From a7bddb1dacfe563caa6d200d10c3eac2b4de1d8c Mon Sep 17 00:00:00 2001
From: Shish <shish@shishnet.org>
Date: Sun, 29 Sep 2019 19:00:51 +0100
Subject: [PATCH] get rid of is_admin, fixes #676

---
 core/permissions.php            | 14 ++++++++++++++
 core/user.php                   |  5 -----
 core/userclass.php              | 26 ++++++++++++++++++++++++++
 ext/artists/main.php            |  4 ++--
 ext/artists/theme.php           |  2 +-
 ext/blotter/main.php            | 10 +++++-----
 ext/bulk_add/main.php           |  2 +-
 ext/bulk_add_csv/main.php       |  4 ++--
 ext/bulk_remove/main.php        |  2 +-
 ext/cron_uploader/main.php      |  2 +-
 ext/forum/main.php              | 10 +++++-----
 ext/forum/theme.php             |  4 ++--
 ext/image_view_counter/main.php |  2 +-
 ext/media/main.php              |  6 +++---
 ext/notes/main.php              | 10 +++++-----
 ext/pools/main.php              |  8 ++++----
 ext/pools/theme.php             |  4 ++--
 ext/rating/main.php             |  2 +-
 ext/resize/main.php             |  4 ++--
 ext/rotate/main.php             |  4 ++--
 ext/tag_categories/main.php     |  4 ++--
 ext/tips/main.php               |  6 +++---
 ext/tips/theme.php              |  4 ++--
 ext/transcode/main.php          |  8 ++++----
 ext/update/main.php             |  2 +-
 ext/wiki/main.php               |  8 ++++----
 ext/wiki/theme.php              |  6 +++---
 27 files changed, 99 insertions(+), 64 deletions(-)

diff --git a/core/permissions.php b/core/permissions.php
index 717bd5fd..bd60b0c0 100644
--- a/core/permissions.php
+++ b/core/permissions.php
@@ -42,6 +42,7 @@ abstract class Permissions
     public const CREATE_IMAGE_REPORT = "create_image_report";
     public const VIEW_IMAGE_REPORT = "view_image_report";  # deal with reported images
 
+    public const WIKI_ADMIN = "wiki_admin";
     public const EDIT_WIKI_PAGE = "edit_wiki_page";
     public const DELETE_WIKI_PAGE = "delete_wiki_page";
 
@@ -66,4 +67,17 @@ abstract class Permissions
     public const VIEW_TRASH = "view_trash";
 
     public const PERFORM_BULK_ACTIONS = "perform_bulk_actions";
+
+    public const BULK_ADD = "bulk_add";
+    public const EDIT_FILES = "edit_files";
+    public const EDIT_TAG_CATEGORIES = "edit_tag_categories";
+    public const RESCAN_MEDIA = "rescan_media";
+    public const SEE_IMAGE_VIEW_COUNTS = "see_image_view_counts";
+
+    public const ARTISTS_ADMIN = "artists_admin";
+    public const BLOTTER_ADMIN = "blotter_admin";
+    public const FORUM_ADMIN = "forum_admin";
+    public const NOTES_ADMIN = "notes_admin";
+    public const POOLS_ADMIN = "pools_admin";
+    public const TIPS_ADMIN = "tips_admin";
 }
diff --git a/core/user.php b/core/user.php
index 05f6e7f7..a1e46680 100644
--- a/core/user.php
+++ b/core/user.php
@@ -144,11 +144,6 @@ class User
         return ($this->id !== $config->get_int('anon_id'));
     }
 
-    public function is_admin(): bool
-    {
-        return ($this->class->name === "admin");
-    }
-
     public function set_class(string $class): void
     {
         global $database;
diff --git a/core/userclass.php b/core/userclass.php
index a66ad6f7..5c60c9a0 100644
--- a/core/userclass.php
+++ b/core/userclass.php
@@ -112,6 +112,7 @@ new UserClass("base", null, [
     Permissions::CREATE_IMAGE_REPORT => false,
     Permissions::VIEW_IMAGE_REPORT => false,  # deal with reported images
 
+    Permissions::WIKI_ADMIN => false,
     Permissions::EDIT_WIKI_PAGE => false,
     Permissions::DELETE_WIKI_PAGE => false,
 
@@ -136,6 +137,19 @@ new UserClass("base", null, [
     Permissions::VIEW_TRASH => false,
 
