return true;
}
- public function isRestricted() {
- return true;
- }
-
- public function userCanExecute( User $user ) {
- return $this->userCanChangeRights( $user, false );
- }
-
/**
* @param User $user
* @param bool $checkIfSelf
* @throws UserBlockedError|PermissionsError
*/
public function execute( $par ) {
- // If the visitor doesn't have permissions to assign or remove
- // any groups, it's a bit silly to give them the user search prompt.
-
$user = $this->getUser();
$request = $this->getRequest();
$out = $this->getOutput();
- /*
- * If the user is blocked and they only have "partial" access
- * (e.g. they don't have the userrights permission), then don't
- * allow them to use Special:UserRights.
- */
- if ( $user->isBlocked() && !$user->isAllowed( 'userrights' ) ) {
- throw new UserBlockedError( $user->getBlock() );
- }
-
if ( $par !== null ) {
$this->mTarget = $par;
} else {
$this->mTarget = trim( $this->mTarget );
}
- $available = $this->changeableGroups();
-
- if ( $this->mTarget === null ) {
- /*
- * If the user specified no target, and they can only
- * edit their own groups, automatically set them as the
- * target.
- */
- if ( !count( $available['add'] ) && !count( $available['remove'] ) ) {
- $this->mTarget = $user->getName();
- }
- }
-
- if ( $this->mTarget !== null && User::getCanonicalName( $this->mTarget ) === $user->getName() ) {
- $this->isself = true;
- }
-
- $fetchedStatus = $this->fetchUser( $this->mTarget );
+ $fetchedStatus = $this->fetchUser( $this->mTarget, true );
if ( $fetchedStatus->isOK() ) {
$this->mFetchedUser = $fetchedStatus->value;
if ( $this->mFetchedUser instanceof User ) {
}
}
- if ( !$this->userCanChangeRights( $user, true ) ) {
- if ( $this->isself && $request->getCheck( 'success' ) ) {
- // bug 48609: if the user just removed its own rights, this would
- // leads it in a "permissions error" page. In that case, show a
- // message that it can't anymore use this page instead of an error
- $this->setHeaders();
- $out->wrapWikiMsg( "<div class=\"successbox\">\n$1\n</div>", 'userrights-removed-self' );
- $out->returnToMain();
-
- return;
- }
-
- // @todo FIXME: There may be intermediate groups we can mention.
- $msg = $user->isAnon() ? 'userrights-nologin' : 'userrights-notallowed';
- throw new PermissionsError( null, [ [ $msg ] ] );
- }
-
// show a successbox, if the user rights was saved successfully
if ( $request->getCheck( 'success' ) && $this->mFetchedUser !== null ) {
$out->addModules( [ 'mediawiki.special.userrights' ] );
);
}
- $this->checkReadOnly();
-
$this->setHeaders();
$this->outputHeader();
$out->addModuleStyles( 'mediawiki.special' );
$this->addHelpLink( 'Help:Assigning permissions' );
- // show the general form
- if ( count( $available['add'] ) || count( $available['remove'] ) ) {
- $this->switchForm();
- }
+ $this->switchForm();
if (
$request->wasPosted() &&
$this->mTarget !== null &&
$user->matchEditToken( $request->getVal( 'wpEditToken' ), $this->mTarget )
) {
+ /*
+ * If the user is blocked and they only have "partial" access
+ * (e.g. they don't have the userrights permission), then don't
+ * allow them to change any user rights.
+ */
+ if ( $user->isBlocked() && !$user->isAllowed( 'userrights' ) ) {
+ throw new UserBlockedError( $user->getBlock() );
+ }
+
+ $this->checkReadOnly();
+
// save settings
if ( !$fetchedStatus->isOK() ) {
$this->getOutput()->addWikiText( $fetchedStatus->getWikiText() );
* @param string $username Name of the user.
