changeableGroups(); if ( $user->getId() == 0 ) { return false; } return !empty( $available['add'] ) || !empty( $available['remove'] ) || ( ( $this->isself || !$checkIfSelf ) && ( !empty( $available['add-self'] ) || !empty( $available['remove-self'] ) ) ); } /** * Manage forms to be shown according to posted data. * Depending on the submit button used, call a form or a save function. * * @param string|null $par String if any subpage provided, else null * @throws UserBlockedError|PermissionsError */ public function execute( $par ) { $user = $this->getUser(); $request = $this->getRequest(); $session = $request->getSession(); $out = $this->getOutput(); if ( $par !== null ) { $this->mTarget = $par; } else { $this->mTarget = $request->getVal( 'user' ); } if ( is_string( $this->mTarget ) ) { $this->mTarget = trim( $this->mTarget ); } if ( $this->mTarget !== null && User::getCanonicalName( $this->mTarget ) === $user->getName() ) { $this->isself = true; } $fetchedStatus = $this->fetchUser( $this->mTarget, true ); if ( $fetchedStatus->isOK() ) { $this->mFetchedUser = $fetchedStatus->value; if ( $this->mFetchedUser instanceof User ) { // Set the 'relevant user' in the skin, so it displays links like Contributions, // User logs, UserRights, etc. $this->getSkin()->setRelevantUser( $this->mFetchedUser ); } } // show a successbox, if the user rights was saved successfully if ( $session->get( 'specialUserrightsSaveSuccess' ) && $this->mFetchedUser !== null ) { // Remove session data for the success message $session->remove( 'specialUserrightsSaveSuccess' ); $out->addModules( [ 'mediawiki.special.userrights' ] ); $out->addModuleStyles( 'mediawiki.notification.convertmessagebox.styles' ); $out->addHTML( Html::rawElement( 'div', [ 'class' => 'mw-notify-success successbox', 'id' => 'mw-preferences-success', 'data-mw-autohide' => 'false', ], Html::element( 'p', [], $this->msg( 'savedrights', $this->mFetchedUser->getName() )->text() ) ) ); } $this->setHeaders(); $this->outputHeader(); $out->addModuleStyles( 'mediawiki.special' ); $this->addHelpLink( 'Help:Assigning permissions' ); $this->switchForm(); if ( $request->wasPosted() && $request->getCheck( 'saveusergroups' ) && $this->mTarget !== null && $user->matchEditToken( $request->getVal( 'wpEditToken' ), $this->mTarget ) ) { /* * If the user is blocked and they only have "partial" access * (e.g. they don't have the userrights permission), then don't * allow them to change any user rights. */ if ( $user->isBlocked() && !$user->isAllowed( 'userrights' ) ) { throw new UserBlockedError( $user->getBlock() ); } $this->checkReadOnly(); // save settings if ( !$fetchedStatus->isOK() ) { $this->getOutput()->addWikiText( $fetchedStatus->getWikiText() ); return; } $targetUser = $this->mFetchedUser; if ( $targetUser instanceof User ) { // UserRightsProxy doesn't have this method (bug 61252) $targetUser->clearInstanceCache(); // bug 38989 } if ( $request->getVal( 'conflictcheck-originalgroups' ) !== implode( ',', $targetUser->getGroups() ) ) { $out->addWikiMsg( 'userrights-conflict' ); } else { $this->saveUserGroups( $this->mTarget, $request->getVal( 'user-reason' ), $targetUser ); // Set session data for the success message $session->set( 'specialUserrightsSaveSuccess', 1 ); $out->redirect( $this->getSuccessURL() ); return; } } // show some more forms if ( $this->mTarget !== null ) { $this->editUserGroupsForm( $this->mTarget ); } } function getSuccessURL() { return $this->getPageTitle( $this->mTarget )->getFullURL(); } /** * Save user groups changes in the database. * Data comes from the editUserGroupsForm() form function * * @param string $username Username to apply changes to. * @param string $reason Reason for group change * @param User|UserRightsProxy $user Target user object. * @return null */ function saveUserGroups( $username, $reason, $user ) { $allgroups = $this->getAllGroups(); $addgroup = []; $removegroup = []; // This could possibly create a highly unlikely race condition if permissions are changed between // when the form is loaded and when the form is saved. Ignoring it for the moment. foreach ( $allgroups as $group ) { // We'll tell it to remove all unchecked groups, and add all checked groups. // Later on, this gets filtered for what can actually be removed if ( $this->getRequest()->getCheck( "wpGroup-$group" ) ) { $addgroup[] = $group; } else { $removegroup[] = $group; } } $this->doSaveUserGroups( $user, $addgroup, $removegroup, $reason ); } /** * Save user groups changes in the database. * * @param User|UserRightsProxy $user * @param array $add Array of groups to add * @param array $remove Array of groups to remove * @param string $reason Reason for