badmanners/shimmie2
badmanners/shimmie2
Archived
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Permissions to constants

Browse source
This commit is contained in:
Matthew Barbour 2019-07-09 09:10:21 -05:00 committed by matthew
parent d16dfe24f2
commit cb1e9c0075
57 changed files with 323 additions and 257 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
README.markdown
View file

@ -100,10 +100,10 @@ permissions like so:
```php
new UserClass("anonymous", "base", [
"create_comment" => True,
"edit_image_tag" => True,
"edit_image_source" => True,
"create_image_report" => True,
Permissions::CREATE_COMMENT => True,
Permissions::EDIT_IMAGE_TAG => True,
Permissions::EDIT_IMAGE_SOURCE => True,
Permissions::CREATE_IMAGE_REPORT => True,
]);
```
@ -111,12 +111,12 @@ For a moderator class, being a regular user who can delete images and comments:
```php
new UserClass("moderator", "user", [
"delete_image" => True,
"delete_comment" => True,
Permissions::DELETE_IMAGE => True,
Permissions::DELETE_COMMENT => True,
]);
```
For a list of permissions, see `core/userclass.php`
For a list of permissions, see `core/permissions.php`
# Development Info

2
core/imageboard/image.php
View file

@ -129,7 +129,7 @@ class Image
}
if (SPEED_HAX) {
if (!$user->can("big_search") and count($tags) > 3) {
if (!$user->can(Permissions::BIG_SEARCH) and count($tags) > 3) {
throw new SCoreException("Anonymous users may only search for up to 3 tags at a time");
}
}

67
core/permissions.php Normal file
View file

@ -0,0 +1,67 @@
<?php
abstract class Permissions
{
public const CHANGE_SETTING = "change_setting"; # modify web-level settings, eg the config table
public const OVERRIDE_CONFIG = "override_config"; # modify sys-level settings, eg shimmie.conf.php
public const BIG_SEARCH = "big_search"; # search for more than 3 tags at once (speed mode only)
public const MANAGE_EXTENSION_LIST = "manage_extension_list";
public const MANAGE_ALIAS_LIST = "manage_alias_list";
public const MASS_TAG_EDIT = "mass_tag_edit";
public const VIEW_IP = "view_ip"; # view IP addresses associated with things
public const BAN_IP = "ban_ip";
public const EDIT_USER_NAME = "edit_user_name";
public const EDIT_USER_PASSWORD = "edit_user_password";
public const EDIT_USER_INFO = "edit_user_info"; # email address, etc
public const EDIT_USER_CLASS = "edit_user_class";
public const DELETE_USER = "delete_user";
public const CREATE_COMMENT = "create_comment";
public const DELETE_COMMENT = "delete_comment";
public const BYPASS_COMMENT_CHECKS = "bypass_comment_checks"; # spam etc
public const REPLACE_IMAGE = "replace_image";
public const CREATE_IMAGE = "create_image";
public const EDIT_IMAGE_TAG = "edit_image_tag";
public const EDIT_IMAGE_SOURCE = "edit_image_source";
public const EDIT_IMAGE_OWNER = "edit_image_owner";
public const EDIT_IMAGE_LOCK = "edit_image_lock";
public const BULK_EDIT_IMAGE_TAG = "bulk_edit_image_tag";
public const BULK_EDIT_IMAGE_SOURCE = "bulk_edit_image_source";
public const DELETE_IMAGE = "delete_image";
public const BAN_IMAGE = "ban_image";
public const VIEW_EVENTLOG = "view_eventlog";
public const IGNORE_DOWNTIME = "ignore_downtime";
public const CREATE_IMAGE_REPORT = "create_image_report";
public const VIEW_IMAGE_REPORT = "view_image_report"; # deal with reported images
public const EDIT_WIKI_PAGE = "edit_wiki_page";
public const DELETE_WIKI_PAGE = "delete_wiki_page";
public const MANAGE_BLOCKS = "manage_blocks";
public const MANAGE_ADMINTOOLS = "manage_admintools";
public const VIEW_OTHER_PMS = "view_other_pms";
public const EDIT_FEATURE = "edit_feature";
public const BULK_EDIT_VOTE = "bulk_edit_vote";
public const EDIT_OTHER_VOTE = "edit_other_vote";
public const VIEW_SYSINTO = "view_sysinfo";
public const HELLBANNED = "hellbanned";
public const VIEW_HELLBANNED = "view_hellbanned";
public const PROTECTED = "protected"; # only admins can modify protected users (stops a moderator changing an admin's password)
public const EDIT_IMAGE_RATING = "edit_image_rating";
public const BULK_EDIT_IMAGE_RATING = "bulk_edit_image_rating";
public const VIEW_TRASH = "view_trash";
}

