'edit',
'editinterface',
'editprotected',
+ 'editmyoptions',
+ 'editmyprivateinfo',
+ 'editmyusercss',
+ 'editmyuserjs',
+ 'editmywatchlist',
+ 'editsemiprotected',
'editusercssjs', #deprecated
'editusercss',
'edituserjs',
'upload_by_url',
'userrights',
'userrights-interwiki',
+ 'viewmyprivateinfo',
+ 'viewmywatchlist',
'writeapi',
);
/**
* Does a string look like an e-mail address?
*
* This validates an email address using an HTML5 specification found at:
- * http://www.whatwg.org/specs/web-apps/current-work/multipage/states-of-the-type-attribute.html#valid-e-mail-address
+ * http://www.whatwg.org/html/states-of-the-type-attribute.html#valid-e-mail-address
* Which as of 2011-01-24 says:
*
* A valid e-mail address is a string that matches the ABNF production
// In case loadGroups was not called before, we now have the right twice.
// Get rid of the duplicate.
$this->mGroups = array_unique( $this->mGroups );
- $this->mRights = User::getGroupPermissions( $this->getEffectiveGroups( true ) );
+
+ // Refresh the groups caches, and clear the rights cache so it will be
+ // refreshed on the next call to $this->getRights().
+ $this->getEffectiveGroups( true );
+ $this->mRights = null;
$this->invalidateCache();
}
}
$this->loadGroups();
$this->mGroups = array_diff( $this->mGroups, array( $group ) );
- $this->mRights = User::getGroupPermissions( $this->getEffectiveGroups( true ) );
+
+ // Refresh the groups caches, and clear the rights cache so it will be
+ // refreshed on the next call to $this->getRights().
+ $this->getEffectiveGroups( true );
+ $this->mRights = null;
$this->invalidateCache();
}
/**
* Get a WatchedItem for this user and $title.
*
+ * @since 1.22 $checkRights parameter added
* @param $title Title
+ * @param $checkRights int Whether to check 'viewmywatchlist'/'editmywatchlist' rights.
+ * Pass WatchedItem::CHECK_USER_RIGHTS or WatchedItem::IGNORE_USER_RIGHTS.
* @return WatchedItem
*/
- public function getWatchedItem( $title ) {
- $key = $title->getNamespace() . ':' . $title->getDBkey();
+ public function getWatchedItem( $title, $checkRights = WatchedItem::CHECK_USER_RIGHTS ) {
+ $key = $checkRights . ':' . $title->getNamespace() . ':' . $title->getDBkey();
if ( isset( $this->mWatchedItems[$key] ) ) {
return $this->mWatchedItems[$key];
$this->mWatchedItems = array();
}
- $this->mWatchedItems[$key] = WatchedItem::fromUserTitle( $this, $title );
+ $this->mWatchedItems[$key] = WatchedItem::fromUserTitle( $this, $title, $checkRights );
return $this->mWatchedItems[$key];
}
/**
* Check the watched status of an article.
+ * @since 1.22 $checkRights parameter added
* @param $title Title of the article to look at
+ * @param $checkRights int Whether to check 'viewmywatchlist'/'editmywatchlist' rights.
+ * Pass WatchedItem::CHECK_USER_RIGHTS or WatchedItem::IGNORE_USER_RIGHTS.
* @return bool
*/
- public function isWatched( $title ) {
- return $this->getWatchedItem( $title )->isWatched();
+ public function isWatched( $title, $checkRights = WatchedItem::CHECK_USER_RIGHTS ) {
+ return $this->getWatchedItem( $title, $checkRights )->isWatched();
}
/**
* Watch an article.
+ * @since 1.22 $checkRights parameter added
* @param $title Title of the article to look at
+ * @param $checkRights int Whether to check 'viewmywatchlist'/'editmywatchlist' rights.
+ * Pass WatchedItem::CHECK_USER_RIGHTS or WatchedItem::IGNORE_USER_RIGHTS.
