Validate permissions on application. :)

author Brion Vibber <brion@users.mediawiki.org>

Fri, 28 Dec 2007 02:29:37 +0000 (02:29 +0000)

committer Brion Vibber <brion@users.mediawiki.org>

Fri, 28 Dec 2007 02:29:37 +0000 (02:29 +0000)
author Brion Vibber <brion@users.mediawiki.org>
Fri, 28 Dec 2007 02:29:37 +0000 (02:29 +0000)
committer Brion Vibber <brion@users.mediawiki.org>
Fri, 28 Dec 2007 02:29:37 +0000 (02:29 +0000)
diff --git a/includes/SpecialUserrights.php b/includes/SpecialUserrights.php

index a2d78c7..634fb3f 100644 (file)
--- a/includes/SpecialUserrights.php
+++ b/includes/SpecialUserrights.php
@@ -101,13 +101,17 @@ class UserrightsForm extends HTMLForm {
                 if(isset($removegroup)) {
                         $newGroups = array_diff($newGroups, $removegroup);
                         foreach( $removegroup as $group ) {
-                               $user->removeGroup( $group );
+                               if( $this->canRemove( $group ) ) {
+                                       $user->removeGroup( $group );
+                               }
                         }
                 }
                 if(isset($addgroup)) {
                         $newGroups = array_merge($newGroups, $addgroup);
                         foreach( $addgroup as $group ) {
-                               $user->addGroup( $group );
+                               if( $this->canAdd( $group ) ) {
+                                       $user->addGroup( $group );
+                               }
                         }
                 }
                 $newGroups = array_unique( $newGroups );
author	Brion Vibber <brion@users.mediawiki.org>
	Fri, 28 Dec 2007 02:29:37 +0000 (02:29 +0000)
committer	Brion Vibber <brion@users.mediawiki.org>
	Fri, 28 Dec 2007 02:29:37 +0000 (02:29 +0000)