197
core/userclass.php
View file

@ -72,134 +72,133 @@ class UserClass
// action = create / view / edit / delete
// object = image / user / tag / setting
new UserClass("base", null, [
"change_setting" => false, # modify web-level settings, eg the config table
"override_config" => false, # modify sys-level settings, eg shimmie.conf.php
"big_search" => false, # search for more than 3 tags at once (speed mode only)
Permissions::CHANGE_SETTING => false, # modify web-level settings, eg the config table
Permissions::OVERRIDE_CONFIG => false, # modify sys-level settings, eg shimmie.conf.php
Permissions::BIG_SEARCH => false, # search for more than 3 tags at once (speed mode only)
"manage_extension_list" => false,
"manage_alias_list" => false,
"mass_tag_edit" => false,
Permissions::MANAGE_EXTENSION_LIST => false,
Permissions::MANAGE_ALIAS_LIST => false,
Permissions::MASS_TAG_EDIT => false,
"view_ip" => false, # view IP addresses associated with things
"ban_ip" => false,
Permissions::VIEW_IP => false, # view IP addresses associated with things
Permissions::BAN_IP => false,
"edit_user_name" => false,
"edit_user_password" => false,
"edit_user_info" => false, # email address, etc
"edit_user_class" => false,
"delete_user" => false,
Permissions::EDIT_USER_NAME => false,
Permissions::EDIT_USER_PASSWORD => false,
Permissions::EDIT_USER_INFO => false, # email address, etc
Permissions::EDIT_USER_CLASS => false,
Permissions::DELETE_USER => false,
"create_comment" => false,
"delete_comment" => false,
"bypass_comment_checks" => false, # spam etc
Permissions::CREATE_COMMENT => false,
Permissions::DELETE_COMMENT => false,
Permissions::BYPASS_COMMENT_CHECKS => false, # spam etc
"replace_image" => false,
"create_image" => false,
"edit_image_tag" => false,
"edit_image_source" => false,
"edit_image_owner" => false,
"edit_image_lock" => false,
"bulk_edit_image_tag" => false,
"bulk_edit_image_source" => false,
"delete_image" => false,
Permissions::REPLACE_IMAGE => false,
Permissions::CREATE_IMAGE => false,
Permissions::EDIT_IMAGE_TAG => false,
Permissions::EDIT_IMAGE_SOURCE => false,
Permissions::EDIT_IMAGE_OWNER => false,
Permissions::EDIT_IMAGE_LOCK => false,
Permissions::BULK_EDIT_IMAGE_TAG => false,
Permissions::BULK_EDIT_IMAGE_SOURCE => false,
Permissions::DELETE_IMAGE => false,
"ban_image" => false,
Permissions::BAN_IMAGE => false,
"view_eventlog" => false,
"ignore_downtime" => false,
Permissions::VIEW_EVENTLOG => false,
Permissions::IGNORE_DOWNTIME => false,
"create_image_report" => false,
"view_image_report" => false, # deal with reported images
Permissions::CREATE_IMAGE_REPORT => false,
Permissions::VIEW_IMAGE_REPORT => false, # deal with reported images
"edit_wiki_page" => false,
"delete_wiki_page" => false,
Permissions::EDIT_WIKI_PAGE => false,
Permissions::DELETE_WIKI_PAGE => false,
"manage_blocks" => false,
Permissions::MANAGE_BLOCKS => false,
"manage_admintools" => false,
Permissions::MANAGE_ADMINTOOLS => false,
"view_other_pms" => false,
"edit_feature" => false,
"bulk_edit_vote" => false,
"edit_other_vote" => false,
"view_sysinfo" => false,
Permissions::VIEW_OTHER_PMS => false,
Permissions::EDIT_FEATURE => false,
Permissions::BULK_EDIT_VOTE => false,
Permissions::EDIT_OTHER_VOTE => false,
Permissions::VIEW_SYSINTO => false,
"hellbanned" => false,
"view_hellbanned" => false,
Permissions::HELLBANNED => false,
Permissions::VIEW_HELLBANNED => false,
"protected" => false, # only admins can modify protected users (stops a moderator changing an admin's password)
Permissions::PROTECTED => false, # only admins can modify protected users (stops a moderator changing an admin's password)
"edit_image_rating" => false,
"bulk_edit_image_rating" => false,
Permissions::EDIT_IMAGE_RATING => false,
Permissions::BULK_EDIT_IMAGE_RATING => false,
"view_trash" => false,
"perform_bulk_actions" => false,
Permissions::VIEW_TRASH => false,
]);
new UserClass("anonymous", "base", [
]);
new UserClass("user", "base", [
"big_search" => true,
"create_image" => true,
"create_comment" => true,
"edit_image_tag" => true,
"edit_image_source" => true,
"create_image_report" => true,
"edit_image_rating" => true,
Permissions::BIG_SEARCH => true,
Permissions::CREATE_IMAGE => true,
Permissions::CREATE_COMMENT => true,
Permissions::EDIT_IMAGE_TAG => true,
Permissions::EDIT_IMAGE_SOURCE => true,
Permissions::CREATE_IMAGE_REPORT => true,
Permissions::EDIT_IMAGE_RATING => true,
]);
new UserClass("admin", "base", [
"change_setting" => true,
"override_config" => true,
"big_search" => true,
"edit_image_lock" => true,
"view_ip" => true,
"ban_ip" => true,
"edit_user_name" => true,
"edit_user_password" => true,
"edit_user_info" => true,
"edit_user_class" => true,
"delete_user" => true,
"create_image" => true,
"delete_image" => true,
"ban_image" => true,
"create_comment" => true,
"delete_comment" => true,
"bypass_comment_checks" => true,
"replace_image" => true,
"manage_extension_list" => true,
"manage_alias_list" => true,
"edit_image_tag" => true,
"edit_image_source" => true,
"edit_image_owner" => true,
"bulk_edit_image_tag" => true,
"bulk_edit_image_source" => true,
"mass_tag_edit" => true,
"create_image_report" => true,
"view_image_report" => true,
"edit_wiki_page" => true,
"delete_wiki_page" => true,
"view_eventlog" => true,
"manage_blocks" => true,
"manage_admintools" => true,
"ignore_downtime" => true,
"view_other_pms" => true,
"edit_feature" => true,
"bulk_edit_vote" => true,
"edit_other_vote" => true,
"view_sysinfo" => true,
"view_hellbanned" => true,
"protected" => true,
"edit_image_rating" => true,
"bulk_edit_image_rating" => true,
"view_trash" => true,
"perform_bulk_actions" => true,
Permissions::CHANGE_SETTING => true,
Permissions::OVERRIDE_CONFIG => true,
Permissions::BIG_SEARCH => true,
Permissions::EDIT_IMAGE_LOCK => true,
Permissions::VIEW_IP => true,
Permissions::BAN_IP => true,
Permissions::EDIT_USER_NAME => true,
Permissions::EDIT_USER_PASSWORD => true,
Permissions::EDIT_USER_INFO => true,
Permissions::EDIT_USER_CLASS => true,
Permissions::DELETE_USER => true,
Permissions::CREATE_IMAGE => true,
Permissions::DELETE_IMAGE => true,
Permissions::BAN_IMAGE => true,
Permissions::CREATE_COMMENT => true,
Permissions::DELETE_COMMENT => true,
Permissions::BYPASS_COMMENT_CHECKS => true,
Permissions::REPLACE_IMAGE => true,
Permissions::MANAGE_EXTENSION_LIST => true,
Permissions::MANAGE_ALIAS_LIST => true,
Permissions::EDIT_IMAGE_TAG => true,
Permissions::EDIT_IMAGE_SOURCE => true,
Permissions::EDIT_IMAGE_OWNER => true,
Permissions::BULK_EDIT_IMAGE_TAG => true,
Permissions::BULK_EDIT_IMAGE_SOURCE => true,
Permissions::MASS_TAG_EDIT => true,
Permissions::CREATE_IMAGE_REPORT => true,
Permissions::VIEW_IMAGE_REPORT => true,
Permissions::EDIT_WIKI_PAGE => true,
Permissions::DELETE_WIKI_PAGE => true,
Permissions::VIEW_EVENTLOG => true,
Permissions::MANAGE_BLOCKS => true,
Permissions::MANAGE_ADMINTOOLS => true,
Permissions::IGNORE_DOWNTIME => true,
Permissions::VIEW_OTHER_PMS => true,
Permissions::EDIT_FEATURE => true,
Permissions::BULK_EDIT_VOTE => true,
Permissions::EDIT_OTHER_VOTE => true,
Permissions::VIEW_SYSINTO => true,
Permissions::VIEW_HELLBANNED => true,
Permissions::PROTECTED => true,
Permissions::EDIT_IMAGE_RATING => true,
Permissions::BULK_EDIT_IMAGE_RATING => true,
Permissions::VIEW_TRASH => true,
]);
new UserClass("hellbanned", "user", [
"hellbanned" => true,
Permissions::HELLBANNED => true,
]);
@include_once "data/config/user-classes.conf.php";

4
core/util.php
View file

@ -588,8 +588,8 @@ function show_ip(string $ip, string $ban_reason): string
global $user;
$u_reason = url_escape($ban_reason);
$u_end = url_escape("+1 week");
$ban = $user->can("ban_ip") ? ", <a href='".make_link("ip_ban/list", "ip=$ip&reason=$u_reason&end=$u_end#add")."'>Ban</a>" : "";
$ip = $user->can("view_ip") ? $ip.$ban : "";
$ban = $user->can(Permissions::BAN_IP) ? ", <a href='".make_link("ip_ban/list", "ip=$ip&reason=$u_reason&end=$u_end#add")."'>Ban</a>" : "";
$ip = $user->can(Permissions::VIEW_IP) ? $ip.$ban : "";
return $ip;
}

4
ext/admin/main.php
View file

@ -54,7 +54,7 @@ class AdminPage extends Extension
global $page, $user;
if ($event->page_matches("admin")) {
if (!$user->can("manage_admintools")) {
if (!$user->can(Permissions::MANAGE_ADMINTOOLS)) {
$this->theme->display_permission_denied();
} else {
if ($event->count_args() == 0) {
@ -111,7 +111,7 @@ class AdminPage extends Extension
public function onUserBlockBuilding(UserBlockBuildingEvent $event)
{
global $user;
if ($user->can("manage_admintools")) {
if ($user->can(Permissions::MANAGE_ADMINTOOLS)) {
$event->add_link("Board Admin", make_link("admin"));
}
}

8
ext/alias_editor/main.php
View file

@ -36,7 +36,7 @@ class AliasEditor extends Extension
if ($event->page_matches("alias")) {
if ($event->get_arg(0) == "add") {
if ($user->can("manage_alias_list")) {
if ($user->can(Permissions::MANAGE_ALIAS_LIST))) {
if (isset($_POST['oldtag']) && isset($_POST['newtag'])) {
try {
$aae = new AddAliasEvent($_POST['oldtag'], $_POST['newtag']);
@ -49,7 +49,7 @@ class AliasEditor extends Extension
}
}
} elseif ($event->get_arg(0) == "remove") {
if ($user->can("manage_alias_list")) {
if ($user->can(Permissions::MANAGE_ALIAS_LIST))) {
if (isset($_POST['oldtag'])) {
$database->execute("DELETE FROM aliases WHERE oldtag=:oldtag", ["oldtag" => $_POST['oldtag']]);
log_info("alias_editor", "Deleted alias for ".$_POST['oldtag'], "Deleted alias");
@ -85,7 +85,7 @@ class AliasEditor extends Extension
$page->set_filename("aliases.csv");
$page->set_data($this->get_alias_csv($database));
} elseif ($event->get_arg(0) == "import") {
if ($user->can("manage_alias_list")) {
if ($user->can(Permissions::MANAGE_ALIAS_LIST)) {
if (count($_FILES) > 0) {
$tmp = $_FILES['alias_file']['tmp_name'];
$contents = file_get_contents($tmp);
@ -120,7 +120,7 @@ class AliasEditor extends Extension
public function onUserBlockBuilding(UserBlockBuildingEvent $event)
{
global $user;
if ($user->can("manage_alias_list")) {
if ($user->can(Permissions::MANAGE_ALIAS_LIST)) {
$event->add_link("Alias Editor", make_link("alias/list"));
}
}

2
ext/alias_editor/theme.php
View file

@ -11,7 +11,7 @@ class AliasEditorTheme extends Themelet
{
global $page, $user;
$can_manage = $user->can("manage_alias_list");
$can_manage = $user->can(Permissions::MANAGE_ALIAS_LIST);
if ($can_manage) {
$h_action = "<th width='10%'>Action</th>";
$h_add = "

