X-Git-Url: https://git.cyclocoop.org/admin/?a=blobdiff_plain;f=includes%2FSpecialUserrights.php;h=704db3167a7874b1fcdd272ad7c40a8d6aab30bb;hb=a910785f1018d99d63c9fd159f059390e6f8b6df;hp=c04c3e974d0147cdcdccf6fc14752f164d0b99d7;hpb=f98c133919920e5fa2ce48efc64a6d4930521e3a;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/SpecialUserrights.php b/includes/SpecialUserrights.php
index c04c3e974d..704db3167a 100644
--- a/includes/SpecialUserrights.php
+++ b/includes/SpecialUserrights.php
@@ -10,13 +10,10 @@
 
 /** */
 require_once('HTMLForm.php');
-require_once('Group.php');
 
 /** Entry point */
-function wfSpecialUserrights($par=null) {
+function wfSpecialUserrights() {
 	global $wgRequest;
-	# Debug statement
-	// print_r($_POST);
 	$form = new UserrightsForm($wgRequest);
 	$form->execute();
 }
@@ -34,7 +31,7 @@ class UserrightsForm extends HTMLForm {
 	/** Constructor*/
 	function UserrightsForm ( &$request ) {
 		$this->mPosted = $request->wasPosted();
-		$this->mRequest = $request;
+		$this->mRequest =& $request;
 		$this->mName = 'userrights';
 		
 		$titleObj = Title::makeTitle( NS_SPECIAL, 'Userrights' );
@@ -42,67 +39,81 @@ class UserrightsForm extends HTMLForm {
 	}
 
 	/**
-	 * Manage forms to be shown according to posted datas.
-	 * Depending on the submit button used : Call a form or a saving function.
+	 * Manage forms to be shown according to posted data.
+	 * Depending on the submit button used, call a form or a save function.
 	 */
 	function execute() {
 		// show the general form
 		$this->switchForm();
-		if ( $this->mPosted ) {
+		if( $this->mPosted ) {
 			// show some more forms
-			if($this->mRequest->getCheck('ssearchuser')) {
-				$this->editUserGroupsForm( $this->mRequest->getVal('user-editname')); }
+			if( $this->mRequest->getCheck( 'ssearchuser' ) ) {
+				$this->editUserGroupsForm( $this->mRequest->getVal( 'user-editname' ) );
+			}
 
 			// save settings
-			if($this->mRequest->getCheck('saveusergroups')) {
-				$this->saveUserGroups($this->mRequest->getVal('user-editname'),
-				                      $this->mRequest->getArray('member'),
-				                      $this->mRequest->getArray('available'));
+			if( $this->mRequest->getCheck( 'saveusergroups' ) ) {
+				global $wgUser;
+				$username = $this->mRequest->getVal( 'user-editname' );
+				if( $wgUser->matchEditToken( $this->mRequest->getVal( 'wpEditToken' ), $username ) ) {
+					$this->saveUserGroups( $username,
+						$this->mRequest->getArray( 'member' ),
+						$this->mRequest->getArray( 'available' ) );
+				}
 			}
 		}
 	}
 
-// save things !!
 	/**
 	 * Save user groups changes in the database.
-	 * Datas comes from the editUserGroupsForm() form function
+	 * Data comes from the editUserGroupsForm() form function
 	 *
 	 * @param string $username Username to apply changes to.
 	 * @param array $removegroup id of groups to be removed.
 	 * @param array $addgroup id of groups to be added.
 	 *
-	 * @todo Log groupname instead of group id.
 	 */
-	function saveUserGroups($username,$removegroup,$addgroup) {
-		$u = User::NewFromName($username);
+	function saveUserGroups( $username, $removegroup, $addgroup) {
+		$u = User::newFromName($username);
 
 		if(is_null($u)) {
-			$wgOut->addHTML('<p>'.wfMsg('nosuchusershort',$username).'</p>');
+			$wgOut->addWikiText( wfMsg( 'nosuchusershort', htmlspecialchars( $username ) ) );
 			return;
 		}
 
 		if($u->getID() == 0) {
-			$wgOut->addHTML('<p>'.wfMsg('nosuchusershort',$username).'</p>');
+			$wgOut->addWikiText( wfMsg( 'nosuchusershort', htmlspecialchars( $username ) ) );
 			return;
 		}		
 
