mdaniels5757 / waca

includes/Security/ISecurityManager.php

Indentation +21 added lines, -21 removed lines

@@ -12,29 +12,29 @@
 
 interface ISecurityManager
 {
-    public const ALLOWED = 1;
-    public const ERROR_NOT_IDENTIFIED = 2;
-    public const ERROR_DENIED = 3;
+	public const ALLOWED = 1;
+	public const ERROR_NOT_IDENTIFIED = 2;
+	public const ERROR_DENIED = 3;
 
-    /**
-     * Tests if a user is allowed to perform an action.
-     *
-     * This method should form a hard, deterministic security barrier, and only return true if it is absolutely sure
-     * that a user should have access to something.
-     *
-     * @param string $page
-     * @param string $route
-     * @param User   $user
-     *
-     * @return int
-     *
-     * @category Security-Critical
-     */
-    public function allows(string $page, string $route, User $user): int;
+	/**
+	 * Tests if a user is allowed to perform an action.
+	 *
+	 * This method should form a hard, deterministic security barrier, and only return true if it is absolutely sure
+	 * that a user should have access to something.
+	 *
+	 * @param string $page
+	 * @param string $route
+	 * @param User   $user
+	 *
+	 * @return int
+	 *
+	 * @category Security-Critical
+	 */
+	public function allows(string $page, string $route, User $user): int;
 
-    public function getActiveRoles(User $user, ?array &$activeRoles, ?array &$inactiveRoles);
+	public function getActiveRoles(User $user, ?array &$activeRoles, ?array &$inactiveRoles);
 
-    public function getCachedActiveRoles(User $user, ?array &$activeRoles, ?array &$inactiveRoles): void;
+	public function getCachedActiveRoles(User $user, ?array &$activeRoles, ?array &$inactiveRoles): void;
 
-    public function getAvailableRoles(): array;
+	public function getAvailableRoles(): array;
 }
\ No newline at end of file

includes/Security/UserAccessLoader.php

Indentation +21 added lines, -21 removed lines

@@ -15,37 +15,37 @@
 
 final class UserAccessLoader implements IUserAccessLoader
 {
-    public function loadRolesForUser(User $user): array
-    {
-        $domain = Domain::getCurrent($user->getDatabase());
-        $userRoles = UserRole::getForUser($user->getId(), $user->getDatabase(), $domain->getId());
+	public function loadRolesForUser(User $user): array
+	{
+		$domain = Domain::getCurrent($user->getDatabase());
+		$userRoles = UserRole::getForUser($user->getId(), $user->getDatabase(), $domain->getId());
 
-        return array_map(fn(UserRole $r): string => $r->getRole(), $userRoles);
-    }
+		return array_map(fn(UserRole $r): string => $r->getRole(), $userRoles);
+	}
 
-    public function loadDomainsForUser(User $user): array
-    {
-        $database = $user->getDatabase();
+	public function loadDomainsForUser(User $user): array
+	{
+		$database = $user->getDatabase();
 
-        $statement = $database->prepare(<<<'SQL'
+		$statement = $database->prepare(<<<'SQL'
             SELECT d.* 
             FROM domain d
             INNER JOIN userdomain ud on d.id = ud.domain
             WHERE ud.user = :user
             AND d.enabled = 1
 SQL
-        );
-        $statement->execute([
-            ':user' => $user->getId()
-        ]);
+		);
+		$statement->execute([
+			':user' => $user->getId()
+		]);
 
-        $resultObjects = $statement->fetchAll(PDO::FETCH_CLASS, Domain::class);
+		$resultObjects = $statement->fetchAll(PDO::FETCH_CLASS, Domain::class);
 
-        /** @var Domain $t */
-        foreach ($resultObjects as $t) {
-            $t->setDatabase($database);
-        }
+		/** @var Domain $t */
+		foreach ($resultObjects as $t) {
+			$t->setDatabase($database);
+		}
 
-        return $resultObjects;
-    }
+		return $resultObjects;
+	}
 }
\ No newline at end of file

includes/Security/IDomainAccessManager.php

Indentation +8 added lines, -8 removed lines

@@ -13,14 +13,14 @@
 
 interface IDomainAccessManager
 {
-    public function switchToDefaultDomain(User $user): void;
+	public function switchToDefaultDomain(User $user): void;
 
-    public function switchDomain(User $user, Domain $newDomain): void;
+	public function switchDomain(User $user, Domain $newDomain): void;
 
-    /**
-     * @param User $user
-     *
-     * @return Domain[]
-     */
-    public function getAllowedDomains(User $user): array;
+	/**
+	 * @param User $user
+	 *
+	 * @return Domain[]
+	 */
+	public function getAllowedDomains(User $user): array;
 }
\ No newline at end of file

