summaryrefslogtreecommitdiff
path: root/includes/specials/SpecialUserrights.php
diff options
context:
space:
mode:
Diffstat (limited to 'includes/specials/SpecialUserrights.php')
-rw-r--r--includes/specials/SpecialUserrights.php162
1 files changed, 96 insertions, 66 deletions
diff --git a/includes/specials/SpecialUserrights.php b/includes/specials/SpecialUserrights.php
index d4baae28..4501736f 100644
--- a/includes/specials/SpecialUserrights.php
+++ b/includes/specials/SpecialUserrights.php
@@ -45,6 +45,11 @@ class UserrightsPage extends SpecialPage {
return $this->userCanChangeRights( $user, false );
}
+ /**
+ * @param User $user
+ * @param bool $checkIfSelf
+ * @return bool
+ */
public function userCanChangeRights( $user, $checkIfSelf = true ) {
$available = $this->changeableGroups();
if ( $user->getId() == 0 ) {
@@ -75,13 +80,13 @@ class UserrightsPage extends SpecialPage {
* (e.g. they don't have the userrights permission), then don't
* allow them to use Special:UserRights.
*/
- if( $user->isBlocked() && !$user->isAllowed( 'userrights' ) ) {
+ if ( $user->isBlocked() && !$user->isAllowed( 'userrights' ) ) {
throw new UserBlockedError( $user->getBlock() );
}
$request = $this->getRequest();
- if( $par !== null ) {
+ if ( $par !== null ) {
$this->mTarget = $par;
} else {
$this->mTarget = $request->getVal( 'user' );
@@ -95,15 +100,27 @@ class UserrightsPage extends SpecialPage {
* edit their own groups, automatically set them as the
* target.
*/
- if ( !count( $available['add'] ) && !count( $available['remove'] ) )
+ if ( !count( $available['add'] ) && !count( $available['remove'] ) ) {
$this->mTarget = $user->getName();
+ }
}
if ( User::getCanonicalName( $this->mTarget ) == $user->getName() ) {
$this->isself = true;
}
- if( !$this->userCanChangeRights( $user, true ) ) {
+ if ( !$this->userCanChangeRights( $user, true ) ) {
+ if ( $this->isself && $request->getCheck( 'success' ) ) {
+ // bug 48609: if the user just removed its own rights, this would
+ // leads it in a "permissions error" page. In that case, show a
+ // message that it can't anymore use this page instead of an error
+ $this->setHeaders();
+ $out = $this->getOutput();
+ $out->wrapWikiMsg( "<div class=\"successbox\">\n$1\n</div>", 'userrights-removed-self' );
+ $out->returnToMain();
+ return;
+ }
+
// @todo FIXME: There may be intermediate groups we can mention.
$msg = $user->isAnon() ? 'userrights-nologin' : 'userrights-notallowed';
throw new PermissionsError( null, array( array( $msg ) ) );
@@ -122,31 +139,42 @@ class UserrightsPage extends SpecialPage {
$this->switchForm();
}
- if( $request->wasPosted() ) {
+ if (
+ $request->wasPosted() &&
+ $request->getCheck( 'saveusergroups' ) &&
+ $user->matchEditToken( $request->getVal( 'wpEditToken' ), $this->mTarget )
+ ) {
// save settings
- if( $request->getCheck( 'saveusergroups' ) ) {
- $reason = $request->getVal( 'user-reason' );
- $tok = $request->getVal( 'wpEditToken' );
- if( $user->matchEditToken( $tok, $this->mTarget ) ) {
- $this->saveUserGroups(
- $this->mTarget,
- $reason
- );
-
- $out->redirect( $this->getSuccessURL() );
- return;
- }
+ $status = $this->fetchUser( $this->mTarget );
+ if ( !$status->isOK() ) {
+ $this->getOutput()->addWikiText( $status->getWikiText() );
+ return;
+ }
+
+ $targetUser = $status->value;
+
+ if ( $request->getVal( 'conflictcheck-originalgroups' ) !== implode( ',', $targetUser->getGroups() ) ) {
+ $out->addWikiMsg( 'userrights-conflict' );
+ } else {
+ $this->saveUserGroups(
+ $this->mTarget,
+ $request->getVal( 'user-reason' ),
+ $targetUser
+ );
+
+ $out->redirect( $this->getSuccessURL() );
+ return;
}
}
// show some more forms
- if( $this->mTarget !== null ) {
+ if ( $this->mTarget !== null ) {
$this->editUserGroupsForm( $this->mTarget );
}
}
function getSuccessURL() {
- return $this->getTitle( $this->mTarget )->getFullURL();
+ return $this->getTitle( $this->mTarget )->getFullURL( array( 'success' => 1 ) );
}
/**
@@ -155,17 +183,10 @@ class UserrightsPage extends SpecialPage {
*
* @param string $username username to apply changes to.