*/
function editUserGroupsForm( $username ) {
- $status = $this->fetchUser( $username );
+ $status = $this->fetchUser( $username, true );
if ( !$status->isOK() ) {
$this->getOutput()->addWikiText( $status->getWikiText() );
*
* Side effects: error output for invalid access
* @param string $username
+ * @param bool $writing
* @return Status
*/
- public function fetchUser( $username ) {
+ public function fetchUser( $username, $writing ) {
$parts = explode( $this->getConfig()->get( 'UserrightsInterwikiDelimiter' ), $username );
if ( count( $parts ) < 2 ) {
$name = trim( $username );
if ( $database == wfWikiID() ) {
$database = '';
} else {
- if ( !$this->getUser()->isAllowed( 'userrights-interwiki' ) ) {
+ if ( $writing && !$this->getUser()->isAllowed( 'userrights-interwiki' ) ) {
return Status::newFatal( 'userrights-no-interwiki' );
}
if ( !UserRightsProxy::validDatabase( $database ) ) {
Linker::TOOL_LINKS_EMAIL /* Add "send e-mail" link */
);
+ list( $groupCheckboxes, $canChangeAny ) = $this->groupCheckboxes( $groups, $user );
$this->getOutput()->addHTML(
Xml::openElement(
'form',
$this->msg( 'userrights-editusergroup', $user->getName() )->text()
) .
$this->msg( 'editinguser' )->params( wfEscapeWikiText( $user->getName() ) )
- ->rawParams( $userToolLinks )->parse() .
- $this->msg( 'userrights-groups-help', $user->getName() )->parse() .
- $grouplist .
- $this->groupCheckboxes( $groups, $user ) .
- Xml::openElement( 'table', [ 'id' => 'mw-userrights-table-outer' ] ) .
- "<tr>
- <td class='mw-label'>" .
- Xml::label( $this->msg( 'userrights-reason' )->text(), 'wpReason' ) .
- "</td>
- <td class='mw-input'>" .
- Xml::input( 'user-reason', 60, $this->getRequest()->getVal( 'user-reason', false ),
- [ 'id' => 'wpReason', 'maxlength' => 255 ] ) .
- "</td>
- </tr>
- <tr>
- <td></td>
- <td class='mw-submit'>" .
- Xml::submitButton( $this->msg( 'saveusergroups', $user->getName() )->text(),
- [ 'name' => 'saveusergroups' ] +
- Linker::tooltipAndAccesskeyAttribs( 'userrights-set' )
- ) .
- "</td>
- </tr>" .
- Xml::closeElement( 'table' ) . "\n" .
+ ->rawParams( $userToolLinks )->parse()
+ );
+ if ( $canChangeAny ) {
+ $this->getOutput()->addHTML(
+ $this->msg( 'userrights-groups-help', $user->getName() )->parse() .
+ $grouplist .
+ $groupCheckboxes .
+ Xml::openElement( 'table', [ 'id' => 'mw-userrights-table-outer' ] ) .
+ "<tr>
+ <td class='mw-label'>" .
+ Xml::label( $this->msg( 'userrights-reason' )->text(), 'wpReason' ) .
+ "</td>
+ <td class='mw-input'>" .
+ Xml::input( 'user-reason', 60, $this->getRequest()->getVal( 'user-reason', false ),
+ [ 'id' => 'wpReason', 'maxlength' => 255 ] ) .
+ "</td>
+ </tr>
+ <tr>
+ <td></td>
+ <td class='mw-submit'>" .
+ Xml::submitButton( $this->msg( 'saveusergroups', $user->getName() )->text(),
+ [ 'name' => 'saveusergroups' ] +
+ Linker::tooltipAndAccesskeyAttribs( 'userrights-set' )
+ ) .
+ "</td>
+ </tr>" .
+ Xml::closeElement( 'table' ) . "\n"
+ );
+ } else {
+ $this->getOutput()->addHTML( $grouplist );
+ }
+ $this->getOutput()->addHTML(
Xml::closeElement( 'fieldset' ) .
Xml::closeElement( 'form' ) . "\n"
);
* @todo Just pass the username string?
