X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2FSpecialUserrights.php;h=0e61622b85461d36437467e9f90be85ca7ae450f;hb=ae23eaf60beeee40e3f2f33f2d3e1e6a302e40bc;hp=c04c3e974d0147cdcdccf6fc14752f164d0b99d7;hpb=f98c133919920e5fa2ce48efc64a6d4930521e3a;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/SpecialUserrights.php b/includes/SpecialUserrights.php
index c04c3e974d..0e61622b85 100644
--- a/includes/SpecialUserrights.php
+++ b/includes/SpecialUserrights.php
@@ -1,30 +1,25 @@
 <?php
+
 /**
- * Provide an administration interface
- * DO NOT USE: INSECURE.
- * 
- * TODO : remove everything related to group editing (SpecialGrouplevels.php)
- * @package MediaWiki
- * @subpackage SpecialPage
+ * Special page to allow managing user group membership
+ *
+ * @addtogroup SpecialPage
+ * @todo This code is disgusting and needs a total rewrite
  */
 
 /** */
-require_once('HTMLForm.php');
-require_once('Group.php');
+require_once( dirname(__FILE__) . '/HTMLForm.php');
 
 /** Entry point */
-function wfSpecialUserrights($par=null) {
+function wfSpecialUserrights() {
 	global $wgRequest;
-	# Debug statement
-	// print_r($_POST);
 	$form = new UserrightsForm($wgRequest);
 	$form->execute();
 }
 
 /**
  * A class to manage user levels rights.
- * @package MediaWiki
- * @subpackage SpecialPage
+ * @addtogroup SpecialPage
  */
 class UserrightsForm extends HTMLForm {
 	var $mPosted, $mRequest, $mSaveprefs;
@@ -34,91 +29,108 @@ class UserrightsForm extends HTMLForm {
 	/** Constructor*/
 	function UserrightsForm ( &$request ) {
 		$this->mPosted = $request->wasPosted();
-		$this->mRequest = $request;
+		$this->mRequest =& $request;
 		$this->mName = 'userrights';
-		
-		$titleObj = Title::makeTitle( NS_SPECIAL, 'Userrights' );
+
+		$titleObj = SpecialPage::getTitleFor( 'Userrights' );
 		$this->action = $titleObj->escapeLocalURL();
 	}
 
 	/**
-	 * Manage forms to be shown according to posted datas.
-	 * Depending on the submit button used : Call a form or a saving function.
+	 * Manage forms to be shown according to posted data.
+	 * Depending on the submit button used, call a form or a save function.
 	 */
 	function execute() {
 		// show the general form
 		$this->switchForm();
-		if ( $this->mPosted ) {
+		if( $this->mPosted ) {
 			// show some more forms
-			if($this->mRequest->getCheck('ssearchuser')) {
-				$this->editUserGroupsForm( $this->mRequest->getVal('user-editname')); }
+			if( $this->mRequest->getCheck( 'ssearchuser' ) ) {
+				$this->editUserGroupsForm( $this->mRequest->getVal( 'user-editname' ) );
+			}
 
 			// save settings
-			if($this->mRequest->getCheck('saveusergroups')) {
-				$this->saveUserGroups($this->mRequest->getVal('user-editname'),
-				                      $this->mRequest->getArray('member'),
-				                      $this->mRequest->getArray('available'));
+			if( $this->mRequest->getCheck( 'saveusergroups' ) ) {
+				global $wgUser;
+				$username = $this->mRequest->getVal( 'user-editname' );
+				$reason = $this->mRequest->getVal( 'user-reason' );
+				if( $wgUser->matchEditToken( $this->mRequest->getVal( 'wpEditToken' ), $username ) ) {
+					$this->saveUserGroups( $username,
+						$this->mRequest->getArray( 'member' ),
+						$this->mRequest->getArray( 'available' ),
+						$reason );
+				}
 			}
 		}
 	}
 
