Page MenuHomePhabricator
Create Task
Maniphest T35732

action=userrights: give error when user is not allowed to change userrights
Open, LowPublic
Actions

Description

At the moment the action=userrights modules makes nothing, when the user is not allow to change any userrights or one of the specified userrights. It is better to get a api error in this case.

Thanks.

You can call UserrightsPage::userCanChangeRights to check if the user can change any userrights.

Version: 1.20.x
Severity: normal

Details

Reference
bz33732
TitleReferenceAuthorSource BranchDest Branch
ldap: escape cn values when searchingtoolforge-repos/gitlab-account-approval!13bd808work/bd808/escape-ldap-search-inputmain
Customize query in GitLab

Event Timeline

bzimport raised the priority of this task from to Low.Nov 22 2014, 12:01 AM
bzimport added a project: MediaWiki-Action-API.
bzimport set Reference to bz33732.
bzimport added a subscriber: Unknown Object (MLST).
duplicatebug created this task.Jan 14 2012, 10:39 PM
duplicatebug unsubscribed.Dec 13 2014, 4:43 PM
Anomie moved this task from Unsorted to Needs Code on the MediaWiki-Action-API board.Feb 20 2015, 4:51 PM
DannyS712 subscribed.Aug 29 2019, 8:34 AM
Restricted Application added a project: Platform Engineering. · View Herald TranscriptAug 29 2019, 8:34 AM
daniel added a project: Platform Team Workboards (Clinic Duty Team).Aug 29 2019, 10:17 AM
daniel removed a project: Platform Engineering.Aug 29 2019, 4:23 PM
daniel moved this task from Inbox to Backlog on the Platform Team Workboards (Clinic Duty Team) board.Oct 8 2019, 9:57 AM
DannyS712 claimed this task.Jan 7 2020, 6:18 AM
Restricted Application added a project: User-DannyS712. · View Herald TranscriptJan 7 2020, 6:18 AM
DannyS712 moved this task from Unsorted to Next on the User-DannyS712 board.Jan 7 2020, 6:23 AM

Currently, UserrightsPage (Special:UserRights) includes a userCanChangeRights function. A similar functionality is needed in the api. I suggest adding a function, either to User or UserGroupManager[1] to see if a user can change rights for a specified target user, to avoid publication. Since userCanChangeRights is used by SkinTemplate, SpecialContributions, and MediaWiki-extensions-CleanChanges I think it makes more sense to move it out of the special page file. Thoughts?

[1] Doesn't exist yet, see https://gerrit.wikimedia.org/r/#/c/mediawiki/core/+/545690/

AMooney edited projects, added Platform Engineering (Icebox); removed Platform Team Workboards (Clinic Duty Team).Mar 13 2020, 1:34 PM
DannyS712 removed DannyS712 as the assignee of this task.May 31 2020, 12:21 AM
DannyS712 removed a project: User-DannyS712.
Amorymeltzer subscribed.Jan 18 2021, 12:32 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL