badmanners/shimmie2
badmanners/shimmie2
Archived
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

get rid of is_admin, fixes #676

Browse source
This commit is contained in:
Shish 2019-09-29 19:00:51 +01:00
parent 0f4a0275b5
commit a7bddb1dac
27 changed files with 99 additions and 64 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
core/permissions.php
View file

@ -42,6 +42,7 @@ abstract class Permissions
public const CREATE_IMAGE_REPORT = "create_image_report";
public const VIEW_IMAGE_REPORT = "view_image_report"; # deal with reported images
public const WIKI_ADMIN = "wiki_admin";
public const EDIT_WIKI_PAGE = "edit_wiki_page";
public const DELETE_WIKI_PAGE = "delete_wiki_page";
@ -66,4 +67,17 @@ abstract class Permissions
public const VIEW_TRASH = "view_trash";
public const PERFORM_BULK_ACTIONS = "perform_bulk_actions";
public const BULK_ADD = "bulk_add";
public const EDIT_FILES = "edit_files";
public const EDIT_TAG_CATEGORIES = "edit_tag_categories";
public const RESCAN_MEDIA = "rescan_media";
public const SEE_IMAGE_VIEW_COUNTS = "see_image_view_counts";
public const ARTISTS_ADMIN = "artists_admin";
public const BLOTTER_ADMIN = "blotter_admin";
public const FORUM_ADMIN = "forum_admin";
public const NOTES_ADMIN = "notes_admin";
public const POOLS_ADMIN = "pools_admin";
public const TIPS_ADMIN = "tips_admin";
}

5
core/user.php
View file

@ -144,11 +144,6 @@ class User
return ($this->id !== $config->get_int('anon_id'));
}
public function is_admin(): bool
{
return ($this->class->name === "admin");
}
public function set_class(string $class): void
{
global $database;

26
core/userclass.php
View file

@ -112,6 +112,7 @@ new UserClass("base", null, [
Permissions::CREATE_IMAGE_REPORT => false,
Permissions::VIEW_IMAGE_REPORT => false, # deal with reported images
Permissions::WIKI_ADMIN => false,
Permissions::EDIT_WIKI_PAGE => false,
Permissions::DELETE_WIKI_PAGE => false,
@ -136,6 +137,19 @@ new UserClass("base", null, [
Permissions::VIEW_TRASH => false,
Permissions::PERFORM_BULK_ACTIONS => false,
Permissions::BULK_ADD => false,
Permissions::EDIT_FILES => false,
Permissions::EDIT_TAG_CATEGORIES => false,
Permissions::RESCAN_MEDIA => false,
Permissions::SEE_IMAGE_VIEW_COUNTS => false,
Permissions::ARTISTS_ADMIN => false,
Permissions::BLOTTER_ADMIN => false,
Permissions::FORUM_ADMIN => false,
Permissions::NOTES_ADMIN => false,
Permissions::POOLS_ADMIN => false,
Permissions::TIPS_ADMIN => false,
]);
new UserClass("anonymous", "base", [
@ -183,6 +197,7 @@ new UserClass("admin", "base", [
Permissions::MASS_TAG_EDIT => true,
Permissions::CREATE_IMAGE_REPORT => true,
Permissions::VIEW_IMAGE_REPORT => true,
Permissions::WIKI_ADMIN => true,
Permissions::EDIT_WIKI_PAGE => true,
Permissions::DELETE_WIKI_PAGE => true,
Permissions::VIEW_EVENTLOG => true,
@ -200,6 +215,17 @@ new UserClass("admin", "base", [
Permissions::BULK_EDIT_IMAGE_RATING => true,
Permissions::VIEW_TRASH => true,
Permissions::PERFORM_BULK_ACTIONS => true,
Permissions::BULK_ADD => true,
Permissions::EDIT_FILES => true,
Permissions::EDIT_TAG_CATEGORIES => true,
Permissions::RESCAN_MEDIA => true,
Permissions::SEE_IMAGE_VIEW_COUNTS => true,
Permissions::ARTISTS_ADMIN => true,
Permissions::BLOTTER_ADMIN => true,
Permissions::FORUM_ADMIN => true,
Permissions::NOTES_ADMIN => true,
Permissions::POOLS_ADMIN => true,
Permissions::TIPS_ADMIN => true,
]);
new UserClass("hellbanned", "user", [