-// save things !!
 	/**
 	 * Save user groups changes in the database.
-	 * Datas comes from the editUserGroupsForm() form function
+	 * Data comes from the editUserGroupsForm() form function
 	 *
 	 * @param string $username Username to apply changes to.
 	 * @param array $removegroup id of groups to be removed.
 	 * @param array $addgroup id of groups to be added.
+	 * @param string $reason Reason for group change
 	 *
-	 * @todo Log groupname instead of group id.
 	 */
-	function saveUserGroups($username,$removegroup,$addgroup) {
-		$u = User::NewFromName($username);
+	function saveUserGroups( $username, $removegroup, $addgroup, $reason = '' ) {
+		global $wgOut;
+		$u = User::newFromName($username);
 
 		if(is_null($u)) {
-			$wgOut->addHTML('<p>'.wfMsg('nosuchusershort',$username).'</p>');
+			$wgOut->addWikiText( wfMsg( 'nosuchusershort', htmlspecialchars( $username ) ) );
 			return;
 		}
 
 		if($u->getID() == 0) {
-			$wgOut->addHTML('<p>'.wfMsg('nosuchusershort',$username).'</p>');
+			$wgOut->addWikiText( wfMsg( 'nosuchusershort', htmlspecialchars( $username ) ) );
 			return;
-		}		
+		}
 
-		$groups = $u->getGroups();
-		$logcomment = ' ';
-		// remove then add groups		
+		$oldGroups = $u->getGroups();
+		$newGroups = $oldGroups;
+		// remove then add groups
 		if(isset($removegroup)) {
-			$groups = array_diff($groups, $removegroup);
-			$logcomment .= implode( ' -', $removegroup);
+			$newGroups = array_diff($newGroups, $removegroup);
+			foreach( $removegroup as $group ) {
+				$u->removeGroup( $group );
 			}
+		}
 		if(isset($addgroup)) {
-			$groups = array_merge($groups, $addgroup);
-			$logcomment .= implode( ' +', $addgroup );
+			$newGroups = array_merge($newGroups, $addgroup);
+			foreach( $addgroup as $group ) {
+				$u->addGroup( $group );
 			}
-		// save groups in user object and database
-		$u->setGroups($groups);
-		$u->saveSettings();
+		}
+		$newGroups = array_unique( $newGroups );
+
+		wfDebug( 'oldGroups: ' . print_r( $oldGroups, true ) );
+		wfDebug( 'newGroups: ' . print_r( $newGroups, true ) );
 
+		wfRunHooks( 'UserRights', array( &$u, $addgroup, $removegroup ) );
 		$log = new LogPage( 'rights' );
-		$log->addEntry( 'rights', Title::makeTitle( NS_USER, $u->getName() ), $logcomment );
+		$log->addEntry( 'rights', Title::makeTitle( NS_USER, $u->getName() ), $reason, array( $this->makeGroupNameList( $oldGroups ),
+			$this->makeGroupNameList( $newGroups ) ) );
+	}
+
+	function makeGroupNameList( $ids ) {
+		return implode( ', ', $ids );
 	}
 
 	/**
-	 * The entry form
-	 * It allows a user to look for a username and edit its groups membership
+	 * Output a form to allow searching for a user
 	 */
 	function switchForm() {
-		global $wgOut;
-		
-		// user selection
-		$wgOut->addHTML( "<form name=\"uluser\" action=\"$this->action\" method=\"post\">\n" );
-		$wgOut->addHTML( $this->fieldset( 'lookup-user',
-				$this->textbox( 'user-editname' ) .
-				'<input type="submit" name="ssearchuser" value="'.wfMsg('editusergroup').'" />'
-		));
-		$wgOut->addHTML( "</form>\n" );
+		global $wgOut, $wgRequest;
+		$username = $wgRequest->getText( 'user-editname' );
+		$form  = Xml::openElement( 'form', array( 'method' => 'post', 'action' => $this->action, 'name' => 'uluser' ) );
+		$form .= '<fieldset><legend>' . wfMsgHtml( 'userrights-lookup-user' ) . '</legend>';
+		$form .= '<p>' . Xml::inputLabel( wfMsg( 'userrights-user-editname' ), 'user-editname', 'username', 30, $username ) . '</p>';
+		$form .= '<p>' . Xml::submitButton( wfMsg( 'editusergroup' ), array( 'name' => 'ssearchuser' ) ) . '</p>';
+		$form .= '</fieldset>';
+		$form .= '</form>';
+		$wgOut->addHTML( $form );
 	}
 
