r29244 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r29243‎ | r29244 | r29245 >
Date:23:39, 3 January 2008
Author:brion
Status:old
Tags:
Comment:
Remove ApiChangeRights. Duplicates code, doesn't handle current permissions model properly.
Modified paths:
  • /trunk/phase3/includes/AutoLoader.php (modified) (history)
  • /trunk/phase3/includes/api/ApiChangeRights.php (deleted) (history)
  • /trunk/phase3/includes/api/ApiMain.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/api/ApiChangeRights.php
@@ -1,170 +0,0 @@
2 -<?php
3 -
4 -/*
5 - * Created on Sep 11, 2007
6 - * API for MediaWiki 1.8+
7 - *
8 - * Copyright (C) 2007 Roan Kattouw <Firstname>.<Lastname>@home.nl
9 - *
10 - * This program is free software; you can redistribute it and/or modify
11 - * it under the terms of the GNU General Public License as published by
12 - * the Free Software Foundation; either version 2 of the License, or
13 - * (at your option) any later version.
14 - *
15 - * This program is distributed in the hope that it will be useful,
16 - * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 - * GNU General Public License for more details.
19 - *
20 - * You should have received a copy of the GNU General Public License along
21 - * with this program; if not, write to the Free Software Foundation, Inc.,
22 - * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
23 - * http://www.gnu.org/copyleft/gpl.html
24 - */
25 -
26 -if (!defined('MEDIAWIKI')) {
27 - // Eclipse helper - will be ignored in production
28 - require_once ("ApiBase.php");
29 -}
30 -
31 -/**
32 - * @addtogroup API
33 - */
34 -class ApiChangeRights extends ApiBase {
35 -
36 - public function __construct($main, $action) {
37 - parent :: __construct($main, $action);
38 - }
39 -
40 - public function execute() {
41 - global $wgUser, $wgRequest;
42 - $this->getMain()->requestWriteMode();
43 -
44 - if(wfReadOnly())
45 - $this->dieUsage('The wiki is in read-only mode', 'readonly');
46 - $params = $this->extractRequestParams();
47 -
48 - $ur = new UserrightsForm($wgRequest);
49 - $allowed = $ur->changeableGroups();
50 - $res = array();
51 -
52 - if(is_null($params['user']))
53 - $this->dieUsage('The user parameter must be set', 'nouser');
54 -
55 - $uName = User::getCanonicalName($params['user']);
56 - $u = User::newFromName($uName);
57 - if(!$u)
58 - $this->dieUsage("Invalid username ``{$params['user']}''", 'invaliduser');
59 - if($u->getId() == 0) // Anon or non-existent
60 - $this->dieUsage("User ``{$params['user']}'' doesn't exist", 'nosuchuser');
61 -
62 - $curgroups = $u->getGroups();
63 -
64 - if($params['listgroups'])
65 - {
66 - $res['user'] = $uName;
67 - $res['allowedgroups'] = $allowed;
68 - $res['ingroups'] = $curgroups;
69 - $this->getResult()->setIndexedTagName($res['ingroups'], 'group');
70 - $this->getResult()->setIndexedTagName($res['allowedgroups']['add'], 'group');
71 - $this->getResult()->setIndexedTagName($res['allowedgroups']['remove'], 'group');
72 - }
73 -;
74 - if($params['gettoken'])
75 - {
76 - $res['changerightstoken'] = $wgUser->editToken($uName);
77 - $this->getResult()->addValue(null, $this->getModuleName(), $res);
78 - return;
79 - }
80 -
81 - if(empty($params['addto']) && empty($params['rmfrom']))
82 - $this->dieUsage('At least one of the addto and rmfrom parameters must be set', 'noaddrm');
83 - if(is_null($params['token']))
84 - $this->dieUsage('The token parameter must be set', 'notoken');
85 - if(!$wgUser->matchEditToken($params['token'], $uName))
86 - $this->dieUsage('Invalid token', 'badtoken');
