Ljonka has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/311421

Change subject: PermissionManager: fix prevent lockout implementation after 
object/array conversion error, add default options to prevent manager lockout
......................................................................

PermissionManager: fix prevent lockout implementation after object/array 
conversion error, add default options to prevent manager lockout

Change-Id: If619c6ff3e4363f9d5a84f32c30e7d6f9c676ae6
---
M PermissionManager/PermissionManager.class.php
M PermissionManager/PermissionManager.setup.php
M PermissionManager/extension.json
M PermissionManager/includes/PermissionValidator.php
M PermissionManager/includes/api/ApiPermissionManager.php
M PermissionManager/resources/BS.PermissionManager/data/Manager.js
6 files changed, 374 insertions(+), 221 deletions(-)


  git pull 
ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/BlueSpiceExtensions 
refs/changes/21/311421/1

diff --git a/PermissionManager/PermissionManager.class.php 
b/PermissionManager/PermissionManager.class.php
index a774721..74c0028 100644
--- a/PermissionManager/PermissionManager.class.php
+++ b/PermissionManager/PermissionManager.class.php
@@ -43,6 +43,7 @@
         * @var string name of the virtual group which should be used to hold 
the lockmode settings
         */
        public static $sPmLockModeGroup = 'lockmode';
+
        /**
         * @var array
         */
@@ -84,13 +85,15 @@
                'suppressredirect' => true,
                'wikiadmin' => true
        );
+
        /**
         * @var array
         */
        public static $aGroups = array();
        public static $aBuiltInGroups = array(
-                       'autoconfirmed', 'emailconfirmed', 'bot', 'sysop', 
'bureaucrat', 'developer'
+               'autoconfirmed', 'emailconfirmed', 'bot', 'sysop', 
'bureaucrat', 'developer'
        );
+
        /**
         * @var array
         */
@@ -100,13 +103,13 @@
         * Constructor of PermissionManager
         */
        public function __construct() {
-               wfProfileIn( 'BS::' . __METHOD__);
+               wfProfileIn( 'BS::' . __METHOD__ );
                WikiAdmin::registerModule( 'PermissionManager', array(
-                                               'image' => 
'/extensions/BlueSpiceExtensions/WikiAdmin/resources/images/bs-btn_rechteverwaltung_v1.png',
-                                               'level' => 'wikiadmin',
-                                               'message' => 
'bs-permissionmanager-label',
-                                               'iconCls' => 'bs-icon-key'
-                               )
+                       'image' => 
'/extensions/BlueSpiceExtensions/WikiAdmin/resources/images/bs-btn_rechteverwaltung_v1.png',
+                       'level' => 'wikiadmin',
+                       'message' => 'bs-permissionmanager-label',
+                       'iconCls' => 'bs-icon-key'
+                 )
                );
                wfProfileOut( 'BS::' . __METHOD__ );
        }
@@ -235,8 +238,7 @@
         */
        public static function getSchemaUpdates( $updater ) {
                $updater->addExtensionTable(
-                               'bs_permission_templates',
-                               __DIR__ . DS . 'db' . DS . 
'PermissionManager.sql'
+                 'bs_permission_templates', __DIR__ . DS . 'db' . DS . 
'PermissionManager.sql'
                );
 
                return true;
@@ -280,42 +282,42 @@
        }
 
        /*
-       I could not figure out any circumstances when this would be needed!
-       Hook: 'BSWikiAdminUserManagerBeforeUserListSend' was removed
-       Groups have been queried by DB - why should there be a group lockmode?
-       array( users => array(
-               1 => array(
-                       groups => array(
-                               1 => array( 'group' => 'lockmode' )
-                       )
-               )
-       ))
-       public function onBSWikiAdminUserManagerBeforeUserListSend( 
$oUserManager, &$data ) {
-               if ( !BsConfig::get( 'MW::PermissionManager::Lockmode' ) )
-                       return true;
+         I could not figure out any circumstances when this would be needed!
+         Hook: 'BSWikiAdminUserManagerBeforeUserListSend' was removed
+         Groups have been queried by DB - why should there be a group lockmode?
+         array( users => array(
+         1 => array(
+         groups => array(
+         1 => array( 'group' => 'lockmode' )
+         )
+         )
+         ))
+         public function onBSWikiAdminUserManagerBeforeUserListSend( 
$oUserManager, &$data ) {
+         if ( !BsConfig::get( 'MW::PermissionManager::Lockmode' ) )
+         return true;
 
