includes/api/ApiBlock.php

   1 <?php
   2 /**
   3  *
   4  *
   5  * Created on Sep 4, 2007
   6  *
   7  * Copyright © 2007 Roan Kattouw "<Firstname>.<Lastname>@gmail.com"
   8  *
   9  * This program is free software; you can redistribute it and/or modify
  10  * it under the terms of the GNU General Public License as published by
  11  * the Free Software Foundation; either version 2 of the License, or
  12  * (at your option) any later version.
  13  *
  14  * This program is distributed in the hope that it will be useful,
  15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  17  * GNU General Public License for more details.
  18  *
  19  * You should have received a copy of the GNU General Public License along
  20  * with this program; if not, write to the Free Software Foundation, Inc.,
  21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  22  * http://www.gnu.org/copyleft/gpl.html
  23  *
  24  * @file
  25  */
  26
  27 /**
  28  * API module that facilitates the blocking of users. Requires API write mode
  29  * to be enabled.
  30  *
  31  * @ingroup API
  32  */
  33 class ApiBlock extends ApiBase {
  34
  35         /**
  36          * Blocks the user specified in the parameters for the given expiry, with the
  37          * given reason, and with all other settings provided in the params. If the block
  38          * succeeds, produces a result containing the details of the block and notice
  39          * of success. If it fails, the result will specify the nature of the error.
  40          */
  41         public function execute() {
  42                 $this->checkUserRightsAny( 'block' );
  43
  44                 $user = $this->getUser();
  45                 $params = $this->extractRequestParams();
  46
  47                 $this->requireOnlyOneParameter( $params, 'user', 'userid' );
  48
  49                 # T17810: blocked admins should have limited access here
  50                 if ( $user->isBlocked() ) {
  51                         $status = SpecialBlock::checkUnblockSelf( $params['user'], $user );
  52                         if ( $status !== true ) {
  53                                 $this->dieWithError(
  54                                         $status,
  55                                         null,
  56                                         [ 'blockinfo' => ApiQueryUserInfo::getBlockInfo( $user->getBlock() ) ]
  57                                 );
  58                         }
  59                 }
  60
  61                 if ( $params['userid'] !== null ) {
  62                         $username = User::whoIs( $params['userid'] );
  63
  64                         if ( $username === false ) {
  65                                 $this->dieWithError( [ 'apierror-nosuchuserid', $params['userid'] ], 'nosuchuserid' );
  66                         } else {
  67                                 $params['user'] = $username;
  68                         }
  69                 } else {
  70                         $target = User::newFromName( $params['user'] );
  71
  72                         // T40633 - if the target is a user (not an IP address), but it
  73                         // doesn't exist or is unusable, error.
  74                         if ( $target instanceof User &&
  75                                 ( $target->isAnon() /* doesn't exist */ || !User::isUsableName( $target->getName() ) )
  76                         ) {
  77                                 $this->dieWithError( [ 'nosuchusershort', $params['user'] ], 'nosuchuser' );
  78                         }
  79                 }
  80
  81                 if ( $params['tags'] ) {
  82                         $ableToTag = ChangeTags::canAddTagsAccompanyingChange( $params['tags'], $user );
  83                         if ( !$ableToTag->isOK() ) {
  84                                 $this->dieStatus( $ableToTag );
  85                         }
  86                 }
  87
  88                 if ( $params['hidename'] && !$user->isAllowed( 'hideuser' ) ) {
  89                         $this->dieWithError( 'apierror-canthide' );
  90                 }
  91                 if ( $params['noemail'] && !SpecialBlock::canBlockEmail( $user ) ) {
  92                         $this->dieWithError( 'apierror-cantblock-email' );
  93                 }
  94
  95                 $data = [
  96                         'PreviousTarget' => $params['user'],
  97                         'Target' => $params['user'],
  98                         'Reason' => [
  99                                 $params['reason'],
 100                                 'other',
 101                                 $params['reason']
 102                         ],