includes/Security/RoleConfiguration.php

Indentation +404 added lines, -404 removed lines

@@ -58,423 +58,423 @@
 
 final class RoleConfiguration extends RoleConfigurationBase
 {
-    /**
-     * A map of roles to rights
-     *
-     * For example:
-     *
-     * array(
-     *   'myRole' => array(
-     *       PageMyPage::class => array(
-     *           'edit' => self::ACCESS_ALLOW,
-     *           'create' => self::ACCESS_DENY,
-     *       )
-     *   )
-     * )
-     *
-     * Note that DENY takes precedence over everything else when roles are combined, followed by ALLOW, followed by
-     * DEFAULT. Thus, if you have the following ([A]llow, [D]eny, [-] (default)) grants in different roles, this should
-     * be the expected result:
-     *
-     * - (-,-,-) = - (default because nothing to explicitly say allowed or denied equates to a denial)
-     * - (A,-,-) = A
-     * - (D,-,-) = D
-     * - (A,D,-) = D (deny takes precedence over allow)
-     * - (A,A,A) = A (repetition has no effect)
-     *
-     * The public role is special, and is applied to all users automatically. Avoid using deny on this role.
-     *
-     * @var array
-     * @category Security-Critical
-     */
-    private static array $productionRoleConfig = array(
-        'public'            => array(
-            /*
+	/**
+	 * A map of roles to rights
+	 *
+	 * For example:
+	 *
+	 * array(
+	 *   'myRole' => array(
+	 *       PageMyPage::class => array(
+	 *           'edit' => self::ACCESS_ALLOW,
+	 *           'create' => self::ACCESS_DENY,
+	 *       )
+	 *   )
+	 * )
+	 *
+	 * Note that DENY takes precedence over everything else when roles are combined, followed by ALLOW, followed by
+	 * DEFAULT. Thus, if you have the following ([A]llow, [D]eny, [-] (default)) grants in different roles, this should
+	 * be the expected result:
+	 *
+	 * - (-,-,-) = - (default because nothing to explicitly say allowed or denied equates to a denial)
+	 * - (A,-,-) = A
+	 * - (D,-,-) = D
+	 * - (A,D,-) = D (deny takes precedence over allow)
+	 * - (A,A,A) = A (repetition has no effect)
+	 *
+	 * The public role is special, and is applied to all users automatically. Avoid using deny on this role.
+	 *
+	 * @var array
+	 * @category Security-Critical
+	 */
+	private static array $productionRoleConfig = array(
+		'public'            => array(
+			/*
              * THIS ROLE IS GRANTED TO ALL LOGGED *OUT* USERS IMPLICITLY.
              *
              * USERS IN THIS ROLE DO NOT HAVE TO BE IDENTIFIED TO GET THE RIGHTS CONFERRED HERE.
              * DO NOT ADD ANY SECURITY-SENSITIVE RIGHTS HERE.
              */
-            '_childRoles'   => array(
-                'publicStats',
-            ),
-            PageTeam::class => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageXffDemo::class        => array(
-                self::MAIN  => self::ACCESS_ALLOW,
-            ),
-            PagePrivacy::class => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            )
-        ),
-        'loggedIn'          => array(
-            /*
+			'_childRoles'   => array(
+				'publicStats',
+			),
+			PageTeam::class => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageXffDemo::class        => array(
+				self::MAIN  => self::ACCESS_ALLOW,
+			),
+			PagePrivacy::class => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			)
+		),
+		'loggedIn'          => array(
+			/*
              * THIS ROLE IS GRANTED TO ALL LOGGED-IN USERS IMPLICITLY.
              *
              * USERS IN THIS ROLE DO NOT HAVE TO BE IDENTIFIED TO GET THE RIGHTS CONFERRED HERE.
              * DO NOT ADD ANY SECURITY-SENSITIVE RIGHTS HERE.
              */
-            '_childRoles'             => array(
-                'public',
-            ),
-            PagePreferences::class    => array(
-                self::MAIN => self::ACCESS_ALLOW,
-                'refreshOAuth' => self::ACCESS_ALLOW,
-            ),
-            PageChangePassword::class => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageMultiFactor::class    => array(
-                self::MAIN          => self::ACCESS_ALLOW,
-                'scratch'           => self::ACCESS_ALLOW,
-                'enableYubikeyOtp'  => self::ACCESS_ALLOW,
-                'enableTotp'        => self::ACCESS_ALLOW,
-                // allow a user to disable this even when they're not allowed to enable it
-                'disableYubikeyOtp' => self::ACCESS_ALLOW,
-                'disableTotp'       => self::ACCESS_ALLOW,
-            ),
-            PageOAuth::class          => array(
-                'attach' => self::ACCESS_ALLOW,
-                'detach' => self::ACCESS_ALLOW,
-            ),
-            PageDomainSwitch::class   => array(
-                self::MAIN => self::ACCESS_ALLOW
-            ),
-            PageUserReactivate::class => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            'UserData'                => array(
-                'accountLogSelf' => self::ACCESS_ALLOW,
-            ),
-        ),
-        'user'              => array(
-            /*
+			'_childRoles'             => array(
+				'public',
+			),
+			PagePreferences::class    => array(
+				self::MAIN => self::ACCESS_ALLOW,
+				'refreshOAuth' => self::ACCESS_ALLOW,
+			),
+			PageChangePassword::class => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageMultiFactor::class    => array(
+				self::MAIN          => self::ACCESS_ALLOW,
+				'scratch'           => self::ACCESS_ALLOW,
+				'enableYubikeyOtp'  => self::ACCESS_ALLOW,
+				'enableTotp'        => self::ACCESS_ALLOW,
+				// allow a user to disable this even when they're not allowed to enable it
+				'disableYubikeyOtp' => self::ACCESS_ALLOW,
+				'disableTotp'       => self::ACCESS_ALLOW,
+			),
+			PageOAuth::class          => array(
+				'attach' => self::ACCESS_ALLOW,
+				'detach' => self::ACCESS_ALLOW,
+			),
+			PageDomainSwitch::class   => array(
+				self::MAIN => self::ACCESS_ALLOW
+			),
+			PageUserReactivate::class => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			'UserData'                => array(
+				'accountLogSelf' => self::ACCESS_ALLOW,
+			),
+		),
+		'user'              => array(
+			/*
              * THIS ROLE IS GRANTED TO APPROVED AND IDENTIFIED LOGGED-IN USERS IMPLICITLY.
              */
-            '_childRoles'                        => array(
-                'internalStats',
-            ),
-            PageUserReactivate::class => array(
-                // only non-approved users should be able to access this
-                self::MAIN => self::ACCESS_DENY,
-            ),
-            PageMain::class                      => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageBan::class                       => array(
-                self::MAIN => self::ACCESS_ALLOW,
-                'show'     => self::ACCESS_ALLOW,
-            ),
-            'BanVisibility'             => array(
-                'user' => self::ACCESS_ALLOW,
-            ),
-            'BanType'                   => array(
-                'ip' => self::ACCESS_ALLOW,
-                'name' => self::ACCESS_ALLOW,
-            ),
-            PageEditComment::class               => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageEmailManagement::class           => array(
-                self::MAIN => self::ACCESS_ALLOW,
-                'view'     => self::ACCESS_ALLOW,
-            ),
-            PageExpandedRequestList::class       => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageLog::class                       => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageSearch::class                    => array(
-                self::MAIN => self::ACCESS_ALLOW,
-                'byName'   => self::ACCESS_ALLOW,
-                'byEmail'  => self::ACCESS_ALLOW,
-                'byIp'     => self::ACCESS_ALLOW,
-                'allowNonConfirmed' => self::ACCESS_ALLOW,
-            ),
-            PageWelcomeTemplateManagement::class => array(
-                self::MAIN => self::ACCESS_ALLOW,
-                'select'   => self::ACCESS_ALLOW,
-                'view'     => self::ACCESS_ALLOW,
-            ),
-            PageViewRequest::class               => array(
-                self::MAIN       => self::ACCESS_ALLOW,
-                'seeAllRequests' => self::ACCESS_ALLOW,
-            ),
-            'RequestData'                        => array(
-                'seePrivateDataWhenReserved' => self::ACCESS_ALLOW,
-                'seePrivateDataWithHash'     => self::ACCESS_ALLOW,
-                'seeRelatedRequests'         => self::ACCESS_ALLOW,
-            ),
-            PageCustomClose::class               => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageComment::class                   => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageFlagComment::class               => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageCloseRequest::class              => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageCreateRequest::class             => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageDeferRequest::class              => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageDropRequest::class               => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageReservation::class               => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageSendToUser::class                => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageBreakReservation::class          => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageJobQueue::class                  => array(
-                self::MAIN    => self::ACCESS_ALLOW,
-                'view'        => self::ACCESS_ALLOW,
-                'all'         => self::ACCESS_ALLOW,
-                'acknowledge' => self::ACCESS_ALLOW,
-                'cancel'      => self::ACCESS_ALLOW
-            ),
-            PageDomainManagement::class          => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageRequestFormManagement::class     => array(
-                self::MAIN => self::ACCESS_ALLOW,
-                'view'     => self::ACCESS_ALLOW,
-                'preview'  => self::ACCESS_ALLOW,
-            ),
-            'RequestCreation'                    => array(
-                PreferenceManager::CREATION_MANUAL => self::ACCESS_ALLOW,
-                PreferenceManager::CREATION_OAUTH  => self::ACCESS_ALLOW,
-            ),
-            'GlobalInfo'                         => array(
-                'viewSiteNotice' => self::ACCESS_ALLOW,
-                'viewOnlineUsers' => self::ACCESS_ALLOW,
-            ),
-        ),
-        'admin'             => array(
-            '_description'                       => 'A tool administrator.',
-            '_editableBy'                        => array('admin', 'toolRoot'),
-            '_childRoles'                        => array(
-                'user',
-                'requestAdminTools',
-            ),
-            PageEmailManagement::class           => array(
-                'edit'   => self::ACCESS_ALLOW,
-                'create' => self::ACCESS_ALLOW,
-            ),
-            PageSiteNotice::class                => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageUserManagement::class            => array(
-                self::MAIN   => self::ACCESS_ALLOW,
-                'approve'    => self::ACCESS_ALLOW,
-                'deactivate' => self::ACCESS_ALLOW,
-                'rename'     => self::ACCESS_ALLOW,
-                'editUser'   => self::ACCESS_ALLOW,
-                'editRoles'  => self::ACCESS_ALLOW,
-            ),
-            PageSearch::class                    => array(
-                'byComment' => self::ACCESS_ALLOW,
-            ),
-            PageManuallyConfirm::class               => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageWelcomeTemplateManagement::class => array(
-                'edit'   => self::ACCESS_ALLOW,
-                'delete' => self::ACCESS_ALLOW,
-                'add'    => self::ACCESS_ALLOW,
-            ),
-            PageJobQueue::class                  => array(
-                'acknowledge' => self::ACCESS_ALLOW,
-                'requeue'     => self::ACCESS_ALLOW,
-                'cancel'      => self::ACCESS_ALLOW,
-            ),
-            'RequestData'               => array(
-                'reopenClearedRequest'  => self::ACCESS_ALLOW,
-            ),
-            PageQueueManagement::class           => array(
-                self::MAIN => self::ACCESS_ALLOW,
-                'edit'     => self::ACCESS_ALLOW,
-                'create'   => self::ACCESS_ALLOW,
-            ),
-            PageRequestFormManagement::class     => array(
-                'edit'     => self::ACCESS_ALLOW,
-                'create'   => self::ACCESS_ALLOW,
-            ),
-            PageDomainManagement::class          => array(
-                'edit'     => self::ACCESS_ALLOW,
-            ),
-            'UserData'                           => array(
-                'accountLog' => self::ACCESS_ALLOW,
-            ),
-        ),
-        'checkuser'         => array(
-            '_description'            => 'A user with CheckUser access',
-            '_editableBy'             => array('checkuser', 'steward', 'toolRoot'),
-            '_childRoles'             => array(
-                'user',
-                'requestAdminTools',
-            ),
-            PageUserManagement::class => array(
-                self::MAIN   => self::ACCESS_ALLOW,
-                'deactivate' => self::ACCESS_ALLOW,
-                'editRoles'  => self::ACCESS_ALLOW,
-            ),
-            'RequestData'             => array(
-                'seeUserAgentData'      => self::ACCESS_ALLOW,
-                'seeCheckuserComments'  => self::ACCESS_ALLOW,
-                'createLocalAccount'    => self::ACCESS_ALLOW,
-            ),
-            'BanType'                   => array(
-                'useragent' => self::ACCESS_ALLOW,
-            ),
-            'BanVisibility'             => array(
-                'checkuser' => self::ACCESS_ALLOW,
-            ),
-            'UserData'                           => array(
-                'accountLog' => self::ACCESS_ALLOW,
-            ),
-        ),
-        'steward'         => array(
-            '_description'  => 'A user with Steward access',
-            '_editableBy'   => array('steward', 'toolRoot'),
-            '_globalOnly'   => true,
-            '_childRoles'   => array(
-                'user',
-                'checkuser',
-            ),
-            'BanType'                   => array(
-                'ip-largerange' => self::ACCESS_ALLOW,
-                'global'        => self::ACCESS_ALLOW,
-            ),
-        ),
-        'toolRoot'          => array(
-            '_description' => 'A user with shell access to the servers running the tool',
-            '_editableBy'  => array('toolRoot'),
-            '_globalOnly'  => true,
-            '_childRoles'  => array(
-                'admin',
-            ),
-            'BanType'                   => array(
-                'ip-largerange' => self::ACCESS_ALLOW,
-                'global'        => self::ACCESS_ALLOW,
-            ),
-            PageDomainManagement::class => array(
-                self::MAIN => self::ACCESS_ALLOW,
-                'editAll'  => self::ACCESS_ALLOW,
-                'edit'     => self::ACCESS_ALLOW,
-                'create'   => self::ACCESS_ALLOW,
-            ),
-            PageErrorLogViewer::class => array(
-                self::MAIN      => self::ACCESS_ALLOW,
-                'view'          => self::ACCESS_ALLOW,
-                'remove'        => self::ACCESS_ALLOW,
-            ),
-        ),
-        'botCreation'       => array(
-            '_hidden'         => true,
-            '_description'    => 'A user allowed to use the bot to perform account creations',
-            '_editableBy'     => array('admin', 'toolRoot'),
-            '_childRoles'     => array(),
-            'RequestCreation' => array(
-                PreferenceManager::CREATION_BOT => self::ACCESS_ALLOW,
-            ),
-        ),
+			'_childRoles'                        => array(
+				'internalStats',
+			),
+			PageUserReactivate::class => array(
+				// only non-approved users should be able to access this
+				self::MAIN => self::ACCESS_DENY,
+			),
+			PageMain::class                      => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageBan::class                       => array(
+				self::MAIN => self::ACCESS_ALLOW,
+				'show'     => self::ACCESS_ALLOW,
+			),
+			'BanVisibility'             => array(
+				'user' => self::ACCESS_ALLOW,
+			),
+			'BanType'                   => array(
+				'ip' => self::ACCESS_ALLOW,
+				'name' => self::ACCESS_ALLOW,
+			),
+			PageEditComment::class               => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageEmailManagement::class           => array(
+				self::MAIN => self::ACCESS_ALLOW,
+				'view'     => self::ACCESS_ALLOW,
+			),
+			PageExpandedRequestList::class       => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageLog::class                       => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageSearch::class                    => array(
+				self::MAIN => self::ACCESS_ALLOW,
+				'byName'   => self::ACCESS_ALLOW,
+				'byEmail'  => self::ACCESS_ALLOW,
+				'byIp'     => self::ACCESS_ALLOW,
+				'allowNonConfirmed' => self::ACCESS_ALLOW,
+			),
+			PageWelcomeTemplateManagement::class => array(
+				self::MAIN => self::ACCESS_ALLOW,
+				'select'   => self::ACCESS_ALLOW,
+				'view'     => self::ACCESS_ALLOW,
+			),
+			PageViewRequest::class               => array(
+				self::MAIN       => self::ACCESS_ALLOW,
+				'seeAllRequests' => self::ACCESS_ALLOW,
+			),
+			'RequestData'                        => array(
+				'seePrivateDataWhenReserved' => self::ACCESS_ALLOW,
+				'seePrivateDataWithHash'     => self::ACCESS_ALLOW,
+				'seeRelatedRequests'         => self::ACCESS_ALLOW,
+			),
+			PageCustomClose::class               => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageComment::class                   => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageFlagComment::class               => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageCloseRequest::class              => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageCreateRequest::class             => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageDeferRequest::class              => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageDropRequest::class               => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageReservation::class               => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageSendToUser::class                => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageBreakReservation::class          => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageJobQueue::class                  => array(
+				self::MAIN    => self::ACCESS_ALLOW,
+				'view'        => self::ACCESS_ALLOW,
+				'all'         => self::ACCESS_ALLOW,
+				'acknowledge' => self::ACCESS_ALLOW,
+				'cancel'      => self::ACCESS_ALLOW
+			),
+			PageDomainManagement::class          => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageRequestFormManagement::class     => array(
+				self::MAIN => self::ACCESS_ALLOW,
+				'view'     => self::ACCESS_ALLOW,
+				'preview'  => self::ACCESS_ALLOW,
+			),
+			'RequestCreation'                    => array(
+				PreferenceManager::CREATION_MANUAL => self::ACCESS_ALLOW,
+				PreferenceManager::CREATION_OAUTH  => self::ACCESS_ALLOW,
+			),
+			'GlobalInfo'                         => array(
+				'viewSiteNotice' => self::ACCESS_ALLOW,
+				'viewOnlineUsers' => self::ACCESS_ALLOW,
+			),
+		),
+		'admin'             => array(
+			'_description'                       => 'A tool administrator.',
+			'_editableBy'                        => array('admin', 'toolRoot'),
+			'_childRoles'                        => array(
+				'user',
+				'requestAdminTools',
+			),
+			PageEmailManagement::class           => array(
+				'edit'   => self::ACCESS_ALLOW,
+				'create' => self::ACCESS_ALLOW,
+			),
+			PageSiteNotice::class                => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageUserManagement::class            => array(
+				self::MAIN   => self::ACCESS_ALLOW,
+				'approve'    => self::ACCESS_ALLOW,
+				'deactivate' => self::ACCESS_ALLOW,
+				'rename'     => self::ACCESS_ALLOW,
+				'editUser'   => self::ACCESS_ALLOW,
+				'editRoles'  => self::ACCESS_ALLOW,
+			),
+			PageSearch::class                    => array(
+				'byComment' => self::ACCESS_ALLOW,
+			),
+			PageManuallyConfirm::class               => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageWelcomeTemplateManagement::class => array(
+				'edit'   => self::ACCESS_ALLOW,
+				'delete' => self::ACCESS_ALLOW,
+				'add'    => self::ACCESS_ALLOW,
+			),
+			PageJobQueue::class                  => array(
+				'acknowledge' => self::ACCESS_ALLOW,
+				'requeue'     => self::ACCESS_ALLOW,
+				'cancel'      => self::ACCESS_ALLOW,
+			),
+			'RequestData'               => array(
+				'reopenClearedRequest'  => self::ACCESS_ALLOW,
+			),
+			PageQueueManagement::class           => array(
+				self::MAIN => self::ACCESS_ALLOW,
+				'edit'     => self::ACCESS_ALLOW,
+				'create'   => self::ACCESS_ALLOW,
+			),
+			PageRequestFormManagement::class     => array(
+				'edit'     => self::ACCESS_ALLOW,
+				'create'   => self::ACCESS_ALLOW,
+			),
+			PageDomainManagement::class          => array(
+				'edit'     => self::ACCESS_ALLOW,
+			),
+			'UserData'                           => array(
+				'accountLog' => self::ACCESS_ALLOW,
+			),
+		),
+		'checkuser'         => array(
+			'_description'            => 'A user with CheckUser access',
+			'_editableBy'             => array('checkuser', 'steward', 'toolRoot'),
+			'_childRoles'             => array(
+				'user',
+				'requestAdminTools',
+			),
+			PageUserManagement::class => array(
+				self::MAIN   => self::ACCESS_ALLOW,
+				'deactivate' => self::ACCESS_ALLOW,
+				'editRoles'  => self::ACCESS_ALLOW,
+			),
+			'RequestData'             => array(
+				'seeUserAgentData'      => self::ACCESS_ALLOW,
+				'seeCheckuserComments'  => self::ACCESS_ALLOW,
+				'createLocalAccount'    => self::ACCESS_ALLOW,
+			),
+			'BanType'                   => array(
+				'useragent' => self::ACCESS_ALLOW,
+			),
+			'BanVisibility'             => array(
+				'checkuser' => self::ACCESS_ALLOW,
+			),
+			'UserData'                           => array(
+				'accountLog' => self::ACCESS_ALLOW,
+			),
+		),
+		'steward'         => array(
+			'_description'  => 'A user with Steward access',
+			'_editableBy'   => array('steward', 'toolRoot'),
+			'_globalOnly'   => true,
+			'_childRoles'   => array(
+				'user',
+				'checkuser',
+			),
+			'BanType'                   => array(
+				'ip-largerange' => self::ACCESS_ALLOW,
+				'global'        => self::ACCESS_ALLOW,
+			),
+		),
+		'toolRoot'          => array(
+			'_description' => 'A user with shell access to the servers running the tool',
+			'_editableBy'  => array('toolRoot'),
+			'_globalOnly'  => true,
+			'_childRoles'  => array(
+				'admin',
+			),
+			'BanType'                   => array(
+				'ip-largerange' => self::ACCESS_ALLOW,
+				'global'        => self::ACCESS_ALLOW,
+			),
+			PageDomainManagement::class => array(
+				self::MAIN => self::ACCESS_ALLOW,
+				'editAll'  => self::ACCESS_ALLOW,
+				'edit'     => self::ACCESS_ALLOW,
+				'create'   => self::ACCESS_ALLOW,
+			),
+			PageErrorLogViewer::class => array(
+				self::MAIN      => self::ACCESS_ALLOW,
+				'view'          => self::ACCESS_ALLOW,
+				'remove'        => self::ACCESS_ALLOW,
+			),
+		),
+		'botCreation'       => array(
+			'_hidden'         => true,
+			'_description'    => 'A user allowed to use the bot to perform account creations',
+			'_editableBy'     => array('admin', 'toolRoot'),
+			'_childRoles'     => array(),
+			'RequestCreation' => array(
+				PreferenceManager::CREATION_BOT => self::ACCESS_ALLOW,
+			),
+		),
 