-               foreach ( $data[ 'users' ] as $keyname => $aUser ) {
-                       foreach ( $aUser as $index => $value ) {
-                               if ( is_array( $value ) ) {
-                                       foreach ( $value as $indexof => $val ) {
-                                               if ( is_array( $val ) ) {
-                                                       foreach ( $val as 
$indexname => $groupName ) {
-                                                               if ( $indexname 
== 'group' ) {
-                                                                       if ( 
$groupName == BsGroupHelper::getLockModeGroup() ) {
-                                                                               
unset( $data[ 'users' ][ $keyname ][ $index ][ $indexof ] );
-                                                                               
$data[ 'users' ][ $keyname ][ $index ] = array_values( $data[ 'users' ][ 
$keyname ][ $index ] );
-                                                                       }
-                                                               }
-                                                       }
-                                               }
-                                       }
-                               }
-                       }
-               }
+         foreach ( $data[ 'users' ] as $keyname => $aUser ) {
+         foreach ( $aUser as $index => $value ) {
+         if ( is_array( $value ) ) {
+         foreach ( $value as $indexof => $val ) {
+         if ( is_array( $val ) ) {
+         foreach ( $val as $indexname => $groupName ) {
+         if ( $indexname == 'group' ) {
+         if ( $groupName == BsGroupHelper::getLockModeGroup() ) {
+         unset( $data[ 'users' ][ $keyname ][ $index ][ $indexof ] );
+         $data[ 'users' ][ $keyname ][ $index ] = array_values( $data[ 'users' 
][ $keyname ][ $index ] );
+         }
+         }
+         }
+         }
+         }
+         }
+         }
+         }
 
-               return true;
-       }
-       */
+         return true;
+         }
+        */
 
        public static function setupLockmodePermissions() {
                global $wgAdditionalGroups, $wgGroupPermissions, 
$wgNamespacePermissionLockdown;
@@ -336,7 +338,7 @@
                                $bSave = true;
                        }
                        // reset sysop group permissions
-                       $wgGroupPermissions['sysop'] = 
self::$aSysopDefaultPermissions;
+                       $wgGroupPermissions[ 'sysop' ] = 
self::$aSysopDefaultPermissions;
 
                        if ( is_array( $wgNamespacePermissionLockdown ) ) {
                                foreach ( $wgNamespacePermissionLockdown as 
$iNsIndex => $aNsRights ) {
@@ -393,15 +395,15 @@
                                if ( isset( $wgNamespacePermissionLockdown[ 
$nsKey ][ $permissionName ] ) ) {
                                        if ( !in_array( 
self::$sPmLockModeGroup, $wgNamespacePermissionLockdown[ $nsKey ][ 
$permissionName ] ) ) {
                                                $wgNamespacePermissionLockdown[ 
$nsKey ][ $permissionName ] = array_unique(
-                                                       array_merge( 
$wgNamespacePermissionLockdown[ $nsKey ][ $permissionName ], array( 
self::$sPmLockModeGroup )
-                                                       )
+                                                 array_merge( 
$wgNamespacePermissionLockdown[ $nsKey ][ $permissionName ], array( 
self::$sPmLockModeGroup )
+                                                 )
                                                );
                                                $bSave = true;
                                        }
                                        if ( !in_array( 'sysop', 
$wgNamespacePermissionLockdown[ $nsKey ][ $permissionName ] ) ) {
                                                $wgNamespacePermissionLockdown[ 
$nsKey ][ $permissionName ] = array_unique(
-                                                       array_merge( 
$wgNamespacePermissionLockdown[ $nsKey ][ $permissionName ], array( 'sysop' )
-                                                       )
+                                                 array_merge( 
$wgNamespacePermissionLockdown[ $nsKey ][ $permissionName ], array( 'sysop' )
+                                                 )
                                                );
                                                $bSave = true;
                                        }
@@ -438,9 +440,9 @@
                        }
 
                        $aMetadata[] = array(
-                                       'id' => $iNSId,
-                                       'name' => $sNsText,
-                                       'hideable' => $iNSId !== NS_MAIN
+                               'id' => $iNSId,
+                               'name' => $sNsText,
+                               'hideable' => $iNSId !== NS_MAIN
                        );
                }
 
