Detect user rights conflicts

Bug: 38989
Change-Id: I75996605885c1b5300da8ad7b03c48560450a0c4

diff --git a/includes/specials/SpecialUserrights.php b/includes/specials/SpecialUserrights.php
index b9d6d30..f23bc2d 100644 (file)
--- a/includes/specials/SpecialUserrights.php
+++ b/includes/specials/SpecialUserrights.php
@@ -128,20 +128,31 @@ class UserrightsPage extends SpecialPage {
                        $this->switchForm();
                }
 
-               if ( $request->wasPosted() ) {
+               if (
+                       $request->wasPosted() &&
+                       $request->getCheck( 'saveusergroups' ) &&
+                       $user->matchEditToken( $request->getVal( 'wpEditToken' ), $this->mTarget )
+               ) {
                        // save settings
-                       if ( $request->getCheck( 'saveusergroups' ) ) {
-                               $reason = $request->getVal( 'user-reason' );
-                               $tok = $request->getVal( 'wpEditToken' );
-                               if ( $user->matchEditToken( $tok, $this->mTarget ) ) {
-                                       $this->saveUserGroups(
-                                               $this->mTarget,
-                                               $reason
-                                       );
-
-                                       $out->redirect( $this->getSuccessURL() );
-                                       return;
-                               }
+                       $status = $this->fetchUser( $this->mTarget );
+                       if ( !$status->isOK() ) {
+                               $this->getOutput()->addWikiText( $status->getWikiText() );
+                               return;
+                       }
+
+                       $targetUser = $status->value;
+
+                       if ( $request->getVal( 'conflictcheck-originalgroups' ) !== implode( ',', $targetUser->getGroups() ) ) {
+                               $out->addWikiMsg( 'userrights-conflict' );
+                       } else {
+                               $this->saveUserGroups(
+                                       $this->mTarget,
+                                       $request->getVal( 'user-reason' ),
+                                       $targetUser
+                               );
+
+                               $out->redirect( $this->getSuccessURL() );
+                               return;
                        }
                }
 
@@ -161,17 +172,10 @@ class UserrightsPage extends SpecialPage {
         *
         * @param string $username username to apply changes to.
         * @param string $reason reason for group change
+        * @param User|UserRightsProxy $user Target user object.
         * @return null
         */
-       function saveUserGroups( $username, $reason = '' ) {
-               $status = $this->fetchUser( $username );
-               if ( !$status->isOK() ) {
-                       $this->getOutput()->addWikiText( $status->getWikiText() );
-                       return;
-               } else {
-                       $user = $status->value;
-               }
-
+       function saveUserGroups( $username, $reason, $user ) {
                $allgroups = $this->getAllGroups();
                $addgroup = array();
                $removegroup = array();
@@ -473,6 +477,7 @@ class UserrightsPage extends SpecialPage {
                        Xml::openElement( 'form', array( 'method' => 'post', 'action' => $this->getTitle()->getLocalURL(), 'name' => 'editGroup', 'id' => 'mw-userrights-form2' ) ) .
                        Html::hidden( 'user', $this->mTarget ) .
                        Html::hidden( 'wpEditToken', $this->getUser()->getEditToken( $this->mTarget ) ) .
+                       Html::hidden( 'conflictcheck-originalgroups', implode( ',', $user->getGroups() ) ) . // Conflict detection
                        Xml::openElement( 'fieldset' ) .
                        Xml::element( 'legend', array(), $this->msg( 'userrights-editusergroup', $user->getName() )->text() ) .
                        $this->msg( 'editinguser' )->params( wfEscapeWikiText( $user->getName() ) )->rawParams( $userToolLinks )->parse() .

diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php
index f3a0072..60d7223 100644 (file)
--- a/languages/messages/MessagesEn.php
+++ b/languages/messages/MessagesEn.php
@@ -1970,6 +1970,7 @@ Your email address is not revealed when other users contact you.',
 'userrights-changeable-col'      => 'Groups you can change',
 'userrights-unchangeable-col'    => 'Groups you cannot change',
 'userrights-irreversible-marker' => '$1*', # only translate this message to other languages if you have to change it
+'userrights-conflict'            => 'User rights conflict! Please apply your changes again.',
 
 # Groups
 'group'               => 'Group:',

diff --git a/languages/messages/MessagesQqq.php b/languages/messages/MessagesQqq.php
index 022b139..7af3324 100644 (file)
--- a/languages/messages/MessagesQqq.php
+++ b/languages/messages/MessagesQqq.php
@@ -2636,6 +2636,7 @@ Parameters:
 Parameters:
 * $1 - optional, for PLURAL use, the number of items in the column following the message. Avoid PLURAL, if your language allows that.',
 'userrights-irreversible-marker' => '{{optional}}',
+'userrights-conflict'            => 'Shown on Special:UserRights if the target\'s rights have been changed since the form was loaded.',
 
 # Groups
 'group' => '{{Identical|Group}}',

diff --git a/maintenance/language/messages.inc b/maintenance/language/messages.inc
index 3b9fadf..7a2ce63 100644 (file)
--- a/maintenance/language/messages.inc
+++ b/maintenance/language/messages.inc
@@ -1104,6 +1104,7 @@ $wgMessageStructure = array(
                'userrights-changeable-col',
                'userrights-unchangeable-col',
                'userrights-irreversible-marker',
+               'userrights-conflict',
        ),
        'group' => array(
                'group',