 	/**
@@ -127,33 +139,63 @@ class UserrightsForm extends HTMLForm {
 	 */
 	function editUserGroupsForm($username) {
 		global $wgOut;
-		
+
 		$user = User::newFromName($username);
-		if(is_null($user)) {
-			$wgOut->addHTML('<p>'.wfMsg('nosuchusershort',$username).'</p>');
+		if( is_null( $user ) ) {
+			$wgOut->addWikiText( wfMsg( 'nouserspecified' ) );
+			return;
+		} elseif( $user->getID() == 0 ) {
+			$wgOut->addWikiText( wfMsg( 'nosuchusershort', wfEscapeWikiText( $username ) ) );
 			return;
 		}
 
-		if($user->getID() == 0) {
-			$wgOut->addHTML('<p>'.wfMsg('nosuchusershort',$username).'</p>');
-			return;
-		}		
-		
 		$groups = $user->getGroups();
-
-		$wgOut->addHTML( "<form name=\"editGroup\" action=\"$this->action\" method=\"post\">\n".
-						 '<input type="hidden" name="user-editname" value="'.$username.'" />');
-		$wgOut->addHTML( $this->fieldset( 'editusergroup',
-			wfMsg('editing', $this->mRequest->getVal('user-editname')).".<br />\n" .
-			'<table border="0" align="center"><tr><td>'.
-			HTMLSelectGroups('member', $this->mName.'-groupsmember', $groups,true,6).
-			'</td><td>'.
-			HTMLSelectGroups('available', $this->mName.'-groupsavailable', $groups,true,6,true).
-			'</td></tr></table>'."\n".
-			'<p>'.wfMsg('userrights-groupshelp').'</p>'."\n".
-			'<input type="submit" name="saveusergroups" value="'.wfMsg('saveusergroups').'" />'
-			));
-		$wgOut->addHTML( "</form>\n" );
+		$this->showEditUserGroupsForm( $username, $groups );
+	}
+	
+	function showEditUserGroupsForm( $username, $groups ) {
+		global $wgOut, $wgUser;
+		$wgOut->addHTML(
+			Xml::openElement( 'form', array( 'method' => 'post', 'action' => $this->action, 'name' => 'editGroup' ) ) .
+			Xml::hidden( 'user-editname', $username ) .
+			Xml::hidden( 'wpEditToken', $wgUser->editToken( $username ) ) .
+			Xml::openElement( 'fieldset' ) .
+			Xml::element( 'legend', array(), wfMsg( 'userrights-editusergroup' ) ) .
+			$wgOut->parse( wfMsg( 'editinguser', $username ) ) .
+			"<table border='0'>
+			<tr>
+				<td></td>
+				<td>
+				<table width='400'>
+					<tr>
+						<td width='50%'>" . HTMLSelectGroups( 'member', $this->mName.'-groupsmember', $groups, true, 6 ) . "</td>
+						<td width='50%'>" . HTMLSelectGroups( 'available', $this->mName.'-groupsavailable', $groups, true, 6, true) . "</td>
+					</tr>
+				</table>
+			</tr>
+			<tr>
+				<td colspan='2'>" .
+					$wgOut->parse( wfMsg('userrights-groupshelp') ) .
+				"</td>
+			</tr>
+			<tr>
+				<td>" .
+					Xml::label( wfMsg( 'userrights-reason' ), 'wpReason' ) .
+				"</td>
+				<td>" .
+					Xml::input( 'user-reason', 60, false, array( 'id' => 'wpReason' ) ) .
+				"</td>
+			</tr>
+			<tr>
+				<td></td>
+				<td>" .
+				Xml::submitButton( wfMsg( 'saveusergroups' ), array( 'name' => 'saveusergroups' ) ) .
+				"</td>
+			</tr>
+			</table>\n" .
+			Xml::closeElement( 'fieldset' ) .
+			Xml::closeElement( 'form' ) . "\n"
+		);
 	}
 } // end class UserrightsForm
 ?>