@@ -463,7 +465,7 @@
                        foreach ( $aRights as $sRight ) {
                                if ( !isset( $bsgPermissionConfig[ $sRight ] ) 
) {
                                        $bsgPermissionConfig[ $sRight ] = array(
-                                                       'type' => 'namespace'
+                                               'type' => 'namespace'
                                        );
                                }
                                $aConfig = $bsgPermissionConfig[ $sRight ];
@@ -472,9 +474,7 @@
                                        'hint' => wfMessage( 'right-' . $sRight 
)->plain(),
                                        'right' => $sRight,
                                        'type' => $bGlobalPermission ? 2 : 1,
-                                       'typeHeader' => $bGlobalPermission
-                                                       ? wfMessage( 
'bs-permissionmanager-grouping-global' )->plain()
-                                                       : wfMessage( 
'bs-permissionmanager-grouping-local' )->plain()
+                                       'typeHeader' => $bGlobalPermission ? 
wfMessage( 'bs-permissionmanager-grouping-global' )->plain() : wfMessage( 
'bs-permissionmanager-grouping-local' )->plain()
                                );
                        }
                }
@@ -508,9 +508,9 @@
                        $bSaveResult = PermissionTemplates::editTemplate( $iId, 
$sName, $aPermissions, $sDescription );
                }
                $aResult = array(
-                               'success' => false,
-                               'msg' => $bSaveResult,
-                               'id' => $iId
+                       'success' => false,
+                       'msg' => $bSaveResult,
+                       'id' => $iId
                );
 
                if ( $bSaveResult ) {
@@ -530,8 +530,8 @@
                        $bDeleteResult = false;
                }
                $aResult = array(
-                               'success' => false,
-                               'msg' => ''
+                       'success' => false,
+                       'msg' => ''
                );
 
                if ( $bDeleteResult ) {
@@ -553,8 +553,8 @@
                        return false;
                }
 
-               $aGroupPermissions = $data->groupPermission;
-               $aLockdown = $data->permissionLockdown;
+               $aGroupPermissions = ( array ) $data->groupPermission;
+               $aLockdown = ( array ) $data->permissionLockdown;
                $aResult = array();
                $mStatus = wfRunHooks( 
'BsPermissionManager::beforeSavePermissions', array( &$aLockdown, 
&$aGroupPermissions, &$aResult ) );
 
@@ -568,11 +568,11 @@
                }
 
                if ( $mStatus === true ) {
-                       $mStatusWritePMSettings = self::writeGroupSettings( 
(array)$aGroupPermissions, (array)$aLockdown );
+                       $mStatusWritePMSettings = self::writeGroupSettings( 
$aGroupPermissions, $aLockdown );
                        return $mStatusWritePMSettings;
                }
 
-               return false;
+               return $mStatus;
        }
 
        public static function getPermissionArray( $group = "", $timestamp = "" 
) {
@@ -666,7 +666,7 @@
                        if ( !empty( $aPermissions ) ) {
                                continue;
                        }
-                       $aJsVars[ 'bsPermissionManagerGroupPermissions' ][ 
$sGroup ] = (object)array();
+                       $aJsVars[ 'bsPermissionManagerGroupPermissions' ][ 
$sGroup ] = ( object ) array();
                }
 
                return $aJsVars;
@@ -681,7 +681,7 @@
         * @param array $aGroupPermissions
         * @return bool|String
         */
-       protected static function preventPermissionLockout( &$aGroupPermissions 
) {
+       protected static function preventPermissionLockout( $aGroupPermissions 
) {
                global $bsgPermissionConfig;
 
                $aRights = User::getAllRights();
@@ -694,6 +694,7 @@
                                $bIsSet = false;
                                if ( is_array( $aGroupPermissions ) ) {
                                        foreach ( $aGroupPermissions as 
$sGroupName => $aDataset ) {
+                                               $aDataset = (array)$aDataset;
                                                // no user can be in the lock 
mode group so we don't care if it has the right or not
                                                if ( $sGroupName == 
self::$sPmLockModeGroup ) {
                                                        continue;
@@ -705,8 +706,8 @@
                                        }
                                        if ( !$bIsSet ) {
                                                return Message::newFromKey( 
'bs-permissionmanager-error-lockout' )
-                                                               ->params( 
$sRight )
-                                                               ->plain();
+                                                         ->params( $sRight )
+                                                         ->plain();
                                        }
                                }
                        }
@@ -722,11 +723,11 @@
                /* @var $oTemplate PermissionTemplates */
                foreach ( $aTemplates as $oTemplate ) {
                        $aOutput[] = array(
-                                       'id' => $oTemplate->getId(),
-                                       'text' => $oTemplate->getName(),
-                                       'leaf' => true,
-                                       'description' => 
$oTemplate->getDescription(),
-                                       'ruleSet' => 
$oTemplate->getPermissions()
+                               'id' => $oTemplate->getId(),
+                               'text' => $oTemplate->getName(),
+                               'leaf' => true,
+                               'description' => $oTemplate->getDescription(),
+                               'ruleSet' => $oTemplate->getPermissions()
                        );
                }
 
