badmanners/shimmie2
badmanners/shimmie2
Archived
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[misc] permission updates

Browse source
This commit is contained in:
Shish 2024-02-10 23:32:50 +00:00
parent 79087c51a5
commit 78aaff5c8f
9 changed files with 42 additions and 54 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
core/permissions.php
View file

@ -113,15 +113,23 @@ abstract class Permissions
public const ARTISTS_ADMIN = "artists_admin";
public const BLOTTER_ADMIN = "blotter_admin";
public const FORUM_ADMIN = "forum_admin";
public const NOTES_ADMIN = "notes_admin";
public const POOLS_ADMIN = "pools_admin";
public const TIPS_ADMIN = "tips_admin";
public const CRON_ADMIN = "cron_admin";
public const APPROVE_IMAGE = "approve_image";
public const APPROVE_COMMENT = "approve_comment";
public const BYPASS_IMAGE_APPROVAL = "bypass_image_approval";
public const FORUM_ADMIN = "forum_admin";
public const FORUM_CREATE_THREAD = "forum_create_thread";
public const NOTES_ADMIN = "notes_admin";
public const NOTES_CREATE = "notes_create";
public const NOTES_EDIT = "notes_edit";
public const POOLS_ADMIN = "pools_admin";
public const POOLS_CREATE = "pools_create";
public const POOLS_UPDATE = "pools_update";
public const SET_PRIVATE_IMAGE = "set_private_image";
public const SET_OTHERS_PRIVATE_IMAGES = "set_others_private_images";

7
core/userclass.php
View file

@ -117,7 +117,12 @@ new UserClass("user", "base", [
Permissions::SET_PRIVATE_IMAGE => true,
Permissions::PERFORM_BULK_ACTIONS => true,
Permissions::BULK_DOWNLOAD => true,
Permissions::CHANGE_USER_SETTING => true
Permissions::CHANGE_USER_SETTING => true,
Permissions::FORUM_CREATE_THREAD => true,
Permissions::NOTES_CREATE => true,
Permissions::NOTES_EDIT => true,
Permissions::POOLS_CREATE => true,
Permissions::POOLS_UPDATE => true,
]);
new UserClass("hellbanned", "user", [

8
ext/forum/main.php
View file

@ -106,7 +106,7 @@ class Forum extends Extension
$pageNumber = 0;
}
$this->show_last_threads($page, $pageNumber, $user->can(Permissions::FORUM_ADMIN));
if (!$user->is_anonymous()) {
if (!$user->can(Permissions::FORUM_CREATE_THREAD)) {
$this->theme->display_new_thread_composer($page);
}
}
@ -130,7 +130,7 @@ class Forum extends Extension
if ($user->can(Permissions::FORUM_ADMIN)) {
$this->theme->add_actions_block($page, $threadID);
}
if (!$user->is_anonymous()) {
if (!$user->can(Permissions::FORUM_CREATE_THREAD)) {
$this->theme->display_new_post_composer($page, $threadID);
}
}
@ -139,7 +139,7 @@ class Forum extends Extension
}
if ($event->page_matches("forum/create")) {
$redirectTo = "forum/index";
if (!$user->is_anonymous()) {
if (!$user->can(Permissions::FORUM_CREATE_THREAD)) {
$errors = $this->sanity_check_new_thread();
if (count($errors) > 0) {
@ -178,7 +178,7 @@ class Forum extends Extension
if ($event->page_matches("forum/answer")) {
$threadID = int_escape($event->req_POST("threadID"));
$total_pages = $this->get_total_pages_for_thread($threadID);
if (!$user->is_anonymous()) {
if (!$user->can(Permissions::FORUM_CREATE_THREAD)) {
$errors = $this->sanity_check_new_post();
if (count($errors) > 0) {

5
ext/four_oh_four/main.php
View file

@ -11,13 +11,12 @@ class FourOhFour extends Extension
global $page;
// hax.
if ($page->mode == PageMode::PAGE && (!isset($page->blocks) || $this->count_main($page->blocks) == 0)) {
$h_pagename = html_escape(implode('/', $event->args));
log_debug("four_oh_four", "Hit 404: $h_pagename");
log_debug("four_oh_four", "Hit 404: {$event->path}");
$page->set_code(404);
$page->set_title("404");
$page->set_heading("404 - No Handler Found");
$page->add_block(new NavBlock());
$page->add_block(new Block("Explanation", "No handler could be found for the page '$h_pagename'"));
$page->add_block(new Block("Explanation", "No handler could be found for the page '{$event->path}'"));
}
}

13
ext/notes/main.php
View file

@ -78,17 +78,12 @@ class Notes extends Extension
public function onPageRequest(PageRequestEvent $event): void
{
global $page, $user;
if ($event->page_matches("note/lost")) {
if ($event->page_matches("note/list")) {
$this->get_notes_list($event->try_page_num(0)); // This should show images like post/list but i don't know how do that.
}
if ($event->page_matches("note/requests")) {
$this->get_notes_requests($event->try_page_num(0)); // This should show images like post/list but i don't know how do that.
}
if ($event->page_matches("note/search")) {
if (!$user->is_anonymous()) {
$this->theme->search_notes_page($page);
}
}
if ($event->page_matches("note/updated")) {
$this->get_histories($event->try_page_num(0));
}
@ -122,7 +117,7 @@ class Notes extends Extension
}
if ($event->page_matches("note/create_note")) {
$page->set_mode(PageMode::DATA);
if (!$user->is_anonymous()) {
if (!$user->can(Permissions::NOTES_CREATE)) {
$note_id = $this->add_new_note();
$page->set_data(json_encode_ex([
'status' => 'success',
@ -132,7 +127,7 @@ class Notes extends Extension
}
if ($event->page_matches("note/update_note")) {
$page->set_mode(PageMode::DATA);
if (!$user->is_anonymous()) {
if (!$user->can(Permissions::NOTES_EDIT)) {
$this->update_note();
$page->set_data(json_encode_ex(['status' => 'success']));
}
@ -175,7 +170,7 @@ class Notes extends Extension
public function onImageAdminBlockBuilding(ImageAdminBlockBuildingEvent $event): void
{
global $user;
if (!$user->is_anonymous()) {
if (!$user->can(Permissions::NOTES_CREATE)) {
$event->add_part($this->theme->note_button($event->image->id));
$event->add_part($this->theme->request_button($event->image->id));
if ($user->can(Permissions::NOTES_ADMIN)) {

