dépôts / lhc / web / wiklou.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw (from parent 1: f2574fd)
Merge "Replace usages of deprecated User::isAllowed. Step 2."
authorjenkins-bot <jenkins-bot@gerrit.wikimedia.org>
Thu, 12 Sep 2019 12:33:03 +0000 (12:33 +0000)
committerGerrit Code Review <gerrit@wikimedia.org>
Thu, 12 Sep 2019 12:33:03 +0000 (12:33 +0000)
68 files changed:
includes/Revision/RevisionRecord.php patch | blob | history
includes/Storage/DerivedPageDataUpdater.php patch | blob | history
includes/actions/InfoAction.php patch | blob | history
includes/api/ApiResetPassword.php patch | blob | history
includes/logging/BlockLogFormatter.php patch | blob | history
includes/logging/ContentModelLogFormatter.php patch | blob | history
includes/logging/DeleteLogFormatter.php patch | blob | history
includes/logging/LogEventsList.php patch | blob | history
includes/logging/LogFormatter.php patch | blob | history
includes/logging/LogPager.php patch | blob | history
includes/logging/MergeLogFormatter.php patch | blob | history
includes/logging/MoveLogFormatter.php patch | blob | history
includes/logging/ProtectLogFormatter.php patch | blob | history
includes/mail/EmailNotification.php patch | blob | history
includes/page/Article.php patch | blob | history
includes/page/ImageHistoryList.php patch | blob | history
includes/page/ImagePage.php patch | blob | history
includes/page/WikiPage.php patch | blob | history
includes/skins/SkinTemplate.php patch | blob | history
includes/specialpage/LoginSignupSpecialPage.php patch | blob | history
includes/specialpage/SpecialPage.php patch | blob | history
includes/specials/SpecialApiSandbox.php patch | blob | history
includes/specials/SpecialAutoblockList.php patch | blob | history
includes/specials/SpecialBlock.php patch | blob | history
includes/specials/SpecialBlockList.php patch | blob | history
includes/specials/SpecialBrokenRedirects.php patch | blob | history
includes/specials/SpecialChangeContentModel.php patch | blob | history
includes/specials/SpecialChangeEmail.php patch | blob | history
includes/specials/SpecialConfirmEmail.php patch | blob | history
includes/specials/SpecialContributions.php patch | blob | history
includes/specials/SpecialCreateAccount.php patch | blob | history
includes/specials/SpecialDoubleRedirects.php patch | blob | history
includes/specials/SpecialEditTags.php patch | blob | history
includes/specials/SpecialEmailUser.php patch | blob | history
includes/specials/SpecialExpandTemplates.php patch | blob | history
includes/specials/SpecialExport.php patch | blob | history
includes/specials/SpecialImport.php patch | blob | history
includes/specials/SpecialLog.php patch | blob | history
includes/specials/SpecialMovepage.php patch | blob | history
includes/specials/SpecialPasswordReset.php patch | blob | history
includes/specials/SpecialPreferences.php patch | blob | history
includes/specials/SpecialRecentChanges.php patch | blob | history
includes/specials/SpecialRecentChangesLinked.php patch | blob | history
includes/specials/SpecialRevisionDelete.php patch | blob | history
includes/specials/SpecialTags.php patch | blob | history
includes/specials/SpecialUnblock.php patch | blob | history
includes/specials/SpecialUndelete.php patch | blob | history
includes/specials/SpecialUpload.php patch | blob | history
includes/specials/SpecialUserrights.php patch | blob | history
includes/specials/SpecialWatchlist.php patch | blob | history
includes/specials/SpecialWhatLinksHere.php patch | blob | history
includes/specials/forms/PreferencesFormOOUI.php patch | blob | history
includes/specials/forms/UploadForm.php patch | blob | history
includes/specials/pagers/ActiveUsersPager.php patch | blob | history
includes/specials/pagers/BlockListPager.php patch | blob | history
includes/specials/pagers/ContribsPager.php patch | blob | history
includes/specials/pagers/DeletedContribsPager.php patch | blob | history
includes/specials/pagers/ProtectedPagesPager.php patch | blob | history
includes/specials/pagers/UsersPager.php patch | blob | history
includes/upload/UploadBase.php patch | blob | history
includes/upload/UploadFromUrl.php patch | blob | history
includes/user/LocalIdLookup.php patch | blob | history
includes/user/PasswordReset.php patch | blob | history
includes/user/UserNamePrefixSearch.php patch | blob | history
tests/phpunit/includes/Revision/RenderedRevisionTest.php patch | blob | history
tests/phpunit/includes/user/LocalIdLookupTest.php patch | blob | history
tests/phpunit/includes/user/PasswordResetTest.php patch | blob | history
tests/phpunit/includes/user/UserGroupMembershipTest.php patch | blob | history

diff --git a/includes/Revision/RevisionRecord.php b/includes/Revision/RevisionRecord.php
index ff9ac57..759180a 100644 (file)
--- a/includes/Revision/RevisionRecord.php
+++ b/includes/Revision/RevisionRecord.php
@@ -531,8 +531,6 @@ abstract class RevisionRecord {
                                $text = $title->getPrefixedText();
                                wfDebug( "Checking for $permissionlist on $text due to $field match on $bitfield\n" );
 
-                               $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
-
                                foreach ( $permissions as $perm ) {
                                        if ( $permissionManager->userCan( $perm, $user, $title ) ) {
                                                return true;
diff --git a/includes/Storage/DerivedPageDataUpdater.php b/includes/Storage/DerivedPageDataUpdater.php
index 4903cf0..b2c003a 100644 (file)
--- a/includes/Storage/DerivedPageDataUpdater.php
+++ b/includes/Storage/DerivedPageDataUpdater.php
@@ -1531,7 +1531,9 @@ class DerivedPageDataUpdater implements IDBAccessObject, LoggerAwareInterface {
                if ( $this->options['changed']
                        && $title->getNamespace() == NS_USER_TALK
                        && $shortTitle != $legacyUser->getTitleKey()
-                       && !( $this->revision->isMinor() && $legacyUser->isAllowed( 'nominornewtalk' ) )
+                       && !( $this->revision->isMinor() && MediaWikiServices::getInstance()
+                                       ->getPermissionManager()
+                                       ->userHasRight( $legacyUser, 'nominornewtalk' ) )
                ) {
                        $recipient = User::newFromName( $shortTitle, false );
                        if ( !$recipient ) {
diff --git a/includes/actions/InfoAction.php b/includes/actions/InfoAction.php
index 207721e..9a8949f 100644 (file)
--- a/includes/actions/InfoAction.php
+++ b/includes/actions/InfoAction.php
@@ -280,11 +280,10 @@ class InfoAction extends FormlessAction {
                // Language in which the page content is (supposed to be) written
                $pageLang = $title->getPageLanguage()->getCode();
 
-               $permissionManager = $services->getPermissionManager();
-
                $pageLangHtml = $pageLang . ' - ' .
                        Language::fetchLanguageName( $pageLang, $lang->getCode() );
                // Link to Special:PageLanguage with pre-filled page title if user has permissions
+               $permissionManager = $services->getPermissionManager();
                if ( $config->get( 'PageLanguageUseDB' )
                        && $permissionManager->userCan( 'pagelang', $user, $title )
                ) {
@@ -344,8 +343,7 @@ class InfoAction extends FormlessAction {
                ];
 
                $unwatchedPageThreshold = $config->get( 'UnwatchedPageThreshold' );
-               if (
-                       $services->getPermissionManager()->userHasRight( $user, 'unwatchedpages' ) ||
+               if ( $permissionManager->userHasRight( $user, 'unwatchedpages' ) ||
                        ( $unwatchedPageThreshold !== false &&
                                $pageCounts['watchers'] >= $unwatchedPageThreshold )
                ) {
@@ -360,7 +358,7 @@ class InfoAction extends FormlessAction {
                        ) {
                                $minToDisclose = $config->get( 'UnwatchedPageSecret' );
                                if ( $pageCounts['visitingWatchers'] > $minToDisclose ||
-                                       $services->getPermissionManager()->userHasRight( $user, 'unwatchedpages' ) ) {
+                                       $permissionManager->userHasRight( $user, 'unwatchedpages' ) ) {
                                        $pageInfo['header-basic'][] = [
                                                $this->msg( 'pageinfo-visiting-watchers' ),
                                                $lang->formatNum( $pageCounts['visitingWatchers'] )
diff --git a/includes/api/ApiResetPassword.php b/includes/api/ApiResetPassword.php
index 7783826..6b1c217 100644 (file)
--- a/includes/api/ApiResetPassword.php
+++ b/includes/api/ApiResetPassword.php
@@ -21,6 +21,7 @@
  */
 
 use MediaWiki\Auth\AuthManager;
+use MediaWiki\MediaWikiServices;
 
 /**
  * Reset password, with AuthManager
@@ -63,7 +64,11 @@ class ApiResetPassword extends ApiBase {
 
                $this->requireOnlyOneParameter( $params, 'user', 'email' );
 
-               $passwordReset = new PasswordReset( $this->getConfig(), AuthManager::singleton() );
+               $passwordReset = new PasswordReset(
+                       $this->getConfig(),
+                       AuthManager::singleton(),
+                       MediaWikiServices::getInstance()->getPermissionManager()
+               );
 
                $status = $passwordReset->isAllowed( $this->getUser() );
                if ( !$status->isOK() ) {
diff --git a/includes/logging/BlockLogFormatter.php b/includes/logging/BlockLogFormatter.php
index d27643c..d49e3c5 100644 (file)
--- a/includes/logging/BlockLogFormatter.php
+++ b/includes/logging/BlockLogFormatter.php
@@ -22,6 +22,8 @@
  * @since 1.25
  */
 
+use MediaWiki\MediaWikiServices;
+
 /**
  * This class formats block log entries.
  *
@@ -138,7 +140,9 @@ class BlockLogFormatter extends LogFormatter {
                $linkRenderer = $this->getLinkRenderer();
                if ( $this->entry->isDeleted( LogPage::DELETED_ACTION ) // Action is hidden
                        || !( $subtype === 'block' || $subtype === 'reblock' )
-                       || !$this->context->getUser()->isAllowed( 'block' )
+                       || !MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $this->context->getUser(), 'block' )
                ) {
                        return '';
                }
diff --git a/includes/logging/ContentModelLogFormatter.php b/includes/logging/ContentModelLogFormatter.php
index e05357c..23c582c 100644 (file)
--- a/includes/logging/ContentModelLogFormatter.php
+++ b/includes/logging/ContentModelLogFormatter.php
@@ -1,5 +1,7 @@
 <?php
 
+use MediaWiki\MediaWikiServices;
+
 class ContentModelLogFormatter extends LogFormatter {
        protected function getMessageParameters() {
                $lang = $this->context->getLanguage();
@@ -12,7 +14,9 @@ class ContentModelLogFormatter extends LogFormatter {
        public function getActionLinks() {
                if ( $this->entry->isDeleted( LogPage::DELETED_ACTION ) // Action is hidden
                        || $this->entry->getSubtype() !== 'change'
-                       || !$this->context->getUser()->isAllowed( 'editcontentmodel' )
+                       || !MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $this->context->getUser(), 'editcontentmodel' )
                ) {
                        return '';
                }
diff --git a/includes/logging/DeleteLogFormatter.php b/includes/logging/DeleteLogFormatter.php
index 3bc19ff..0abb6f6 100644 (file)
--- a/includes/logging/DeleteLogFormatter.php
+++ b/includes/logging/DeleteLogFormatter.php
@@ -23,6 +23,7 @@
  * @since 1.22
  */
 
+use MediaWiki\MediaWikiServices;
 use MediaWiki\Storage\RevisionRecord;
 
 /**
@@ -136,7 +137,8 @@ class DeleteLogFormatter extends LogFormatter {
        public function getActionLinks() {
                $user = $this->context->getUser();
                $linkRenderer = $this->getLinkRenderer();
-               if ( !$user->isAllowed( 'deletedhistory' )
+               $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
+               if ( !$permissionManager->userHasRight( $user, 'deletedhistory' )
                        || $this->entry->isDeleted( LogPage::DELETED_ACTION )
                ) {
                        return '';
@@ -145,7 +147,7 @@ class DeleteLogFormatter extends LogFormatter {
                switch ( $this->entry->getSubtype() ) {
                        case 'delete': // Show undelete link
                        case 'delete_redir':
-                               if ( $user->isAllowed( 'undelete' ) ) {
+                               if ( $permissionManager->userHasRight( $user, 'undelete' ) ) {
                                        $message = 'undeletelink';
                                } else {
                                        $message = 'undeleteviewlink';
diff --git a/includes/logging/LogEventsList.php b/includes/logging/LogEventsList.php
index 6791503..2e7f065 100644 (file)
--- a/includes/logging/LogEventsList.php
+++ b/includes/logging/LogEventsList.php
@@ -233,7 +233,10 @@ class LogEventsList extends ContextSource {
                foreach ( LogPage::validTypes() as $type ) {
                        $page = new LogPage( $type );
                        $restriction = $page->getRestriction();
-                       if ( $this->getUser()->isAllowed( $restriction ) ) {
+                       if ( MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $this->getUser(), $restriction )
+                       ) {
                                $typesByName[$type] = $page->getName()->text();
                        }
                }
@@ -450,11 +453,12 @@ class LogEventsList extends ContextSource {
                }
 
                $del = '';
+               $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
                // Don't show useless checkbox to people who cannot hide log entries
-               if ( $user->isAllowed( 'deletedhistory' ) ) {
-                       $canHide = $user->isAllowed( 'deletelogentry' );
-                       $canViewSuppressedOnly = $user->isAllowed( 'viewsuppressed' ) &&
-                               !$user->isAllowed( 'suppressrevision' );
+               if ( $permissionManager->userHasRight( $user, 'deletedhistory' ) ) {
+                       $canHide = $permissionManager->userHasRight( $user, 'deletelogentry' );
+                       $canViewSuppressedOnly = $permissionManager->userHasRight( $user, 'viewsuppressed' ) &&
+                               !$permissionManager->userHasRight( $user, 'suppressrevision' );
                        $entryIsSuppressed = self::isDeleted( $row, LogPage::DELETED_RESTRICTED );
                        $canViewThisSuppressedEntry = $canViewSuppressedOnly && $entryIsSuppressed;
                        if ( $row->log_deleted || $canHide ) {
@@ -508,7 +512,9 @@ class LogEventsList extends ContextSource {
                                in_array( $row->log_action, $action ) : $row->log_action == $action;
                        if ( $match && $right ) {
                                global $wgUser;
-                               $match = $wgUser->isAllowed( $right );
+                               $match = MediaWikiServices::getInstance()
+                                       ->getPermissionManager()
+                                       ->userHasRight( $wgUser, $right );
                        }
                }
 
