diff options
Diffstat (limited to 'includes/specials/SpecialUserrights.php')
-rw-r--r-- | includes/specials/SpecialUserrights.php | 162 |
1 files changed, 96 insertions, 66 deletions
diff --git a/includes/specials/SpecialUserrights.php b/includes/specials/SpecialUserrights.php index d4baae28..4501736f 100644 --- a/includes/specials/SpecialUserrights.php +++ b/includes/specials/SpecialUserrights.php @@ -45,6 +45,11 @@ class UserrightsPage extends SpecialPage { return $this->userCanChangeRights( $user, false ); } + /** + * @param User $user + * @param bool $checkIfSelf + * @return bool + */ public function userCanChangeRights( $user, $checkIfSelf = true ) { $available = $this->changeableGroups(); if ( $user->getId() == 0 ) { @@ -75,13 +80,13 @@ class UserrightsPage extends SpecialPage { * (e.g. they don't have the userrights permission), then don't * allow them to use Special:UserRights. */ - if( $user->isBlocked() && !$user->isAllowed( 'userrights' ) ) { + if ( $user->isBlocked() && !$user->isAllowed( 'userrights' ) ) { throw new UserBlockedError( $user->getBlock() ); } $request = $this->getRequest(); - if( $par !== null ) { + if ( $par !== null ) { $this->mTarget = $par; } else { $this->mTarget = $request->getVal( 'user' ); @@ -95,15 +100,27 @@ class UserrightsPage extends SpecialPage { * edit their own groups, automatically set them as the * target. */ - if ( !count( $available['add'] ) && !count( $available['remove'] ) ) + if ( !count( $available['add'] ) && !count( $available['remove'] ) ) { $this->mTarget = $user->getName(); + } } if ( User::getCanonicalName( $this->mTarget ) == $user->getName() ) { $this->isself = true; } - if( !$this->userCanChangeRights( $user, true ) ) { + if ( !$this->userCanChangeRights( $user, true ) ) { + if ( $this->isself && $request->getCheck( 'success' ) ) { + // bug 48609: if the user just removed its own rights, this would + // leads it in a "permissions error" page. In that case, show a + // message that it can't anymore use this page instead of an error + $this->setHeaders(); + $out = $this->getOutput(); + $out->wrapWikiMsg( "<div class=\"successbox\">\n$1\n</div>", 'userrights-removed-self' ); + $out->returnToMain(); + return; + } + // @todo FIXME: There may be intermediate groups we can mention. $msg = $user->isAnon() ? 'userrights-nologin' : 'userrights-notallowed'; throw new PermissionsError( null, array( array( $msg ) ) ); @@ -122,31 +139,42 @@ class UserrightsPage extends SpecialPage { $this->switchForm(); } - if( $request->wasPosted() ) { + if ( + $request->wasPosted() && + $request->getCheck( 'saveusergroups' ) && + $user->matchEditToken( $request->getVal( 'wpEditToken' ), $this->mTarget ) + ) { // save settings - if( $request->getCheck( 'saveusergroups' ) ) { - $reason = $request->getVal( 'user-reason' ); - $tok = $request->getVal( 'wpEditToken' ); - if( $user->matchEditToken( $tok, $this->mTarget ) ) { - $this->saveUserGroups( - $this->mTarget, - $reason - ); - - $out->redirect( $this->getSuccessURL() ); - return; - } + $status = $this->fetchUser( $this->mTarget ); + if ( !$status->isOK() ) { + $this->getOutput()->addWikiText( $status->getWikiText() ); + return; + } + + $targetUser = $status->value; + + if ( $request->getVal( 'conflictcheck-originalgroups' ) !== implode( ',', $targetUser->getGroups() ) ) { + $out->addWikiMsg( 'userrights-conflict' ); + } else { + $this->saveUserGroups( + $this->mTarget, + $request->getVal( 'user-reason' ), + $targetUser + ); + + $out->redirect( $this->getSuccessURL() ); + return; } } // show some more forms - if( $this->mTarget !