@@ -739,8 +740,8 @@
                if ( wfReadOnly() ) {
                        global $wgReadOnly;
                        return array(
-                                       'success' => false,
-                                       'msg' => wfMessage( 'bs-readonly', 
$wgReadOnly )->plain()
+                               'success' => false,
+                               'msg' => wfMessage( 'bs-readonly', $wgReadOnly 
)->plain()
                        );
                }
                if ( BsCore::checkAccessAdmission( 'wikiadmin' ) === false )
@@ -759,9 +760,7 @@
                        foreach ( $aPermissions as $sPermission => $bValue ) {
                                $sSaveContent .= 
"\$GLOBALS['wgGroupPermissions']['{$sGroup}']['{$sPermission}'] = " . ( $bValue 
? 'true' : 'false' ) . ";\n";
                                // check if settings for the given group changed
-                               if ( !isset( $wgGroupPermissions[ $sGroup ] )
-                                               || !isset( $wgGroupPermissions[ 
$sGroup ][ $sPermission ] )
-                                               || $wgGroupPermissions[ $sGroup 
][ $sPermission ] != $bValue ) {
+                               if ( !isset( $wgGroupPermissions[ $sGroup ] ) 
|| !isset( $wgGroupPermissions[ $sGroup ][ $sPermission ] ) || 
$wgGroupPermissions[ $sGroup ][ $sPermission ] != $bValue ) {
                                        $aDiffGroups[ $sGroup ] = true;
                                }
                        }
@@ -778,7 +777,7 @@
                                //$sNsCanonicalName does not always match the 
constant name.
                                //Fallback to NS index or this will throw a 
million notices
                                //on every page load.
-                               if( !defined( $sNsConstant ) ) {
+                               if ( !defined( $sNsConstant ) ) {
                                        $sNsConstant = $iNS;
                                }
                                foreach ( $aPermissions as $sPermission => 
$aGroups ) {
@@ -786,13 +785,12 @@
                                                continue;
                                        }
                                        $sSaveContent .= 
"\$GLOBALS['wgNamespacePermissionLockdown'][$sNsConstant]['$sPermission']"
-                                               . " = array(" . ( count( 
$aGroups ) ? "'" . implode( "','", $aGroups ) . "'" : '' ) . ");\n";
+                                         . " = array(" . ( count( $aGroups ) ? 
"'" . implode( "','", $aGroups ) . "'" : '' ) . ");\n";
                                        if ( $sPermission == 'read' ) {
                                                $isReadLockdown = true;
                                        }
                                        // check if settings for any group 
changed
-                                       if ( isset( 
$wgNamespacePermissionLockdown[ $sNsConstant ] )
-                                               && isset( 
$wgNamespacePermissionLockdown[ $sNsConstant ][ $sPermission ] )
+                                       if ( isset( 
$wgNamespacePermissionLockdown[ $sNsConstant ] ) && isset( 
$wgNamespacePermissionLockdown[ $sNsConstant ][ $sPermission ] )
                                        ) {
                                                $aLocalDiffGroups = array_diff( 
$aGroups, $wgNamespacePermissionLockdown[ $sNsConstant ][ $sPermission ] );
                                                foreach ( $aLocalDiffGroups as 
$sDiffGroup ) {
@@ -818,7 +816,7 @@
                                        $oLogger->setPerformer( $oUser );
                                        $oLogger->setTarget( $oTitle );
                                        $oLogger->setParameters( array(
-                                                       '4::diffGroup' => 
$sDiffGroup
+                                               '4::diffGroup' => $sDiffGroup
                                        ) );
                                        $oLogger->insert();
                                }
@@ -826,9 +824,9 @@
                        return array( 'success' => true );
                } else {
                        return array(
-                                       'success' => false,
-                                       // TODO SU (04.07.11 12:06): i18n
-                                       'msg' => 'Not able to create or write 
"' . $bsgConfigFiles[ 'PermissionManager' ] . '".'
+                               'success' => false,
+                               // TODO SU (04.07.11 12:06): i18n
+                               'msg' => 'Not able to create or write "' . 
$bsgConfigFiles[ 'PermissionManager' ] . '".'
                        );
                }
        }
@@ -861,4 +859,5 @@
                        unlink( $oldBackupFile );
                }
        }
+
 }
diff --git a/PermissionManager/PermissionManager.setup.php 
b/PermissionManager/PermissionManager.setup.php
index 1930c95..07d82e9 100644
--- a/PermissionManager/PermissionManager.setup.php
+++ b/PermissionManager/PermissionManager.setup.php
@@ -1,2 +1,107 @@
