(bug 12518) Interwiki userrights now reflects remote groups, not local groups.
This commit is contained in:
Andrew Garrett
parent
0df393bb8e
commit
cf604ade6c
3 changed files with 79 additions and 21 deletions
|
|
@ -137,6 +137,8 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
|
|||
* Avoid recursive crazy expansions in section edit comments for pages which
|
||||
contain '/*' in the title
|
||||
* Fix excessive memory usage when parsing pages with lots of links
|
||||
* (bug 12518) Interwiki userrights now reflects remote groups, not local groups
|
||||
|
||||
|
||||
=== API changes in 1.14 ===
|
||||
|
||||
|
|
|
|||
|
|
@ -164,6 +164,7 @@ class User {
|
|||
'upload',
|
||||
'upload_by_url',
|
||||
'userrights',
|
||||
'userrights-interwiki',
|
||||
);
|
||||
/**
|
||||
* \type{\string} Cached results of getAllRights()
|
||||
|
|
|
|||
|
|
@ -57,7 +57,8 @@ class UserrightsPage extends SpecialPage {
|
|||
* edit their own groups, automatically set them as the
|
||||
* target.
|
||||
*/
|
||||
$available = $this->changeableGroups();
|
||||
global $wgUser;
|
||||
$available = $this->changeableGroups($wgUser);
|
||||
if (empty($available['add']) && empty($available['remove']))
|
||||
$this->mTarget = $wgUser->getName();
|
||||
}
|
||||
|
|
@ -123,7 +124,7 @@ class UserrightsPage extends SpecialPage {
|
|||
return;
|
||||
}
|
||||
|
||||
$allgroups = $this->getAllGroups();
|
||||
$allgroups = $this->getAllGroups($user);
|
||||
$addgroup = array();
|
||||
$removegroup = array();
|
||||
|
||||
|
|
@ -140,7 +141,7 @@ class UserrightsPage extends SpecialPage {
|
|||
}
|
||||
|
||||
// Validate input set...
|
||||
$changeable = $this->changeableGroups();
|
||||
$changeable = $this->changeableGroups($user);
|
||||
$addable = array_merge( $changeable['add'], $this->isself ? $changeable['add-self'] : array() );
|
||||
$removable = array_merge( $changeable['remove'], $this->isself ? $changeable['remove-self'] : array() );
|
||||
|
||||
|
|
@ -321,10 +322,12 @@ class UserrightsPage extends SpecialPage {
|
|||
* permissions.
|
||||
*
|
||||
* @param $groups Array: list of groups the given user is in
|
||||
* @param $user User object to edit.
|
||||
* @return Array: Tuple of addable, then removable groups
|
||||
*/
|
||||
protected function splitGroups( $groups ) {
|
||||
list($addable, $removable, $addself, $removeself) = array_values( $this->changeableGroups() );
|
||||
protected function splitGroups( $groups, $user = null ) {
|
||||
global $wgGroupsAddToSelf, $wgGroupsRemoveFromSelf;
|
||||
list($addable, $removable, $addself, $removeself) = array_values( $this->changeableGroups( $user ) );
|
||||
|
||||
$removable = array_intersect(
|
||||
array_merge( $this->isself ? $removeself : array(), $removable ),
|
||||
|
|
@ -345,7 +348,7 @@ class UserrightsPage extends SpecialPage {
|
|||
protected function showEditUserGroupsForm( $user, $groups ) {
|
||||
global $wgOut, $wgUser, $wgLang;
|
||||
|
||||
list( $addable, $removable ) = $this->splitGroups( $groups );
|
||||
list( $addable, $removable ) = $this->splitGroups( $groups, $user );
|
||||
|
||||
$list = array();
|
||||
foreach( $user->getGroups() as $group )
|
||||
|
|
@ -365,7 +368,7 @@ class UserrightsPage extends SpecialPage {
|
|||
wfMsgExt( 'editinguser', array( 'parse' ), wfEscapeWikiText( $user->getName() ) ) .
|
||||
wfMsgExt( 'userrights-groups-help', array( 'parse' ) ) .
|
||||
$grouplist .
|
||||
Xml::tags( 'p', null, $this->groupCheckboxes( $groups ) ) .
|
||||
Xml::tags( 'p', null, $this->groupCheckboxes( $groups, $user ) ) .
|
||||
Xml::openElement( 'table', array( 'border' => '0', 'id' => 'mw-userrights-table-outer' ) ) .
|
||||
"<tr>
|
||||
<td class='mw-label'>" .
|
||||
|
|
@ -402,20 +405,62 @@ class UserrightsPage extends SpecialPage {
|
|||
|
||||
/**
|
||||
* Returns an array of all groups that may be edited
|
||||
* @param $user User object of the user whose groups are being edited. Optional.
|
||||
* @return array Array of groups that may be edited.
|
||||
*/
|
||||
protected static function getAllGroups() {
|
||||
protected static function getAllGroups($user=null) {
|
||||
if ($user instanceof UserRightsProxy) {
|
||||
// Remote user object.
|
||||
return self::getRemoteGroups( $user->database );
|
||||
}
|
||||
|
||||
// Regular user object
|
||||
return User::getAllGroups();
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns all groups which can be set on a remote wiki.
|
||||
* @param $db String - database name of the foreign wiki.
|
||||
* @return array Array of groups that may be edited.
|
||||
*/
|
||||
static function getRemoteGroups( $wiki ) {
|
||||
// Stolen from CentralAuth - a dirty hack indeed.
