X-Git-Url: https://git.cyclocoop.org/%27.WWW_URL.%27admin/?a=blobdiff_plain;f=includes%2Fapi%2FApiUserrights.php;h=79c686630521a190145d25f17511214ddaf074bc;hb=12e2154a6bbe3ae65c40ce2230dba9027b6fbb76;hp=cf8ed5ab4e104915cc719880aad677b8f53178b0;hpb=31d239f9d9e2516fc725d9b743ece0dfe72c23a2;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/api/ApiUserrights.php b/includes/api/ApiUserrights.php index cf8ed5ab4e..79c6866305 100644 --- a/includes/api/ApiUserrights.php +++ b/includes/api/ApiUserrights.php @@ -49,6 +49,14 @@ class ApiUserrights extends ApiBase { } public function execute() { + $pUser = $this->getUser(); + + // Deny if the user is blocked and doesn't have the full 'userrights' permission. + // This matches what Special:UserRights does for the web UI. + if ( $pUser->isBlocked() && !$pUser->isAllowed( 'userrights' ) ) { + $this->dieBlocked( $pUser->getBlock() ); + } + $params = $this->extractRequestParams(); $user = $this->getUrUser( $params ); @@ -63,8 +71,8 @@ class ApiUserrights extends ApiBase { ); $result = $this->getResult(); - $result->setIndexedTagName( $r['added'], 'group' ); - $result->setIndexedTagName( $r['removed'], 'group' ); + ApiResult::setIndexedTagName( $r['added'], 'group' ); + ApiResult::setIndexedTagName( $r['removed'], 'group' ); $result->addValue( null, $this->getModuleName(), $r ); } @@ -102,29 +110,29 @@ class ApiUserrights extends ApiBase { } public function getAllowedParams() { - return array( - 'user' => array( - ApiBase::PARAM_TYPE => 'string', - ), - 'userid' => array( + return [ + 'user' => [ + ApiBase::PARAM_TYPE => 'user', + ], + 'userid' => [ ApiBase::PARAM_TYPE => 'integer', - ), - 'add' => array( + ], + 'add' => [ ApiBase::PARAM_TYPE => $this->getAllGroups(), ApiBase::PARAM_ISMULTI => true - ), - 'remove' => array( + ], + 'remove' => [ ApiBase::PARAM_TYPE => $this->getAllGroups(), ApiBase::PARAM_ISMULTI => true - ), - 'reason' => array( + ], + 'reason' => [ ApiBase::PARAM_DFLT => '' - ), - 'token' => array( + ], + 'token' => [ // Standard definition automatically inserted - ApiBase::PARAM_HELP_MSG_APPEND => array( 'api-help-param-token-webui' ), - ), - ); + ApiBase::PARAM_HELP_MSG_APPEND => [ 'api-help-param-token-webui' ], + ], + ]; } public function needsToken() { @@ -136,12 +144,12 @@ class ApiUserrights extends ApiBase { } protected function getExamplesMessages() { - return array( + return [ 'action=userrights&user=FooBot&add=bot&remove=sysop|bureaucrat&token=123ABC' => 'apihelp-userrights-example-user', 'action=userrights&userid=123&add=bot&remove=sysop|bureaucrat&token=123ABC' => 'apihelp-userrights-example-userid', - ); + ]; } public function getHelpUrls() {