includes/SpecialUserrights.php

   1 <?php
   2 /**
   3  * Provide an administration interface
   4  * DO NOT USE: INSECURE.
   5  *
   6  * TODO : remove everything related to group editing (SpecialGrouplevels.php)
   7  * @package MediaWiki
   8  * @subpackage SpecialPage
   9  */
  10
  11 /** */
  12 require_once('HTMLForm.php');
  13
  14 /** Entry point */
  15 function wfSpecialUserrights() {
  16         global $wgRequest;
  17         $form = new UserrightsForm($wgRequest);
  18         $form->execute();
  19 }
  20
  21 /**
  22  * A class to manage user levels rights.
  23  * @package MediaWiki
  24  * @subpackage SpecialPage
  25  */
  26 class UserrightsForm extends HTMLForm {
  27         var $mPosted, $mRequest, $mSaveprefs;
  28         /** Escaped local url name*/
  29         var $action;
  30
  31         /** Constructor*/
  32         function UserrightsForm ( &$request ) {
  33                 $this->mPosted = $request->wasPosted();
  34                 $this->mRequest =& $request;
  35                 $this->mName = 'userrights';
  36
  37                 $titleObj = SpecialPage::getTitleFor( 'Userrights' );
  38                 $this->action = $titleObj->escapeLocalURL();
  39         }
  40
  41         /**
  42          * Manage forms to be shown according to posted data.
  43          * Depending on the submit button used, call a form or a save function.
  44          */
  45         function execute() {
  46                 // show the general form
  47                 $this->switchForm();
  48                 if( $this->mPosted ) {
  49                         // show some more forms
  50                         if( $this->mRequest->getCheck( 'ssearchuser' ) ) {
  51                                 $this->editUserGroupsForm( $this->mRequest->getVal( 'user-editname' ) );
  52                         }
  53
  54                         // save settings
  55                         if( $this->mRequest->getCheck( 'saveusergroups' ) ) {
  56                                 global $wgUser;
  57                                 $username = $this->mRequest->getVal( 'user-editname' );
  58                                 if( $wgUser->matchEditToken( $this->mRequest->getVal( 'wpEditToken' ), $username ) ) {
  59                                         $this->saveUserGroups( $username,
  60                                                 $this->mRequest->getArray( 'member' ),
  61                                                 $this->mRequest->getArray( 'available' ) );
  62                                 }
  63                         }
  64                 }
  65         }
  66
  67         /**
  68          * Save user groups changes in the database.
  69          * Data comes from the editUserGroupsForm() form function
  70          *
  71          * @param string $username Username to apply changes to.
  72          * @param array $removegroup id of groups to be removed.
  73          * @param array $addgroup id of groups to be added.
  74          *
  75          */
  76         function saveUserGroups( $username, $removegroup, $addgroup) {
  77                 global $wgOut;
  78                 $u = User::newFromName($username);
  79
  80                 if(is_null($u)) {
  81                         $wgOut->addWikiText( wfMsg( 'nosuchusershort', htmlspecialchars( $username ) ) );
  82                         return;
  83                 }
  84
  85                 if($u->getID() == 0) {
  86                         $wgOut->addWikiText( wfMsg( 'nosuchusershort', htmlspecialchars( $username ) ) );
  87                         return;
  88                 }
  89
  90                 $oldGroups = $u->getGroups();
  91                 $newGroups = $oldGroups;
  92                 $logcomment = ' ';
  93                 // remove then add groups
  94                 if(isset($removegroup)) {
  95                         $newGroups = array_diff($newGroups, $removegroup);
  96                         foreach( $removegroup as $group ) {
  97                                 $u->removeGroup( $group );
  98                         }
  99                 }
 100                 if(isset($addgroup)) {
 101                         $newGroups = array_merge($newGroups, $addgroup);
 102                         foreach( $addgroup as $group ) {
 103                                 $u->addGroup( $group );
 104                         }
 105                 }
 106                 $newGroups = array_unique( $newGroups );
 107
 108                 wfDebug( 'oldGroups: ' . print_r( $oldGroups, true ) );
 109                 wfDebug( 'newGroups: ' . print_r( $newGroups, true ) );
 110
 111                 wfRunHooks( 'UserRights', array( &$u, $addgroup, $removegroup ) );
 112                 $log = new LogPage( 'rights' );
 113                 $log->addEntry( 'rights', Title::makeTitle( NS_USER, $u->getName() ), '', array( $this->makeGroupNameList( $oldGroups ),
 114                         $this->makeGroupNameList( $newGroups ) ) );
 115         }
 116
 117         function makeGroupNameList( $ids ) {
 118                 return implode( ', ', $ids );
 119         }
 120
 121         /**
 122          * The entry form
 123          * It allows a user to look for a username and edit its groups membership
 124          */
 125         function switchForm() {
 126                 global $wgOut;
 127
 128                 // user selection
 129                 $wgOut->addHTML( "<form name=\"uluser\" action=\"$this->action\" method=\"post\">\n" );
 130                 $wgOut->addHTML( $this->fieldset( 'lookup-user',
 131                                 $this->textbox( 'user-editname' ) .
 132                                 wfElement( 'input', array(
 133                                         'type'  => 'submit',
 134                                         'name'  => 'ssearchuser',
 135                                         'value' => wfMsg( 'editusergroup' ) ) )
 136                 ));
 137                 $wgOut->addHTML( "</form>\n" );
 138         }
 139
 140         /**
 141          * Edit user groups membership
 142          * @param string $username Name of the user.
 143          */
 144         function editUserGroupsForm($username) {
 145                 global $wgOut, $wgUser;
 146
 147                 $user = User::newFromName($username);
 148                 if( is_null( $user ) ) {
 149                         $wgOut->addWikiText( wfMsg( 'nouserspecified' ) );
 150                         return;
 151                 } elseif( $user->getID() == 0 ) {
 152                         $wgOut->addWikiText( wfMsg( 'nosuchusershort', wfEscapeWikiText( $username ) ) );
 153                         return;
 154                 }
 155
 156                 $groups = $user->getGroups();
 157
 158                 $wgOut->addHTML( "<form name=\"editGroup\" action=\"$this->action\" method=\"post\">\n".
 159                         wfElement( 'input', array(
 160                                 'type'  => 'hidden',
 161                                 'name'  => 'user-editname',
 162                                 'value' => $username ) ) .
 163                         wfElement( 'input', array(
 164                                 'type'  => 'hidden',
 165                                 'name'  => 'wpEditToken',
 166                                 'value' => $wgUser->editToken( $username ) ) ) .
 167                         $this->fieldset( 'editusergroup',
 168                         $wgOut->parse( wfMsg('editinguser', $username ) ) .
 169                         '<table border="0" align="center"><tr><td>'.
 170                         HTMLSelectGroups('member', $this->mName.'-groupsmember', $groups,true,6).
 171                         '</td><td>'.
 172                         HTMLSelectGroups('available', $this->mName.'-groupsavailable', $groups,true,6,true).
 173                         '</td></tr></table>'."\n".
 174                         $wgOut->parse( wfMsg('userrights-groupshelp') ) .
 175                         wfElement( 'input', array(
 176                                 'type'  => 'submit',
 177                                 'name'  => 'saveusergroups',
 178                                 'value' => wfMsg( 'saveusergroups' ) ) )
 179                         ));
 180                 $wgOut->addHTML( "</form>\n" );
 181         }
 182 } // end class UserrightsForm
 183 ?>