dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge "parser: add vary-revision-sha1 and related ParserOutput methods"
[lhc/web/wiklou.git] / tests / phpunit / includes / Permissions / PermissionManagerTest.php
1 <?php
2
3 namespace MediaWiki\Tests\Permissions;
4
5 use Action;
6 use FauxRequest;
7 use MediaWiki\Session\SessionId;
8 use MediaWiki\Session\TestUtils;
9 use MediaWikiLangTestCase;
10 use RequestContext;
11 use stdClass;
12 use Title;
13 use User;
14 use MediaWiki\Block\DatabaseBlock;
15 use MediaWiki\Block\Restriction\NamespaceRestriction;
16 use MediaWiki\Block\Restriction\PageRestriction;
17 use MediaWiki\Block\SystemBlock;
18 use MediaWiki\MediaWikiServices;
19 use MediaWiki\Permissions\PermissionManager;
20 use Wikimedia\ScopedCallback;
21 use Wikimedia\TestingAccessWrapper;
22
23 /**
24 * @group Database
25 *
26 * @covers \MediaWiki\Permissions\PermissionManager
27 */
28 class PermissionManagerTest extends MediaWikiLangTestCase {
29
30 /**
31 * @var string
32 */
33 protected $userName, $altUserName;
34
35 /**
36 * @var Title
37 */
38 protected $title;
39
40 /**
41 * @var User
42 */
43 protected $user, $anonUser, $userUser, $altUser;
44
45 /** Constant for self::testIsBlockedFrom */
46 const USER_TALK_PAGE = '<user talk page>';
47
48 protected function setUp() {
49 parent::setUp();
50
51 $localZone = 'UTC';
52 $localOffset = date( 'Z' ) / 60;
53
54 $this->setMwGlobals( [
55 'wgLocaltimezone' => $localZone,
56 'wgLocalTZoffset' => $localOffset,
57 'wgNamespaceProtection' => [
58 NS_MEDIAWIKI => 'editinterface',
59 ],
60 'wgRevokePermissions' => [
61 'formertesters' => [
62 'runtest' => true
63 ]
64 ],
65 'wgAvailableRights' => [
66 'test',
67 'runtest',
68 'writetest',
69 'nukeworld',
70 'modifytest',
71 'editmyoptions'
72 ]
73 ] );
74
75 $this->setGroupPermissions( 'unittesters', 'test', true );
76 $this->setGroupPermissions( 'unittesters', 'runtest', true );
77 $this->setGroupPermissions( 'unittesters', 'writetest', false );
78 $this->setGroupPermissions( 'unittesters', 'nukeworld', false );
79
80 $this->setGroupPermissions( 'testwriters', 'test', true );
81 $this->setGroupPermissions( 'testwriters', 'writetest', true );
82 $this->setGroupPermissions( 'testwriters', 'modifytest', true );
83
84 $this->setGroupPermissions( '*', 'editmyoptions', true );
85
86 // Without this testUserBlock will use a non-English context on non-English MediaWiki
87 // installations (because of how Title::checkUserBlock is implemented) and fail.
88 RequestContext::resetMain();
89
90 $this->userName = 'Useruser';
91 $this->altUserName = 'Altuseruser';
92 date_default_timezone_set( $localZone );
93
94 $this->title = Title::makeTitle( NS_MAIN, "Main Page" );
95 if ( !isset( $this->userUser ) || !( $this->userUser instanceof User ) ) {
96 $this->userUser = User::newFromName( $this->userName );
97
98 if ( !$this->userUser->getId() ) {
99 $this->userUser = User::createNew( $this->userName, [
100 "email" => "test@example.com",
101 "real_name" => "Test User" ] );
102 $this->userUser->load();
103 }
104
105 $this->altUser = User::newFromName( $this->altUserName );
106 if ( !$this->altUser->getId() ) {
107 $this->altUser = User::createNew( $this->altUserName, [
108 "email" => "alttest@example.com",
109 "real_name" => "Test User Alt" ] );
110 $this->altUser->load();
111 }
112
113 $this->anonUser = User::newFromId( 0 );
114
115 $this->user = $this->userUser;
116 }
117
118 $this->resetServices();
119 }
120
121 public function tearDown() {
122 parent::tearDown();
123 $this->restoreMwServices();
124 }
125
126 protected function setTitle( $ns, $title = "Main_Page" ) {
127 $this->title = Title::makeTitle( $ns, $title );
128 }
129
130 protected function setUser( $userName = null ) {
131 if ( $userName === 'anon' ) {
132 $this->user = $this->anonUser;
133 } elseif ( $userName === null || $userName === $this->userName ) {
134 $this->user = $this->userUser;
135 } else {
136 $this->user = $this->altUser;
137 }
138 $this->resetServices();
139 }
140
141 /**
142 * @todo This test method should be split up into separate test methods and
143 * data providers
144 *
145 * This test is failing per T201776.
146 *
147 * @group Broken
148 * @covers \MediaWiki\Permissions\PermissionManager::checkQuickPermissions
149 */
150 public function testQuickPermissions() {
151 $prefix = MediaWikiServices::getInstance()->getContentLanguage()->
152 getFormattedNsText( NS_PROJECT );
153
154 $this->setUser( 'anon' );
155 $this->setTitle( NS_TALK );
156 $this->overrideUserPermissions( $this->user, "createtalk" );
157 $res = MediaWikiServices::getInstance()->getPermissionManager()
158 ->getPermissionErrors( 'create', $this->user, $this->title );
159 $this->assertEquals( [], $res );
160
161 $this->setTitle( NS_TALK );
162 $this->overrideUserPermissions( $this->user, "createpage" );
163 $res = MediaWikiServices::getInstance()->getPermissionManager()
164 ->getPermissionErrors( 'create', $this->user, $this->title );
165 $this->assertEquals( [ [ "nocreatetext" ] ], $res );
166
167 $this->setTitle( NS_TALK );
168 $this->overrideUserPermissions( $this->user, "" );
169 $res = MediaWikiServices::getInstance()->getPermissionManager()
170 ->getPermissionErrors( 'create', $this->user, $this->title );
171 $this->assertEquals( [ [ 'nocreatetext' ] ], $res );
172
173 $this->setTitle( NS_MAIN );
174 $this->overrideUserPermissions( $this->user, "createpage" );
175 $res = MediaWikiServices::getInstance()->getPermissionManager()
176 ->getPermissionErrors( 'create', $this->user, $this->title );
177 $this->assertEquals( [], $res );
178
179 $this->setTitle( NS_MAIN );
180 $this->overrideUserPermissions( $this->user, "createtalk" );
181 $res = MediaWikiServices::getInstance()->getPermissionManager()
182 ->getPermissionErrors( 'create', $this->user, $this->title );
183 $this->assertEquals( [ [ 'nocreatetext' ] ], $res );
184
185 $this->setUser( $this->userName );
186 $this->setTitle( NS_TALK );
187 $this->overrideUserPermissions( $this->user, "createtalk" );
188 $res = MediaWikiServices::getInstance()->getPermissionManager()
189 ->getPermissionErrors( 'create', $this->user, $this->title );
190 $this->assertEquals( [], $res );
191
192 $this->setTitle( NS_TALK );
193 $this->overrideUserPermissions( $this->user, "createpage" );
194 $res = MediaWikiServices::getInstance()->getPermissionManager()
195 ->getPermissionErrors( 'create', $this->user, $this->title );
196 $this->assertEquals( [ [ 'nocreate-loggedin' ] ], $res );
197
198 $this->setTitle( NS_TALK );
199 $this->overrideUserPermissions( $this->user, "" );
200 $res = MediaWikiServices::getInstance()->getPermissionManager()
201 ->getPermissionErrors( 'create', $this->user, $this->title );
202 $this->assertEquals( [ [ 'nocreate-loggedin' ] ], $res );
203
204 $this->setTitle( NS_MAIN );
205 $this->overrideUserPermissions( $this->user, "createpage" );
206 $res = MediaWikiServices::getInstance()->getPermissionManager()
207 ->getPermissionErrors( 'create', $this->user, $this->title );
208 $this->assertEquals( [], $res );
209
210 $this->setTitle( NS_MAIN );
211 $this->overrideUserPermissions( $this->user, "createtalk" );
212 $res = MediaWikiServices::getInstance()->getPermissionManager()
213 ->getPermissionErrors( 'create', $this->user, $this->title );
214 $this->assertEquals( [ [ 'nocreate-loggedin' ] ], $res );
215
216 $this->setTitle( NS_MAIN );
217 $this->overrideUserPermissions( $this->user, "" );
218 $res = MediaWikiServices::getInstance()->getPermissionManager()
219 ->getPermissionErrors( 'create', $this->user, $this->title );
220 $this->assertEquals( [ [ 'nocreate-loggedin' ] ], $res );
221
222 $this->setUser( 'anon' );
223 $this->setTitle( NS_USER, $this->userName . '' );
224 $this->overrideUserPermissions( $this->user, "" );
225 $res = MediaWikiServices::getInstance()->getPermissionManager()
226 ->getPermissionErrors( 'move', $this->user, $this->title );
227 $this->assertEquals( [ [ 'cant-move-user-page' ], [ 'movenologintext' ] ], $res );
228
229 $this->setTitle( NS_USER, $this->userName . '/subpage' );
230 $this->overrideUserPermissions( $this->user, "" );
231 $res = MediaWikiServices::getInstance()->getPermissionManager()
232 ->getPermissionErrors( 'move', $this->user, $this->title );
233 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
234
235 $this->setTitle( NS_USER, $this->userName . '' );
236 $this->overrideUserPermissions( $this->user, "move-rootuserpages" );
237 $res = MediaWikiServices::getInstance()->getPermissionManager()
238 ->getPermissionErrors( 'move', $this->user, $this->title );
239 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
240
241 $this->setTitle( NS_USER, $this->userName . '/subpage' );
242 $this->overrideUserPermissions( $this->user, "move-rootuserpages" );
243 $res = MediaWikiServices::getInstance()->getPermissionManager()
244 ->getPermissionErrors( 'move', $this->user, $this->title );
245 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
246
247 $this->setTitle( NS_USER, $this->userName . '' );
248 $this->overrideUserPermissions( $this->user, "" );
249 $res = MediaWikiServices::getInstance()->getPermissionManager()
250 ->getPermissionErrors( 'move', $this->user, $this->title );
251 $this->assertEquals( [ [ 'cant-move-user-page' ], [ 'movenologintext' ] ], $res );
252
253 $this->setTitle( NS_USER, $this->userName . '/subpage' );
254 $this->overrideUserPermissions( $this->user, "" );
