jenkins-bot has submitted this change and it was merged.
Change subject: PermissionManager Improvements
......................................................................
PermissionManager Improvements
Patch-Set 1:
- tweaked 'preventPermissionLockout' so it takes the lockmode group into
consideration and doesn't allows the removal of protected rights from all
groups, even if lockmode is active
- tweaked 'setupLockmodePermissions' so on lockmode activation not only the
lockmode group, but also the sysop group gets all rights explicitly
- made the different groups in the permission manager grid collapsible
- added a array check in 'writeGroupSettings' to prevent PHP Notices about
array indizes being not found
Patch-Set 3:
- added functionality to reset sysop permissions after deactivation of lockmode
- added warning for this functionality to the preference label of lockmode
Patch-Set 4:
- i18n will be handled via translatewiki
- coding conventions
Change-Id: I7dfd0b120da5df4cba0c44ba2172b280e0e3660a
---
M PermissionManager/PermissionManager.class.php
M PermissionManager/resources/BS.PermissionManager/grid/Permissions.js
2 files changed, 77 insertions(+), 9 deletions(-)
Approvals:
Mglaser: Looks good to me, approved
jenkins-bot: Verified
diff --git a/PermissionManager/PermissionManager.class.php
b/PermissionManager/PermissionManager.class.php
index 0f2546e..3a6d694 100644
--- a/PermissionManager/PermissionManager.class.php
+++ b/PermissionManager/PermissionManager.class.php
@@ -45,6 +45,48 @@
/**
* @var array
*/
+ public static $aSysopDefaultPermissions = array(
+ 'block' => true,
+ 'createaccount' => true,
+ 'delete' => true,
+ 'bigdelete' => true,
+ 'deletedhistory' => true,
+ 'deletedtext' => true,
+ 'undelete' => true,
+ 'editinterface' => true,
+ 'editusercss' => true,
+ 'edituserjs' => true,
+ 'import' => true,
+ 'importupload' => true,
+ 'move' => true,
+ 'move-subpages' => true,
+ 'move-rootuserpages' => true,
+ 'patrol' => true,
+ 'autopatrol' => true,
+ 'protect' => true,
+ 'editprotected' => true,
+ 'proxyunbannable' => true,
+ 'rollback' => true,
+ 'upload' => true,
+ 'reupload' => true,
+ 'reupload-shared' => true,
+ 'unwatchedpages' => true,
+ 'autoconfirmed' => true,
+ 'editsemiprotected' => true,
+ 'ipblock-exempt' => true,
+ 'blockemail' => true,
+ 'markbotedits' => true,
+ 'apihighlimits' => true,
+ 'browsearchive' => true,
+ 'noratelimit' => true,
+ 'movefile' => true,
+ 'unblockself' => true,
+ 'suppressredirect' => true,
+ 'wikiadmin' => true
+ );
+ /**
+ * @var array
+ */
protected static $aGroups = array();
protected static $aBuiltInGroups = array(
'autoconfirmed', 'emailconfirmed', 'bot', 'sysop',
'bureaucrat', 'developer'
@@ -188,13 +230,23 @@
unset( $wgGroupPermissions[
self::$sPmLockModeGroup ] );
$bSave = true;
}
+ // reset sysop group permissions
+ $wgGroupPermissions['sysop'] =
self::$aSysopDefaultPermissions;
if ( is_array( $wgNamespacePermissionLockdown ) ) {
foreach ( $wgNamespacePermissionLockdown as
$iNsIndex => $aNsRights ) {
foreach ( $aNsRights as $sRight =>
$aGroups ) {
- if ( !in_array(
self::$sPmLockModeGroup, $aGroups ) )
+ if ( !in_array(
self::$sPmLockModeGroup, $aGroups ) && !in_array( 'sysop', $aGroups ) )
continue;
$key = array_search(
self::$sPmLockModeGroup, $aGroups );
+ if ( $key !== false ) {
+ unset(
$wgNamespacePermissionLockdown[ $iNsIndex ][ $sRight ][ $key ] );
+ if ( empty(
$wgNamespacePermissionLockdown[ $iNsIndex ][ $sRight ] ) ) {
+ unset(
$wgNamespacePermissionLockdown[ $iNsIndex ][ $sRight ] );
+ }
+ $bSave = true;
+ }
+ $key = array_search( 'sysop',
$aGroups );
if ( $key !== false ) {
unset(
$wgNamespacePermissionLockdown[ $iNsIndex ][ $sRight ][ $key ] );
if ( empty(