     Permissions::PERFORM_BULK_ACTIONS => false,
+
+    Permissions::BULK_ADD => false,
+    Permissions::EDIT_FILES => false,
+    Permissions::EDIT_TAG_CATEGORIES => false,
+    Permissions::RESCAN_MEDIA => false,
+    Permissions::SEE_IMAGE_VIEW_COUNTS => false,
+
+    Permissions::ARTISTS_ADMIN => false,
+    Permissions::BLOTTER_ADMIN => false,
+    Permissions::FORUM_ADMIN => false,
+    Permissions::NOTES_ADMIN => false,
+    Permissions::POOLS_ADMIN => false,
+    Permissions::TIPS_ADMIN => false,
 ]);
 
 new UserClass("anonymous", "base", [
@@ -183,6 +197,7 @@ new UserClass("admin", "base", [
     Permissions::MASS_TAG_EDIT => true,
     Permissions::CREATE_IMAGE_REPORT => true,
     Permissions::VIEW_IMAGE_REPORT => true,
+    Permissions::WIKI_ADMIN => true,
     Permissions::EDIT_WIKI_PAGE => true,
     Permissions::DELETE_WIKI_PAGE => true,
     Permissions::VIEW_EVENTLOG => true,
@@ -200,6 +215,17 @@ new UserClass("admin", "base", [
     Permissions::BULK_EDIT_IMAGE_RATING => true,
     Permissions::VIEW_TRASH => true,
     Permissions::PERFORM_BULK_ACTIONS => true,
+    Permissions::BULK_ADD => true,
+    Permissions::EDIT_FILES => true,
+    Permissions::EDIT_TAG_CATEGORIES => true,
+    Permissions::RESCAN_MEDIA => true,
+    Permissions::SEE_IMAGE_VIEW_COUNTS => true,
+    Permissions::ARTISTS_ADMIN => true,
+    Permissions::BLOTTER_ADMIN => true,
+    Permissions::FORUM_ADMIN => true,
+    Permissions::NOTES_ADMIN => true,
+    Permissions::POOLS_ADMIN => true,
+    Permissions::TIPS_ADMIN => true,
 ]);
 
 new UserClass("hellbanned", "user", [
diff --git a/ext/artists/main.php b/ext/artists/main.php
index a8fd92d8..e0a4cf7e 100644
--- a/ext/artists/main.php
+++ b/ext/artists/main.php
@@ -204,7 +204,7 @@ class Artists extends Extension
                     $urls = $this->get_urls($artist['id']);
 
                     $userIsLogged = !$user->is_anonymous();
-                    $userIsAdmin = $user->is_admin();
+                    $userIsAdmin = $user->can(Permissions::ARTISTS_ADMIN);
 
                     $images = Image::find_images(0, 4, Tag::explode($artist['name']));
 
@@ -231,7 +231,7 @@ class Artists extends Extension
                     if (!$user->is_anonymous()) {
                         $this->theme->show_artist_editor($artist, $aliases, $members, $urls);
 
-                        $userIsAdmin = $user->is_admin();
+                        $userIsAdmin = $user->can(Permissions::ARTISTS_ADMIN);
                         $this->theme->sidebar_options("editor", $artistID, $userIsAdmin);
                     } else {
                         $this->theme->display_error(401, "Error", "You must be registered and logged in to edit an artist.");
diff --git a/ext/artists/theme.php b/ext/artists/theme.php
index 1e5e5afb..825bc570 100644
--- a/ext/artists/theme.php
+++ b/ext/artists/theme.php
@@ -216,7 +216,7 @@ class ArtistsTheme extends Themelet
             if (!$user->is_anonymous()) {
                 $html .= "<td>".$edit_link."</td>";
             }
-            if ($user->is_admin()) {
+            if ($user->can(Permissions::ARTISTS_ADMIN)) {
                 $html .= "<td>".$del_link."</td>";
             }
 
