Simetrical schreef:
This more or less entirely duplicates the content of UserrightsPage::fetchUser, and poorly. It doesn't support foreign users, at the very least. Instead it needs to be replaced with some call like $ur->fetchUser( $username );, followed by an error message if that's null.
Didn't know about fetchUser() or interwiki user support. I'll look into it.
Similarly, lines 80 to 85 in ApiChangeRights.php are probably unnecessary:
if(empty($params['addto']) && empty($params['rmfrom'])) $this->dieUsage('At least one of the addto and rmfrom parameters
must be set', 'noaddrm');
if(is_null($params['token'])) $this->dieUsage('The token parameter must be set', 'notoken'); if(!$wgUser->matchEditToken($params['token'], $uName)) $this->dieUsage('Invalid token', 'badtoken');
That should all be handled by the backend logic, which should just return whether it's successful or not.
There's the problem: I can't just go ahead and tell the user the request failed, I'd also like to tell them *why*. A simple return null isn't very useful. Also note that UserrightsPage's function for this task (saveUserGroups) doesn't return anything: it can't fail except through some fatal DB error or other disaster, in which case it'll never return anyway. Now I could go ahead and introduce more return value constants for bad tokens, or I could just check the token in ApiChangeRights, which is much simpler.
Roan Kattouw (Catrope)