2
ext/ban_words/main.php
View file

@ -58,7 +58,7 @@ xanax
public function onCommentPosting(CommentPostingEvent $event)
{
global $user;
if (!$user->can("bypass_comment_checks")) {
if (!$user->can(Permissions::BYPASS_COMMENT_CHECKS)) {
$this->test_text($event->comment, new CommentPostingException("Comment contains banned terms"));
}
}

4
ext/blocks/main.php
View file

@ -29,7 +29,7 @@ class Blocks extends Extension
public function onUserBlockBuilding(UserBlockBuildingEvent $event)
{
global $user;
if ($user->can("manage_blocks")) {
if ($user->can(Permissions::MANAGE_BLOCKS)) {
$event->add_link("Blocks Editor", make_link("blocks/list"));
}
}
@ -52,7 +52,7 @@ class Blocks extends Extension
}
}
if ($event->page_matches("blocks") && $user->can("manage_blocks")) {
if ($event->page_matches("blocks") && $user->can(Permissions::MANAGE_BLOCKS)) {
if ($event->get_arg(0) == "add") {
if ($user->check_auth_token()) {
$database->execute("

12
ext/bulk_actions/main.php
View file

@ -85,11 +85,11 @@ class BulkActions extends Extension
{
global $user;
if ($user->can("delete_image")) {
if ($user->can(Permissions::DELETE_IMAGE)) {
$event->add_action("bulk_delete", "(D)elete", "d", "Delete selected images?", $this->theme->render_ban_reason_input(), 10);
}
if ($user->can("bulk_edit_image_tag")) {
if ($user->can(Permissions::BULK_EDIT_IMAGE_TAG)) {
$event->add_action(
"bulk_tag",
@ -100,7 +100,7 @@ class BulkActions extends Extension
10);
}
if ($user->can("bulk_edit_image_source")) {
if ($user->can(Permissions::BULK_EDIT_IMAGE_SOURCE)) {
$event->add_action("bulk_source", "Set (S)ource", "s","", $this->theme->render_source_input(), 10);
}
}
@ -111,7 +111,7 @@ class BulkActions extends Extension
switch ($event->action) {
case "bulk_delete":
if ($user->can("delete_image")) {
if ($user->can(Permissions::DELETE_IMAGE)) {
$i = $this->delete_items($event->items);
flash_message("Deleted $i items");
}
@ -120,7 +120,7 @@ class BulkActions extends Extension
if (!isset($_POST['bulk_tags'])) {
return;
}
if ($user->can("bulk_edit_image_tag")) {
if ($user->can(Permissions::BULK_EDIT_IMAGE_TAG)) {
$tags = $_POST['bulk_tags'];
$replace = false;
if (isset($_POST['bulk_tags_replace']) && $_POST['bulk_tags_replace'] == "true") {
@ -135,7 +135,7 @@ class BulkActions extends Extension
if (!isset($_POST['bulk_source'])) {
return;
}
if ($user->can("bulk_edit_image_source")) {
if ($user->can(Permissions::BULK_EDIT_IMAGE_SOURCE)) {
$source = $_POST['bulk_source'];
$i = $this->set_source($event->items, $source);
flash_message("Set source for $i items");

12
ext/comment/main.php
View file

@ -189,7 +189,7 @@ class CommentList extends Extension
private function onPageRequest_delete(PageRequestEvent $event)
{
global $user, $page;
if ($user->can("delete_comment")) {
if ($user->can(Permissions::DELETE_COMMENT)) {
// FIXME: post, not args
if ($event->count_args() === 3) {
send_event(new CommentDeletionEvent($event->get_arg(1)));
@ -209,7 +209,7 @@ class CommentList extends Extension
private function onPageRequest_bulk_delete()
{
global $user, $database, $page;
if ($user->can("delete_comment") && !empty($_POST["ip"])) {
if ($user->can(Permissions::DELETE_COMMENT) && !empty($_POST["ip"])) {
$ip = $_POST['ip'];
$comment_ids = $database->get_col("
@ -288,7 +288,7 @@ class CommentList extends Extension
$this->theme->display_image_comments(
$event->image,
$this->get_comments($event->image->id),
$user->can("create_comment")
$user->can(Permissions::CREATE_COMMENT)
);
}
@ -399,7 +399,7 @@ class CommentList extends Extension
}
}
$this->theme->display_comment_list($images, $current_page, $total_pages, $user->can("create_comment"));
$this->theme->display_comment_list($images, $current_page, $total_pages, $user->can(Permissions::CREATE_COMMENT));
}
// }}}
@ -574,7 +574,7 @@ class CommentList extends Extension
{
global $database, $page;
if (!$user->can("bypass_comment_checks")) {
if (!$user->can(Permissions::BYPASS_COMMENT_CHECKS)) {
// will raise an exception if anything is wrong
$this->comment_checks($image_id, $user, $comment);
}
@ -600,7 +600,7 @@ class CommentList extends Extension
global $config, $page;
// basic sanity checks
if (!$user->can("create_comment")) {
if (!$user->can(Permissions::CREATE_COMMENT)) {
throw new CommentPostingException("Anonymous posting has been disabled");
} elseif (is_null(Image::by_id($image_id))) {
throw new CommentPostingException("The image does not exist");

8
ext/comment/theme.php
View file

@ -218,9 +218,9 @@ class CommentListTheme extends Themelet
if (!array_key_exists($comment->poster_ip, $this->anon_map)) {
$this->anon_map[$comment->poster_ip] = $this->anon_id;
}
#if($user->can("view_ip")) {
#if($user->can(UserAbilities::VIEW_IP)) {
#$style = " style='color: ".$this->get_anon_colour($comment->poster_ip).";'";
if ($user->can("view_ip") || $config->get_bool("comment_samefags_public", false)) {
if ($user->can(Permissions::VIEW_IP) || $config->get_bool("comment_samefags_public", false)) {
if ($this->anon_map[$comment->poster_ip] != $this->anon_id) {
$anoncode2 = '<sup>('.$this->anon_map[$comment->poster_ip].')</sup>';
}
@ -248,9 +248,9 @@ class CommentListTheme extends Themelet
$h_avatar = "<img src=\"//www.gravatar.com/avatar/$hash.jpg?cacheBreak=$cb\"><br>";
}
$h_reply = " - <a href='javascript: replyTo($i_image_id, $i_comment_id, \"$h_name\")'>Reply</a>";
$h_ip = $user->can("view_ip") ? "<br>".show_ip($comment->poster_ip, "Comment posted {$comment->posted}") : "";
$h_ip = $user->can(Permissions::VIEW_IP) ? "<br>".show_ip($comment->poster_ip, "Comment posted {$comment->posted}") : "";
$h_del = "";
if ($user->can("delete_comment")) {
if ($user->can(Permissions::DELETE_COMMENT)) {
$comment_preview = substr(html_unescape($tfe->stripped), 0, 50);
$j_delete_confirm_message = json_encode("Delete comment by {$comment->owner_name}:\n$comment_preview");
$h_delete_script = html_escape("return confirm($j_delete_confirm_message);");

2
ext/danbooru_api/main.php
View file

@ -297,7 +297,7 @@ class DanbooruApi extends Extension
// Now we check if a file was uploaded or a url was provided to transload
// Much of this code is borrowed from /ext/upload
if (!$user->can("create_image")) {
if (!$user->can(Permissions::CREATE_IMAGE)) {
$page->set_code(409);
$page->add_http_header("X-Danbooru-Errors: authentication error");
return;

2
ext/downtime/main.php
View file

@ -32,7 +32,7 @@ class Downtime extends Extension
global $config, $page, $user;
if ($config->get_bool("downtime")) {
if (!$user->can("ignore_downtime") && !$this->is_safe_page($event)) {
if (!$user->can(Permissions::IGNORE_DOWNTIME) && !$this->is_safe_page($event)) {
$msg = $config->get_string("downtime_message");
$this->theme->display_message($msg);
if (!defined("UNITTEST")) { // hax D:

4
ext/et/main.php
View file

@ -18,7 +18,7 @@ class ET extends Extension
{
global $user;
if ($event->page_matches("system_info")) {
if ($user->can("view_sysinfo")) {
if ($user->can(Permissions::VIEW_SYSINTO)) {
$this->theme->display_info_page($this->get_info());
}
}
@ -27,7 +27,7 @@ class ET extends Extension
public function onUserBlockBuilding(UserBlockBuildingEvent $event)
{
global $user;
if ($user->can("view_sysinfo")) {
if ($user->can(Permissions::VIEW_SYSINTO)) {
$event->add_link("System Info", make_link("system_info"));
}
}

4
ext/ext_manager/main.php
View file

@ -118,7 +118,7 @@ class ExtManager extends Extension
{
global $page, $user;
if ($event->page_matches("ext_manager")) {
if ($user->can("manage_extension_list")) {
if ($user->can(Permissions::MANAGE_EXTENSION_LIST)) {
if ($event->get_arg(0) == "set" && $user->check_auth_token()) {
if (is_writable("data/config")) {
$this->set_things($_POST);
@ -166,7 +166,7 @@ class ExtManager extends Extension
public function onUserBlockBuilding(UserBlockBuildingEvent $event)
{
global $user;
if ($user->can("manage_extension_list")) {
if ($user->can(Permissions::MANAGE_EXTENSION_LIST)) {
$event->add_link("Extension Manager", make_link("ext_manager"));
} else {
$event->add_link("Help", make_link("ext_doc"));

4
ext/featured/main.php
View file

@ -32,7 +32,7 @@ class Featured extends Extension
global $config, $page, $user;
if ($event->page_matches("featured_image")) {
if ($event->get_arg(0) == "set" && $user->check_auth_token()) {
if ($user->can("edit_feature") && isset($_POST['image_id'])) {
if ($user->can(Permissions::EDIT_FEATURE) && isset($_POST['image_id'])) {
$id = int_escape($_POST['image_id']);
if ($id > 0) {
$config->set_int("featured_id", $id);
@ -86,7 +86,7 @@ class Featured extends Extension
public function onImageAdminBlockBuilding(ImageAdminBlockBuildingEvent $event)
{
global $user;
if ($user->can("edit_feature")) {
if ($user->can(Permissions::EDIT_FEATURE)) {
$event->add_part($this->theme->get_buttons_html($event->image->id));
}
}

4
ext/hellban/main.php
View file

@ -9,9 +9,9 @@ class HellBan extends Extension
{
global $page, $user;
if ($user->can("hellbanned")) {
if ($user->can(Permissions::HELLBANNED)) {
$s = "";
} elseif ($user->can("view_hellbanned")) {
} elseif ($user->can(Permissions::VIEW_HELLBANNED)) {
$s = "DIV.hb, TR.hb TD {border: 1px solid red !important;}";
} else {
$s = ".hb {display: none !important;}";

8
ext/image/main.php
View file

@ -73,7 +73,7 @@ class ImageIO extends Extension
{
if ($event->page_matches("image/delete")) {
global $page, $user;
if ($user->can("delete_image") && isset($_POST['image_id']) && $user->check_auth_token()) {
if ($user->can(Permissions::DELETE_IMAGE) && isset($_POST['image_id']) && $user->check_auth_token()) {
$image = Image::by_id($_POST['image_id']);
if ($image) {
send_event(new ImageDeletionEvent($image));
@ -87,7 +87,7 @@ class ImageIO extends Extension
}
} elseif ($event->page_matches("image/replace")) {
global $page, $user;
if ($user->can("replace_image") && isset($_POST['image_id']) && $user->check_auth_token()) {
if ($user->can(Permissions::REPLACE_IMAGE) && isset($_POST['image_id']) && $user->check_auth_token()) {
$image = Image::by_id($_POST['image_id']);
if ($image) {
$page->set_mode(PageMode::REDIRECT);
@ -110,11 +110,11 @@ class ImageIO extends Extension
{
global $user;
if ($user->can("delete_image")) {
if ($user->can(Permissions::DELETE_IMAGE)) {
$event->add_part($this->theme->get_deleter_html($event->image->id));
}
/* In the future, could perhaps allow users to replace images that they own as well... */
if ($user->can("replace_image")) {
if ($user->can(Permissions::REPLACE_IMAGE)) {
$event->add_part($this->theme->get_replace_html($event->image->id));
}
}

6
ext/image_hash_ban/main.php
View file

@ -64,7 +64,7 @@ class ImageBan extends Extension
global $database, $page, $user;
if ($event->page_matches("image_hash_ban")) {
if ($user->can("ban_image")) {
if ($user->can(Permissions::BAN_IMAGE)) {
if ($event->get_arg(0) == "add") {
$image = isset($_POST['image_id']) ? Image::by_id(int_escape($_POST['image_id'])) : null;
$hash = isset($_POST["hash"]) ? $_POST["hash"] : $image->hash;
@ -106,7 +106,7 @@ class ImageBan extends Extension
public function onUserBlockBuilding(UserBlockBuildingEvent $event)
{
global $user;
if ($user->can("ban_image")) {
if ($user->can(Permissions::BAN_IMAGE)) {
$event->add_link("Image Bans", make_link("image_hash_ban/list/1"));
}
}
@ -130,7 +130,7 @@ class ImageBan extends Extension
public function onImageAdminBlockBuilding(ImageAdminBlockBuildingEvent $event)
{
global $user;
if ($user->can("ban_image")) {
if ($user->can(Permissions::BAN_IMAGE)) {
$event->add_part($this->theme->get_buttons_html($event->image));
}
}

4
ext/ipban/main.php
View file

@ -66,7 +66,7 @@ class IPBan extends Extension
{
if ($event->page_matches("ip_ban")) {
global $page, $user;
if ($user->can("ban_ip")) {
if ($user->can(Permissions::BAN_IP)) {
if ($event->get_arg(0) == "add" && $user->check_auth_token()) {
if (isset($_POST['ip']) && isset($_POST['reason']) && isset($_POST['end'])) {
if (empty($_POST['end'])) {
@ -108,7 +108,7 @@ class IPBan extends Extension
public function onUserBlockBuilding(UserBlockBuildingEvent $event)
{
global $user;
if ($user->can("ban_ip")) {
if ($user->can(Permissions::BAN_IP)) {
$event->add_link("IP Bans", make_link("ip_ban/list"));
}
}

4
ext/log_db/main.php
View file

@ -48,7 +48,7 @@ class LogDatabase extends Extension
{
global $database, $user;
if ($event->page_matches("log/view")) {
if ($user->can("view_eventlog")) {
if ($user->can(Permissions::VIEW_EVENTLOG)) {
$wheres = [];
$args = [];
$page_num = int_escape($event->get_arg(0));
@ -123,7 +123,7 @@ class LogDatabase extends Extension
public function onUserBlockBuilding(UserBlockBuildingEvent $event)
{
global $user;
if ($user->can("view_eventlog")) {
if ($user->can(Permissions::VIEW_EVENTLOG)) {
$event->add_link("Event Log", make_link("log/view"));
}
}

2
ext/media/main.php
View file

@ -316,7 +316,7 @@ class Media extends Extension
public function onImageAdminBlockBuilding(ImageAdminBlockBuildingEvent $event)
{
global $user;
if ($user->can("delete_image")) {
if ($user->can(Permissions::DELETE_IMAGE)) {
$event->add_part($this->theme->get_buttons_html($event->image->id));
}
}

4
ext/not_a_tag/main.php
View file

@ -61,7 +61,7 @@ class NotATag extends Extension
public function onUserBlockBuilding(UserBlockBuildingEvent $event)
{
global $user;
if ($user->can("ban_image")) {
if ($user->can(Permissions::BAN_IMAGE)) {
$event->add_link("UnTags", make_link("untag/list/1"));
}
}
@ -71,7 +71,7 @@ class NotATag extends Extension
global $database, $page, $user;
if ($event->page_matches("untag")) {
if ($user->can("ban_image")) {
if ($user->can(Permissions::BAN_IMAGE)) {
if ($event->get_arg(0) == "add") {
$tag = $_POST["tag"];
$redirect = isset($_POST['redirect']) ? $_POST['redirect'] : "DNP";

6
ext/numeric_score/main.php
View file

@ -45,7 +45,7 @@ class NumericScore extends Extension
public function onUserPageBuilding(UserPageBuildingEvent $event)
{
global $user;
if ($user->can("edit_other_vote")) {
if ($user->can(Permissions::EDIT_OTHER_VOTE)) {
$this->theme->get_nuller($event->display_user);
}
@ -98,7 +98,7 @@ class NumericScore extends Extension
$page->set_redirect(make_link("post/view/$image_id"));
}
} elseif ($event->page_matches("numeric_score/remove_votes_on") && $user->check_auth_token()) {
if ($user->can("edit_other_vote")) {
if ($user->can(Permissions::EDIT_OTHER_VOTE)) {
$image_id = int_escape($_POST['image_id']);
$database->execute(
"DELETE FROM numeric_score_votes WHERE image_id=?",
@ -112,7 +112,7 @@ class NumericScore extends Extension
$page->set_redirect(make_link("post/view/$image_id"));
}
} elseif ($event->page_matches("numeric_score/remove_votes_by") && $user->check_auth_token()) {
if ($user->can("edit_other_vote")) {
if ($user->can(Permissions::EDIT_OTHER_VOTE)) {
$this->delete_votes_by(int_escape($_POST['user_id']));
$page->set_mode(PageMode::REDIRECT);
$page->set_redirect(make_link());

2
ext/numeric_score/theme.php
View file

@ -32,7 +32,7 @@ class NumericScoreTheme extends Themelet
<input type='submit' value='Vote Down'>
</form>
";
if ($user->can("edit_other_vote")) {
if ($user->can(Permissions::EDIT_OTHER_VOTE)) {
$html .= "
<form action='".make_link("numeric_score/remove_votes_on")."' method='POST'>
".$user->get_auth_html()."

