/**
* @desc Returns true if user is not a staff member and is blocked locally/globally
*
* @return bool
*/
protected function isBlocked()
{
$this->app->wf->ProfileIn(__METHOD__);
// check if the user is blocked locally, if not, also check if they're blocked globally (via Phalanx)
$isBlocked = $this->user->isBlocked() || $this->user->isBlockedGlobally();
if ($isBlocked && !$this->isUserInGroup(self::WIKIA_GROUP_STAFF_NAME)) {
$this->app->wf->ProfileOut(__METHOD__);
return true;
}
$this->app->wf->ProfileOut(__METHOD__);
return false;
}
/**
* check whether a user is prevented from taking an action
* @param User $user
* @param string $action arbitrary action that the user is trying to take
* @return bool
*/
public function preventBlockedUsage(User $user, $action)
{
$result = false;
if (!in_array($action, $this->whitelist()) && $user->isBlocked()) {
$result = true;
$this->onBlockedUsagePrevented($user);
}
return $result;
}
/**
* Utility function that checks whether CX is enabled for a given user.
* Currently it checks that if CX is a beta feature, whether the user has
* enabled it. Otherwise it is always enabled.
*
* @param User $user
* @return Boolean
*/
public static function isEnabledForUser(User $user)
{
global $wgContentTranslationAsBetaFeature;
// CX is currently restricted to only logged in users
if ($user->isAnon()) {
return false;
}
if ($user->isBlocked()) {
return false;
}
if (!$wgContentTranslationAsBetaFeature) {
return true;
}
return class_exists('BetaFeatures') && BetaFeatures::isFeatureEnabled($user, 'cx');
}
/**
* Check if a given user has permission to use this functionality.
* @param User $user
* @param bool $displayPassword If set, also check whether the user is allowed to reset the
* password of another user and see the temporary password.
* @return StatusValue
*/
public function isAllowed(User $user, $displayPassword = false)
{
$statuses = $this->permissionCache->get($user->getName());
if ($statuses) {
list($status, $status2) = $statuses;
} else {
$resetRoutes = $this->config->get('PasswordResetRoutes');
$status = StatusValue::newGood();
if (!is_array($resetRoutes) || !in_array(true, array_values($resetRoutes), true)) {
// Maybe password resets are disabled, or there are no allowable routes
$status = StatusValue::newFatal('passwordreset-disabled');
} elseif (($providerStatus = $this->authManager->allowsAuthenticationDataChange(new TemporaryPasswordAuthenticationRequest(), false)) && !$providerStatus->isGood()) {
// Maybe the external auth plugin won't allow local password changes
$status = StatusValue::newFatal('resetpass_forbidden-reason', $providerStatus->getMessage());
} elseif (!$this->config->get('EnableEmail')) {
// Maybe email features have been disabled
$status = StatusValue::newFatal('passwordreset-emaildisabled');
} elseif (!$user->isAllowed('editmyprivateinfo')) {
// Maybe not all users have permission to change private data
$status = StatusValue::newFatal('badaccess');
} elseif ($user->isBlocked()) {
// Maybe the user is blocked (check this here rather than relying on the parent
// method as we have a more specific error message to use here
$status = StatusValue::newFatal('blocked-mailpassword');
}
$status2 = StatusValue::newGood();
if (!$user->isAllowed('passwordreset')) {
$status2 = StatusValue::newFatal('badaccess');
}
$this->permissionCache->set($user->getName(), [$status, $status2]);
}
if (!$displayPassword || !$status->isGood()) {
return $status;
} else {
return $status2;
}
}
/**
* bug 15810: blocked admins should not be able to block/unblock
* others, and probably shouldn't be able to unblock themselves
* either.
* @param $user User|Int|String
* @param $performer User user doing the request
* @return Bool|String true or error message key
*/
public static function checkUnblockSelf($user, User $performer)
{
if (is_int($user)) {
$user = User::newFromId($user);
} elseif (is_string($user)) {
$user = User::newFromName($user);
}
if ($performer->isBlocked()) {
if ($user instanceof User && $user->getId() == $performer->getId()) {
# User is trying to unblock themselves
if ($performer->isAllowed('unblockself')) {
return true;
# User blocked themselves and is now trying to reverse it
} elseif ($performer->blockedBy() === $performer->getName()) {
return true;
} else {
return 'ipbnounblockself';
}
} else {
# User is trying to block/unblock someone else
return 'ipbblocked';
}
} else {
return true;
}
}
/**
* Called from execute() to check if the given user can perform this action.
* Failures here must throw subclasses of ErrorPageError.
