<?php
+
/**
- * Provide an administration interface
- * DO NOT USE: INSECURE.
- *
- * TODO : remove everything related to group editing (SpecialGrouplevels.php)
- * @package MediaWiki
- * @subpackage SpecialPage
+ * Special page to allow managing user group membership
+ *
+ * @addtogroup SpecialPage
+ * @todo This code is disgusting and needs a total rewrite
*/
/** */
-require_once('HTMLForm.php');
-require_once('Group.php');
+require_once( dirname(__FILE__) . '/HTMLForm.php');
/** Entry point */
-function wfSpecialUserrights($par=null) {
+function wfSpecialUserrights() {
global $wgRequest;
- # Debug statement
- // print_r($_POST);
$form = new UserrightsForm($wgRequest);
$form->execute();
}
/**
* A class to manage user levels rights.
- * @package MediaWiki
- * @subpackage SpecialPage
+ * @addtogroup SpecialPage
*/
class UserrightsForm extends HTMLForm {
var $mPosted, $mRequest, $mSaveprefs;
/** Constructor*/
function UserrightsForm ( &$request ) {
$this->mPosted = $request->wasPosted();
- $this->mRequest = $request;
+ $this->mRequest =& $request;
$this->mName = 'userrights';
-
- $titleObj = Title::makeTitle( NS_SPECIAL, 'Userrights' );
+
+ $titleObj = SpecialPage::getTitleFor( 'Userrights' );
$this->action = $titleObj->escapeLocalURL();
}
/**
- * Manage forms to be shown according to posted datas.
- * Depending on the submit button used : Call a form or a saving function.
+ * Manage forms to be shown according to posted data.
+ * Depending on the submit button used, call a form or a save function.
*/
function execute() {
// show the general form
$this->switchForm();
- if ( $this->mPosted ) {
+ if( $this->mPosted ) {
// show some more forms
- if($this->mRequest->getCheck('ssearchuser')) {
- $this->editUserGroupsForm( $this->mRequest->getVal('user-editname')); }
+ if( $this->mRequest->getCheck( 'ssearchuser' ) ) {
+ $this->editUserGroupsForm( $this->mRequest->getVal( 'user-editname' ) );
+ }
// save settings
- if($this->mRequest->getCheck('saveusergroups')) {
- $this->saveUserGroups($this->mRequest->getVal('user-editname'),
- $this->mRequest->getArray('member'),
- $this->mRequest->getArray('available'));
+ if( $this->mRequest->getCheck( 'saveusergroups' ) ) {
+ global $wgUser;
+ $username = $this->mRequest->getVal( 'user-editname' );
+ $reason = $this->mRequest->getVal( 'user-reason' );
+ if( $wgUser->matchEditToken( $this->mRequest->getVal( 'wpEditToken' ), $username ) ) {
+ $this->saveUserGroups( $username,
+ $this->mRequest->getArray( 'member' ),
+ $this->mRequest->getArray( 'available' ),
+ $reason );
+ }
}
}
}
-// save things !!
/**
* Save user groups changes in the database.
- * Datas comes from the editUserGroupsForm() form function
+ * Data comes from the editUserGroupsForm() form function
*
* @param string $username Username to apply changes to.
* @param array $removegroup id of groups to be removed.
* @param array $addgroup id of groups to be added.
+ * @param string $reason Reason for group change
*
- * @todo Log groupname instead of group id.
*/
- function saveUserGroups($username,$removegroup,$addgroup) {
- $u = User::NewFromName($username);
+ function saveUserGroups( $username, $removegroup, $addgroup, $reason = '' ) {
+ global $wgOut;
+ $u = User::newFromName($username);
if(is_null($u)) {
- $wgOut->addHTML('<p>'.wfMsg('nosuchusershort',$username).'</p>');
+ $wgOut->addWikiText( wfMsg( 'nosuchusershort', htmlspecialchars( $username ) ) );
return;
}
if($u->getID() == 0) {
- $wgOut->addHTML('<p>'.wfMsg('nosuchusershort',$username).'</p>');
+ $wgOut->addWikiText( wfMsg( 'nosuchusershort', htmlspecialchars( $username ) ) );
return;
- }
+ }
- $groups = $u->getGroups();
- $logcomment = ' ';
- // remove then add groups
+ $oldGroups = $u->getGroups();
+ $newGroups = $oldGroups;
+ // remove then add groups
if(isset($removegroup)) {
- $groups = array_diff($groups, $removegroup);
- $logcomment .= implode( ' -', $removegroup);
+ $newGroups = array_diff($newGroups, $removegroup);
+ foreach( $removegroup as $group ) {
+ $u->removeGroup( $group );
}
+ }
if(isset($addgroup)) {
- $groups = array_merge($groups, $addgroup);
- $logcomment .= implode( ' +', $addgroup );
+ $newGroups = array_merge($newGroups, $addgroup);
+ foreach( $addgroup as $group ) {
+ $u->addGroup( $group );
}
- // save groups in user object and database
- $u->setGroups($groups);
- $u->saveSettings();
+ }
+ $newGroups = array_unique( $newGroups );
+
+ wfDebug( 'oldGroups: ' . print_r( $oldGroups, true ) );
+ wfDebug( 'newGroups: ' . print_r( $newGroups, true ) );
+ wfRunHooks( 'UserRights', array( &$u, $addgroup, $removegroup ) );
$log = new LogPage( 'rights' );
- $log->addEntry( 'rights', Title::makeTitle( NS_USER, $u->getName() ), $logcomment );
+ $log->addEntry( 'rights', Title::makeTitle( NS_USER, $u->getName() ), $reason, array( $this->makeGroupNameList( $oldGroups ),
+ $this->makeGroupNameList( $newGroups ) ) );
+ }
+
+ function makeGroupNameList( $ids ) {
+ return implode( ', ', $ids );
}
/**
- * The entry form
- * It allows a user to look for a username and edit its groups membership
+ * Output a form to allow searching for a user
*/
function switchForm() {
- global $wgOut;
-
- // user selection
- $wgOut->addHTML( "<form name=\"uluser\" action=\"$this->action\" method=\"post\">\n" );
- $wgOut->addHTML( $this->fieldset( 'lookup-user',
- $this->textbox( 'user-editname' ) .