group change * @param array $tags Array of change tags to add to the log entry * @return array Tuple of added, then removed groups */ function doSaveUserGroups( $user, $add, $remove, $reason = '', $tags = [] ) { // Validate input set... $isself = $user->getName() == $this->getUser()->getName(); $groups = $user->getGroups(); $changeable = $this->changeableGroups(); $addable = array_merge( $changeable['add'], $isself ? $changeable['add-self'] : [] ); $removable = array_merge( $changeable['remove'], $isself ? $changeable['remove-self'] : [] ); $remove = array_unique( array_intersect( (array)$remove, $removable, $groups ) ); $add = array_unique( array_diff( array_intersect( (array)$add, $addable ), $groups ) ); Hooks::run( 'ChangeUserGroups', [ $this->getUser(), $user, &$add, &$remove ] ); $oldGroups = $user->getGroups(); $newGroups = $oldGroups; // Remove then add groups if ( $remove ) { foreach ( $remove as $index => $group ) { if ( !$user->removeGroup( $group ) ) { unset( $remove[$index] ); } } $newGroups = array_diff( $newGroups, $remove ); } if ( $add ) { foreach ( $add as $index => $group ) { if ( !$user->addGroup( $group ) ) { unset( $add[$index] ); } } $newGroups = array_merge( $newGroups, $add ); } $newGroups = array_unique( $newGroups ); // Ensure that caches are cleared $user->invalidateCache(); // update groups in external authentication database Hooks::run( 'UserGroupsChanged', [ $user, $add, $remove, $this->getUser(), $reason ] ); MediaWiki\Auth\AuthManager::callLegacyAuthPlugin( 'updateExternalDBGroups', [ $user, $add, $remove ] ); wfDebug( 'oldGroups: ' . print_r( $oldGroups, true ) . "\n" ); wfDebug( 'newGroups: ' . print_r( $newGroups, true ) . "\n" ); // Deprecated in favor of UserGroupsChanged hook Hooks::run( 'UserRights', [ &$user, $add, $remove ], '1.26' ); if ( $newGroups != $oldGroups ) { $this->addLogEntry( $user, $oldGroups, $newGroups, $reason, $tags ); } return [ $add, $remove ]; } /** * Add a rights log entry for an action. * @param User $user * @param array $oldGroups * @param array $newGroups * @param array $reason * @param array $tags */ function addLogEntry( $user, $oldGroups, $newGroups, $reason, $tags ) { $logEntry = new ManualLogEntry( 'rights', 'rights' ); $logEntry->setPerformer( $this->getUser() ); $logEntry->setTarget( $user->getUserPage() ); $logEntry->setComment( $reason ); $logEntry->setParameters( [ '4::oldgroups' => $oldGroups, '5::newgroups' => $newGroups, ] ); $logid = $logEntry->insert(); if ( count( $tags ) ) { $logEntry->setTags( $tags ); } $logEntry->publish( $logid ); } /** * Edit user groups membership * @param string $username Name of the user. */ function editUserGroupsForm( $username ) { $status = $this->fetchUser( $username, true ); if ( !$status->isOK() ) { $this->getOutput()->addWikiText( $status->getWikiText() ); return; } else { $user = $status->value; } $groups = $user->getGroups(); $this->showEditUserGroupsForm( $user, $groups ); // This isn't really ideal logging behavior, but let's not hide the // interwiki logs if we're using them as is. $this->showLogFragment( $user, $this->getOutput() ); } /** * Normalize the input username, which may be local or remote, and * return a user (or proxy) object for manipulating it. * * Side effects: error output for invalid access * @param string $username * @param bool $writing * @return Status */ public function fetchUser( $username, $writing = true ) { $parts = explode( $this->getConfig()->get( 'UserrightsInterwikiDelimiter' ), $username ); if ( count( $parts ) < 2 ) { $name = trim( $username ); $database = ''; } else { list( $name, $database ) = array_map( 'trim', $parts ); if ( $database == wfWikiID() ) { $database = ''; } else { if ( $writing && !$this->getUser()->isAllowed( 'userrights-interwiki' ) ) { return Status::newFatal( 'userrights-no-interwiki' ); } if ( !UserRightsProxy::validDatabase( $database ) ) { return Status::newFatal( 'userrights-nodatabase', $database ); } } } if ( $name === '' ) { return Status::newFatal( 'nouserspecified' ); } if ( $name[0] == '#' ) { // Numeric ID can be specified... // We'll do a lookup for the name internally. $id = intval( substr( $name, 1 ) ); if ( $database == '' ) { $name = User::whoIs( $id ); } else { $name = UserRightsProxy::whoIs( $database, $id ); } if ( !$name ) { return Status::newFatal( 'noname' ); } } else { $name = User::getCanonicalName( $name ); if ( $name === false ) { // invalid name return Status::newFatal( 'nosuchusershort', $username ); } } if ( $database == '' ) { $user = User::newFromName( $name ); } else { $user = UserRightsProxy::newFromName( $database, $name ); } if ( !