@@ -572,7 +578,10 @@ class LogEventsList extends ContextSource {
                        $user = $wgUser;
                }
                $logRestrictions = MediaWikiServices::getInstance()->getMainConfig()->get( 'LogRestrictions' );
-               if ( isset( $logRestrictions[$type] ) && !$user->isAllowed( $logRestrictions[$type] ) ) {
+               if ( isset( $logRestrictions[$type] ) && !MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $user, $logRestrictions[$type] )
+               ) {
                        return false;
                }
                return true;
@@ -783,7 +792,10 @@ class LogEventsList extends ContextSource {
 
                // Don't show private logs to unprivileged users
                foreach ( $wgLogRestrictions as $logType => $right ) {
-                       if ( $audience == 'public' || !$user->isAllowed( $right ) ) {
+                       if ( $audience == 'public' || !MediaWikiServices::getInstance()
+                                       ->getPermissionManager()
+                                       ->userHasRight( $user, $right )
+                       ) {
                                $hiddenLogs[] = $logType;
                        }
                }
diff --git a/includes/logging/LogFormatter.php b/includes/logging/LogFormatter.php
index 9e63ffe..b4a6825 100644 (file)
--- a/includes/logging/LogFormatter.php
+++ b/includes/logging/LogFormatter.php
@@ -163,7 +163,9 @@ class LogFormatter {
                $logRestrictions = $this->context->getConfig()->get( 'LogRestrictions' );
                $type = $this->entry->getType();
                return !isset( $logRestrictions[$type] )
-                       || $this->context->getUser()->isAllowed( $logRestrictions[$type] );
+                       || MediaWikiServices::getInstance()
+                                  ->getPermissionManager()
+                                  ->userHasRight( $this->context->getUser(), $logRestrictions[$type] );
        }
 
        /**
diff --git a/includes/logging/LogPager.php b/includes/logging/LogPager.php
index 3871047..47aed56 100644 (file)
--- a/includes/logging/LogPager.php
+++ b/includes/logging/LogPager.php
@@ -146,7 +146,9 @@ class LogPager extends ReverseChronologicalPager {
                $needReindex = false;
                foreach ( $types as $type ) {
                        if ( isset( $wgLogRestrictions[$type] )
-                               && !$user->isAllowed( $wgLogRestrictions[$type] )
+                               && !MediaWikiServices::getInstance()
+                                       ->getPermissionManager()
+                                       ->userHasRight( $user, $wgLogRestrictions[$type] )
                        ) {
                                $needReindex = true;
                                $types = array_diff( $types, [ $type ] );
@@ -462,12 +464,10 @@ class LogPager extends ReverseChronologicalPager {
                }
                $this->actionRestrictionsEnforced = true;
                $user = $this->getUser();
-               if ( !$user->isAllowed( 'deletedhistory' ) ) {
+               $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
+               if ( !$permissionManager->userHasRight( $user, 'deletedhistory' ) ) {
                        $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_ACTION ) . ' = 0';
-               } elseif ( !MediaWikiServices::getInstance()
-                       ->getPermissionManager()
-                       ->userHasAnyRight( $user, 'suppressrevision', 'viewsuppressed' )
-               ) {
+               } elseif ( !$permissionManager->userHasAnyRight( $user, 'suppressrevision', 'viewsuppressed' ) ) {
                        $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_ACTION ) .
                                ' != ' . LogPage::SUPPRESSED_USER;
                }
@@ -483,12 +483,10 @@ class LogPager extends ReverseChronologicalPager {
                }
                $this->performerRestrictionsEnforced = true;
                $user = $this->getUser();
-               if ( !$user->isAllowed( 'deletedhistory' ) ) {
+               $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
+               if ( !$permissionManager->userHasRight( $user, 'deletedhistory' ) ) {
                        $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_USER ) . ' = 0';
-               } elseif ( !MediaWikiServices::getInstance()
-                       ->getPermissionManager()
-                       ->userHasAnyRight( $user, 'suppressrevision', 'viewsuppressed' )
-               ) {
+               } elseif ( !$permissionManager->userHasAnyRight( $user, 'suppressrevision', 'viewsuppressed' ) ) {
                        $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_USER ) .
                                ' != ' . LogPage::SUPPRESSED_ACTION;
                }
diff --git a/includes/logging/MergeLogFormatter.php b/includes/logging/MergeLogFormatter.php
index 7a6fb9d..925c976 100644 (file)
--- a/includes/logging/MergeLogFormatter.php
+++ b/includes/logging/MergeLogFormatter.php
@@ -22,6 +22,8 @@
  * @since 1.25
  */
 
+use MediaWiki\MediaWikiServices;
+
 /**
  * This class formats merge log entries.
  *
@@ -47,7 +49,9 @@ class MergeLogFormatter extends LogFormatter {
 
        public function getActionLinks() {
                if ( $this->entry->isDeleted( LogPage::DELETED_ACTION ) // Action is hidden
-                       || !$this->context->getUser()->isAllowed( 'mergehistory' )
+                       || !MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $this->context->getUser(), 'mergehistory' )
                ) {
                        return '';
                }
diff --git a/includes/logging/MoveLogFormatter.php b/includes/logging/MoveLogFormatter.php
index 637a8e7..6797f98 100644 (file)
--- a/includes/logging/MoveLogFormatter.php
+++ b/includes/logging/MoveLogFormatter.php
@@ -23,6 +23,8 @@
  * @since 1.22
  */
 
+use MediaWiki\MediaWikiServices;
+
 /**
  * This class formats move log entries.
  *
@@ -60,7 +62,9 @@ class MoveLogFormatter extends LogFormatter {
        public function getActionLinks() {
                if ( $this->entry->isDeleted( LogPage::DELETED_ACTION ) // Action is hidden
                        || $this->entry->getSubtype() !== 'move'
-                       || !$this->context->getUser()->isAllowed( 'move' )
+                       || !MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $this->context->getUser(), 'move' )
                ) {
                        return '';
                }
diff --git a/includes/logging/ProtectLogFormatter.php b/includes/logging/ProtectLogFormatter.php
index ba02457..6e3b26b 100644 (file)
--- a/includes/logging/ProtectLogFormatter.php
+++ b/includes/logging/ProtectLogFormatter.php
@@ -101,7 +101,10 @@ class ProtectLogFormatter extends LogFormatter {
                ];
 
                // Show change protection link
-               if ( $this->context->getUser()->isAllowed( 'protect' ) ) {
+               if ( !MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $this->context->getUser(), 'protect' )
+               ) {
                        $links[] = $linkRenderer->makeKnownLink(
                                $title,
                                $this->msg( 'protect_change' )->text(),
diff --git a/includes/mail/EmailNotification.php b/includes/mail/EmailNotification.php
index cba68ef..4d176fb 100644 (file)
--- a/includes/mail/EmailNotification.php
+++ b/includes/mail/EmailNotification.php
@@ -129,7 +129,10 @@ class EmailNotification {
                if ( $watchers === [] && !count( $wgUsersNotifiedOnAllChanges ) ) {
                        $sendEmail = false;
                        // Only send notification for non minor edits, unless $wgEnotifMinorEdits
-                       if ( !$minorEdit || ( $wgEnotifMinorEdits && !$editor->isAllowed( 'nominornewtalk' ) ) ) {
+                       if ( !$minorEdit || ( $wgEnotifMinorEdits && !MediaWikiServices::getInstance()
+                                               ->getPermissionManager()
+                                               ->userHasRight( $editor, 'nominornewtalk' ) )
+                       ) {
                                $isUserTalkPage = ( $title->getNamespace() == NS_USER_TALK );
                                if ( $wgEnotifUserTalk
                                        && $isUserTalkPage
@@ -214,7 +217,10 @@ class EmailNotification {
 
                $userTalkId = false;
 
-               if ( !$minorEdit || ( $wgEnotifMinorEdits && !$editor->isAllowed( 'nominornewtalk' ) ) ) {
+               if ( !$minorEdit || ( $wgEnotifMinorEdits && !MediaWikiServices::getInstance()
+                                  ->getPermissionManager()
+                                  ->userHasRight( $editor, 'nominornewtalk' ) )
+               ) {
                        if ( $wgEnotifUserTalk
                                && $isUserTalkPage
                                && $this->canSendUserTalkEmail( $editor, $title, $minorEdit )
diff --git a/includes/page/Article.php b/includes/page/Article.php
index 1c2e782..4bede96 100644 (file)
--- a/includes/page/Article.php
+++ b/includes/page/Article.php
@@ -1310,7 +1310,10 @@ class Article implements Page {
                }
 
                $outputPage->preventClickjacking();
-               if ( $user->isAllowed( 'writeapi' ) ) {
+               if ( MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $user, 'writeapi' )
+               ) {
                        $outputPage->addModules( 'mediawiki.page.patrol.ajax' );
                }
 
@@ -1827,7 +1830,10 @@ class Article implements Page {
                        [ 'delete', $this->getTitle()->getPrefixedText() ] )
                ) {
                        # Flag to hide all contents of the archived revisions
-                       $suppress = $request->getCheck( 'wpSuppress' ) && $user->isAllowed( 'suppressrevision' );
+
+                       $suppress = $request->getCheck( 'wpSuppress' ) && MediaWikiServices::getInstance()
+                                       ->getPermissionManager()
+                                       ->userHasRight( $user, 'suppressrevision' );
 
                        $this->doDelete( $reason, $suppress );
 
@@ -1986,8 +1992,8 @@ class Article implements Page {
                                ]
                        );
                }
-
-               if ( $user->isAllowed( 'suppressrevision' ) ) {
+               $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
+               if ( $permissionManager->userHasRight( $user, 'suppressrevision' ) ) {
                        $fields[] = new OOUI\FieldLayout(
                                new OOUI\CheckboxInputWidget( [
                                        'name' => 'wpSuppress',
@@ -2045,7 +2051,7 @@ class Article implements Page {
                        ] )
                );
 
-               if ( $user->isAllowed( 'editinterface' ) ) {
+               if ( $permissionManager->userHasRight( $user, 'editinterface' ) ) {
                        $link = Linker::linkKnown(
                                $ctx->msg( 'deletereason-dropdown' )->inContentLanguage()->getTitle(),
                                wfMessage( 'delete-edit-reasonlist' )->escaped(),
diff --git a/includes/page/ImageHistoryList.php b/includes/page/ImageHistoryList.php
index 9edaccc..cf2497f 100644 (file)
--- a/includes/page/ImageHistoryList.php
+++ b/includes/page/ImageHistoryList.php
@@ -130,11 +130,10 @@ class ImageHistoryList extends ContextSource {
                $row = $selected = '';
 
                // Deletion link
-               if ( $local && ( $pm->userHasAnyRight( $user, 'delete', 'deletedhistory' ) )
-               ) {
+               if ( $local && ( $pm->userHasAnyRight( $user, 'delete', 'deletedhistory' ) ) ) {
                        $row .= '<td>';
                        # Link to remove from history
-                       if ( $user->isAllowed( 'delete' ) ) {
+                       if ( $pm->userHasRight( $user, 'delete' ) ) {
                                $q = [ 'action' => 'delete' ];
                                if ( !$iscur ) {
                                        $q['oldimage'] = $img;
@@ -146,9 +145,10 @@ class ImageHistoryList extends ContextSource {
                                );
                        }
                        # Link to hide content. Don't show useless link to people who cannot hide revisions.
-                       $canHide = $user->isAllowed( 'deleterevision' );
-                       if ( $canHide || ( $user->isAllowed( 'deletedhistory' ) && $file->getVisibility() ) ) {
-                               if ( $user->isAllowed( 'delete' ) ) {
+                       $canHide = $pm->userHasRight( $user, 'deleterevision' );
+                       if ( $canHide || ( $pm->userHasRight( $user, 'deletedhistory' )
+                                       && $file->getVisibility() ) ) {
+                               if ( $pm->userHasRight( $user, 'delete' ) ) {
                                        $row .= '<br />';
                                }
                                // If file is top revision or locked from this user, don't link
diff --git a/includes/page/ImagePage.php b/includes/page/ImagePage.php
index 653e443..bb15532 100644 (file)
--- a/includes/page/ImagePage.php
+++ b/includes/page/ImagePage.php
@@ -603,7 +603,10 @@ EOT
                                );
                        }
 
-                       if ( $wgEnableUploads && $user->isAllowed( 'upload' ) ) {
+                       if ( $wgEnableUploads && MediaWikiServices::getInstance()
+                                       ->getPermissionManager()
+                                       ->userHasRight( $user, 'upload' )
+                       ) {
                                // Only show an upload link if the user can upload
                                $uploadTitle = SpecialPage::getTitleFor( 'Upload' );
                                $nofile = [
diff --git a/includes/page/WikiPage.php b/includes/page/WikiPage.php
index bad75da..f0a656d 100644 (file)
--- a/includes/page/WikiPage.php
+++ b/includes/page/WikiPage.php
@@ -1896,7 +1896,8 @@ class WikiPage implements Page, IDBAccessObject {
                // TODO: this check is here for backwards-compatibility with 1.31 behavior.
                // Checking the minoredit right should be done in the same place the 'bot' right is
                // checked for the EDIT_FORCE_BOT flag, which is currently in EditPage::attemptSave.
-               if ( ( $flags & EDIT_MINOR ) && !$user->isAllowed( 'minoredit' ) ) {
+               $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
+               if ( ( $flags & EDIT_MINOR ) && !$permissionManager->userHasRight( $user, 'minoredit' ) ) {
                        $flags = ( $flags & ~EDIT_MINOR );
                }
 