 <?php
+if( !isset( $bsgPermissionManagerDefaultTemplates ) ) {
+       $bsgPermissionManagerDefaultTemplates = array();
+}
+
+$bsgConfigFiles['PermissionManager'] = BSCONFIGDIR . DS . 'pm-settings.php';
+
+//set config for Permissionmanager::preventPermissionLockout
+global $bsgPermissionConfig;
+$bsgPermissionConfig[ 'read' ][ 'preventLockout' ] = true;
+$bsgPermissionConfig[ 'wikiadmin' ][ 'preventLockout' ] = true;
+$bsgPermissionConfig[ 'edit' ][ 'preventLockout' ] = true;
+
+$bsgPermissionManagerDefaultTemplates = array(
+       //Not namespace specific
+       'bs-permissionmanager-default-template-read-general-title' => array(
+               //BlueSpice
+               //TODO: Move to other extensions
+               'files',
+               'viewfiles',
+               'searchfiles'
+
+       ),
+
+       'bs-permissionmanager-default-template-read-title' => array(
+               //MediaWiki standard
+               'read',
+
+               //BlueSpice
+               //TODO: Move to other extensions
+               'readshoutbox',
+               'universalexport-export',
+               'universalexport-export-with-attachments'
+
+       ),
+
+       //Not namespace specific
+       'bs-permissionmanager-default-template-edit-general-title' => array(
+               //MediaWiki standard
+               'movefile',
+               'move-rootuserpages',
+               'upload',
+                       'reupload',
+                       'reupload-own',
+                       'reupload-shared',
+                       'upload_by_url',
+               'writeapi',
+
+               //BlueSpice
+               //TODO: Move to other extensions
+               'writeshoutbox'
+       ),
+
+       'bs-permissionmanager-default-template-edit-title' => array(
+               //MediaWiki standard
+               'edit',
+               'create',
+               'createtalk',
+               'move',
+                       'move-subbpages',
+               'delete',
+
+               //BlueSpice
+               //TODO: Move to other extensions
+               'writeshoutbox'
+       ),
+
+       'bs-permissionmanager-default-template-admin-title' => array(
+               //MediaWiki standard
+               'bigdelete',
+               'browsearchive',
+               'createaccount',
+               'deletedtext',
+               'deletedhistory',
+               'protect',
+               'editprotected',
+               'block',
+               'rollback',
+               'import',
+               'userrights',
+
+               //BlueSpice
+               //TODO: Move to other extensions
+               'wikiadmin',
+                       'editadmin', // still in use?
+                       'useradmin' // still in use?
+       ),
+
+       'bs-permissionmanager-default-template-quality-title' => array(
+               //MediaWiki FlaggedRevs
+               //TODO: Move to other extensions
+               'autoreview',
+               'review',
+               'unreviewdpages',
+               'validate',
+
+               //BlueSpice
+               //TODO: Move to other extensions
+               'responsibleeditors-changeresponsibility',
+               'responsibleeditors-takeresponsibility',
+               'responsibleeditors-viewspecialpage',
+               'workflowview',
+                       'workflowedit', // still in use?
+       )
+) + $bsgPermissionManagerDefaultTemplates;
+
 wfLoadExtension( 'BlueSpiceExtensions/PermissionManager' );
\ No newline at end of file
diff --git a/PermissionManager/extension.json b/PermissionManager/extension.json
index a3fef57..90809cc 100644
--- a/PermissionManager/extension.json
+++ b/PermissionManager/extension.json
@@ -95,8 +95,7 @@
                }
        },
        "Hooks": {
-               "LoadExtensionSchemaUpdates": 
"PermissionManager::getSchemaUpdates",
-               "BsPermissionManager::beforeSavePermissions": 
"PermissionValidator::beforeSavePermissionsValidateGlobalRead"
+               "LoadExtensionSchemaUpdates": 
"PermissionManager::getSchemaUpdates"
        },
        "manifest_version": 1
 }
diff --git a/PermissionManager/includes/PermissionValidator.php 
b/PermissionManager/includes/PermissionValidator.php
index 100fe96..db08a21 100644
--- a/PermissionManager/includes/PermissionValidator.php
+++ b/PermissionManager/includes/PermissionValidator.php
@@ -9,15 +9,60 @@
         */
        public static function beforeSavePermissionsValidateGlobalRead( 
&$aLockdown, &$aGroupPermissions, &$aResult ) {
                $arrGroupPermissions = ( array ) $aGroupPermissions; 
//important for access, because object->* wouldnt work
+               print_r($arrGroupPermissions[ '*' ]->read );
                $boolReadGlobal = (isset( $arrGroupPermissions[ '*' ]->read )) 
? $arrGroupPermissions[ '*' ]->read : false;
                $boolReadUser = (isset( $arrGroupPermissions[ 'user' ]->read )) 
? $arrGroupPermissions[ 'user' ]->read : false;
                $boolReadSysop = (isset( $arrGroupPermissions[ 'sysop' ]->read 
)) ? $arrGroupPermissions[ 'sysop' ]->read : false;
                $boolGlobalRead = ($boolReadGlobal || $boolReadUser || 
$boolReadSysop);
 