-        // Child roles go below this point
-        'publicStats'       => array(
-            '_hidden'               => true,
-            StatsUsers::class       => array(
-                self::MAIN => self::ACCESS_ALLOW,
-                'detail'   => self::ACCESS_ALLOW,
-            ),
-            StatsTopCreators::class => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            StatsMonthlyStats::class     => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-        ),
-        'internalStats'     => array(
-            '_hidden'                    => true,
-            StatsMain::class             => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            StatsFastCloses::class       => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            StatsInactiveUsers::class    => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            StatsReservedRequests::class => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            StatsTemplateStats::class    => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-        ),
-        'requestAdminTools' => array(
-            '_hidden'                   => true,
-            PageBan::class              => array(
-                self::MAIN => self::ACCESS_ALLOW,
-                'set'      => self::ACCESS_ALLOW,
-                'remove'   => self::ACCESS_ALLOW,
-                'replace'  => self::ACCESS_ALLOW,
-            ),
-            'BanType'                   => array(
-                'ip' => self::ACCESS_ALLOW,
-                'email' => self::ACCESS_ALLOW,
-                'name' => self::ACCESS_ALLOW,
-            ),
-            'BanVisibility'             => array(
-                'user' => self::ACCESS_ALLOW,
-                'admin' => self::ACCESS_ALLOW,
-            ),
-            PageEditComment::class      => array(
-                'editOthers' => self::ACCESS_ALLOW,
-            ),
-            PageBreakReservation::class => array(
-                'force' => self::ACCESS_ALLOW,
-            ),
-            PageCustomClose::class      => array(
-                'skipCcMailingList' => self::ACCESS_ALLOW,
-            ),
-            PageFlagComment::class      => array(
-                'unflag'   => self::ACCESS_ALLOW,
-            ),
-            PageListFlaggedComments::class => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            'RequestData'               => array(
-                'reopenOldRequest'      => self::ACCESS_ALLOW,
-                'alwaysSeePrivateData'  => self::ACCESS_ALLOW,
-                'alwaysSeeHash'         => self::ACCESS_ALLOW,
-                'seeRestrictedComments' => self::ACCESS_ALLOW,
-            ),
-        ),
-    );
+		// Child roles go below this point
+		'publicStats'       => array(
+			'_hidden'               => true,
+			StatsUsers::class       => array(
+				self::MAIN => self::ACCESS_ALLOW,
+				'detail'   => self::ACCESS_ALLOW,
+			),
+			StatsTopCreators::class => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			StatsMonthlyStats::class     => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+		),
+		'internalStats'     => array(
+			'_hidden'                    => true,
+			StatsMain::class             => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			StatsFastCloses::class       => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			StatsInactiveUsers::class    => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			StatsReservedRequests::class => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			StatsTemplateStats::class    => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+		),
+		'requestAdminTools' => array(
+			'_hidden'                   => true,
+			PageBan::class              => array(
+				self::MAIN => self::ACCESS_ALLOW,
+				'set'      => self::ACCESS_ALLOW,
+				'remove'   => self::ACCESS_ALLOW,
+				'replace'  => self::ACCESS_ALLOW,
+			),
+			'BanType'                   => array(
+				'ip' => self::ACCESS_ALLOW,
+				'email' => self::ACCESS_ALLOW,
+				'name' => self::ACCESS_ALLOW,
+			),
+			'BanVisibility'             => array(
+				'user' => self::ACCESS_ALLOW,
+				'admin' => self::ACCESS_ALLOW,
+			),
+			PageEditComment::class      => array(
+				'editOthers' => self::ACCESS_ALLOW,
+			),
+			PageBreakReservation::class => array(
+				'force' => self::ACCESS_ALLOW,
+			),
+			PageCustomClose::class      => array(
+				'skipCcMailingList' => self::ACCESS_ALLOW,
+			),
+			PageFlagComment::class      => array(
+				'unflag'   => self::ACCESS_ALLOW,
+			),
+			PageListFlaggedComments::class => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			'RequestData'               => array(
+				'reopenOldRequest'      => self::ACCESS_ALLOW,
+				'alwaysSeePrivateData'  => self::ACCESS_ALLOW,
+				'alwaysSeeHash'         => self::ACCESS_ALLOW,
+				'seeRestrictedComments' => self::ACCESS_ALLOW,
+			),
+		),
+	);
 