- '<input type="submit" name="ssearchuser" value="'.wfMsg('editusergroup').'" />'
- ));
- $wgOut->addHTML( "</form>\n" );
+ global $wgOut, $wgRequest;
+ $username = $wgRequest->getText( 'user-editname' );
+ $form = Xml::openElement( 'form', array( 'method' => 'post', 'action' => $this->action, 'name' => 'uluser' ) );
+ $form .= '<fieldset><legend>' . wfMsgHtml( 'userrights-lookup-user' ) . '</legend>';
+ $form .= '<p>' . Xml::inputLabel( wfMsg( 'userrights-user-editname' ), 'user-editname', 'username', 30, $username ) . '</p>';
+ $form .= '<p>' . Xml::submitButton( wfMsg( 'editusergroup' ), array( 'name' => 'ssearchuser' ) ) . '</p>';
+ $form .= '</fieldset>';
+ $form .= '</form>';
+ $wgOut->addHTML( $form );
}
/**
*/
function editUserGroupsForm($username) {
global $wgOut;
-
+
$user = User::newFromName($username);
- if(is_null($user)) {
- $wgOut->addHTML('<p>'.wfMsg('nosuchusershort',$username).'</p>');
+ if( is_null( $user ) ) {
+ $wgOut->addWikiText( wfMsg( 'nouserspecified' ) );
+ return;
+ } elseif( $user->getID() == 0 ) {
+ $wgOut->addWikiText( wfMsg( 'nosuchusershort', wfEscapeWikiText( $username ) ) );
return;
}
- if($user->getID() == 0) {
- $wgOut->addHTML('<p>'.wfMsg('nosuchusershort',$username).'</p>');
- return;
- }
-
$groups = $user->getGroups();
-
- $wgOut->addHTML( "<form name=\"editGroup\" action=\"$this->action\" method=\"post\">\n".
- '<input type="hidden" name="user-editname" value="'.$username.'" />');
- $wgOut->addHTML( $this->fieldset( 'editusergroup',
- wfMsg('editing', $this->mRequest->getVal('user-editname')).".<br />\n" .
- '<table border="0" align="center"><tr><td>'.
- HTMLSelectGroups('member', $this->mName.'-groupsmember', $groups,true,6).
- '</td><td>'.
- HTMLSelectGroups('available', $this->mName.'-groupsavailable', $groups,true,6,true).
- '</td></tr></table>'."\n".
- '<p>'.wfMsg('userrights-groupshelp').'</p>'."\n".
- '<input type="submit" name="saveusergroups" value="'.wfMsg('saveusergroups').'" />'
- ));
- $wgOut->addHTML( "</form>\n" );
+ $this->showEditUserGroupsForm( $username, $groups );
+ }
+
+ function showEditUserGroupsForm( $username, $groups ) {
+ global $wgOut, $wgUser;
+ $wgOut->addHTML(
+ Xml::openElement( 'form', array( 'method' => 'post', 'action' => $this->action, 'name' => 'editGroup' ) ) .
+ Xml::hidden( 'user-editname', $username ) .
+ Xml::hidden( 'wpEditToken', $wgUser->editToken( $username ) ) .
+ Xml::openElement( 'fieldset' ) .
+ Xml::element( 'legend', array(), wfMsg( 'userrights-editusergroup' ) ) .
+ $wgOut->parse( wfMsg( 'editinguser', $username ) ) .
+ "<table border='0'>
+ <tr>
+ <td></td>
+ <td>
+ <table width='400'>
+ <tr>
+ <td width='50%'>" . HTMLSelectGroups( 'member', $this->mName.'-groupsmember', $groups, true, 6 ) . "</td>
+ <td width='50%'>" . HTMLSelectGroups( 'available', $this->mName.'-groupsavailable', $groups, true, 6, true) . "</td>
+ </tr>
+ </table>
+ </tr>
+ <tr>
+ <td colspan='2'>" .
+ $wgOut->parse( wfMsg('userrights-groupshelp') ) .
+ "</td>
+ </tr>
+ <tr>
+ <td>" .
+ Xml::label( wfMsg( 'userrights-reason' ), 'wpReason' ) .
+ "</td>
+ <td>" .
+ Xml::input( 'user-reason', 60, false, array( 'id' => 'wpReason' ) ) .
+ "</td>
+ </tr>
+ <tr>
+ <td></td>
+ <td>" .
+ Xml::submitButton( wfMsg( 'saveusergroups' ), array( 'name' => 'saveusergroups' ) ) .
+ "</td>
+ </tr>
+ </table>\n" .
+ Xml::closeElement( 'fieldset' ) .
+ Xml::closeElement( 'form' ) . "\n"
+ );
}
} // end class UserrightsForm
?>