badmanners/shimmie2
badmanners/shimmie2
Archived
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

permissions for sending & reading PMs, so that ghosts can have them revoked

Browse source
This commit is contained in:
Shish 2019-12-15 20:40:05 +00:00
parent 70db0ce5bd
commit 86d4f2eb82
3 changed files with 26 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
core/permissions.php
View file

@ -51,6 +51,8 @@ abstract class Permissions
public const MANAGE_ADMINTOOLS = "manage_admintools";
public const SEND_PM = "send_pm";
public const READ_PM = "read_pm";
public const VIEW_OTHER_PMS = "view_other_pms";
public const EDIT_FEATURE = "edit_feature";
public const BULK_EDIT_VOTE = "bulk_edit_vote";

7
core/userclass.php
View file

@ -121,6 +121,8 @@ new UserClass("base", null, [
Permissions::MANAGE_ADMINTOOLS => false,
Permissions::SEND_PM => false,
Permissions::READ_PM => false,
Permissions::VIEW_OTHER_PMS => false,
Permissions::EDIT_FEATURE => false,
Permissions::BULK_EDIT_VOTE => false,
@ -176,7 +178,8 @@ new UserClass("user", "base", [
Permissions::EDIT_IMAGE_TITLE => true,
Permissions::CREATE_IMAGE_REPORT => true,
Permissions::EDIT_IMAGE_RATING => true,
Permissions::SEND_PM => true,
Permissions::READ_PM => true,
]);
new UserClass("admin", "base", [
@ -216,6 +219,8 @@ new UserClass("admin", "base", [
Permissions::MANAGE_BLOCKS => true,
Permissions::MANAGE_ADMINTOOLS => true,
Permissions::IGNORE_DOWNTIME => true,
Permissions::SEND_PM => true,
Permissions::READ_PM => true,
Permissions::VIEW_OTHER_PMS => true,
Permissions::EDIT_FEATURE => true,
Permissions::BULK_EDIT_VOTE => true,

32
ext/pm/main.php
View file

@ -87,7 +87,7 @@ class PrivMsg extends Extension
{
global $user;
if ($event->parent==="user") {
if (!$user->is_anonymous()) {
if ($user->can(Permissions::READ_PM)) {
$count = $this->count_pms($user);
$h_count = $count > 0 ? " <span class='unread'>($count)</span>" : "";
$event->add_nav_link("pm", new Link('user#private-messages'), "Private Messages$h_count");
@ -99,7 +99,7 @@ class PrivMsg extends Extension
public function onUserBlockBuilding(UserBlockBuildingEvent $event)
{
global $user;
if (!$user->is_anonymous()) {
if ($user->can(Permissions::READ_PM)) {
$count = $this->count_pms($user);
$h_count = $count > 0 ? " <span class='unread'>($count)</span>" : "";
$event->add_link("Private Messages$h_count", make_link("user#private-messages"));
@ -124,9 +124,9 @@ class PrivMsg extends Extension
{
global $cache, $database, $page, $user;
if ($event->page_matches("pm")) {
if (!$user->is_anonymous()) {
switch ($event->get_arg(0)) {
case "read":
switch ($event->get_arg(0)) {
case "read":
if ($user->can(Permissions::READ_PM)) {
$pm_id = int_escape($event->get_arg(1));
$pm = $database->get_row("SELECT * FROM private_message WHERE id = :id", ["id" => $pm_id]);
if (is_null($pm)) {
@ -141,8 +141,10 @@ class PrivMsg extends Extension
} else {
$this->theme->display_permission_denied();
}
break;
case "delete":
}
break;
case "delete":
if ($user->can(Permissions::READ_PM)) {
if ($user->check_auth_token()) {
$pm_id = int_escape($_POST["pm_id"]);
$pm = $database->get_row("SELECT * FROM private_message WHERE id = :id", ["id" => $pm_id]);
@ -156,8 +158,10 @@ class PrivMsg extends Extension
$page->set_redirect($_SERVER["HTTP_REFERER"]);
}
}
break;
case "send":
}
break;
case "send":
if ($user->can(Permissions::SEND_PM)) {
if ($user->check_auth_token()) {
$to_id = int_escape($_POST["to_id"]);
$from_id = $user->id;
@ -168,11 +172,11 @@ class PrivMsg extends Extension
$page->set_mode(PageMode::REDIRECT);
$page->set_redirect($_SERVER["HTTP_REFERER"]);
}
break;
default:
$this->theme->display_error(400, "Invalid action", "That's not something you can do with a PM");
break;
}
}
break;
default:
$this->theme->display_error(400, "Invalid action", "That's not something you can do with a PM");
break;
}
}
}