Add sslCAFile option to DatabaseMysqli
[mediawiki.git] / includes / api / ApiUserrights.php
blob2a364d9756799ee0ebea7c52de1d3010e29b8033
1 <?php
3 /**
4 * API userrights module
6 * Copyright © 2009 Roan Kattouw "<Firstname>.<Lastname>@gmail.com"
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
21 * http://www.gnu.org/copyleft/gpl.html
23 * @file
26 /**
27 * @ingroup API
29 class ApiUserrights extends ApiBase {
31 private $mUser = null;
33 /**
34 * Get a UserrightsPage object, or subclass.
35 * @return UserrightsPage
37 protected function getUserRightsPage() {
38 return new UserrightsPage;
41 /**
42 * Get all available groups.
43 * @return array
45 protected function getAllGroups() {
46 return User::getAllGroups();
49 public function execute() {
50 $pUser = $this->getUser();
52 // Deny if the user is blocked and doesn't have the full 'userrights' permission.
53 // This matches what Special:UserRights does for the web UI.
54 if ( $pUser->isBlocked() && !$pUser->isAllowed( 'userrights' ) ) {
55 $this->dieBlocked( $pUser->getBlock() );
58 $params = $this->extractRequestParams();
60 // Figure out expiry times from the input
61 // $params['expiry'] may not be set in subclasses
62 if ( isset( $params['expiry'] ) ) {
63 $expiry = (array)$params['expiry'];
64 } else {
65 $expiry = [ 'infinity' ];
67 if ( count( $expiry ) !== count( $params['add'] ) ) {
68 if ( count( $expiry ) === 1 ) {
69 $expiry = array_fill( 0, count( $params['add'] ), $expiry[0] );
70 } else {
71 $this->dieWithError( [
72 'apierror-toofewexpiries',
73 count( $expiry ),
74 count( $params['add'] )
75 ] );
79 // Validate the expiries
80 $groupExpiries = [];
81 foreach ( $expiry as $index => $expiryValue ) {
82 $group = $params['add'][$index];
83 $groupExpiries[$group] = UserrightsPage::expiryToTimestamp( $expiryValue );
85 if ( $groupExpiries[$group] === false ) {
86 $this->dieWithError( [ 'apierror-invalidexpiry', wfEscapeWikiText( $expiryValue ) ] );
89 // not allowed to have things expiring in the past
90 if ( $groupExpiries[$group] && $groupExpiries[$group] < wfTimestampNow() ) {
91 $this->dieWithError( [ 'apierror-pastexpiry', wfEscapeWikiText( $expiryValue ) ] );
95 $user = $this->getUrUser( $params );
97 $tags = $params['tags'];
99 // Check if user can add tags
100 if ( !is_null( $tags ) ) {
101 $ableToTag = ChangeTags::canAddTagsAccompanyingChange( $tags, $pUser );
102 if ( !$ableToTag->isOK() ) {
103 $this->dieStatus( $ableToTag );
107 $form = $this->getUserRightsPage();
108 $form->setContext( $this->getContext() );
109 $r['user'] = $user->getName();
110 $r['userid'] = $user->getId();
111 list( $r['added'], $r['removed'] ) = $form->doSaveUserGroups(
112 $user, (array)$params['add'], (array)$params['remove'],
113 $params['reason'], $tags, $groupExpiries
116 $result = $this->getResult();
117 ApiResult::setIndexedTagName( $r['added'], 'group' );
118 ApiResult::setIndexedTagName( $r['removed'], 'group' );
119 $result->addValue( null, $this->getModuleName(), $r );
123 * @param array $params
124 * @return User
126 private function getUrUser( array $params ) {
127 if ( $this->mUser !== null ) {
128 return $this->mUser;
131 $this->requireOnlyOneParameter( $params, 'user', 'userid' );
133 $user = isset( $params['user'] ) ? $params['user'] : '#' . $params['userid'];
135 $form = $this->getUserRightsPage();
136 $form->setContext( $this->getContext() );
137 $status = $form->fetchUser( $user );
138 if ( !$status->isOK() ) {
139 $this->dieStatus( $status );
142 $this->mUser = $status->value;
144 return $status->value;
147 public function mustBePosted() {
148 return true;
151 public function isWriteMode() {
152 return true;
155 public function getAllowedParams() {
156 $a = [
157 'user' => [
158 ApiBase::PARAM_TYPE => 'user',
160 'userid' => [
161 ApiBase::PARAM_TYPE => 'integer',
163 'add' => [
164 ApiBase::PARAM_TYPE => $this->getAllGroups(),
165 ApiBase::PARAM_ISMULTI => true
167 'expiry' => [
168 ApiBase::PARAM_ISMULTI => true,
169 ApiBase::PARAM_ALLOW_DUPLICATES => true,
170 ApiBase::PARAM_DFLT => 'infinite',
172 'remove' => [
173 ApiBase::PARAM_TYPE => $this->getAllGroups(),
174 ApiBase::PARAM_ISMULTI => true
176 'reason' => [
177 ApiBase::PARAM_DFLT => ''
179 'token' => [
180 // Standard definition automatically inserted
181 ApiBase::PARAM_HELP_MSG_APPEND => [ 'api-help-param-token-webui' ],
183 'tags' => [
184 ApiBase::PARAM_TYPE => 'tags',
185 ApiBase::PARAM_ISMULTI => true
188 if ( !$this->getUserRightsPage()->canProcessExpiries() ) {
189 unset( $a['expiry'] );
191 return $a;
194 public function needsToken() {
195 return 'userrights';
198 protected function getWebUITokenSalt( array $params ) {
199 return $this->getUrUser( $params )->getName();
202 protected function getExamplesMessages() {
203 $a = [
204 'action=userrights&user=FooBot&add=bot&remove=sysop|bureaucrat&token=123ABC'
205 => 'apihelp-userrights-example-user',
206 'action=userrights&userid=123&add=bot&remove=sysop|bureaucrat&token=123ABC'
207 => 'apihelp-userrights-example-userid',
209 if ( $this->getUserRightsPage()->canProcessExpiries() ) {
210 $a['action=userrights&user=SometimeSysop&add=sysop&expiry=1%20month&token=123ABC']
211 = 'apihelp-userrights-example-expiry';
213 return $a;
216 public function getHelpUrls() {
217 return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:User_group_membership';