Add 'viewmyprivateinfo', 'editmyprivateinfo', and 'editmyoptions' rights

[lhc/web/wiklou.git] / includes / api / ApiOptions.php

diff --git a/includes/api/ApiOptions.php b/includes/api/ApiOptions.php
index 8c996a2..720025f 100644 (file)
--- a/includes/api/ApiOptions.php
+++ b/includes/api/ApiOptions.php
@@ -42,6 +42,10 @@ class ApiOptions extends ApiBase {
                        $this->dieUsage( 'Anonymous users cannot change preferences', 'notloggedin' );
                }
 
+               if ( !$user->isAllowed( 'editmyoptions' ) ) {
+                       $this->dieUsage( 'You don\'t have permission to edit your options', 'permissiondenied' );
+               }
+
                $params = $this->extractRequestParams();
                $changed = false;