4
ext/artists/main.php
View file

@ -204,7 +204,7 @@ class Artists extends Extension
$urls = $this->get_urls($artist['id']);
$userIsLogged = !$user->is_anonymous();
$userIsAdmin = $user->is_admin();
$userIsAdmin = $user->can(Permissions::ARTISTS_ADMIN);
$images = Image::find_images(0, 4, Tag::explode($artist['name']));
@ -231,7 +231,7 @@ class Artists extends Extension
if (!$user->is_anonymous()) {
$this->theme->show_artist_editor($artist, $aliases, $members, $urls);
$userIsAdmin = $user->is_admin();
$userIsAdmin = $user->can(Permissions::ARTISTS_ADMIN);
$this->theme->sidebar_options("editor", $artistID, $userIsAdmin);
} else {
$this->theme->display_error(401, "Error", "You must be registered and logged in to edit an artist.");

2
ext/artists/theme.php
View file

@ -216,7 +216,7 @@ class ArtistsTheme extends Themelet
if (!$user->is_anonymous()) {
$html .= "<td>".$edit_link."</td>";
}
if ($user->is_admin()) {
if ($user->can(Permissions::ARTISTS_ADMIN)) {
$html .= "<td>".$del_link."</td>";
}

10
ext/blotter/main.php
View file

@ -52,7 +52,7 @@ class Blotter extends Extension
{
global $user;
if ($event->parent==="system") {
if ($user->is_admin()) {
if ($user->can(Permissions::BLOTTER_ADMIN)) {
$event->add_nav_link("blotter", new Link('blotter/editor'), "Blotter Editor");
}
}
@ -62,7 +62,7 @@ class Blotter extends Extension
public function onUserBlockBuilding(UserBlockBuildingEvent $event)
{
global $user;
if ($user->is_admin()) {
if ($user->can(Permissions::BLOTTER_ADMIN)) {
$event->add_link("Blotter Editor", make_link("blotter/editor"));
}
}
@ -76,7 +76,7 @@ class Blotter extends Extension
/**
* Displays the blotter editor.
*/
if (!$user->is_admin()) {
if (!$user->can(Permissions::BLOTTER_ADMIN)) {
$this->theme->display_permission_denied();
} else {
$entries = $database->get_all("SELECT * FROM blotter ORDER BY id DESC");
@ -87,7 +87,7 @@ class Blotter extends Extension
/**
* Adds an entry
*/
if (!$user->is_admin() || !$user->check_auth_token()) {
if (!$user->can(Permissions::BLOTTER_ADMIN) || !$user->check_auth_token()) {
$this->theme->display_permission_denied();
} else {
$entry_text = $_POST['entry_text'];
@ -113,7 +113,7 @@ class Blotter extends Extension
/**
* Removes an entry
*/
if (!$user->is_admin() || !$user->check_auth_token()) {
if (!$user->can(Permissions::BLOTTER_ADMIN) || !$user->check_auth_token()) {
$this->theme->display_permission_denied();
} else {
$id = int_escape($_POST['id']);

2
ext/bulk_add/main.php
View file

@ -18,7 +18,7 @@ class BulkAdd extends Extension
{
global $page, $user;
if ($event->page_matches("bulk_add")) {
if ($user->is_admin() && $user->check_auth_token() && isset($_POST['dir'])) {
if ($user->can(Permissions::BULK_ADD) && $user->check_auth_token() && isset($_POST['dir'])) {
set_time_limit(0);
$bae = new BulkAddEvent($_POST['dir']);
send_event($bae);