255 $res = MediaWikiServices::getInstance()->getPermissionManager()
256 ->getPermissionErrors( 'move', $this->user, $this->title );
257 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
258
259 $this->setTitle( NS_USER, $this->userName . '' );
260 $this->overrideUserPermissions( $this->user, "move-rootuserpages" );
261 $res = MediaWikiServices::getInstance()->getPermissionManager()
262 ->getPermissionErrors( 'move', $this->user, $this->title );
263 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
264
265 $this->setTitle( NS_USER, $this->userName . '/subpage' );
266 $this->overrideUserPermissions( $this->user, "move-rootuserpages" );
267 $res = MediaWikiServices::getInstance()->getPermissionManager()
268 ->getPermissionErrors( 'move', $this->user, $this->title );
269 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
270
271 $this->setUser( $this->userName );
272 $this->setTitle( NS_FILE, "img.png" );
273 $this->overrideUserPermissions( $this->user, "" );
274 $res = MediaWikiServices::getInstance()->getPermissionManager()
275 ->getPermissionErrors( 'move', $this->user, $this->title );
276 $this->assertEquals( [ [ 'movenotallowedfile' ], [ 'movenotallowed' ] ], $res );
277
278 $this->setTitle( NS_FILE, "img.png" );
279 $this->overrideUserPermissions( $this->user, "movefile" );
280 $res = MediaWikiServices::getInstance()->getPermissionManager()
281 ->getPermissionErrors( 'move', $this->user, $this->title );
282 $this->assertEquals( [ [ 'movenotallowed' ] ], $res );
283
284 $this->setUser( 'anon' );
285 $this->setTitle( NS_FILE, "img.png" );
286 $this->overrideUserPermissions( $this->user, "" );
287 $res = MediaWikiServices::getInstance()->getPermissionManager()
288 ->getPermissionErrors( 'move', $this->user, $this->title );
289 $this->assertEquals( [ [ 'movenotallowedfile' ], [ 'movenologintext' ] ], $res );
290
291 $this->setTitle( NS_FILE, "img.png" );
292 $this->overrideUserPermissions( $this->user, "movefile" );
293 $res = MediaWikiServices::getInstance()->getPermissionManager()
294 ->getPermissionErrors( 'move', $this->user, $this->title );
295 $this->assertEquals( [ [ 'movenologintext' ] ], $res );
296
297 $this->setUser( $this->userName );
298 // $this->setUserPerm( "move" );
299 $this->runGroupPermissions( 'move', 'move', [ [ 'movenotallowedfile' ] ] );
300
301 // $this->setUserPerm( "" );
302 $this->runGroupPermissions(
303 '',
304 'move',
305 [ [ 'movenotallowedfile' ], [ 'movenotallowed' ] ]
306 );
307
308 $this->setUser( 'anon' );
309 //$this->setUserPerm( "move" );
310 $this->runGroupPermissions( 'move', 'move', [ [ 'movenotallowedfile' ] ] );
311
312 // $this->setUserPerm( "" );
313 $this->runGroupPermissions(
314 '',
315 'move',
316 [ [ 'movenotallowedfile' ], [ 'movenotallowed' ] ],
317 [ [ 'movenotallowedfile' ], [ 'movenologintext' ] ]
318 );
319
320 if ( $this->isWikitextNS( NS_MAIN ) ) {
321 // NOTE: some content models don't allow moving
322 // @todo find a Wikitext namespace for testing
323
324 $this->setTitle( NS_MAIN );
325 $this->setUser( 'anon' );
326 // $this->setUserPerm( "move" );
327 $this->runGroupPermissions( 'move', 'move', [] );
328
329 // $this->setUserPerm( "" );
330 $this->runGroupPermissions( '', 'move', [ [ 'movenotallowed' ] ],
331 [ [ 'movenologintext' ] ] );
332
333 $this->setUser( $this->userName );
334 // $this->setUserPerm( "" );
335 $this->runGroupPermissions( '', 'move', [ [ 'movenotallowed' ] ] );
336
337 //$this->setUserPerm( "move" );
338 $this->runGroupPermissions( 'move', 'move', [] );
339
340 $this->setUser( 'anon' );
341 $this->overrideUserPermissions( $this->user, 'move' );
342 $res = MediaWikiServices::getInstance()->getPermissionManager()
343 ->getPermissionErrors( 'move-target', $this->user, $this->title );
344 $this->assertEquals( [], $res );
345
346 $this->overrideUserPermissions( $this->user, '' );
347 $res = MediaWikiServices::getInstance()->getPermissionManager()
348 ->getPermissionErrors( 'move-target', $this->user, $this->title );
349 $this->assertEquals( [ [ 'movenotallowed' ] ], $res );
350 }
351
352 $this->setTitle( NS_USER );
353 $this->setUser( $this->userName );
354 $this->overrideUserPermissions( $this->user, [ "move", "move-rootuserpages" ] );
355 $res = MediaWikiServices::getInstance()->getPermissionManager()
356 ->getPermissionErrors( 'move-target', $this->user, $this->title );
357 $this->assertEquals( [], $res );
358
359 $this->overrideUserPermissions( $this->user, "move" );
360 $res = MediaWikiServices::getInstance()->getPermissionManager()
361 ->getPermissionErrors( 'move-target', $this->user, $this->title );
362 $this->assertEquals( [ [ 'cant-move-to-user-page' ] ], $res );
363
364 $this->setUser( 'anon' );
365 $this->overrideUserPermissions( $this->user, [ "move", "move-rootuserpages" ] );
366 $res = MediaWikiServices::getInstance()->getPermissionManager()
367 ->getPermissionErrors( 'move-target', $this->user, $this->title );
368 $this->assertEquals( [], $res );
369
370 $this->setTitle( NS_USER, "User/subpage" );
371 $this->overrideUserPermissions( $this->user, [ "move", "move-rootuserpages" ] );
372 $res = MediaWikiServices::getInstance()->getPermissionManager()
373 ->getPermissionErrors( 'move-target', $this->user, $this->title );
374 $this->assertEquals( [], $res );
375
376 $this->overrideUserPermissions( $this->user, "move" );
377 $res = MediaWikiServices::getInstance()->getPermissionManager()
378 ->getPermissionErrors( 'move-target', $this->user, $this->title );
379 $this->assertEquals( [], $res );
380
381 $this->setUser( 'anon' );
382 $check = [
383 'edit' => [
384 [ [ 'badaccess-groups', "*, [[$prefix:Users|Users]]", 2 ] ],
385 [ [ 'badaccess-group0' ] ],
386 [],
387 true
388 ],
389 'protect' => [
390 [ [
391 'badaccess-groups',
392 "[[$prefix:Administrators|Administrators]]", 1 ],
393 [ 'protect-cantedit'
394 ] ],
395 [ [ 'badaccess-group0' ], [ 'protect-cantedit' ] ],
396 [ [ 'protect-cantedit' ] ],
397 false
398 ],
399 '' => [ [], [], [], true ]
400 ];
401
402 foreach ( [ "edit", "protect", "" ] as $action ) {
403 $this->overrideUserPermissions( $this->user );
404 $this->assertEquals( $check[$action][0],
405 MediaWikiServices::getInstance()->getPermissionManager()
406 ->getPermissionErrors( $action, $this->user, $this->title, true ) );
407 $this->assertEquals( $check[$action][0],
408 MediaWikiServices::getInstance()->getPermissionManager()
409 ->getPermissionErrors( $action, $this->user, $this->title, 'full' ) );
410 $this->assertEquals( $check[$action][0],
411 MediaWikiServices::getInstance()->getPermissionManager()
412 ->getPermissionErrors( $action, $this->user, $this->title, 'secure' ) );
413
414 global $wgGroupPermissions;
415 $old = $wgGroupPermissions;
416 $wgGroupPermissions = [];
417 $this->resetServices();
418
419 $this->assertEquals( $check[$action][1],
420 MediaWikiServices::getInstance()->getPermissionManager()
421 ->getPermissionErrors( $action, $this->user, $this->title, true ) );
422 $this->assertEquals( $check[$action][1],
423 MediaWikiServices::getInstance()->getPermissionManager()
424 ->getPermissionErrors( $action, $this->user, $this->title, 'full' ) );
425 $this->assertEquals( $check[$action][1],
426 MediaWikiServices::getInstance()->getPermissionManager()
427 ->getPermissionErrors( $action, $this->user, $this->title, 'secure' ) );
428 $wgGroupPermissions = $old;
429 $this->resetServices();
430
431 $this->overrideUserPermissions( $this->user, $action );
432 $this->assertEquals( $check[$action][2],
433 MediaWikiServices::getInstance()->getPermissionManager()
434 ->getPermissionErrors( $action, $this->user, $this->title, true ) );
435 $this->assertEquals( $check[$action][2],
436 MediaWikiServices::getInstance()->getPermissionManager()
437 ->getPermissionErrors( $action, $this->user, $this->title, 'full' ) );
438 $this->assertEquals( $check[$action][2],
439 MediaWikiServices::getInstance()->getPermissionManager()
440 ->getPermissionErrors( $action, $this->user, $this->title, 'secure' ) );
441
442 $this->overrideUserPermissions( $this->user, $action );
443 $this->assertEquals( $check[$action][3],
444 MediaWikiServices::getInstance()->getPermissionManager()
445 ->userCan( $action, $this->user, $this->title, true ) );
446 $this->assertEquals( $check[$action][3],
447 MediaWikiServices::getInstance()->getPermissionManager()
448 ->userCan( $action, $this->user, $this->title,
449 PermissionManager::RIGOR_QUICK ) );
450 # count( User::getGroupsWithPermissions( $action ) ) < 1
451 }
452 }
453
454 protected function runGroupPermissions( $perm, $action, $result, $result2 = null ) {
455 global $wgGroupPermissions;
456
457 if ( $result2 === null ) {
458 $result2 = $result;
459 }
460
461 $wgGroupPermissions['autoconfirmed']['move'] = false;
462 $wgGroupPermissions['user']['move'] = false;
463 $this->resetServices();
464 $this->overrideUserPermissions( $this->user, $perm );
465 $res = MediaWikiServices::getInstance()->getPermissionManager()
466 ->getPermissionErrors( $action, $this->user, $this->title );
467 $this->assertEquals( $result, $res );
468
469 $wgGroupPermissions['autoconfirmed']['move'] = true;
470 $wgGroupPermissions['user']['move'] = false;
471 $this->resetServices();
472 $this->overrideUserPermissions( $this->user, $perm );
473 $res = MediaWikiServices::getInstance()->getPermissionManager()
474 ->getPermissionErrors( $action, $this->user, $this->title );