* @param $user User
* @return Bool true
* @throws ErrorPageError
*/
protected function checkExecutePermissions(User $user)
{
$this->checkPermissions();
if ($this->requiresUnblock() && $user->isBlocked()) {
$block = $user->getBlock();
throw new UserBlockedError($block);
}
if ($this->requiresWrite()) {
$this->checkReadOnly();
}
return true;
}
/**
* Links to different places.
*
* @note This function is also called in DeletedContributionsPage
* @param SpecialPage $sp SpecialPage instance, for context
* @param User $target Target user object
* @return array
*/
public static function getUserLinks(SpecialPage $sp, User $target)
{
$id = $target->getId();
$username = $target->getName();
$userpage = $target->getUserPage();
$talkpage = $target->getTalkPage();
$linkRenderer = $sp->getLinkRenderer();
$tools['user-talk'] = $linkRenderer->makeLink($talkpage, $sp->msg('sp-contributions-talk')->text());
if ($id !== null || $id === null && IP::isIPAddress($username)) {
if ($sp->getUser()->isAllowed('block')) {
# Block / Change block / Unblock links
if ($target->isBlocked() && $target->getBlock()->getType() != Block::TYPE_AUTO) {
$tools['block'] = $linkRenderer->makeKnownLink(SpecialPage::getTitleFor('Block', $username), $sp->msg('change-blocklink')->text());
$tools['unblock'] = $linkRenderer->makeKnownLink(SpecialPage::getTitleFor('Unblock', $username), $sp->msg('unblocklink')->text());
} else {
# User is not blocked
$tools['block'] = $linkRenderer->makeKnownLink(SpecialPage::getTitleFor('Block', $username), $sp->msg('blocklink')->text());
}
}
# Block log link
$tools['log-block'] = $linkRenderer->makeKnownLink(SpecialPage::getTitleFor('Log', 'block'), $sp->msg('sp-contributions-blocklog')->text(), [], ['page' => $userpage->getPrefixedText()]);
# Suppression log link (bug 59120)
if ($sp->getUser()->isAllowed('suppressionlog')) {
$tools['log-suppression'] = $linkRenderer->makeKnownLink(SpecialPage::getTitleFor('Log', 'suppress'), $sp->msg('sp-contributions-suppresslog', $username)->text(), [], ['offender' => $username]);
}
}
# Uploads
$tools['uploads'] = $linkRenderer->makeKnownLink(SpecialPage::getTitleFor('Listfiles', $username), $sp->msg('sp-contributions-uploads')->text());
# Other logs link
$tools['logs'] = $linkRenderer->makeKnownLink(SpecialPage::getTitleFor('Log', $username), $sp->msg('sp-contributions-logs')->text());
# Add link to deleted user contributions for priviledged users
if ($sp->getUser()->isAllowed('deletedhistory')) {
$tools['deletedcontribs'] = $linkRenderer->makeKnownLink(SpecialPage::getTitleFor('DeletedContributions', $username), $sp->msg('sp-contributions-deleted', $username)->text());
}
# Add a link to change user rights for privileged users
$userrightsPage = new UserrightsPage();
$userrightsPage->setContext($sp->getContext());
if ($userrightsPage->userCanChangeRights($target)) {
$tools['userrights'] = $linkRenderer->makeKnownLink(SpecialPage::getTitleFor('Userrights', $username), $sp->msg('sp-contributions-userrights')->text());
}
Hooks::run('ContributionsToolLinks', [$id, $userpage, &$tools, $sp]);
return $tools;
}
public static function checkIfCanPost(\User $user)
{
/* Disallow blocked user to post */
if ($user->isBlocked()) {
throw new \Exception('User blocked');
}
/* User without comment right cannot post */
if (!$user->isAllowed('comment')) {
throw new \Exception("Current user cannot post comment");
}
/* Prevent cross-site request forgeries */
if (wfReadOnly()) {
throw new \Exception("Site in readonly mode");
}
}
public function canVotes(User $user)
{
return $this->showVotes() && $user->isLoggedIn() && !$user->isBlocked();
}
/**
* Generates the subheading with links
* @param User $userObj User object for the target
* @return string Appropriately-escaped HTML to be output literally
* @todo FIXME: Almost the same as contributionsSub in SpecialContributions.php. Could be combined.
