Movatterモバイル変換

[0]ホーム
URL:

Jump to content
MediaWiki
Search

API:User group membership

From mediawiki.org
Translate this page
Languages:
This page is part of theMediaWiki Action API documentation.
MediaWiki Action API
Basics
Authentication
Accounts and Users
Page Operations
Search
Developer Utilities
Tutorials
v · d · e
MediaWiki version:
1.16

POST request to add or remove users from a group, thereby granting or removing certain user rights.

API documentation

[edit]
The following documentation is the output ofSpecial:ApiHelp/userrights, automatically generated by the pre-release version of MediaWiki that is running on this site (MediaWiki.org).

action=userrights

(main |userrights)
  • This module requires read rights.
  • This module requires write rights.
  • This module only accepts POST requests.
  • Source:MediaWiki
  • License:GPL-2.0-or-later

Change a user's group membership.

Specific parameters:
Other general parameters are available.
user

User.

Type: user, by any of username and user ID (e.g. "#12345")
userid
Deprecated.

Specifyuser=#ID instead.

Type: integer
add

Add the user to these groups, or if they are already a member, update the expiry of their membership in that group.

Values (separate with| oralternative): accountcreator, autopatrolled, bot, bureaucrat, checkuser, community-wishlist-manager, confirmed, event-organizer, flow-bot, import, interface-admin, ipblock-exempt, no-ipinfo, oathauth-twofactorauth, steward, suppress, sysop, temporary-account-viewer, translationadmin, transwiki, uploader
expiry

Expiry timestamps. May be relative (e.g.5 months or2 weeks) or absolute (e.g.2014-09-18T12:34:56Z). If only one timestamp is set, it will be used for all groups passed to theadd parameter. Useinfinite,indefinite,infinity, ornever for a never-expiring user group.

Separate values with| oralternative.
Maximum number of values is 50 (500 for clients that are allowed higher limits).
Default: infinite
remove

Remove the user from these groups.

Values (separate with| oralternative): accountcreator, autopatrolled, bot, bureaucrat, checkuser, community-wishlist-manager, confirmed, event-organizer, flow-bot, import, interface-admin, ipblock-exempt, no-ipinfo, oathauth-twofactorauth, steward, suppress, sysop, temporary-account-viewer, translationadmin, transwiki, uploader
reason

Reason for the change.

Default:(empty)
token

A "userrights" token retrieved fromaction=query&meta=tokens

For compatibility, the token used in the web UI is also accepted.

This parameter is required.
tags

Change tags to apply to the entry in the user rights log.

Values (separate with| oralternative): AWB, convenient-discussions
watchuser

Watch the user's user and talk pages.

Type: boolean (details)
watchlistexpiry

Watchlist expiry timestamp. Omit this parameter entirely to leave the current expiry unchanged.

Type: expiry (details)
Examples:
Add userFooBot to groupbot, and remove from groupssysop andbureaucrat.
api.php?action=userrights&user=FooBot&add=bot&remove=sysop|bureaucrat&token=123ABC[open in sandbox]
Add the user with ID123 to groupbot, and remove from groupssysop andbureaucrat.
api.php?action=userrights&userid=123&add=bot&remove=sysop|bureaucrat&token=123ABC[open in sandbox]
Add userSometimeSysop to groupsysop for 1 month.
api.php?action=userrights&user=SometimeSysop&add=sysop&expiry=1%20month&token=123ABC[open in sandbox]

Example

[edit]

To use this API, you first need to log in to verify your own user group membership.Only certain groups are granted the ability to alter user rights via this API.SeeAPI:Login for more details on logging in.

Once you are logged in, make a GET request to obtain a userrightstoken.
api.php?action=query&meta=tokens&type=userrights [try in ApiSandbox]

The query above applies to MediaWiki v1.24+; in older versions, theuserrights token would depend on the name of the user whose rights were being changed.The query would be made like so:

api.php?action=query&list=users&meta=tokens&ususers=Bob&type=userrights [try in ApiSandbox]

For compatibility reasons, the API will also accept the token used in the web UI.

Whichever method you choose, once you have your token, you can use it to make youruserrights request, as seen below.

