From c488abeeb884e4af0e6e117941a02f4e18d212c5 Mon Sep 17 00:00:00 2001 From: Sam Reed Date: Sun, 6 Mar 2011 17:59:08 +0000 Subject: [PATCH] * (bug 27897) list=allusers and list=users list hidden users Refactored addition of block information, and also checked if user is allowed to view hidden user fields --- RELEASE-NOTES | 3 ++- includes/api/ApiQueryAllUsers.php | 8 +------- includes/api/ApiQueryBase.php | 28 ++++++++++++++++++++++++++++ includes/api/ApiQueryUsers.php | 9 ++------- 4 files changed, 33 insertions(+), 15 deletions(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 9a3283bfaf..4bd27a6bf4 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -214,7 +214,8 @@ PHP if you have not done so prior to upgrading MediaWiki. * (bug 27862) Useremail module didn't properly return success on success. * (bug 27590) prop=imageinfo now allows querying the media type * (bug 27587) list=filearchive now outputs full title info -(bug 27018) Added action=filerevert to revert files to an old version +* (bug 27018) Added action=filerevert to revert files to an old version +* (bug 27897) list=allusers and list=users list hidden users === Languages updated in 1.18 === diff --git a/includes/api/ApiQueryAllUsers.php b/includes/api/ApiQueryAllUsers.php index 22026f36ec..5570e7d463 100644 --- a/includes/api/ApiQueryAllUsers.php +++ b/includes/api/ApiQueryAllUsers.php @@ -112,13 +112,7 @@ class ApiQueryAllUsers extends ApiQueryBase { $sqlLimit = $limit + 1; } - if ( $fld_blockinfo ) { - $this->addTables( 'ipblocks' ); - $this->addJoinConds( array( - 'ipblocks' => array( 'LEFT JOIN', 'ipb_user=user_id' ), - ) ); - $this->addFields( array( 'ipb_reason', 'ipb_by_text', 'ipb_expiry' ) ); - } + $this->showHiddenUsersAddBlockInfo( $fld_blockinfo ); $this->addOption( 'LIMIT', $sqlLimit ); diff --git a/includes/api/ApiQueryBase.php b/includes/api/ApiQueryBase.php index 3321987f4c..8c867ffdbb 100644 --- a/includes/api/ApiQueryBase.php +++ b/includes/api/ApiQueryBase.php @@ -466,6 +466,34 @@ abstract class ApiQueryBase extends ApiBase { return null; } + /** + * Filters hidden users (where the user doesn't have the right to view them) + * Also adds relevant block information + * + * @param bool $showBlockInfo + * @return void + */ + public function showHiddenUsersAddBlockInfo( $showBlockInfo ) { + global $wgUser; + $userCanViewHiddenUsers = $wgUser->isAllowed( 'hideuser' ); + + if ( $showBlockInfo || !$userCanViewHiddenUsers ) { + $this->addTables( 'ipblocks' ); + $this->addJoinConds( array( + 'ipblocks' => array( 'LEFT JOIN', 'ipb_user=user_id' ), + ) ); + + if ( $showBlockInfo ) { + $this->addFields( array( 'ipb_reason', 'ipb_by_text', 'ipb_expiry' ) ); + } + + // Don't show hidden names + if ( !$userCanViewHiddenUsers ) { + $this->addWhere( 'ipb_deleted IS NULL' ); + } + } + } + public function getPossibleErrors() { return array_merge( parent::getPossibleErrors(), array( array( 'invalidtitle', 'title' ), diff --git a/includes/api/ApiQueryUsers.php b/includes/api/ApiQueryUsers.php index 910e255969..2f454dd2bc 100644 --- a/includes/api/ApiQueryUsers.php +++ b/includes/api/ApiQueryUsers.php @@ -119,13 +119,8 @@ if ( !defined( 'MEDIAWIKI' ) ) { $this->addJoinConds( array( 'user_groups' => array( 'LEFT JOIN', 'ug_user=user_id' ) ) ); $this->addFields( 'ug_group' ); } - if ( isset( $this->prop['blockinfo'] ) ) { - $this->addTables( 'ipblocks' ); - $this->addJoinConds( array( - 'ipblocks' => array( 'LEFT JOIN', 'ipb_user=user_id' ), - ) ); - $this->addFields( array( 'ipb_reason', 'ipb_by_text', 'ipb_expiry' ) ); - } + + $this->showHiddenUsersAddBlockInfo( isset( $this->prop['blockinfo'] ) ); $data = array(); $res = $this->select( __METHOD__ ); -- 2.20.1