diff --git a/ext/blotter/main.php b/ext/blotter/main.php
index 50b7a090..3b4e98dc 100644
--- a/ext/blotter/main.php
+++ b/ext/blotter/main.php
@@ -52,7 +52,7 @@ class Blotter extends Extension
     {
         global $user;
         if ($event->parent==="system") {
-            if ($user->is_admin()) {
+            if ($user->can(Permissions::BLOTTER_ADMIN)) {
                 $event->add_nav_link("blotter", new Link('blotter/editor'), "Blotter Editor");
             }
         }
@@ -62,7 +62,7 @@ class Blotter extends Extension
     public function onUserBlockBuilding(UserBlockBuildingEvent $event)
     {
         global $user;
-        if ($user->is_admin()) {
+        if ($user->can(Permissions::BLOTTER_ADMIN)) {
             $event->add_link("Blotter Editor", make_link("blotter/editor"));
         }
     }
@@ -76,7 +76,7 @@ class Blotter extends Extension
                     /**
                      * Displays the blotter editor.
                      */
-                    if (!$user->is_admin()) {
+                    if (!$user->can(Permissions::BLOTTER_ADMIN)) {
                         $this->theme->display_permission_denied();
                     } else {
                         $entries = $database->get_all("SELECT * FROM blotter ORDER BY id DESC");
@@ -87,7 +87,7 @@ class Blotter extends Extension
                     /**
                      * Adds an entry
                      */
-                    if (!$user->is_admin() || !$user->check_auth_token()) {
+                    if (!$user->can(Permissions::BLOTTER_ADMIN) || !$user->check_auth_token()) {
                         $this->theme->display_permission_denied();
                     } else {
                         $entry_text = $_POST['entry_text'];
@@ -113,7 +113,7 @@ class Blotter extends Extension
                     /**
                      * Removes an entry
                      */
-                    if (!$user->is_admin() || !$user->check_auth_token()) {
+                    if (!$user->can(Permissions::BLOTTER_ADMIN) || !$user->check_auth_token()) {
                         $this->theme->display_permission_denied();
                     } else {
                         $id = int_escape($_POST['id']);
diff --git a/ext/bulk_add/main.php b/ext/bulk_add/main.php
index 94a9b7f1..98c4c638 100644
--- a/ext/bulk_add/main.php
+++ b/ext/bulk_add/main.php
@@ -18,7 +18,7 @@ class BulkAdd extends Extension
     {
         global $page, $user;
         if ($event->page_matches("bulk_add")) {
-            if ($user->is_admin() && $user->check_auth_token() && isset($_POST['dir'])) {
+            if ($user->can(Permissions::BULK_ADD) && $user->check_auth_token() && isset($_POST['dir'])) {
                 set_time_limit(0);
                 $bae = new BulkAddEvent($_POST['dir']);
                 send_event($bae);
diff --git a/ext/bulk_add_csv/main.php b/ext/bulk_add_csv/main.php
index a567c1ca..bf86fef0 100644
--- a/ext/bulk_add_csv/main.php
+++ b/ext/bulk_add_csv/main.php
@@ -6,7 +6,7 @@ class BulkAddCSV extends Extension
     {
         global $page, $user;
         if ($event->page_matches("bulk_add_csv")) {
-            if ($user->is_admin() && $user->check_auth_token() && isset($_POST['csv'])) {
+            if ($user->can(Permissions::BULK_ADD) && $user->check_auth_token() && isset($_POST['csv'])) {
                 set_time_limit(0);
                 $this->add_csv($_POST['csv']);
                 $this->theme->display_upload_results($page);
@@ -24,7 +24,7 @@ class BulkAddCSV extends Extension
             global $user;
 
             //Nag until CLI is admin by default
-            if (!$user->is_admin()) {
+            if (!$user->can(Permissions::BULK_ADD)) {
                 print "Not running as an admin, which can cause problems.\n";
                 print "Please add the parameter: -u admin_username";
             } elseif (count($event->args) == 1) {
diff --git a/ext/bulk_remove/main.php b/ext/bulk_remove/main.php
index 0509d616..1d2517b3 100644
--- a/ext/bulk_remove/main.php
+++ b/ext/bulk_remove/main.php
@@ -7,7 +7,7 @@ class BulkRemove extends Extension
     public function onPageRequest(PageRequestEvent $event)
     {
         global $user;
-        if ($event->page_matches("bulk_remove") && $user->is_admin() && $user->check_auth_token()) {
+        if ($event->page_matches("bulk_remove") && $user->can(Permissions::BULK_ADD) && $user->check_auth_token()) {
             if ($event->get_arg(0) == "confirm") {
                 $this->do_bulk_remove();
             } else {
diff --git a/ext/cron_uploader/main.php b/ext/cron_uploader/main.php
index 0d97e522..f9e5557f 100644
--- a/ext/cron_uploader/main.php
+++ b/ext/cron_uploader/main.php
@@ -65,7 +65,7 @@ class CronUploader extends Extension
                     flock($lockfile, LOCK_UN);
                     fclose($lockfile);
                 }
-            } elseif ($user->is_admin()) {
+            } elseif ($user->can(Permissions::BULK_ADD)) {
                 $this->set_dir();
                 $this->display_documentation();
             }
diff --git a/ext/forum/main.php b/ext/forum/main.php
index 6d422704..064c09fe 100644
--- a/ext/forum/main.php
+++ b/ext/forum/main.php
@@ -89,7 +89,7 @@ class Forum extends Extension
         if ($event->page_matches("forum")) {
             switch ($event->get_arg(0)) {
                 case "index":
-                    $this->show_last_threads($page, $event, $user->is_admin());
+                    $this->show_last_threads($page, $event, $user->can(Permissions::FORUM_ADMIN));
                     if (!$user->is_anonymous()) {
                         $this->theme->display_new_thread_composer($page);
                     }
@@ -104,8 +104,8 @@ class Forum extends Extension
                         break;
                     }
 