POST request

[edit]
Remove Bob from the bureaucrat group, and add them to the sysop group, thereby granting them sysop rights.
api.php?action=userrights&user=Bob&add=sysop&remove=bureaucrat&reason=Oops,%20put%20Bob%20in%20the%20wrong%20group&token=sampleUserrightsToken+/ [try in ApiSandbox]

Response

[edit]
{"userrights":{"user":"Bob","userid":2793024,"removed":["bureaucrat"],"added":["sysop"]}}

Sample code

[edit]

Python

[edit]
#!/usr/bin/python3"""    userrights.py    MediaWiki API Demos    Demo of `Userrights` module: Add and remove user rights by changing the user's group membership.    MIT license"""importrequestsS=requests.Session()URL="https://test.wikipedia.org/w/api.php"# Step 1: Retrieve a login tokenPARAMS_1={"action":"query","meta":"tokens","type":"login","format":"json"}R=S.get(url=URL,params=PARAMS_1)DATA=R.json()LOGIN_TOKEN=DATA["query"]["tokens"]["logintoken"]# Step 2: Send a post request to log in.# See https://www.mediawiki.org/wiki/Manual:Bot_passwords for a special note on logging in using a simplified interface when accessing wikis via an application, rather than the GUIPARAMS_2={"action":"login","lgname":"username","lgpassword":"password","lgtoken":LOGIN_TOKEN,"format":"json"}R=S.post(URL,data=PARAMS_2)# Step 3: Obtain a Userrights tokenPARAMS_3={"action":"query","format":"json","meta":"tokens","type":"userrights"}R=S.get(url=URL,params=PARAMS_3)DATA=R.json()USERRIGHTS_TOKEN=DATA["query"]["tokens"]["userrightstoken"]# Step 4: Request to add or remove a user from a groupPARAMS_4={"action":"userrights","format":"json","user":"Bob","add":"sysop","remove":"bureaucrat","reason":"OOPS! added Bob to the wrong group","token":USERRIGHTS_TOKEN}R=S.post(URL,data=PARAMS_4)DATA=R.json()print(DATA)

PHP

[edit]
<?php/*    userrights.php    MediaWiki API Demos    Demo of `Userrights` module: Add and remove user rights by changing the user's group membership.    MIT license*/$endPoint="http://dev.wiki.local.wmftest.net:8080/w/api.php";$login_Token=getLoginToken();// Step 1loginRequest($login_Token);// Step 2$userrights_Token=getUserRightsToken();// Step 3change_userrights($userrights_Token);// Step 4// Step 1: GET request to fetch login tokenfunctiongetLoginToken(){global$endPoint;$params1=["action"=>"query","meta"=>"tokens","type"=>"login","format"=>"json"];$url=$endPoint."?".http_build_query($params1);$ch=curl_init($url);curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);curl_setopt($ch,CURLOPT_COOKIEJAR,"cookie.txt");curl_setopt($ch,CURLOPT_COOKIEFILE,"cookie.txt");$output=curl_exec($ch);curl_close($ch);$result=json_decode($output,true);return$result["query"]["tokens"]["logintoken"];}// Step 2: POST request to log in. Use of main account for login is not supported.// Obtain credentials via Special:BotPasswords (https://www.mediawiki.org/wiki/Special:BotPasswords) for lgname & lgpasswordfunctionloginRequest($logintoken){global$endPoint;$params2=["action"=>"clientlogin","username"=>"username","password"=>"password",'loginreturnurl'=>'http://127.0.0.1:5000/',"logintoken"=>$logintoken,"format"=>"json"];$ch=curl_init();curl_setopt($ch,CURLOPT_URL,$endPoint);curl_setopt($ch,CURLOPT_POST,true);curl_setopt($ch,CURLOPT_POSTFIELDS,http_build_query($params2));curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);curl_setopt($ch,CURLOPT_COOKIEJAR,"cookie.txt");curl_setopt($ch,CURLOPT_COOKIEFILE,"cookie.txt");$output=curl_exec($ch);curl_close($ch);}// Step 3: GET request to fetch userrights tokenfunctiongetUserRightsToken(){global$endPoint;$params3=["action"=>"query","meta"=>"tokens","type"=>"userrights","format"=>"json"];$url=$endPoint."?".http_build_query($params3);$ch=curl_init($url);curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);curl_setopt($ch,CURLOPT_COOKIEJAR,"cookie.txt");curl_setopt($ch,CURLOPT_COOKIEFILE,"cookie.txt");$output=curl_exec($ch);curl_close($ch);$result=json_decode($output,true);return$result["query"]["tokens"]["userrightstoken"];}// Step 4: POST request to add or remove a user from a groupfunctionchange_userrights($userrightstoken){global$endPoint;$params4=["action"=>"userrights","user"=>"ABCDEF","add"=>"bot","expiry"=>"infinite","reason"=>"API Testing","token"=>$userrightstoken,"format"=>"json"];$ch=curl_init();curl_setopt($ch,CURLOPT_URL,$endPoint);curl_setopt($ch,CURLOPT_POST,true);curl_setopt($ch,CURLOPT_POSTFIELDS,http_build_query($params4));curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);curl_setopt($ch,CURLOPT_COOKIEJAR,"cookie.txt");curl_setopt($ch,CURLOPT_COOKIEFILE,"cookie.txt");$output=curl_exec($ch);curl_close($ch);echo($output);}