* @param string $reason reason for group change
+ * @param User|UserRightsProxy $user Target user object.
* @return null
*/
- function saveUserGroups( $username, $reason = '' ) {
- $status = $this->fetchUser( $username );
- if( !$status->isOK() ) {
- $this->getOutput()->addWikiText( $status->getWikiText() );
- return;
- } else {
- $user = $status->value;
- }
-
+ function saveUserGroups( $username, $reason, $user ) {
$allgroups = $this->getAllGroups();
$addgroup = array();
$removegroup = array();
@@ -195,6 +216,8 @@ class UserrightsPage extends SpecialPage {
* @return Array: Tuple of added, then removed groups
*/
function doSaveUserGroups( $user, $add, $remove, $reason = '' ) {
+ global $wgAuth;
+
// Validate input set...
$isself = ( $user->getName() == $this->getUser()->getName() );
$groups = $user->getGroups();
@@ -213,15 +236,15 @@ class UserrightsPage extends SpecialPage {
$newGroups = $oldGroups;
// remove then add groups
- if( $remove ) {
+ if ( $remove ) {
$newGroups = array_diff( $newGroups, $remove );
- foreach( $remove as $group ) {
+ foreach ( $remove as $group ) {
$user->removeGroup( $group );
}
}
- if( $add ) {
+ if ( $add ) {
$newGroups = array_merge( $newGroups, $add );
- foreach( $add as $group ) {
+ foreach ( $add as $group ) {
$user->addGroup( $group );
}
}
@@ -230,11 +253,14 @@ class UserrightsPage extends SpecialPage {
// Ensure that caches are cleared
$user->invalidateCache();
+ // update groups in external authentication database
+ $wgAuth->updateExternalDBGroups( $user, $add, $remove );
+
wfDebug( 'oldGroups: ' . print_r( $oldGroups, true ) );
wfDebug( 'newGroups: ' . print_r( $newGroups, true ) );
wfRunHooks( 'UserRights', array( &$user, $add, $remove ) );
- if( $newGroups != $oldGroups ) {
+ if ( $newGroups != $oldGroups ) {
$this->addLogEntry( $user, $oldGroups, $newGroups, $reason );
}
return array( $add, $remove );
@@ -262,7 +288,7 @@ class UserrightsPage extends SpecialPage {
*/
function editUserGroupsForm( $username ) {
$status = $this->fetchUser( $username );
- if( !$status->isOK() ) {
+ if ( !$status->isOK() ) {
$this->getOutput()->addWikiText( $status->getWikiText() );
return;
} else {
@@ -283,63 +309,64 @@ class UserrightsPage extends SpecialPage {
* return a user (or proxy) object for manipulating it.
*
* Side effects: error output for invalid access
+ * @param string $username
* @return Status object
*/
public function fetchUser( $username ) {
global $wgUserrightsInterwikiDelimiter;
$parts = explode( $wgUserrightsInterwikiDelimiter, $username );
- if( count( $parts ) < 2 ) {
+ if ( count( $parts ) < 2 ) {
$name = trim( $username );
$database = '';
} else {
list( $name, $database ) = array_map( 'trim', $parts );
- if( $database == wfWikiID() ) {
+ if ( $database == wfWikiID() ) {
$database = '';
} else {
- if( !$this->getUser()->isAllowed( 'userrights-interwiki' ) ) {
+ if ( !$this->getUser()->isAllowed( 'userrights-interwiki' ) ) {
return Status::newFatal( 'userrights-no-interwiki' );
}
- if( !UserRightsProxy::validDatabase( $database ) ) {
+ if ( !UserRightsProxy::validDatabase( $database ) ) {
return Status::newFatal( 'userrights-nodatabase', $database );
}
}
}
- if( $name === '' ) {
+ if ( $name === '' ) {
return Status::newFatal( 'nouserspecified' );
}
- if( $name[0] == '#' ) {
+ if ( $name[0] == '#' ) {
// Numeric ID can be specified...