-    /** @var array
-     * List of roles which are *exempt* from the identification requirements
-     *
-     * Think twice about adding roles to this list.
-     *
-     * @category Security-Critical
-     */
-    private static array $productionIdentificationExempt = array('public', 'loggedIn');
+	/** @var array
+	 * List of roles which are *exempt* from the identification requirements
+	 *
+	 * Think twice about adding roles to this list.
+	 *
+	 * @category Security-Critical
+	 */
+	private static array $productionIdentificationExempt = array('public', 'loggedIn');
 
-    public function __construct()
-    {
-        parent::__construct(self::$productionRoleConfig, self::$productionIdentificationExempt);
-    }
+	public function __construct()
+	{
+		parent::__construct(self::$productionRoleConfig, self::$productionIdentificationExempt);
+	}
 }

includes/Security/DomainAccessManager.php

Indentation +55 added lines, -55 removed lines

@@ -18,69 +18,69 @@
 
 class DomainAccessManager implements IDomainAccessManager
 {
-    private IUserAccessLoader $userAccessLoader;
+	private IUserAccessLoader $userAccessLoader;
 
-    public function __construct(IUserAccessLoader $userAccessLoader)
-    {
-        $this->userAccessLoader = $userAccessLoader;
-    }
+	public function __construct(IUserAccessLoader $userAccessLoader)
+	{
+		$this->userAccessLoader = $userAccessLoader;
+	}
 
-    /**
-     * Returns the domains the user is a member of.
-     *
-     * Note - this *does not* determine the access rights that a user has in any
-     * specific domain. Permissions checks still need to be performed.
-     *
-     * @param User $user
-     *
-     * @return Domain[]
-     */
-    public function getAllowedDomains(User $user): array
-    {
-        if ($user->isCommunityUser()) {
-            return [];
-        }
+	/**
+	 * Returns the domains the user is a member of.
+	 *
+	 * Note - this *does not* determine the access rights that a user has in any
+	 * specific domain. Permissions checks still need to be performed.
+	 *
+	 * @param User $user
+	 *
+	 * @return Domain[]
+	 */
+	public function getAllowedDomains(User $user): array
+	{
+		if ($user->isCommunityUser()) {
+			return [];
+		}
 
-        return $this->userAccessLoader->loadDomainsForUser($user);
-    }
+		return $this->userAccessLoader->loadDomainsForUser($user);
+	}
 
-    public function switchDomain(User $user, Domain $newDomain): void
-    {
-        $mapToId = function(DataObject $object) {
-            return $object->getId();
-        };
+	public function switchDomain(User $user, Domain $newDomain): void
+	{
+		$mapToId = function(DataObject $object) {
+			return $object->getId();
+		};
 
-        $allowed = in_array($newDomain->getId(), array_map($mapToId, $this->getAllowedDomains($user)));
+		$allowed = in_array($newDomain->getId(), array_map($mapToId, $this->getAllowedDomains($user)));
 
-        if ($allowed) {
-            WebRequest::setActiveDomain($newDomain);
-        }
-        else {
-            throw new DomainSwitchNotAllowedException();
-        }
-    }
+		if ($allowed) {
+			WebRequest::setActiveDomain($newDomain);
+		}
+		else {
+			throw new DomainSwitchNotAllowedException();
+		}
+	}
 
-    public function switchToDefaultDomain(User $user): void
-    {
-        $domains = $this->getAllowedDomains($user);
-        $preferenceManager = new PreferenceManager($user->getDatabase(), $user->getId(), null);
-        $defaultDomainPreference = $preferenceManager->getPreference(PreferenceManager::PREF_DEFAULT_DOMAIN);
+	public function switchToDefaultDomain(User $user): void
+	{
+		$domains = $this->getAllowedDomains($user);
+		$preferenceManager = new PreferenceManager($user->getDatabase(), $user->getId(), null);
+		$defaultDomainPreference = $preferenceManager->getPreference(PreferenceManager::PREF_DEFAULT_DOMAIN);
 
-        $chosenDomain = null;
-        foreach ($domains as $d) {
-            if ($d->getId() == $defaultDomainPreference) {
-                $chosenDomain = $d;
-                break;
-            }
-        }
+		$chosenDomain = null;
+		foreach ($domains as $d) {
+			if ($d->getId() == $defaultDomainPreference) {
+				$chosenDomain = $d;
+				break;
+			}
+		}
 
-        if ($chosenDomain !== null) {
-            WebRequest::setActiveDomain($chosenDomain);
-            return;
-        }
+		if ($chosenDomain !== null) {
+			WebRequest::setActiveDomain($chosenDomain);
+			return;
+		}
 
-        if (count($domains) > 0) {
-            WebRequest::setActiveDomain($domains[0]);
-        }
-    }
+		if (count($domains) > 0) {
+			WebRequest::setActiveDomain($domains[0]);
+		}
+	}
 }
\ No newline at end of file