4
ext/oekaki/main.php
View file

@ -12,7 +12,7 @@ class Oekaki extends Extension
global $user, $page;
if ($event->page_matches("oekaki")) {
if ($user->can("create_image")) {
if ($user->can(Permissions::CREATE_IMAGE)) {
if ($event->get_arg(0) == "create") {
$this->theme->display_page();
$this->theme->display_block();
@ -84,7 +84,7 @@ class Oekaki extends Extension
public function onPostListBuilding(PostListBuildingEvent $event)
{
global $user;
if ($user->can("create_image")) {
if ($user->can(Permissions::CREATE_IMAGE)) {
$this->theme->display_block();
}
}

2
ext/ouroboros_api/main.php
View file

@ -410,7 +410,7 @@ class OuroborosAPI extends Extension
if ($event->page_matches('post')) {
if ($this->match('create')) {
// Create
if ($user->can("create_image")) {
if ($user->can(Permissions::CREATE_IMAGE)) {
$md5 = !empty($_REQUEST['md5']) ? filter_var($_REQUEST['md5'], FILTER_SANITIZE_STRING) : null;
$this->postCreate(new OuroborosPost($_REQUEST['post']), $md5);
} else {

6
ext/pm/main.php
View file

@ -108,7 +108,7 @@ class PrivMsg extends Extension
global $page, $user;
$duser = $event->display_user;
if (!$user->is_anonymous() && !$duser->is_anonymous()) {
if (($user->id == $duser->id) || $user->can("view_other_pms")) {
if (($user->id == $duser->id) || $user->can(Permissions::VIEW_OTHER_PMS)) {
$this->theme->display_pms($page, $this->get_pms($duser));
}
if ($user->id != $duser->id) {
@ -128,7 +128,7 @@ class PrivMsg extends Extension
$pm = $database->get_row("SELECT * FROM private_message WHERE id = :id", ["id" => $pm_id]);
if (is_null($pm)) {
$this->theme->display_error(404, "No such PM", "There is no PM #$pm_id");
} elseif (($pm["to_id"] == $user->id) || $user->can("view_other_pms")) {
} elseif (($pm["to_id"] == $user->id) || $user->can(Permissions::VIEW_OTHER_PMS)) {
$from_user = User::by_id(int_escape($pm["from_id"]));
if ($pm["to_id"] == $user->id) {
$database->execute("UPDATE private_message SET is_read='Y' WHERE id = :id", ["id" => $pm_id]);
@ -145,7 +145,7 @@ class PrivMsg extends Extension
$pm = $database->get_row("SELECT * FROM private_message WHERE id = :id", ["id" => $pm_id]);
if (is_null($pm)) {
$this->theme->display_error(404, "No such PM", "There is no PM #$pm_id");
} elseif (($pm["to_id"] == $user->id) || $user->can("view_other_pms")) {
} elseif (($pm["to_id"] == $user->id) || $user->can(Permissions::VIEW_OTHER_PMS)) {
$database->execute("DELETE FROM private_message WHERE id = :id", ["id" => $pm_id]);
$database->cache->delete("pm-count-{$user->id}");
log_info("pm", "Deleted PM #$pm_id", "PM deleted");

2
ext/pm/theme.php
View file

@ -27,7 +27,7 @@ class PrivMsgTheme extends Themelet
$h_subject = "<b>$h_subject</b>";
$readYN = "N";
}
$hb = $from->can("hellbanned") ? "hb" : "";
$hb = $from->can(Permissions::HELLBANNED) ? "hb" : "";
$html .= "<tr class='$hb'>
<td>$readYN</td>
<td><a href='$pm_url'>$h_subject</a></td>

6
ext/rating/main.php
View file

@ -169,7 +169,7 @@ class Ratings extends Extension
{
global $user;
if ($user->can("bulk_edit_image_rating")) {
if ($user->can(Permissions::BULK_EDIT_IMAGE_RATING)) {
$event->add_action("bulk_rate","Set (R)ating", "r","",$this->theme->get_selection_rater_html("u","bulk_rating"));
}
}
@ -183,7 +183,7 @@ class Ratings extends Extension
if (!isset($_POST['bulk_rating'])) {
return;
}
if ($user->can("bulk_edit_image_rating")) {
if ($user->can(Permissions::BULK_EDIT_IMAGE_RATING)) {
$rating = $_POST['bulk_rating'];
$total = 0;
foreach ($event->items as $image) {
@ -201,7 +201,7 @@ class Ratings extends Extension
global $user, $page;
if ($event->page_matches("admin/bulk_rate")) {
if (!$user->can("bulk_edit_image_rating")) {
if (!$user->can(Permissions::BULK_EDIT_IMAGE_RATING)) {
throw new PermissionDeniedException();
} else {
$n = 0;

12
ext/regen_thumb/main.php
View file

@ -28,14 +28,14 @@ class RegenThumb extends Extension
{
global $database, $page, $user;
if ($event->page_matches("regen_thumb/one") && $user->can("delete_image") && isset($_POST['image_id'])) {
if ($event->page_matches("regen_thumb/one") && $user->can(Permissions::DELETE_IMAGE) && isset($_POST['image_id'])) {
$image = Image::by_id(int_escape($_POST['image_id']));
$this->regenerate_thumbnail($image);
$this->theme->display_results($page, $image);
}
if ($event->page_matches("regen_thumb/mass") && $user->can("delete_image") && isset($_POST['tags'])) {
if ($event->page_matches("regen_thumb/mass") && $user->can(Permissions::DELETE_IMAGE) && isset($_POST['tags'])) {
$tags = Tag::explode(strtolower($_POST['tags']), false);
$images = Image::find_images(0, 10000, $tags);
@ -51,7 +51,7 @@ class RegenThumb extends Extension
public function onImageAdminBlockBuilding(ImageAdminBlockBuildingEvent $event)
{
global $user;
if ($user->can("delete_image")) {
if ($user->can(Permissions::DELETE_IMAGE)) {
$event->add_part($this->theme->get_buttons_html($event->image->id));
}
}
@ -59,7 +59,7 @@ class RegenThumb extends Extension
// public function onPostListBuilding(PostListBuildingEvent $event)
// {
// global $user;
// if ($user->can("delete_image") && !empty($event->search_terms)) {
// if ($user->can(UserAbilities::DELETE_IMAGE) && !empty($event->search_terms)) {
// $event->add_control($this->theme->mtr_html(Tag::implode($event->search_terms)));
// }
// }
@ -68,7 +68,7 @@ class RegenThumb extends Extension
{
global $user;
if ($user->can("delete_image")) {
if ($user->can(Permissions::DELETE_IMAGE)) {
$event->add_action("bulk_regen", "Regen Thumbnails", "","", $this->theme->bulk_html());
}
}
@ -79,7 +79,7 @@ class RegenThumb extends Extension
switch ($event->action) {
case "bulk_regen":
if ($user->can("delete_image")) {
if ($user->can(Permissions::DELETE_IMAGE)) {
$force = true;
if (isset($_POST["bulk_regen_thumb_missing_only"])
&&$_POST["bulk_regen_thumb_missing_only"]=="true") {

