At the moment the action=userrights modules makes nothing, when the user is not allow to change any userrights or one of the specified userrights. It is better to get a api error in this case.
Thanks.
You can call UserrightsPage::userCanChangeRights to check if the user can change any userrights.
Version: 1.20.x
Severity: normal