 103                         'Expiry' => $params['expiry'],
 104                         'HardBlock' => !$params['anononly'],
 105                         'CreateAccount' => $params['nocreate'],
 106                         'AutoBlock' => $params['autoblock'],
 107                         'DisableEmail' => $params['noemail'],
 108                         'HideUser' => $params['hidename'],
 109                         'DisableUTEdit' => !$params['allowusertalk'],
 110                         'Reblock' => $params['reblock'],
 111                         'Watch' => $params['watchuser'],
 112                         'Confirm' => true,
 113                         'Tags' => $params['tags'],
 114                 ];
 115
 116                 $status = SpecialBlock::validateTarget( $params['user'], $user );
 117                 if ( !$status->isOK() ) {
 118                         $this->dieStatus( $status );
 119                 }
 120
 121                 $retval = SpecialBlock::processForm( $data, $this->getContext() );
 122                 if ( $retval !== true ) {
 123                         $this->dieStatus( $this->errorArrayToStatus( $retval ) );
 124                 }
 125
 126                 list( $target, /*...*/ ) = SpecialBlock::getTargetAndType( $params['user'] );
 127                 $res['user'] = $params['user'];
 128                 $res['userID'] = $target instanceof User ? $target->getId() : 0;
 129
 130                 $block = Block::newFromTarget( $target, null, true );
 131                 if ( $block instanceof Block ) {
 132                         $res['expiry'] = ApiResult::formatExpiry( $block->mExpiry, 'infinite' );
 133                         $res['id'] = $block->getId();
 134                 } else {
 135                         # should be unreachable
 136                         $res['expiry'] = '';
 137                         $res['id'] = '';
 138                 }
 139
 140                 $res['reason'] = $params['reason'];
 141                 $res['anononly'] = $params['anononly'];
 142                 $res['nocreate'] = $params['nocreate'];
 143                 $res['autoblock'] = $params['autoblock'];
 144                 $res['noemail'] = $params['noemail'];
 145                 $res['hidename'] = $params['hidename'];
 146                 $res['allowusertalk'] = $params['allowusertalk'];
 147                 $res['watchuser'] = $params['watchuser'];
 148
 149                 $this->getResult()->addValue( null, $this->getModuleName(), $res );
 150         }
 151
 152         public function mustBePosted() {
 153                 return true;
 154         }
 155
 156         public function isWriteMode() {
 157                 return true;
 158         }
 159
 160         public function getAllowedParams() {
 161                 return [
 162                         'user' => [
 163                                 ApiBase::PARAM_TYPE => 'user',
 164                         ],
 165                         'userid' => [
 166                                 ApiBase::PARAM_TYPE => 'integer',
 167                         ],
 168                         'expiry' => 'never',
 169                         'reason' => '',
 170                         'anononly' => false,
 171                         'nocreate' => false,
 172                         'autoblock' => false,
 173                         'noemail' => false,
 174                         'hidename' => false,
 175                         'allowusertalk' => false,
 176                         'reblock' => false,
 177                         'watchuser' => false,
 178                         'tags' => [
 179                                 ApiBase::PARAM_TYPE => 'tags',
 180                                 ApiBase::PARAM_ISMULTI => true,
 181                         ],
 182                 ];
 183         }
 184
 185         public function needsToken() {
 186                 return 'csrf';
 187         }
 188
 189         protected function getExamplesMessages() {
 190                 // @codingStandardsIgnoreStart Generic.Files.LineLength
 191                 return [
 192                         'action=block&user=192.0.2.5&expiry=3%20days&reason=First%20strike&token=123ABC'
 193                                 => 'apihelp-block-example-ip-simple',
 194                         'action=block&user=Vandal&expiry=never&reason=Vandalism&nocreate=&autoblock=&noemail=&token=123ABC'
 195                                 => 'apihelp-block-example-user-complex',
 196                 ];
 197                 // @codingStandardsIgnoreEnd
 198         }
 199
 200         public function getHelpUrls() {
 201                 return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Block';
 202         }
 203 }