12
ext/report_image/main.php
View file

@ -74,7 +74,7 @@ class ReportImage extends Extension
}
} elseif ($event->get_arg(0) == "remove") {
if (!empty($_POST['id'])) {
if ($user->can("view_image_report")) {
if ($user->can(Permissions::VIEW_IMAGE_REPORT)) {
send_event(new RemoveReportedImageEvent($_POST['id']));
$page->set_mode(PageMode::REDIRECT);
$page->set_redirect(make_link("image_report/list"));
@ -83,13 +83,13 @@ class ReportImage extends Extension
$this->theme->display_error(500, "Missing input", "Missing image ID");
}
} elseif ($event->get_arg(0) == "remove_reports_by" && $user->check_auth_token()) {
if ($user->can("view_image_report")) {
if ($user->can(Permissions::VIEW_IMAGE_REPORT)) {
$this->delete_reports_by(int_escape($_POST['user_id']));
$page->set_mode(PageMode::REDIRECT);
$page->set_redirect(make_link());
}
} elseif ($event->get_arg(0) == "list") {
if ($user->can("view_image_report")) {
if ($user->can(Permissions::VIEW_IMAGE_REPORT)) {
$this->theme->display_reported_images($page, $this->get_reported_images());
}
}
@ -118,7 +118,7 @@ class ReportImage extends Extension
public function onUserPageBuilding(UserPageBuildingEvent $event)
{
global $user;
if ($user->can("view_image_report")) {
if ($user->can(Permissions::VIEW_IMAGE_REPORT)) {
$this->theme->get_nuller($event->display_user);
}
}
@ -126,7 +126,7 @@ class ReportImage extends Extension
public function onDisplayingImage(DisplayingImageEvent $event)
{
global $user;
if ($user->can('create_image_report')) {
if ($user->can(Permissions::CREATE_IMAGE_REPORT)) {
$reps = $this->get_reports($event->image);
$this->theme->display_image_banner($event->image, $reps);
}
@ -135,7 +135,7 @@ class ReportImage extends Extension
public function onUserBlockBuilding(UserBlockBuildingEvent $event)
{
global $user;
if ($user->can("view_image_report")) {
if ($user->can(Permissions::VIEW_IMAGE_REPORT)) {
$count = $this->count_reported_images();
$h_count = $count > 0 ? " ($count)" : "";
$event->add_link("Reported Images$h_count", make_link("image_report/list"));

12
ext/rule34/main.php
View file

@ -50,7 +50,7 @@ class Rule34 extends Extension
public function onUserPageBuilding(UserPageBuildingEvent $event)
{
global $database, $user, $config;
if ($user->can("change_setting") && $config->get_bool('r34_comic_integration')) {
if ($user->can(Permissions::CHANGE_SETTING) && $config->get_bool('r34_comic_integration')) {
$current_state = bool_escape($database->get_one("SELECT comic_admin FROM users WHERE id=?", [$event->display_user->id]));
$this->theme->show_comic_changer($event->display_user, $current_state);
}
@ -59,7 +59,7 @@ class Rule34 extends Extension
public function onThumbnailGeneration(ThumbnailGenerationEvent $event)
{
global $database, $user;
if ($user->can("manage_admintools")) {
if ($user->can(Permissions::MANAGE_ADMINTOOLS)) {
$database->execute("NOTIFY shm_image_bans, '{$event->hash}';");
}
}
@ -72,7 +72,7 @@ class Rule34 extends Extension
{
global $database, $page, $user;
if ($user->can("delete_user")) { // deleting users can take a while
if ($user->can(Permissions::DELETE_USER)) { // deleting users can take a while
$database->execute("SET statement_timeout TO ".(DATABASE_TIMEOUT+15000).";");
}
@ -81,7 +81,7 @@ class Rule34 extends Extension
}
if ($event->page_matches("rule34/comic_admin")) {
if ($user->can("change_setting") && $user->check_auth_token()) {
if ($user->can(Permissions::CHANGE_SETTING) && $user->check_auth_token()) {
$input = validate_input([
'user_id' => 'user_id,exists',
'is_admin' => 'bool',
@ -102,7 +102,7 @@ class Rule34 extends Extension
}
if ($event->page_matches("admin/cache_purge")) {
if (!$user->can("manage_admintools")) {
if (!$user->can(Permissions::MANAGE_ADMINTOOLS)) {
$this->theme->display_permission_denied();
} else {
if ($user->check_auth_token()) {
@ -130,7 +130,7 @@ class Rule34 extends Extension
if ($event->page_matches("sys_ip_ban")) {
global $page, $user;
if ($user->can("ban_ip")) {
if ($user->can(Permissions::BAN_IP)) {
if ($event->get_arg(0) == "list") {
$bans = (isset($_GET["all"])) ? $this->get_bans() : $this->get_active_bans();
$this->theme->display_bans($page, $bans);

4
ext/setup/main.php
View file

@ -293,7 +293,7 @@ class Setup extends Extension
}
if ($event->page_matches("setup")) {
if (!$user->can("change_setting")) {
if (!$user->can(Permissions::CHANGE_SETTING)) {
$this->theme->display_permission_denied();
} else {
if ($event->get_arg(0) == "save" && $user->check_auth_token()) {
@ -413,7 +413,7 @@ class Setup extends Extension
public function onUserBlockBuilding(UserBlockBuildingEvent $event)
{
global $user;
if ($user->can("change_setting")) {
if ($user->can(Permissions::CHANGE_SETTING)) {
$event->add_link("Board Config", make_link("setup"));
}
}

6
ext/source_history/main.php
View file

@ -35,13 +35,13 @@ class Source_History extends Extension
if ($event->page_matches("source_history/revert")) {
// this is a request to revert to a previous version of the source
if ($user->can("edit_image_tag")) {
if ($user->can(Permissions::EDIT_IMAGE_TAG)) {
if (isset($_POST['revert'])) {
$this->process_revert_request($_POST['revert']);
}
}
} elseif ($event->page_matches("source_history/bulk_revert")) {
if ($user->can("bulk_edit_image_tag") && $user->check_auth_token()) {
if ($user->can(Permissions::BULK_EDIT_IMAGE_TAG) && $user->check_auth_token()) {
$this->process_bulk_revert_request();
}
} elseif ($event->page_matches("source_history/all")) {
@ -85,7 +85,7 @@ class Source_History extends Extension
public function onUserBlockBuilding(UserBlockBuildingEvent $event)
{
global $user;
if ($user->can("bulk_edit_image_tag")) {
if ($user->can(Permissions::BULK_EDIT_IMAGE_TAG)) {
$event->add_link("Source Changes", make_link("source_history/all/1"));
}
}

4
ext/source_history/theme.php
View file

@ -20,7 +20,7 @@ class Source_HistoryTheme extends Themelet
$current_source = html_escape($fields['source']);
$name = $fields['name'];
$date_set = autodate($fields['date_set']);
$h_ip = $user->can("view_ip") ? " ".show_ip($fields['user_ip'], "Sourcing Image #$image_id as '$current_source'") : "";
$h_ip = $user->can(Permissions::VIEW_IP) ? " ".show_ip($fields['user_ip'], "Sourcing Image #$image_id as '$current_source'") : "";
$setter = "<a href='".make_link("user/".url_escape($name))."'>".html_escape($name)."</a>$h_ip";
$selected = ($n == 2) ? " checked" : "";
@ -72,7 +72,7 @@ class Source_HistoryTheme extends Themelet
$image_id = $fields['image_id'];
$current_source = html_escape($fields['source']);
$name = $fields['name'];
$h_ip = $user->can("view_ip") ? " ".show_ip($fields['user_ip'], "Sourcing Image #$image_id as '$current_source'") : "";
$h_ip = $user->can(Permissions::VIEW_IP) ? " ".show_ip($fields['user_ip'], "Sourcing Image #$image_id as '$current_source'") : "";
$setter = "<a href='".make_link("user/".url_escape($name))."'>".html_escape($name)."</a>$h_ip";
$history_list .= '