-                    $this->show_posts($event, $user->is_admin());
-                    if ($user->is_admin()) {
+                    $this->show_posts($event, $user->can(Permissions::FORUM_ADMIN));
+                    if ($user->can(Permissions::FORUM_ADMIN)) {
                         $this->theme->add_actions_block($page, $threadID);
                     }
                     if (!$user->is_anonymous()) {
@@ -139,7 +139,7 @@ class Forum extends Extension
                     $threadID = int_escape($event->get_arg(1));
                     $postID = int_escape($event->get_arg(2));
 
-                    if ($user->is_admin()) {
+                    if ($user->can(Permissions::FORUM_ADMIN)) {
                         $this->delete_post($postID);
                     }
 
@@ -149,7 +149,7 @@ class Forum extends Extension
                 case "nuke":
                     $threadID = int_escape($event->get_arg(1));
 
-                    if ($user->is_admin()) {
+                    if ($user->can(Permissions::FORUM_ADMIN)) {
                         $this->delete_thread($threadID);
                     }
 
diff --git a/ext/forum/theme.php b/ext/forum/theme.php
index d5b8bb79..f6d44a1f 100644
--- a/ext/forum/theme.php
+++ b/ext/forum/theme.php
@@ -38,7 +38,7 @@ class ForumTheme extends Themelet
 					<tr><td>Title:</td><td><input type='text' name='title' value='$threadTitle'></td></tr>
 					<tr><td>Message:</td><td><textarea id='message' name='message' >$threadText</textarea></td></tr>
 					<tr><td></td><td><small>Max characters alowed: $max_characters.</small></td></tr>";
-        if ($user->is_admin()) {
+        if ($user->can(Permissions::FORUM_ADMIN)) {
             $html .= "<tr><td colspan='2'><label for='sticky'>Sticky:</label><input name='sticky' id='sticky' type='checkbox' value='Y' /></td></tr>";
         }
         $html .= "<tr><td colspan='2'><input type='submit' value='Submit' /></td></tr>
@@ -121,7 +121,7 @@ class ForumTheme extends Themelet
             
             $postID = $post['id'];
             
-            //if($user->is_admin()){
+            //if($user->can(Permissions::FORUM_ADMIN)){
             //$delete_link = "<a href=".make_link("forum/delete/".$threadID."/".$postID).">Delete</a>";
             //} else {
             //$delete_link = "";
diff --git a/ext/image_view_counter/main.php b/ext/image_view_counter/main.php
index ab27749a..43250002 100644
--- a/ext/image_view_counter/main.php
+++ b/ext/image_view_counter/main.php
@@ -26,7 +26,7 @@ class ImageViewCounter extends Extension
         global $user, $config;
 
         $adminonly = $config->get_bool("image_viewcounter_adminonly"); // todo
-        if ($adminonly == false || ($adminonly && $user->is_admin())) {
+        if ($adminonly == false || ($adminonly && $user->can(Permissions::SEE_IMAGE_VIEW_COUNTS))) {
             $event->add_part(
                 "<tr><th>Views:</th><td>".
                 $this->get_view_count($event->image->id) .
diff --git a/ext/media/main.php b/ext/media/main.php
index c0edd3a7..e11a6009 100644
--- a/ext/media/main.php
+++ b/ext/media/main.php
@@ -253,7 +253,7 @@ class Media extends Extension
     {
         global $database, $page, $user;
 
-        if ($event->page_matches("media_rescan/") && $user->is_admin() && isset($_POST['image_id'])) {
+        if ($event->page_matches("media_rescan/") && $user->can(Permissions::RESCAN_MEDIA) && isset($_POST['image_id'])) {
             $image = Image::by_id(int_escape($_POST['image_id']));
 
             $this->update_image_media_properties($image->hash, $image->ext);
@@ -321,7 +321,7 @@ class Media extends Extension
     {
         global $user;
 