@@ -1916,7 +1917,6 @@ class WikiPage implements Page, IDBAccessObject {
                // TODO: this logic should not be in the storage layer, it's here for compatibility
                // with 1.31 behavior. Applying the 'autopatrol' right should be done in the same
                // place the 'bot' right is handled, which is currently in EditPage::attemptSave.
-               $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
 
                if ( $needsPatrol && $permissionManager->userCan(
                        'autopatrol', $user, $this->getTitle()
@@ -3249,14 +3249,12 @@ class WikiPage implements Page, IDBAccessObject {
                // Save
                $flags = EDIT_UPDATE | EDIT_INTERNAL;
 
-               if ( $guser->isAllowed( 'minoredit' ) ) {
+               $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
+               if ( $permissionManager->userHasRight( $guser, 'minoredit' ) ) {
                        $flags |= EDIT_MINOR;
                }
 
-               if ( $bot && ( MediaWikiServices::getInstance()
-                               ->getPermissionManager()
-                               ->userHasAnyRight( $guser, 'markbotedits', 'bot' ) )
-               ) {
+               if ( $bot && ( $permissionManager->userHasAnyRight( $guser, 'markbotedits', 'bot' ) ) ) {
                        $flags |= EDIT_FORCE_BOT;
                }
 
@@ -3291,7 +3289,6 @@ class WikiPage implements Page, IDBAccessObject {
                // TODO: this logic should not be in the storage layer, it's here for compatibility
                // with 1.31 behavior. Applying the 'autopatrol' right should be done in the same
                // place the 'bot' right is handled, which is currently in EditPage::attemptSave.
-               $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
 
                if ( $wgUseRCPatrol && $permissionManager->userCan(
                        'autopatrol', $guser, $this->getTitle()
@@ -3308,7 +3305,7 @@ class WikiPage implements Page, IDBAccessObject {
                // Set patrolling and bot flag on the edits, which gets rollbacked.
                // This is done even on edit failure to have patrolling in that case (T64157).
                $set = [];
-               if ( $bot && $guser->isAllowed( 'markbotedits' ) ) {
+               if ( $bot && $permissionManager->userHasRight( $guser, 'markbotedits' ) ) {
                        // Mark all reverted edits as bot
                        $set['rc_bot'] = 1;
                }
diff --git a/includes/skins/SkinTemplate.php b/includes/skins/SkinTemplate.php
index 70df73b..327061c 100644 (file)
--- a/includes/skins/SkinTemplate.php
+++ b/includes/skins/SkinTemplate.php
@@ -595,7 +595,7 @@ class SkinTemplate extends Skin {
                # $this->getTitle() will just give Special:Badtitle, which is
                # not especially useful as a returnto parameter. Use the title
                # from the request instead, if there was one.
-               if ( $this->getUser()->isAllowed( 'read' ) ) {
+               if ( $permissionManager->userHasRight( $this->getUser(), 'read' ) ) {
                        $page = $this->getTitle();
                } else {
                        $page = Title::newFromText( $request->getVal( 'title', '' ) );
@@ -636,7 +636,7 @@ class SkinTemplate extends Skin {
                                'active' => ( $href == $pageurl )
                        ];
 
-                       if ( $this->getUser()->isAllowed( 'viewmywatchlist' ) ) {
+                       if ( $permissionManager->userHasRight( $this->getUser(), 'viewmywatchlist' ) ) {
                                $href = self::makeSpecialUrl( 'Watchlist' );
                                $personal_urls['watchlist'] = [
                                        'text' => $this->msg( 'mywatchlist' )->text(),
@@ -689,9 +689,8 @@ class SkinTemplate extends Skin {
                                $useCombinedLoginLink = false;
                        }
 
-                       $loginlink = $this->getUser()->isAllowed( 'createaccount' ) && $useCombinedLoginLink
-                               ? 'nav-login-createaccount'
-                               : 'pt-login';
+                       $loginlink = $permissionManager->userHasRight( $this->getUser(), 'createaccount' )
+                                                && $useCombinedLoginLink ? 'nav-login-createaccount' : 'pt-login';
 
                        $login_url = [
                                'text' => $this->msg( $loginlink )->text(),
@@ -727,7 +726,7 @@ class SkinTemplate extends Skin {
 
                        if (
                                $authManager->canCreateAccounts()
-                               && $this->getUser()->isAllowed( 'createaccount' )
+                               && $permissionManager->userHasRight( $this->getUser(), 'createaccount' )
                                && !$useCombinedLoginLink
                        ) {
                                $personal_urls['createaccount'] = $createaccount_url;
@@ -1074,8 +1073,7 @@ class SkinTemplate extends Skin {
 
                                if ( $permissionManager->quickUserCan( 'protect', $user, $title ) &&
                                         $title->getRestrictionTypes() &&
-                                        $permissionManager->getNamespaceRestrictionLevels( $title->getNamespace(),
-                                                $user ) !== [ '' ]
+                                        $permissionManager->getNamespaceRestrictionLevels( $title->getNamespace(), $user ) !== [ '' ]
                                ) {
                                        $mode = $title->isProtected() ? 'unprotect' : 'protect';
                                        $content_navigation['actions'][$mode] = [
@@ -1345,7 +1343,10 @@ class SkinTemplate extends Skin {
                                'href' => self::makeSpecialUrlSubpage( 'Log', $rootUser )
                        ];
 
-                       if ( $this->getUser()->isAllowed( 'block' ) ) {
+                       if ( MediawikiServices::getInstance()
+                                       ->getPermissionManager()
+                                       ->userHasRight( $this->getUser(), 'block' )
+                       ) {
                                $nav_urls['blockip'] = [
                                        'text' => $this->msg( 'blockip', $rootUser )->text(),
                                        'href' => self::makeSpecialUrlSubpage( 'Block', $rootUser )
diff --git a/includes/specialpage/LoginSignupSpecialPage.php b/includes/specialpage/LoginSignupSpecialPage.php
index e5a28d9..94be852 100644 (file)
--- a/includes/specialpage/LoginSignupSpecialPage.php
+++ b/includes/specialpage/LoginSignupSpecialPage.php
@@ -975,7 +975,11 @@ abstract class LoginSignupSpecialPage extends AuthManagerSpecialPage {
                        }
                }
                if ( !$this->isSignup() && $this->showExtraInformation() ) {
-                       $passwordReset = new PasswordReset( $this->getConfig(), AuthManager::singleton() );
+                       $passwordReset = new PasswordReset(
+                               $this->getConfig(),
+                               AuthManager::singleton(),
+                               MediaWikiServices::getInstance()->getPermissionManager()
+                       );
                        if ( $passwordReset->isAllowed( $this->getUser() )->isGood() ) {
                                $fieldDefinitions['passwordReset'] = [
                                        'type' => 'info',
@@ -1072,7 +1076,10 @@ abstract class LoginSignupSpecialPage extends AuthManagerSpecialPage {
        private function showCreateAccountLink() {
                if ( $this->isSignup() ) {
                        return true;
-               } elseif ( $this->getUser()->isAllowed( 'createaccount' ) ) {
+               } elseif ( MediaWikiServices::getInstance()
+                                       ->getPermissionManager()
+                                       ->userHasRight( $this->getUser(), 'createaccount' )
+               ) {
                        return true;
                } else {
                        return false;
diff --git a/includes/specialpage/SpecialPage.php b/includes/specialpage/SpecialPage.php
index 7d33035..ba8e318 100644 (file)
--- a/includes/specialpage/SpecialPage.php
+++ b/includes/specialpage/SpecialPage.php
@@ -292,7 +292,9 @@ class SpecialPage implements MessageLocalizer {
         * @return bool Does the user have permission to view the page?
         */
        public function userCanExecute( User $user ) {
-               return $user->isAllowed( $this->mRestriction );
+               return MediaWikiServices::getInstance()
+                       ->getPermissionManager()
+                       ->userHasRight( $user, $this->mRestriction );
        }
 
        /**
diff --git a/includes/specials/SpecialApiSandbox.php b/includes/specials/SpecialApiSandbox.php
index 9e49684..f4a33c8 100644 (file)
--- a/includes/specials/SpecialApiSandbox.php
+++ b/includes/specials/SpecialApiSandbox.php
@@ -21,6 +21,8 @@
  * @ingroup SpecialPage
  */
 
+use MediaWiki\MediaWikiServices;
+
 /**
  * @ingroup SpecialPage
  * @since 1.27
@@ -35,7 +37,10 @@ class SpecialApiSandbox extends SpecialPage {
                $out = $this->getOutput();
                $this->addHelpLink( 'Help:ApiSandbox' );
 
-               $out->addJsConfigVars( 'apihighlimits', $this->getUser()->isAllowed( 'apihighlimits' ) );
+               $out->addJsConfigVars( 'apihighlimits', MediaWikiServices::getInstance()
+                       ->getPermissionManager()
+                       ->userHasRight( $this->getUser(), 'apihighlimits' )
+               );
                $out->addModuleStyles( [
                        'mediawiki.special',
                        'mediawiki.hlist',
diff --git a/includes/specials/SpecialAutoblockList.php b/includes/specials/SpecialAutoblockList.php
index 34c3371..3f98e93 100644 (file)
--- a/includes/specials/SpecialAutoblockList.php
+++ b/includes/specials/SpecialAutoblockList.php
@@ -21,6 +21,8 @@
  * @ingroup SpecialPage
  */
 
+use MediaWiki\MediaWikiServices;
+
 /**
  * A special page that lists autoblocks
  *
@@ -81,7 +83,10 @@ class SpecialAutoblockList extends SpecialPage {
                        'ipb_parent_block_id IS NOT NULL'
                ];
                # Is the user allowed to see hidden blocks?
-               if ( !$this->getUser()->isAllowed( 'hideuser' ) ) {
+               if ( !MediaWikiServices::getInstance()
+                       ->getPermissionManager()
+                       ->userHasRight( $this->getUser(), 'hideuser' )
+               ) {
                        $conds['ipb_deleted'] = 0;
                }
 
diff --git a/includes/specials/SpecialBlock.php b/includes/specials/SpecialBlock.php
index 07214af..1b0db73 100644 (file)
--- a/includes/specials/SpecialBlock.php
+++ b/includes/specials/SpecialBlock.php
@@ -25,6 +25,7 @@ use MediaWiki\Block\DatabaseBlock;
 use MediaWiki\Block\Restriction\PageRestriction;
 use MediaWiki\Block\Restriction\NamespaceRestriction;
 use MediaWiki\MediaWikiServices;
+use MediaWiki\User\UserIdentity;
 
 /**
  * A special page that allows users with 'block' right to block users from
@@ -269,7 +270,10 @@ class SpecialBlock extends FormSpecialPage {
                ];
 
                # Allow some users to hide name from block log, blocklist and listusers
-               if ( $user->isAllowed( 'hideuser' ) ) {
+               if ( MediaWikiServices::getInstance()
+                       ->getPermissionManager()
+                       ->userHasRight( $user, 'hideuser' )
+               ) {
                        $a['HideUser'] = [
                                'type' => 'check',
                                'label-message' => 'ipbhidename',
@@ -363,7 +367,10 @@ class SpecialBlock extends FormSpecialPage {
 
                        // If the username was hidden (ipb_deleted == 1), don't show the reason
                        // unless this user also has rights to hideuser: T37839
-                       if ( !$block->getHideName() || $this->getUser()->isAllowed( 'hideuser' ) ) {
+                       if ( !$block->getHideName() || MediaWikiServices::getInstance()
+                                       ->getPermissionManager()
+                                       ->userHasRight( $this->getUser(), 'hideuser' )
+                       ) {
                                $fields['Reason']['default'] = $block->getReason();
                        } else {
                                $fields['Reason']['default'] = '';
@@ -545,7 +552,8 @@ class SpecialBlock extends FormSpecialPage {
                $user = $this->getUser();
 
                # Link to edit the block dropdown reasons, if applicable
-               if ( $user->isAllowed( 'editinterface' ) ) {
+               $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
+               if ( $permissionManager->userHasRight( $user, 'editinterface' ) ) {
                        $links[] = $linkRenderer->makeKnownLink(
                                $this->msg( 'ipbreason-dropdown' )->inContentLanguage()->getTitle(),
                                $this->msg( 'ipb-edit-dropdown' )->text(),
@@ -579,7 +587,7 @@ class SpecialBlock extends FormSpecialPage {
                        $text .= $out;
 
                        # Add suppression block entries if allowed
-                       if ( $user->isAllowed( 'suppressionlog' ) ) {
+                       if ( $permissionManager->userHasRight( $user, 'suppressionlog' ) ) {
                                LogEventsList::showLogExtract(
                                        $out,
                                        'suppress',
@@ -828,7 +836,10 @@ class SpecialBlock extends FormSpecialPage {
                }
 
                if ( $data['HideUser'] ) {
-                       if ( !$performer->isAllowed( 'hideuser' ) ) {
+                       if ( !MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $performer, 'hideuser' )
+                       ) {
                                # this codepath is unreachable except by a malicious user spoofing forms,
                                # or by race conditions (user has hideuser and block rights, loads block form,
                                # and loses hideuser rights before submission); so need to fail completely
@@ -938,7 +949,10 @@ class SpecialBlock extends FormSpecialPage {
                                }
                                # If the name was hidden and the blocking user cannot hide
                                # names, then don't allow any block changes...
-                               if ( $currentBlock->getHideName() && !$performer->isAllowed( 'hideuser' ) ) {
+                               if ( $currentBlock->getHideName() && !MediaWikiServices::getInstance()
+                                               ->getPermissionManager()
+                                               ->userHasRight( $performer, 'hideuser' )
+                               ) {
                                        return [ 'cant-see-hidden-user' ];
                                }
 
@@ -1106,13 +1120,15 @@ class SpecialBlock extends FormSpecialPage {
 
        /**
         * Can we do an email block?
-        * @param User $user The sysop wanting to make a block
+        * @param UserIdentity $user The sysop wanting to make a block
         * @return bool
         */
-       public static function canBlockEmail( $user ) {
+       public static function canBlockEmail( UserIdentity $user ) {
                global $wgEnableUserEmail, $wgSysopEmailBans;
 
-               return ( $wgEnableUserEmail && $wgSysopEmailBans && $user->isAllowed( 'blockemail' ) );
+               return ( $wgEnableUserEmail && $wgSysopEmailBans && MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $user, 'blockemail' ) );
        }
 