22
ext/tag_edit/main.php
View file

@ -161,7 +161,7 @@ class TagEdit extends Extension
global $user, $page;
if ($event->page_matches("tag_edit")) {
if ($event->get_arg(0) == "replace") {
if ($user->can("mass_tag_edit") && isset($_POST['search']) && isset($_POST['replace'])) {
if ($user->can(Permissions::MASS_TAG_EDIT) && isset($_POST['search']) && isset($_POST['replace'])) {
$search = $_POST['search'];
$replace = $_POST['replace'];
$this->mass_tag_edit($search, $replace);
@ -170,7 +170,7 @@ class TagEdit extends Extension
}
}
if ($event->get_arg(0) == "mass_source_set") {
if ($user->can("mass_tag_edit") && isset($_POST['tags']) && isset($_POST['source'])) {
if ($user->can(Permissions::MASS_TAG_EDIT) && isset($_POST['tags']) && isset($_POST['source'])) {
$this->mass_source_edit($_POST['tags'], $_POST['source']);
$page->set_mode(PageMode::REDIRECT);
$page->set_redirect(make_link("post/list"));
@ -182,7 +182,7 @@ class TagEdit extends Extension
// public function onPostListBuilding(PostListBuildingEvent $event)
// {
// global $user;
// if ($user->can("bulk_edit_image_source") && !empty($event->search_terms)) {
// if ($user->can(UserAbilities::BULK_EDIT_IMAGE_SOURCE) && !empty($event->search_terms)) {
// $event->add_control($this->theme->mss_html(Tag::implode($event->search_terms)));
// }
// }
@ -190,7 +190,7 @@ class TagEdit extends Extension
public function onImageInfoSet(ImageInfoSetEvent $event)
{
global $user;
if ($user->can("edit_image_owner") && isset($_POST['tag_edit__owner'])) {
if ($user->can(Permissions::EDIT_IMAGE_OWNER) && isset($_POST['tag_edit__owner'])) {
$owner = User::by_name($_POST['tag_edit__owner']);
if ($owner instanceof User) {
send_event(new OwnerSetEvent($event->image, $owner));
@ -206,7 +206,7 @@ class TagEdit extends Extension
send_event(new SourceSetEvent($event->image, $_POST['tag_edit__source']));
}
}
if ($user->can("edit_image_lock")) {
if ($user->can(Permissions::EDIT_IMAGE_LOCK)) {
$locked = isset($_POST['tag_edit__locked']) && $_POST['tag_edit__locked']=="on";
send_event(new LockSetEvent($event->image, $locked));
}
@ -215,7 +215,7 @@ class TagEdit extends Extension
public function onOwnerSet(OwnerSetEvent $event)
{
global $user;
if ($user->can("edit_image_owner") && (!$event->image->is_locked() || $user->can("edit_image_lock"))) {
if ($user->can(Permissions::EDIT_IMAGE_OWNER) && (!$event->image->is_locked() || $user->can(Permissions::EDIT_IMAGE_LOCK))) {
$event->image->set_owner($event->owner);
}
}
@ -223,7 +223,7 @@ class TagEdit extends Extension
public function onTagSet(TagSetEvent $event)
{
global $user;
if ($user->can("edit_image_tag") && (!$event->image->is_locked() || $user->can("edit_image_lock"))) {
if ($user->can(Permissions::EDIT_IMAGE_TAG) && (!$event->image->is_locked() || $user->can(Permissions::EDIT_IMAGE_LOCK))) {
$event->image->set_tags($event->tags);
}
$event->image->parse_metatags($event->metatags, $event->image->id);
@ -232,7 +232,7 @@ class TagEdit extends Extension
public function onSourceSet(SourceSetEvent $event)
{
global $user;
if ($user->can("edit_image_source") && (!$event->image->is_locked() || $user->can("edit_image_lock"))) {
if ($user->can(Permissions::EDIT_IMAGE_SOURCE) && (!$event->image->is_locked() || $user->can(Permissions::EDIT_IMAGE_LOCK))) {
$event->image->set_source($event->source);
}
}
@ -240,7 +240,7 @@ class TagEdit extends Extension
public function onLockSet(LockSetEvent $event)
{
global $user;
if ($user->can("edit_image_lock")) {
if ($user->can(Permissions::EDIT_IMAGE_LOCK)) {
$event->image->set_locked($event->locked);
}
}
@ -288,13 +288,13 @@ class TagEdit extends Extension
private function can_tag(Image $image): bool
{
global $user;
return ($user->can("edit_image_tag") || !$image->is_locked());
return ($user->can(Permissions::EDIT_IMAGE_TAG) || !$image->is_locked());
}
private function can_source(Image $image): bool
{
global $user;
return ($user->can("edit_image_source") || !$image->is_locked());
return ($user->can(Permissions::EDIT_IMAGE_SOURCE) || !$image->is_locked());
}
private function mass_tag_edit(string $search, string $replace)

10
ext/tag_edit/theme.php
View file

@ -51,7 +51,7 @@ class TagEditTheme extends Themelet
<tr>
<th width='50px'>Tags</th>
<td>
".($user->can("edit_image_tag") ? "
".($user->can(Permissions::EDIT_IMAGE_TAG) ? "
<span class='view'>$h_tag_links</span>
<input class='edit autocomplete_tags' type='text' name='tag_edit__tags' value='$h_tags' id='tag_editor' autocomplete='off'>
" : "
@ -68,12 +68,12 @@ class TagEditTheme extends Themelet
$h_owner = html_escape($image->get_owner()->name);
$h_av = $image->get_owner()->get_avatar_html();
$h_date = autodate($image->posted);
$h_ip = $user->can("view_ip") ? " (".show_ip($image->owner_ip, "Image posted {$image->posted}").")" : "";
$h_ip = $user->can(Permissions::VIEW_IP) ? " (".show_ip($image->owner_ip, "Image posted {$image->posted}").")" : "";
return "
<tr>
<th>Uploader</th>
<td>
".($user->can("edit_image_owner") ? "
".($user->can(Permissions::EDIT_IMAGE_OWNER) ? "
<span class='view'><a class='username' href='".make_link("user/$h_owner")."'>$h_owner</a>$h_ip, $h_date</span>
<input class='edit' type='text' name='tag_edit__owner' value='$h_owner'>
" : "
@ -95,7 +95,7 @@ class TagEditTheme extends Themelet
<tr>
<th>Source</th>
<td>
".($user->can("edit_image_source") ? "
".($user->can(Permissions::EDIT_IMAGE_SOURCE) ? "
<div class='view' style='$style'>$f_source</div>
<input class='edit' type='text' name='tag_edit__source' value='$h_source'>
" : "
@ -132,7 +132,7 @@ class TagEditTheme extends Themelet
<tr>
<th>Locked</th>
<td>
".($user->can("edit_image_lock") ? "
".($user->can(Permissions::EDIT_IMAGE_LOCK) ? "
<span class='view'>$b_locked</span>
<input class='edit' type='checkbox' name='tag_edit__locked'$h_locked>
" : "

2
ext/tag_editcloud/main.php
View file

@ -180,6 +180,6 @@ class TagEditCloud extends Extension
private function can_tag(Image $image): bool
{
global $user;
return ($user->can("edit_image_tag") && (!$image->is_locked() || $user->can("edit_image_lock")));
return ($user->can(Permissions::EDIT_IMAGE_TAG) && (!$image->is_locked() || $user->can(Permissions::EDIT_IMAGE_LOCK)));
}
}

6
ext/tag_history/main.php
View file

@ -35,13 +35,13 @@ class Tag_History extends Extension
if ($event->page_matches("tag_history/revert")) {
// this is a request to revert to a previous version of the tags
if ($user->can("edit_image_tag")) {
if ($user->can(Permissions::EDIT_IMAGE_TAG)) {
if (isset($_POST['revert'])) {
$this->process_revert_request($_POST['revert']);
}
}
} elseif ($event->page_matches("tag_history/bulk_revert")) {
if ($user->can("bulk_edit_image_tag") && $user->check_auth_token()) {
if ($user->can(Permissions::BULK_EDIT_IMAGE_TAG) && $user->check_auth_token()) {
$this->process_bulk_revert_request();
}
} elseif ($event->page_matches("tag_history/all")) {
@ -85,7 +85,7 @@ class Tag_History extends Extension
public function onUserBlockBuilding(UserBlockBuildingEvent $event)
{
global $user;
if ($user->can("bulk_edit_image_tag")) {
if ($user->can(Permissions::BULK_EDIT_IMAGE_TAG)) {
$event->add_link("Tag Changes", make_link("tag_history/all/1"));
}
}

4
ext/tag_history/theme.php
View file

@ -25,7 +25,7 @@ class Tag_HistoryTheme extends Themelet
$current_tags = html_escape($fields['tags']);
$name = $fields['name'];
$date_set = autodate($fields['date_set']);
$h_ip = $user->can("view_ip") ? " ".show_ip($fields['user_ip'], "Tagging Image #$image_id as '$current_tags'") : "";
$h_ip = $user->can(Permissions::VIEW_IP) ? " ".show_ip($fields['user_ip'], "Tagging Image #$image_id as '$current_tags'") : "";
$setter = "<a href='".make_link("user/".url_escape($name))."'>".html_escape($name)."</a>$h_ip";
$selected = ($n == 2) ? " checked" : "";
@ -84,7 +84,7 @@ class Tag_HistoryTheme extends Themelet
$image_id = $fields['image_id'];
$current_tags = html_escape($fields['tags']);
$name = $fields['name'];
$h_ip = $user->can("view_ip") ? " ".show_ip($fields['user_ip'], "Tagging Image #$image_id as '$current_tags'") : "";
$h_ip = $user->can(Permissions::VIEW_IP) ? " ".show_ip($fields['user_ip'], "Tagging Image #$image_id as '$current_tags'") : "";
$setter = "<a href='".make_link("user/".url_escape($name))."'>".html_escape($name)."</a>$h_ip";
$history_list .= '

2
ext/tagger/main.php
View file

@ -12,7 +12,7 @@ class Tagger extends Extension
{
global $page, $user;
if ($user->can("edit_image_tag") && ($event->image->is_locked() || $user->can("edit_image_lock"))) {
if ($user->can(Permissions::EDIT_IMAGE_TAG) && ($event->image->is_locked() || $user->can(Permissions::EDIT_IMAGE_LOCK))) {
$this->theme->build_tagger($page, $event);
}
}