-        if ($user->is_admin()) {
+        if ($user->can(Permissions::RESCAN_MEDIA)) {
             $event->add_action("bulk_media_rescan", "Scan Media Properties");
         }
     }
@@ -332,7 +332,7 @@ class Media extends Extension
 
         switch ($event->action) {
             case "bulk_media_rescan":
-                if ($user->is_admin()) {
+                if ($user->can(Permissions::RESCAN_MEDIA)) {
                     $total = 0;
                     foreach ($event->items as $image) {
                         try {
diff --git a/ext/notes/main.php b/ext/notes/main.php
index e0aa847b..9f4f9e72 100644
--- a/ext/notes/main.php
+++ b/ext/notes/main.php
@@ -113,7 +113,7 @@ class Notes extends Extension
                     $page->set_redirect(make_link("post/view/".$_POST["image_id"]));
                     break;
                 case "nuke_notes":
-                    if ($user->is_admin()) {
+                    if ($user->can(Permissions::NOTES_ADMIN)) {
                         $this->nuke_notes();
                     }
 
@@ -121,7 +121,7 @@ class Notes extends Extension
                     $page->set_redirect(make_link("post/view/".$_POST["image_id"]));
                     break;
                 case "nuke_requests":
-                    if ($user->is_admin()) {
+                    if ($user->can(Permissions::NOTES_ADMIN)) {
                         $this->nuke_requests();
                     }
 
@@ -136,7 +136,7 @@ class Notes extends Extension
                     }
                     break;
                 case "delete_note":
-                    if ($user->is_admin()) {
+                    if ($user->can(Permissions::NOTES_ADMIN)) {
                         $this->delete_note();
                         $page->set_mode(PageMode::REDIRECT);
                         $page->set_redirect(make_link("post/view/".$_POST["image_id"]));
@@ -160,7 +160,7 @@ class Notes extends Extension
 
         //display form on image event
         $notes = $this->get_notes($event->image->id);
-        $this->theme->display_note_system($page, $event->image->id, $notes, $user->is_admin());
+        $this->theme->display_note_system($page, $event->image->id, $notes, $user->can(Permissions::NOTES_ADMIN));
     }
 
 
@@ -173,7 +173,7 @@ class Notes extends Extension
         if (!$user->is_anonymous()) {
             $event->add_part($this->theme->note_button($event->image->id));
             $event->add_part($this->theme->request_button($event->image->id));
-            if ($user->is_admin()) {
+            if ($user->can(Permissions::NOTES_ADMIN)) {
                 $event->add_part($this->theme->nuke_notes_button($event->image->id));
                 $event->add_part($this->theme->nuke_requests_button($event->image->id));
             }
diff --git a/ext/pools/main.php b/ext/pools/main.php
index fe734bd5..6604e4f2 100644
--- a/ext/pools/main.php
+++ b/ext/pools/main.php
@@ -291,7 +291,7 @@ class Pools extends Extension
                 case "nuke":
                     // Completely remove the given pool.
                     //  -> Only admins and owners may do this
-                    if ($user->is_admin() || $user->id == $pool['user_id']) {
+                    if ($user->can(Permissions::POOLS_ADMIN) || $user->id == $pool['user_id']) {
                         $this->nuke_pool($pool_id);
                         $page->set_mode(PageMode::REDIRECT);
                         $page->set_redirect(make_link("pool/list"));
@@ -351,7 +351,7 @@ class Pools extends Extension
     {
         global $config, $database, $user;
         if ($config->get_bool(PoolsConfig::ADDER_ON_VIEW_IMAGE) && !$user->is_anonymous()) {
-            if ($user->is_admin()) {
+            if ($user->can(Permissions::POOLS_ADMIN)) {
                 $pools = $database->get_all("SELECT * FROM pools");
             } else {
                 $pools = $database->get_all("SELECT * FROM pools WHERE user_id=:id", ["id" => $user->id]);
@@ -479,7 +479,7 @@ class Pools extends Extension
     private function have_permission(User $user, array $pool): bool
     {
         // If the pool is public and user is logged OR if the user is admin OR if the pool is owned by the user.
-        if ((($pool['public'] == "Y" || $pool['public'] == "y") && !$user->is_anonymous()) || $user->is_admin() || $user->id == $pool['user_id']) {
+        if ((($pool['public'] == "Y" || $pool['public'] == "y") && !$user->is_anonymous()) || $user->can(Permissions::POOLS_ADMIN) || $user->id == $pool['user_id']) {
             return true;
         } else {
             return false;
@@ -887,7 +887,7 @@ class Pools extends Extension
         global $user, $database;
 
