From 98ffe3c5368b4c7362833415f1c7de2dbc74f3a1 Mon Sep 17 00:00:00 2001
From: Alex Monk <krenair@gmail.com>
Date: Wed, 17 Apr 2013 17:57:33 +0100
Subject: [PATCH] Detect user rights conflicts

Bug: 38989
Change-Id: I75996605885c1b5300da8ad7b03c48560450a0c4
---
 includes/specials/SpecialUserrights.php | 49 ++++++++++++++-----------
 languages/messages/MessagesEn.php       |  1 +
 languages/messages/MessagesQqq.php      |  1 +
 maintenance/language/messages.inc       |  1 +
 4 files changed, 30 insertions(+), 22 deletions(-)

diff --git a/includes/specials/SpecialUserrights.php b/includes/specials/SpecialUserrights.php
index b9d6d30ebb..f23bc2dfbd 100644
--- a/includes/specials/SpecialUserrights.php
+++ b/includes/specials/SpecialUserrights.php
@@ -128,20 +128,31 @@ class UserrightsPage extends SpecialPage {
 			$this->switchForm();
 		}
 
-		if ( $request->wasPosted() ) {
+		if (
+			$request->wasPosted() &&
+			$request->getCheck( 'saveusergroups' ) &&
+			$user->matchEditToken( $request->getVal( 'wpEditToken' ), $this->mTarget )
+		) {
 			// save settings
-			if ( $request->getCheck( 'saveusergroups' ) ) {
-				$reason = $request->getVal( 'user-reason' );
-				$tok = $request->getVal( 'wpEditToken' );
-				if ( $user->matchEditToken( $tok, $this->mTarget ) ) {
-					$this->saveUserGroups(
-						$this->mTarget,
-						$reason
-					);
-
-					$out->redirect( $this->getSuccessURL() );
-					return;
-				}
+			$status = $this->fetchUser( $this->mTarget );
+			if ( !$status->isOK() ) {
+				$this->getOutput()->addWikiText( $status->getWikiText() );
+				return;
+			}
+
+			$targetUser = $status->value;
+
+			if ( $request->getVal( 'conflictcheck-originalgroups' ) !== implode( ',', $targetUser->getGroups() ) ) {
+				$out->addWikiMsg( 'userrights-conflict' );
+			} else {
+				$this->saveUserGroups(
+					$this->mTarget,
+					$request->getVal( 'user-reason' ),
+					$targetUser
+				);
+
+				$out->redirect( $this->getSuccessURL() );
+				return;
 			}
 		}
 
@@ -161,17 +172,10 @@ class UserrightsPage extends SpecialPage {
 	 *
 	 * @param string $username username to apply changes to.
 	 * @param string $reason reason for group change
+	 * @param User|UserRightsProxy $user Target user object.
 	 * @return null
 	 */
-	function saveUserGroups( $username, $reason = '' ) {
-		$status = $this->fetchUser( $username );
-		if ( !$status->isOK() ) {
-			$this->getOutput()->addWikiText( $status->getWikiText() );
-			return;
-		} else {
-			$user = $status->value;
-		}
-
+	function saveUserGroups( $username, $reason, $user ) {
 		$allgroups = $this->getAllGroups();
 		$addgroup = array();
 		$removegroup = array();
@@ -473,6 +477,7 @@ class UserrightsPage extends SpecialPage {
 			Xml::openElement( 'form', array( 'method' => 'post', 'action' => $this->getTitle()->getLocalURL(), 'name' => 'editGroup', 'id' => 'mw-userrights-form2' ) ) .
 			Html::hidden( 'user', $this->mTarget ) .
 			Html::hidden( 'wpEditToken', $this->getUser()->getEditToken( $this->mTarget ) ) .
+			Html::hidden( 'conflictcheck-originalgroups', implode( ',', $user->getGroups() ) ) . // Conflict detection
 			Xml::openElement( 'fieldset' ) .
 			Xml::element( 'legend', array(), $this->msg( 'userrights-editusergroup', $user->getName() )->text() ) .
 			$this->msg( 'editinguser' )->params( wfEscapeWikiText( $user->getName() ) )->rawParams( $userToolLinks )->parse() .
diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php
index f3a0072225..60d722327f 100644
--- a/languages/messages/MessagesEn.php
+++ b/languages/messages/MessagesEn.php
@@ -1970,6 +1970,7 @@ Your email address is not revealed when other users contact you.',
 'userrights-changeable-col'      => 'Groups you can change',
 'userrights-unchangeable-col'    => 'Groups you cannot change',
 'userrights-irreversible-marker' => '$1*', # only translate this message to other languages if you have to change it
+'userrights-conflict'            => 'User rights conflict! Please apply your changes again.',
 
 # Groups
 'group'               => 'Group:',
diff --git a/languages/messages/MessagesQqq.php b/languages/messages/MessagesQqq.php
index 022b1392b6..7af3324fee 100644
--- a/languages/messages/MessagesQqq.php
+++ b/languages/messages/MessagesQqq.php
@@ -2636,6 +2636,7 @@ Parameters:
 Parameters:
 * $1 - optional, for PLURAL use, the number of items in the column following the message. Avoid PLURAL, if your language allows that.',
 'userrights-irreversible-marker' => '{{optional}}',
+'userrights-conflict'            => 'Shown on Special:UserRights if the target\'s rights have been changed since the form was loaded.',
 
 # Groups
 'group' => '{{Identical|Group}}',
diff --git a/maintenance/language/messages.inc b/maintenance/language/messages.inc
index 3b9fadfb22..7a2ce635d6 100644
--- a/maintenance/language/messages.inc
+++ b/maintenance/language/messages.inc
@@ -1104,6 +1104,7 @@ $wgMessageStructure = array(
 		'userrights-changeable-col',
 		'userrights-unchangeable-col',
 		'userrights-irreversible-marker',
+		'userrights-conflict',
 	),
 	'group' => array(
 		'group',
-- 
2.20.1