        /**
@@ -1138,7 +1154,10 @@ class SpecialBlock extends FormSpecialPage {
                if ( $performer->getBlock() ) {
                        if ( $target instanceof User && $target->getId() == $performer->getId() ) {
                                # User is trying to unblock themselves
-                               if ( $performer->isAllowed( 'unblockself' ) ) {
+                               if ( MediaWikiServices::getInstance()
+                                       ->getPermissionManager()
+                                       ->userHasRight( $performer, 'unblockself' )
+                               ) {
                                        return true;
                                        # User blocked themselves and is now trying to reverse it
                                } elseif ( $performer->blockedBy() === $performer->getName() ) {
diff --git a/includes/specials/SpecialBlockList.php b/includes/specials/SpecialBlockList.php
index 6385359..2dd682f 100644 (file)
--- a/includes/specials/SpecialBlockList.php
+++ b/includes/specials/SpecialBlockList.php
@@ -22,6 +22,7 @@
  */
 
 use MediaWiki\Block\DatabaseBlock;
+use MediaWiki\MediaWikiServices;
 
 /**
  * A special page that lists existing blocks
@@ -139,7 +140,10 @@ class SpecialBlockList extends SpecialPage {
                $conds = [];
                $db = $this->getDB();
                # Is the user allowed to see hidden blocks?
-               if ( !$this->getUser()->isAllowed( 'hideuser' ) ) {
+               if ( !MediaWikiServices::getInstance()
+                       ->getPermissionManager()
+                       ->userHasRight( $this->getUser(), 'hideuser' )
+               ) {
                        $conds['ipb_deleted'] = 0;
                }
 
diff --git a/includes/specials/SpecialBrokenRedirects.php b/includes/specials/SpecialBrokenRedirects.php
index 9431cef..392b4e9 100644 (file)
--- a/includes/specials/SpecialBrokenRedirects.php
+++ b/includes/specials/SpecialBrokenRedirects.php
@@ -21,6 +21,7 @@
  * @ingroup SpecialPage
  */
 
+use MediaWiki\MediaWikiServices;
 use Wikimedia\Rdbms\IResultWrapper;
 use Wikimedia\Rdbms\IDatabase;
 
@@ -114,6 +115,8 @@ class SpecialBrokenRedirects extends QueryPage {
                }
 
                $linkRenderer = $this->getLinkRenderer();
+               $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
+
                // $toObj may very easily be false if the $result list is cached
                if ( !is_object( $toObj ) ) {
                        return '<del>' . $linkRenderer->makeLink( $fromObj ) . '</del>';
@@ -129,7 +132,7 @@ class SpecialBrokenRedirects extends QueryPage {
                // if the page is editable, add an edit link
                if (
                        // check user permissions
-                       $this->getUser()->isAllowed( 'edit' ) &&
+                       $permissionManager->userHasRight( $this->getUser(), 'edit' ) &&
                        // check, if the content model is editable through action=edit
                        ContentHandler::getForTitle( $fromObj )->supportsDirectEditing()
                ) {
@@ -145,7 +148,7 @@ class SpecialBrokenRedirects extends QueryPage {
 
                $out = $from . $this->msg( 'word-separator' )->escaped();
 
-               if ( $this->getUser()->isAllowed( 'delete' ) ) {
+               if ( $permissionManager->userHasRight( $this->getUser(), 'delete' ) ) {
                        $links[] = $linkRenderer->makeKnownLink(
                                $fromObj,
                                $this->msg( 'brokenredirects-delete' )->text(),
diff --git a/includes/specials/SpecialChangeContentModel.php b/includes/specials/SpecialChangeContentModel.php
index 01f7e56..46fa17e 100644 (file)
--- a/includes/specials/SpecialChangeContentModel.php
+++ b/includes/specials/SpecialChangeContentModel.php
@@ -1,5 +1,7 @@
 <?php
 
+use MediaWiki\MediaWikiServices;
+
 class SpecialChangeContentModel extends FormSpecialPage {
 
        public function __construct() {
@@ -226,7 +228,10 @@ class SpecialChangeContentModel extends FormSpecialPage {
 
                $flags = $this->oldRevision ? EDIT_UPDATE : EDIT_NEW;
                $flags |= EDIT_INTERNAL;
-               if ( $user->isAllowed( 'bot' ) ) {
+               if ( MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $user, 'bot' )
+               ) {
                        $flags |= EDIT_FORCE_BOT;
                }
 
diff --git a/includes/specials/SpecialChangeEmail.php b/includes/specials/SpecialChangeEmail.php
index c95aa1b..7331cd7 100644 (file)
--- a/includes/specials/SpecialChangeEmail.php
+++ b/includes/specials/SpecialChangeEmail.php
@@ -23,6 +23,7 @@
 
 use MediaWiki\Auth\AuthManager;
 use MediaWiki\Logger\LoggerFactory;
+use MediaWiki\MediaWikiServices;
 
 /**
  * Let users change their email address.
@@ -74,7 +75,10 @@ class SpecialChangeEmail extends FormSpecialPage {
 
                // This could also let someone check the current email address, so
                // require both permissions.
-               if ( !$this->getUser()->isAllowed( 'viewmyprivateinfo' ) ) {
+               if ( !MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $this->getUser(), 'viewmyprivateinfo' )
+               ) {
                        throw new PermissionsError( 'viewmyprivateinfo' );
                }
 
diff --git a/includes/specials/SpecialConfirmEmail.php b/includes/specials/SpecialConfirmEmail.php
index f86a133..2c42cd3 100644 (file)
--- a/includes/specials/SpecialConfirmEmail.php
+++ b/includes/specials/SpecialConfirmEmail.php
@@ -21,6 +21,8 @@
  * @ingroup SpecialPage
  */
 
+use MediaWiki\MediaWikiServices;
+
 /**
  * Special page allows users to request email confirmation message, and handles
  * processing of the confirmation code when the link in the email is followed
@@ -57,7 +59,10 @@ class SpecialConfirmEmail extends UnlistedSpecialPage {
 
                // This could also let someone check the current email address, so
                // require both permissions.
-               if ( !$this->getUser()->isAllowed( 'viewmyprivateinfo' ) ) {
+               if ( !MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $this->getUser(), 'viewmyprivateinfo' )
+               ) {
                        throw new PermissionsError( 'viewmyprivateinfo' );
                }
 
diff --git a/includes/specials/SpecialContributions.php b/includes/specials/SpecialContributions.php
index 40c0edf..e8b85fa 100644 (file)
--- a/includes/specials/SpecialContributions.php
+++ b/includes/specials/SpecialContributions.php
@@ -126,7 +126,10 @@ class SpecialContributions extends IncludableSpecialPage {
 
                // Allows reverts to have the bot flag in recent changes. It is just here to
                // be passed in the form at the top of the page
-               if ( $user->isAllowed( 'markbotedits' ) && $request->getBool( 'bot' ) ) {
+               if ( MediaWikiServices::getInstance()
+                                ->getPermissionManager()
+                                ->userHasRight( $user, 'markbotedits' ) && $request->getBool( 'bot' )
+               ) {
                        $this->opts['bot'] = '1';
                }
 
@@ -373,7 +376,9 @@ class SpecialContributions extends IncludableSpecialPage {
                        );
                }
 
-               if ( $sp->getUser()->isAllowed( 'block' ) ) { # Block / Change block / Unblock links
+               # Block / Change block / Unblock links
+               $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
+               if ( $permissionManager->userHasRight( $sp->getUser(), 'block' ) ) {
                        if ( $target->getBlock() && $target->getBlock()->getType() != DatabaseBlock::TYPE_AUTO ) {
                                $tools['block'] = $linkRenderer->makeKnownLink( # Change block link
                                        SpecialPage::getTitleFor( 'Block', $username ),
@@ -400,7 +405,7 @@ class SpecialContributions extends IncludableSpecialPage {
                );
 
                # Suppression log link (T61120)
-               if ( $sp->getUser()->isAllowed( 'suppressionlog' ) ) {
+               if ( $permissionManager->userHasRight( $sp->getUser(), 'suppressionlog' ) ) {
                        $tools['log-suppression'] = $linkRenderer->makeKnownLink(
                                SpecialPage::getTitleFor( 'Log', 'suppress' ),
                                $sp->msg( 'sp-contributions-suppresslog', $username )->text(),
@@ -412,7 +417,7 @@ class SpecialContributions extends IncludableSpecialPage {
                # Don't show some links for IP ranges
                if ( !$isRange ) {
                        # Uploads: hide if IPs cannot upload (T220674)
-                       if ( !$isIP || $target->isAllowed( 'upload' ) ) {
+                       if ( !$isIP || $permissionManager->userHasRight( $target, 'upload' ) ) {
                                $tools['uploads'] = $linkRenderer->makeKnownLink(
                                        SpecialPage::getTitleFor( 'Listfiles', $username ),
                                        $sp->msg( 'sp-contributions-uploads' )->text()
@@ -428,7 +433,7 @@ class SpecialContributions extends IncludableSpecialPage {
 
                        # Add link to deleted user contributions for priviledged users
                        # Todo: T183457
-                       if ( $sp->getUser()->isAllowed( 'deletedhistory' ) ) {
+                       if ( $permissionManager->userHasRight( $sp->getUser(), 'deletedhistory' ) ) {
                                $tools['deletedcontribs'] = $linkRenderer->makeKnownLink(
                                        SpecialPage::getTitleFor( 'DeletedContributions', $username ),
                                        $sp->msg( 'sp-contributions-deleted', $username )->text()
@@ -628,7 +633,10 @@ class SpecialContributions extends IncludableSpecialPage {
 
                $filters = [];
 
-               if ( $this->getUser()->isAllowed( 'deletedhistory' ) ) {
+               if ( MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $this->getUser(), 'deletedhistory' )
+               ) {
                        $filters[] = Html::rawElement(
                                'span',
                                [ 'class' => 'mw-input-with-label' ],
diff --git a/includes/specials/SpecialCreateAccount.php b/includes/specials/SpecialCreateAccount.php
index cc2fc80..637025c 100644 (file)
--- a/includes/specials/SpecialCreateAccount.php
+++ b/includes/specials/SpecialCreateAccount.php
@@ -57,7 +57,9 @@ class SpecialCreateAccount extends LoginSignupSpecialPage {
        }
 
        public function userCanExecute( User $user ) {
-               return $user->isAllowed( 'createaccount' );
+               return MediaWikiServices::getInstance()
+                       ->getPermissionManager()
+                       ->userHasRight( $user, 'createaccount' );
        }
 
        public function checkPermissions() {
diff --git a/includes/specials/SpecialDoubleRedirects.php b/includes/specials/SpecialDoubleRedirects.php
index cccca50..540ac5a 100644 (file)
--- a/includes/specials/SpecialDoubleRedirects.php
+++ b/includes/specials/SpecialDoubleRedirects.php
@@ -21,6 +21,7 @@
  * @ingroup SpecialPage
  */
 
+use MediaWiki\MediaWikiServices;
 use Wikimedia\Rdbms\IResultWrapper;
 use Wikimedia\Rdbms\IDatabase;
 
@@ -155,7 +156,9 @@ class SpecialDoubleRedirects extends QueryPage {
                // if the page is editable, add an edit link
                if (
                        // check user permissions
-                       $this->getUser()->isAllowed( 'edit' ) &&
+                       MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $this->getUser(), 'edit' ) &&
                        // check, if the content model is editable through action=edit
                        ContentHandler::getForTitle( $titleA )->supportsDirectEditing()
                ) {
diff --git a/includes/specials/SpecialEditTags.php b/includes/specials/SpecialEditTags.php
index 1dd1969..48357aa 100644 (file)
--- a/includes/specials/SpecialEditTags.php
+++ b/includes/specials/SpecialEditTags.php
@@ -129,7 +129,7 @@ class SpecialEditTags extends UnlistedSpecialPage {
                        $this->ids
                );
 
-               $this->isAllowed = $user->isAllowed( 'changetags' );
+               $this->isAllowed = $this->permissionManager->userHasRight( $user, 'changetags' );
 
                $this->reason = $request->getVal( 'wpReason' );
                // We need a target page!
diff --git a/includes/specials/SpecialEmailUser.php b/includes/specials/SpecialEmailUser.php
index b42cdea..c8b92bd 100644 (file)
--- a/includes/specials/SpecialEmailUser.php
+++ b/includes/specials/SpecialEmailUser.php
@@ -253,7 +253,10 @@ class SpecialEmailUser extends UnlistedSpecialPage {
                        return 'mailnologin';
                }
 
-               if ( !$user->isAllowed( 'sendemail' ) ) {
+               if ( !MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $user, 'sendemail' )
+               ) {
                        return 'badaccess';
                }
 
diff --git a/includes/specials/SpecialExpandTemplates.php b/includes/specials/SpecialExpandTemplates.php
index a466f29..72e881f 100644 (file)
--- a/includes/specials/SpecialExpandTemplates.php
+++ b/includes/specials/SpecialExpandTemplates.php
@@ -273,7 +273,10 @@ class SpecialExpandTemplates extends SpecialPage {
                        // allowed and a valid edit token is not provided (T73111). However, MediaWiki
                        // does not currently provide logged-out users with CSRF protection; in that case,
                        // do not show the preview unless anonymous editing is allowed.
-                       if ( $user->isAnon() && !$user->isAllowed( 'edit' ) ) {
+                       if ( $user->isAnon() && !MediaWikiServices::getInstance()
+                                       ->getPermissionManager()
+                                       ->userHasRight( $user, 'edit' )
+                       ) {
                                $error = [ 'expand_templates_preview_fail_html_anon' ];
                        } elseif ( !$user->matchEditToken( $request->getVal( 'wpEditToken' ), '', $request ) ) {
                                $error = [ 'expand_templates_preview_fail_html' ];
diff --git a/includes/specials/SpecialExport.php b/includes/specials/SpecialExport.php
index 5a63581..e680d24 100644 (file)
--- a/includes/specials/SpecialExport.php
+++ b/includes/specials/SpecialExport.php
@@ -327,7 +327,9 @@ class SpecialExport extends SpecialPage {
         * @return bool
         */
        private function userCanOverrideExportDepth() {
-               return $this->getUser()->isAllowed( 'override-export-depth' );
+               return MediaWikiServices::getInstance()
+                       ->getPermissionManager()
+                       ->userHasRight( $this->getUser(), 'override-export-depth' );
        }
 
