-
Notifications
You must be signed in to change notification settings - Fork 12
/
Copy pathWorkflow.php
56 lines (45 loc) · 1.42 KB
/
Workflow.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
<?php
namespace MediaWiki\Extension\OAuth\Control;
use MediaWiki\Config\ServiceOptions;
use MediaWiki\Extension\OAuth\Backend\Consumer;
/** Service class for OAuth workflow-related business logic. */
class Workflow {
/** @internal For use by ServiceWiring */
public const CONSTRUCTOR_OPTIONS = [
'OAuthAutoApprove',
];
public const AUTOAPPROVE_RULE_GRANTS = 'grants';
private ServiceOptions $options;
/**
* @param ServiceOptions $options
*/
public function __construct( ServiceOptions $options ) {
$options->assertRequiredOptions( self::CONSTRUCTOR_OPTIONS );
$this->options = $options;
}
/**
* True if this is a low-risk consumer that does not require manual approval from an
* OAuth admin, and can go straight to the 'approved' stage after creation.
* @param Consumer $consumer
* @return bool
*/
public function consumerCanBeAutoApproved( Consumer $consumer ): bool {
foreach ( $this->options->get( 'OAuthAutoApprove' ) as $condition ) {
// check 'grants' rule
if ( array_key_exists( self::AUTOAPPROVE_RULE_GRANTS, $condition ) ) {
$allowedGrants = $condition[self::AUTOAPPROVE_RULE_GRANTS];
if ( array_diff( $consumer->getGrants(), $allowedGrants ) !== [] ) {
continue;
}
unset( $condition[self::AUTOAPPROVE_RULE_GRANTS] );
}
// check for unsupported rules
if ( $condition ) {
continue;
}
return true;
}
// none of the conditions matched
return false;
}
}