dépôts / lhc / web / wiklou.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Oops, gotta use $exp here
[lhc/web/wiklou.git] / includes / ProtectionForm.php
diff --git a/includes/ProtectionForm.php b/includes/ProtectionForm.php
index 6f57bc2..931c9e9 100644 (file)
--- a/includes/ProtectionForm.php
+++ b/includes/ProtectionForm.php
@@ -21,7 +21,6 @@
 
 /**
  * @todo document, briefly.
- * @addtogroup SpecialPage
  */
 class ProtectionForm {
        var $mRestrictions = array();
@@ -54,7 +53,8 @@ class ProtectionForm {
                        } else if ( strlen($this->mTitle->mRestrictionsExpiry) == 0 ) {
                                $this->mExpiry = '';
                        } else {
-                               $this->mExpiry = wfTimestamp( TS_RFC2822, $this->mTitle->mRestrictionsExpiry );
+                               // FIXME: this format is not user friendly
+                               $this->mExpiry = wfTimestamp( TS_ISO_8601, $this->mTitle->mRestrictionsExpiry );
                        }
                }
 
@@ -72,6 +72,15 @@ class ProtectionForm {
                        foreach( $this->mApplicableTypes as $action ) {
                                $val = $wgRequest->getVal( "mwProtect-level-$action" );
                                if( isset( $val ) && in_array( $val, $wgRestrictionLevels ) ) {
+                                       //prevent users from setting levels that they cannot later unset
+                                       if( $val == 'sysop' ) {
+                                               //special case, rewrite sysop to either protect and editprotected
+                                               if( !$wgUser->isAllowed('protect') && !$wgUser->isAllowed('editprotected') )
+                                                       continue;
+                                       } else {
+                                               if( !$wgUser->isAllowed($val) )
+                                                       continue;
+                                       }
                                        $this->mRestrictions[$action] = $val;
                                }
                        }
@@ -170,6 +179,8 @@ class ProtectionForm {
                                return false;
                        }
 
+                       // Fixme: non-qualified absolute times are not in users specified timezone
+                       // and there isn't notice about it in the ui
                        $expiry = wfTimestamp( TS_MW, $expiry );
 
                        if ( $expiry < wfTimestampNow() ) {
@@ -254,8 +265,7 @@ class ProtectionForm {
                        Xml::openElement( 'table', array( 'id' => 'mw-protect-table2' ) ) .
                        Xml::openElement( 'tbody' );
 
-               global $wgEnableCascadingProtection;
-               if( $wgEnableCascadingProtection && $this->mTitle->exists() ) {
+               if( $this->mTitle->exists() ) {
                        $out .= '<tr>
                                        <td></td>
                                        <td class="mw-input">' .
@@ -313,7 +323,7 @@ class ProtectionForm {
        }
 
        function buildSelector( $action, $selected ) {
-               global $wgRestrictionLevels;
+               global $wgRestrictionLevels, $wgUser;
                $id = 'mwProtect-level-' . $action;
                $attribs = array(
                        'id' => $id,
@@ -324,6 +334,15 @@ class ProtectionForm {
 
                $out = Xml::openElement( 'select', $attribs );
                foreach( $wgRestrictionLevels as $key ) {
+                       //don't let them choose levels above their own (aka so they can still unprotect and edit the page). but only when the form isn't disabled
+                       if( $key == 'sysop' ) {
+                               //special case, rewrite sysop to protect and editprotected
+                               if( !$wgUser->isAllowed('protect') && !$wgUser->isAllowed('editprotected') && $this->disabled )
+                                       continue;
+                       } else {
+                               if( !$wgUser->isAllowed($key) && !$this->disabled )
+                                       continue;
+                       }
                        $out .= Xml::option( $this->getOptionLabel( $key ), $key, $key == $selected );
                }
                $out .= Xml::closeElement( 'select' );
Wiklou, le Wiki du Wiklou