== null ) { + if ( $this->mTarget !== null ) { $this->editUserGroupsForm( $this->mTarget ); } } function getSuccessURL() { - return $this->getTitle( $this->mTarget )->getFullURL(); + return $this->getTitle( $this->mTarget )->getFullURL( array( 'success' => 1 ) ); } /** @@ -155,17 +183,10 @@ class UserrightsPage extends SpecialPage { * * @param string $username username to apply changes to. * @param string $reason reason for group change + * @param User|UserRightsProxy $user Target user object. * @return null */ - function saveUserGroups( $username, $reason = '' ) { - $status = $this->fetchUser( $username ); - if( !$status->isOK() ) { - $this->getOutput()->addWikiText( $status->getWikiText() ); - return; - } else { - $user = $status->value; - } - + function saveUserGroups( $username, $reason, $user ) { $allgroups = $this->getAllGroups(); $addgroup = array(); $removegroup = array(); @@ -195,6 +216,8 @@ class UserrightsPage extends SpecialPage { * @return Array: Tuple of added, then removed groups */ function doSaveUserGroups( $user, $add, $remove, $reason = '' ) { + global $wgAuth; + // Validate input set... $isself = ( $user->getName() == $this->getUser()->getName() ); $groups = $user->getGroups(); @@ -213,15 +236,15 @@ class UserrightsPage extends SpecialPage { $newGroups = $oldGroups; // remove then add groups - if( $remove ) { + if ( $remove ) { $newGroups = array_diff( $newGroups, $remove ); - foreach( $remove as $group ) { + foreach ( $remove as $group ) { $user->removeGroup( $group ); } } - if( $add ) { + if ( $add ) { $newGroups = array_merge( $newGroups, $add ); - foreach( $add as $group ) { + foreach ( $add as $group ) { $user->addGroup( $group ); } } @@ -230,11 +253,14 @@ class UserrightsPage extends SpecialPage { // Ensure that caches are cleared $user->invalidateCache(); + // update groups in external authentication database + $wgAuth->updateExternalDBGroups( $user, $add, $remove ); + wfDebug( 'oldGroups: ' . print_r( $oldGroups, true ) ); wfDebug( 'newGroups: ' . print_r( $newGroups, true ) ); wfRunHooks( 'UserRights', array( &$user, $add, $remove ) ); - if( $newGroups != $oldGroups ) { + if ( $newGroups != $oldGroups ) { $this->addLogEntry( $user, $oldGroups, $newGroups, $reason ); } return array( $add, $remove ); @@ -262,7 +288,7 @@ class UserrightsPage extends SpecialPage { */ function editUserGroupsForm( $username ) { $status = $this->fetchUser( $username ); - if( !$status->isOK() ) { + if ( !$status->isOK() ) { $this->getOutput()->addWikiText( $status->getWikiText() ); return; } else { @@ -283,63 +309,64 @@ class UserrightsPage extends SpecialPage { * return a user (or proxy) object for manipulating it. * * Side effects: error output for invalid access + * @param string $username * @return Status object */ public function fetchUser( $username ) { global $wgUserrightsInterwikiDelimiter; $parts = explode( $wgUserrightsInterwikiDelimiter, $username ); - if( count( $parts ) < 2 ) { + if ( count( $parts ) < 2 ) { $name = trim( $username ); $database = ''; } else { list( $name, $database ) = array_map( 'trim', $parts ); - if( $database == wfWikiID() ) { + if ( $database == wfWikiID() ) { $database = ''; } else { - if( !$this->getUser()->isAllowed( 'userrights-interwiki' ) ) { + if ( !