*/
function getSubTitle($userObj)
{
if ($userObj->isAnon()) {
$user = htmlspecialchars($userObj->getName());
} else {
$user = Linker::link($userObj->getUserPage(), htmlspecialchars($userObj->getName()));
}
$links = '';
$nt = $userObj->getUserPage();
$id = $userObj->getID();
$talk = $nt->getTalkPage();
if ($talk) {
# Talk page link
$tools[] = Linker::link($talk, $this->msg('sp-contributions-talk')->escaped());
if ($id !== null || $id === null && IP::isIPAddress($nt->getText())) {
# Block / Change block / Unblock links
if ($this->getUser()->isAllowed('block')) {
if ($userObj->isBlocked()) {
$tools[] = Linker::linkKnown(SpecialPage::getTitleFor('Block', $nt->getDBkey()), $this->msg('change-blocklink')->escaped());
$tools[] = Linker::linkKnown(SpecialPage::getTitleFor('BlockList'), $this->msg('unblocklink')->escaped(), array(), array('action' => 'unblock', 'ip' => $nt->getDBkey()));
} else {
# User is not blocked
$tools[] = Linker::linkKnown(SpecialPage::getTitleFor('Block', $nt->getDBkey()), $this->msg('blocklink')->escaped());
}
}
# Block log link
$tools[] = Linker::linkKnown(SpecialPage::getTitleFor('Log'), $this->msg('sp-contributions-blocklog')->escaped(), array(), array('type' => 'block', 'page' => $nt->getPrefixedText()));
# Suppression log link (bug 59120)
if ($this->getUser()->isAllowed('suppressionlog')) {
$tools[] = Linker::linkKnown(SpecialPage::getTitleFor('Log', 'suppress'), $this->msg('sp-contributions-suppresslog')->escaped(), array(), array('offender' => $userObj->getName()));
}
}
# Uploads
$tools[] = Linker::linkKnown(SpecialPage::getTitleFor('Listfiles', $userObj->getName()), $this->msg('sp-contributions-uploads')->escaped());
# Other logs link
$tools[] = Linker::linkKnown(SpecialPage::getTitleFor('Log'), $this->msg('sp-contributions-logs')->escaped(), array(), array('user' => $nt->getText()));
# Link to contributions
$tools[] = Linker::linkKnown(SpecialPage::getTitleFor('Contributions', $nt->getDBkey()), $this->msg('sp-deletedcontributions-contribs')->escaped());
# Add a link to change user rights for privileged users
$userrightsPage = new UserrightsPage();
$userrightsPage->setContext($this->getContext());
if ($userrightsPage->userCanChangeRights($userObj)) {
$tools[] = Linker::linkKnown(SpecialPage::getTitleFor('Userrights', $nt->getDBkey()), $this->msg('sp-contributions-userrights')->escaped());
}
Hooks::run('ContributionsToolLinks', array($id, $nt, &$tools));
$links = $this->getLanguage()->pipeList($tools);
// Show a note if the user is blocked and display the last block log entry.
$block = Block::newFromTarget($userObj, $userObj);
if (!is_null($block) && $block->getType() != Block::TYPE_AUTO) {
if ($block->getType() == Block::TYPE_RANGE) {
$nt = MWNamespace::getCanonicalName(NS_USER) . ':' . $block->getTarget();
}
// LogEventsList::showLogExtract() wants the first parameter by ref
$out = $this->getOutput();
LogEventsList::showLogExtract($out, 'block', $nt, '', array('lim' => 1, 'showIfEmpty' => false, 'msgKey' => array('sp-contributions-blocked-notice', $userObj->getName()), 'offset' => ''));
}
}
return $this->msg('contribsub2')->rawParams($user, $links)->params($userObj->getName());
}
protected function dieOnBadUser(\User $user)
{
if ($user->isBlocked()) {
$this->dieUsageMsg(array('blockedtext'));
}
}
/**
* As recCheckCondition, but *not* recursive. The only valid conditions
* are those whose first element is APCOND_EMAILCONFIRMED/APCOND_EDITCOUNT/
* APCOND_AGE. Other types will throw an exception if no extension evalu-
* ates them.
