X-Git-Url: http://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2Fspecials%2FSpecialUserrights.php;h=6ded6d9dd796223ca440d936f8fc68b811ef7771;hb=645266fe3e1befe84b800b4f78a3b208fa8943d4;hp=433dcab593778bbd30ddc9a93a20c370f3a4bb70;hpb=7874fc4bec845ad92960b07e969c65f3c3fe74f2;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/specials/SpecialUserrights.php b/includes/specials/SpecialUserrights.php
index 433dcab593..6ded6d9dd7 100644
--- a/includes/specials/SpecialUserrights.php
+++ b/includes/specials/SpecialUserrights.php
@@ -48,14 +48,6 @@ class UserrightsPage extends SpecialPage {
 		return true;
 	}
 
-	public function isRestricted() {
-		return true;
-	}
-
-	public function userCanExecute( User $user ) {
-		return $this->userCanChangeRights( $user, false );
-	}
-
 	/**
 	 * @param User $user
 	 * @param bool $checkIfSelf
@@ -82,22 +74,10 @@ class UserrightsPage extends SpecialPage {
 	 * @throws UserBlockedError|PermissionsError
 	 */
 	public function execute( $par ) {
-		// If the visitor doesn't have permissions to assign or remove
-		// any groups, it's a bit silly to give them the user search prompt.
-
 		$user = $this->getUser();
 		$request = $this->getRequest();
 		$out = $this->getOutput();
 
-		/*
-		 * If the user is blocked and they only have "partial" access
-		 * (e.g. they don't have the userrights permission), then don't
-		 * allow them to use Special:UserRights.
-		 */
-		if ( $user->isBlocked() && !$user->isAllowed( 'userrights' ) ) {
-			throw new UserBlockedError( $user->getBlock() );
-		}
-
 		if ( $par !== null ) {
 			$this->mTarget = $par;
 		} else {
@@ -108,24 +88,7 @@ class UserrightsPage extends SpecialPage {
 			$this->mTarget = trim( $this->mTarget );
 		}
 
-		$available = $this->changeableGroups();
-
-		if ( $this->mTarget === null ) {
-			/*
-			 * If the user specified no target, and they can only
-			 * edit their own groups, automatically set them as the
-			 * target.
-			 */
-			if ( !count( $available['add'] ) && !count( $available['remove'] ) ) {
-				$this->mTarget = $user->getName();
-			}
-		}
-
-		if ( $this->mTarget !== null && User::getCanonicalName( $this->mTarget ) === $user->getName() ) {
-			$this->isself = true;
-		}
-
-		$fetchedStatus = $this->fetchUser( $this->mTarget );
+		$fetchedStatus = $this->fetchUser( $this->mTarget, true );
 		if ( $fetchedStatus->isOK() ) {
 			$this->mFetchedUser = $fetchedStatus->value;
 			if ( $this->mFetchedUser instanceof User ) {
@@ -135,23 +98,6 @@ class UserrightsPage extends SpecialPage {
 			}
 		}
 
-		if ( !$this->userCanChangeRights( $user, true ) ) {
-			if ( $this->isself && $request->getCheck( 'success' ) ) {
-				// bug 48609: if the user just removed its own rights, this would
-				// leads it in a "permissions error" page. In that case, show a
-				// message that it can't anymore use this page instead of an error
-				$this->setHeaders();
-				$out->wrapWikiMsg( "<div class=\"successbox\">\n$1\n</div>", 'userrights-removed-self' );
-				$out->returnToMain();
-
-				return;
-			}
-
-			// @todo FIXME: There may be intermediate groups we can mention.
-			$msg = $user->isAnon() ? 'userrights-nologin' : 'userrights-notallowed';
-			throw new PermissionsError( null, [ [ $msg ] ] );
-		}
-
 		// show a successbox, if the user rights was saved successfully
 		if ( $request->getCheck( 'success' ) && $this->mFetchedUser !== null ) {
 			$out->addModules( [ 'mediawiki.special.userrights' ] );
@@ -173,18 +119,13 @@ class UserrightsPage extends SpecialPage {
 			);
 		}
 