475 $this->assertEquals( $result2, $res );
476
477 $wgGroupPermissions['autoconfirmed']['move'] = true;
478 $wgGroupPermissions['user']['move'] = true;
479 $this->resetServices();
480 $this->overrideUserPermissions( $this->user, $perm );
481 $res = MediaWikiServices::getInstance()->getPermissionManager()
482 ->getPermissionErrors( $action, $this->user, $this->title );
483 $this->assertEquals( $result2, $res );
484
485 $wgGroupPermissions['autoconfirmed']['move'] = false;
486 $wgGroupPermissions['user']['move'] = true;
487 $this->resetServices();
488 $this->overrideUserPermissions( $this->user, $perm );
489 $res = MediaWikiServices::getInstance()->getPermissionManager()
490 ->getPermissionErrors( $action, $this->user, $this->title );
491 $this->assertEquals( $result2, $res );
492 }
493
494 /**
495 * @todo This test method should be split up into separate test methods and
496 * data providers
497 * @covers MediaWiki\Permissions\PermissionManager::checkSpecialsAndNSPermissions
498 */
499 public function testSpecialsAndNSPermissions() {
500 global $wgNamespaceProtection;
501 $this->setUser( $this->userName );
502
503 $this->setTitle( NS_SPECIAL );
504
505 $this->assertEquals( [ [ 'badaccess-group0' ], [ 'ns-specialprotected' ] ],
506 MediaWikiServices::getInstance()->getPermissionManager()
507 ->getPermissionErrors( 'bogus', $this->user, $this->title ) );
508
509 $this->setTitle( NS_MAIN );
510 $this->overrideUserPermissions( $this->user, 'bogus' );
511 $this->assertEquals( [],
512 MediaWikiServices::getInstance()->getPermissionManager()
513 ->getPermissionErrors( 'bogus', $this->user, $this->title ) );
514
515 $this->setTitle( NS_MAIN );
516 $this->overrideUserPermissions( $this->user, '' );
517 $this->assertEquals( [ [ 'badaccess-group0' ] ],
518 MediaWikiServices::getInstance()->getPermissionManager()
519 ->getPermissionErrors( 'bogus', $this->user, $this->title ) );
520
521 $wgNamespaceProtection[NS_USER] = [ 'bogus' ];
522
523 $this->setTitle( NS_USER );
524 $this->overrideUserPermissions( $this->user, '' );
525 $this->assertEquals( [ [ 'badaccess-group0' ],
526 [ 'namespaceprotected', 'User', 'bogus' ] ],
527 MediaWikiServices::getInstance()->getPermissionManager()
528 ->getPermissionErrors( 'bogus', $this->user, $this->title ) );
529
530 $this->setTitle( NS_MEDIAWIKI );
531 $this->overrideUserPermissions( $this->user, 'bogus' );
532 $this->assertEquals( [ [ 'protectedinterface', 'bogus' ] ],
533 MediaWikiServices::getInstance()->getPermissionManager()
534 ->getPermissionErrors( 'bogus', $this->user, $this->title ) );
535
536 $this->setTitle( NS_MEDIAWIKI );
537 $this->overrideUserPermissions( $this->user, 'bogus' );
538 $this->assertEquals( [ [ 'protectedinterface', 'bogus' ] ],
539 MediaWikiServices::getInstance()->getPermissionManager()
540 ->getPermissionErrors( 'bogus', $this->user, $this->title ) );
541
542 $wgNamespaceProtection = null;
543
544 $this->overrideUserPermissions( $this->user, 'bogus' );
545 $this->assertEquals( [],
546 MediaWikiServices::getInstance()->getPermissionManager()
547 ->getPermissionErrors( 'bogus', $this->user, $this->title ) );
548 $this->assertEquals( true,
549 MediaWikiServices::getInstance()->getPermissionManager()
550 ->userCan( 'bogus', $this->user, $this->title ) );
551
552 $this->overrideUserPermissions( $this->user, '' );
553 $this->assertEquals( [ [ 'badaccess-group0' ] ],
554 MediaWikiServices::getInstance()->getPermissionManager()
555 ->getPermissionErrors( 'bogus', $this->user, $this->title ) );
556 $this->assertEquals( false,
557 MediaWikiServices::getInstance()->getPermissionManager()
558 ->userCan( 'bogus', $this->user, $this->title ) );
559 }
560
561 /**
562 * @todo This test method should be split up into separate test methods and
563 * data providers
564 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
565 */
566 public function testJsConfigEditPermissions() {
567 $this->setUser( $this->userName );
568
569 $this->setTitle( NS_USER, $this->userName . '/test.js' );
570 $this->runConfigEditPermissions(
571 [ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
572
573 [ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
574 [ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
575 [ [ 'badaccess-group0' ] ],
576
577 [ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
578 [ [ 'badaccess-group0' ], [ 'mycustomjsprotected', 'bogus' ] ],
579 [ [ 'badaccess-group0' ] ],
580 [ [ 'badaccess-groups' ] ]
581 );
582 }
583
584 /**
585 * @todo This test method should be split up into separate test methods and
586 * data providers
587 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
588 */
589 public function testJsonConfigEditPermissions() {
590 $prefix = MediaWikiServices::getInstance()->getContentLanguage()->
591 getFormattedNsText( NS_PROJECT );
592 $this->setUser( $this->userName );
593
594 $this->setTitle( NS_USER, $this->userName . '/test.json' );
595 $this->runConfigEditPermissions(
596 [ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
597
598 [ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
599 [ [ 'badaccess-group0' ] ],
600 [ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
601
602 [ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
603 [ [ 'badaccess-group0' ] ],
604 [ [ 'badaccess-group0' ], [ 'mycustomjsonprotected', 'bogus' ] ],
605 [ [ 'badaccess-groups' ] ]
606 );
607 }
608
609 /**
610 * @todo This test method should be split up into separate test methods and
611 * data providers
612 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
613 */
614 public function testCssConfigEditPermissions() {
615 $this->setUser( $this->userName );
616
617 $this->setTitle( NS_USER, $this->userName . '/test.css' );
618 $this->runConfigEditPermissions(
619 [ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
620
621 [ [ 'badaccess-group0' ] ],
622 [ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
623 [ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
624
625 [ [ 'badaccess-group0' ] ],
626 [ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
627 [ [ 'badaccess-group0' ], [ 'mycustomcssprotected', 'bogus' ] ],
628 [ [ 'badaccess-groups' ] ]
629 );
630 }
631
632 /**
633 * @todo This test method should be split up into separate test methods and
634 * data providers
635 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
636 */
637 public function testOtherJsConfigEditPermissions() {
638 $this->setUser( $this->userName );
639
640 $this->setTitle( NS_USER, $this->altUserName . '/test.js' );
641 $this->runConfigEditPermissions(
642 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
643
644 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
645 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
646 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
647
648 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
649 [ [ 'badaccess-group0' ], [ 'customjsprotected', 'bogus' ] ],
650 [ [ 'badaccess-group0' ] ],
651 [ [ 'badaccess-groups' ] ]
652 );
653 }
654
655 /**
656 * @todo This test method should be split up into separate test methods and
657 * data providers
658 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
659 */
660 public function testOtherJsonConfigEditPermissions() {
661 $this->setUser( $this->userName );
662
663 $this->setTitle( NS_USER, $this->altUserName . '/test.json' );
664 $this->runConfigEditPermissions(
665 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
666
667 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
668 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
669 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
670
671 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
672 [ [ 'badaccess-group0' ] ],
673 [ [ 'badaccess-group0' ], [ 'customjsonprotected', 'bogus' ] ],
674 [ [ 'badaccess-groups' ] ]
675 );
676 }
677
678 /**
679 * @todo This test method should be split up into separate test methods and
680 * data providers
681 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
682 */
683 public function testOtherCssConfigEditPermissions() {
684 $this->setUser( $this->userName );
685
686 $this->setTitle( NS_USER, $this->altUserName . '/test.css' );
687 $this->runConfigEditPermissions(
688 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
689
690 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
691 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
692 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
693
694 [ [ 'badaccess-group0' ] ],
695 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
696 [ [ 'badaccess-group0' ], [ 'customcssprotected', 'bogus' ] ],
697 [ [ 'badaccess-groups' ] ]
698 );
699 }
700
701 /**
702 * @todo This test method should be split up into separate test methods and
703 * data providers
704 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
705 */
706 public function testOtherNonConfigEditPermissions() {
707 $this->setUser( $this->userName );
708
709 $this->setTitle( NS_USER, $this->altUserName . '/tempo' );
710 $this->runConfigEditPermissions(
711 [ [ 'badaccess-group0' ] ],
712
713 [ [ 'badaccess-group0' ] ],
714 [ [ 'badaccess-group0' ] ],
715 [ [ 'badaccess-group0' ] ],
716
717 [ [ 'badaccess-group0' ] ],
718 [ [ 'badaccess-group0' ] ],
719 [ [ 'badaccess-group0' ] ],
720 [ [ 'badaccess-groups' ] ]
721 );
722 }
723
724 /**
725 * @todo This should use data providers like the other methods here.