        /**
diff --git a/includes/specials/SpecialImport.php b/includes/specials/SpecialImport.php
index f21c206..cfefa47 100644 (file)
--- a/includes/specials/SpecialImport.php
+++ b/includes/specials/SpecialImport.php
@@ -135,18 +135,19 @@ class SpecialImport extends SpecialPage {
                }
 
                $user = $this->getUser();
+               $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
                if ( !$user->matchEditToken( $request->getVal( 'editToken' ) ) ) {
                        $source = Status::newFatal( 'import-token-mismatch' );
                } elseif ( $this->sourceName === 'upload' ) {
                        $isUpload = true;
                        $this->usernamePrefix = $this->fullInterwikiPrefix = $request->getVal( 'usernamePrefix' );
-                       if ( $user->isAllowed( 'importupload' ) ) {
+                       if ( $permissionManager->userHasRight( $user, 'importupload' ) ) {
                                $source = ImportStreamSource::newFromUpload( "xmlimport" );
                        } else {
                                throw new PermissionsError( 'importupload' );
                        }
                } elseif ( $this->sourceName === 'interwiki' ) {
-                       if ( !$user->isAllowed( 'import' ) ) {
+                       if ( !$permissionManager->userHasRight( $user, 'import' ) ) {
                                throw new PermissionsError( 'import' );
                        }
                        $this->interwiki = $this->fullInterwikiPrefix = $request->getVal( 'interwiki' );
@@ -325,10 +326,11 @@ class SpecialImport extends SpecialPage {
        private function showForm() {
                $action = $this->getPageTitle()->getLocalURL( [ 'action' => 'submit' ] );
                $user = $this->getUser();
+               $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
                $out = $this->getOutput();
                $this->addHelpLink( 'https://meta.wikimedia.org/wiki/Special:MyLanguage/Help:Import', true );
 
-               if ( $user->isAllowed( 'importupload' ) ) {
+               if ( $permissionManager->userHasRight( $user, 'importupload' ) ) {
                        $mappingSelection = $this->getMappingFormPart( 'upload' );
                        $out->addHTML(
                                Xml::fieldset( $this->msg( 'import-upload' )->text() ) .
@@ -401,7 +403,7 @@ class SpecialImport extends SpecialPage {
                        $out->addWikiMsg( 'importnosources' );
                }
 
-               if ( $user->isAllowed( 'import' ) && !empty( $this->importSources ) ) {
+               if ( $permissionManager->userHasRight( $user, 'import' ) && !empty( $this->importSources ) ) {
                        # Show input field for import depth only if $wgExportMaxLinkDepth > 0
                        $importDepth = '';
                        if ( $this->getConfig()->get( 'ExportMaxLinkDepth' ) > 0 ) {
diff --git a/includes/specials/SpecialLog.php b/includes/specials/SpecialLog.php
index ac8baa1..7c85814 100644 (file)
--- a/includes/specials/SpecialLog.php
+++ b/includes/specials/SpecialLog.php
@@ -94,7 +94,9 @@ class SpecialLog extends SpecialPage {
                if ( !LogPage::isLogType( $type ) ) {
                        $opts->setValue( 'type', '' );
                } elseif ( isset( $logRestrictions[$type] )
-                       && !$this->getUser()->isAllowed( $logRestrictions[$type] )
+                       && !MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $this->getUser(), $logRestrictions[$type] )
                ) {
                        throw new PermissionsError( $logRestrictions[$type] );
                }
diff --git a/includes/specials/SpecialMovepage.php b/includes/specials/SpecialMovepage.php
index 6da362d..0767faf 100644 (file)
--- a/includes/specials/SpecialMovepage.php
+++ b/includes/specials/SpecialMovepage.php
@@ -209,7 +209,9 @@ class MovePageForm extends UnlistedSpecialPage {
                }
 
                if ( count( $err ) == 1 && isset( $err[0][0] ) && $err[0][0] == 'file-exists-sharedrepo'
-                       && $user->isAllowed( 'reupload-shared' )
+                       && MediaWikiServices::getInstance()
+                                ->getPermissionManager()
+                                ->userHasRight( $user, 'reupload-shared' )
                ) {
                        $out->wrapWikiMsg(
                                "<div class='warningbox'>\n$1\n</div>\n",
@@ -374,7 +376,10 @@ class MovePageForm extends UnlistedSpecialPage {
                        );
                }
 
-               if ( $user->isAllowed( 'suppressredirect' ) ) {
+               if ( MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $user, 'suppressredirect' )
+               ) {
                        if ( $handlerSupportsRedirects ) {
                                $isChecked = $this->leaveRedirect;
                                $isDisabled = false;
@@ -520,6 +525,7 @@ class MovePageForm extends UnlistedSpecialPage {
 
        function doSubmit() {
                $user = $this->getUser();
+               $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
 
                if ( $user->pingLimiter( 'move' ) ) {
                        throw new ThrottledError;
@@ -540,7 +546,7 @@ class MovePageForm extends UnlistedSpecialPage {
                # Show a warning if the target file exists on a shared repo
                $repoGroup = $services->getRepoGroup();
                if ( $nt->getNamespace() == NS_FILE
-                       && !( $this->moveOverShared && $user->isAllowed( 'reupload-shared' ) )
+                       && !( $this->moveOverShared && $permissionManager->userHasRight( $user, 'reupload-shared' ) )
                        && !$repoGroup->getLocalRepo()->findFile( $nt )
                        && $repoGroup->findFile( $nt )
                ) {
@@ -551,7 +557,7 @@ class MovePageForm extends UnlistedSpecialPage {
 
                # Delete to make way if requested
                if ( $this->deleteAndMove ) {
-                       $permErrors = $nt->getUserPermissionsErrors( 'delete', $user );
+                       $permErrors = $permissionManager->getPermissionErrors( 'delete', $user, $nt );
                        if ( count( $permErrors ) ) {
                                # Only show the first error
                                $this->showForm( $permErrors, true );
@@ -592,7 +598,7 @@ class MovePageForm extends UnlistedSpecialPage {
 
                if ( !$handler->supportsRedirects() ) {
                        $createRedirect = false;
-               } elseif ( $user->isAllowed( 'suppressredirect' ) ) {
+               } elseif ( $permissionManager->userHasRight( $user, 'suppressredirect' ) ) {
                        $createRedirect = $this->leaveRedirect;
                } else {
                        $createRedirect = true;
@@ -607,7 +613,6 @@ class MovePageForm extends UnlistedSpecialPage {
                        $this->moveTalk = false;
                }
                if ( $this->moveSubpages ) {
-                       $permissionManager = $services->getPermissionManager();
                        $this->moveSubpages = $permissionManager->userCan( 'move-subpages', $user, $ot );
                }
 
diff --git a/includes/specials/SpecialPasswordReset.php b/includes/specials/SpecialPasswordReset.php
index 3524d79..2ef96ad 100644 (file)
--- a/includes/specials/SpecialPasswordReset.php
+++ b/includes/specials/SpecialPasswordReset.php
@@ -22,6 +22,7 @@
  */
 
 use MediaWiki\Auth\AuthManager;
+use MediaWiki\MediaWikiServices;
 
 /**
  * Special page for requesting a password reset email.
@@ -52,7 +53,11 @@ class SpecialPasswordReset extends FormSpecialPage {
 
        private function getPasswordReset() {
                if ( $this->passwordReset === null ) {
-                       $this->passwordReset = new PasswordReset( $this->getConfig(), AuthManager::singleton() );
+                       $this->passwordReset = new PasswordReset(
+                               $this->getConfig(),
+                               AuthManager::singleton(),
+                               MediaWikiServices::getInstance()->getPermissionManager()
+                       );
                }
                return $this->passwordReset;
        }
diff --git a/includes/specials/SpecialPreferences.php b/includes/specials/SpecialPreferences.php
index 0bc9147..d541ead 100644 (file)
--- a/includes/specials/SpecialPreferences.php
+++ b/includes/specials/SpecialPreferences.php
@@ -115,7 +115,10 @@ class SpecialPreferences extends SpecialPage {
        }
 
        protected function showResetForm() {
-               if ( !$this->getUser()->isAllowed( 'editmyoptions' ) ) {
+               if ( !MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $this->getUser(), 'editmyoptions' )
+               ) {
                        throw new PermissionsError( 'editmyoptions' );
                }
 
@@ -134,7 +137,10 @@ class SpecialPreferences extends SpecialPage {
        }
 
        public function submitReset( $formData ) {
-               if ( !$this->getUser()->isAllowed( 'editmyoptions' ) ) {
+               if ( !MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $this->getUser(), 'editmyoptions' )
+               ) {
                        throw new PermissionsError( 'editmyoptions' );
                }
 
diff --git a/includes/specials/SpecialRecentChanges.php b/includes/specials/SpecialRecentChanges.php
index 0bfe185..4683fe6 100644 (file)
--- a/includes/specials/SpecialRecentChanges.php
+++ b/includes/specials/SpecialRecentChanges.php
@@ -185,7 +185,9 @@ class SpecialRecentChanges extends ChangesListSpecialPage {
                if (
                        !$this->including() &&
                        $this->getUser()->isLoggedIn() &&
-                       $this->getUser()->isAllowed( 'viewmywatchlist' )
+                       MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $this->getUser(), 'viewmywatchlist' )
                ) {
                        $this->registerFiltersFromDefinitions( [ $this->watchlistFilterGroupDefinition ] );
                        $watchlistGroup = $this->getFilterGroup( 'watchlist' );
@@ -279,7 +281,10 @@ class SpecialRecentChanges extends ChangesListSpecialPage {
                $join_conds = array_merge( $join_conds, $rcQuery['joins'] );
 
                // JOIN on watchlist for users
-               if ( $user->isLoggedIn() && $user->isAllowed( 'viewmywatchlist' ) ) {
+               if ( $user->isLoggedIn() && MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $user, 'viewmywatchlist' )
+               ) {
                        $tables[] = 'watchlist';
                        $fields[] = 'wl_user';
                        $fields[] = 'wl_notificationtimestamp';
diff --git a/includes/specials/SpecialRecentChangesLinked.php b/includes/specials/SpecialRecentChangesLinked.php
index 26f3665..0921ada 100644 (file)
--- a/includes/specials/SpecialRecentChangesLinked.php
+++ b/includes/specials/SpecialRecentChangesLinked.php
@@ -21,6 +21,8 @@
  * @ingroup SpecialPage
  */
 
+use MediaWiki\MediaWikiServices;
+
 /**
  * This is to display changes made to all articles linked in an article.
  *
@@ -91,7 +93,10 @@ class SpecialRecentChangesLinked extends SpecialRecentChanges {
 
                // left join with watchlist table to highlight watched rows
                $uid = $this->getUser()->getId();
-               if ( $uid && $this->getUser()->isAllowed( 'viewmywatchlist' ) ) {
+               if ( $uid && MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $this->getUser(), 'viewmywatchlist' )
+               ) {
                        $tables[] = 'watchlist';
                        $select[] = 'wl_user';
                        $join_conds['watchlist'] = [ 'LEFT JOIN', [
diff --git a/includes/specials/SpecialRevisionDelete.php b/includes/specials/SpecialRevisionDelete.php
index 437263f..698e590 100644 (file)
--- a/includes/specials/SpecialRevisionDelete.php
+++ b/includes/specials/SpecialRevisionDelete.php
@@ -21,6 +21,7 @@
  * @ingroup SpecialPage
  */
 
+use MediaWiki\MediaWikiServices;
 use MediaWiki\Storage\RevisionRecord;
 use MediaWiki\Permissions\PermissionManager;
 
@@ -192,9 +193,11 @@ class SpecialRevisionDelete extends UnlistedSpecialPage {
                $this->typeLabels = self::$UILabels[$this->typeName];
                $list = $this->getList();
                $list->reset();
-               $this->mIsAllowed = $user->isAllowed( RevisionDeleter::getRestriction( $this->typeName ) );
-               $canViewSuppressedOnly = $this->getUser()->isAllowed( 'viewsuppressed' ) &&
-                       !$this->getUser()->isAllowed( 'suppressrevision' );
+               $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
+               $this->mIsAllowed = $permissionManager->userHasRight( $user,
+                       RevisionDeleter::getRestriction( $this->typeName ) );
+               $canViewSuppressedOnly = $permissionManager->userHasRight( $user, 'viewsuppressed' ) &&
+                       !$permissionManager->userHasRight( $user, 'suppressrevision' );
                $pageIsSuppressed = $list->areAnySuppressed();
                $this->mIsAllowed = $this->mIsAllowed && !( $canViewSuppressedOnly && $pageIsSuppressed );
 
@@ -211,7 +214,7 @@ class SpecialRevisionDelete extends UnlistedSpecialPage {
                        [ 'revdelete-hide-comment', 'wpHideComment', RevisionRecord::DELETED_COMMENT ],
                        [ 'revdelete-hide-user', 'wpHideUser', RevisionRecord::DELETED_USER ]
                ];
-               if ( $user->isAllowed( 'suppressrevision' ) ) {
+               if ( $permissionManager->userHasRight( $user, 'suppressrevision' ) ) {
                        $this->checks[] = [ 'revdelete-hide-restricted',
                                'wpHideRestricted', RevisionRecord::DELETED_RESTRICTED ];
                }
@@ -223,7 +226,7 @@ class SpecialRevisionDelete extends UnlistedSpecialPage {
                        $this->showForm();
                }
 