         $p_id = $database->get_one("SELECT user_id FROM pools WHERE id = :pid", ["pid" => $poolID]);
-        if ($user->is_admin()) {
+        if ($user->can(Permissions::POOLS_ADMIN)) {
             $database->execute("DELETE FROM pool_history WHERE pool_id = :pid", ["pid" => $poolID]);
             $database->execute("DELETE FROM pool_images WHERE pool_id = :pid", ["pid" => $poolID]);
             $database->execute("DELETE FROM pools WHERE id = :pid", ["pid" => $poolID]);
diff --git a/ext/pools/theme.php b/ext/pools/theme.php
index bfaacb30..d9278847 100644
--- a/ext/pools/theme.php
+++ b/ext/pools/theme.php
@@ -137,7 +137,7 @@ class PoolsTheme extends Themelet
 
         if (!is_null($pools) && count($pools) == 1) {
             $pool = $pools[0];
-            if ($pool['public'] == "Y" || $user->is_admin()) {// IF THE POOL IS PUBLIC OR IS ADMIN SHOW EDIT PANEL
+            if ($pool['public'] == "Y" || $user->can(Permissions::POOLS_ADMIN)) {// IF THE POOL IS PUBLIC OR IS ADMIN SHOW EDIT PANEL
                 if (!$user->is_anonymous()) {// IF THE USER IS REGISTERED AND LOGGED IN SHOW EDIT PANEL
                     $this->sidebar_options($page, $pool, $check_all);
                 }
@@ -195,7 +195,7 @@ class PoolsTheme extends Themelet
 			</form>
 			';
 
-        if ($user->id == $pool['user_id'] || $user->is_admin()) {
+        if ($user->id == $pool['user_id'] || $user->can(Permissions::POOLS_ADMIN)) {
             $editor .= "
 				<script type='text/javascript'>
 				<!--
diff --git a/ext/rating/main.php b/ext/rating/main.php
index 4e649b24..dfc1071f 100644
--- a/ext/rating/main.php
+++ b/ext/rating/main.php
@@ -187,7 +187,7 @@ class Ratings extends Extension
     // public function onPostListBuilding(PostListBuildingEvent $event)
     // {
     //     global $user;
-    //     if ($user->is_admin() && !empty($event->search_terms)) {
+    //     if ($user->can(Permissions::BULK_EDIT_IMAGE_RATING) && !empty($event->search_terms)) {
     //         $this->theme->display_bulk_rater(Tag::implode($event->search_terms));
     //     }
     // }
diff --git a/ext/resize/main.php b/ext/resize/main.php
index 27217b9a..ea133340 100644
--- a/ext/resize/main.php
+++ b/ext/resize/main.php
@@ -36,7 +36,7 @@ class ResizeImage extends Extension
     public function onImageAdminBlockBuilding(ImageAdminBlockBuildingEvent $event)
     {
         global $user, $config;
-        if ($user->is_admin() && $config->get_bool(ResizeConfig::ENABLED)
+        if ($user->can(Permissions::EDIT_FILES) && $config->get_bool(ResizeConfig::ENABLED)
             && $this->can_resize_format($event->image->ext, $event->image->lossless)) {
             /* Add a link to resize the image */
             $event->add_part($this->theme->get_resize_html($event->image));
@@ -113,7 +113,7 @@ class ResizeImage extends Extension
     {
         global $page, $user;
 
-        if ($event->page_matches("resize") && $user->is_admin()) {
+        if ($event->page_matches("resize") && $user->can(Permissions::EDIT_FILES)) {
             // Try to get the image ID
             $image_id = int_escape($event->get_arg(0));
             if (empty($image_id)) {
diff --git a/ext/rotate/main.php b/ext/rotate/main.php
index 323d4f58..bb03e4a6 100644
--- a/ext/rotate/main.php
+++ b/ext/rotate/main.php
@@ -31,7 +31,7 @@ class RotateImage extends Extension
     public function onImageAdminBlockBuilding(ImageAdminBlockBuildingEvent $event)
     {
         global $user, $config;
-        if ($user->is_admin() && $config->get_bool("rotate_enabled")
+        if ($user->can(Permissions::EDIT_FILES) && $config->get_bool("rotate_enabled")
                 && in_array($event->image->ext, self::SUPPORTED_EXT)) {
             /* Add a link to rotate the image */
             $event->add_part($this->theme->get_rotate_html($event->image->id));
@@ -52,7 +52,7 @@ class RotateImage extends Extension
     {
         global $page, $user;
 