*/
- public function addWatch( $title ) {
- $this->getWatchedItem( $title )->addWatch();
+ public function addWatch( $title, $checkRights = WatchedItem::CHECK_USER_RIGHTS ) {
+ $this->getWatchedItem( $title, $checkRights )->addWatch();
$this->invalidateCache();
}
/**
* Stop watching an article.
+ * @since 1.22 $checkRights parameter added
* @param $title Title of the article to look at
+ * @param $checkRights int Whether to check 'viewmywatchlist'/'editmywatchlist' rights.
+ * Pass WatchedItem::CHECK_USER_RIGHTS or WatchedItem::IGNORE_USER_RIGHTS.
*/
- public function removeWatch( $title ) {
- $this->getWatchedItem( $title )->removeWatch();
+ public function removeWatch( $title, $checkRights = WatchedItem::CHECK_USER_RIGHTS ) {
+ $this->getWatchedItem( $title, $checkRights )->removeWatch();
$this->invalidateCache();
}
* Clear the user's notification timestamp for the given title.
* If e-notif e-mails are on, they will receive notification mails on
* the next change of the page if it's watched etc.
+ * @note If the user doesn't have 'editmywatchlist', this will do nothing.
* @param $title Title of the article to look at
*/
public function clearNotification( &$title ) {
return;
}
+ // Do nothing if not allowed to edit the watchlist
+ if ( !$this->isAllowed( 'editmywatchlist' ) ) {
+ return;
+ }
+
if ( $title->getNamespace() == NS_USER_TALK &&
$title->getText() == $this->getName() ) {
if ( !wfRunHooks( 'UserClearNewTalkNotification', array( &$this ) ) ) {
* Resets all of the given user's page-change notification timestamps.
* If e-notif e-mails are on, they will receive notification mails on
* the next change of any watched page.
+ * @note If the user doesn't have 'editmywatchlist', this will do nothing.
*/
public function clearAllNotifications() {
if ( wfReadOnly() ) {
return;
}
+ // Do nothing if not allowed to edit the watchlist
+ if ( !$this->isAllowed( 'editmywatchlist' ) ) {
+ return;
+ }
+
global $wgUseEnotif, $wgShowUpdatedMarker;
if ( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
$this->setNewtalk( false );
$this->clearCookie( 'forceHTTPS' );
// Remember when user logged out, to prevent seeing cached pages
- $this->setCookie( 'LoggedOut', wfTimestampNow(), time() + 86400 );
+ $this->setCookie( 'LoggedOut', time(), time() + 86400 );
}
/**
$this->mTouched = self::newTouchedTimestamp();
$dbw = wfGetDB( DB_MASTER );
+ $inWrite = $dbw->writesOrCallbacksPending();
$seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
$dbw->insert( 'user',
array(
array( 'IGNORE' )
);
if ( !$dbw->affectedRows() ) {
+ if ( !$inWrite ) {
+ // XXX: Get out of REPEATABLE-READ so the SELECT below works.
+ // Often this case happens early in views before any writes.
+ // This shows up at least with CentralAuth.
+ $dbw->commit( __METHOD__, 'flush' );
+ }
$this->mId = $dbw->selectField( 'user', 'user_id',
array( 'user_name' => $this->mName ), __METHOD__ );
$loaded = false;
'user_editcount',
);
}
+
+ /**
+ * Factory function for fatal permission-denied errors
+ *
+ * @since 1.22
+ * @param string $permission User right required
+ * @return Status
+ */
+ static function newFatalPermissionDeniedStatus( $permission ) {
+ global $wgLang;
+
+ $groups = array_map(
+ array( 'User', 'makeGroupLinkWiki' ),
+ User::getGroupsWithPermission( $permission )
+ );
+
+ if ( $groups ) {
+ return Status::newFatal( 'badaccess-groups', $wgLang->commaList( $groups ), count( $groups ) );
+ } else {
+ return Status::newFatal( 'badaccess-group0' );
+ }
+ }
}