+
+
                if(!$boolGlobalRead) {
                        $aResult = array(
                                        'success' => false,
-                                       'msg' => wfMessage( 
'bs-permissionmanager-error-lockout', 'read' )->plain()
+                                       'message' => wfMessage( 
'bs-permissionmanager-error-lockout', 'read' )->plain()
+                       );
+               }
+               return true;
+       }
+
+       /**
+        * check if wikiadmin permission on global level is set minimum for 
group sysop
+        * @param array $aLockdown
+        * @param array $aGroupPermissions
+        */
+       public static function beforeSavePermissionsValidateGlobalWikiadmin( 
&$aLockdown, &$aGroupPermissions, &$aResult ) {
+               $arrGroupPermissions = ( array ) $aGroupPermissions; 
//important for access, because object->* wouldnt work
+               $boolReadGlobal = (isset( $arrGroupPermissions[ '*' 
]->wikiadmin )) ? $arrGroupPermissions[ '*' ]->wikiadmin : false;
+               $boolReadUser = (isset( $arrGroupPermissions[ 'user' 
]->wikiadmin )) ? $arrGroupPermissions[ 'user' ]->wikiadmin : false;
+               $boolReadSysop = (isset( $arrGroupPermissions[ 'sysop' 
]->wikiadmin )) ? $arrGroupPermissions[ 'sysop' ]->wikiadmin : false;
+               $boolGlobalRead = ($boolReadGlobal || $boolReadUser || 
$boolReadSysop);
+
+               if(!$boolGlobalRead) {
+                       $aResult = array(
+                                       'success' => false,
+                                       'msg' => wfMessage( 
'bs-permissionmanager-error-lockout', 'wikiadmin' )->plain()
+                       );
+               }
+               return true;
+       }
+
+       /**
+        * check if edit permission on global level is set minimum for group 
sysop
+        * @param array $aLockdown
+        * @param array $aGroupPermissions
+        */
+       public static function beforeSavePermissionsValidateGlobalEdit( 
&$aLockdown, &$aGroupPermissions, &$aResult ) {
+               $arrGroupPermissions = ( array ) $aGroupPermissions; 
//important for access, because object->* wouldnt work
+               $boolReadGlobal = (isset( $arrGroupPermissions[ '*' ]->edit )) 
? $arrGroupPermissions[ '*' ]->edit : false;
+               $boolReadUser = (isset( $arrGroupPermissions[ 'user' ]->edit )) 
? $arrGroupPermissions[ 'user' ]->edit : false;
+               $boolReadSysop = (isset( $arrGroupPermissions[ 'sysop' ]->edit 
)) ? $arrGroupPermissions[ 'sysop' ]->edit : false;
+               $boolGlobalRead = ($boolReadGlobal || $boolReadUser || 
$boolReadSysop);
+
+               if(!$boolGlobalRead) {
+                       $aResult = array(
+                                       'success' => false,
+                                       'msg' => wfMessage( 
'bs-permissionmanager-error-lockout', 'edit' )->plain()
                        );
                }
                return true;
diff --git a/PermissionManager/includes/api/ApiPermissionManager.php 
b/PermissionManager/includes/api/ApiPermissionManager.php
index 218ee96..33ea500 100644
--- a/PermissionManager/includes/api/ApiPermissionManager.php
+++ b/PermissionManager/includes/api/ApiPermissionManager.php
@@ -1,127 +1,132 @@
-<?php
-
-/*
- * To change this license header, choose License Headers in Project Properties.
- * To change this template file, choose Tools | Templates
- * and open the template in the editor.
- */
-
-class ApiPermissionManager extends BSApiTasksBase {
-
-       protected $aTasks = array( 'savePermissions', 'permissions', 
'setTemplateData', 'deleteTemplate' );
-
-       public function getTaskDataDefinitions() {
-               return array(
-                       "setTemplateData" => array(
-                               "id" => array(
-                                       "type" => "int",
-                                       "required" => true,
-                                       "default" => ''
-                               ),
-                               "text" => array(
-                                       "type" => "string",
-                                       "required" => true,
-                                       "default" => ''
-                               ),
-                               "leaf" => array(
-                                       "type" => "boolean",
-                                       "required" => true,
-                                       "default" => ''
-                               ),
-                               "ruleSet" => array(
-                                       "type" => "array",
-                                       "required" => true,
-                                       "default" => ''
-                               ),
-                               "description" => array(
-                                       "type" => "string",
-                                       "required" => true,
-                                       "default" => ''
-                               )
-                       ),
-                       "deleteTemplate" => array(
-                               "id" => array(
-                                       "type" => "int",
-                                       "required" => true,
-                                       "default" => ''