87 -
88 - if(!$wgUser->isAllowed('userrights'))
89 - $this->dieUsage('You don\'t have permission to change users\' rights', 'permissiondenied');
90 -
91 - // First let's remove redundant groups and check permissions while we're at it
92 - if(is_null($params['addto']))
93 - $params['addto'] = array();
94 - $addto = array();
95 - foreach($params['addto'] as $g)
96 - {
97 - if(!in_array($g, $allowed['add']))
98 - $this->dieUsage("You don't have permission to add to group ``$g''", 'cantadd');
99 - if(!in_array($g, $curgroups))
100 - $addto[] = $g;
101 - }
102 -
103 - if(is_null($params['rmfrom']))
104 - $params['rmfrom'] = array();
105 - $rmfrom = array();
106 - foreach($params['rmfrom'] as $g)
107 - {
108 - if(!in_array($g, $allowed['remove']))
109 - $this->dieUsage("You don't have permission to remove from group ``$g''", 'cantremove');
110 - if(in_array($g, $curgroups))
111 - $rmfrom[] = $g;
112 - }
113 - $dbw = wfGetDb(DB_MASTER);
114 - $dbw->begin();
115 - $ur->doSaveUserGroups($u, $rmfrom, $addto, $params['reason']);
116 - $dbw->commit();
117 - $res['user'] = $uName;
118 - $res['addedto'] = $addto;
119 - $res['removedfrom'] = $rmfrom;
120 - $res['reason'] = $params['reason'];
121 -
122 - $this->getResult()->setIndexedTagName($res['addedto'], 'group');
123 - $this->getResult()->setIndexedTagName($res['removedfrom'], 'group');
124 - $this->getResult()->addValue(null, $this->getModuleName(), $res);
125 - }
126 -
127 - protected function getAllowedParams() {
128 - return array (
129 - 'user' => null,
130 - 'token' => null,
131 - 'gettoken' => false,
132 - 'listgroups' => false,
133 - 'addto' => array(
134 - ApiBase :: PARAM_ISMULTI => true,
135 - ),
136 - 'rmfrom' => array(
137 - ApiBase :: PARAM_ISMULTI => true,
138 - ),
139 - 'reason' => ''
140 - );
141 - }
142 -
143 - protected function getParamDescription() {
144 - return array (
145 - 'user' => 'The user you want to add to or remove from groups.',
146 - 'token' => 'A changerights token previously obtained through the gettoken parameter.',
147 - 'gettoken' => 'Output a token. Note that the user parameter still has to be set.',
148 - 'listgroups' => 'List the groups the user is in, and the ones you can add them to and remove them from.',
149 - 'addto' => 'Pipe-separated list of groups to add this user to',
150 - 'rmfrom' => 'Pipe-separated list of groups to remove this user from',
151 - 'reason' => 'Reason for change (optional)'
152 - );
153 - }
154 -
155 - protected function getDescription() {
156 - return array(
157 - 'Add or remove a user from certain groups.'
158 - );
159 - }
160 -
161 - protected function getExamples() {
162 - return array (
163 - 'api.php?action=changerights&user=Bob&gettoken&listgroups',
164 - 'api.php?action=changerights&user=Bob&token=123ABC&addto=sysop&reason=Promoting%20per%20RFA'
165 - );
166 - }
167 -
168 - public function getVersion() {
169 - return __CLASS__ . ': $Id$';
170 - }
171 -}
Index: trunk/phase3/includes/api/ApiMain.php
@@ -69,7 +69,6 @@
7070 'protect' => 'ApiProtect',
7171 'block' => 'ApiBlock',
7272 'unblock' => 'ApiUnblock',
73 - 'changerights' => 'ApiChangeRights',
7473 'move' => 'ApiMove'
7574 );
7675
Index: trunk/phase3/includes/AutoLoader.php
@@ -350,7 +350,6 @@
351351
352352 # apiedit branch
353353 'ApiBlock' => 'includes/api/ApiBlock.php',
354 - 'ApiChangeRights' => 'includes/api/ApiChangeRights.php',
355354 'ApiDelete' => 'includes/api/ApiDelete.php',
356355 'ApiMove' => 'includes/api/ApiMove.php',
357356 'ApiProtect' => 'includes/api/ApiProtect.php',

Status & tagging log