-		$groups = $u->getGroups();
+		$oldGroups = $u->getGroups();
+		$newGroups = $oldGroups;
 		$logcomment = ' ';
 		// remove then add groups		
 		if(isset($removegroup)) {
-			$groups = array_diff($groups, $removegroup);
-			$logcomment .= implode( ' -', $removegroup);
+			$newGroups = array_diff($newGroups, $removegroup);
+			foreach( $removegroup as $group ) {
+				$u->removeGroup( $group );
 			}
+		}
 		if(isset($addgroup)) {
-			$groups = array_merge($groups, $addgroup);
-			$logcomment .= implode( ' +', $addgroup );
+			$newGroups = array_merge($newGroups, $addgroup);
+			foreach( $addgroup as $group ) {
+				$u->addGroup( $group );
 			}
-		// save groups in user object and database
-		$u->setGroups($groups);
-		$u->saveSettings();
+		}
+		$newGroups = array_unique( $newGroups );
+		
+		wfDebug( 'oldGroups: ' . print_r( $oldGroups, true ) );
+		wfDebug( 'newGroups: ' . print_r( $newGroups, true ) );
 
 		$log = new LogPage( 'rights' );
-		$log->addEntry( 'rights', Title::makeTitle( NS_USER, $u->getName() ), $logcomment );
+		$log->addEntry( 'rights', Title::makeTitle( NS_USER, $u->getName() ), '', array( $this->makeGroupNameList( $oldGroups ),
+			$this->makeGroupNameList( $newGroups ) ) );
+	}
+
+	function makeGroupNameList( $ids ) {
+		return implode( ', ', $ids );
 	}
 
 	/**
@@ -116,7 +127,10 @@ class UserrightsForm extends HTMLForm {
 		$wgOut->addHTML( "<form name=\"uluser\" action=\"$this->action\" method=\"post\">\n" );
 		$wgOut->addHTML( $this->fieldset( 'lookup-user',
 				$this->textbox( 'user-editname' ) .
-				'<input type="submit" name="ssearchuser" value="'.wfMsg('editusergroup').'" />'
+				wfElement( 'input', array(
+					'type'  => 'submit',
+					'name'  => 'ssearchuser',
+					'value' => wfMsg( 'editusergroup' ) ) )
 		));
 		$wgOut->addHTML( "</form>\n" );
 	}
@@ -126,32 +140,37 @@ class UserrightsForm extends HTMLForm {
 	 * @param string $username Name of the user.
 	 */
 	function editUserGroupsForm($username) {
-		global $wgOut;
+		global $wgOut, $wgUser;
 		
 		$user = User::newFromName($username);
-		if(is_null($user)) {
-			$wgOut->addHTML('<p>'.wfMsg('nosuchusershort',$username).'</p>');
+		if( is_null( $user ) || $user->getID() == 0 ) {
+			$wgOut->addWikiText( wfMsg( 'nosuchusershort', wfEscapeWikiText( $username ) ) );
 			return;
 		}
-
-		if($user->getID() == 0) {
-			$wgOut->addHTML('<p>'.wfMsg('nosuchusershort',$username).'</p>');
-			return;
-		}		
 		
 		$groups = $user->getGroups();
 
 		$wgOut->addHTML( "<form name=\"editGroup\" action=\"$this->action\" method=\"post\">\n".
-						 '<input type="hidden" name="user-editname" value="'.$username.'" />');
-		$wgOut->addHTML( $this->fieldset( 'editusergroup',
-			wfMsg('editing', $this->mRequest->getVal('user-editname')).".<br />\n" .
+			wfElement( 'input', array(
+				'type'  => 'hidden',
+				'name'  => 'user-editname',
+				'value' => $username ) ) .
+			wfElement( 'input', array(
+				'type'  => 'hidden',
+				'name'  => 'wpEditToken',
+				'value' => $wgUser->editToken( $username ) ) ) .
+			$this->fieldset( 'editusergroup',
+			$wgOut->parse( wfMsg('editing', $username ) ) .
 			'<table border="0" align="center"><tr><td>'.
 			HTMLSelectGroups('member', $this->mName.'-groupsmember', $groups,true,6).
 			'</td><td>'.
 			HTMLSelectGroups('available', $this->mName.'-groupsavailable', $groups,true,6,true).
 			'</td></tr></table>'."\n".
-			'<p>'.wfMsg('userrights-groupshelp').'</p>'."\n".
-			'<input type="submit" name="saveusergroups" value="'.wfMsg('saveusergroups').'" />'
+			$wgOut->parse( wfMsg('userrights-groupshelp') ) .
+			wfElement( 'input', array(
+				'type'  => 'submit',
+				'name'  => 'saveusergroups',
+				'value' => wfMsg( 'saveusergroups' ) ) )
 			));
 		$wgOut->addHTML( "</form>\n" );
 	}