includes/DataObjects/User.php

Indentation +399 added lines, -399 removed lines

@@ -22,153 +22,153 @@ 
  */
 class User extends DataObject
 {
-    const STATUS_ACTIVE = 'Active';
-    const STATUS_DEACTIVATED = 'Deactivated';
-    const STATUS_NEW = 'New';
-
-    private static CommunityUser $community;
-
-    private $username;
-    private $email;
-    private $status = self::STATUS_NEW;
-    private $onwikiname;
-    private $lastactive = "0000-00-00 00:00:00";
-    private $forcelogout = 0;
-    private $forceidentified = null;
-    private $confirmationdiff = 0;
-    /** @var User Cache variable of the current user - it's never going to change in the middle of a request. */
-    private static $currentUser;
-    #region Object load methods
-
-    /**
-     * Gets the currently logged in user
-     *
-     * @param PdoDatabase $database
-     *
-     * @return User|CommunityUser
-     */
-    public static function getCurrent(PdoDatabase $database)
-    {
-        if (self::$currentUser === null) {
-            $sessionId = WebRequest::getSessionUserId();
-
-            if ($sessionId !== null) {
-                /** @var User $user */
-                $user = self::getById($sessionId, $database);
-
-                if ($user === false) {
-                    self::$currentUser = new CommunityUser();
-                }
-                else {
-                    self::$currentUser = $user;
-                }
-            }
-            else {
-                $anonymousCoward = new CommunityUser();
-
-                self::$currentUser = $anonymousCoward;
-            }
-        }
-
-        return self::$currentUser;
-    }
-
-    /**
-     * Gets a user by their user ID
-     *
-     * Pass -1 to get the community user.
-     *
-     * @param int|null    $id
-     * @param PdoDatabase $database
-     *
-     * @return User|false
-     */
-    public static function getById($id, PdoDatabase $database)
-    {
-        if ($id === null || $id == -1) {
-            return new CommunityUser();
-        }
-
-        /** @var User|false $user */
-        $user = parent::getById($id, $database);
-
-        return $user;
-    }
-
-    public static function getCommunity(): CommunityUser
-    {
-        if (!isset(self::$community)) {
-            self::$community = new CommunityUser();
-        }
-
-        return self::$community;
-    }
-
-    /**
-     * Gets a user by their username
-     *
-     * @param  string      $username
-     * @param  PdoDatabase $database
-     *
-     * @return CommunityUser|User|false
-     */
-    public static function getByUsername($username, PdoDatabase $database)
-    {
-        if ($username === self::getCommunity()->getUsername()) {
-            return new CommunityUser();
-        }
-
-        $statement = $database->prepare("SELECT * FROM user WHERE username = :id LIMIT 1;");
-        $statement->bindValue(":id", $username);
-
-        $statement->execute();
-
-        $resultObject = $statement->fetchObject(get_called_class());
-
-        if ($resultObject != false) {
-            $resultObject->setDatabase($database);
-        }
-
-        return $resultObject;
-    }
-
-    /**
-     * Gets a user by their on-wiki username.
-     *
-     * @param string      $username
-     * @param PdoDatabase $database
-     *
-     * @return User|false
-     */
-    public static function getByOnWikiUsername($username, PdoDatabase $database)
-    {
-        $statement = $database->prepare("SELECT * FROM user WHERE onwikiname = :id LIMIT 1;");
-        $statement->bindValue(":id", $username);
-        $statement->execute();
-
-        $resultObject = $statement->fetchObject(get_called_class());
-
-        if ($resultObject != false) {
-            $resultObject->setDatabase($database);
-
-            return $resultObject;
-        }
-
-        return false;
-    }
-
-    #endregion
-
-    /**
-     * Saves the current object
-     *
-     * @throws Exception
-     */
-    public function save()
-    {
-        if ($this->isNew()) {
-            // insert
-            $statement = $this->dbObject->prepare(<<<SQL
+	const STATUS_ACTIVE = 'Active';
+	const STATUS_DEACTIVATED = 'Deactivated';
+	const STATUS_NEW = 'New';
+
+	private static CommunityUser $community;
+
+	private $username;
+	private $email;
+	private $status = self::STATUS_NEW;
+	private $onwikiname;
+	private $lastactive = "0000-00-00 00:00:00";
+	private $forcelogout = 0;
+	private $forceidentified = null;
+	private $confirmationdiff = 0;
+	/** @var User Cache variable of the current user - it's never going to change in the middle of a request. */
+	private static $currentUser;
+	#region Object load methods
+
+	/**
+	 * Gets the currently logged in user
+	 *
+	 * @param PdoDatabase $database
+	 *
+	 * @return User|CommunityUser
+	 */
+	public static function getCurrent(PdoDatabase $database)
+	{
+		if (self::$currentUser === null) {
+			$sessionId = WebRequest::getSessionUserId();
+
+			if ($sessionId !== null) {
+				/** @var User $user */
+				$user = self::getById($sessionId, $database);
+
+				if ($user === false) {
+					self::$currentUser = new CommunityUser();
+				}
+				else {
+					self::$currentUser = $user;
+				}
+			}
+			else {
+				$anonymousCoward = new CommunityUser();
+
+				self::$currentUser = $anonymousCoward;
+			}
+		}
+
+		return self::$currentUser;
+	}
+
+	/**
+	 * Gets a user by their user ID
+	 *
+	 * Pass -1 to get the community user.
+	 *
+	 * @param int|null    $id
+	 * @param PdoDatabase $database
+	 *
+	 * @return User|false
+	 */
+	public static function getById($id, PdoDatabase $database)
+	{
+		if ($id === null || $id == -1) {
+			return new CommunityUser();
+		}
+
+		/** @var User|false $user */
+		$user = parent::getById($id, $database);
+
+		return $user;
+	}
+
+	public static function getCommunity(): CommunityUser
+	{
+		if (!isset(self::$community)) {
+			self::$community = new CommunityUser();
+		}
+
+		return self::$community;
+	}
+
+	/**
+	 * Gets a user by their username
+	 *
+	 * @param  string      $username
+	 * @param  PdoDatabase $database
+	 *
+	 * @return CommunityUser|User|false
+	 */
+	public static function getByUsername($username, PdoDatabase $database)
+	{
+		if ($username === self::getCommunity()->getUsername()) {
+			return new CommunityUser();
+		}
+
+		$statement = $database->prepare("SELECT * FROM user WHERE username = :id LIMIT 1;");
+		$statement->bindValue(":id", $username);
+
+		$statement->execute();
+
+		$resultObject = $statement->fetchObject(get_called_class());
+
+		if ($resultObject != false) {
+			$resultObject->setDatabase($database);
+		}
+
+		return $resultObject;
+	}
+
+	/**
+	 * Gets a user by their on-wiki username.
+	 *
+	 * @param string      $username
+	 * @param PdoDatabase $database
+	 *
+	 * @return User|false
+	 */
+	public static function getByOnWikiUsername($username, PdoDatabase $database)
+	{
+		$statement = $database->prepare("SELECT * FROM user WHERE onwikiname = :id LIMIT 1;");
+		$statement->bindValue(":id", $username);
+		$statement->execute();
+
+		$resultObject = $statement->fetchObject(get_called_class());
+
+		if ($resultObject != false) {
+			$resultObject->setDatabase($database);
+
+			return $resultObject;
+		}
+
+		return false;
+	}
+
+	#endregion
+
+	/**
+	 * Saves the current object
+	 *
+	 * @throws Exception
+	 */
+	public function save()
+	{
+		if ($this->isNew()) {
+			// insert
+			$statement = $this->dbObject->prepare(<<<SQL
 				INSERT INTO `user` ( 
 					username, email, status, onwikiname, 
 					lastactive, forcelogout, forceidentified,
@@ -179,25 +179,25 @@ 
 					:confirmationdiff
 				);
 SQL
-            );
-            $statement->bindValue(":username", $this->username);
-            $statement->bindValue(":email", $this->email);
-            $statement->bindValue(":status", $this->status);
-            $statement->bindValue(":onwikiname", $this->onwikiname);
-            $statement->bindValue(":lastactive", $this->lastactive);
-            $statement->bindValue(":forcelogout", $this->forcelogout);
-            $statement->bindValue(":confirmationdiff", $this->confirmationdiff);
-
-            if ($statement->execute()) {
-                $this->id = (int)$this->dbObject->lastInsertId();
-            }
-            else {
-                throw new Exception($statement->errorInfo());
-            }
-        }
-        else {
-            // update
-            $statement = $this->dbObject->prepare(<<<SQL
+			);
+			$statement->bindValue(":username", $this->username);
+			$statement->bindValue(":email", $this->email);
+			$statement->bindValue(":status", $this->status);
+			$statement->bindValue(":onwikiname", $this->onwikiname);
+			$statement->bindValue(":lastactive", $this->lastactive);
+			$statement->bindValue(":forcelogout", $this->forcelogout);
+			$statement->bindValue(":confirmationdiff", $this->confirmationdiff);
+
+			if ($statement->execute()) {
+				$this->id = (int)$this->dbObject->lastInsertId();
+			}
+			else {
+				throw new Exception($statement->errorInfo());
+			}
+		}
+		else {
+			// update
+			$statement = $this->dbObject->prepare(<<<SQL
 				UPDATE `user` SET 
 					username = :username, email = :email, 
 					status = :status,
@@ -208,233 +208,233 @@ 
                     updateversion = updateversion + 1
 				WHERE id = :id AND updateversion = :updateversion;
 SQL
-            );
-
-            $statement->bindValue(':id', $this->id);
-            $statement->bindValue(':updateversion', $this->updateversion);
-
-            $statement->bindValue(':username', $this->username);
-            $statement->bindValue(':email', $this->email);
-            $statement->bindValue(':status', $this->status);
-            $statement->bindValue(':onwikiname', $this->onwikiname);
-            $statement->bindValue(':lastactive', $this->lastactive);
-            $statement->bindValue(':forcelogout', $this->forcelogout);
-            $statement->bindValue(':confirmationdiff', $this->confirmationdiff);
-
-            if (!$statement->execute()) {
-                throw new Exception($statement->errorInfo());
-            }
-
-            if ($statement->rowCount() !== 1) {
-                throw new OptimisticLockFailedException();
-            }
-
-            $this->updateversion++;
-        }
-    }
-
-    #region properties
-
-    /**
-     * Gets the tool username
-     * @return string
-     */
-    public function getUsername()
-    {
-        return $this->username;
-    }
-
-    /**
-     * Sets the tool username
-     *
-     * @param string $username
-     */
-    public function setUsername($username)
-    {
-        $this->username = $username;
-
-        // If this isn't a brand new user, then it's a rename, force the logout
-        if (!$this->isNew()) {
-            $this->forcelogout = 1;
-        }
-    }
-
-    /**
-     * Gets the user's email address
-     * @return string
-     */
-    public function getEmail()
-    {
-        return $this->email;
-    }
-
-    /**
-     * Sets the user's email address
-     *
-     * @param string $email
-     */
-    public function setEmail($email)
-    {
-        $this->email = $email;
-    }
-
-    /**
-     * Gets the status (Active, New, Deactivated, etc) of the user.
-     * @return string
-     */
-    public function getStatus()
-    {
-        return $this->status;
-    }
-
-    /**
-     * @param string $status
-     */
-    public function setStatus($status)
-    {
-        $this->status = $status;
-    }
-
-    /**
-     * Gets the user's on-wiki name
-     * @return string
-     */
-    public function getOnWikiName()
-    {
-        return $this->onwikiname;
-    }
-
-    /**
-     * Sets the user's on-wiki name
-     *
-     * This can have interesting side-effects with OAuth.
-     *
-     * @param string $onWikiName
-     */
-    public function setOnWikiName($onWikiName)
-    {
-        $this->onwikiname = $onWikiName;
-    }
-
-    /**
-     * Gets the last activity date for the user
-     *
-     * @return string
-     * @todo This should probably return an instance of DateTime
-     */
-    public function getLastActive()
-    {
-        return $this->lastactive;
-    }
-
-    /**
-     * Gets the user's forced logout status
-     *
-     * @return bool
-     */
-    public function getForceLogout()
-    {
-        return $this->forcelogout == 1;
-    }
-
-    /**
-     * Sets the user's forced logout status
-     *
-     * @param bool $forceLogout
-     */
-    public function setForceLogout($forceLogout)
-    {
-        $this->forcelogout = $forceLogout ? 1 : 0;
-    }
-
-    /**
-     * Gets the user's confirmation diff. Unused if OAuth is in use.
-     * @return int the diff ID
-     */
-    public function getConfirmationDiff()
-    {
-        return $this->confirmationdiff;
-    }
-
-    /**
-     * Sets the user's confirmation diff.
-     *
-     * @param int $confirmationDiff
-     */
-    public function setConfirmationDiff($confirmationDiff)
-    {
-        $this->confirmationdiff = $confirmationDiff;
-    }
-
-    #endregion
-
-    #region user access checks
-
-    public function isActive()
-    {
-        return $this->status == self::STATUS_ACTIVE;
-    }
-
-    /**
-     * DO NOT USE FOR TESTING IDENTIFICATION STATUS.
-     *
-     * This only returns any overrides in the database for identification status,
-     * and is thus not suitable on its own to determine if a user is identified.
-     *
-     * Most (all?) users should have a null value here; this is only here as an
-     * emergency override in case things go horribly, horribly wrong. For
-     * example, when WMF completely change the layout of the ID noticeboard.
-     */
-    public function getForceIdentified(): ?bool
-    {
-        if ($this->forceidentified === null) {
-            return null;
-        }
-
-        return $this->forceidentified === 1;
-    }
-
-    /**
-     * Tests if the user is new
-     * @return bool
-     * @category Security-Critical
-     */
-    public function isNewUser()
-    {
-        return $this->status == self::STATUS_NEW;
-    }
-
-    /**
-     * Tests if the user has been deactivated and is unable to access the tool
-     * @return bool
-     * @category Security-Critical
-     */
-    public function isDeactivated(): bool
-    {
-        return $this->status == self::STATUS_DEACTIVATED;
-    }
-
-    /**
-     * Tests if the user is the community user
-     *
-     * @todo     decide if this means logged out. I think it usually does.
-     * @return bool
-     * @category Security-Critical
-     */
-    public function isCommunityUser()
-    {
-        return false;
-    }
-
-    #endregion 
-
-    /**
-     * Gets the approval date of the user
-     * @return DateTime|false
-     */
-    public function getApprovalDate()
-    {
-        $query = $this->dbObject->prepare(<<<SQL
+			);
+
+			$statement->bindValue(':id', $this->id);
+			$statement->bindValue(':updateversion', $this->updateversion);
+
+			$statement->bindValue(':username', $this->username);
+			$statement->bindValue(':email', $this->email);
+			$statement->bindValue(':status', $this->status);
+			$statement->bindValue(':onwikiname', $this->onwikiname);
+			$statement->bindValue(':lastactive', $this->lastactive);
+			$statement->bindValue(':forcelogout', $this->forcelogout);
+			$statement->bindValue(':confirmationdiff', $this->confirmationdiff);
+
+			if (!$statement->execute()) {
+				throw new Exception($statement->errorInfo());
+			}
+
+			if ($statement->rowCount() !== 1) {
+				throw new OptimisticLockFailedException();
+			}
+
+			$this->updateversion++;
+		}
+	}
+
+	#region properties
+
+	/**
+	 * Gets the tool username
+	 * @return string
+	 */
+	public function getUsername()
+	{
+		return $this->username;
+	}
+
+	/**
+	 * Sets the tool username
+	 *
+	 * @param string $username
+	 */
+	public function setUsername($username)
+	{
+		$this->username = $username;
+
+		// If this isn't a brand new user, then it's a rename, force the logout
+		if (!$this->isNew()) {
+			$this->forcelogout = 1;
+		}
+	}
+
+	/**
+	 * Gets the user's email address
+	 * @return string
+	 */
+	public function getEmail()
+	{
+		return $this->email;
+	}
+
+	/**
+	 * Sets the user's email address
+	 *
+	 * @param string $email
+	 */
+	public function setEmail($email)
+	{
+		$this->email = $email;
+	}
+
+	/**
+	 * Gets the status (Active, New, Deactivated, etc) of the user.
+	 * @return string
+	 */
+	public function getStatus()
+	{
+		return $this->status;
+	}
+
+	/**
+	 * @param string $status
+	 */
+	public function setStatus($status)
+	{
+		$this->status = $status;
+	}
+
+	/**
+	 * Gets the user's on-wiki name
+	 * @return string
+	 */
+	public function getOnWikiName()
+	{
+		return $this->onwikiname;
+	}
+
+	/**
+	 * Sets the user's on-wiki name
+	 *
+	 * This can have interesting side-effects with OAuth.
+	 *
+	 * @param string $onWikiName
+	 */
+	public function setOnWikiName($onWikiName)
+	{
+		$this->onwikiname = $onWikiName;
+	}
+
+	/**
+	 * Gets the last activity date for the user
+	 *
+	 * @return string
+	 * @todo This should probably return an instance of DateTime
+	 */
+	public function getLastActive()
+	{
+		return $this->lastactive;
+	}
+
+	/**
+	 * Gets the user's forced logout status
+	 *
+	 * @return bool
+	 */
+	public function getForceLogout()
+	{
+		return $this->forcelogout == 1;
+	}
+
+	/**
+	 * Sets the user's forced logout status
+	 *
+	 * @param bool $forceLogout
+	 */
+	public function setForceLogout($forceLogout)
+	{
+		$this->forcelogout = $forceLogout ? 1 : 0;
+	}
+
+	/**
+	 * Gets the user's confirmation diff. Unused if OAuth is in use.
+	 * @return int the diff ID
+	 */
+	public function getConfirmationDiff()
+	{
+		return $this->confirmationdiff;
+	}
+
+	/**
+	 * Sets the user's confirmation diff.
+	 *
+	 * @param int $confirmationDiff
+	 */
+	public function setConfirmationDiff($confirmationDiff)
+	{
+		$this->confirmationdiff = $confirmationDiff;
+	}
+
+	#endregion
+
+	#region user access checks
+
+	public function isActive()
+	{
+		return $this->status == self::STATUS_ACTIVE;
+	}
+
+	/**
+	 * DO NOT USE FOR TESTING IDENTIFICATION STATUS.
+	 *
+	 * This only returns any overrides in the database for identification status,
+	 * and is thus not suitable on its own to determine if a user is identified.
+	 *
+	 * Most (all?) users should have a null value here; this is only here as an
+	 * emergency override in case things go horribly, horribly wrong. For
+	 * example, when WMF completely change the layout of the ID noticeboard.
+	 */
+	public function getForceIdentified(): ?bool
+	{
+		if ($this->forceidentified === null) {
+			return null;
+		}
+
+		return $this->forceidentified === 1;
+	}
+
+	/**
+	 * Tests if the user is new
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	public function isNewUser()
+	{
+		return $this->status == self::STATUS_NEW;
+	}
+
+	/**
+	 * Tests if the user has been deactivated and is unable to access the tool
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	public function isDeactivated(): bool
+	{
+		return $this->status == self::STATUS_DEACTIVATED;
+	}
+
+	/**
+	 * Tests if the user is the community user
+	 *
+	 * @todo     decide if this means logged out. I think it usually does.
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	public function isCommunityUser()
+	{
+		return false;
+	}
+
+	#endregion 
+
+	/**
+	 * Gets the approval date of the user
+	 * @return DateTime|false
+	 */
+	public function getApprovalDate()
+	{
+		$query = $this->dbObject->prepare(<<<SQL
 			SELECT timestamp 
 			FROM log 
 			WHERE objectid = :userid
@@ -443,12 +443,12 @@ 
 			ORDER BY id DESC 
 			LIMIT 1;
 SQL
-        );
-        $query->execute(array(":userid" => $this->id));
+		);
+		$query->execute(array(":userid" => $this->id));
 
