock( [
971 'address' => '127.0.8.1',
972 'by' => $this->user
->getId(),
973 'reason' => 'no reason given',
975 'systemBlock' => 'test',
978 $errors = [ [ 'systemblockedtext',
979 "[[User:Useruser|\u{202A}Useruser\u{202C}]]", 'no reason given', '127.0.0.1',
980 "\u{202A}Useruser\u{202C}", 'test', 'infinite', '127.0.8.1',
981 $wgLang->timeanddate( wfTimestamp( TS_MW
, $now ), true ) ] ];
983 $this->assertEquals( $errors,
984 $this->title
->getUserPermissionsErrors( 'edit', $this->user
) );
985 $this->assertEquals( $errors,
986 $this->title
->getUserPermissionsErrors( 'move-target', $this->user
) );
987 $this->assertEquals( $errors,
988 $this->title
->getUserPermissionsErrors( 'rollback', $this->user
) );
989 $this->assertEquals( $errors,
990 $this->title
->getUserPermissionsErrors( 'patrol', $this->user
) );
991 $this->assertEquals( $errors,
992 $this->title
->getUserPermissionsErrors( 'upload', $this->user
) );
993 $this->assertEquals( [],
994 $this->title
->getUserPermissionsErrors( 'purge', $this->user
) );
996 // partial block message test
997 $this->user
->mBlockedby
= $this->user
->getName();
998 $this->user
->mBlock
= new DatabaseBlock( [
999 'address' => '127.0.8.1',
1000 'by' => $this->user
->getId(),
1001 'reason' => 'no reason given',
1002 'timestamp' => $now,
1003 'sitewide' => false,
1007 $this->assertEquals( [],
1008 $this->title
->getUserPermissionsErrors( 'edit', $this->user
) );
1009 $this->assertEquals( [],
1010 $this->title
->getUserPermissionsErrors( 'move-target', $this->user
) );
1011 $this->assertEquals( [],
1012 $this->title
->getUserPermissionsErrors( 'rollback', $this->user
) );
1013 $this->assertEquals( [],
1014 $this->title
->getUserPermissionsErrors( 'patrol', $this->user
) );
1015 $this->assertEquals( [],
1016 $this->title
->getUserPermissionsErrors( 'upload', $this->user
) );
1017 $this->assertEquals( [],
1018 $this->title
->getUserPermissionsErrors( 'purge', $this->user
) );
1020 $this->user
->mBlock
->setRestrictions( [
1021 ( new PageRestriction( 0, $this->title
->getArticleID() ) )->setTitle( $this->title
),
1024 $errors = [ [ 'blockedtext-partial',
1025 "[[User:Useruser|\u{202A}Useruser\u{202C}]]", 'no reason given', '127.0.0.1',
1026 "\u{202A}Useruser\u{202C}", null, '23:00, 31 December 1969', '127.0.8.1',
1027 $wgLang->timeanddate( wfTimestamp( TS_MW
, $now ), true ) ] ];
1029 $this->assertEquals( $errors,
1030 $this->title
->getUserPermissionsErrors( 'edit', $this->user
) );
1031 $this->assertEquals( $errors,
1032 $this->title
->getUserPermissionsErrors( 'move-target', $this->user
) );
1033 $this->assertEquals( $errors,
1034 $this->title
->getUserPermissionsErrors( 'rollback', $this->user
) );
1035 $this->assertEquals( $errors,
1036 $this->title
->getUserPermissionsErrors( 'patrol', $this->user
) );
1037 $this->assertEquals( [],
1038 $this->title
->getUserPermissionsErrors( 'upload', $this->user
) );
1039 $this->assertEquals( [],
1040 $this->title
->getUserPermissionsErrors( 'purge', $this->user
) );
1043 $this->user
->mBlockedby
= null;
1044 $this->user
->mBlock
= null;
1046 $this->assertEquals( [],
1047 $this->title
->getUserPermissionsErrors( 'edit', $this->user
) );
1051 * @covers \MediaWiki\Permissions\PermissionManager::checkUserBlock
1053 * Tests to determine that the passed in permission does not get mixed up with
1054 * an action of the same name.
1056 public function testUserBlockAction() {
1059 $tester = $this->getMockBuilder( Action
::class )
1060 ->disableOriginalConstructor()
1062 $tester->method( 'getName' )
1063 ->willReturn( 'tester' );
1064 $tester->method( 'getRestriction' )
1065 ->willReturn( 'test' );
1066 $tester->method( 'requiresUnblock' )
1067 ->willReturn( false );
1069 $this->setMwGlobals( [
1071 'tester' => $tester,
1073 'wgGroupPermissions' => [
1081 $this->user
->mBlockedby
= $this->user
->getName();
1082 $this->user
->mBlock
= new DatabaseBlock( [
1083 'address' => '127.0.8.1',
1084 'by' => $this->user
->getId(),
1085 'reason' => 'no reason given',
1086 'timestamp' => $now,
1088 'expiry' => 'infinity',
1091 $errors = [ [ 'blockedtext',
1092 "[[User:Useruser|\u{202A}Useruser\u{202C}]]", 'no reason given', '127.0.0.1',
1093 "\u{202A}Useruser\u{202C}", null, 'infinite', '127.0.8.1',
1094 $wgLang->timeanddate( wfTimestamp( TS_MW
, $now ), true ) ] ];
1096 $this->assertEquals( $errors,
1097 $this->title
->getUserPermissionsErrors( 'tester', $this->user
) );