$this->getUser()->isAllowed( 'userrights-interwiki' ) ) { return Status::newFatal( 'userrights-no-interwiki' ); } - if( !UserRightsProxy::validDatabase( $database ) ) { + if ( !UserRightsProxy::validDatabase( $database ) ) { return Status::newFatal( 'userrights-nodatabase', $database ); } } } - if( $name === '' ) { + if ( $name === '' ) { return Status::newFatal( 'nouserspecified' ); } - if( $name[0] == '#' ) { + if ( $name[0] == '#' ) { // Numeric ID can be specified... // We'll do a lookup for the name internally. $id = intval( substr( $name, 1 ) ); - if( $database == '' ) { + if ( $database == '' ) { $name = User::whoIs( $id ); } else { $name = UserRightsProxy::whoIs( $database, $id ); } - if( !$name ) { + if ( !$name ) { return Status::newFatal( 'noname' ); } } else { $name = User::getCanonicalName( $name ); - if( $name === false ) { + if ( $name === false ) { // invalid name return Status::newFatal( 'nosuchusershort', $username ); } } - if( $database == '' ) { + if ( $database == '' ) { $user = User::newFromName( $name ); } else { $user = UserRightsProxy::newFromName( $database, $name ); } - if( !$user || $user->isAnon() ) { + if ( !$user || $user->isAnon() ) { return Status::newFatal( 'nosuchusershort', $username ); } @@ -347,7 +374,7 @@ class UserrightsPage extends SpecialPage { } function makeGroupNameList( $ids ) { - if( empty( $ids ) ) { + if ( empty( $ids ) ) { return $this->msg( 'rightsnone' )->inContentLanguage()->text(); } else { return implode( ', ', $ids ); @@ -364,7 +391,7 @@ class UserrightsPage extends SpecialPage { function makeGroupNameListForLog( $ids ) { wfDeprecated( __METHOD__, '1.21' ); - if( empty( $ids ) ) { + if ( empty( $ids ) ) { return ''; } else { return $this->makeGroupNameList( $ids ); @@ -380,7 +407,7 @@ class UserrightsPage extends SpecialPage { Html::openElement( 'form', array( 'method' => 'get', 'action' => $wgScript, 'name' => 'uluser', 'id' => 'mw-userrights-form1' ) ) . Html::hidden( 'title', $this->getTitle()->getPrefixedText() ) . Xml::fieldset( $this->msg( 'userrights-lookup-user' )->text() ) . - Xml::inputLabel( $this->msg( 'userrights-user-editname' )->text(), 'user', 'username', 30, str_replace( '_', ' ', $this->mTarget ) ) . ' ' . + Xml::inputLabel( $this->msg( 'userrights-user-editname' )->text(), 'user', 'username', 30, str_replace( '_', ' ', $this->mTarget ), array( 'autofocus' => true ) ) . ' ' . Xml::submitButton( $this->msg( 'editusergroup' )->text() ) . Html::closeElement( 'fieldset' ) . Html::closeElement( 'form' ) . "\n" @@ -419,7 +446,7 @@ class UserrightsPage extends SpecialPage { protected function showEditUserGroupsForm( $user, $groups ) { $list = array(); $membersList = array(); - foreach( $groups as $group ) { + foreach ( $groups as $group ) { $list[] = self::buildGroupLink( $group ); $membersList[] = self::buildGroupMemberLink( $group ); } @@ -427,7 +454,7 @@ class UserrightsPage extends SpecialPage { $autoList = array(); $autoMembersList = array(); if ( $user instanceof User ) { - foreach( Autopromote::getAutopromoteGroups( $user ) as $group ) { + foreach ( Autopromote::getAutopromoteGroups( $user ) as $group ) { $autoList[] = self::buildGroupLink( $group ); $autoMembersList[] = self::buildGroupMemberLink( $group ); } @@ -447,12 +474,12 @@ class UserrightsPage extends SpecialPage { $count = count( $list ); if ( $count > 0 ) { $grouplist = $this->msg( 'userrights-groupsmember', $count, $user->getName() )->parse(); - $grouplist = '<p>' . $grouplist . ' ' . $displayedList . "</p>\n"; + $grouplist = '<p>' . $grouplist . ' ' . $displayedList . "</p>\n"; } $count = count( $autoList ); if ( $count > 0 ) { $autogrouplistintro = $this->msg( 'userrights-groupsmember-auto', $count, $user->getName() )->parse(); - $grouplist .