X-Git-Url: https://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/banques/?a=blobdiff_plain;f=includes%2Fapi%2FApiUserrights.php;h=3aaae70483c1968b5752aa20364508a7c8d98079;hb=eb8823743c281fe72446ae06809467fd2746f7f7;hp=acb3da8fb1118d985b7d3c129b6c1c381833947d;hpb=a954426320529222df460aa9ac89c74950d610e0;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/api/ApiUserrights.php b/includes/api/ApiUserrights.php
index acb3da8fb1..3aaae70483 100644
--- a/includes/api/ApiUserrights.php
+++ b/includes/api/ApiUserrights.php
@@ -51,11 +51,9 @@ class ApiUserrights extends ApiBase {
 
 		// Deny if the user is blocked and doesn't have the full 'userrights' permission.
 		// This matches what Special:UserRights does for the web UI.
-		if ( !$pUser->isAllowed( 'userrights' ) ) {
-			// @TODO Should the user be blocked from changing user rights if they
-			//       are partially blocked?
+		if ( !$this->getPermissionManager()->userHasRight( $pUser, 'userrights' ) ) {
 			$block = $pUser->getBlock();
-			if ( $block ) {
+			if ( $block && $block->isSitewide() ) {
 				$this->dieBlocked( $block );
 			}
 		}
@@ -114,6 +112,7 @@ class ApiUserrights extends ApiBase {
 
 		$form = $this->getUserRightsPage();
 		$form->setContext( $this->getContext() );
+		$r = [];
 		$r['user'] = $user->getName();
 		$r['userid'] = $user->getId();
 		list( $r['added'], $r['removed'] ) = $form->doSaveUserGroups(