dépôts / lhc / web / wiklou.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge "Add documentation to clarify difference between save and upload message"
[lhc/web/wiklou.git] / includes / api / ApiUserrights.php
diff --git a/includes/api/ApiUserrights.php b/includes/api/ApiUserrights.php
index 3ccdde2..e32b612 100644 (file)
--- a/includes/api/ApiUserrights.php
+++ b/includes/api/ApiUserrights.php
@@ -49,6 +49,14 @@ class ApiUserrights extends ApiBase {
        }
 
        public function execute() {
+               $pUser = $this->getUser();
+
+               // Deny if the user is blocked and doesn't have the full 'userrights' permission.
+               // This matches what Special:UserRights does for the web UI.
+               if ( $pUser->isBlocked() && !$pUser->isAllowed( 'userrights' ) ) {
+                       $this->dieBlocked( $pUser->getBlock() );
+               }
+
                $params = $this->extractRequestParams();
 
                $user = $this->getUrUser( $params );
Wiklou, le Wiki du Wiklou