*
* @param $cond Array: A condition, which must not contain other conditions
* @param $user User The user to check the condition against
* @return bool Whether the condition is true for the user
*/
private static function checkCondition($cond, User $user)
{
global $wgEmailAuthentication, $wgEnableEditCountLocal;
if (count($cond) < 1) {
return false;
}
switch ($cond[0]) {
case APCOND_EMAILCONFIRMED:
if (Sanitizer::validateEmail($user->getEmail())) {
if ($wgEmailAuthentication) {
return (bool) $user->getEmailAuthenticationTimestamp();
} else {
return true;
}
}
return false;
case APCOND_EDITCOUNT:
if (!empty($wgEnableEditCountLocal)) {
return $user->getEditCountLocal() >= $cond[1];
} else {
return $user->getEditCount() >= $cond[1];
}
case APCOND_AGE:
$age = time() - wfTimestampOrNull(TS_UNIX, $user->getRegistration());
return $age >= $cond[1];
case APCOND_AGE_FROM_EDIT:
$age = time() - wfTimestampOrNull(TS_UNIX, $user->getFirstEditTimestamp());
return $age >= $cond[1];
case APCOND_INGROUPS:
$groups = array_slice($cond, 1);
return count(array_intersect($groups, $user->getGroups())) == count($groups);
case APCOND_ISIP:
return $cond[1] == $user->getRequest()->getIP();
case APCOND_IPINRANGE:
return IP::isInRange($user->getRequest()->getIP(), $cond[1]);
case APCOND_BLOCKED:
return $user->isBlocked();
case APCOND_ISBOT:
return in_array('bot', User::getGroupPermissions($user->getGroups()));
default:
$result = null;
wfRunHooks('AutopromoteCondition', array($cond[0], array_slice($cond, 1), $user, &$result));
if ($result === null) {
throw new MWException("Unrecognized condition {$cond[0]} for autopromotion!");
}
return (bool) $result;
}
}
/**
* Links to different places.
* @param $userpage Title: Target user page
* @param $talkpage Title: Talk page
* @param $target User: Target user object
* @return array
*/
public function getUserLinks(Title $userpage, Title $talkpage, User $target)
{
$id = $target->getId();
$username = $target->getName();
$tools[] = Linker::link($talkpage, $this->msg('sp-contributions-talk')->escaped());
if ($id !== null || $id === null && IP::isIPAddress($username)) {
if ($this->getUser()->isAllowed('block')) {
# Block / Change block / Unblock links
if ($target->isBlocked()) {
$tools[] = Linker::linkKnown(SpecialPage::getTitleFor('Block', $username), $this->msg('change-blocklink')->escaped());
$tools[] = Linker::linkKnown(SpecialPage::getTitleFor('Unblock', $username), $this->msg('unblocklink')->escaped());
} else {
# User is not blocked
$tools[] = Linker::linkKnown(SpecialPage::getTitleFor('Block', $username), $this->msg('blocklink')->escaped());
}
}
# Block log link
$tools[] = Linker::linkKnown(SpecialPage::getTitleFor('Log', 'block'), $this->msg('sp-contributions-blocklog')->escaped(), array(), array('page' => $userpage->getPrefixedText()));
}
# Uploads
$tools[] = Linker::linkKnown(SpecialPage::getTitleFor('Listfiles', $username), $this->msg('sp-contributions-uploads')->escaped());
# Other logs link
$tools[] = Linker::linkKnown(SpecialPage::getTitleFor('Log', $username), $this->msg('sp-contributions-logs')->escaped());
# Add link to deleted user contributions for priviledged users
if ($this->getUser()->isAllowed('deletedhistory')) {
$tools[] = Linker::linkKnown(SpecialPage::getTitleFor('DeletedContributions', $username), $this->msg('sp-contributions-deleted')->escaped());
}
# Add a link to change user rights for privileged users
$userrightsPage = new UserrightsPage();
$userrightsPage->setContext($this->getContext());
if ($userrightsPage->userCanChangeRights($target)) {
$tools[] = Linker::linkKnown(SpecialPage::getTitleFor('Userrights', $username), $this->msg('sp-contributions-userrights')->escaped());
}
wfRunHooks('ContributionsToolLinks', array($id, $userpage, &$tools));
return $tools;
}
public function testUser()
{
$user = new User(123, 'Admin', '*****@*****.**', 'Colin', 'Rosen', false, UserPermission::ADMINISTRATOR, true, false, true, "MEH");
$this->assertEquals(123, $user->getID());
$this->assertEquals('Admin', $user->getUsername());
$this->assertEquals('*****@*****.**', $user->getEmail());
$this->assertEquals('Colin', $user->getFirstname());
$this->assertEquals('Rosen', $user->getSurname());
$this->assertEquals('Colin Rosen', $user->getName());
$this->assertEquals(false, $user->ForceOffline());
$this->assertEquals(UserPermission::ADMINISTRATOR, $user->getPermission());
$this->assertEquals(true, $user->isActive());
$this->assertEquals(false, $user->isBlocked());
$this->assertEquals(true, $user->isOnline());
$this->assertEquals("MEH", $user->getImage());
}
/**
* Checks if the given user (identified by an object) can perform this action. Can be
* overridden by sub-classes with more complicated permissions schemes. Failures here
* must throw subclasses of ErrorPageError
*
* @param $user User: the user to check, or null to use the context user
* @return Bool true
* @throws ErrorPageError
*/
public function userCanExecute(User $user)
{
if ($this->requiresWrite() && wfReadOnly()) {
throw new ReadOnlyError();
}
if ($this->getRestriction() !== null && !$user->isAllowed($this->getRestriction())) {
throw new PermissionsError($this->getRestriction());
}
if ($this->requiresUnblock() && $user->isBlocked()) {
$block = $user->mBlock;
throw new UserBlockedError($block);
}
return true;
}
/**
* @desc Returns true if user isn't: an IP address, excluded from interstitial, bot, blocked locally and globally
*
* @param User $user
* @return bool
*/
protected function isValidUserForInterstitial(User $user)
{
$userId = $user->getId();
$userName = $user->getName();
return !$user->isIP($userName) && !in_array($userId, $this->excludeUsersFromInterstitial) && !in_array('bot', $user->getRights()) && !$user->isBlocked() && !$user->isBlockedGlobally();
}
/**
* Validates review action by checking permissions and other things.