|
||||
global $wgConf, $IP;
|
||||
static $initialiseSettingsDone = false;
|
||||
|
||||
// This is a damn dirty hack
|
||||
if ( !$initialiseSettingsDone ) {
|
||||
$initialiseSettingsDone = true;
|
||||
if( file_exists( "$IP/InitialiseSettings.php" ) ) {
|
||||
require_once "$IP/InitialiseSettings.php";
|
||||
}
|
||||
}
|
||||
|
||||
list( $major, $minor ) = $wgConf->siteFromDB( $wiki );
|
||||
if( isset( $major ) ) {
|
||||
$groupperms = $wgConf->get( 'wgGroupPermissions', $wiki, $major,
|
||||
array( 'lang' => $minor, 'site' => $major ) );
|
||||
|
||||
$groups = array_keys($groupperms);
|
||||
|
||||
if (count($groups)==0) {
|
||||
// Fallback
|
||||
return User::getAllGroups();
|
||||
}
|
||||
|
||||
return $groups;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Adds a table with checkboxes where you can select what groups to add/remove
|
||||
*
|
||||
* @param $usergroups Array: groups the user belongs to
|
||||
* @param $user User object: the user to build checkboxes for.
|
||||
* @return string XHTML table element with checkboxes
|
||||
*/
|
||||
private function groupCheckboxes( $usergroups ) {
|
||||
$allgroups = $this->getAllGroups();
|
||||
private function groupCheckboxes( $usergroups, $user ) {
|
||||
$allgroups = $this->getAllGroups( $user );
|
||||
$ret = '';
|
||||
|
||||
$column = 1;
|
||||
|
|
@ -426,12 +471,12 @@ class UserrightsPage extends SpecialPage {
|
|||
$set = in_array( $group, $usergroups );
|
||||
# Should the checkbox be disabled?
|
||||
$disabled = !(
|
||||
( $set && $this->canRemove( $group ) ) ||
|
||||
( !$set && $this->canAdd( $group ) ) );
|
||||
( $set && $this->canRemove( $group, $user ) ) ||
|
||||
( !$set && $this->canAdd( $group, $user ) ) );
|
||||
# Do we need to point out that this action is irreversible?
|
||||
$irreversible = !$disabled && (
|
||||
($set && !$this->canAdd( $group )) ||
|
||||
(!$set && !$this->canRemove( $group ) ) );
|
||||
($set && !$this->canAdd( $group, $user )) ||
|
||||
(!$set && !$this->canRemove( $group, $user ) ) );
|
||||
|
||||
$attr = $disabled ? array( 'disabled' => 'disabled' ) : array();
|
||||
$text = $irreversible
|
||||
|
|
@ -483,44 +528,54 @@ class UserrightsPage extends SpecialPage {
|
|||
|
||||
/**
|
||||
* @param $group String: the name of the group to check
|
||||
* @param $user User object: The user in question.
|
||||
* @return bool Can we remove the group?
|
||||
*/
|
||||
private function canRemove( $group ) {
|
||||
private function canRemove( $group, $user=null ) {
|
||||
// $this->changeableGroups()['remove'] doesn't work, of course. Thanks,
|
||||
// PHP.
|
||||
$groups = $this->changeableGroups();
|
||||
$groups = $this->changeableGroups($user);
|
||||
return in_array( $group, $groups['remove'] ) || ($this->isself && in_array( $group, $groups['remove-self'] ));
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $group string: the name of the group to check
|
||||
* @param $user User object: The user in question.
|
||||
* @return bool Can we add the group?
|
||||
*/
|
||||
private function canAdd( $group ) {
|
||||
$groups = $this->changeableGroups();
|
||||
private function canAdd( $group, $user=null ) {
|
||||
$groups = $this->changeableGroups($user);
|
||||
return in_array( $group, $groups['add'] ) || ($this->isself && in_array( $group, $groups['add-self'] ));
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns an array of the groups that the user can add/remove.
|
||||
*
|
||||
* @param $user User object to check groups for.
|
||||
* @return Array array( 'add' => array( addablegroups ), 'remove' => array( removablegroups ) , 'add-self' => array( addablegroups to self), 'remove-self' => array( removable groups from self) )
|
||||
*/
|
||||
function changeableGroups() {
|
||||
function changeableGroups( $user=null ) {
|
||||
global $wgUser;
|
||||
|
||||
if ($user == null)
|
||||
$user = $wgUser; // Doesn't make a difference which user, so long as it's a local one.
|
||||
|
||||
if( $wgUser->isAllowed( 'userrights' ) ) {
|
||||
if( $wgUser->isAllowed( 'userrights' ) ||
|
||||
$wgUser->isAllowed( 'userrights-interwiki' ) && $user instanceof UserRightsProxy ) {
|
||||
// This group gives the right to modify everything (reverse-
|
||||
// compatibility with old "userrights lets you change
|
||||
// everything")
|
||||
// Using array_merge to make the groups reindexed
|
||||
$all = array_merge( User::getAllGroups() );
|
||||
$all = array_merge( $this->getAllGroups( $user ) );
|
||||
return array(
|
||||
'add' => $all,
|
||||
'remove' => $all,
|
||||
'add-self' => array(),
|
||||
'remove-self' => array()
|
||||
);
|
||||
} elseif ( $user instanceof UserRightsProxy ) {
|
||||
// Userrightsproxy without userrights-interwiki rights. Should have already been rejected.
|
||||
return array( 'add' => array(), 'remove' => array(), 'add-self' => array(), 'remove-self' => array() );
|
||||
}
|
||||
|
||||
// Okay, it's not so simple, we will have to go through the arrays
|
||||
|
|
|
|||
Loading…
Reference in a new issue