From 78aaff5c8f6d88366ee1fe3a2b11aeeb4d515927 Mon Sep 17 00:00:00 2001 From: Shish Date: Sat, 10 Feb 2024 23:32:50 +0000 Subject: [PATCH] [misc] permission updates --- core/permissions.php | 14 +++++++++++--- core/userclass.php | 7 ++++++- ext/forum/main.php | 8 ++++---- ext/four_oh_four/main.php | 5 ++--- ext/notes/main.php | 13 ++++--------- ext/notes/theme.php | 12 ------------ ext/pools/main.php | 31 ++++++++++++------------------- ext/pools/test.php | 5 +++-- ext/static_files/main.php | 1 - 9 files changed, 42 insertions(+), 54 deletions(-) diff --git a/core/permissions.php b/core/permissions.php index 7e3981e8..7b8272f8 100644 --- a/core/permissions.php +++ b/core/permissions.php @@ -113,15 +113,23 @@ abstract class Permissions public const ARTISTS_ADMIN = "artists_admin"; public const BLOTTER_ADMIN = "blotter_admin"; - public const FORUM_ADMIN = "forum_admin"; - public const NOTES_ADMIN = "notes_admin"; - public const POOLS_ADMIN = "pools_admin"; public const TIPS_ADMIN = "tips_admin"; public const CRON_ADMIN = "cron_admin"; public const APPROVE_IMAGE = "approve_image"; public const APPROVE_COMMENT = "approve_comment"; public const BYPASS_IMAGE_APPROVAL = "bypass_image_approval"; + public const FORUM_ADMIN = "forum_admin"; + public const FORUM_CREATE_THREAD = "forum_create_thread"; + + public const NOTES_ADMIN = "notes_admin"; + public const NOTES_CREATE = "notes_create"; + public const NOTES_EDIT = "notes_edit"; + + public const POOLS_ADMIN = "pools_admin"; + public const POOLS_CREATE = "pools_create"; + public const POOLS_UPDATE = "pools_update"; + public const SET_PRIVATE_IMAGE = "set_private_image"; public const SET_OTHERS_PRIVATE_IMAGES = "set_others_private_images"; diff --git a/core/userclass.php b/core/userclass.php index 9716b060..129301f7 100644 --- a/core/userclass.php +++ b/core/userclass.php @@ -117,7 +117,12 @@ new UserClass("user", "base", [ Permissions::SET_PRIVATE_IMAGE => true, Permissions::PERFORM_BULK_ACTIONS => true, Permissions::BULK_DOWNLOAD => true, - Permissions::CHANGE_USER_SETTING => true + Permissions::CHANGE_USER_SETTING => true, + Permissions::FORUM_CREATE_THREAD => true, + Permissions::NOTES_CREATE => true, + Permissions::NOTES_EDIT => true, + Permissions::POOLS_CREATE => true, + Permissions::POOLS_UPDATE => true, ]); new UserClass("hellbanned", "user", [ diff --git a/ext/forum/main.php b/ext/forum/main.php index 74e4af29..20145d8d 100644 --- a/ext/forum/main.php +++ b/ext/forum/main.php @@ -106,7 +106,7 @@ class Forum extends Extension $pageNumber = 0; } $this->show_last_threads($page, $pageNumber, $user->can(Permissions::FORUM_ADMIN)); - if (!$user->is_anonymous()) { + if (!$user->can(Permissions::FORUM_CREATE_THREAD)) { $this->theme->display_new_thread_composer($page); } } @@ -130,7 +130,7 @@ class Forum extends Extension if ($user->can(Permissions::FORUM_ADMIN)) { $this->theme->add_actions_block($page, $threadID); } - if (!$user->is_anonymous()) { + if (!$user->can(Permissions::FORUM_CREATE_THREAD)) { $this->theme->display_new_post_composer($page, $threadID); } } @@ -139,7 +139,7 @@ class Forum extends Extension } if ($event->page_matches("forum/create")) { $redirectTo = "forum/index"; - if (!$user->is_anonymous()) { + if (!$user->can(Permissions::FORUM_CREATE_THREAD)) { $errors = $this->sanity_check_new_thread(); if (count($errors) > 0) { @@ -178,7 +178,7 @@ class Forum extends Extension if ($event->page_matches("forum/answer")) { $threadID = int_escape($event->req_POST("threadID")); $total_pages = $this->get_total_pages_for_thread($threadID); - if (!$user->is_anonymous()) { + if (!