-        $data = DateTime::createFromFormat("Y-m-d H:i:s", $query->fetchColumn());
-        $query->closeCursor();
+		$data = DateTime::createFromFormat("Y-m-d H:i:s", $query->fetchColumn());
+		$query->closeCursor();
 
-        return $data;
-    }
+		return $data;
+	}
 }

includes/DataObjects/CommunityUser.php

Indentation +115 added lines, -115 removed lines

@@ -17,120 +17,120 @@
  */
 class CommunityUser extends User
 {
-    public function getId()
-    {
-        return -1;
-    }
-
-    public function save()
-    {
-        // Do nothing
-    }
-
-    #region properties
-
-    /**
-     * @return string
-     */
-    public function getUsername()
-    {
-        return '[Community]';
-    }
-
-    public function setUsername($username)
-    {
-    }
-
-    /**
-     * @return string
-     */
-    public function getEmail()
-    {
-        global $cDataClearEmail;
-
-        return $cDataClearEmail;
-    }
-
-    public function setEmail($email)
-    {
-    }
-
-    public function getStatus()
-    {
-        return "Community";
-    }
-
-    public function getOnWikiName()
-    {
-        return "127.0.0.1";
-    }
-
-    public function setOnWikiName($onWikiName)
-    {
-    }
-
-    public function getLastActive()
-    {
-        $now = new DateTime();
-
-        return $now->format("Y-m-d H:i:s");
-    }
-
-    public function getForceLogout()
-    {
-        return true;
-    }
-
-    public function setForceLogout($forceLogout)
-    {
-    }
-
-    /**
-     * @param string $status
-     */
-    public function setStatus($status)
-    {
-    }
-
-    public function getConfirmationDiff()
-    {
-        return null;
-    }
-
-    public function setConfirmationDiff($confirmationDiff)
-    {
-    }
-
-
-    public function setUseAlternateSkin($useAlternate)
-    {
-    }
-
-    #endregion
-
-    #region user access checks
-
-    public function isNewUser()
-    {
-        return false;
-    }
-
-    public function isDeactivated(): bool
-    {
-        return false;
-    }
-
-    public function isCommunityUser()
-    {
-        return true;
-    }
-
-    #endregion
+	public function getId()
+	{
+		return -1;
+	}
+
+	public function save()
+	{
+		// Do nothing
+	}
+
+	#region properties
+
+	/**
+	 * @return string
+	 */
+	public function getUsername()
+	{
+		return '[Community]';
+	}
+
+	public function setUsername($username)
+	{
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getEmail()
+	{
+		global $cDataClearEmail;
+
+		return $cDataClearEmail;
+	}
+
+	public function setEmail($email)
+	{
+	}
+
+	public function getStatus()
+	{
+		return "Community";
+	}
+
+	public function getOnWikiName()
+	{
+		return "127.0.0.1";
+	}
+
+	public function setOnWikiName($onWikiName)
+	{
+	}
+
+	public function getLastActive()
+	{
+		$now = new DateTime();
+
+		return $now->format("Y-m-d H:i:s");
+	}
+
+	public function getForceLogout()
+	{
+		return true;
+	}
+
+	public function setForceLogout($forceLogout)
+	{
+	}
+
+	/**
+	 * @param string $status
+	 */
+	public function setStatus($status)
+	{
+	}
+
+	public function getConfirmationDiff()
+	{
+		return null;
+	}
+
+	public function setConfirmationDiff($confirmationDiff)
+	{
+	}
+
+
+	public function setUseAlternateSkin($useAlternate)
+	{
+	}
+
+	#endregion
+
+	#region user access checks
+
+	public function isNewUser()
+	{
+		return false;
+	}
+
+	public function isDeactivated(): bool
+	{
+		return false;
+	}
+
+	public function isCommunityUser()
+	{
+		return true;
+	}
+
+	#endregion
 