// We'll do a lookup for the name internally.
$id = intval( substr( $name, 1 ) );
- if( $database == '' ) {
+ if ( $database == '' ) {
$name = User::whoIs( $id );
} else {
$name = UserRightsProxy::whoIs( $database, $id );
}
- if( !$name ) {
+ if ( !$name ) {
return Status::newFatal( 'noname' );
}
} else {
$name = User::getCanonicalName( $name );
- if( $name === false ) {
+ if ( $name === false ) {
// invalid name
return Status::newFatal( 'nosuchusershort', $username );
}
}
- if( $database == '' ) {
+ if ( $database == '' ) {
$user = User::newFromName( $name );
} else {
$user = UserRightsProxy::newFromName( $database, $name );
}
- if( !$user || $user->isAnon() ) {
+ if ( !$user || $user->isAnon() ) {
return Status::newFatal( 'nosuchusershort', $username );
}
@@ -347,7 +374,7 @@ class UserrightsPage extends SpecialPage {
}
function makeGroupNameList( $ids ) {
- if( empty( $ids ) ) {
+ if ( empty( $ids ) ) {
return $this->msg( 'rightsnone' )->inContentLanguage()->text();
} else {
return implode( ', ', $ids );
@@ -364,7 +391,7 @@ class UserrightsPage extends SpecialPage {
function makeGroupNameListForLog( $ids ) {
wfDeprecated( __METHOD__, '1.21' );
- if( empty( $ids ) ) {
+ if ( empty( $ids ) ) {
return '';
} else {
return $this->makeGroupNameList( $ids );
@@ -380,7 +407,7 @@ class UserrightsPage extends SpecialPage {
Html::openElement( 'form', array( 'method' => 'get', 'action' => $wgScript, 'name' => 'uluser', 'id' => 'mw-userrights-form1' ) ) .
Html::hidden( 'title', $this->getTitle()->getPrefixedText() ) .
Xml::fieldset( $this->msg( 'userrights-lookup-user' )->text() ) .
- Xml::inputLabel( $this->msg( 'userrights-user-editname' )->text(), 'user', 'username', 30, str_replace( '_', ' ', $this->mTarget ) ) . ' ' .
+ Xml::inputLabel( $this->msg( 'userrights-user-editname' )->text(), 'user', 'username', 30, str_replace( '_', ' ', $this->mTarget ), array( 'autofocus' => true ) ) . ' ' .
Xml::submitButton( $this->msg( 'editusergroup' )->text() ) .
Html::closeElement( 'fieldset' ) .
Html::closeElement( 'form' ) . "\n"
@@ -419,7 +446,7 @@ class UserrightsPage extends SpecialPage {
protected function showEditUserGroupsForm( $user, $groups ) {
$list = array();
$membersList = array();
- foreach( $groups as $group ) {
+ foreach ( $groups as $group ) {
$list[] = self::buildGroupLink( $group );
$membersList[] = self::buildGroupMemberLink( $group );
}
@@ -427,7 +454,7 @@ class UserrightsPage extends SpecialPage {
$autoList = array();
$autoMembersList = array();
if ( $user instanceof User ) {
- foreach( Autopromote::getAutopromoteGroups( $user ) as $group ) {
+ foreach ( Autopromote::getAutopromoteGroups( $user ) as $group ) {
$autoList[] = self::buildGroupLink( $group );
$autoMembersList[] = self::buildGroupMemberLink( $group );
}
@@ -447,12 +474,12 @@ class UserrightsPage extends SpecialPage {
$count = count( $list );
if ( $count > 0 ) {
$grouplist = $this->msg( 'userrights-groupsmember', $count, $user->getName() )->parse();
- $grouplist = '<p>' . $grouplist . ' ' . $displayedList . "</p>\n";
+ $grouplist = '<p>' . $grouplist . ' ' . $displayedList . "</p>\n";
}
$count = count( $autoList );
if ( $count > 0 ) {
$autogrouplistintro = $this->msg( 'userrights-groupsmember-auto', $count, $user->getName() )->parse();
- $grouplist .= '<p>' . $autogrouplistintro . ' ' . $displayedAutolist . "</p>\n";
+ $grouplist .= '<p>' . $autogrouplistintro . ' ' . $displayedAutolist . "</p>\n";
}
$userToolLinks = Linker::userToolLinks(
@@ -466,6 +493,7 @@ class UserrightsPage extends SpecialPage {
Xml::openElement( 'form', array( 'method' => 'post', 'action' => $this->getTitle()->getLocalURL(), 'name' => 'editGroup', 'id' => 'mw-userrights-form2' ) ) .