-               if ( $user->isAllowed( 'deletedhistory' ) ) {
+               if ( $permissionManager->userHasRight( $user, 'deletedhistory' ) ) {
                        $qc = $this->getLogQueryCond();
                        # Show relevant lines from the deletion log
                        $deleteLogPage = new LogPage( 'delete' );
@@ -237,7 +240,7 @@ class SpecialRevisionDelete extends UnlistedSpecialPage {
                        );
                }
                # Show relevant lines from the suppression log
-               if ( $user->isAllowed( 'suppressionlog' ) ) {
+               if ( $permissionManager->userHasRight( $user, 'suppressionlog' ) ) {
                        $suppressLogPage = new LogPage( 'suppress' );
                        $output->addHTML( "<h2>" . $suppressLogPage->getName()->escaped() . "</h2>\n" );
                        LogEventsList::showLogExtract(
@@ -276,7 +279,10 @@ class SpecialRevisionDelete extends UnlistedSpecialPage {
                                        [ 'action' => 'history' ]
                                );
                                # Link to deleted edits
-                               if ( $this->getUser()->isAllowed( 'undelete' ) ) {
+                               if ( MediaWikiServices::getInstance()
+                                               ->getPermissionManager()
+                                               ->userHasRight( $this->getUser(), 'undelete' )
+                               ) {
                                        $undelete = SpecialPage::getTitleFor( 'Undelete' );
                                        $links[] = $linkRenderer->makeKnownLink(
                                                $undelete,
@@ -480,7 +486,10 @@ class SpecialRevisionDelete extends UnlistedSpecialPage {
                                Xml::closeElement( 'fieldset' ) . "\n" .
                                Xml::closeElement( 'form' ) . "\n";
                        // Show link to edit the dropdown reasons
-                       if ( $this->getUser()->isAllowed( 'editinterface' ) ) {
+                       if ( MediaWikiServices::getInstance()
+                                       ->getPermissionManager()
+                                       ->userHasRight( $this->getUser(), 'editinterface' )
+                       ) {
                                $link = $this->getLinkRenderer()->makeKnownLink(
                                        $this->msg( 'revdelete-reason-dropdown' )->inContentLanguage()->getTitle(),
                                        $this->msg( 'revdelete-edit-reasonlist' )->text(),
@@ -506,7 +515,10 @@ class SpecialRevisionDelete extends UnlistedSpecialPage {
                        'revdelete-text-others'
                );
 
-               if ( $this->getUser()->isAllowed( 'suppressrevision' ) ) {
+               if ( MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $this->getUser(), 'suppressrevision' )
+               ) {
                        $this->getOutput()->addWikiMsg( 'revdelete-suppress-text' );
                }
 
@@ -611,7 +623,9 @@ class SpecialRevisionDelete extends UnlistedSpecialPage {
                }
                # Can the user set this field?
                if ( $bitParams[RevisionRecord::DELETED_RESTRICTED] == 1
-                       && !$this->getUser()->isAllowed( 'suppressrevision' )
+                       && !MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $this->getUser(), 'suppressrevision' )
                ) {
                        throw new PermissionsError( 'suppressrevision' );
                }
diff --git a/includes/specials/SpecialTags.php b/includes/specials/SpecialTags.php
index 9a95249..2c8d432 100644 (file)
--- a/includes/specials/SpecialTags.php
+++ b/includes/specials/SpecialTags.php
@@ -21,6 +21,8 @@
  * @ingroup SpecialPage
  */
 
+use MediaWiki\MediaWikiServices;
+
 /**
  * A special page that lists tags for edits
  *
@@ -77,9 +79,10 @@ class SpecialTags extends SpecialPage {
                $out->wrapWikiMsg( "<div class='mw-tags-intro'>\n$1\n</div>", 'tags-intro' );
 
                $user = $this->getUser();
-               $userCanManage = $user->isAllowed( 'managechangetags' );
-               $userCanDelete = $user->isAllowed( 'deletechangetags' );
-               $userCanEditInterface = $user->isAllowed( 'editinterface' );
+               $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
+               $userCanManage = $permissionManager->userHasRight( $user, 'managechangetags' );
+               $userCanDelete = $permissionManager->userHasRight( $user, 'deletechangetags' );
+               $userCanEditInterface = $permissionManager->userHasRight( $user, 'editinterface' );
 
                // Show form to create a tag
                if ( $userCanManage ) {
@@ -329,7 +332,9 @@ class SpecialTags extends SpecialPage {
 
        protected function showDeleteTagForm( $tag ) {
                $user = $this->getUser();
-               if ( !$user->isAllowed( 'deletechangetags' ) ) {
+               if ( !MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $user, 'deletechangetags' ) ) {
                        throw new PermissionsError( 'deletechangetags' );
                }
 
@@ -388,7 +393,9 @@ class SpecialTags extends SpecialPage {
                $actionStr = $activate ? 'activate' : 'deactivate';
 
                $user = $this->getUser();
-               if ( !$user->isAllowed( 'managechangetags' ) ) {
+               if ( !MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $user, 'managechangetags' ) ) {
                        throw new PermissionsError( 'managechangetags' );
                }
 
diff --git a/includes/specials/SpecialUnblock.php b/includes/specials/SpecialUnblock.php
index 9b8022b..931b179 100644 (file)
--- a/includes/specials/SpecialUnblock.php
+++ b/includes/specials/SpecialUnblock.php
@@ -22,6 +22,7 @@
  */
 
 use MediaWiki\Block\DatabaseBlock;
+use MediaWiki\MediaWikiServices;
 
 /**
  * A special page for unblocking users
@@ -208,7 +209,10 @@ class SpecialUnblock extends SpecialPage {
 
                # If the name was hidden and the blocking user cannot hide
                # names, then don't allow any block removals...
-               if ( !$performer->isAllowed( 'hideuser' ) && $block->getHideName() ) {
+               if ( !MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $performer, 'hideuser' ) && $block->getHideName()
+               ) {
                        return [ 'unblock-hideuser' ];
                }
 
diff --git a/includes/specials/SpecialUndelete.php b/includes/specials/SpecialUndelete.php
index fe629db..d3d3bd7 100644 (file)
--- a/includes/specials/SpecialUndelete.php
+++ b/includes/specials/SpecialUndelete.php
@@ -102,7 +102,9 @@ class SpecialUndelete extends SpecialPage {
                $this->mDiff = $request->getCheck( 'diff' );
                $this->mDiffOnly = $request->getBool( 'diffonly', $this->getUser()->getOption( 'diffonly' ) );
                $this->mComment = $request->getText( 'wpComment' );
-               $this->mUnsuppress = $request->getVal( 'wpUnsuppress' ) && $user->isAllowed( 'suppressrevision' );
+               $this->mUnsuppress = $request->getVal( 'wpUnsuppress' ) && MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $user, 'suppressrevision' );
                $this->mToken = $request->getVal( 'token' );
 
                $block = $user->getBlock();
@@ -153,7 +155,7 @@ class SpecialUndelete extends SpecialPage {
                if ( $this->mTargetObj !== null ) {
                        return $permissionManager->userCan( $permission, $user, $this->mTargetObj );
                } else {
-                       return $user->isAllowed( $permission );
+                       return $permissionManager->userHasRight( $user, $permission );
                }
        }
 
@@ -179,7 +181,10 @@ class SpecialUndelete extends SpecialPage {
                        $out->addWikiMsg( 'undelete-header' );
 
                        # Not all users can just browse every deleted page from the list
-                       if ( $user->isAllowed( 'browsearchive' ) ) {
+                       if ( MediaWikiServices::getInstance()
+                                       ->getPermissionManager()
+                                       ->userHasRight( $user, 'browsearchive' )
+                       ) {
                                $this->showSearchForm();
                        }
 
@@ -774,7 +779,8 @@ class SpecialUndelete extends SpecialPage {
                LogEventsList::showLogExtract( $out, 'delete', $this->mTargetObj );
                # Show relevant lines from the suppression log:
                $suppressLogPage = new LogPage( 'suppress' );
-               if ( $this->getUser()->isAllowed( 'suppressionlog' ) ) {
+               $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
+               if ( $permissionManager->userHasRight( $this->getUser(), 'suppressionlog' ) ) {
                        $out->addHTML( Xml::element( 'h2', null, $suppressLogPage->getName()->text() ) . "\n" );
                        LogEventsList::showLogExtract( $out, 'suppress', $this->mTargetObj );
                }
@@ -826,7 +832,7 @@ class SpecialUndelete extends SpecialPage {
                                ] )
                        );
 
-                       if ( $this->getUser()->isAllowed( 'suppressrevision' ) ) {
+                       if ( $permissionManager->userHasRight( $this->getUser(), 'suppressrevision' ) ) {
                                $fields[] = new OOUI\FieldLayout(
                                        new OOUI\CheckboxInputWidget( [
                                                'name' => 'wpUnsuppress',
@@ -866,7 +872,7 @@ class SpecialUndelete extends SpecialPage {
                if ( $haveRevisions ) {
                        # Show the page's stored (deleted) history
 
-                       if ( $this->getUser()->isAllowed( 'deleterevision' ) ) {
+                       if ( $permissionManager->userHasRight( $this->getUser(), 'deleterevision' ) ) {
                                $history .= Html::element(
                                        'button',
                                        [
diff --git a/includes/specials/SpecialUpload.php b/includes/specials/SpecialUpload.php
index 81c9d56..e7c2e42 100644 (file)
--- a/includes/specials/SpecialUpload.php
+++ b/includes/specials/SpecialUpload.php
@@ -311,16 +311,18 @@ class SpecialUpload extends SpecialPage {
        protected function showViewDeletedLinks() {
                $title = Title::makeTitleSafe( NS_FILE, $this->mDesiredDestName );
                $user = $this->getUser();
+               $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
                // Show a subtitle link to deleted revisions (to sysops et al only)
                if ( $title instanceof Title ) {
                        $count = $title->isDeleted();
-                       if ( $count > 0 && $user->isAllowed( 'deletedhistory' ) ) {
+                       if ( $count > 0 && $permissionManager->userHasRight( $user, 'deletedhistory' ) ) {
                                $restorelink = $this->getLinkRenderer()->makeKnownLink(
                                        SpecialPage::getTitleFor( 'Undelete', $title->getPrefixedText() ),
                                        $this->msg( 'restorelink' )->numParams( $count )->text()
                                );
-                               $link = $this->msg( $user->isAllowed( 'delete' ) ? 'thisisdeleted' : 'viewdeleted' )
-                                       ->rawParams( $restorelink )->parseAsBlock();
+                               $link = $this->msg(
+                                       $permissionManager->userHasRight( $user, 'delete' ) ? 'thisisdeleted' : 'viewdeleted'
+                               )->rawParams( $restorelink )->parseAsBlock();
                                $this->getOutput()->addHTML(
                                        Html::rawElement(
                                                'div',
diff --git a/includes/specials/SpecialUserrights.php b/includes/specials/SpecialUserrights.php
index 5747f67..585699d 100644 (file)
--- a/includes/specials/SpecialUserrights.php
+++ b/includes/specials/SpecialUserrights.php
@@ -21,6 +21,8 @@
  * @ingroup SpecialPage
  */
 
+use MediaWiki\MediaWikiServices;
+
 /**
  * Special page to allow managing user group membership
  *
@@ -161,7 +163,10 @@ class UserrightsPage extends SpecialPage {
                         * (e.g. they don't have the userrights permission), then don't
                         * allow them to change any user rights.
                         */
-                       if ( !$user->isAllowed( 'userrights' ) ) {
+                       if ( !MediaWikiServices::getInstance()
+                                       ->getPermissionManager()
+                                       ->userHasRight( $user, 'userrights' )
+                       ) {
                                $block = $user->getBlock();
                                if ( $block && $block->isSitewide() ) {
                                        throw new UserBlockedError( $block );
@@ -515,7 +520,10 @@ class UserrightsPage extends SpecialPage {
                        if ( WikiMap::isCurrentWikiId( $dbDomain ) ) {
                                $dbDomain = '';
                        } else {
-                               if ( $writing && !$this->getUser()->isAllowed( 'userrights-interwiki' ) ) {
+                               if ( $writing && !MediaWikiServices::getInstance()
+                                               ->getPermissionManager()
+                                               ->userHasRight( $this->getUser(), 'userrights-interwiki' )
+                               ) {
                                        return Status::newFatal( 'userrights-no-interwiki' );
                                }
                                if ( !UserRightsProxy::validDatabase( $dbDomain ) ) {
diff --git a/includes/specials/SpecialWatchlist.php b/includes/specials/SpecialWatchlist.php
index 3d56330..84b3331 100644 (file)
--- a/includes/specials/SpecialWatchlist.php
+++ b/includes/specials/SpecialWatchlist.php
@@ -381,12 +381,10 @@ class SpecialWatchlist extends ChangesListSpecialPage {
 
                // Log entries with DELETED_ACTION must not show up unless the user has
                // the necessary rights.
-               if ( !$user->isAllowed( 'deletedhistory' ) ) {
+               $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
+               if ( !$permissionManager->userHasRight( $user, 'deletedhistory' ) ) {
                        $bitmask = LogPage::DELETED_ACTION;
-               } elseif ( !MediaWikiServices::getInstance()
-                       ->getPermissionManager()
-                       ->userHasAnyRight( $user, 'suppressrevision', 'viewsuppressed' )
-               ) {
+               } elseif ( !$permissionManager->userHasAnyRight( $user, 'suppressrevision', 'viewsuppressed' ) ) {
                        $bitmask = LogPage::DELETED_ACTION | LogPage::DELETED_RESTRICTED;
                } else {
                        $bitmask = 0;
diff --git a/includes/specials/SpecialWhatLinksHere.php b/includes/specials/SpecialWhatLinksHere.php
index 2840086..5fe3605 100644 (file)
--- a/includes/specials/SpecialWhatLinksHere.php
+++ b/includes/specials/SpecialWhatLinksHere.php
@@ -21,6 +21,7 @@
  * @todo Use some variant of Pager or something; the pagination here is lousy.
  */
 
+use MediaWiki\MediaWikiServices;
 use Wikimedia\Rdbms\IDatabase;
 
 /**
@@ -416,7 +417,9 @@ class SpecialWhatLinksHere extends IncludableSpecialPage {
                // if the page is editable, add an edit link
                if (
                        // check user permissions
-                       $this->getUser()->isAllowed( 'edit' ) &&
+                       MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $this->getUser(), 'edit' ) &&
                        // check, if the content model is editable through action=edit
                        ContentHandler::getForTitle( $target )->supportsDirectEditing()
                ) {
diff --git a/includes/specials/forms/PreferencesFormOOUI.php b/includes/specials/forms/PreferencesFormOOUI.php
index ea23973..b1bfd0b 100644 (file)
--- a/includes/specials/forms/PreferencesFormOOUI.php
+++ b/includes/specials/forms/PreferencesFormOOUI.php
@@ -73,16 +73,18 @@ class PreferencesFormOOUI extends OOUIHTMLForm {
         * @return string
         */
        function getButtons() {
-               if ( !MediaWikiServices::getInstance()
-                       ->getPermissionManager()
-                       ->userHasAnyRight( $this->getModifiedUser(), 'editmyprivateinfo', 'editmyoptions' )
-               ) {
+               $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
+               if ( !$permissionManager->userHasAnyRight(
+                       $this->getModifiedUser(),
+                       'editmyprivateinfo',
+                       'editmyoptions'
+               ) ) {
                        return '';
                }
 