-    public function getApprovalDate()
-    {
-        $data = DateTime::createFromFormat("Y-m-d H:i:s", "1970-01-01 00:00:00");
-
-        return $data;
-    }
+	public function getApprovalDate()
+	{
+		$data = DateTime::createFromFormat("Y-m-d H:i:s", "1970-01-01 00:00:00");
+
+		return $data;
+	}
 }

includes/DataObjects/Domain.php

Indentation +286 added lines, -286 removed lines

@@ -18,94 +18,94 @@ 
 
 class Domain extends DataObject
 {
-    /** @var string */
-    private $shortname;
-    /** @var string */
-    private $longname;
-    /** @var string */
-    private $wikiarticlepath;
-    /** @var string */
-    private $wikiapipath;
-    /** @var int */
-    private $enabled = 0;
-    /** @var int|null */
-    private $defaultclose;
-    /** @var string */
-    private $defaultlanguage = 'en';
-    /** @var string */
-    private $emailreplyaddress;
-    /** @var string|null */
-    private $notificationtarget;
-    /** @var string */
-    private $localdocumentation;
-
-    /** @var Domain Cache variable of the current domain */
-    private static $currentDomain;
-
-    public static function getCurrent(PdoDatabase $database)
-    {
-        if (self::$currentDomain === null) {
-            $sessionDomain = WebRequest::getSessionDomain();
-
-            if ($sessionDomain !== null) {
-                /** @var Domain $domain */
-                $domain = self::getById($sessionDomain, $database);
-
-                if ($domain === false) {
-                    self::$currentDomain = self::getById(1, $database); // FIXME: #594 User::getCurrent($database)->getDefaultDomain();
-                }
-                else {
-                    self::$currentDomain = $domain;
-                }
-            }
-            else {
-                self::$currentDomain = self::getById(1, $database); // FIXME: #594 User::getCurrent($database)->getDefaultDomain();
-            }
-        }
-
-        return self::$currentDomain;
-    }
-
-    public static function getByShortName(string $shortName, PdoDatabase $database)
-    {
-        $statement = $database->prepare(<<<SQL
+	/** @var string */
+	private $shortname;
+	/** @var string */
+	private $longname;
+	/** @var string */
+	private $wikiarticlepath;
+	/** @var string */
+	private $wikiapipath;
+	/** @var int */
+	private $enabled = 0;
+	/** @var int|null */
+	private $defaultclose;
+	/** @var string */
+	private $defaultlanguage = 'en';
+	/** @var string */
+	private $emailreplyaddress;
+	/** @var string|null */
+	private $notificationtarget;
+	/** @var string */
+	private $localdocumentation;
+
+	/** @var Domain Cache variable of the current domain */
+	private static $currentDomain;
+
+	public static function getCurrent(PdoDatabase $database)
+	{
+		if (self::$currentDomain === null) {
+			$sessionDomain = WebRequest::getSessionDomain();
+
+			if ($sessionDomain !== null) {
+				/** @var Domain $domain */
+				$domain = self::getById($sessionDomain, $database);
+
+				if ($domain === false) {
+					self::$currentDomain = self::getById(1, $database); // FIXME: #594 User::getCurrent($database)->getDefaultDomain();
+				}
+				else {
+					self::$currentDomain = $domain;
+				}
+			}
+			else {
+				self::$currentDomain = self::getById(1, $database); // FIXME: #594 User::getCurrent($database)->getDefaultDomain();
+			}
+		}
+
+		return self::$currentDomain;
+	}
+
+	public static function getByShortName(string $shortName, PdoDatabase $database)
+	{
+		$statement = $database->prepare(<<<SQL
             SELECT * FROM domain WHERE shortname = :name;
 SQL
-        );
+		);
 
-        $statement->execute([
-            ':name' => $shortName,
-        ]);
+		$statement->execute([
+			':name' => $shortName,
+		]);
 
-        /** @var RequestForm|false $result */
-        $result = $statement->fetchObject(get_called_class());
+		/** @var RequestForm|false $result */
+		$result = $statement->fetchObject(get_called_class());
 
-        if ($result !== false) {
-            $result->setDatabase($database);
-        }
+		if ($result !== false) {
+			$result->setDatabase($database);
+		}
 
-        return $result;
-    }
+		return $result;
+	}
 
-    public static function getAll(PdoDatabase $database) {
-        $statement = $database->prepare("SELECT * FROM domain;");
-        $statement->execute();
+	public static function getAll(PdoDatabase $database) {
+		$statement = $database->prepare("SELECT * FROM domain;");
+		$statement->execute();
 
-        $resultObject = $statement->fetchAll(PDO::FETCH_CLASS, get_called_class());
+		$resultObject = $statement->fetchAll(PDO::FETCH_CLASS, get_called_class());
 
-        /** @var Domain $t */
-        foreach ($resultObject as $t) {
-            $t->setDatabase($database);
-        }
+		/** @var Domain $t */
+		foreach ($resultObject as $t) {
+			$t->setDatabase($database);
+		}
 