-                               )
-                       ),
-                       "savePermissions" => array(
-                               "groupPermission" => array(
-                                       "type" => "array",
-                                       "required" => true,
-                                       "default" => ''
-                               ),
-                               "permissionLockdown" => array(
-                                       "type" => "array",
-                                       "required" => true,
-                                       "default" => ''
-                               ),
-                               )
-               );
-       }
-
-       protected function getRequiredTaskPermissions() {
-               return array(
-                       'deleteTemplate' => array( 'wikiadmin' ),
-                       'permissions' => array( 'wikiadmin' ),
-                       'savePermissions' => array( 'wikiadmin' ),
-                       'setTemplateData' => array( 'wikiadmin' ),
-               );
-       }
-
-       protected function task_savePermissions( $oData ) {
-               $oRet = $this->makeStandardReturn();
-               $arrRes = PermissionManager::savePermissions( $oData );
-               $oRet->payload = $arrRes;
-               $oRet->success = $arrRes[ "success" ];
-
-               return $oRet;
-       }
-
-       protected function task_setTemplateData( $oTaskData ) {
-               $oRet = $this->makeStandardReturn();
-               $arrRes = PermissionManager::setTemplateData( $oTaskData );
-               $oRet->payload = $arrRes;
-               $oRet->success = $arrRes[ "success" ];
-
-               return $oRet;
-       }
-
-       protected function task_deleteTemplate( $oData ) {
-               $oRet = $this->makeStandardReturn();
-               $arrRes = PermissionManager::deleteTemplate( $oData->id );
-               $oRet->payload = $arrRes;
-               $oRet->success = $arrRes[ "success" ];
-
-               return $oRet;
-       }
-
-       protected function task_permissions( $oData ) {
-               $oRet = $this->makeStandardReturn();
-               //is revision requested by timestamp? default = current
-               $arrData = array();
-               if ( !isset( $oData->revision ) ) {
-                       //remove old permissions and override by including file
-                       $arrData = PermissionManager::getPermissionArray( 
$oData->group );
-               } else {
-                       $arrData = PermissionManager::getPermissionArray( 
$oData->group, $oData->revision );
-               }
-
-               //return permissions for requested revision
-               $arrResult = array(
-                       'result' => 'Success',
-                       'data' => $arrData
-               );
-               $oRet->success = true;
-               //todo: add xml output handler, actualy this is only working 
for json
-               $oRet->payload = $arrResult;
-
-               return $oRet;
-       }
-
-       public function __construct( $main, $action ) {
-               parent::__construct( $main, $action );
-       }
-
-}
+<?php
+
+/*
+ * To change this license header, choose License Headers in Project Properties.
+ * To change this template file, choose Tools | Templates
+ * and open the template in the editor.
+ */
+
+class ApiPermissionManager extends BSApiTasksBase {
+
+       protected $aTasks = array( 'savePermissions', 'permissions', 
'setTemplateData', 'deleteTemplate' );
+
+       public function getTaskDataDefinitions() {
+               return array(
+                       "setTemplateData" => array(
+                               "id" => array(
+                                       "type" => "int",
+                                       "required" => true,
+                                       "default" => ''
+                               ),
+                               "text" => array(
+                                       "type" => "string",
+                                       "required" => true,
+                                       "default" => ''
+                               ),
+                               "leaf" => array(
+                                       "type" => "boolean",
+                                       "required" => true,
+                                       "default" => ''
+                               ),
+                               "ruleSet" => array(
+                                       "type" => "array",
+                                       "required" => true,
+                                       "default" => ''
+                               ),
+                               "description" => array(
+                                       "type" => "string",
+                                       "required" => true,
+                                       "default" => ''
+                               )
+                       ),
+                       "deleteTemplate" => array(
+                               "id" => array(
+                                       "type" => "int",
+                                       "required" => true,
+                                       "default" => ''
+                               )