Html::hidden( 'user', $this->mTarget ) .
Html::hidden( 'wpEditToken', $this->getUser()->getEditToken( $this->mTarget ) ) .
+ Html::hidden( 'conflictcheck-originalgroups', implode( ',', $user->getGroups() ) ) . // Conflict detection
Xml::openElement( 'fieldset' ) .
Xml::element( 'legend', array(), $this->msg( 'userrights-editusergroup', $user->getName() )->text() ) .
$this->msg( 'editinguser' )->params( wfEscapeWikiText( $user->getName() ) )->rawParams( $userToolLinks )->parse() .
@@ -535,17 +563,17 @@ class UserrightsPage extends SpecialPage {
$allgroups = $this->getAllGroups();
$ret = '';
- # Put all column info into an associative array so that extensions can
- # more easily manage it.
+ // Put all column info into an associative array so that extensions can
+ // more easily manage it.
$columns = array( 'unchangeable' => array(), 'changeable' => array() );
- foreach( $allgroups as $group ) {
+ foreach ( $allgroups as $group ) {
$set = in_array( $group, $usergroups );
- # Should the checkbox be disabled?
+ // Should the checkbox be disabled?
$disabled = !(
( $set && $this->canRemove( $group ) ) ||
( !$set && $this->canAdd( $group ) ) );
- # Do we need to point out that this action is irreversible?
+ // Do we need to point out that this action is irreversible?
$irreversible = !$disabled && (
( $set && !$this->canAdd( $group ) ) ||
( !$set && !$this->canRemove( $group ) ) );
@@ -556,27 +584,30 @@ class UserrightsPage extends SpecialPage {
'irreversible' => $irreversible
);
- if( $disabled ) {
+ if ( $disabled ) {
$columns['unchangeable'][$group] = $checkbox;
} else {
$columns['changeable'][$group] = $checkbox;
}
}
- # Build the HTML table
+ // Build the HTML table
$ret .= Xml::openElement( 'table', array( 'class' => 'mw-userrights-groups' ) ) .
"<tr>\n";
- foreach( $columns as $name => $column ) {
- if( $column === array() )
+ foreach ( $columns as $name => $column ) {
+ if ( $column === array() ) {
continue;
+ }
+ // Messages: userrights-changeable-col, userrights-unchangeable-col
$ret .= Xml::element( 'th', null, $this->msg( 'userrights-' . $name . '-col', count( $column ) )->text() );
}
$ret .= "</tr>\n<tr>\n";
- foreach( $columns as $column ) {
- if( $column === array() )
+ foreach ( $columns as $column ) {
+ if ( $column === array() ) {
continue;
+ }
$ret .= "\t<td style='vertical-align:top;'>\n";
- foreach( $column as $group => $checkbox ) {
+ foreach ( $column as $group => $checkbox ) {
$attr = $checkbox['disabled'] ? array( 'disabled' => 'disabled' ) : array();
$member = User::getGroupMember( $group, $user->getName() );
@@ -604,8 +635,7 @@ class UserrightsPage extends SpecialPage {
* @return bool Can we remove the group?
*/
private function canRemove( $group ) {
- // $this->changeableGroups()['remove'] doesn't work, of course. Thanks,
- // PHP.
+ // $this->changeableGroups()['remove'] doesn't work, of course. Thanks, PHP.
$groups = $this->changeableGroups();
return in_array( $group, $groups['remove'] ) || ( $this->isself && in_array( $group, $groups['remove-self'] ) );
}
generated by cgit v1.2.2 (git 2.25.0) at 2024-04-19 05:36:54 +0000