4
ext/bulk_add_csv/main.php
View file

@ -6,7 +6,7 @@ class BulkAddCSV extends Extension
{
global $page, $user;
if ($event->page_matches("bulk_add_csv")) {
if ($user->is_admin() && $user->check_auth_token() && isset($_POST['csv'])) {
if ($user->can(Permissions::BULK_ADD) && $user->check_auth_token() && isset($_POST['csv'])) {
set_time_limit(0);
$this->add_csv($_POST['csv']);
$this->theme->display_upload_results($page);
@ -24,7 +24,7 @@ class BulkAddCSV extends Extension
global $user;
//Nag until CLI is admin by default
if (!$user->is_admin()) {
if (!$user->can(Permissions::BULK_ADD)) {
print "Not running as an admin, which can cause problems.\n";
print "Please add the parameter: -u admin_username";
} elseif (count($event->args) == 1) {

2
ext/bulk_remove/main.php
View file

@ -7,7 +7,7 @@ class BulkRemove extends Extension
public function onPageRequest(PageRequestEvent $event)
{
global $user;
if ($event->page_matches("bulk_remove") && $user->is_admin() && $user->check_auth_token()) {
if ($event->page_matches("bulk_remove") && $user->can(Permissions::BULK_ADD) && $user->check_auth_token()) {
if ($event->get_arg(0) == "confirm") {
$this->do_bulk_remove();
} else {

2
ext/cron_uploader/main.php
View file

@ -65,7 +65,7 @@ class CronUploader extends Extension
flock($lockfile, LOCK_UN);
fclose($lockfile);
}
} elseif ($user->is_admin()) {
} elseif ($user->can(Permissions::BULK_ADD)) {
$this->set_dir();
$this->display_documentation();
}

10
ext/forum/main.php
View file

@ -89,7 +89,7 @@ class Forum extends Extension
if ($event->page_matches("forum")) {
switch ($event->get_arg(0)) {
case "index":
$this->show_last_threads($page, $event, $user->is_admin());
$this->show_last_threads($page, $event, $user->can(Permissions::FORUM_ADMIN));
if (!$user->is_anonymous()) {
$this->theme->display_new_thread_composer($page);
}
@ -104,8 +104,8 @@ class Forum extends Extension
break;
}
$this->show_posts($event, $user->is_admin());
if ($user->is_admin()) {
$this->show_posts($event, $user->can(Permissions::FORUM_ADMIN));
if ($user->can(Permissions::FORUM_ADMIN)) {
$this->theme->add_actions_block($page, $threadID);
}
if (!$user->is_anonymous()) {
@ -139,7 +139,7 @@ class Forum extends Extension
$threadID = int_escape($event->get_arg(1));
$postID = int_escape($event->get_arg(2));
if ($user->is_admin()) {
if ($user->can(Permissions::FORUM_ADMIN)) {
$this->delete_post($postID);
}
@ -149,7 +149,7 @@ class Forum extends Extension
case "nuke":
$threadID = int_escape($event->get_arg(1));
if ($user->is_admin()) {
if ($user->can(Permissions::FORUM_ADMIN)) {
$this->delete_thread($threadID);
}

4
ext/forum/theme.php
View file

@ -38,7 +38,7 @@ class ForumTheme extends Themelet
<tr><td>Title:</td><td><input type='text' name='title' value='$threadTitle'></td></tr>
<tr><td>Message:</td><td><textarea id='message' name='message' >$threadText</textarea></td></tr>
<tr><td></td><td><small>Max characters alowed: $max_characters.</small></td></tr>";
if ($user->is_admin()) {
if ($user->can(Permissions::FORUM_ADMIN)) {
$html .= "<tr><td colspan='2'><label for='sticky'>Sticky:</label><input name='sticky' id='sticky' type='checkbox' value='Y' /></td></tr>";
}
$html .= "<tr><td colspan='2'><input type='submit' value='Submit' /></td></tr>
@ -121,7 +121,7 @@ class ForumTheme extends Themelet
$postID = $post['id'];
//if($user->is_admin()){
//if($user->can(Permissions::FORUM_ADMIN)){
//$delete_link = "<a href=".make_link("forum/delete/".$threadID."/".$postID).">Delete</a>";
//} else {
//$delete_link = "";