726 * @covers \MediaWiki\Permissions\PermissionManager::checkUserConfigPermissions
727 */
728 public function testPatrolActionConfigEditPermissions() {
729 $this->setUser( 'anon' );
730 $this->setTitle( NS_USER, 'ToPatrolOrNotToPatrol' );
731 $this->runConfigEditPermissions(
732 [ [ 'badaccess-group0' ] ],
733
734 [ [ 'badaccess-group0' ] ],
735 [ [ 'badaccess-group0' ] ],
736 [ [ 'badaccess-group0' ] ],
737
738 [ [ 'badaccess-group0' ] ],
739 [ [ 'badaccess-group0' ] ],
740 [ [ 'badaccess-group0' ] ],
741 [ [ 'badaccess-groups' ] ]
742 );
743 }
744
745 protected function runConfigEditPermissions(
746 $resultNone,
747 $resultMyCss,
748 $resultMyJson,
749 $resultMyJs,
750 $resultUserCss,
751 $resultUserJson,
752 $resultUserJs,
753 $resultPatrol
754 ) {
755 $this->overrideUserPermissions( $this->user );
756 $result = MediaWikiServices::getInstance()->getPermissionManager()
757 ->getPermissionErrors( 'bogus', $this->user, $this->title );
758 $this->assertEquals( $resultNone, $result );
759
760 $this->overrideUserPermissions( $this->user, 'editmyusercss' );
761 $result = MediaWikiServices::getInstance()->getPermissionManager()
762 ->getPermissionErrors( 'bogus', $this->user, $this->title );
763 $this->assertEquals( $resultMyCss, $result );
764
765 $this->overrideUserPermissions( $this->user, 'editmyuserjson' );
766 $result = MediaWikiServices::getInstance()->getPermissionManager()
767 ->getPermissionErrors( 'bogus', $this->user, $this->title );
768 $this->assertEquals( $resultMyJson, $result );
769
770 $this->overrideUserPermissions( $this->user, 'editmyuserjs' );
771 $result = MediaWikiServices::getInstance()->getPermissionManager()
772 ->getPermissionErrors( 'bogus', $this->user, $this->title );
773 $this->assertEquals( $resultMyJs, $result );
774
775 $this->overrideUserPermissions( $this->user, 'editusercss' );
776 $result = MediaWikiServices::getInstance()->getPermissionManager()
777 ->getPermissionErrors( 'bogus', $this->user, $this->title );
778 $this->assertEquals( $resultUserCss, $result );
779
780 $this->overrideUserPermissions( $this->user, 'edituserjson' );
781 $result = MediaWikiServices::getInstance()->getPermissionManager()
782 ->getPermissionErrors( 'bogus', $this->user, $this->title );
783 $this->assertEquals( $resultUserJson, $result );
784
785 $this->overrideUserPermissions( $this->user, 'edituserjs' );
786 $result = MediaWikiServices::getInstance()->getPermissionManager()
787 ->getPermissionErrors( 'bogus', $this->user, $this->title );
788 $this->assertEquals( $resultUserJs, $result );
789
790 $this->overrideUserPermissions( $this->user );
791 $result = MediaWikiServices::getInstance()->getPermissionManager()
792 ->getPermissionErrors( 'patrol', $this->user, $this->title );
793 $this->assertEquals( reset( $resultPatrol[0] ), reset( $result[0] ) );
794
795 $this->overrideUserPermissions( $this->user, [ 'edituserjs', 'edituserjson', 'editusercss' ] );
796 $result = MediaWikiServices::getInstance()->getPermissionManager()
797 ->getPermissionErrors( 'bogus', $this->user, $this->title );
798 $this->assertEquals( [ [ 'badaccess-group0' ] ], $result );
799 }
800
801 /**
802 * @todo This test method should be split up into separate test methods and
803 * data providers
804 *
805 * This test is failing per T201776.
806 *
807 * @group Broken
808 * @covers \MediaWiki\Permissions\PermissionManager::checkPageRestrictions
809 */
810 public function testPageRestrictions() {
811 $prefix = MediaWikiServices::getInstance()->getContentLanguage()->
812 getFormattedNsText( NS_PROJECT );
813
814 $this->setTitle( NS_MAIN );
815 $this->title->mRestrictionsLoaded = true;
816 $this->overrideUserPermissions( $this->user, "edit" );
817 $this->title->mRestrictions = [ "bogus" => [ 'bogus', "sysop", "protect", "" ] ];
818
819 $this->assertEquals( [],
820 MediaWikiServices::getInstance()->getPermissionManager()
821 ->getPermissionErrors( 'edit', $this->user, $this->title ) );
822
823 $this->assertEquals( true,
824 MediaWikiServices::getInstance()->getPermissionManager()
825 ->userCan( 'edit', $this->user, $this->title, PermissionManager::RIGOR_QUICK ) );
826
827 $this->title->mRestrictions = [ "edit" => [ 'bogus', "sysop", "protect", "" ],
828 "bogus" => [ 'bogus', "sysop", "protect", "" ] ];
829
830 $this->assertEquals( [ [ 'badaccess-group0' ],
831 [ 'protectedpagetext', 'bogus', 'bogus' ],
832 [ 'protectedpagetext', 'editprotected', 'bogus' ],
833 [ 'protectedpagetext', 'protect', 'bogus' ] ],
834 MediaWikiServices::getInstance()->getPermissionManager()->getPermissionErrors(
835 'bogus', $this->user, $this->title ) );
836 $this->assertEquals( [ [ 'protectedpagetext', 'bogus', 'edit' ],
837 [ 'protectedpagetext', 'editprotected', 'edit' ],
838 [ 'protectedpagetext', 'protect', 'edit' ] ],
839 MediaWikiServices::getInstance()->getPermissionManager()->getPermissionErrors(
840 'edit', $this->user, $this->title ) );
841 $this->overrideUserPermissions( $this->user );
842 $this->assertEquals( [ [ 'badaccess-group0' ],
843 [ 'protectedpagetext', 'bogus', 'bogus' ],
844 [ 'protectedpagetext', 'editprotected', 'bogus' ],
845 [ 'protectedpagetext', 'protect', 'bogus' ] ],
846 MediaWikiServices::getInstance()->getPermissionManager()->getPermissionErrors(
847 'bogus', $this->user, $this->title ) );
848 $this->assertEquals( [ [ 'badaccess-groups', "*, [[$prefix:Users|Users]]", 2 ],
849 [ 'protectedpagetext', 'bogus', 'edit' ],
850 [ 'protectedpagetext', 'editprotected', 'edit' ],
851 [ 'protectedpagetext', 'protect', 'edit' ] ],
852 MediaWikiServices::getInstance()->getPermissionManager()->getPermissionErrors(
853 'edit', $this->user, $this->title ) );
854 $this->overrideUserPermissions( $this->user, [ "edit", "editprotected" ] );
855 $this->assertEquals( [ [ 'badaccess-group0' ],
856 [ 'protectedpagetext', 'bogus', 'bogus' ],
857 [ 'protectedpagetext', 'protect', 'bogus' ] ],
858 MediaWikiServices::getInstance()->getPermissionManager()->getPermissionErrors(
859 'bogus', $this->user, $this->title ) );
860 $this->assertEquals( [
861 [ 'protectedpagetext', 'bogus', 'edit' ],
862 [ 'protectedpagetext', 'protect', 'edit' ] ],
863 MediaWikiServices::getInstance()->getPermissionManager()->getPermissionErrors(
864 'edit', $this->user, $this->title ) );
865
866 $this->title->mCascadeRestriction = true;
867 $this->overrideUserPermissions( $this->user, "edit" );
868
869 $this->assertEquals( false,
870 MediaWikiServices::getInstance()->getPermissionManager()
871 ->userCan( 'bogus', $this->user, $this->title, PermissionManager::RIGOR_QUICK ) );
872
873 $this->assertEquals( false,
874 MediaWikiServices::getInstance()->getPermissionManager()->userCan(
875 'edit', $this->user, $this->title, PermissionManager::RIGOR_QUICK ) );
876
877 $this->assertEquals( [ [ 'badaccess-group0' ],
878 [ 'protectedpagetext', 'bogus', 'bogus' ],
879 [ 'protectedpagetext', 'editprotected', 'bogus' ],
880 [ 'protectedpagetext', 'protect', 'bogus' ] ],
881 MediaWikiServices::getInstance()->getPermissionManager()->getPermissionErrors(
882 'bogus', $this->user, $this->title ) );
883 $this->assertEquals( [ [ 'protectedpagetext', 'bogus', 'edit' ],
884 [ 'protectedpagetext', 'editprotected', 'edit' ],
885 [ 'protectedpagetext', 'protect', 'edit' ] ],
886 MediaWikiServices::getInstance()->getPermissionManager()->getPermissionErrors(
887 'edit', $this->user, $this->title ) );
888
889 $this->overrideUserPermissions( $this->user, [ "edit", "editprotected" ] );
890 $this->assertEquals( false,
891 MediaWikiServices::getInstance()->getPermissionManager()->userCan(
892 'bogus', $this->user, $this->title, PermissionManager::RIGOR_QUICK ) );
893
894 $this->assertEquals( false,
