diff --git a/core/permissions.php b/core/permissions.php
index a2eb842b..bea6368c 100644
--- a/core/permissions.php
+++ b/core/permissions.php
@@ -51,6 +51,8 @@ abstract class Permissions
public const MANAGE_ADMINTOOLS = "manage_admintools";
+ public const SEND_PM = "send_pm";
+ public const READ_PM = "read_pm";
public const VIEW_OTHER_PMS = "view_other_pms";
public const EDIT_FEATURE = "edit_feature";
public const BULK_EDIT_VOTE = "bulk_edit_vote";
diff --git a/core/userclass.php b/core/userclass.php
index faf41bbe..3d49e852 100644
--- a/core/userclass.php
+++ b/core/userclass.php
@@ -121,6 +121,8 @@ new UserClass("base", null, [
Permissions::MANAGE_ADMINTOOLS => false,
+ Permissions::SEND_PM => false,
+ Permissions::READ_PM => false,
Permissions::VIEW_OTHER_PMS => false,
Permissions::EDIT_FEATURE => false,
Permissions::BULK_EDIT_VOTE => false,
@@ -176,7 +178,8 @@ new UserClass("user", "base", [
Permissions::EDIT_IMAGE_TITLE => true,
Permissions::CREATE_IMAGE_REPORT => true,
Permissions::EDIT_IMAGE_RATING => true,
-
+ Permissions::SEND_PM => true,
+ Permissions::READ_PM => true,
]);
new UserClass("admin", "base", [
@@ -216,6 +219,8 @@ new UserClass("admin", "base", [
Permissions::MANAGE_BLOCKS => true,
Permissions::MANAGE_ADMINTOOLS => true,
Permissions::IGNORE_DOWNTIME => true,
+ Permissions::SEND_PM => true,
+ Permissions::READ_PM => true,
Permissions::VIEW_OTHER_PMS => true,
Permissions::EDIT_FEATURE => true,
Permissions::BULK_EDIT_VOTE => true,
diff --git a/ext/pm/main.php b/ext/pm/main.php
index b0d5d874..b7b8bbce 100644
--- a/ext/pm/main.php
+++ b/ext/pm/main.php
@@ -87,7 +87,7 @@ class PrivMsg extends Extension
{
global $user;
if ($event->parent==="user") {
- if (!$user->is_anonymous()) {
+ if ($user->can(Permissions::READ_PM)) {
$count = $this->count_pms($user);
$h_count = $count > 0 ? " ($count)" : "";
$event->add_nav_link("pm", new Link('user#private-messages'), "Private Messages$h_count");
@@ -99,7 +99,7 @@ class PrivMsg extends Extension
public function onUserBlockBuilding(UserBlockBuildingEvent $event)
{
global $user;
- if (!$user->is_anonymous()) {
+ if ($user->can(Permissions::READ_PM)) {
$count = $this->count_pms($user);
$h_count = $count > 0 ? " ($count)" : "";
$event->add_link("Private Messages$h_count", make_link("user#private-messages"));
@@ -124,9 +124,9 @@ class PrivMsg extends Extension
{
global $cache, $database, $page, $user;
if ($event->page_matches("pm")) {
- if (!$user->is_anonymous()) {
- switch ($event->get_arg(0)) {
- case "read":
+ switch ($event->get_arg(0)) {
+ case "read":
+ if ($user->can(Permissions::READ_PM)) {
$pm_id = int_escape($event->get_arg(1));
$pm = $database->get_row("SELECT * FROM private_message WHERE id = :id", ["id" => $pm_id]);
if (is_null($pm)) {
@@ -141,8 +141,10 @@ class PrivMsg extends Extension
} else {
$this->theme->display_permission_denied();
}
- break;
- case "delete":
+ }
+ break;
+ case "delete":
+ if ($user->can(Permissions::READ_PM)) {
if ($user->check_auth_token()) {
$pm_id = int_escape($_POST["pm_id"]);
$pm = $database->get_row("SELECT * FROM private_message WHERE id = :id", ["id" => $pm_id]);
@@ -156,8 +158,10 @@ class PrivMsg extends Extension
$page->set_redirect($_SERVER["HTTP_REFERER"]);
}
}
- break;
- case "send":
+ }
+ break;
+ case "send":
+ if ($user->can(Permissions::SEND_PM)) {
if ($user->check_auth_token()) {
$to_id = int_escape($_POST["to_id"]);
$from_id = $user->id;
@@ -168,11 +172,11 @@ class PrivMsg extends Extension
$page->set_mode(PageMode::REDIRECT);
$page->set_redirect($_SERVER["HTTP_REFERER"]);
}
- break;
- default:
- $this->theme->display_error(400, "Invalid action", "That's not something you can do with a PM");
- break;
- }
+ }
+ break;
+ default:
+ $this->theme->display_error(400, "Invalid action", "That's not something you can do with a PM");
+ break;
}
}
}