= '<p>' . $autogrouplistintro . ' ' . $displayedAutolist . "</p>\n"; + $grouplist .= '<p>' . $autogrouplistintro . ' ' . $displayedAutolist . "</p>\n"; } $userToolLinks = Linker::userToolLinks( @@ -466,6 +493,7 @@ class UserrightsPage extends SpecialPage { Xml::openElement( 'form', array( 'method' => 'post', 'action' => $this->getTitle()->getLocalURL(), 'name' => 'editGroup', 'id' => 'mw-userrights-form2' ) ) . Html::hidden( 'user', $this->mTarget ) . Html::hidden( 'wpEditToken', $this->getUser()->getEditToken( $this->mTarget ) ) . + Html::hidden( 'conflictcheck-originalgroups', implode( ',', $user->getGroups() ) ) . // Conflict detection Xml::openElement( 'fieldset' ) . Xml::element( 'legend', array(), $this->msg( 'userrights-editusergroup', $user->getName() )->text() ) . $this->msg( 'editinguser' )->params( wfEscapeWikiText( $user->getName() ) )->rawParams( $userToolLinks )->parse() . @@ -535,17 +563,17 @@ class UserrightsPage extends SpecialPage { $allgroups = $this->getAllGroups(); $ret = ''; - # Put all column info into an associative array so that extensions can - # more easily manage it. + // Put all column info into an associative array so that extensions can + // more easily manage it. $columns = array( 'unchangeable' => array(), 'changeable' => array() ); - foreach( $allgroups as $group ) { + foreach ( $allgroups as $group ) { $set = in_array( $group, $usergroups ); - # Should the checkbox be disabled? + // Should the checkbox be disabled? $disabled = !( ( $set && $this->canRemove( $group ) ) || ( !$set && $this->canAdd( $group ) ) ); - # Do we need to point out that this action is irreversible? + // Do we need to point out that this action is irreversible? $irreversible = !$disabled && ( ( $set && !$this->canAdd( $group ) ) || ( !$set && !$this->canRemove( $group ) ) ); @@ -556,27 +584,30 @@ class UserrightsPage extends SpecialPage { 'irreversible' => $irreversible ); - if( $disabled ) { + if ( $disabled ) { $columns['unchangeable'][$group] = $checkbox; } else { $columns['changeable'][$group] = $checkbox; } } - # Build the HTML table + // Build the HTML table $ret .= Xml::openElement( 'table', array( 'class' => 'mw-userrights-groups' ) ) . "<tr>\n"; - foreach( $columns as $name => $column ) { - if( $column === array() ) + foreach ( $columns as $name => $column ) { + if ( $column === array() ) { continue; + } + // Messages: userrights-changeable-col, userrights-unchangeable-col $ret .= Xml::element( 'th', null, $this->msg( 'userrights-' . $name . '-col', count( $column ) )->text() ); } $ret .= "</tr>\n<tr>\n"; - foreach( $columns as $column ) { - if( $column === array() ) + foreach ( $columns as $column ) { + if ( $column === array() ) { continue; + } $ret .= "\t<td style='vertical-align:top;'>\n"; - foreach( $column as $group => $checkbox ) { + foreach ( $column as $group => $checkbox ) { $attr = $checkbox['disabled'] ? array( 'disabled' => 'disabled' ) : array(); $member = User::getGroupMember( $group, $user->getName() ); @@ -604,8 +635,7 @@ class UserrightsPage extends SpecialPage { * @return bool Can we remove the group? */ private function canRemove( $group ) { - // $this->changeableGroups()['remove'] doesn't work, of course. Thanks, - // PHP. + // $this->changeableGroups()['remove'] doesn't work, of course. Thanks, PHP. $groups = $this->changeableGroups(); return in_array( $group, $groups['remove'] ) || ( $this->isself && in_array( $group, $groups['remove-self'] ) ); } |