$wgNamespacePermissionLockdown[ $iNsIndex ][ $sRight ] ) ) {
@@ -230,18 +282,26 @@
foreach ( $aAvailablePermissions as $permissionName ) {
if ( !isset( $wgGroupPermissions[
self::$sPmLockModeGroup ][ $permissionName ] ) ) {
$wgGroupPermissions[
self::$sPmLockModeGroup ][ $permissionName ] = true;
+ $wgGroupPermissions[ 'sysop' ][
$permissionName ] = true;
$bSave = true;
}
if ( isset( $wgNamespacePermissionLockdown[
$nsKey ][ $permissionName ] ) ) {
if ( !in_array(
self::$sPmLockModeGroup, $wgNamespacePermissionLockdown[ $nsKey ][
$permissionName ] ) ) {
$wgNamespacePermissionLockdown[
$nsKey ][ $permissionName ] = array_unique(
- array_merge(
$wgNamespacePermissionLockdown[ $nsKey ][ $permissionName ], array(
self::$sPmLockModeGroup )
- )
+ array_merge(
$wgNamespacePermissionLockdown[ $nsKey ][ $permissionName ], array(
self::$sPmLockModeGroup )
+ )
+ );
+ $bSave = true;
+ }
+ if ( !in_array( 'sysop',
$wgNamespacePermissionLockdown[ $nsKey ][ $permissionName ] ) ) {
+ $wgNamespacePermissionLockdown[
$nsKey ][ $permissionName ] = array_unique(
+ array_merge(
$wgNamespacePermissionLockdown[ $nsKey ][ $permissionName ], array( 'sysop' )
+ )
);
$bSave = true;
}
} else {
- $wgNamespacePermissionLockdown[ $nsKey
][ $permissionName ] = array( self::$sPmLockModeGroup );
+ $wgNamespacePermissionLockdown[ $nsKey
][ $permissionName ] = array( self::$sPmLockModeGroup, 'sysop' );
$bSave = true;
}
}
@@ -493,7 +553,11 @@
if ( isset( $bsgPermissionConfig[ $sRight ][
'preventLockout' ] ) ) {
$bIsSet = false;
if ( is_array( $aGroupPermissions ) ) {
- foreach ( $aGroupPermissions as
$aDataset ) {
+ foreach ( $aGroupPermissions as
$sGroupName => $aDataset ) {
+ // no user can be in the lock
mode group so we don't care if it has the right or not
+ if( $sGroupName ==
self::$sPmLockModeGroup ) {
+ continue;
+ }
if ( isset( $aDataset[ $sRight
] ) && $aDataset[ $sRight ] ) {
$bIsSet = true;
continue 2;
@@ -581,9 +645,13 @@
$isReadLockdown = true;
}
// check if settings for any group
changed
- $aLocalDiffGroups = array_diff(
$aGroups, $wgNamespacePermissionLockdown[ $sNsConstant ][ $sPermission ] );
- foreach( $aLocalDiffGroups as
$sDiffGroup ) {
- $aDiffGroups[ $sDiffGroup ] =
true;
+ if( isset(
$wgNamespacePermissionLockdown[$sNsConstant] )
+ && isset(
$wgNamespacePermissionLockdown[$sNsConstant][$sPermission] )
+ ) {
+ $aLocalDiffGroups = array_diff(
$aGroups, $wgNamespacePermissionLockdown[ $sNsConstant ][ $sPermission ] );
+ foreach ( $aLocalDiffGroups as
$sDiffGroup ) {
+ $aDiffGroups[
$sDiffGroup ] = true;
+ }
}
}
if ( $isReadLockdown ) {
diff --git
a/PermissionManager/resources/BS.PermissionManager/grid/Permissions.js
b/PermissionManager/resources/BS.PermissionManager/grid/Permissions.js
index 4bd2294..b3e0bc8 100644
--- a/PermissionManager/resources/BS.PermissionManager/grid/Permissions.js
+++ b/PermissionManager/resources/BS.PermissionManager/grid/Permissions.js
@@ -26,7 +26,7 @@
],
hideGroupedHeader: true,
enableGroupingMenu: false,
- collapsible: false
+ collapsible: true
}];
this.columns =
Ext.create('BS.PermissionManager.data.Manager').getColumns();
--
To view, visit https://gerrit.wikimedia.org/r/255380
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I7dfd0b120da5df4cba0c44ba2172b280e0e3660a
Gerrit-PatchSet: 4
Gerrit-Project: mediawiki/extensions/BlueSpiceExtensions
Gerrit-Branch: master
Gerrit-Owner: Lilu <[email protected]>
Gerrit-Reviewer: Dvogel hallowelt <[email protected]>
Gerrit-Reviewer: Jgoettlich <[email protected]>
Gerrit-Reviewer: Lilu <[email protected]>
Gerrit-Reviewer: Ljonka <[email protected]>
Gerrit-Reviewer: Mglaser <[email protected]>
Gerrit-Reviewer: Pwirth <[email protected]>
Gerrit-Reviewer: Robert Vogel <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
