* (bug 27897) list=allusers and list=users list hidden users

Refactored addition of block information, and also checked if user is allowed to view hidden user fields

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 9a3283b..4bd27a6 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -214,7 +214,8 @@ PHP if you have not done so prior to upgrading MediaWiki.
 * (bug 27862) Useremail module didn't properly return success on success.
 * (bug 27590) prop=imageinfo now allows querying the media type
 * (bug 27587) list=filearchive now outputs full title info
-(bug 27018) Added action=filerevert to revert files to an old version
+* (bug 27018) Added action=filerevert to revert files to an old version
+* (bug 27897) list=allusers and list=users list hidden users
 
 === Languages updated in 1.18 ===
 

diff --git a/includes/api/ApiQueryAllUsers.php b/includes/api/ApiQueryAllUsers.php
index 22026f3..5570e7d 100644 (file)
--- a/includes/api/ApiQueryAllUsers.php
+++ b/includes/api/ApiQueryAllUsers.php
@@ -112,13 +112,7 @@ class ApiQueryAllUsers extends ApiQueryBase {
                        $sqlLimit = $limit + 1;
                }
 
-               if ( $fld_blockinfo ) {
-                       $this->addTables( 'ipblocks' );
-                       $this->addJoinConds( array(
-                               'ipblocks' => array( 'LEFT JOIN', 'ipb_user=user_id' ),
-                       ) );
-                       $this->addFields( array( 'ipb_reason', 'ipb_by_text', 'ipb_expiry' ) );
-               }
+               $this->showHiddenUsersAddBlockInfo( $fld_blockinfo );
 
                $this->addOption( 'LIMIT', $sqlLimit );
 

diff --git a/includes/api/ApiQueryBase.php b/includes/api/ApiQueryBase.php
index 3321987..8c867ff 100644 (file)
--- a/includes/api/ApiQueryBase.php
+++ b/includes/api/ApiQueryBase.php
@@ -466,6 +466,34 @@ abstract class ApiQueryBase extends ApiBase {
                return null;
        }
 
+       /**
+        * Filters hidden users (where the user doesn't have the right to view them)
+        * Also adds relevant block information
+        *
+        * @param bool $showBlockInfo
+        * @return void
+        */
+       public function showHiddenUsersAddBlockInfo( $showBlockInfo ) {
+               global $wgUser;
+               $userCanViewHiddenUsers = $wgUser->isAllowed( 'hideuser' );
+
+               if ( $showBlockInfo || !$userCanViewHiddenUsers ) {
+                       $this->addTables( 'ipblocks' );
+                       $this->addJoinConds( array(
+                               'ipblocks' => array( 'LEFT JOIN', 'ipb_user=user_id' ),
+                       ) );
+
+                       if ( $showBlockInfo ) {
+                               $this->addFields( array( 'ipb_reason', 'ipb_by_text', 'ipb_expiry' ) );
+                       }
+
+                       // Don't show hidden names
+                       if ( !$userCanViewHiddenUsers ) {
+                               $this->addWhere( 'ipb_deleted IS NULL' );
+                       }
+               }
+       }
+
        public function getPossibleErrors() {
                return array_merge( parent::getPossibleErrors(), array(
                        array( 'invalidtitle', 'title' ),

diff --git a/includes/api/ApiQueryUsers.php b/includes/api/ApiQueryUsers.php
index 910e255..2f454dd 100644 (file)
--- a/includes/api/ApiQueryUsers.php
+++ b/includes/api/ApiQueryUsers.php
@@ -119,13 +119,8 @@ if ( !defined( 'MEDIAWIKI' ) ) {
                                $this->addJoinConds( array( 'user_groups' => array( 'LEFT JOIN', 'ug_user=user_id' ) ) );
                                $this->addFields( 'ug_group' );
                        }
-                       if ( isset( $this->prop['blockinfo'] ) ) {
-                               $this->addTables( 'ipblocks' );
-                               $this->addJoinConds( array(
-                                       'ipblocks' => array( 'LEFT JOIN', 'ipb_user=user_id' ),
-                               ) );
-                               $this->addFields( array( 'ipb_reason', 'ipb_by_text', 'ipb_expiry' ) );
-                       }
+
+                       $this->showHiddenUsersAddBlockInfo( isset( $this->prop['blockinfo'] ) );
 
                        $data = array();
                        $res = $this->select( __METHOD__ );