If a user has permission to remove a group but not add it, they cannot
manipulate other groups on a user who currently has the un-addable
group. An error is shown that the expiry is invalid and prevents the
save. To fix this, add a hidden input that is hardcoded to the existing
expiration (either 'existing' if it is a temporary assignment, or
'infinite' if the assignment does not expire), so that the validation
succeeds. Validation of this input is already taken care of in
execute(), so it is not possible for a user to extend an expiration this
way if they do not have the necessary privileges to do so.
Bug: T171345
Change-Id: I9268c05d6c491eab45147f8a9941ad4d4e1f563f
} else {
$expiryHtml = $this->msg( 'userrights-expiry-none' )->text();
}
+ // T171345: Add a hidden form element so that other groups can still be manipulated,
+ // otherwise saving errors out with an invalid expiry time for this group.
+ $expiryHtml .= Html::Hidden( "wpExpiry-$group",
+ $currentExpiry ? 'existing' : 'infinite' );
$expiryHtml .= "<br />\n";
} else {
$expiryHtml = Xml::element( 'span', null,