jenkins-bot has submitted this change and it was merged.
Change subject: UserManager: Use wgAddGroups and wgRemoveGroups
......................................................................
UserManager: Use wgAddGroups and wgRemoveGroups
With wiki configuration wgAddGroups etc you can now restrict the
groups a user can assign to others and self.
Change-Id: Id22866cd190aa25c9725d6212d537e808557f39d
---
M UserManager/UserManager.class.php
M UserManager/extension.json
M UserManager/i18n/en.json
M UserManager/i18n/qqq.json
A UserManager/includes/api/BSApiChangeableGroupStore.php
M UserManager/resources/BS.UserManager/panel/Manager.js
6 files changed, 85 insertions(+), 8 deletions(-)
Approvals:
Robert Vogel: Looks good to me, approved
Raimond Spekking: Looks good to me, but someone else must approve
jenkins-bot: Verified
diff --git a/UserManager/UserManager.class.php
b/UserManager/UserManager.class.php
index c3f427d..ffe17b2 100644
--- a/UserManager/UserManager.class.php
+++ b/UserManager/UserManager.class.php
@@ -347,14 +347,16 @@
/**
* Removes / adds groups to a user
+ * See also https://www.mediawiki.org/wiki/Manual:$wgAddGroups
* @param User $oUser
* @param type $aGroups
* @return type
*/
public static function setGroups( User $oUser, $aGroups = array() ) {
$oLoggedInUser = RequestContext::getMain()->getUser();
+ $bAttemptChangeSelf = $oLoggedInUser->getId() ==
$oUser->getId();
- $bCheckDeSysop = $oLoggedInUser->getId() == $oUser->getId()
+ $bCheckDeSysop = $bAttemptChangeSelf
&& in_array( 'sysop',
$oLoggedInUser->getEffectiveGroups() )
&& !in_array( 'sysop', $aGroups )
;
@@ -363,18 +365,30 @@
}
$aCurrentGroups = $oUser->getGroups();
- $aSetGroups = array_diff( $aGroups, $aCurrentGroups );
+ $aAddGroups = array_diff( $aGroups, $aCurrentGroups );
$aRemoveGroups = array_diff( $aCurrentGroups, $aGroups );
- foreach ( $aSetGroups as $sGroup ) {
+ $aChangeableGroups = $oLoggedInUser->changeableGroups();
+
+ foreach ( $aAddGroups as $sGroup ) {
if ( in_array( $sGroup, self::$excludegroups ) ) {
continue;
+ }
+ if ( !in_array( $sGroup, $aChangeableGroups['add'] ) ) {
+ if ( !$bAttemptChangeSelf || !in_array(
$sGroup, $aChangeableGroups['add-self'] ) ) {
+ return Status::newFatal(
'bs-usermanager-group-add-not-allowed', $sGroup );
+ }
}
$oUser->addGroup( $sGroup );
}
foreach ( $aRemoveGroups as $sGroup ) {
if ( in_array( $sGroup, self::$excludegroups ) ) {
continue;
+ }
+ if ( !in_array( $sGroup, $aChangeableGroups['remove'] )
) {
+ if ( !$bAttemptChangeSelf || !in_array(
$sGroup, $aChangeableGroups['remove-self'] ) ) {
+ return Status::newFatal(
'bs-usermanager-group-remove-not-allowed', $sGroup );
+ }
}
$oUser->removeGroup( $sGroup );
}
@@ -383,7 +397,7 @@
Hooks::run( 'BSUserManagerAfterSetGroups', array(
$oUser,
$aGroups,
- $aSetGroups,
+ $aAddGroups,
$aRemoveGroups,
self::$excludegroups,
&$oStatus
diff --git a/UserManager/extension.json b/UserManager/extension.json
index e7d0b20..65a5726 100644
--- a/UserManager/extension.json
+++ b/UserManager/extension.json
@@ -26,7 +26,8 @@
"UserManagerAlias":
"includes/specials/SpecialUserManager.alias.php"
},
"APIModules": {
- "bs-usermanager-tasks": "BSApiTasksUserManager"
+ "bs-usermanager-tasks": "BSApiTasksUserManager",
+ "bs-usermanager-group-store": "BSApiChangeableGroupStore"
},
"MessagesDirs": {
"UserManager": [
@@ -36,6 +37,7 @@
"AutoloadClasses": {
"UserManager": "UserManager.class.php",
"BSApiTasksUserManager":
"includes/api/BSApiTasksUserManager.php",
+ "BSApiChangeableGroupStore":
"includes/api/BSApiChangeableGroupStore.php",
"SpecialUserManager":
"includes/specials/SpecialUserManager.class.php"
},
"ResourceModules": {
diff --git a/UserManager/i18n/en.json b/UserManager/i18n/en.json
index 16e7716..1a1bba1 100644
--- a/UserManager/i18n/en.json
+++ b/UserManager/i18n/en.json
@@ -45,5 +45,7 @@
"bs-usermanager-titledisableuser": "Disable user",
"bs-usermanager-titleenableuser": "Enable user",
"usermanager": "User manager",
- "action-usermanager-viewspecialpage": "view specialpage \"User
manager\""
+ "action-usermanager-viewspecialpage": "view specialpage \"User
manager\"",
+ "bs-usermanager-group-add-not-allowed": "You are not allowed to add