* @param User $user
* @param Revision $revision
* @return string Error key or empty string if review is allowed.
* @since 2012-09-24
*/
public static function getReviewBlockers(User $user, Revision $revision)
{
if (!$user->isAllowed(self::$right)) {
return 'permissiondenied';
}
if ($user->isBlocked()) {
return 'blocked';
}
$title = $revision->getTitle();
$handle = new MessageHandle($title);
if (!$handle->isValid()) {
return 'unknownmessage';
}
if ($revision->getUser() == $user->getId()) {
return 'owntranslation';
}
if ($handle->isFuzzy()) {
return 'fuzzymessage';
}
return '';
}
function canChangePassword(User $user)
{
global $wgPasswordResetRoutes, $wgAuth;
// Maybe password resets are disabled, or there are no allowable routes
if (!is_array($wgPasswordResetRoutes) || !in_array(true, array_values($wgPasswordResetRoutes))) {
return 'passwordreset-disabled';
}
// Maybe the external auth plugin won't allow local password changes
if (!$wgAuth->allowPasswordChange()) {
return 'resetpass_forbidden';
}
// Maybe the user is blocked (check this here rather than relying on the parent
// method as we have a more specific error message to use here
if ($user->isBlocked()) {
return 'blocked-mailpassword';
}
return true;
}
/**
* @desc Returns true if user isn't: an IP address, excluded from interstitial, bot, blocked locally and globally
*
* @param User $user
* @return bool
*/
public function isValidUserForInterstitial(User $user)
{
$userId = $user->getId();
$userName = $user->getName();
return !$user->isIP($userName) && !in_array($userId, WikiService::$excludedWikiaUsers) && !in_array('bot', $user->getRights()) && !$user->isBlocked() && !$user->isBlockedGlobally();
}
/**
* Check that the user isn't blocked from editing.
*
* @param string $action The action to check
* @param User $user User to check
* @param array $errors List of current errors
* @param string $rigor Same format as Title::getUserPermissionsErrors()
* @param bool $short Short circuit on first error
*
* @return array List of errors
*/
private function checkUserBlock($action, $user, $errors, $rigor, $short)
{
// Account creation blocks handled at userlogin.
// Unblocking handled in SpecialUnblock
if ($rigor === 'quick' || in_array($action, array('createaccount', 'unblock'))) {
return $errors;
}
global $wgEmailConfirmToEdit;
if ($wgEmailConfirmToEdit && !$user->isEmailConfirmed()) {
$errors[] = array('confirmedittext');
}
$useSlave = $rigor !== 'secure';
if (($action == 'edit' || $action == 'create') && !$user->isBlockedFrom($this, $useSlave)) {
// Don't block the user from editing their own talk page unless they've been
// explicitly blocked from that too.
} elseif ($user->isBlocked() && $user->getBlock()->prevents($action) !== false) {
// @todo FIXME: Pass the relevant context into this function.
$errors[] = $user->getBlock()->getPermissionsError(RequestContext::getMain());
}
return $errors;
}
/**
* Since the permission essentially has to be implemented as an anti-permission, this function removes the
* need for confusing double-negatives in the code.
*
* @param User $userObject - an object of class User (such as wgUser).
*
* @return bool
*/
public static function canChat(User $userObject)
{
if ($userObject->isAnon()) {
return false;
}
if ($userObject->isBlocked()) {
return false;
}
if (Chat::getBanInformation(F::app()->wg->CityId, $userObject) !== false) {
return false;
}
return $userObject->isAllowed('chat');
}
