badmanners/shimmie2
badmanners/shimmie2
Archived
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

permissions for sending & reading PMs, so that ghosts can have them revoked

Browse source
This commit is contained in:
Shish 2019-12-15 20:40:05 +00:00
parent 70db0ce5bd
commit 86d4f2eb82
3 changed files with 26 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
core/permissions.php
View file

@ -51,6 +51,8 @@ abstract class Permissions
public const MANAGE_ADMINTOOLS = "manage_admintools"; public const MANAGE_ADMINTOOLS = "manage_admintools";
public const SEND_PM = "send_pm";
public const READ_PM = "read_pm";
public const VIEW_OTHER_PMS = "view_other_pms"; public const VIEW_OTHER_PMS = "view_other_pms";
public const EDIT_FEATURE = "edit_feature"; public const EDIT_FEATURE = "edit_feature";
public const BULK_EDIT_VOTE = "bulk_edit_vote"; public const BULK_EDIT_VOTE = "bulk_edit_vote";

7
core/userclass.php
View file

@ -121,6 +121,8 @@ new UserClass("base", null, [
Permissions::MANAGE_ADMINTOOLS => false, Permissions::MANAGE_ADMINTOOLS => false,
Permissions::SEND_PM => false,
Permissions::READ_PM => false,
Permissions::VIEW_OTHER_PMS => false, Permissions::VIEW_OTHER_PMS => false,
Permissions::EDIT_FEATURE => false, Permissions::EDIT_FEATURE => false,
Permissions::BULK_EDIT_VOTE => false, Permissions::BULK_EDIT_VOTE => false,
@ -176,7 +178,8 @@ new UserClass("user", "base", [
Permissions::EDIT_IMAGE_TITLE => true, Permissions::EDIT_IMAGE_TITLE => true,
Permissions::CREATE_IMAGE_REPORT => true, Permissions::CREATE_IMAGE_REPORT => true,
Permissions::EDIT_IMAGE_RATING => true, Permissions::EDIT_IMAGE_RATING => true,
Permissions::SEND_PM => true,
Permissions::READ_PM => true,
]); ]);
new UserClass("admin", "base", [ new UserClass("admin", "base", [
@ -216,6 +219,8 @@ new UserClass("admin", "base", [
Permissions::MANAGE_BLOCKS => true, Permissions::MANAGE_BLOCKS => true,
Permissions::MANAGE_ADMINTOOLS => true, Permissions::MANAGE_ADMINTOOLS => true,
Permissions::IGNORE_DOWNTIME => true, Permissions::IGNORE_DOWNTIME => true,
Permissions::SEND_PM => true,
Permissions::READ_PM => true,
Permissions::VIEW_OTHER_PMS => true, Permissions::VIEW_OTHER_PMS => true,
Permissions::EDIT_FEATURE => true, Permissions::EDIT_FEATURE => true,
Permissions::BULK_EDIT_VOTE => true, Permissions::BULK_EDIT_VOTE => true,

32
ext/pm/main.php
View file

@ -87,7 +87,7 @@ class PrivMsg extends Extension
{ {
global $user; global $user;
if ($event->parent==="user") { if ($event->parent==="user") {
if (!$user->is_anonymous()) { if ($user->can(Permissions::READ_PM)) {
$count = $this->count_pms($user); $count = $this->count_pms($user);
$h_count = $count > 0 ? " <span class='unread'>($count)</span>" : ""; $h_count = $count > 0 ? " <span class='unread'>($count)</span>" : "";
$event->add_nav_link("pm", new Link('user#private-messages'), "Private Messages$h_count"); $event->add_nav_link("pm", new Link('user#private-messages'), "Private Messages$h_count");
@ -99,7 +99,7 @@ class PrivMsg extends Extension
public function onUserBlockBuilding(UserBlockBuildingEvent $event) public function onUserBlockBuilding(UserBlockBuildingEvent $event)
{ {
global $user; global $user;
if (!$user->is_anonymous()) { if ($user->can(Permissions::READ_PM)) {
$count = $this->count_pms($user); $count = $this->count_pms($user);
$h_count = $count > 0 ? " <span class='unread'>($count)</span>" : ""; $h_count = $count > 0 ? " <span class='unread'>($count)</span>" : "";
$event->add_link("Private Messages$h_count", make_link("user#private-messages")); $event->add_link("Private Messages$h_count", make_link("user#private-messages"));
@ -124,9 +124,9 @@ class PrivMsg extends Extension
{ {
global $cache, $database, $page, $user; global $cache, $database, $page, $user;
if ($event->page_matches("pm")) { if ($event->page_matches("pm")) {
if (!$user->is_anonymous()) { switch ($event->get_arg(0)) {
switch ($event->get_arg(0)) { case "read":
case "read": if ($user->can(Permissions::READ_PM)) {
$pm_id = int_escape($event->get_arg(1)); $pm_id = int_escape($event->get_arg(1));
$pm = $database->get_row("SELECT * FROM private_message WHERE id = :id", ["id" => $pm_id]); $pm = $database->get_row("SELECT * FROM private_message WHERE id = :id", ["id" => $pm_id]);
if (is_null($pm)) { if (is_null($pm)) {
@ -141,8 +141,10 @@ class PrivMsg extends Extension
} else { } else {
$this->theme->display_permission_denied(); $this->theme->display_permission_denied();
} }
break; }
case "delete": break;
case "delete":
if ($user->can(Permissions::READ_PM)) {
if ($user->check_auth_token()) { if ($user->check_auth_token()) {
$pm_id = int_escape($_POST["pm_id"]); $pm_id = int_escape($_POST["pm_id"]);
$pm = $database->get_row("SELECT * FROM private_message WHERE id = :id", ["id" => $pm_id]); $pm = $database->get_row("SELECT * FROM private_message WHERE id = :id", ["id" => $pm_id]);
@ -156,8 +158,10 @@ class PrivMsg extends Extension
$page->set_redirect($_SERVER["HTTP_REFERER"]); $page->set_redirect($_SERVER["HTTP_REFERER"]);
} }
} }
break; }
case "send": break;
case "send":
if ($user->can(Permissions::SEND_PM)) {
if ($user->check_auth_token()) { if ($user->check_auth_token()) {
$to_id = int_escape($_POST["to_id"]); $to_id = int_escape($_POST["to_id"]);
$from_id = $user->id; $from_id = $user->id;
@ -168,11 +172,11 @@ class PrivMsg extends Extension
$page->set_mode(PageMode::REDIRECT); $page->set_mode(PageMode::REDIRECT);
$page->set_redirect($_SERVER["HTTP_REFERER"]); $page->set_redirect($_SERVER["HTTP_REFERER"]);
} }
break; }
default: break;
$this->theme->display_error(400, "Invalid action", "That's not something you can do with a PM"); default:
break; $this->theme->display_error(400, "Invalid action", "That's not something you can do with a PM");
} break;
} }
} }
} }