$user->can(Permissions::FORUM_CREATE_THREAD)) { $errors = $this->sanity_check_new_post(); if (count($errors) > 0) { diff --git a/ext/four_oh_four/main.php b/ext/four_oh_four/main.php index 627e18d3..621e23fd 100644 --- a/ext/four_oh_four/main.php +++ b/ext/four_oh_four/main.php @@ -11,13 +11,12 @@ class FourOhFour extends Extension global $page; // hax. if ($page->mode == PageMode::PAGE && (!isset($page->blocks) || $this->count_main($page->blocks) == 0)) { - $h_pagename = html_escape(implode('/', $event->args)); - log_debug("four_oh_four", "Hit 404: $h_pagename"); + log_debug("four_oh_four", "Hit 404: {$event->path}"); $page->set_code(404); $page->set_title("404"); $page->set_heading("404 - No Handler Found"); $page->add_block(new NavBlock()); - $page->add_block(new Block("Explanation", "No handler could be found for the page '$h_pagename'")); + $page->add_block(new Block("Explanation", "No handler could be found for the page '{$event->path}'")); } } diff --git a/ext/notes/main.php b/ext/notes/main.php index 4372eeca..abf43340 100644 --- a/ext/notes/main.php +++ b/ext/notes/main.php @@ -78,17 +78,12 @@ class Notes extends Extension public function onPageRequest(PageRequestEvent $event): void { global $page, $user; - if ($event->page_matches("note/lost")) { + if ($event->page_matches("note/list")) { $this->get_notes_list($event->try_page_num(0)); // This should show images like post/list but i don't know how do that. } if ($event->page_matches("note/requests")) { $this->get_notes_requests($event->try_page_num(0)); // This should show images like post/list but i don't know how do that. } - if ($event->page_matches("note/search")) { - if (!$user->is_anonymous()) { - $this->theme->search_notes_page($page); - } - } if ($event->page_matches("note/updated")) { $this->get_histories($event->try_page_num(0)); } @@ -122,7 +117,7 @@ class Notes extends Extension } if ($event->page_matches("note/create_note")) { $page->set_mode(PageMode::DATA); - if (!$user->is_anonymous()) { + if (!$user->can(Permissions::NOTES_CREATE)) { $note_id = $this->add_new_note(); $page->set_data(json_encode_ex([ 'status' => 'success', @@ -132,7 +127,7 @@ class Notes extends Extension } if ($event->page_matches("note/update_note")) { $page->set_mode(PageMode::DATA); - if (!$user->is_anonymous()) { + if (!$user->can(Permissions::NOTES_EDIT)) { $this->update_note(); $page->set_data(json_encode_ex(['status' => 'success'])); } @@ -175,7 +170,7 @@ class Notes extends Extension public function onImageAdminBlockBuilding(ImageAdminBlockBuildingEvent $event): void { global $user; - if (!$user->is_anonymous()) { + if (!$user->can(Permissions::NOTES_CREATE)) { $event->add_part($this->theme->note_button($event->image->id)); $event->add_part($this->theme->request_button($event->image->id)); if ($user->can(Permissions::NOTES_ADMIN)) { diff --git a/ext/notes/theme.php b/ext/notes/theme.php index 58495d6c..a0ec94af 100644 --- a/ext/notes/theme.php +++ b/ext/notes/theme.php @@ -43,18 +43,6 @@ class NotesTheme extends Themelet ); } - public function search_notes_page(Page $page): void - { //IN DEVELOPMENT, NOT FULLY WORKING - $html = '
- - -
'; - - $page->set_title(html_escape("Search Note")); - $page->set_heading(html_escape("Search Note")); - $page->add_block(new Block("Search Note", $html, "main", 10)); - } - // check action POST on form /** * @param Note[] $recovered_notes diff --git a/ext/pools/main.php b/ext/pools/main.php index 9be5ca65..8a9e5b94 100644 --- a/ext/pools/main.php +++ b/ext/pools/main.php @@ -243,7 +243,7 @@ class Pools extends Extension $page->set_redirect(make_link('pool/list') . '/' . url_escape($event->get_GET('search')) . '/' . strval($event->try_page_num(1))); return; } - if (count($event->args) >= 4) { // Assume first 2 args are search and page num + if ($event->count_args() >= 2) { // Assume first 2 args are search and page num $search = $event->get_arg(0); // Search is based on name comparison instead of tag search $page_num = $event->try_page_num(1); } else { @@ -252,15 +252,10 @@ class Pools extends Extension } $this->list_pools($page, $page_num, $search); } - if ($event->page_matches("pool/new", method: "GET")) { - if (!