2
ext/image_view_counter/main.php
View file

@ -26,7 +26,7 @@ class ImageViewCounter extends Extension
global $user, $config;
$adminonly = $config->get_bool("image_viewcounter_adminonly"); // todo
if ($adminonly == false || ($adminonly && $user->is_admin())) {
if ($adminonly == false || ($adminonly && $user->can(Permissions::SEE_IMAGE_VIEW_COUNTS))) {
$event->add_part(
"<tr><th>Views:</th><td>".
$this->get_view_count($event->image->id) .

6
ext/media/main.php
View file

@ -253,7 +253,7 @@ class Media extends Extension
{
global $database, $page, $user;
if ($event->page_matches("media_rescan/") && $user->is_admin() && isset($_POST['image_id'])) {
if ($event->page_matches("media_rescan/") && $user->can(Permissions::RESCAN_MEDIA) && isset($_POST['image_id'])) {
$image = Image::by_id(int_escape($_POST['image_id']));
$this->update_image_media_properties($image->hash, $image->ext);
@ -321,7 +321,7 @@ class Media extends Extension
{
global $user;
if ($user->is_admin()) {
if ($user->can(Permissions::RESCAN_MEDIA)) {
$event->add_action("bulk_media_rescan", "Scan Media Properties");
}
}
@ -332,7 +332,7 @@ class Media extends Extension
switch ($event->action) {
case "bulk_media_rescan":
if ($user->is_admin()) {
if ($user->can(Permissions::RESCAN_MEDIA)) {
$total = 0;
foreach ($event->items as $image) {
try {

10
ext/notes/main.php
View file

@ -113,7 +113,7 @@ class Notes extends Extension
$page->set_redirect(make_link("post/view/".$_POST["image_id"]));
break;
case "nuke_notes":
if ($user->is_admin()) {
if ($user->can(Permissions::NOTES_ADMIN)) {
$this->nuke_notes();
}
@ -121,7 +121,7 @@ class Notes extends Extension
$page->set_redirect(make_link("post/view/".$_POST["image_id"]));
break;
case "nuke_requests":
if ($user->is_admin()) {
if ($user->can(Permissions::NOTES_ADMIN)) {
$this->nuke_requests();
}
@ -136,7 +136,7 @@ class Notes extends Extension
}
break;
case "delete_note":
if ($user->is_admin()) {
if ($user->can(Permissions::NOTES_ADMIN)) {
$this->delete_note();
$page->set_mode(PageMode::REDIRECT);
$page->set_redirect(make_link("post/view/".$_POST["image_id"]));
@ -160,7 +160,7 @@ class Notes extends Extension
//display form on image event
$notes = $this->get_notes($event->image->id);
$this->theme->display_note_system($page, $event->image->id, $notes, $user->is_admin());
$this->theme->display_note_system($page, $event->image->id, $notes, $user->can(Permissions::NOTES_ADMIN));
}
@ -173,7 +173,7 @@ class Notes extends Extension
if (!$user->is_anonymous()) {
$event->add_part($this->theme->note_button($event->image->id));
$event->add_part($this->theme->request_button($event->image->id));
if ($user->is_admin()) {
if ($user->can(Permissions::NOTES_ADMIN)) {
$event->add_part($this->theme->nuke_notes_button($event->image->id));
$event->add_part($this->theme->nuke_requests_button($event->image->id));
}