                $html = parent::getButtons();
 
-               if ( $this->getModifiedUser()->isAllowed( 'editmyoptions' ) ) {
+               if ( $permissionManager->userHasRight( $this->getModifiedUser(), 'editmyoptions' ) ) {
                        $t = $this->getTitle()->getSubpage( 'reset' );
 
                        $html .= new OOUI\ButtonWidget( [
diff --git a/includes/specials/forms/UploadForm.php b/includes/specials/forms/UploadForm.php
index 1e5f816..0b4e058 100644 (file)
--- a/includes/specials/forms/UploadForm.php
+++ b/includes/specials/forms/UploadForm.php
@@ -76,7 +76,10 @@ class UploadForm extends HTMLForm {
                parent::__construct( $descriptor, $context, 'upload' );
 
                # Add a link to edit MediaWiki:Licenses
-               if ( $this->getUser()->isAllowed( 'editinterface' ) ) {
+               if ( MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $this->getUser(), 'editinterface' )
+               ) {
                        $this->getOutput()->addModuleStyles( 'mediawiki.special' );
                        $licensesLink = $linkRenderer->makeKnownLink(
                                $this->msg( 'licenses' )->inContentLanguage()->getTitle(),
diff --git a/includes/specials/pagers/ActiveUsersPager.php b/includes/specials/pagers/ActiveUsersPager.php
index 0abe842..c9c3b07 100644 (file)
--- a/includes/specials/pagers/ActiveUsersPager.php
+++ b/includes/specials/pagers/ActiveUsersPager.php
@@ -19,6 +19,8 @@
  * @ingroup Pager
  */
 
+use MediaWiki\MediaWikiServices;
+
 /**
  * This class is used to get a list of active users. The ones with specials
  * rights (sysop, bureaucrat, developer) will have them displayed
@@ -124,7 +126,10 @@ class ActiveUsersPager extends UsersPager {
                        ] ];
                        $conds['ug2.ug_user'] = null;
                }
-               if ( !$this->getUser()->isAllowed( 'hideuser' ) ) {
+               if ( !MediaWikiServices::getInstance()
+                                 ->getPermissionManager()
+                                 ->userHasRight( $this->getUser(), 'hideuser' )
+               ) {
                        $conds[] = 'NOT EXISTS (' . $dbr->selectSQLText(
                                        'ipblocks', '1', [ 'ipb_user=user_id', 'ipb_deleted' => 1 ]
                                ) . ')';
diff --git a/includes/specials/pagers/BlockListPager.php b/includes/specials/pagers/BlockListPager.php
index 4441a33..718da6d 100644 (file)
--- a/includes/specials/pagers/BlockListPager.php
+++ b/includes/specials/pagers/BlockListPager.php
@@ -137,7 +137,10 @@ class BlockListPager extends TablePager {
                                        $value,
                                        /* User preference timezone */true
                                ) );
-                               if ( $this->getUser()->isAllowed( 'block' ) ) {
+                               if ( MediaWikiServices::getInstance()
+                                               ->getPermissionManager()
+                                               ->userHasRight( $this->getUser(), 'block' )
+                               ) {
                                        $links = [];
                                        if ( $row->ipb_auto ) {
                                                $links[] = $linkRenderer->makeKnownLink(
@@ -358,7 +361,10 @@ class BlockListPager extends TablePager {
                $info['conds'][] = 'ipb_expiry > ' . $db->addQuotes( $db->timestamp() );
 
                # Is the user allowed to see hidden blocks?
-               if ( !$this->getUser()->isAllowed( 'hideuser' ) ) {
+               if ( !MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $this->getUser(), 'hideuser' )
+               ) {
                        $info['conds']['ipb_deleted'] = 0;
                }
 
diff --git a/includes/specials/pagers/ContribsPager.php b/includes/specials/pagers/ContribsPager.php
index d76dfb8..3a56a87 100644 (file)
--- a/includes/specials/pagers/ContribsPager.php
+++ b/includes/specials/pagers/ContribsPager.php
@@ -269,6 +269,7 @@ class ContribsPager extends RangeChronologicalPager {
                        'options' => [],
                        'join_conds' => $revQuery['joins'],
                ];
+               $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
 
                // WARNING: Keep this in sync with getTargetTable()!
                $user = User::newFromName( $this->target, false );
@@ -313,14 +314,11 @@ class ContribsPager extends RangeChronologicalPager {
                $queryInfo['conds'] = array_merge( $queryInfo['conds'], $this->getNamespaceCond() );
 
                // Paranoia: avoid brute force searches (T19342)
-               if ( !$user->isAllowed( 'deletedhistory' ) ) {
+               if ( !$permissionManager->userHasRight( $user, 'deletedhistory' ) ) {
                        $queryInfo['conds'][] = $this->mDb->bitAnd(
                                'rev_deleted', RevisionRecord::DELETED_USER
                                ) . ' = 0';
-               } elseif ( !MediaWikiServices::getInstance()
-                       ->getPermissionManager()
-                       ->userHasAnyRight( $user, 'suppressrevision', 'viewsuppressed' )
-               ) {
+               } elseif ( !$permissionManager->userHasAnyRight( $user, 'suppressrevision', 'viewsuppressed' ) ) {
                        $queryInfo['conds'][] = $this->mDb->bitAnd(
                                'rev_deleted', RevisionRecord::SUPPRESSED_USER
                                ) . ' != ' . RevisionRecord::SUPPRESSED_USER;
diff --git a/includes/specials/pagers/DeletedContribsPager.php b/includes/specials/pagers/DeletedContribsPager.php
index cd6294d..2893759 100644 (file)
--- a/includes/specials/pagers/DeletedContribsPager.php
+++ b/includes/specials/pagers/DeletedContribsPager.php
@@ -90,13 +90,11 @@ class DeletedContribsPager extends IndexPager {
                ];
                $conds = array_merge( $userCond, $this->getNamespaceCond() );
                $user = $this->getUser();
+               $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
                // Paranoia: avoid brute force searches (T19792)
-               if ( !$user->isAllowed( 'deletedhistory' ) ) {
+               if ( !$permissionManager->userHasRight( $user, 'deletedhistory' ) ) {
                        $conds[] = $this->mDb->bitAnd( 'ar_deleted', RevisionRecord::DELETED_USER ) . ' = 0';
-               } elseif ( !MediaWikiServices::getInstance()
-                       ->getPermissionManager()
-                       ->userHasAnyRight( $user, 'suppressrevision', 'viewsuppressed' )
-               ) {
+               } elseif ( !$permissionManager->userHasAnyRight( $user, 'suppressrevision', 'viewsuppressed' ) ) {
                        $conds[] = $this->mDb->bitAnd( 'ar_deleted', RevisionRecord::SUPPRESSED_USER ) .
                                ' != ' . RevisionRecord::SUPPRESSED_USER;
                }
@@ -325,8 +323,9 @@ class DeletedContribsPager extends IndexPager {
                );
 
                $user = $this->getUser();
+               $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
 
-               if ( $user->isAllowed( 'deletedtext' ) ) {
+               if ( $permissionManager->userHasRight( $user, 'deletedtext' ) ) {
                        $last = $linkRenderer->makeKnownLink(
                                $undelete,
                                $this->messages['diff'],
@@ -344,7 +343,9 @@ class DeletedContribsPager extends IndexPager {
                $comment = Linker::revComment( $rev );
                $date = $this->getLanguage()->userTimeAndDate( $rev->getTimestamp(), $user );
 
-               if ( !$user->isAllowed( 'undelete' ) || !$rev->userCan( RevisionRecord::DELETED_TEXT, $user ) ) {
+               if ( !$permissionManager->userHasRight( $user, 'undelete' ) ||
+                        !$rev->userCan( RevisionRecord::DELETED_TEXT, $user )
+               ) {
                        $link = htmlspecialchars( $date ); // unusable link
                } else {
                        $link = $linkRenderer->makeKnownLink(
diff --git a/includes/specials/pagers/ProtectedPagesPager.php b/includes/specials/pagers/ProtectedPagesPager.php
index 747dea2..bb5592c 100644 (file)
--- a/includes/specials/pagers/ProtectedPagesPager.php
+++ b/includes/specials/pagers/ProtectedPagesPager.php
@@ -20,6 +20,7 @@
  */
 
 use MediaWiki\Linker\LinkRenderer;
+use MediaWiki\MediaWikiServices;
 
 class ProtectedPagesPager extends TablePager {
 
@@ -159,7 +160,10 @@ class ProtectedPagesPager extends TablePager {
                                $formatted = htmlspecialchars( $this->getLanguage()->formatExpiry(
                                        $value, /* User preference timezone */true ) );
                                $title = Title::makeTitleSafe( $row->page_namespace, $row->page_title );
-                               if ( $this->getUser()->isAllowed( 'protect' ) && $title ) {
+                               if ( $title && MediaWikiServices::getInstance()
+                                                ->getPermissionManager()
+                                                ->userHasRight( $this->getUser(), 'protect' )
+                               ) {
                                        $changeProtection = $linkRenderer->makeKnownLink(
                                                $title,
                                                $this->msg( 'protect_change' )->text(),
diff --git a/includes/specials/pagers/UsersPager.php b/includes/specials/pagers/UsersPager.php
index ba078e9..ee0ac00 100644 (file)
--- a/includes/specials/pagers/UsersPager.php
+++ b/includes/specials/pagers/UsersPager.php
@@ -23,6 +23,8 @@
  * @ingroup Pager
  */
 
+use MediaWiki\MediaWikiServices;
+
 /**
  * This class is used to get a list of user. The ones with specials
  * rights (sysop, bureaucrat, developer) will have them displayed
@@ -123,7 +125,10 @@ class UsersPager extends AlphabeticPager {
                $conds = [];
 
                // Don't show hidden names
-               if ( !$this->getUser()->isAllowed( 'hideuser' ) ) {
+               if ( !MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $this->getUser(), 'hideuser' )
+               ) {
                        $conds[] = 'ipb_deleted IS NULL OR ipb_deleted = 0';
                }
 
diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php
index 3368e29..d7dfffa 100644 (file)
--- a/includes/upload/UploadBase.php
+++ b/includes/upload/UploadBase.php
@@ -20,7 +20,10 @@
  * @file
  * @ingroup Upload
  */
+
+use MediaWiki\MediaWikiServices;
 use MediaWiki\Shell\Shell;
+use MediaWiki\User\UserIdentity;
 
 /**
  * @defgroup Upload Upload related
@@ -145,12 +148,13 @@ abstract class UploadBase {
         * identifying the missing permission.
         * Can be overridden by subclasses.
         *
-        * @param User $user
+        * @param UserIdentity $user
         * @return bool|string
         */
-       public static function isAllowed( $user ) {
+       public static function isAllowed( UserIdentity $user ) {
+               $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
                foreach ( [ 'upload', 'edit' ] as $permission ) {
-                       if ( !$user->isAllowed( $permission ) ) {
+                       if ( !$permissionManager->userHasRight( $user, $permission ) ) {
                                return $permission;
                        }
                }
@@ -1954,7 +1958,10 @@ abstract class UploadBase {
                 * wfFindFile finds a file, it exists in a shared repository.
                 */
                $file = wfFindFile( $this->getTitle(), [ 'latest' => true ] );
-               if ( $file && !$user->isAllowed( 'reupload-shared' ) ) {
+               if ( $file && !MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $user, 'reupload-shared' )
+               ) {
                        return [ 'fileexists-shared-forbidden', $file->getName() ];
                }
 
@@ -1969,9 +1976,10 @@ abstract class UploadBase {
         * @return bool
         */
        public static function userCanReUpload( User $user, File $img ) {
-               if ( $user->isAllowed( 'reupload' ) ) {
+               $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
+               if ( $permissionManager->userHasRight( $user, 'reupload' ) ) {
                        return true; // non-conditional
-               } elseif ( !$user->isAllowed( 'reupload-own' ) ) {
+               } elseif ( !$permissionManager->userHasRight( $user, 'reupload-own' ) ) {
                        return false;
                }
 
diff --git a/includes/upload/UploadFromUrl.php b/includes/upload/UploadFromUrl.php
index b92fcc5..b87810d 100644 (file)
--- a/includes/upload/UploadFromUrl.php
+++ b/includes/upload/UploadFromUrl.php
@@ -1,7 +1,4 @@
 <?php
-
-use MediaWiki\MediaWikiServices;
-
 /**
  * Backend for uploading files from a HTTP resource.
  *
@@ -24,6 +21,9 @@ use MediaWiki\MediaWikiServices;
  * @ingroup Upload
  */
 
+use MediaWiki\MediaWikiServices;
+use MediaWiki\User\UserIdentity;
+
 /**
  * Implements uploading from a HTTP resource.
  *
@@ -43,12 +43,15 @@ class UploadFromUrl extends UploadBase {
         * user is not allowed, return the name of the user right as a string. If
         * the user is allowed, have the parent do further permissions checking.
         *
-        * @param User $user
+        * @param UserIdentity $user
         *
         * @return bool|string
         */
-       public static function isAllowed( $user ) {
-               if ( !$user->isAllowed( 'upload_by_url' ) ) {
+       public static function isAllowed( UserIdentity $user ) {
+               if ( !MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $user, 'upload_by_url' )
+               ) {
                        return 'upload_by_url';
                }
 
@@ -167,7 +170,9 @@ class UploadFromUrl extends UploadBase {
                $url = $request->getVal( 'wpUploadFileURL' );
 
                return !empty( $url )
-                       && $wgUser->isAllowed( 'upload_by_url' );
+                       && MediaWikiServices::getInstance()
+                                  ->getPermissionManager()
+                                  ->userHasRight( $wgUser, 'upload_by_url' );
        }
 