-        return $resultObject;
-    }
+		return $resultObject;
+	}
 
-    public function save()
-    {
-        if ($this->isNew()) {
-            // insert
-            $statement = $this->dbObject->prepare(<<<SQL
+	public function save()
+	{
+		if ($this->isNew()) {
+			// insert
+			$statement = $this->dbObject->prepare(<<<SQL
                 INSERT INTO domain (
                     shortname, longname, wikiarticlepath, wikiapipath, enabled, defaultclose, defaultlanguage, 
                     emailreplyaddress, notificationtarget, localdocumentation
@@ -114,29 +114,29 @@ 
                     :emailreplyaddress, :notificationtarget, :localdocumentation
                 );
 SQL
-            );
-
-            $statement->bindValue(":shortname", $this->shortname);
-            $statement->bindValue(":longname", $this->longname);
-            $statement->bindValue(":wikiarticlepath", $this->wikiarticlepath);
-            $statement->bindValue(":wikiapipath", $this->wikiapipath);
-            $statement->bindValue(":enabled", $this->enabled);
-            $statement->bindValue(":defaultclose", $this->defaultclose);
-            $statement->bindValue(":defaultlanguage", $this->defaultlanguage);
-            $statement->bindValue(":emailreplyaddress", $this->emailreplyaddress);
-            $statement->bindValue(":notificationtarget", $this->notificationtarget);
-            $statement->bindValue(":localdocumentation", $this->localdocumentation);
-
-
-            if ($statement->execute()) {
-                $this->id = (int)$this->dbObject->lastInsertId();
-            }
-            else {
-                throw new Exception($statement->errorInfo());
-            }
-        }
-        else {
-            $statement = $this->dbObject->prepare(<<<SQL
+			);
+
+			$statement->bindValue(":shortname", $this->shortname);
+			$statement->bindValue(":longname", $this->longname);
+			$statement->bindValue(":wikiarticlepath", $this->wikiarticlepath);
+			$statement->bindValue(":wikiapipath", $this->wikiapipath);
+			$statement->bindValue(":enabled", $this->enabled);
+			$statement->bindValue(":defaultclose", $this->defaultclose);
+			$statement->bindValue(":defaultlanguage", $this->defaultlanguage);
+			$statement->bindValue(":emailreplyaddress", $this->emailreplyaddress);
+			$statement->bindValue(":notificationtarget", $this->notificationtarget);
+			$statement->bindValue(":localdocumentation", $this->localdocumentation);
+
+
+			if ($statement->execute()) {
+				$this->id = (int)$this->dbObject->lastInsertId();
+			}
+			else {
+				throw new Exception($statement->errorInfo());
+			}
+		}
+		else {
+			$statement = $this->dbObject->prepare(<<<SQL
                 UPDATE domain SET
                     longname = :longname,
                     wikiarticlepath = :wikiarticlepath,
@@ -151,190 +151,190 @@ 
                     updateversion = updateversion + 1
 				WHERE id = :id AND updateversion = :updateversion;
 SQL
-            );
-
-            $statement->bindValue(":longname", $this->longname);
-            $statement->bindValue(":wikiarticlepath", $this->wikiarticlepath);
-            $statement->bindValue(":wikiapipath", $this->wikiapipath);
-            $statement->bindValue(":enabled", $this->enabled);
-            $statement->bindValue(":defaultclose", $this->defaultclose);
-            $statement->bindValue(":defaultlanguage", $this->defaultlanguage);
-            $statement->bindValue(":emailreplyaddress", $this->emailreplyaddress);
-            $statement->bindValue(":notificationtarget", $this->notificationtarget);
-            $statement->bindValue(":localdocumentation", $this->localdocumentation);
-
-            $statement->bindValue(':id', $this->id);
-            $statement->bindValue(':updateversion', $this->updateversion);
-
-            if (!$statement->execute()) {
-                throw new Exception($statement->errorInfo());
-            }
-
-            if ($statement->rowCount() !== 1) {
-                throw new OptimisticLockFailedException();
-            }
-
-            $this->updateversion++;
-        }
-    }
-
-    /**
-     * @return string
-     */
-    public function getShortName(): string
-    {
-        return $this->shortname;
-    }
-
-    /**
-     * @param string $shortName
-     */
-    public function setShortName(string $shortName): void
-    {
-        $this->shortname = $shortName;
-    }
-
-    /**
-     * @return string
-     */
-    public function getLongName(): string
-    {
-        return $this->longname;
-    }
-
-    /**
-     * @param string $longName
-     */
-    public function setLongName(string $longName): void
-    {
-        $this->longname = $longName;
-    }
-
-    /**
-     * @return string
-     */
-    public function getWikiArticlePath(): string
-    {
-        return $this->wikiarticlepath;
-    }
-
-    /**
-     * @param string $wikiArticlePath
-     */
-    public function setWikiArticlePath(string $wikiArticlePath): void
-    {
-        $this->wikiarticlepath = $wikiArticlePath;
-    }
-
-    /**
-     * @return string
-     */
-    public function getWikiApiPath(): string
-    {
-        return $this->wikiapipath;
-    }
-
-    /**
-     * @param string $wikiApiPath
-     */
-    public function setWikiApiPath(string $wikiApiPath): void
-    {
-        $this->wikiapipath = $wikiApiPath;
-    }
-
-    /**
-     * @return bool
-     */
-    public function isEnabled(): bool
-    {
-        return $this->enabled == 1;
-    }
-
-    /**
-     * @param bool $enabled
-     */
-    public function setEnabled(bool $enabled): void
-    {
-        $this->enabled = $enabled ? 1 : 0;
-    }
-
-    /**
-     * @return int
-     */
-    public function getDefaultClose(): ?int
-    {
-        return $this->defaultclose;
-    }
-
-    /**
-     * @param int $defaultClose
-     */
-    public function setDefaultClose(?int $defaultClose): void
-    {
-        $this->defaultclose = $defaultClose;
-    }
-
-    /**
-     * @return string
-     */
-    public function getDefaultLanguage(): string
-    {
-        return $this->defaultlanguage;
-    }
-
-    /**
-     * @param string $defaultLanguage
-     */
-    public function setDefaultLanguage(string $defaultLanguage): void
-    {
-        $this->defaultlanguage = $defaultLanguage;
-    }
-
-    /**
-     * @return string
-     */
-    public function getEmailReplyAddress(): string
-    {
-        return $this->emailreplyaddress;
-    }
-
-    /**
-     * @param string $emailReplyAddress
-     */
-    public function setEmailReplyAddress(string $emailReplyAddress): void
-    {
-        $this->emailreplyaddress = $emailReplyAddress;
-    }
-
-    /**
-     * @return string|null
-     */
-    public function getNotificationTarget(): ?string
-    {
-        return $this->notificationtarget;
-    }
-
-    /**
-     * @param string|null $notificationTarget
-     */
-    public function setNotificationTarget(?string $notificationTarget): void
-    {
-        $this->notificationtarget = $notificationTarget;
-    }
-
-    /**
-     * @return string
-     */
-    public function getLocalDocumentation(): string
-    {
-        return $this->localdocumentation;
-    }
-
-    /**
-     * @param string $localDocumentation
-     */
-    public function setLocalDocumentation(string $localDocumentation): void
-    {
-        $this->localdocumentation = $localDocumentation;
-    }
+			);
+
+			$statement->bindValue(":longname", $this->longname);
+			$statement->bindValue(":wikiarticlepath", $this->wikiarticlepath);
+			$statement->bindValue(":wikiapipath", $this->wikiapipath);
+			$statement->bindValue(":enabled", $this->enabled);
+			$statement->bindValue(":defaultclose", $this->defaultclose);
+			$statement->bindValue(":defaultlanguage", $this->defaultlanguage);
+			$statement->bindValue(":emailreplyaddress", $this->emailreplyaddress);
+			$statement->bindValue(":notificationtarget", $this->notificationtarget);
+			$statement->bindValue(":localdocumentation", $this->localdocumentation);
+
+			$statement->bindValue(':id', $this->id);
+			$statement->bindValue(':updateversion', $this->updateversion);
+
+			if (!$statement->execute()) {
+				throw new Exception($statement->errorInfo());
+			}
+
+			if ($statement->rowCount() !== 1) {
+				throw new OptimisticLockFailedException();
+			}
+
+			$this->updateversion++;
+		}
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getShortName(): string
+	{
+		return $this->shortname;
+	}
+
+	/**
+	 * @param string $shortName
+	 */
+	public function setShortName(string $shortName): void
+	{
+		$this->shortname = $shortName;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getLongName(): string
+	{
+		return $this->longname;
+	}
+
+	/**
+	 * @param string $longName
+	 */
+	public function setLongName(string $longName): void
+	{
+		$this->longname = $longName;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getWikiArticlePath(): string
+	{
+		return $this->wikiarticlepath;
+	}
+
+	/**
+	 * @param string $wikiArticlePath
+	 */
+	public function setWikiArticlePath(string $wikiArticlePath): void
+	{
+		$this->wikiarticlepath = $wikiArticlePath;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getWikiApiPath(): string
+	{
+		return $this->wikiapipath;
+	}
+
+	/**
+	 * @param string $wikiApiPath
+	 */
+	public function setWikiApiPath(string $wikiApiPath): void
+	{
+		$this->wikiapipath = $wikiApiPath;
+	}
+
+	/**
+	 * @return bool
+	 */
+	public function isEnabled(): bool
+	{
+		return $this->enabled == 1;
+	}
+
+	/**
+	 * @param bool $enabled
+	 */
+	public function setEnabled(bool $enabled): void
+	{
+		$this->enabled = $enabled ? 1 : 0;
+	}
+
+	/**
+	 * @return int
+	 */
+	public function getDefaultClose(): ?int
+	{
+		return $this->defaultclose;
+	}
+
+	/**
+	 * @param int $defaultClose
+	 */
+	public function setDefaultClose(?int $defaultClose): void
+	{
+		$this->defaultclose = $defaultClose;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getDefaultLanguage(): string
+	{
+		return $this->defaultlanguage;
+	}
+
+	/**
+	 * @param string $defaultLanguage
+	 */
+	public function setDefaultLanguage(string $defaultLanguage): void
+	{
+		$this->defaultlanguage = $defaultLanguage;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getEmailReplyAddress(): string
+	{
+		return $this->emailreplyaddress;
+	}
+
+	/**
+	 * @param string $emailReplyAddress
+	 */
+	public function setEmailReplyAddress(string $emailReplyAddress): void
+	{
+		$this->emailreplyaddress = $emailReplyAddress;
+	}
+
+	/**
+	 * @return string|null
+	 */
+	public function getNotificationTarget(): ?string
+	{
+		return $this->notificationtarget;
+	}
+
+	/**
+	 * @param string|null $notificationTarget
+	 */
+	public function setNotificationTarget(?string $notificationTarget): void
+	{
+		$this->notificationtarget = $notificationTarget;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getLocalDocumentation(): string
+	{
+		return $this->localdocumentation;
+	}
+
+	/**
+	 * @param string $localDocumentation
+	 */
+	public function setLocalDocumentation(string $localDocumentation): void
+	{
+		$this->localdocumentation = $localDocumentation;
+	}
 }
\ No newline at end of file

includes/Exceptions/AccessDeniedException.php

Indentation +47 added lines, -47 removed lines

@@ -27,66 +27,66 @@
  */
 class AccessDeniedException extends ReadableException
 {
-    use NavigationMenuAccessControl;
-    use LogEntryLookup;
+	use NavigationMenuAccessControl;
+	use LogEntryLookup;
 
-    private ISecurityManager $securityManager;
-    private IDomainAccessManager $domainAccessManager;
+	private ISecurityManager $securityManager;
+	private IDomainAccessManager $domainAccessManager;
 
-    /**
-     * AccessDeniedException constructor.
-     *
-     * @param ISecurityManager     $securityManager
-     * @param IDomainAccessManager $domainAccessManager
-     */
-    public function __construct(ISecurityManager $securityManager, IDomainAccessManager $domainAccessManager)
-    {
-        $this->securityManager = $securityManager;
-        $this->domainAccessManager = $domainAccessManager;
-    }
+	/**
+	 * AccessDeniedException constructor.
+	 *
+	 * @param ISecurityManager     $securityManager
+	 * @param IDomainAccessManager $domainAccessManager
+	 */
+	public function __construct(ISecurityManager $securityManager, IDomainAccessManager $domainAccessManager)
+	{
+		$this->securityManager = $securityManager;
+		$this->domainAccessManager = $domainAccessManager;
+	}
 
-    public function getReadableError()
-    {
-        if (!headers_sent()) {
-            header("HTTP/1.1 403 Forbidden");
-        }
+	public function getReadableError()
+	{
+		if (!headers_sent()) {
+			header("HTTP/1.1 403 Forbidden");
+		}
 
-        $this->setUpSmarty();
+		$this->setUpSmarty();
 
-        // uck. We should still be able to access the database in this situation though.
-        $database = PdoDatabase::getDatabaseConnection($this->getSiteConfiguration());
-        $currentUser = User::getCurrent($database);
-        $this->assign('skin', PreferenceManager::getForCurrent($database)->getPreference(PreferenceManager::PREF_SKIN));
-        $this->assign('currentUser', $currentUser);
-        $this->assign('currentDomain', Domain::getCurrent($database));
+		// uck. We should still be able to access the database in this situation though.
+		$database = PdoDatabase::getDatabaseConnection($this->getSiteConfiguration());
+		$currentUser = User::getCurrent($database);
+		$this->assign('skin', PreferenceManager::getForCurrent($database)->getPreference(PreferenceManager::PREF_SKIN));
+		$this->assign('currentUser', $currentUser);
+		$this->assign('currentDomain', Domain::getCurrent($database));
 
-        $this->setupNavMenuAccess($currentUser);
+		$this->setupNavMenuAccess($currentUser);
 
-        if ($currentUser->isDeactivated()) {
-            $this->assign('htmlTitle', 'Account Deactivated');
-            $this->assign('deactivationReason', $this->getLogEntry('DeactivatedUser', $currentUser, $database));
+		if ($currentUser->isDeactivated()) {
+			$this->assign('htmlTitle', 'Account Deactivated');
+			$this->assign('deactivationReason', $this->getLogEntry('DeactivatedUser', $currentUser, $database));
 
-            return $this->fetchTemplate("exception/account-deactivated.tpl");
-        }
+			return $this->fetchTemplate("exception/account-deactivated.tpl");
+		}
 
-        if ($currentUser->isNewUser()) {
-            $this->assign('htmlTitle', 'Account Pending');
+		if ($currentUser->isNewUser()) {
+			$this->assign('htmlTitle', 'Account Pending');
 
-            return $this->fetchTemplate("exception/account-new.tpl");
-        }
+			return $this->fetchTemplate("exception/account-new.tpl");
+		}
 
-        return $this->fetchTemplate("exception/access-denied.tpl");
-    }
+		return $this->fetchTemplate("exception/access-denied.tpl");
+	}
 
 
 
-    protected function getSecurityManager(): ISecurityManager
-    {
-        return $this->securityManager;
-    }
+	protected function getSecurityManager(): ISecurityManager
+	{
+		return $this->securityManager;
+	}
 
-    public function getDomainAccessManager(): IDomainAccessManager
-    {
-        return $this->domainAccessManager;
-    }
+	public function getDomainAccessManager(): IDomainAccessManager
+	{
+		return $this->domainAccessManager;
+	}
 }
\ No newline at end of file