$user->is_anonymous()) { - $this->theme->new_pool_composer($page); - } else { - $errMessage = "You must be registered and logged in to create a new pool."; - $this->theme->display_error(401, "Error", $errMessage); - } + if ($event->page_matches("pool/new", method: "GET", permission: Permissions::POOLS_CREATE)) { + $this->theme->new_pool_composer($page); } - if ($event->page_matches("pool/create", method: "POST")) { + if ($event->page_matches("pool/create", method: "POST", permission: Permissions::POOLS_CREATE)) { try { $pce = send_event( new PoolCreationEvent( @@ -283,13 +278,11 @@ class Pools extends Extension if ($event->page_matches("pool/updated")) { $this->get_history($event->try_page_num(0)); } - if ($event->page_matches("pool/revert")) { - if (!$user->is_anonymous()) { - $historyID = int_escape($event->get_arg(0)); - $this->revert_history($historyID); - $page->set_mode(PageMode::REDIRECT); - $page->set_redirect(make_link("pool/updated")); - } + if ($event->page_matches("pool/revert", method: "POST", permission: Permissions::POOLS_UPDATE)) { + $historyID = int_escape($event->get_arg(0)); + $this->revert_history($historyID); + $page->set_mode(PageMode::REDIRECT); + $page->set_redirect(make_link("pool/updated")); } if ($event->page_matches("pool/edit")) { $pool_id = int_escape($event->req_POST("pool_id")); @@ -476,7 +469,7 @@ class Pools extends Extension public function onImageAdminBlockBuilding(ImageAdminBlockBuildingEvent $event): void { global $config, $database, $user; - if ($config->get_bool(PoolsConfig::ADDER_ON_VIEW_IMAGE) && !$user->is_anonymous()) { + if ($config->get_bool(PoolsConfig::ADDER_ON_VIEW_IMAGE) && $user->can(Permissions::POOLS_UPDATE)) { $pools = []; if ($user->can(Permissions::POOLS_ADMIN)) { $pools = $database->get_pairs("SELECT id,title FROM pools ORDER BY title"); @@ -613,7 +606,7 @@ class Pools extends Extension // OR if the user is admin // OR if the pool is owned by the user. return ( - ($pool->public && !$user->is_anonymous()) || + ($pool->public && $user->can(Permissions::POOLS_UPDATE)) || $user->can(Permissions::POOLS_ADMIN) || $user->id == $pool->user_id ); @@ -667,7 +660,7 @@ class Pools extends Extension { global $user, $database; - if ($user->is_anonymous()) { + if (!$user->can(Permissions::POOLS_UPDATE)) { throw new PoolCreationException("You must be registered and logged in to add a image."); } if (empty($event->title)) { diff --git a/ext/pools/test.php b/ext/pools/test.php index c4c878a8..0b23371e 100644 --- a/ext/pools/test.php +++ b/ext/pools/test.php @@ -27,8 +27,9 @@ class PoolsTest extends ShimmiePHPUnitTestCase $this->get_page('pool/list'); $this->assert_title("Pools"); - $this->get_page('pool/new'); - $this->assert_title("Error"); + $this->assertException(PermissionDeniedException::class, function () { + $this->get_page('pool/new'); + }); } /** diff --git a/ext/static_files/main.php b/ext/static_files/main.php index e6dd42a5..f7311d93 100644 --- a/ext/static_files/main.php +++ b/ext/static_files/main.php @@ -49,7 +49,6 @@ class StaticFiles extends Extension $page->add_http_header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 600) . ' GMT'); $page->set_mode(PageMode::DATA); $page->set_data(file_get_contents_ex($filename)); - $page->set_mime(MimeType::get_for_file($filename)); } }