users to group $1",
+ "bs-usermanager-group-remove-not-allowed": "You are not allowed to
remove users from group $1"
}
diff --git a/UserManager/i18n/qqq.json b/UserManager/i18n/qqq.json
index f294e61..dc05c35 100644
--- a/UserManager/i18n/qqq.json
+++ b/UserManager/i18n/qqq.json
@@ -46,5 +46,7 @@
"bs-usermanager-titledisableuser": "Window title for disable user",
"bs-usermanager-titleenableuser": "Window title for enable user",
"usermanager": "Page title for special page of user manager",
- "action-usermanager-viewspecialpage": "Label for denied page access,
with name of special page"
+ "action-usermanager-viewspecialpage": "Label for denied page access,
with name of special page",
+ "bs-usermanager-group-add-not-allowed": "Error message in
[{{canonicalurl:Special:WikiAdmin|mode=UserManager}}
Special:WikiAdmin?mode=UserManager] when trying to add a user to a restricted
group\n\n* $1 is the name of the restricted group",
+ "bs-usermanager-group-remove-not-allowed": "Error message in
[{{canonicalurl:Special:WikiAdmin|mode=UserManager}}
Special:WikiAdmin?mode=UserManager] when trying to remove a user from a
restricted group\n\n* $1 is the name of the restricted group"
}
diff --git a/UserManager/includes/api/BSApiChangeableGroupStore.php
b/UserManager/includes/api/BSApiChangeableGroupStore.php
new file mode 100644
index 0000000..3b691a9
--- /dev/null
+++ b/UserManager/includes/api/BSApiChangeableGroupStore.php
@@ -0,0 +1,57 @@
+<?php
+/**
+ * This class serves as a backend for the usermanager group store.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ *
+ * This file is part of BlueSpice for MediaWiki
+ * For further information visit http://bluespice.com
+ *
+ * @author Markus Glaser <gla...@hallowelt.com>
+ * @package Bluespice_Extensions
+ * @copyright Copyright (C) 2016 Hallo Welt! GmbH, All rights reserved.
+ * @license http://www.gnu.org/copyleft/gpl.html GNU Public License v2 or
later
+ *
+ * Example request parameters of an ExtJS store
+ */
+class BSApiChangeableGroupStore extends BSApiGroupStore {
+ /**
+ * @param string $sQuery Potential query provided by ExtJS component.
+ * This is some kind of preliminary filtering. Subclass has to decide if
+ * and how to process it
+ * @return array - Full list of of data objects. Filters, paging,
sorting
+ * will be done by the base class
+ */
+ protected function makeData( $sQuery = '' ) {
+ $aData = parent::makeData( $sQuery );
+ $aChangeableData = array();
+ $aChangeableGroups = $this->getUser()->changeableGroups();
+ $aChangeableGroupsMerged = array_unique( array_merge(
+ $aChangeableGroups['add'],
+ $aChangeableGroups['add-self'],
+ $aChangeableGroups['remove'],
+ $aChangeableGroups['remove-self']
+ ));
+
+ foreach ( $aData as $aGroupDef ) {
+ if( !in_array( $aGroupDef->group_name,
$aChangeableGroupsMerged ) ) {
+ continue;
+ }
+ $aChangeableData[] = $aGroupDef;
+ }
+
+ return $aChangeableData;
+ }
+}
\ No newline at end of file
diff --git a/UserManager/resources/BS.UserManager/panel/Manager.js
b/UserManager/resources/BS.UserManager/panel/Manager.js
index 8ed19b7..b9e82de 100644
--- a/UserManager/resources/BS.UserManager/panel/Manager.js
+++ b/UserManager/resources/BS.UserManager/panel/Manager.js
@@ -37,7 +37,7 @@
});
this.strGroups = Ext.create( 'BS.store.BSApi', {
- apiAction: 'bs-group-store',
+ apiAction: 'bs-usermanager-group-store',
fields: ['group_name', 'additional_group',
'displayname'],
proxy: {
extraParams: {
--
To view, visit https://gerrit.wikimedia.org/r/309030
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Id22866cd190aa25c9725d6212d537e808557f39d
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/BlueSpiceExtensions
Gerrit-Branch: master
Gerrit-Owner: Mglaser <gla...@hallowelt.biz>
Gerrit-Reviewer: Dvogel hallowelt <daniel.vo...@hallowelt.com>
Gerrit-Reviewer: Ljonka <l.verhovs...@gmail.com>
Gerrit-Reviewer: Pwirth <wi...@hallowelt.biz>
Gerrit-Reviewer: Raimond Spekking <raimond.spekk...@gmail.com>
Gerrit-Reviewer: Robert Vogel <vo...@hallowelt.biz>
Gerrit-Reviewer: Siebrand <siebr...@kitano.nl>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