-        if ($event->page_matches("rotate") && $user->is_admin()) {
+        if ($event->page_matches("rotate") && $user->can(Permissions::EDIT_FILES)) {
             // Try to get the image ID
             $image_id = int_escape($event->get_arg(0));
             if (empty($image_id)) {
diff --git a/ext/tag_categories/main.php b/ext/tag_categories/main.php
index df3c5346..54e90322 100644
--- a/ext/tag_categories/main.php
+++ b/ext/tag_categories/main.php
@@ -52,7 +52,7 @@ class TagCategories extends Extension
         global $page, $user;
 
         if ($event->page_matches("tags/categories")) {
-            if ($user->is_admin()) {
+            if ($user->can(Permissions::EDIT_TAG_CATEGORIES)) {
                 $this->page_update();
                 $this->show_tag_categories($page);
             }
@@ -123,7 +123,7 @@ class TagCategories extends Extension
     {
         global $user, $database;
 
-        if (!$user->is_admin()) {
+        if (!$user->can(Permissions::EDIT_TAG_CATEGORIES)) {
             return false;
         }
 
diff --git a/ext/tips/main.php b/ext/tips/main.php
index 22ae26bc..b5c0d7e7 100644
--- a/ext/tips/main.php
+++ b/ext/tips/main.php
@@ -32,7 +32,7 @@ class Tips extends Extension
 
         $this->getTip();
 
-        if ($event->page_matches("tips") && $user->is_admin()) {
+        if ($event->page_matches("tips") && $user->can(Permissions::TIPS_ADMIN)) {
             switch ($event->get_arg(0)) {
                 case "list":
                     $this->manageTips();
@@ -67,7 +67,7 @@ class Tips extends Extension
     {
         global $user;
         if ($event->parent==="system") {
-            if ($user->is_admin()) {
+            if ($user->can(Permissions::TIPS_ADMIN)) {
                 $event->add_nav_link("tips", new Link('tips/list'), "Tips Editor");
             }
         }
@@ -76,7 +76,7 @@ class Tips extends Extension
     public function onUserBlockBuilding(UserBlockBuildingEvent $event)
     {
         global $user;
-        if ($user->is_admin()) {
+        if ($user->can(Permissions::TIPS_ADMIN)) {
             $event->add_link("Tips Editor", make_link("tips/list"));
         }
     }
diff --git a/ext/tips/theme.php b/ext/tips/theme.php
index fd9cd5bb..a79e4608 100644
--- a/ext/tips/theme.php
+++ b/ext/tips/theme.php
@@ -63,7 +63,7 @@ class TipsTheme extends Themelet
             "<th>Image</th>".
             "<th>Text</th>";
 
-        if ($user->is_admin()) {
+        if ($user->can(Permissions::TIPS_ADMIN)) {
             $html .= "<th>Action</th>";
         }
 
@@ -85,7 +85,7 @@ class TipsTheme extends Themelet
 
             $del_link = "<a href='".make_link("tips/delete/".$tip['id'])."'>Delete</a>";
 
-            if ($user->is_admin()) {
+            if ($user->can(Permissions::TIPS_ADMIN)) {
                 $html .= "<td>".$del_link."</td>";
             }
 
diff --git a/ext/transcode/main.php b/ext/transcode/main.php
index a4eec056..67fadd83 100644
--- a/ext/transcode/main.php
+++ b/ext/transcode/main.php
@@ -66,7 +66,7 @@ class TranscodeImage extends Extension
     {
         global $user, $config;
 
-        if ($user->is_admin()) {
+        if ($user->can(Permissions::EDIT_FILES)) {
             $engine = $config->get_string(TranscodeConfig::ENGINE);
             if ($this->can_convert_format($engine, $event->image->ext, $event->image->lossless)) {
                 $options = $this->get_supported_output_formats($engine, $event->image->ext, $event->image->lossless??false);
@@ -135,7 +135,7 @@ class TranscodeImage extends Extension
     {
         global $page, $user;
 
-        if ($event->page_matches("transcode") && $user->is_admin()) {
+        if ($event->page_matches("transcode") && $user->can(Permissions::EDIT_FILES)) {
             $image_id = int_escape($event->get_arg(0));
             if (empty($image_id)) {
                 $image_id = isset($_POST['image_id']) ? int_escape($_POST['image_id']) : null;
@@ -168,7 +168,7 @@ class TranscodeImage extends Extension
 
         $engine = $config->get_string(TranscodeConfig::ENGINE);
 