-		$this->checkReadOnly();
-
 		$this->setHeaders();
 		$this->outputHeader();
 
 		$out->addModuleStyles( 'mediawiki.special' );
 		$this->addHelpLink( 'Help:Assigning permissions' );
 
-		// show the general form
-		if ( count( $available['add'] ) || count( $available['remove'] ) ) {
-			$this->switchForm();
-		}
+		$this->switchForm();
 
 		if (
 			$request->wasPosted() &&
@@ -192,6 +133,17 @@ class UserrightsPage extends SpecialPage {
 			$this->mTarget !== null &&
 			$user->matchEditToken( $request->getVal( 'wpEditToken' ), $this->mTarget )
 		) {
+			/*
+			* If the user is blocked and they only have "partial" access
+			* (e.g. they don't have the userrights permission), then don't
+			* allow them to change any user rights.
+			*/
+			if ( $user->isBlocked() && !$user->isAllowed( 'userrights' ) ) {
+				throw new UserBlockedError( $user->getBlock() );
+			}
+
+			$this->checkReadOnly();
+
 			// save settings
 			if ( !$fetchedStatus->isOK() ) {
 				$this->getOutput()->addWikiText( $fetchedStatus->getWikiText() );
@@ -352,7 +304,7 @@ class UserrightsPage extends SpecialPage {
 	 * @param string $username Name of the user.
 	 */
 	function editUserGroupsForm( $username ) {
-		$status = $this->fetchUser( $username );
+		$status = $this->fetchUser( $username, true );
 		if ( !$status->isOK() ) {
 			$this->getOutput()->addWikiText( $status->getWikiText() );
 
@@ -376,9 +328,10 @@ class UserrightsPage extends SpecialPage {
 	 *
 	 * Side effects: error output for invalid access
 	 * @param string $username
+	 * @param bool $writing
 	 * @return Status
 	 */
-	public function fetchUser( $username ) {
+	public function fetchUser( $username, $writing ) {
 		$parts = explode( $this->getConfig()->get( 'UserrightsInterwikiDelimiter' ), $username );
 		if ( count( $parts ) < 2 ) {
 			$name = trim( $username );
@@ -389,7 +342,7 @@ class UserrightsPage extends SpecialPage {
 			if ( $database == wfWikiID() ) {
 				$database = '';
 			} else {
-				if ( !$this->getUser()->isAllowed( 'userrights-interwiki' ) ) {
+				if ( $writing && !$this->getUser()->isAllowed( 'userrights-interwiki' ) ) {
 					return Status::newFatal( 'userrights-no-interwiki' );
 				}
 				if ( !UserRightsProxy::validDatabase( $database ) ) {
@@ -484,10 +437,7 @@ class UserrightsPage extends SpecialPage {
 				)
 			) . ' ' .
 			Xml::submitButton(
-				$this->msg(
-					'editusergroup',
-					$this->mFetchedUser === null ? '[]' : $this->mFetchedUser->getName()
-				)->text()
+				$this->msg( 'editusergroup' )->text()
 			) .
 			Html::closeElement( 'fieldset' ) .
 			Html::closeElement( 'form' ) . "\n"
@@ -578,6 +528,7 @@ class UserrightsPage extends SpecialPage {
 			Linker::TOOL_LINKS_EMAIL /* Add "send e-mail" link */
 		);
 