8
ext/pools/main.php
View file

@ -291,7 +291,7 @@ class Pools extends Extension
case "nuke":
// Completely remove the given pool.
// -> Only admins and owners may do this
if ($user->is_admin() || $user->id == $pool['user_id']) {
if ($user->can(Permissions::POOLS_ADMIN) || $user->id == $pool['user_id']) {
$this->nuke_pool($pool_id);
$page->set_mode(PageMode::REDIRECT);
$page->set_redirect(make_link("pool/list"));
@ -351,7 +351,7 @@ class Pools extends Extension
{
global $config, $database, $user;
if ($config->get_bool(PoolsConfig::ADDER_ON_VIEW_IMAGE) && !$user->is_anonymous()) {
if ($user->is_admin()) {
if ($user->can(Permissions::POOLS_ADMIN)) {
$pools = $database->get_all("SELECT * FROM pools");
} else {
$pools = $database->get_all("SELECT * FROM pools WHERE user_id=:id", ["id" => $user->id]);
@ -479,7 +479,7 @@ class Pools extends Extension
private function have_permission(User $user, array $pool): bool
{
// If the pool is public and user is logged OR if the user is admin OR if the pool is owned by the user.
if ((($pool['public'] == "Y" || $pool['public'] == "y") && !$user->is_anonymous()) || $user->is_admin() || $user->id == $pool['user_id']) {
if ((($pool['public'] == "Y" || $pool['public'] == "y") && !$user->is_anonymous()) || $user->can(Permissions::POOLS_ADMIN) || $user->id == $pool['user_id']) {
return true;
} else {
return false;
@ -887,7 +887,7 @@ class Pools extends Extension
global $user, $database;
$p_id = $database->get_one("SELECT user_id FROM pools WHERE id = :pid", ["pid" => $poolID]);
if ($user->is_admin()) {
if ($user->can(Permissions::POOLS_ADMIN)) {
$database->execute("DELETE FROM pool_history WHERE pool_id = :pid", ["pid" => $poolID]);
$database->execute("DELETE FROM pool_images WHERE pool_id = :pid", ["pid" => $poolID]);
$database->execute("DELETE FROM pools WHERE id = :pid", ["pid" => $poolID]);

4
ext/pools/theme.php
View file

@ -137,7 +137,7 @@ class PoolsTheme extends Themelet
if (!is_null($pools) && count($pools) == 1) {
$pool = $pools[0];
if ($pool['public'] == "Y" || $user->is_admin()) {// IF THE POOL IS PUBLIC OR IS ADMIN SHOW EDIT PANEL
if ($pool['public'] == "Y" || $user->can(Permissions::POOLS_ADMIN)) {// IF THE POOL IS PUBLIC OR IS ADMIN SHOW EDIT PANEL
if (!$user->is_anonymous()) {// IF THE USER IS REGISTERED AND LOGGED IN SHOW EDIT PANEL
$this->sidebar_options($page, $pool, $check_all);
}
@ -195,7 +195,7 @@ class PoolsTheme extends Themelet
</form>
';
if ($user->id == $pool['user_id'] || $user->is_admin()) {
if ($user->id == $pool['user_id'] || $user->can(Permissions::POOLS_ADMIN)) {
$editor .= "
<script type='text/javascript'>
<!--

2
ext/rating/main.php
View file

@ -187,7 +187,7 @@ class Ratings extends Extension
// public function onPostListBuilding(PostListBuildingEvent $event)
// {
// global $user;
// if ($user->is_admin() && !empty($event->search_terms)) {
// if ($user->can(Permissions::BULK_EDIT_IMAGE_RATING) && !empty($event->search_terms)) {
// $this->theme->display_bulk_rater(Tag::implode($event->search_terms));
// }
// }

4
ext/resize/main.php
View file

@ -36,7 +36,7 @@ class ResizeImage extends Extension
public function onImageAdminBlockBuilding(ImageAdminBlockBuildingEvent $event)
{
global $user, $config;
if ($user->is_admin() && $config->get_bool(ResizeConfig::ENABLED)
if ($user->can(Permissions::EDIT_FILES) && $config->get_bool(ResizeConfig::ENABLED)
&& $this->can_resize_format($event->image->ext, $event->image->lossless)) {
/* Add a link to resize the image */
$event->add_part($this->theme->get_resize_html($event->image));
@ -113,7 +113,7 @@ class ResizeImage extends Extension
{
global $page, $user;
if ($event->page_matches("resize") && $user->is_admin()) {
if ($event->page_matches("resize") && $user->can(Permissions::EDIT_FILES)) {
// Try to get the image ID
$image_id = int_escape($event->get_arg(0));
if (empty($image_id)) {