* @param array $usergroups Groups the user belongs to
* @param User $user
- * @return string XHTML table element with checkboxes
+ * @return Array with 2 elements: the XHTML table element with checkxboes, and
+ * whether any groups are changeable
*/
private function groupCheckboxes( $usergroups, $user ) {
$allgroups = $this->getAllGroups();
}
$ret .= Xml::closeElement( 'tr' ) . Xml::closeElement( 'table' );
- return $ret;
+ return [ $ret, (bool)$columns['changeable'] ];
}
/**
return 'users';
}
}
+
"views": "Views",
"toolbox": "Tools",
"tool-link-userrights": "Change {{GENDER:$1|user}} groups",
+ "tool-link-userrights-readonly": "View {{GENDER:$1|user}} groups",
"tool-link-emailuser": "Email this {{GENDER:$1|user}}",
"userpage": "View user page",
"projectpage": "View project page",
"prefs-tabs-navigation-hint": "Tip: You can use the left and right arrow keys to navigate between the tabs in the tabs list.",
"userrights": "User rights management",
"userrights-summary": "",
- "userrights-lookup-user": "Manage user groups",
+ "userrights-lookup-user": "Select a user",
"userrights-user-editname": "Enter a username:",
- "editusergroup": "Edit {{GENDER:$1|user}} groups",
+ "editusergroup": "Load {{GENDER:$1|user}} groups",
"editinguser": "Changing user rights of {{GENDER:$1|user}} <strong>[[User:$1|$1]]</strong> $2",
"userrights-editusergroup": "Edit user groups",
"saveusergroups": "Save {{GENDER:$1|user}} groups",
"userrights-reason": "Reason:",
"userrights-no-interwiki": "You do not have permission to edit user rights on other wikis.",
"userrights-nodatabase": "Database $1 does not exist or is not local.",
- "userrights-nologin": "You must [[Special:UserLogin|log in]] with an administrator account to assign user rights.",
- "userrights-notallowed": "You do not have permission to add or remove user rights.",
"userrights-changeable-col": "Groups you can change",
"userrights-unchangeable-col": "Groups you cannot change",
"userrights-irreversible-marker": "$1*",
"userrights-conflict": "Conflict of user rights changes! Please review and confirm your changes.",
- "userrights-removed-self": "You removed your own rights. As such, you are no longer able to access this page.",
"group": "Group:",
"group-user": "Users",
"group-autoconfirmed": "Autoconfirmed users",
"talk": "Used as display name for the tab to all {{msg-mw|Talk}} pages. These pages accompany all content pages and can be used for discussing the content page. Example: [[Talk:Example]].\n\nSee also:\n* {{msg-mw|Talk}}\n* {{msg-mw|Accesskey-ca-talk}}\n* {{msg-mw|Tooltip-ca-talk}}\n{{Identical|Discussion}}",
"views": "Subtitle for the list of available views, for the current page. In \"monobook\" skin the list of views are shown as tabs, so this sub-title is not shown. For an example, see [{{canonicalurl:Main_Page|useskin=simple}} Main Page using simple skin].\n\n'''Note:''' This is \"views\" as in \"appearances\"/\"representations\", '''not''' as in \"visits\"/\"accesses\".\n{{Identical|View}}",
"toolbox": "The title of the toolbox below the search menu.\n{{Identical|Tool}}",
- "tool-link-userrights": "Link to [[Special:UserRights]] (user rights management) in the sidebar toolbox.\n\nParameters:\n* $1 - Name of user for the user group management (usable for GENDER)",
+ "tool-link-userrights": "Link to [[Special:UserRights]] (user rights management) in the sidebar toolbox, shown if the current user is allowed to change given user's groups.\n\nParameters:\n* $1 - Name of user for the user group management (usable for GENDER)",
+ "tool-link-userrights-readonly": "Link to [[Special:UserRights]] (user rights management) in the sidebar toolbox, shown if the current user is '''not''' allowed to change given user's groups.\n\nParameters:\n* $1 - Name of user for the user group management (usable for GENDER)",
"tool-link-emailuser": "Link to [[Special:EmailUser]] (email user tool) in the sidebar toolbox.\n\nParameters:\n* $1 - Name of user who would receive the email\n\nSee also:\n* {{msg-mw|Emailuser-title-target}}",
"userpage": "Used in user talk pages as the text of the link to the user page, with the Cologne Blue skin.",