+		list( $groupCheckboxes, $canChangeAny ) = $this->groupCheckboxes( $groups, $user );
 		$this->getOutput()->addHTML(
 			Xml::openElement(
 				'form',
@@ -601,30 +552,38 @@ class UserrightsPage extends SpecialPage {
 				$this->msg( 'userrights-editusergroup', $user->getName() )->text()
 			) .
 			$this->msg( 'editinguser' )->params( wfEscapeWikiText( $user->getName() ) )
-				->rawParams( $userToolLinks )->parse() .
-			$this->msg( 'userrights-groups-help', $user->getName() )->parse() .
-			$grouplist .
-			$this->groupCheckboxes( $groups, $user ) .
-			Xml::openElement( 'table', [ 'id' => 'mw-userrights-table-outer' ] ) .
-				"<tr>
-					<td class='mw-label'>" .
-						Xml::label( $this->msg( 'userrights-reason' )->text(), 'wpReason' ) .
-					"</td>
-					<td class='mw-input'>" .
-						Xml::input( 'user-reason', 60, $this->getRequest()->getVal( 'user-reason', false ),
-							[ 'id' => 'wpReason', 'maxlength' => 255 ] ) .
-					"</td>
-				</tr>
-				<tr>
-					<td></td>
-					<td class='mw-submit'>" .
-						Xml::submitButton( $this->msg( 'saveusergroups', $user->getName() )->text(),
-							[ 'name' => 'saveusergroups' ] +
-								Linker::tooltipAndAccesskeyAttribs( 'userrights-set' )
-						) .
-					"</td>
-				</tr>" .
-			Xml::closeElement( 'table' ) . "\n" .
+				->rawParams( $userToolLinks )->parse()
+		);
+		if ( $canChangeAny ) {
+			$this->getOutput()->addHTML(
+				$this->msg( 'userrights-groups-help', $user->getName() )->parse() .
+				$grouplist .
+				$groupCheckboxes .
+				Xml::openElement( 'table', [ 'id' => 'mw-userrights-table-outer' ] ) .
+					"<tr>
+						<td class='mw-label'>" .
+							Xml::label( $this->msg( 'userrights-reason' )->text(), 'wpReason' ) .
+						"</td>
+						<td class='mw-input'>" .
+							Xml::input( 'user-reason', 60, $this->getRequest()->getVal( 'user-reason', false ),
+								[ 'id' => 'wpReason', 'maxlength' => 255 ] ) .
+						"</td>
+					</tr>
+					<tr>
+						<td></td>
+						<td class='mw-submit'>" .
+							Xml::submitButton( $this->msg( 'saveusergroups', $user->getName() )->text(),
+								[ 'name' => 'saveusergroups' ] +
+									Linker::tooltipAndAccesskeyAttribs( 'userrights-set' )
+							) .
+						"</td>
+					</tr>" .
+				Xml::closeElement( 'table' ) . "\n"
+			);
+		} else {
+			$this->getOutput()->addHTML( $grouplist );
+		}
+		$this->getOutput()->addHTML(
 			Xml::closeElement( 'fieldset' ) .
 			Xml::closeElement( 'form' ) . "\n"
 		);
@@ -664,7 +623,8 @@ class UserrightsPage extends SpecialPage {
 	 * @todo Just pass the username string?
 	 * @param array $usergroups Groups the user belongs to
 	 * @param User $user
-	 * @return string XHTML table element with checkboxes
+	 * @return Array with 2 elements: the XHTML table element with checkxboes, and
+	 * whether any groups are changeable
 	 */
 	private function groupCheckboxes( $usergroups, $user ) {
 		$allgroups = $this->getAllGroups();
@@ -739,7 +699,7 @@ class UserrightsPage extends SpecialPage {
 		}
 		$ret .= Xml::closeElement( 'tr' ) . Xml::closeElement( 'table' );
 
-		return $ret;
+		return [ $ret, (bool)$columns['changeable'] ];
 	}
 
 	/**
@@ -747,7 +707,6 @@ class UserrightsPage extends SpecialPage {
 	 * @return bool Can we remove the group?
 	 */
 	private function canRemove( $group ) {
-		// $this->changeableGroups()['remove'] doesn't work, of course. Thanks, PHP.
 		$groups = $this->changeableGroups();
 
 		return in_array(
@@ -817,3 +776,4 @@ class UserrightsPage extends SpecialPage {
 		return 'users';
 	}
 }
+