-        if ($user->is_admin()) {
+        if ($user->can(Permissions::EDIT_FILES)) {
             $event->add_action(self::ACTION_BULK_TRANSCODE, "Transcode", null, "", $this->theme->get_transcode_picker_html($this->get_supported_output_formats($engine)));
         }
     }
@@ -182,7 +182,7 @@ class TranscodeImage extends Extension
                 if (!isset($_POST['transcode_format'])) {
                     return;
                 }
-                if ($user->is_admin()) {
+                if ($user->can(Permissions::EDIT_FILES)) {
                     $format = $_POST['transcode_format'];
                     $total = 0;
                     foreach ($event->items as $image) {
diff --git a/ext/update/main.php b/ext/update/main.php
index 0e26ed53..921e2064 100644
--- a/ext/update/main.php
+++ b/ext/update/main.php
@@ -28,7 +28,7 @@ class Update extends Extension
     public function onPageRequest(PageRequestEvent $event)
     {
         global $user, $page;
-        if ($user->is_admin() && isset($_GET['sha'])) {
+        if ($user->can(Permissions::EDIT_FILES) && isset($_GET['sha'])) {
             if ($event->page_matches("update/download")) {
                 $ok = $this->download_shimmie();
 
diff --git a/ext/wiki/main.php b/ext/wiki/main.php
index db339f76..189a7797 100644
--- a/ext/wiki/main.php
+++ b/ext/wiki/main.php
@@ -118,7 +118,7 @@ class Wiki extends Extension
             $title = $_POST['title'];
             $rev = int_escape($_POST['revision']);
             $body = $_POST['body'];
-            $lock = $user->is_admin() && isset($_POST['lock']) && ($_POST['lock'] == "on");
+            $lock = $user->can(Permissions::WIKI_ADMIN) && isset($_POST['lock']) && ($_POST['lock'] == "on");
 
             if ($this->can_edit($user, $this->get_page($title))) {
                 $wikipage = $this->get_page($title);
@@ -144,7 +144,7 @@ class Wiki extends Extension
                 $this->theme->display_permission_denied();
             }
         } elseif ($event->page_matches("wiki_admin/delete_revision")) {
-            if ($user->is_admin()) {
+            if ($user->can(Permissions::WIKI_ADMIN)) {
                 global $database;
                 $database->Execute(
                     "DELETE FROM wiki_pages WHERE title=:title AND revision=:rev",
@@ -155,7 +155,7 @@ class Wiki extends Extension
                 $page->set_redirect(make_link("wiki/$u_title"));
             }
         } elseif ($event->page_matches("wiki_admin/delete_all")) {
-            if ($user->is_admin()) {
+            if ($user->can(Permissions::WIKI_ADMIN)) {
                 global $database;
                 $database->Execute(
                     "DELETE FROM wiki_pages WHERE title=:title",
@@ -203,7 +203,7 @@ class Wiki extends Extension
     public static function can_edit(User $user, WikiPage $page): bool
     {
         // admins can edit everything
-        if ($user->is_admin()) {
+        if ($user->can(Permissions::WIKI_ADMIN)) {
             return true;
         }
 
diff --git a/ext/wiki/theme.php b/ext/wiki/theme.php
index f67c9d8f..27c24dda 100644
--- a/ext/wiki/theme.php
+++ b/ext/wiki/theme.php
@@ -21,7 +21,7 @@ class WikiTheme extends Themelet
         send_event($tfe);
 
         // only the admin can edit the sidebar
-        if ($user->is_admin()) {
+        if ($user->can(Permissions::WIKI_ADMIN)) {
             $tfe->formatted .= "<p>(<a href='".make_link("wiki/wiki:sidebar", "edit=on")."'>Edit</a>)";
         }
 
@@ -46,7 +46,7 @@ class WikiTheme extends Themelet
         $i_revision = int_escape($page->revision) + 1;
 
         global $user;
-        if ($user->is_admin()) {
+        if ($user->can(Permissions::WIKI_ADMIN)) {
             $val = $page->is_locked() ? " checked" : "";
             $lock = "<br>Lock page: <input type='checkbox' name='lock'$val>";
         } else {
@@ -82,7 +82,7 @@ class WikiTheme extends Themelet
 				</form></td>
 			" :
             "";
-        if ($user->is_admin()) {
+        if ($user->can(Permissions::WIKI_ADMIN)) {
             $edit .= "
 				<td>".make_form(make_link("wiki_admin/delete_revision"))."
 					<input type='hidden' name='title' value='".html_escape($page->title)."'>