$user || $user->isAnon() ) { return Status::newFatal( 'nosuchusershort', $username ); } return Status::newGood( $user ); } /** * @since 1.15 * * @param array $ids * * @return string */ public function makeGroupNameList( $ids ) { if ( empty( $ids ) ) { return $this->msg( 'rightsnone' )->inContentLanguage()->text(); } else { return implode( ', ', $ids ); } } /** * Output a form to allow searching for a user */ function switchForm() { $this->getOutput()->addModules( 'mediawiki.userSuggest' ); $this->getOutput()->addHTML( Html::openElement( 'form', [ 'method' => 'get', 'action' => wfScript(), 'name' => 'uluser', 'id' => 'mw-userrights-form1' ] ) . Html::hidden( 'title', $this->getPageTitle()->getPrefixedText() ) . Xml::fieldset( $this->msg( 'userrights-lookup-user' )->text() ) . Xml::inputLabel( $this->msg( 'userrights-user-editname' )->text(), 'user', 'username', 30, str_replace( '_', ' ', $this->mTarget ), [ 'class' => 'mw-autocomplete-user', // used by mediawiki.userSuggest ] + ( // Set autofocus on blank input and error input $this->mFetchedUser === null ? [ 'autofocus' => '' ] : [] ) ) . ' ' . Xml::submitButton( $this->msg( 'editusergroup' )->text() ) . Html::closeElement( 'fieldset' ) . Html::closeElement( 'form' ) . "\n" ); } /** * Go through used and available groups and return the ones that this * form will be able to manipulate based on the current user's system * permissions. * * @param array $groups List of groups the given user is in * @return array Tuple of addable, then removable groups */ protected function splitGroups( $groups ) { list( $addable, $removable, $addself, $removeself ) = array_values( $this->changeableGroups() ); $removable = array_intersect( array_merge( $this->isself ? $removeself : [], $removable ), $groups ); // Can't remove groups the user doesn't have $addable = array_diff( array_merge( $this->isself ? $addself : [], $addable ), $groups ); // Can't add groups the user does have return [ $addable, $removable ]; } /** * Show the form to edit group memberships. * * @param User|UserRightsProxy $user User or UserRightsProxy you're editing * @param array $groups Array of groups the user is in */ protected function showEditUserGroupsForm( $user, $groups ) { $list = []; $membersList = []; foreach ( $groups as $group ) { $list[] = self::buildGroupLink( $group ); $membersList[] = self::buildGroupMemberLink( $group ); } $autoList = []; $autoMembersList = []; if ( $user instanceof User ) { foreach ( Autopromote::getAutopromoteGroups( $user ) as $group ) { $autoList[] = self::buildGroupLink( $group ); $autoMembersList[] = self::buildGroupMemberLink( $group ); } } $language = $this->getLanguage(); $displayedList = $this->msg( 'userrights-groupsmember-type' ) ->rawParams( $language->listToText( $list ), $language->listToText( $membersList ) )->escaped(); $displayedAutolist = $this->msg( 'userrights-groupsmember-type' ) ->rawParams( $language->listToText( $autoList ), $language->listToText( $autoMembersList ) )->escaped(); $grouplist = ''; $count = count( $list ); if ( $count > 0 ) { $grouplist = $this->msg( 'userrights-groupsmember' ) ->numParams( $count ) ->params( $user->getName() ) ->parse(); $grouplist = '
' . $grouplist . ' ' . $displayedList . "
\n"; } $count = count( $autoList ); if ( $count > 0 ) { $autogrouplistintro = $this->msg( 'userrights-groupsmember-auto' ) ->numParams( $count ) ->params( $user->getName() ) ->parse(); $grouplist .= '' . $autogrouplistintro . ' ' . $displayedAutolist . "
\n"; } $userToolLinks = Linker::userToolLinks( $user->getId(), $user->getName(), false, /* default for redContribsWhenNoEdits */ Linker::TOOL_LINKS_EMAIL /* Add "send e-mail" link */ ); list( $groupCheckboxes, $canChangeAny ) = $this->groupCheckboxes( $groups, $user ); $this->getOutput()->addHTML( Xml::openElement( 'form', [ 'method' => 'post', 'action' => $this->getPageTitle()->getLocalURL(), 'name' => 'editGroup', 'id' => 'mw-userrights-form2' ] ) . Html::hidden( 'user', $this->mTarget ) . Html::hidden( 'wpEditToken', $this->getUser()->getEditToken( $this->mTarget ) ) . Html::hidden( 'conflictcheck-originalgroups', implode( ',', $user->getGroups() ) ) . // Conflict detection Xml::openElement( 'fieldset' ) . Xml::element( 'legend', [], $this->msg( $canChangeAny ? 'userrights-editusergroup' : 'userrights-viewusergroup', $user->getName() )->text() ) . $this->msg( $canChangeAny ? 'editinguser' : 'viewinguserrights' )->params( wfEscapeWikiText( $user->getName() ) ) ->rawParams( $userToolLinks )->parse() ); if ( $canChangeAny ) { $this->getOutput()->addHTML( $this->msg( 'userrights-groups-help', $user->getName() )->parse() . $grouplist . $groupCheckboxes . Xml::openElement( 'table', [ 'id' => 'mw-userrights-table-outer' ] ) . "