"projectpage": "Used as link text in Talk page of project page with the Cologne Blue skin.",
"userrights-summary": "{{doc-specialpagesummary|userrights}}",
"userrights-lookup-user": "Label text when managing user rights ([[Special:UserRights]])",
"userrights-user-editname": "Displayed on [[Special:UserRights]].",
- "editusergroup": "Button name, in page [[Special:Userrights]] (only available to administrators), in the section named {{MediaWiki:userrights-lookup-user}}.\n\n{{Identical|Edit user groups}}.\nParameters:\n* $1 - username, for GENDER support",
+ "editusergroup": "Button name, in page [[Special:Userrights]], in the section named {{MediaWiki:userrights-lookup-user}}.\nParameters:\n* $1 - username, for GENDER support",
"editinguser": "Appears on [[Special:UserRights]]. Parameters:\n* $1 - a plaintext username\n* $2 - user tool links. e.g. \"(Talk | contribs | block | send email)\"",
- "userrights-editusergroup": "Parameter:\n* $1 - (Optional) a username, can be used for GENDER\n{{Identical|Edit user groups}}",
+ "userrights-editusergroup": "Parameter:\n* $1 - (Optional) a username, can be used for GENDER",
"saveusergroups": "Button text when editing user groups.\nParameters:\n* $1 - username, for GENDER support",
"userrights-groupsmember": "Used when editing user groups in [[Special:Userrights]].\n\nThe message is followed by a list of group names.\n\nParameters:\n* $1 - (Optional) the number of items in the list following the message, for PLURAL\n* $2 - (Optional) the user name, for GENDER",
"userrights-groupsmember-auto": "Used when editing user groups in [[Special:Userrights]]. The message is followed by a list of group names.\n\n\"Implicit\" is for groups that the user was automatically added to (such as \"autoconfirmed\"); cf. {{msg-mw|userrights-groupsmember}}\n\nParameters:\n* $1 - (Optional) the number of items in the list following the message, for PLURAL\n* $2 - (Optional) the user name, for GENDER",
"userrights-reason": "Text beside log field when editing user groups\n\n{{Identical|Reason}}",
"userrights-no-interwiki": "Error message when editing user groups",
"userrights-nodatabase": "Error message when editing user groups.\n\n\"Local\" means databases/wikis of the same farm/cluster; that is, meta, enwiki, dewiki, commons, etc are all local databases of the Wikimedia Foundation.\n\nSee [{{canonicalurl:meta:Special:Log|type=rights}} meta:Special:Log?type=rights] for a usage of local databases: username@barwiki\n\nParameters:\n* $1 - database name",
- "userrights-nologin": "Error displayed on [[Special:UserRights]] when you aren't logged in.\n\nIf you are logged in, but don't have the correct permission, you see {{msg-mw|Userrights-notallowed}}.",
- "userrights-notallowed": "Error displayed on [[Special:UserRights]] when you don't have the permission.",
"userrights-changeable-col": "Used when editing user groups in [[Special:Userrights]].\n\nThe message is the head of a column of group assignments.\n\nParameters:\n* $1 - (Optional) for PLURAL use, the number of items in the column following the message. Avoid PLURAL, if your language can do without.",
"userrights-unchangeable-col": "Used when editing user groups in [[Special:Userrights]]. The message is the head of a column of group assignments.\n\nParameters:\n* $1 - (Optional) for PLURAL use, the number of items in the column following the message. Avoid PLURAL, if your language allows that.",
"userrights-irreversible-marker": "{{optional}}\nParameters:\n* $1 - group member",
"userrights-conflict": "Shown on [[Special:UserRights]] if the target's rights have been changed since the form was loaded.",
- "userrights-removed-self": "Shown on [[Special:UserRights]] in a green box after the user removed its own rights to access that page.",
"group": "{{Identical|Group}}",
"group-user": "{{doc-group|user}}\n{{Identical|User}}",
"group-autoconfirmed": "{{doc-group|autoconfirmed}}\nOn Wikimedia sites autoconfirmed users are users which are older than 4 days. After those 4 days, they have more rights.",