895 MediaWikiServices::getInstance()->getPermissionManager()->userCan(
896 'edit', $this->user, $this->title, PermissionManager::RIGOR_QUICK ) );
897
898 $this->assertEquals( [ [ 'badaccess-group0' ],
899 [ 'protectedpagetext', 'bogus', 'bogus' ],
900 [ 'protectedpagetext', 'protect', 'bogus' ],
901 [ 'protectedpagetext', 'protect', 'bogus' ] ],
902 MediaWikiServices::getInstance()->getPermissionManager()->getPermissionErrors(
903 'bogus', $this->user, $this->title ) );
904 $this->assertEquals( [ [ 'protectedpagetext', 'bogus', 'edit' ],
905 [ 'protectedpagetext', 'protect', 'edit' ],
906 [ 'protectedpagetext', 'protect', 'edit' ] ],
907 MediaWikiServices::getInstance()->getPermissionManager()->getPermissionErrors(
908 'edit', $this->user, $this->title ) );
909 }
910
911 /**
912 * @covers \MediaWiki\Permissions\PermissionManager::checkCascadingSourcesRestrictions
913 */
914 public function testCascadingSourcesRestrictions() {
915 $this->setTitle( NS_MAIN, "test page" );
916 $this->overrideUserPermissions( $this->user, [ "edit", "bogus" ] );
917
918 $this->title->mCascadeSources = [
919 Title::makeTitle( NS_MAIN, "Bogus" ),
920 Title::makeTitle( NS_MAIN, "UnBogus" )
921 ];
922 $this->title->mCascadingRestrictions = [
923 "bogus" => [ 'bogus', "sysop", "protect", "" ]
924 ];
925
926 $this->assertEquals( false,
927 MediaWikiServices::getInstance()->getPermissionManager()->userCan(
928 'bogus', $this->user, $this->title ) );
929 $this->assertEquals( [
930 [ "cascadeprotected", 2, "* [[:Bogus]]\n* [[:UnBogus]]\n", 'bogus' ],
931 [ "cascadeprotected", 2, "* [[:Bogus]]\n* [[:UnBogus]]\n", 'bogus' ],
932 [ "cascadeprotected", 2, "* [[:Bogus]]\n* [[:UnBogus]]\n", 'bogus' ] ],
933 MediaWikiServices::getInstance()->getPermissionManager()->getPermissionErrors(
934 'bogus', $this->user, $this->title ) );
935
936 $this->assertEquals( true,
937 MediaWikiServices::getInstance()->getPermissionManager()->userCan(
938 'edit', $this->user, $this->title ) );
939 $this->assertEquals( [],
940 MediaWikiServices::getInstance()->getPermissionManager()->getPermissionErrors(
941 'edit', $this->user, $this->title ) );
942 }
943
944 /**
945 * @todo This test method should be split up into separate test methods and
946 * data providers
947 * @covers \MediaWiki\Permissions\PermissionManager::checkActionPermissions
948 */
949 public function testActionPermissions() {
950 $this->overrideUserPermissions( $this->user, [ "createpage" ] );
951 $this->setTitle( NS_MAIN, "test page" );
952 $this->title->mTitleProtection['permission'] = '';
953 $this->title->mTitleProtection['user'] = $this->user->getId();
954 $this->title->mTitleProtection['expiry'] = 'infinity';
955 $this->title->mTitleProtection['reason'] = 'test';
956 $this->title->mCascadeRestriction = false;
957
958 $this->assertEquals( [ [ 'titleprotected', 'Useruser', 'test' ] ],
959 MediaWikiServices::getInstance()->getPermissionManager()
960 ->getPermissionErrors( 'create', $this->user, $this->title ) );
961 $this->assertEquals( false,
962 MediaWikiServices::getInstance()->getPermissionManager()->userCan(
963 'create', $this->user, $this->title ) );
964
965 $this->title->mTitleProtection['permission'] = 'editprotected';
966 $this->overrideUserPermissions( $this->user, [ 'createpage', 'protect' ] );
967 $this->assertEquals( [ [ 'titleprotected', 'Useruser', 'test' ] ],
968 MediaWikiServices::getInstance()->getPermissionManager()
969 ->getPermissionErrors( 'create', $this->user, $this->title ) );
970 $this->assertEquals( false,
971 MediaWikiServices::getInstance()->getPermissionManager()->userCan(
972 'create', $this->user, $this->title ) );
973
974 $this->overrideUserPermissions( $this->user, [ 'createpage', 'editprotected' ] );
975 $this->assertEquals( [],
976 MediaWikiServices::getInstance()->getPermissionManager()
977 ->getPermissionErrors( 'create', $this->user, $this->title ) );
978 $this->assertEquals( true,
979 MediaWikiServices::getInstance()->getPermissionManager()->userCan(
980 'create', $this->user, $this->title ) );
981
982 $this->overrideUserPermissions( $this->user, [ 'createpage' ] );
983 $this->assertEquals( [ [ 'titleprotected', 'Useruser', 'test' ] ],
984 MediaWikiServices::getInstance()->getPermissionManager()
985 ->getPermissionErrors( 'create', $this->user, $this->title ) );
986 $this->assertEquals( false,
987 MediaWikiServices::getInstance()->getPermissionManager()->userCan(
988 'create', $this->user, $this->title ) );
989
990 $this->setTitle( NS_MEDIA, "test page" );
991 $this->overrideUserPermissions( $this->user, [ "move" ] );
992 $this->assertEquals( false,
993 MediaWikiServices::getInstance()->getPermissionManager()->userCan(
994 'move', $this->user, $this->title ) );
995 $this->assertEquals( [ [ 'immobile-source-namespace', 'Media' ] ],
996 MediaWikiServices::getInstance()->getPermissionManager()
997 ->getPermissionErrors( 'move', $this->user, $this->title ) );
998
999 $this->setTitle( NS_HELP, "test page" );
1000 $this->assertEquals( [],
1001 MediaWikiServices::getInstance()->getPermissionManager()
1002 ->getPermissionErrors( 'move', $this->user, $this->title ) );
1003 $this->assertEquals( true,
1004 MediaWikiServices::getInstance()->getPermissionManager()->userCan(
1005 'move', $this->user, $this->title ) );
1006
1007 $this->title->mInterwiki = "no";
1008 $this->assertEquals( [ [ 'immobile-source-page' ] ],
1009 MediaWikiServices::getInstance()->getPermissionManager()
1010 ->getPermissionErrors( 'move', $this->user, $this->title ) );
1011 $this->assertEquals( false,
1012 MediaWikiServices::getInstance()->getPermissionManager()->userCan(
1013 'move', $this->user, $this->title ) );
1014
1015 $this->setTitle( NS_MEDIA, "test page" );
1016 $this->assertEquals( false,
1017 MediaWikiServices::getInstance()->getPermissionManager()->userCan(
1018 'move-target', $this->user, $this->title ) );
1019 $this->assertEquals( [ [ 'immobile-target-namespace', 'Media' ] ],
1020 MediaWikiServices::getInstance()->getPermissionManager()
1021 ->getPermissionErrors( 'move-target', $this->user, $this->title ) );
1022
1023 $this->setTitle( NS_HELP, "test page" );
1024 $this->assertEquals( [],
1025 MediaWikiServices::getInstance()->getPermissionManager()
1026 ->getPermissionErrors( 'move-target', $this->user, $this->title ) );
1027 $this->assertEquals( true,
1028 MediaWikiServices::getInstance()->getPermissionManager()->userCan(
1029 'move-target', $this->user, $this->title ) );
1030
1031 $this->title->mInterwiki = "no";
1032 $this->assertEquals( [ [ 'immobile-target-page' ] ],
1033 MediaWikiServices::getInstance()->getPermissionManager()
1034 ->getPermissionErrors( 'move-target', $this->user, $this->title ) );
1035 $this->assertEquals( false,
1036 MediaWikiServices::getInstance()->getPermissionManager()->userCan(
1037 'move-target', $this->user, $this->title ) );
1038 }
1039
1040 /**
1041 * @covers \MediaWiki\Permissions\PermissionManager::checkUserBlock
1042 */
1043 public function testUserBlock() {
1044 $this->setMwGlobals( [
1045 'wgEmailConfirmToEdit' => true,
1046 'wgEmailAuthentication' => true,
1047 'wgBlockDisablesLogin' => false,
1048 ] );
1049
1050 $this->overrideUserPermissions( $this->user, [
1051 'createpage',
1052 'edit',
1053 'move',
1054 'rollback',
1055 'patrol',
1056 'upload',
1057 'purge'
1058 ] );
1059 $this->setTitle( NS_HELP, "test page" );
1060
1061 # $wgEmailConfirmToEdit only applies to 'edit' action
1062 $this->assertEquals( [],
1063 MediaWikiServices::getInstance()->getPermissionManager()->getPermissionErrors(
1064 'move-target', $this->user, $this->title ) );
1065 $this->assertContains( [ 'confirmedittext' ],
1066 MediaWikiServices::getInstance()->getPermissionManager()
