From d6fe6de7a85d951c15fa484ade57b0d725317c81 Mon Sep 17 00:00:00 2001
From: Happy-melon <happy-melon@users.mediawiki.org>
Date: Fri, 26 Mar 2010 23:02:10 +0000
Subject: [PATCH] Followup to r64228 - apply restrictions in API.

---
 includes/api/ApiBase.php    |  2 ++
 includes/api/ApiBlock.php   | 17 +++++++++++++++++
 includes/api/ApiUnblock.php | 17 +++++++++++++++++
 3 files changed, 36 insertions(+)

diff --git a/includes/api/ApiBase.php b/includes/api/ApiBase.php
index 2c3164d260..eaf07b9f49 100644
--- a/includes/api/ApiBase.php
+++ b/includes/api/ApiBase.php
@@ -873,6 +873,8 @@ abstract class ApiBase {
 		'ipb_blocked_as_range' => array( 'code' => 'blockedasrange', 'info' => "IP address ``\$1'' was blocked as part of range ``\$2''. You can't unblock the IP invidually, but you can unblock the range as a whole." ),
 		'ipb_cant_unblock' => array( 'code' => 'cantunblock', 'info' => "The block you specified was not found. It may have been unblocked already" ),
 		'mailnologin' => array( 'code' => 'cantsend', 'info' => "You are not logged in, you do not have a confirmed e-mail address, or you are not allowed to send e-mail to other users, so you cannot send e-mail" ),
+		'ipbblocked' => array( 'code' => 'ipbblocked', 'info' => 'You cannot block or unblock users while you are yourself blocked' ),
+		'ipbnounblockself' => array( 'code' => 'ipbnounblockself', 'info' => 'You are not allowed to unblock yourself' ),
 		'usermaildisabled' => array( 'code' => 'usermaildisabled', 'info' => "User email has been disabled" ),
 		'blockedemailuser' => array( 'code' => 'blockedfrommail', 'info' => "You have been blocked from sending e-mail" ),
 		'notarget' => array( 'code' => 'notarget', 'info' => "You have not specified a valid target for this action" ),
diff --git a/includes/api/ApiBlock.php b/includes/api/ApiBlock.php
index f4a9d7b60b..6af2a21e29 100644
--- a/includes/api/ApiBlock.php
+++ b/includes/api/ApiBlock.php
@@ -64,6 +64,21 @@ class ApiBlock extends ApiBase {
 		if ( !$wgUser->isAllowed( 'block' ) ) {
 			$this->dieUsageMsg( array( 'cantblock' ) );
 		}
+		# bug 15810: blocked admins should have limited access here
+		if( $wgUser->isBlocked() ){
+			$user = User::newFromName( $params['user'] );
+			if( $user instanceof User
+				&& $user->getId() == $wgUser->getId() )
+			{
+				# User is trying to unblock themselves
+				if( !$wgUser->isAllowed( 'unblockself' ) ){
+					$this->dieUsageMsg( array( 'ipbnounblockself' ) );
+				}
+			} else {
+				# User is trying to block/unblock someone else
+				$this->dieUsageMsg( array( 'ipbblocked' ) );
+			}
+		}
 		if ( $params['hidename'] && !$wgUser->isAllowed( 'hideuser' ) ) {
 			$this->dieUsageMsg( array( 'canthide' ) );
 		}
@@ -172,6 +187,8 @@ class ApiBlock extends ApiBase {
 			array( 'cantblock' ),
 			array( 'canthide' ),
 			array( 'cantblock-email' ),
+			array( 'ipbblocked' ),
+			array( 'ipbnounblockself' ),
 		) );
 	}
 	
diff --git a/includes/api/ApiUnblock.php b/includes/api/ApiUnblock.php
index 8b835fc15d..7857c5e23e 100644
--- a/includes/api/ApiUnblock.php
+++ b/includes/api/ApiUnblock.php
@@ -62,6 +62,21 @@ class ApiUnblock extends ApiBase {
 		if ( !$wgUser->isAllowed( 'block' ) ) {
 			$this->dieUsageMsg( array( 'cantunblock' ) );
 		}
+		# bug 15810: blocked admins should have limited access here
+		if( $wgUser->isBlocked() ){
+			$user = User::newFromName( $params['user'] );
+			if( $user instanceof User
+				&& $user->getId() == $wgUser->getId() )
+			{
+				# User is trying to unblock themselves
+				if( !$wgUser->isAllowed( 'unblockself' ) ){
+					$this->dieUsageMsg( array( 'ipbnounblockself' ) );
+				}
+			} else {
+				# User is trying to block/unblock someone else
+				$this->dieUsageMsg( array( 'ipbblocked' ) );
+			}
+		}
 
 		$id = $params['id'];
 		$user = $params['user'];
@@ -116,6 +131,8 @@ class ApiUnblock extends ApiBase {
 			array( 'unblock-notarget' ),
 			array( 'unblock-idanduser' ),
 			array( 'cantunblock' ),
+			array( 'ipbblocked' ),
+			array( 'ipbnounblockself' ),
 		) );
 	}
 
-- 
2.20.1