4
ext/rotate/main.php
View file

@ -31,7 +31,7 @@ class RotateImage extends Extension
public function onImageAdminBlockBuilding(ImageAdminBlockBuildingEvent $event)
{
global $user, $config;
if ($user->is_admin() && $config->get_bool("rotate_enabled")
if ($user->can(Permissions::EDIT_FILES) && $config->get_bool("rotate_enabled")
&& in_array($event->image->ext, self::SUPPORTED_EXT)) {
/* Add a link to rotate the image */
$event->add_part($this->theme->get_rotate_html($event->image->id));
@ -52,7 +52,7 @@ class RotateImage extends Extension
{
global $page, $user;
if ($event->page_matches("rotate") && $user->is_admin()) {
if ($event->page_matches("rotate") && $user->can(Permissions::EDIT_FILES)) {
// Try to get the image ID
$image_id = int_escape($event->get_arg(0));
if (empty($image_id)) {

4
ext/tag_categories/main.php
View file

@ -52,7 +52,7 @@ class TagCategories extends Extension
global $page, $user;
if ($event->page_matches("tags/categories")) {
if ($user->is_admin()) {
if ($user->can(Permissions::EDIT_TAG_CATEGORIES)) {
$this->page_update();
$this->show_tag_categories($page);
}
@ -123,7 +123,7 @@ class TagCategories extends Extension
{
global $user, $database;
if (!$user->is_admin()) {
if (!$user->can(Permissions::EDIT_TAG_CATEGORIES)) {
return false;
}

6
ext/tips/main.php
View file

@ -32,7 +32,7 @@ class Tips extends Extension
$this->getTip();
if ($event->page_matches("tips") && $user->is_admin()) {
if ($event->page_matches("tips") && $user->can(Permissions::TIPS_ADMIN)) {
switch ($event->get_arg(0)) {
case "list":
$this->manageTips();
@ -67,7 +67,7 @@ class Tips extends Extension
{
global $user;
if ($event->parent==="system") {
if ($user->is_admin()) {
if ($user->can(Permissions::TIPS_ADMIN)) {
$event->add_nav_link("tips", new Link('tips/list'), "Tips Editor");
}
}
@ -76,7 +76,7 @@ class Tips extends Extension
public function onUserBlockBuilding(UserBlockBuildingEvent $event)
{
global $user;
if ($user->is_admin()) {
if ($user->can(Permissions::TIPS_ADMIN)) {
$event->add_link("Tips Editor", make_link("tips/list"));
}
}

4
ext/tips/theme.php
View file

@ -63,7 +63,7 @@ class TipsTheme extends Themelet
"<th>Image</th>".
"<th>Text</th>";
if ($user->is_admin()) {
if ($user->can(Permissions::TIPS_ADMIN)) {
$html .= "<th>Action</th>";
}
@ -85,7 +85,7 @@ class TipsTheme extends Themelet
$del_link = "<a href='".make_link("tips/delete/".$tip['id'])."'>Delete</a>";
if ($user->is_admin()) {
if ($user->can(Permissions::TIPS_ADMIN)) {
$html .= "<td>".$del_link."</td>";
}