1067 ->getPermissionErrors( 'edit', $this->user, $this->title ) );
1068
1069 $this->setMwGlobals( 'wgEmailConfirmToEdit', false );
1070 $this->resetServices();
1071 $this->overrideUserPermissions( $this->user, [
1072 'createpage',
1073 'edit',
1074 'move',
1075 'rollback',
1076 'patrol',
1077 'upload',
1078 'purge'
1079 ] );
1080
1081 $this->assertNotContains( [ 'confirmedittext' ],
1082 MediaWikiServices::getInstance()->getPermissionManager()
1083 ->getPermissionErrors( 'edit', $this->user, $this->title ) );
1084
1085 # $wgEmailConfirmToEdit && !$user->isEmailConfirmed() && $action != 'createaccount'
1086 $this->assertEquals( [],
1087 MediaWikiServices::getInstance()->getPermissionManager()->getPermissionErrors(
1088 'move-target', $this->user, $this->title ) );
1089
1090 global $wgLang;
1091 $prev = time();
1092 $now = time() + 120;
1093 $this->user->mBlockedby = $this->user->getId();
1094 $this->user->mBlock = new DatabaseBlock( [
1095 'address' => '127.0.8.1',
1096 'by' => $this->user->getId(),
1097 'reason' => 'no reason given',
1098 'timestamp' => $prev + 3600,
1099 'auto' => true,
1100 'expiry' => 0
1101 ] );
1102 $this->user->mBlock->mTimestamp = 0;
1103 $this->assertEquals( [ [ 'autoblockedtext',
1104 "[[User:Useruser|\u{202A}Useruser\u{202C}]]", 'no reason given', '127.0.0.1',
1105 "\u{202A}Useruser\u{202C}", null, 'infinite', '127.0.8.1',
1106 $wgLang->timeanddate( wfTimestamp( TS_MW, $prev ), true ) ] ],
1107 MediaWikiServices::getInstance()->getPermissionManager()->getPermissionErrors(
1108 'move-target', $this->user, $this->title ) );
1109
1110 $this->assertEquals( false, MediaWikiServices::getInstance()->getPermissionManager()
1111 ->userCan( 'move-target', $this->user, $this->title ) );
1112 // quickUserCan should ignore user blocks
1113 $this->assertEquals( true, MediaWikiServices::getInstance()->getPermissionManager()
1114 ->userCan( 'move-target', $this->user, $this->title,
1115 PermissionManager::RIGOR_QUICK ) );
1116
1117 global $wgLocalTZoffset;
1118 $wgLocalTZoffset = -60;
1119 $this->user->mBlockedby = $this->user->getName();
1120 $this->user->mBlock = new DatabaseBlock( [
1121 'address' => '127.0.8.1',
1122 'by' => $this->user->getId(),
1123 'reason' => 'no reason given',
1124 'timestamp' => $now,
1125 'auto' => false,
1126 'expiry' => 10,
1127 ] );
1128 $this->assertEquals( [ [ 'blockedtext',
1129 "[[User:Useruser|\u{202A}Useruser\u{202C}]]", 'no reason given', '127.0.0.1',
1130 "\u{202A}Useruser\u{202C}", null, '23:00, 31 December 1969', '127.0.8.1',
1131 $wgLang->timeanddate( wfTimestamp( TS_MW, $now ), true ) ] ],
1132 MediaWikiServices::getInstance()->getPermissionManager()
1133 ->getPermissionErrors( 'move-target', $this->user, $this->title ) );
1134 # $action != 'read' && $action != 'createaccount' && $user->isBlockedFrom( $this )
1135 # $user->blockedFor() == ''
1136 # $user->mBlock->mExpiry == 'infinity'
1137
1138 $this->user->mBlockedby = $this->user->getName();
1139 $this->user->mBlock = new SystemBlock( [
1140 'address' => '127.0.8.1',
1141 'by' => $this->user->getId(),
1142 'reason' => 'no reason given',
1143 'timestamp' => $now,
1144 'auto' => false,
1145 'systemBlock' => 'test',
1146 ] );
1147
1148 $errors = [ [ 'systemblockedtext',
1149 "[[User:Useruser|\u{202A}Useruser\u{202C}]]", 'no reason given', '127.0.0.1',
1150 "\u{202A}Useruser\u{202C}", 'test', 'infinite', '127.0.8.1',
1151 $wgLang->timeanddate( wfTimestamp( TS_MW, $now ), true ) ] ];
1152
1153 $this->assertEquals( $errors,
1154 MediaWikiServices::getInstance()->getPermissionManager()
1155 ->getPermissionErrors( 'edit', $this->user, $this->title ) );
1156 $this->assertEquals( $errors,
1157 MediaWikiServices::getInstance()->getPermissionManager()
1158 ->getPermissionErrors( 'move-target', $this->user, $this->title ) );
1159 $this->assertEquals( $errors,
1160 MediaWikiServices::getInstance()->getPermissionManager()
1161 ->getPermissionErrors( 'rollback', $this->user, $this->title ) );
1162 $this->assertEquals( $errors,
1163 MediaWikiServices::getInstance()->getPermissionManager()
1164 ->getPermissionErrors( 'patrol', $this->user, $this->title ) );
1165 $this->assertEquals( $errors,
1166 MediaWikiServices::getInstance()->getPermissionManager()
1167 ->getPermissionErrors( 'upload', $this->user, $this->title ) );
1168 $this->assertEquals( [],
1169 MediaWikiServices::getInstance()->getPermissionManager()
1170 ->getPermissionErrors( 'purge', $this->user, $this->title ) );
1171
1172 // partial block message test
1173 $this->user->mBlockedby = $this->user->getName();
1174 $this->user->mBlock = new DatabaseBlock( [
1175 'address' => '127.0.8.1',
1176 'by' => $this->user->getId(),
1177 'reason' => 'no reason given',
1178 'timestamp' => $now,
1179 'sitewide' => false,
1180 'expiry' => 10,
1181 ] );
1182
1183 $this->assertEquals( [],
1184 MediaWikiServices::getInstance()->getPermissionManager()
1185 ->getPermissionErrors( 'edit', $this->user, $this->title ) );
1186 $this->assertEquals( [],
1187 MediaWikiServices::getInstance()->getPermissionManager()
1188 ->getPermissionErrors( 'move-target', $this->user, $this->title ) );
1189 $this->assertEquals( [],
1190 MediaWikiServices::getInstance()->getPermissionManager()
1191 ->getPermissionErrors( 'rollback', $this->user, $this->title ) );
1192 $this->assertEquals( [],
1193 MediaWikiServices::getInstance()->getPermissionManager()
1194 ->getPermissionErrors( 'patrol', $this->user, $this->title ) );
1195 $this->assertEquals( [],
1196 MediaWikiServices::getInstance()->getPermissionManager()
1197 ->getPermissionErrors( 'upload', $this->user, $this->title ) );
1198 $this->assertEquals( [],
1199 MediaWikiServices::getInstance()->getPermissionManager()
1200 ->getPermissionErrors( 'purge', $this->user, $this->title ) );
1201
1202 $this->user->mBlock->setRestrictions( [
1203 ( new PageRestriction( 0, $this->title->getArticleID() ) )->setTitle( $this->title ),
1204 ] );
1205
1206 $errors = [ [ 'blockedtext-partial',
1207 "[[User:Useruser|\u{202A}Useruser\u{202C}]]", 'no reason given', '127.0.0.1',
1208 "\u{202A}Useruser\u{202C}", null, '23:00, 31 December 1969', '127.0.8.1',
1209 $wgLang->timeanddate( wfTimestamp( TS_MW, $now ), true ) ] ];
1210
1211 $this->assertEquals( $errors,
1212 MediaWikiServices::getInstance()->getPermissionManager()
1213 ->getPermissionErrors( 'edit', $this->user, $this->title ) );
1214 $this->assertEquals( $errors,
1215 MediaWikiServices::getInstance()->getPermissionManager()
1216 ->getPermissionErrors( 'move-target', $this->user, $this->title ) );
1217 $this->assertEquals( $errors,
1218 MediaWikiServices::getInstance()->getPermissionManager()
1219 ->getPermissionErrors( 'rollback', $this->user, $this->title ) );
1220 $this->assertEquals( $errors,
1221 MediaWikiServices::getInstance()->getPermissionManager()
1222 ->getPermissionErrors( 'patrol', $this->user, $this->title ) );
1223 $this->assertEquals( [],
1224 MediaWikiServices::getInstance()->getPermissionManager()
1225 ->getPermissionErrors( 'upload', $this->user, $this->title ) );
1226 $this->assertEquals( [],
1227 MediaWikiServices::getInstance()->getPermissionManager()
1228 ->getPermissionErrors( 'purge', $this->user, $this->title ) );
1229
1230 // Test no block.
1231 $this->user->mBlockedby = null;
1232 $this->user->mBlock = null;
1233
1234 $this->assertEquals( [],
1235 MediaWikiServices::getInstance()->getPermissionManager()
1236 ->getPermissionErrors( 'edit', $this->user, $this->title ) );
1237 }
1238
1239 /**
1240 * @covers \MediaWiki\Permissions\PermissionManager::checkUserBlock
1241 *
1242 * Tests to determine that the passed in permission does not get mixed up with
1243 * an action of the same name.