        /**
diff --git a/includes/user/LocalIdLookup.php b/includes/user/LocalIdLookup.php
index ca3db5b..4c9099e 100644 (file)
--- a/includes/user/LocalIdLookup.php
+++ b/includes/user/LocalIdLookup.php
@@ -20,6 +20,8 @@
  * @file
  */
 
+use MediaWiki\MediaWikiServices;
+
 /**
  * A CentralIdLookup provider that just uses local IDs. Useful if the wiki
  * isn't part of a cluster or you're using shared user tables.
@@ -69,7 +71,10 @@ class LocalIdLookup extends CentralIdLookup {
                        'user_id' => array_map( 'intval', array_keys( $idToName ) ),
                ];
                $join = [];
-               if ( $audience && !$audience->isAllowed( 'hideuser' ) ) {
+               if ( $audience && !MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $audience, 'hideuser' )
+               ) {
                        $tables[] = 'ipblocks';
                        $join['ipblocks'] = [ 'LEFT JOIN', 'ipb_user=user_id' ];
                        $fields[] = 'ipb_deleted';
@@ -100,7 +105,10 @@ class LocalIdLookup extends CentralIdLookup {
                        'user_name' => array_map( 'strval', array_keys( $nameToId ) ),
                ];
                $join = [];
-               if ( $audience && !$audience->isAllowed( 'hideuser' ) ) {
+               if ( $audience && !MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $audience, 'hideuser' )
+               ) {
                        $tables[] = 'ipblocks';
                        $join['ipblocks'] = [ 'LEFT JOIN', 'ipb_user=user_id' ];
                        $where[] = 'ipb_deleted = 0 OR ipb_deleted IS NULL';
diff --git a/includes/user/PasswordReset.php b/includes/user/PasswordReset.php
index fd8eb3f..38707de 100644 (file)
--- a/includes/user/PasswordReset.php
+++ b/includes/user/PasswordReset.php
@@ -22,6 +22,7 @@
 
 use MediaWiki\Auth\AuthManager;
 use MediaWiki\Auth\TemporaryPasswordAuthenticationRequest;
+use MediaWiki\Permissions\PermissionManager;
 use Psr\Log\LoggerAwareInterface;
 use Psr\Log\LoggerInterface;
 use MediaWiki\Logger\LoggerFactory;
@@ -40,6 +41,9 @@ class PasswordReset implements LoggerAwareInterface {
        /** @var AuthManager */
        protected $authManager;
 
+       /** @var PermissionManager */
+       private $permissionManager;
+
        /** @var LoggerInterface */
        protected $logger;
 
@@ -50,9 +54,14 @@ class PasswordReset implements LoggerAwareInterface {
         */
        private $permissionCache;
 
-       public function __construct( Config $config, AuthManager $authManager ) {
+       public function __construct(
+               Config $config,
+               AuthManager $authManager,
+               PermissionManager $permissionManager
+       ) {
                $this->config = $config;
                $this->authManager = $authManager;
+               $this->permissionManager = $permissionManager;
                $this->permissionCache = new MapCacheLRU( 1 );
                $this->logger = LoggerFactory::getInstance( 'authentication' );
        }
@@ -93,7 +102,7 @@ class PasswordReset implements LoggerAwareInterface {
                        } elseif ( !$this->config->get( 'EnableEmail' ) ) {
                                // Maybe email features have been disabled
                                $status = StatusValue::newFatal( 'passwordreset-emaildisabled' );
-                       } elseif ( !$user->isAllowed( 'editmyprivateinfo' ) ) {
+                       } elseif ( !$this->permissionManager->userHasRight( $user, 'editmyprivateinfo' ) ) {
                                // Maybe not all users have permission to change private data
                                $status = StatusValue::newFatal( 'badaccess' );
                        } elseif ( $this->isBlocked( $user ) ) {
diff --git a/includes/user/UserNamePrefixSearch.php b/includes/user/UserNamePrefixSearch.php
index c185bab..b3489a2 100644 (file)
--- a/includes/user/UserNamePrefixSearch.php
+++ b/includes/user/UserNamePrefixSearch.php
@@ -20,6 +20,8 @@
  * @file
  */
 
+use MediaWiki\MediaWikiServices;
+
 /**
  * Handles searching prefixes of user names
  *
@@ -46,7 +48,10 @@ class UserNamePrefixSearch {
                $joinConds = [];
 
                // Filter out hidden user names
-               if ( $audience === 'public' || !$audience->isAllowed( 'hideuser' ) ) {
+               if ( $audience === 'public' || !MediaWikiServices::getInstance()
+                               ->getPermissionManager()
+                               ->userHasRight( $audience, 'hideuser' )
+               ) {
                        $tables[] = 'ipblocks';
                        $cond['ipb_deleted'] = [ 0, null ];
                        $joinConds['ipblocks'] = [ 'LEFT JOIN', 'user_id=ipb_user' ];
diff --git a/tests/phpunit/includes/Revision/RenderedRevisionTest.php b/tests/phpunit/includes/Revision/RenderedRevisionTest.php
index 9665867..7115515 100644 (file)
--- a/tests/phpunit/includes/Revision/RenderedRevisionTest.php
+++ b/tests/phpunit/includes/Revision/RenderedRevisionTest.php
@@ -4,6 +4,7 @@ namespace MediaWiki\Tests\Revision;
 
 use Content;
 use Language;
+use MediaWiki\MediaWikiServices;
 use MediaWiki\Revision\MutableRevisionRecord;
 use MediaWiki\Revision\MutableRevisionSlots;
 use MediaWiki\Revision\RenderedRevision;
@@ -122,7 +123,9 @@ class RenderedRevisionTest extends MediaWikiTestCase {
                $mock->expects( $this->any() )
                        ->method( 'userCan' )
                        ->willReturnCallback( function ( $perm, User $user ) use ( $mock ) {
-                               return $user->isAllowed( $perm );
+                               return MediaWikiServices::getInstance()
+                                       ->getPermissionManager()
+                                       ->userHasRight( $user, $perm );
                        } );
 
                return $mock;
diff --git a/tests/phpunit/includes/user/LocalIdLookupTest.php b/tests/phpunit/includes/user/LocalIdLookupTest.php
index e38d77b..0e46744 100644 (file)
--- a/tests/phpunit/includes/user/LocalIdLookupTest.php
+++ b/tests/phpunit/includes/user/LocalIdLookupTest.php
@@ -1,6 +1,7 @@
 <?php
 
 use MediaWiki\Block\DatabaseBlock;
+use MediaWiki\MediaWikiServices;
 
 /**
  * @covers LocalIdLookup
@@ -47,12 +48,12 @@ class LocalIdLookupTest extends MediaWikiTestCase {
 
        public function testLookupCentralIds() {
                $lookup = new LocalIdLookup();
-
+               $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
                $user1 = $this->getLookupUser();
                $user2 = User::newFromName( 'UTLocalIdLookup2' );
 
-               $this->assertTrue( $user1->isAllowed( 'hideuser' ), 'sanity check' );
-               $this->assertFalse( $user2->isAllowed( 'hideuser' ), 'sanity check' );
+               $this->assertTrue( $permissionManager->userHasRight( $user1, 'hideuser' ), 'sanity check' );
+               $this->assertFalse( $permissionManager->userHasRight( $user2, 'hideuser' ), 'sanity check' );
 
                $this->assertSame( [], $lookup->lookupCentralIds( [] ) );
 
@@ -76,11 +77,12 @@ class LocalIdLookupTest extends MediaWikiTestCase {
 
        public function testLookupUserNames() {
                $lookup = new LocalIdLookup();
+               $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
                $user1 = $this->getLookupUser();
                $user2 = User::newFromName( 'UTLocalIdLookup2' );
 
-               $this->assertTrue( $user1->isAllowed( 'hideuser' ), 'sanity check' );
-               $this->assertFalse( $user2->isAllowed( 'hideuser' ), 'sanity check' );
+               $this->assertTrue( $permissionManager->userHasRight( $user1, 'hideuser' ), 'sanity check' );
+               $this->assertFalse( $permissionManager->userHasRight( $user2, 'hideuser' ), 'sanity check' );
 
                $this->assertSame( [], $lookup->lookupUserNames( [] ) );
 
diff --git a/tests/phpunit/includes/user/PasswordResetTest.php b/tests/phpunit/includes/user/PasswordResetTest.php
index b0c0fec..4a7aa05 100644 (file)
--- a/tests/phpunit/includes/user/PasswordResetTest.php
+++ b/tests/phpunit/includes/user/PasswordResetTest.php
@@ -4,6 +4,7 @@ use MediaWiki\Auth\AuthManager;
 use MediaWiki\Block\DatabaseBlock;
 use MediaWiki\Block\CompositeBlock;
 use MediaWiki\Block\SystemBlock;
+use MediaWiki\Permissions\PermissionManager;
 
 /**
  * @covers PasswordReset
@@ -30,16 +31,19 @@ class PasswordResetTest extends MediaWikiTestCase {
                $user->expects( $this->any() )->method( 'getName' )->willReturn( 'Foo' );
                $user->expects( $this->any() )->method( 'getBlock' )->willReturn( $block );
                $user->expects( $this->any() )->method( 'getGlobalBlock' )->willReturn( $globalBlock );
-               $user->expects( $this->any() )->method( 'isAllowed' )
-                       ->will( $this->returnCallback( function ( $perm ) use ( $canEditPrivate ) {
-                               if ( $perm === 'editmyprivateinfo' ) {
-                                       return $canEditPrivate;
-                               } else {
-                                       $this->fail( 'Unexpected permission check' );
-                               }
-                       } ) );
 
-               $passwordReset = new PasswordReset( $config, $authManager );
+               $permissionManager = $this->getMockBuilder( PermissionManager::class )
+                       ->disableOriginalConstructor()
+                       ->getMock();
+               $permissionManager->method( 'userHasRight' )
+                       ->with( $user, 'editmyprivateinfo' )
+                       ->willReturn( $canEditPrivate );
+
+               $passwordReset = new PasswordReset(
+                       $config,
+                       $authManager,
+                       $permissionManager
+               );
 
                $this->assertSame( $isAllowed, $passwordReset->isAllowed( $user )->isGood() );
        }
@@ -204,9 +208,16 @@ class PasswordResetTest extends MediaWikiTestCase {
                $request->setIP( '1.2.3.4' );
                $performingUser = $this->getMockBuilder( User::class )->getMock();
                $performingUser->expects( $this->any() )->method( 'getRequest' )->willReturn( $request );
-               $performingUser->expects( $this->any() )->method( 'isAllowed' )->willReturn( true );
                $performingUser->expects( $this->any() )->method( 'getName' )->willReturn( 'Performer' );
 
+               $permissionManager = $this->getMockBuilder( PermissionManager::class )
+                       ->disableOriginalConstructor()
+                       ->getMock();
+               $permissionManager->expects( $this->once() )
+                       ->method( 'userHasRight' )
+                       ->with( $performingUser, 'editmyprivateinfo' )
+                       ->willReturn( true );
+
                $targetUser1 = $this->getMockBuilder( User::class )->getMock();
                $targetUser2 = $this->getMockBuilder( User::class )->getMock();
                $targetUser1->expects( $this->any() )->method( 'getName' )->willReturn( 'User1' );
@@ -217,7 +228,8 @@ class PasswordResetTest extends MediaWikiTestCase {
                $targetUser2->expects( $this->any() )->method( 'getEmail' )->willReturn( 'foo@bar.baz' );
 
                $passwordReset = $this->getMockBuilder( PasswordReset::class )
-                       ->setMethods( [ 'getUsersByEmail' ] )->setConstructorArgs( [ $config, $authManager ] )
+                       ->setConstructorArgs( [ $config, $authManager, $permissionManager ] )
+                       ->setMethods( [ 'getUsersByEmail' ] )
                        ->getMock();
                $passwordReset->expects( $this->any() )->method( 'getUsersByEmail' )->with( 'foo@bar.baz' )
                        ->willReturn( [ $targetUser1, $targetUser2 ] );
diff --git a/tests/phpunit/includes/user/UserGroupMembershipTest.php b/tests/phpunit/includes/user/UserGroupMembershipTest.php
index 4862747..6f57578 100644 (file)
--- a/tests/phpunit/includes/user/UserGroupMembershipTest.php
+++ b/tests/phpunit/includes/user/UserGroupMembershipTest.php
@@ -1,5 +1,7 @@
 <?php
 
+use MediaWiki\MediaWikiServices;
+
 /**
  * @group Database
  */
@@ -61,7 +63,9 @@ class UserGroupMembershipTest extends MediaWikiTestCase {
                $user->clearInstanceCache();
                $this->assertContains( 'unittesters', $user->getGroups() );
                $this->assertArrayHasKey( 'unittesters', $user->getGroupMemberships() );
-               $this->assertTrue( $user->isAllowed( 'runtest' ) );
+               $this->assertTrue( MediaWikiServices::getInstance()
+                       ->getPermissionManager()
+                       ->userHasRight( $user, 'runtest' ) );
 
                // try updating without allowUpdate. Should fail
                $ugm = new UserGroupMembership( $user->getId(), 'unittesters', $this->expiryTime );
@@ -72,7 +76,9 @@ class UserGroupMembershipTest extends MediaWikiTestCase {
                $user->clearInstanceCache();
                $this->assertContains( 'unittesters', $user->getGroups() );
                $this->assertArrayHasKey( 'unittesters', $user->getGroupMemberships() );
-               $this->assertTrue( $user->isAllowed( 'runtest' ) );
+               $this->assertTrue( MediaWikiServices::getInstance()
+                       ->getPermissionManager()
+                       ->userHasRight( $user, 'runtest' ) );
 
                // try removing the group
                $ugm->delete();
@@ -81,7 +87,9 @@ class UserGroupMembershipTest extends MediaWikiTestCase {
                        $this->logicalNot( $this->contains( 'unittesters' ) ) );
                $this->assertThat( $user->getGroupMemberships(),
                        $this->logicalNot( $this->arrayHasKey( 'unittesters' ) ) );
-               $this->assertFalse( $user->isAllowed( 'runtest' ) );
+               $this->assertFalse( MediaWikiServices::getInstance()
+                       ->getPermissionManager()
+                       ->userHasRight( $user, 'runtest' ) );
 
                // check that the user group is now in user_former_groups
                $this->assertContains( 'unittesters', $user->getFormerGroups() );
Wiklou, le Wiki du Wiklou