12
ext/notes/theme.php
View file

@ -43,18 +43,6 @@ class NotesTheme extends Themelet
);
}
public function search_notes_page(Page $page): void
{ //IN DEVELOPMENT, NOT FULLY WORKING
$html = '<form method="GET" action="'.search_link(["note="]).'">
<input placeholder="Search Notes" type="text" name="search"/>
<input type="submit" style="display: none;" value="Find"/>
</form>';
$page->set_title(html_escape("Search Note"));
$page->set_heading(html_escape("Search Note"));
$page->add_block(new Block("Search Note", $html, "main", 10));
}
// check action POST on form
/**
* @param Note[] $recovered_notes

31
ext/pools/main.php
View file

@ -243,7 +243,7 @@ class Pools extends Extension
$page->set_redirect(make_link('pool/list') . '/' . url_escape($event->get_GET('search')) . '/' . strval($event->try_page_num(1)));
return;
}
if (count($event->args) >= 4) { // Assume first 2 args are search and page num
if ($event->count_args() >= 2) { // Assume first 2 args are search and page num
$search = $event->get_arg(0); // Search is based on name comparison instead of tag search
$page_num = $event->try_page_num(1);
} else {
@ -252,15 +252,10 @@ class Pools extends Extension
}
$this->list_pools($page, $page_num, $search);
}
if ($event->page_matches("pool/new", method: "GET")) {
if (!$user->is_anonymous()) {
$this->theme->new_pool_composer($page);
} else {
$errMessage = "You must be registered and logged in to create a new pool.";
$this->theme->display_error(401, "Error", $errMessage);
}
if ($event->page_matches("pool/new", method: "GET", permission: Permissions::POOLS_CREATE)) {
$this->theme->new_pool_composer($page);
}
if ($event->page_matches("pool/create", method: "POST")) {
if ($event->page_matches("pool/create", method: "POST", permission: Permissions::POOLS_CREATE)) {
try {
$pce = send_event(
new PoolCreationEvent(
@ -283,13 +278,11 @@ class Pools extends Extension
if ($event->page_matches("pool/updated")) {
$this->get_history($event->try_page_num(0));
}
if ($event->page_matches("pool/revert")) {
if (!$user->is_anonymous()) {
$historyID = int_escape($event->get_arg(0));
$this->revert_history($historyID);
$page->set_mode(PageMode::REDIRECT);
$page->set_redirect(make_link("pool/updated"));
}
if ($event->page_matches("pool/revert", method: "POST", permission: Permissions::POOLS_UPDATE)) {
$historyID = int_escape($event->get_arg(0));
$this->revert_history($historyID);
$page->set_mode(PageMode::REDIRECT);
$page->set_redirect(make_link("pool/updated"));
}
if ($event->page_matches("pool/edit")) {
$pool_id = int_escape($event->req_POST("pool_id"));
@ -476,7 +469,7 @@ class Pools extends Extension
public function onImageAdminBlockBuilding(ImageAdminBlockBuildingEvent $event): void
{
global $config, $database, $user;
if ($config->get_bool(PoolsConfig::ADDER_ON_VIEW_IMAGE) && !$user->is_anonymous()) {
if ($config->get_bool(PoolsConfig::ADDER_ON_VIEW_IMAGE) && $user->can(Permissions::POOLS_UPDATE)) {
$pools = [];
if ($user->can(Permissions::POOLS_ADMIN)) {
$pools = $database->get_pairs("SELECT id,title FROM pools ORDER BY title");
@ -613,7 +606,7 @@ class Pools extends Extension
// OR if the user is admin
// OR if the pool is owned by the user.
return (
($pool->public && !$user->is_anonymous()) ||
($pool->public && $user->can(Permissions::POOLS_UPDATE)) ||
$user->can(Permissions::POOLS_ADMIN) ||
$user->id == $pool->user_id
);
@ -667,7 +660,7 @@ class Pools extends Extension
{
global $user, $database;
if ($user->is_anonymous()) {
if (!$user->can(Permissions::POOLS_UPDATE)) {
throw new PoolCreationException("You must be registered and logged in to add a image.");
}
if (empty($event->title)) {

5
ext/pools/test.php
View file

@ -27,8 +27,9 @@ class PoolsTest extends ShimmiePHPUnitTestCase
$this->get_page('pool/list');
$this->assert_title("Pools");
$this->get_page('pool/new');
$this->assert_title("Error");
$this->assertException(PermissionDeniedException::class, function () {
$this->get_page('pool/new');
});
}
/**

1
ext/static_files/main.php
View file

@ -49,7 +49,6 @@ class StaticFiles extends Extension
$page->add_http_header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 600) . ' GMT');
$page->set_mode(PageMode::DATA);
$page->set_data(file_get_contents_ex($filename));
$page->set_mime(MimeType::get_for_file($filename));
}
}