+                       ),
+                       "savePermissions" => array(
+                               "groupPermission" => array(
+                                       "type" => "array",
+                                       "required" => true,
+                                       "default" => ''
+                               ),
+                               "permissionLockdown" => array(
+                                       "type" => "array",
+                                       "required" => true,
+                                       "default" => ''
+                               ),
+                       )
+               );
+       }
+
+       protected function getRequiredTaskPermissions() {
+               return array(
+                       'deleteTemplate' => array( 'wikiadmin' ),
+                       'permissions' => array( 'wikiadmin' ),
+                       'savePermissions' => array( 'wikiadmin' ),
+                       'setTemplateData' => array( 'wikiadmin' ),
+               );
+       }
+
+       protected function task_savePermissions( $oData ) {
+               $oRet = $this->makeStandardReturn();
+               $oRet->success = true;
+               $arrRes = PermissionManager::savePermissions( $oData );
+
+               if ( $arrRes !== true && ( !isset( $arrRes['success'] ) || 
$arrRes['success'] !== true ) ) {
+                       $oRet->errors[] = $arrRes;
+                       $oRet->message = "Error: " . $arrRes;
+                       $oRet->success = false;
+               }
+
+               return $oRet;
+       }
+
+       protected function task_setTemplateData( $oTaskData ) {
+               $oRet = $this->makeStandardReturn();
+               $arrRes = PermissionManager::setTemplateData( $oTaskData );
+               $oRet->payload = $arrRes;
+               $oRet->success = $arrRes[ "success" ];
+
+               return $oRet;
+       }
+
+       protected function task_deleteTemplate( $oData ) {
+               $oRet = $this->makeStandardReturn();
+               $arrRes = PermissionManager::deleteTemplate( $oData->id );
+               $oRet->payload = $arrRes;
+               $oRet->success = $arrRes[ "success" ];
+
+               return $oRet;
+       }
+
+       protected function task_permissions( $oData ) {
+               $oRet = $this->makeStandardReturn();
+               //is revision requested by timestamp? default = current
+               $arrData = array();
+               if ( !isset( $oData->revision ) ) {
+                       //remove old permissions and override by including file
+                       $arrData = PermissionManager::getPermissionArray( 
$oData->group );
+               } else {
+                       $arrData = PermissionManager::getPermissionArray( 
$oData->group, $oData->revision );
+               }
+
+               //return permissions for requested revision
+               $arrResult = array(
+                       'result' => 'Success',
+                       'data' => $arrData
+               );
+               $oRet->success = true;
+               //todo: add xml output handler, actualy this is only working 
for json
+               $oRet->payload = $arrResult;
+
+               return $oRet;
+       }
+
+       public function __construct( $main, $action ) {
+               parent::__construct( $main, $action );
+       }
+
+}
diff --git a/PermissionManager/resources/BS.PermissionManager/data/Manager.js 
b/PermissionManager/resources/BS.PermissionManager/data/Manager.js
index 931d591..cc3231a 100644
--- a/PermissionManager/resources/BS.PermissionManager/data/Manager.js
+++ b/PermissionManager/resources/BS.PermissionManager/data/Manager.js
@@ -487,9 +487,8 @@
                        }
                ).done(function (response) {
                        //var result = Ext.JSON.decode(response.responseText);
-                       var result = response.payload;
 
-                       if (result.success === true) {
+                       if (response.success === true) {
                                caller.unmask();
 
                                mw.notify( mw.msg( 
'bs-permissionmanager-save-success' ), { title: mw.msg( 
'bs-extjs-title-success' ) } );
@@ -522,15 +521,16 @@
                        } else {
                                caller.unmask();
                                bs.util.alert( 'bs-pm-save-error', {
-                                       text: result.msg
+                                       text: result.message
                                });
                        }
                }).fail( function ( response ) {
-                       var result = response.payload;
                        caller.unmask();
+                       /*
                        bs.util.alert( 'bs-pm-save-error', {
-                               text: result.msg
+                               text: response.message
                        } );
+                       */
                } );
 
        }

-- 
To view, visit https://gerrit.wikimedia.org/r/311421
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: If619c6ff3e4363f9d5a84f32c30e7d6f9c676ae6
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/BlueSpiceExtensions
Gerrit-Branch: master
Gerrit-Owner: Ljonka <l.verhovs...@gmail.com>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to