JavaScript

[edit]
/*    userrights.js    MediaWiki API Demos    Demo of `Userrights` module: Add and remove user rights by changing the user's group membership.    MIT license*/varrequest=require('request').defaults({jar:true}),url="http://dev.wiki.local.wmftest.net:8080/w/api.php";// Step 1: GET request to fetch login tokenfunctiongetLoginToken(){varparams_0={action:"query",meta:"tokens",type:"login",format:"json"};request.get({url:url,qs:params_0},function(error,res,body){if(error){return;}vardata=JSON.parse(body);loginRequest(data.query.tokens.logintoken);});}// Step 2: POST request to log in.// Use of main account for login is not supported.// Obtain credentials via Special:BotPasswords (https://www.mediawiki.org/wiki/Special:BotPasswords) for lgname & lgpasswordfunctionloginRequest(login_token){varparams_1={action:"clientlogin",username:"username",password:"password",loginreturnurl:"http://127.0.0.1:5000/",logintoken:login_token,format:"json"};request.post({url:url,form:params_1},function(error,res,body){if(error){return;}getUserRightsToken();});}// Step 3: GET request to fetch UserRights tokenfunctiongetUserRightsToken(){varparams_2={action:"query",meta:"tokens",type:"userrights",format:"json"};request.get({url:url,qs:params_2},function(error,res,body){if(error){return;}vardata=JSON.parse(body);userrights(data.query.tokens.userrightstoken);});}// Step 4: POST request to add or remove a user from a groupfunctionuserrights(userrights_token){varparams_3={action:"userrights",user:"ABCDEFG",add:"bot",expiry:"infinite",reason:"API Testing",token:userrights_token,format:"json"};request.post({url:url,form:params_3},function(error,res,body){if(error){return;}console.log(body);});}// Start From Step 1getLoginToken();

MediaWiki JS

[edit]
/*    userrights.js    MediaWiki API Demos    Demo of `Userrights` module: Add and remove user rights by changing the user's group membership.    MIT license*/varparams={action:'userrights',user:'ABCD',add:'sysop',reason:'Added ABCD to the sysop group',format:'json'},api=newmw.Api();api.postWithToken('userrights',params).done(function(data){console.log(data);});

Possible errors

[edit]
CodeInfo
nouserTheuser parameter must be set.
nosuchuserUser "user" doesn't exist
This may happen when trying to change an anonymous user's rights.
notokenThetoken parameter must be set.
badtokenInvalid CSRF token.
readonlyThe wiki is currently in read-only mode.

Parameter history

[edit]
  • v1.29: Introducedexpiry
  • v1.23: Introduceduserid

Additional notes

[edit]
  • By default, only users in the bureaucrat group can grant or remove user rights.
  • Some wikis allow non-bureaucrats to grant or remove rights on a limited basis, such as restricting those abilities to the user's own account.
  • If you do not possess the ability to grant or remove rights to the target user, the API will not throw an error; instead, theadd andremove fields in the response will simply contain empty arrays.

See also

[edit]
  • Help:User rights and groups - describes how user rights and group membership work in greater detail.
  • Special:ListGroupRights - lists all the rights and privileges conferred to each user group on a particular wiki.
  • Special:UserRights - a GUI way to add or remove user rights, available in wikis running v1.29+.
  • API:Users - gets information about a list of users, including their groups and rights.
Retrieved from "https://www.mediawiki.org/w/index.php?title=API:User_group_membership&oldid=6728517"
Category:
[8]ページ先頭
©2009-2025 Movatter.jp