8
ext/transcode/main.php
View file

@ -66,7 +66,7 @@ class TranscodeImage extends Extension
{
global $user, $config;
if ($user->is_admin()) {
if ($user->can(Permissions::EDIT_FILES)) {
$engine = $config->get_string(TranscodeConfig::ENGINE);
if ($this->can_convert_format($engine, $event->image->ext, $event->image->lossless)) {
$options = $this->get_supported_output_formats($engine, $event->image->ext, $event->image->lossless??false);
@ -135,7 +135,7 @@ class TranscodeImage extends Extension
{
global $page, $user;
if ($event->page_matches("transcode") && $user->is_admin()) {
if ($event->page_matches("transcode") && $user->can(Permissions::EDIT_FILES)) {
$image_id = int_escape($event->get_arg(0));
if (empty($image_id)) {
$image_id = isset($_POST['image_id']) ? int_escape($_POST['image_id']) : null;
@ -168,7 +168,7 @@ class TranscodeImage extends Extension
$engine = $config->get_string(TranscodeConfig::ENGINE);
if ($user->is_admin()) {
if ($user->can(Permissions::EDIT_FILES)) {
$event->add_action(self::ACTION_BULK_TRANSCODE, "Transcode", null, "", $this->theme->get_transcode_picker_html($this->get_supported_output_formats($engine)));
}
}
@ -182,7 +182,7 @@ class TranscodeImage extends Extension
if (!isset($_POST['transcode_format'])) {
return;
}
if ($user->is_admin()) {
if ($user->can(Permissions::EDIT_FILES)) {
$format = $_POST['transcode_format'];
$total = 0;
foreach ($event->items as $image) {

2
ext/update/main.php
View file

@ -28,7 +28,7 @@ class Update extends Extension
public function onPageRequest(PageRequestEvent $event)
{
global $user, $page;
if ($user->is_admin() && isset($_GET['sha'])) {
if ($user->can(Permissions::EDIT_FILES) && isset($_GET['sha'])) {
if ($event->page_matches("update/download")) {
$ok = $this->download_shimmie();

8
ext/wiki/main.php
View file

@ -118,7 +118,7 @@ class Wiki extends Extension
$title = $_POST['title'];
$rev = int_escape($_POST['revision']);
$body = $_POST['body'];
$lock = $user->is_admin() && isset($_POST['lock']) && ($_POST['lock'] == "on");
$lock = $user->can(Permissions::WIKI_ADMIN) && isset($_POST['lock']) && ($_POST['lock'] == "on");
if ($this->can_edit($user, $this->get_page($title))) {
$wikipage = $this->get_page($title);
@ -144,7 +144,7 @@ class Wiki extends Extension
$this->theme->display_permission_denied();
}
} elseif ($event->page_matches("wiki_admin/delete_revision")) {
if ($user->is_admin()) {
if ($user->can(Permissions::WIKI_ADMIN)) {
global $database;
$database->Execute(
"DELETE FROM wiki_pages WHERE title=:title AND revision=:rev",
@ -155,7 +155,7 @@ class Wiki extends Extension
$page->set_redirect(make_link("wiki/$u_title"));
}
} elseif ($event->page_matches("wiki_admin/delete_all")) {
if ($user->is_admin()) {
if ($user->can(Permissions::WIKI_ADMIN)) {
global $database;
$database->Execute(
"DELETE FROM wiki_pages WHERE title=:title",
@ -203,7 +203,7 @@ class Wiki extends Extension
public static function can_edit(User $user, WikiPage $page): bool
{
// admins can edit everything
if ($user->is_admin()) {
if ($user->can(Permissions::WIKI_ADMIN)) {
return true;
}

6
ext/wiki/theme.php
View file

@ -21,7 +21,7 @@ class WikiTheme extends Themelet
send_event($tfe);
// only the admin can edit the sidebar
if ($user->is_admin()) {
if ($user->can(Permissions::WIKI_ADMIN)) {
$tfe->formatted .= "<p>(<a href='".make_link("wiki/wiki:sidebar", "edit=on")."'>Edit</a>)";
}
@ -46,7 +46,7 @@ class WikiTheme extends Themelet
$i_revision = int_escape($page->revision) + 1;
global $user;
if ($user->is_admin()) {
if ($user->can(Permissions::WIKI_ADMIN)) {
$val = $page->is_locked() ? " checked" : "";
$lock = "<br>Lock page: <input type='checkbox' name='lock'$val>";
} else {
@ -82,7 +82,7 @@ class WikiTheme extends Themelet
</form></td>
" :
"";
if ($user->is_admin()) {
if ($user->can(Permissions::WIKI_ADMIN)) {
$edit .= "
<td>".make_form(make_link("wiki_admin/delete_revision"))."
<input type='hidden' name='title' value='".html_escape($page->title)."'>