1244 */
1245 public function testUserBlockAction() {
1246 global $wgLang;
1247
1248 $tester = $this->getMockBuilder( Action::class )
1249 ->disableOriginalConstructor()
1250 ->getMock();
1251 $tester->method( 'getName' )
1252 ->willReturn( 'tester' );
1253 $tester->method( 'getRestriction' )
1254 ->willReturn( 'test' );
1255 $tester->method( 'requiresUnblock' )
1256 ->willReturn( false );
1257
1258 $this->setMwGlobals( [
1259 'wgActions' => [
1260 'tester' => $tester,
1261 ],
1262 'wgGroupPermissions' => [
1263 '*' => [
1264 'tester' => true,
1265 ],
1266 ],
1267 ] );
1268
1269 $now = time();
1270 $this->user->mBlockedby = $this->user->getName();
1271 $this->user->mBlock = new DatabaseBlock( [
1272 'address' => '127.0.8.1',
1273 'by' => $this->user->getId(),
1274 'reason' => 'no reason given',
1275 'timestamp' => $now,
1276 'auto' => false,
1277 'expiry' => 'infinity',
1278 ] );
1279
1280 $errors = [ [ 'blockedtext',
1281 "[[User:Useruser|\u{202A}Useruser\u{202C}]]", 'no reason given', '127.0.0.1',
1282 "\u{202A}Useruser\u{202C}", null, 'infinite', '127.0.8.1',
1283 $wgLang->timeanddate( wfTimestamp( TS_MW, $now ), true ) ] ];
1284
1285 $this->assertEquals( $errors,
1286 MediaWikiServices::getInstance()->getPermissionManager()
1287 ->getPermissionErrors( 'tester', $this->user, $this->title ) );
1288 }
1289
1290 /**
1291 * @covers \MediaWiki\Permissions\PermissionManager::isBlockedFrom
1292 */
1293 public function testBlockInstanceCache() {
1294 // First, check the user isn't blocked
1295 $user = $this->getMutableTestUser()->getUser();
1296 $ut = Title::makeTitle( NS_USER_TALK, $user->getName() );
1297 $this->assertNull( $user->getBlock( false ), 'sanity check' );
1298 //$this->assertSame( '', $user->blockedBy(), 'sanity check' );
1299 //$this->assertSame( '', $user->blockedFor(), 'sanity check' );
1300 //$this->assertFalse( (bool)$user->isHidden(), 'sanity check' );
1301 $this->assertFalse( MediaWikiServices::getInstance()->getPermissionManager()
1302 ->isBlockedFrom( $user, $ut ), 'sanity check' );
1303
1304 // Block the user
1305 $blocker = $this->getTestSysop()->getUser();
1306 $block = new DatabaseBlock( [
1307 'hideName' => true,
1308 'allowUsertalk' => false,
1309 'reason' => 'Because',
1310 ] );
1311 $block->setTarget( $user );
1312 $block->setBlocker( $blocker );
1313 $res = $block->insert();
1314 $this->assertTrue( (bool)$res['id'], 'sanity check: Failed to insert block' );
1315
1316 // Clear cache and confirm it loaded the block properly
1317 $user->clearInstanceCache();
1318 $this->assertInstanceOf( DatabaseBlock::class, $user->getBlock( false ) );
1319 //$this->assertSame( $blocker->getName(), $user->blockedBy() );
1320 //$this->assertSame( 'Because', $user->blockedFor() );
1321 //$this->assertTrue( (bool)$user->isHidden() );
1322 $this->assertTrue( MediaWikiServices::getInstance()->getPermissionManager()
1323 ->isBlockedFrom( $user, $ut ) );
1324
1325 // Unblock
1326 $block->delete();
1327
1328 // Clear cache and confirm it loaded the not-blocked properly
1329 $user->clearInstanceCache();
1330 $this->assertNull( $user->getBlock( false ) );
1331 //$this->assertSame( '', $user->blockedBy() );
1332 //$this->assertSame( '', $user->blockedFor() );
1333 //$this->assertFalse( (bool)$user->isHidden() );
1334 $this->assertFalse( MediaWikiServices::getInstance()->getPermissionManager()
1335 ->isBlockedFrom( $user, $ut ) );
1336 }
1337
1338 /**
1339 * @covers \MediaWiki\Permissions\PermissionManager::isBlockedFrom
1340 * @dataProvider provideIsBlockedFrom
1341 * @param string|null $title Title to test.
1342 * @param bool $expect Expected result from User::isBlockedFrom()
1343 * @param array $options Additional test options:
1344 * - 'blockAllowsUTEdit': (bool, default true) Value for $wgBlockAllowsUTEdit
1345 * - 'allowUsertalk': (bool, default false) Passed to DatabaseBlock::__construct()
1346 * - 'pageRestrictions': (array|null) If non-empty, page restriction titles for the block.
1347 */
1348 public function testIsBlockedFrom( $title, $expect, array $options = [] ) {
1349 $this->setMwGlobals( [
1350 'wgBlockAllowsUTEdit' => $options['blockAllowsUTEdit'] ?? true,
1351 ] );
1352
1353 $user = $this->getTestUser()->getUser();
1354
1355 if ( $title === self::USER_TALK_PAGE ) {
1356 $title = $user->getTalkPage();
1357 } else {
1358 $title = Title::newFromText( $title );
1359 }
1360
1361 $restrictions = [];
1362 foreach ( $options['pageRestrictions'] ?? [] as $pagestr ) {
1363 $page = $this->getExistingTestPage(
1364 $pagestr === self::USER_TALK_PAGE ? $user->getTalkPage() : $pagestr
1365 );
1366 $restrictions[] = new PageRestriction( 0, $page->getId() );
1367 }
1368 foreach ( $options['namespaceRestrictions'] ?? [] as $ns ) {
1369 $restrictions[] = new NamespaceRestriction( 0, $ns );
1370 }
1371
1372 $block = new DatabaseBlock( [
1373 'expiry' => wfTimestamp( TS_MW, wfTimestamp() + ( 40 * 60 * 60 ) ),
1374 'allowUsertalk' => $options['allowUsertalk'] ?? false,
1375 'sitewide' => !$restrictions,
1376 ] );
1377 $block->setTarget( $user );
1378 $block->setBlocker( $this->getTestSysop()->getUser() );
1379 if ( $restrictions ) {
1380 $block->setRestrictions( $restrictions );
1381 }
1382 $block->insert();
1383
1384 try {
1385 $this->assertSame( $expect, MediaWikiServices::getInstance()->getPermissionManager()
1386 ->isBlockedFrom( $user, $title ) );
1387 } finally {
1388 $block->delete();
1389 }
1390 }
1391
1392 public static function provideIsBlockedFrom() {
1393 return [
1394 'Sitewide block, basic operation' => [ 'Test page', true ],
1395 'Sitewide block, not allowing user talk' => [
1396 self::USER_TALK_PAGE, true, [
1397 'allowUsertalk' => false,
1398 ]
1399 ],
1400 'Sitewide block, allowing user talk' => [
1401 self::USER_TALK_PAGE, false, [
1402 'allowUsertalk' => true,
1403 ]
1404 ],
1405 'Sitewide block, allowing user talk but $wgBlockAllowsUTEdit is false' => [
1406 self::USER_TALK_PAGE, true, [
1407 'allowUsertalk' => true,
1408 'blockAllowsUTEdit' => false,
1409 ]
1410 ],
1411 'Partial block, blocking the page' => [
1412 'Test page', true, [
1413 'pageRestrictions' => [ 'Test page' ],
1414 ]
1415 ],
1416 'Partial block, not blocking the page' => [
1417 'Test page 2', false, [
1418 'pageRestrictions' => [ 'Test page' ],
1419 ]
1420 ],
1421 'Partial block, not allowing user talk but user talk page is not blocked' => [
1422 self::USER_TALK_PAGE, false, [
1423 'allowUsertalk' => false,
1424 'pageRestrictions' => [ 'Test page' ],
1425 ]
1426 ],
1427 'Partial block, allowing user talk but user talk page is blocked' => [
1428 self::USER_TALK_PAGE, true, [
1429 'allowUsertalk' => true,
1430 'pageRestrictions' => [ self::USER_TALK_PAGE ],
1431 ]
1432 ],
1433 'Partial block, user talk page is not blocked but $wgBlockAllowsUTEdit is false' => [
1434 self::USER_TALK_PAGE, false, [
1435 'allowUsertalk' => false,
1436 'pageRestrictions' => [ 'Test page' ],
1437 'blockAllowsUTEdit' => false,
1438 ]
1439 ],
1440 'Partial block, user talk page is blocked and $wgBlockAllowsUTEdit is false' => [
1441 self::USER_TALK_PAGE, true, [
1442 'allowUsertalk' => true,
1443 'pageRestrictions' => [ self::USER_TALK_PAGE ],
1444 'blockAllowsUTEdit' => false,
1445 ]
1446 ],
1447 'Partial user talk namespace block, not allowing user talk' => [
1448 self::USER_TALK_PAGE, true, [
1449 'allowUsertalk' => false,
1450 'namespaceRestrictions' => [ NS_USER_TALK ],
1451 ]
1452 ],
1453 'Partial user talk namespace block, allowing user talk' => [
1454 self::USER_TALK_PAGE, false, [
1455 'allowUsertalk' => true,
1456 'namespaceRestrictions' => [ NS_USER_TALK ],
1457 ]
1458 ],
1459 'Partial user talk namespace block, where $wgBlockAllowsUTEdit is false' => [
1460 self::USER_TALK_PAGE, true, [
1461 'allowUsertalk' => true,
1462 'namespaceRestrictions' => [ NS_USER_TALK ],
1463 'blockAllowsUTEdit' => false,
1464 ]
1465 ],
1466 ];
1467 }
1468
1469 /**
1470 * @covers \MediaWiki\Permissions\PermissionManager::getUserPermissions
1471 */
1472 public function testGetUserPermissions() {
1473 $user = $this->getTestUser( [ 'unittesters' ] )->getUser();
1474 $rights = MediaWikiServices::getInstance()->getPermissionManager()
1475 ->getUserPermissions( $user );
1476 $this->assertContains( 'runtest', $rights );
1477 $this->assertNotContains( 'writetest', $rights );
1478 $this->assertNotContains( 'modifytest', $rights );
1479 $this->assertNotContains( 'nukeworld', $rights );
1480 }
1481
1482 /**
1483 * @covers \MediaWiki\Permissions\PermissionManager::getUserPermissions
1484 */
1485 public function testGetUserPermissionsHooks() {
1486 $user = $this->getTestUser( [ 'unittesters', 'testwriters' ] )->getUser();
1487 $userWrapper = TestingAccessWrapper::newFromObject( $user );
1488
1489 $rights = MediaWikiServices::getInstance()->getPermissionManager()
1490 ->getUserPermissions( $user );
1491 $this->assertContains( 'test', $rights, 'sanity check' );
1492 $this->assertContains( 'runtest', $rights, 'sanity check' );
1493 $this->assertContains( 'writetest', $rights, 'sanity check' );
1494 $this->assertNotContains( 'nukeworld', $rights, 'sanity check' );
1495
1496 // Add a hook manipluating the rights
1497 $this->mergeMwGlobalArrayValue( 'wgHooks', [ 'UserGetRights' => [ function ( $user, &$rights ) {
1498 $rights[] = 'nukeworld';
1499 $rights = array_diff( $rights, [ 'writetest' ] );
1500 } ] ] );
1501
1502 $this->resetServices();
1503 $rights = MediaWikiServices::getInstance()->getPermissionManager()
1504 ->getUserPermissions( $user );
1505 $this->assertContains( 'test', $rights );
1506 $this->assertContains( 'runtest', $rights );
1507 $this->assertNotContains( 'writetest', $rights );
1508 $this->assertContains( 'nukeworld', $rights );
1509
1510 // Add a Session that limits rights
1511 $mock = $this->getMockBuilder( stdClass::class )
1512 ->setMethods( [ 'getAllowedUserRights', 'deregisterSession', 'getSessionId' ] )
1513 ->getMock();
1514 $mock->method( 'getAllowedUserRights' )->willReturn( [ 'test', 'writetest' ] );
1515 $mock->method( 'getSessionId' )->willReturn(
1516 new SessionId( str_repeat( 'X', 32 ) )
1517 );
1518 $session = TestUtils::getDummySession( $mock );
1519 $mockRequest = $this->getMockBuilder( FauxRequest::class )
1520 ->setMethods( [ 'getSession' ] )
1521 ->getMock();
1522 $mockRequest->method( 'getSession' )->willReturn( $session );
1523 $userWrapper->mRequest = $mockRequest;
1524
1525 $this->resetServices();
1526 $rights = MediaWikiServices::getInstance()->getPermissionManager()
1527 ->getUserPermissions( $user );
1528 $this->assertContains( 'test', $rights );
1529 $this->assertNotContains( 'runtest', $rights );
1530 $this->assertNotContains( 'writetest', $rights );
1531 $this->assertNotContains( 'nukeworld', $rights );
1532 }
1533
1534 /**
1535 * @covers \MediaWiki\Permissions\PermissionManager::getGroupPermissions
1536 */
1537 public function testGroupPermissions() {
1538 $rights = MediaWikiServices::getInstance()->getPermissionManager()
1539 ->getGroupPermissions( [ 'unittesters' ] );
1540 $this->assertContains( 'runtest', $rights );
1541 $this->assertNotContains( 'writetest', $rights );
1542 $this->assertNotContains( 'modifytest', $rights );
1543 $this->assertNotContains( 'nukeworld', $rights );
1544
1545 $rights = MediaWikiServices::getInstance()->getPermissionManager()
1546 ->getGroupPermissions( [ 'unittesters', 'testwriters' ] );
1547 $this->assertContains( 'runtest', $rights );
1548 $this->assertContains( 'writetest', $rights );
1549 $this->assertContains( 'modifytest', $rights );
1550 $this->assertNotContains( 'nukeworld', $rights );
1551 }
1552
1553 /**
1554 * @covers \MediaWiki\Permissions\PermissionManager::getGroupPermissions
1555 */
1556 public function testRevokePermissions() {
1557 $rights = MediaWikiServices::getInstance()->getPermissionManager()
1558 ->getGroupPermissions( [ 'unittesters', 'formertesters' ] );
1559 $this->assertNotContains( 'runtest', $rights );
1560 $this->assertNotContains( 'writetest', $rights );
1561 $this->assertNotContains( 'modifytest', $rights );
1562 $this->assertNotContains( 'nukeworld', $rights );
1563 }
1564
1565 /**
1566 * @dataProvider provideGetGroupsWithPermission
1567 * @covers \MediaWiki\Permissions\PermissionManager::getGroupsWithPermission
1568 */
1569 public function testGetGroupsWithPermission( $expected, $right ) {
1570 $result = MediaWikiServices::getInstance()->getPermissionManager()
1571 ->getGroupsWithPermission( $right );
1572 sort( $result );
1573 sort( $expected );
1574
1575 $this->assertEquals( $expected, $result, "Groups with permission $right" );
1576 }
1577
1578 public static function provideGetGroupsWithPermission() {
1579 return [
1580 [
1581 [ 'unittesters', 'testwriters' ],
1582 'test'
1583 ],
1584 [
1585 [ 'unittesters' ],
1586 'runtest'
1587 ],
1588 [
1589 [ 'testwriters' ],
1590 'writetest'
1591 ],
1592 [
1593 [ 'testwriters' ],
1594 'modifytest'
1595 ],
1596 ];
1597 }
1598
1599 /**
1600 * @covers \MediaWiki\Permissions\PermissionManager::userHasRight
1601 */
1602 public function testUserHasRight() {
1603 $result = MediaWikiServices::getInstance()->getPermissionManager()->userHasRight(
1604 $this->getTestUser( 'unittesters' )->getUser(),
1605 'test'
1606 );
1607 $this->assertTrue( $result );
1608
1609 $result = MediaWikiServices::getInstance()->getPermissionManager()->userHasRight(
1610 $this->getTestUser( 'formertesters' )->getUser(),
1611 'runtest'
1612 );
1613 $this->assertFalse( $result );
1614
1615 $result = MediaWikiServices::getInstance()->getPermissionManager()->userHasRight(
1616 $this->getTestUser( 'formertesters' )->getUser(),
1617 ''
1618 );
1619 $this->assertTrue( $result );
1620 }
1621
1622 /**
1623 * @covers \MediaWiki\Permissions\PermissionManager::groupHasPermission
1624 */
1625 public function testGroupHasPermission() {
1626 $result = MediaWikiServices::getInstance()->getPermissionManager()->groupHasPermission(
1627 'unittesters',
1628 'test'
1629 );
1630 $this->assertTrue( $result );
1631
1632 $result = MediaWikiServices::getInstance()->getPermissionManager()->groupHasPermission(
1633 'formertesters',
1634 'runtest'
1635 );
1636 $this->assertFalse( $result );
1637 }
1638
1639 /**
1640 * @covers \MediaWiki\Permissions\PermissionManager::isEveryoneAllowed
1641 */
1642 public function testIsEveryoneAllowed() {
1643 $result = MediaWikiServices::getInstance()->getPermissionManager()
1644 ->isEveryoneAllowed( 'editmyoptions' );
1645 $this->assertTrue( $result );
1646
1647 $result = MediaWikiServices::getInstance()->getPermissionManager()
1648 ->isEveryoneAllowed( 'test' );
1649 $this->assertFalse( $result );
1650 }
1651
1652 /**
1653 * @covers \MediaWiki\Permissions\PermissionManager::addTemporaryUserRights
1654 * @covers \MediaWiki\Permissions\PermissionManager::revokeTemporaryUserRights
1655 */
1656 public function testTemporaryUserRights() {
1657 $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
1658 $this->overrideUserPermissions( $this->user, [ 'read', 'edit' ] );
1659 // sanity checks
1660 $this->assertEquals( [ 'read', 'edit' ], $permissionManager->getUserPermissions( $this->user ) );
1661 $this->assertFalse( $permissionManager->userHasRight( $this->user, 'move' ) );
1662
1663 $scope = $permissionManager->addTemporaryUserRights( $this->user, [ 'move', 'delete' ] );
1664 $this->assertEquals( [ 'read', 'edit', 'move', 'delete' ],
1665 $permissionManager->getUserPermissions( $this->user ) );
1666 $this->assertTrue( $permissionManager->userHasRight( $this->user, 'move' ) );
1667
1668 $scope2 = $permissionManager->addTemporaryUserRights( $this->user, [ 'delete', 'upload' ] );
1669 $this->assertEquals( [ 'read', 'edit', 'move', 'delete', 'upload' ],
1670 $permissionManager->getUserPermissions( $this->user ) );
1671
1672 ScopedCallback::consume( $scope );
1673 $this->assertEquals( [ 'read', 'edit', 'delete', 'upload' ],
1674 $permissionManager->getUserPermissions( $this->user ) );
1675 ScopedCallback::consume( $scope2 );
1676 $this->assertEquals( [ 'read', 'edit' ],
1677 $permissionManager->getUserPermissions( $this->user ) );
1678 $this->assertFalse( $permissionManager->userHasRight( $this->user, 'move' ) );
1679
1680 ( function () use ( $permissionManager ) {
1681 $scope = $permissionManager->addTemporaryUserRights( $this->user, 'move' );
1682 $this->assertTrue( $permissionManager->userHasRight( $this->user, 'move' ) );
1683 } )();
1684 $this->assertFalse( $permissionManager->userHasRight( $this->user, 'move' ) );
1685 }
1686
1687 }
Wiklou, le Wiki du Wiklou