12
ext/trash/main.php
View file

@ -37,7 +37,7 @@ class Trash extends Extension
{
global $page, $user;
if ($event->page_matches("trash_restore") && $user->can("view_trash")) {
if ($event->page_matches("trash_restore") && $user->can(Permissions::VIEW_TRASH)) {
// Try to get the image ID
$image_id = int_escape($event->get_arg(0));
if (empty($image_id)) {
@ -59,7 +59,7 @@ class Trash extends Extension
{
global $user, $page;
if($event->image->trash===true && !$user->can("view_trash")) {
if($event->image->trash===true && !$user->can(Permissions::VIEW_TRASH)) {
$page->set_mode(PageMode::REDIRECT);
$page->set_redirect(make_link("post/list"));
}
@ -87,7 +87,7 @@ class Trash extends Extension
if (preg_match(self::SEARCH_REGEXP, strtolower($event->term), $matches)) {
if($user->can("view_trash")) {
if($user->can(Permissions::VIEW_TRASH)) {
$event->add_querylet(new Querylet($database->scoreql_to_sql("trash = SCORE_BOOL_Y ")));
}
}
@ -114,7 +114,7 @@ class Trash extends Extension
public function onImageAdminBlockBuilding(ImageAdminBlockBuildingEvent $event)
{
global $config, $database, $user;
if($event->image->trash===true && $user->can("view_trash")) {
if($event->image->trash===true && $user->can(Permissions::VIEW_TRASH)) {
$event->add_part($this->theme->get_image_admin_html($event->image->id));
}
}
@ -123,7 +123,7 @@ class Trash extends Extension
{
global $user;
if ($user->can("view_trash")&&in_array("in:trash", $event->search_terms)) {
if ($user->can(Permissions::VIEW_TRASH)&&in_array("in:trash", $event->search_terms)) {
$event->add_action("bulk_trash_restore","(U)ndelete", "u");
}
}
@ -134,7 +134,7 @@ class Trash extends Extension
switch ($event->action) {
case "bulk_trash_restore":
if ($user->can("view_trash")) {
if ($user->can(Permissions::VIEW_TRASH)) {
$total = 0;
foreach ($event->items as $image) {
self::set_trash($image->id, false);

8
ext/upload/main.php
View file

@ -155,7 +155,7 @@ class Upload extends Extension
{
global $database, $page, $user;
if ($user->can("create_image")) {
if ($user->can(Permissions::CREATE_IMAGE)) {
if ($this->is_full) {
$this->theme->display_full($page);
} else {
@ -165,7 +165,7 @@ class Upload extends Extension
if ($event->page_matches("upload/replace")) {
// check if the user is an administrator and can upload files.
if (!$user->can("replace_image")) {
if (!$user->can(Permissions::REPLACE_IMAGE)) {
$this->theme->display_permission_denied();
} else {
if ($this->is_full) {
@ -221,7 +221,7 @@ class Upload extends Extension
}
}
} elseif ($event->page_matches("upload")) {
if (!$user->can("create_image")) {
if (!$user->can(Permissions::CREATE_IMAGE)) {
$this->theme->display_permission_denied();
} else {
/* Regular Upload Image */
@ -371,7 +371,7 @@ class Upload extends Extension
$ok = true;
// Checks if user is admin > check if you want locked.
if ($user->can("edit_image_lock") && !empty($_GET['locked'])) {
if ($user->can(Permissions::EDIT_IMAGE_LOCK) && !empty($_GET['locked'])) {
$locked = bool_escape($_GET['locked']);
}

18
ext/user/main.php
View file

@ -127,7 +127,7 @@ class UserPage extends Extension
$a["name"] = '%' . $_GET['username'] . '%';
}
if ($user->can('delete_user') && @$_GET['email']) {
if ($user->can(Permissions::DELETE_USER) && @$_GET['email']) {
$q .= " AND SCORE_STRNORM(email) LIKE SCORE_STRNORM(:email)";
$a["email"] = '%' . $_GET['email'] . '%';
}
@ -212,7 +212,7 @@ class UserPage extends Extension
global $user, $config;
$h_join_date = autodate($event->display_user->join_date);
if ($event->display_user->can("hellbanned")) {
if ($event->display_user->can(Permissions::HELLBANNED)) {
$h_class = $event->display_user->class->parent->name;
} else {
$h_class = $event->display_user->class->name;
@ -250,7 +250,7 @@ class UserPage extends Extension
$this->theme->display_user_links($page, $user, $ubbe->parts);
}
if (
($user->can("view_ip") || ($user->is_logged_in() && $user->id == $event->display_user->id)) && # admin or self-user
($user->can(Permissions::VIEW_IP) || ($user->is_logged_in() && $user->id == $event->display_user->id)) && # admin or self-user
($event->display_user->id != $config->get_int('anon_id')) # don't show anon's IP list, it is le huge
) {
$this->theme->display_ip_list(
@ -309,7 +309,7 @@ class UserPage extends Extension
{
global $user;
$event->add_link("My Profile", make_link("user"));
if ($user->can("edit_user_class")) {
if ($user->can(Permissions::EDIT_USER_CLASS)) {
$event->add_link("User List", make_link("user_admin/list"), 98);
}
$event->add_link("Log Out", make_link("user_admin/logout"), 99);
@ -337,7 +337,7 @@ class UserPage extends Extension
} elseif (preg_match("/^(?:poster|user)_id[=|:]([0-9]+)$/i", $event->term, $matches)) {
$user_id = int_escape($matches[1]);
$event->add_querylet(new Querylet("images.owner_id = $user_id"));
} elseif ($user->can("view_ip") && preg_match("/^(?:poster|user)_ip[=|:]([0-9\.]+)$/i", $event->term, $matches)) {
} elseif ($user->can(Permissions::VIEW_IP) && preg_match("/^(?:poster|user)_ip[=|:]([0-9\.]+)$/i", $event->term, $matches)) {
$user_ip = $matches[1]; // FIXME: ip_escape?
$event->add_querylet(new Querylet("images.owner_ip = '$user_ip'"));
}
@ -517,8 +517,8 @@ class UserPage extends Extension
if (
($a->name == $b->name) ||
($b->can("protected") && $a->class->name == "admin") ||
(!$b->can("protected") && $a->can("edit_user_info"))
($b->can(Permissions::PROTECTED) && $a->class->name == "admin") ||
(!$b->can(Permissions::PROTECTED) && $a->can(Permissions::EDIT_USER_INFO))
) {
return true;
} else {
@ -544,7 +544,7 @@ class UserPage extends Extension
{
global $user;
if ($user->can('edit_user_name') && $this->user_can_edit_user($user, $duser)) {
if ($user->can(Permissions::EDIT_USER_NAME) && $this->user_can_edit_user($user, $duser)) {
$duser->set_name($name);
flash_message("Username changed");
// TODO: set login cookie if user changed themselves
@ -652,7 +652,7 @@ class UserPage extends Extension
$page->set_heading("Error");
$page->add_block(new NavBlock());
if (!$user->can("delete_user")) {
if (!$user->can(Permissions::DELETE_USER)) {
$page->add_block(new Block("Not Admin", "Only admins can delete accounts"));
} elseif (!isset($_POST['id']) || !is_numeric($_POST['id'])) {
$page->add_block(new Block(

12
ext/user/theme.php
View file

@ -26,7 +26,7 @@ class UserPageTheme extends Themelet
$html .= "<tr>";
$html .= "<td>Name</td>";
if ($user->can('delete_user')) {
if ($user->can(Permissions::DELETE_USER)) {
$html .= "<td>Email</td>";
}
$html .= "<td>Class</td>";
@ -39,7 +39,7 @@ class UserPageTheme extends Themelet
$html .= "<tr>" . make_form("user_admin/list", "GET");
$html .= "<td><input type='text' name='username' value='$h_username'/></td>";
if ($user->can('delete_user')) {
if ($user->can(Permissions::DELETE_USER)) {
$html .= "<td><input type='text' name='email' value='$h_email'/></td>";
}
$html .= "<td><input type='text' name='class' value='$h_class'/></td>";
@ -55,7 +55,7 @@ class UserPageTheme extends Themelet
$html .= "<tr>";
$html .= "<td><a href='$u_link'>$h_name</a></td>";
if ($user->can('delete_user')) {
if ($user->can(Permissions::DELETE_USER)) {
$html .= "<td>$h_email</td>";
}
$html .= "<td>$h_class</td>";
@ -256,7 +256,7 @@ class UserPageTheme extends Themelet
$html = "";
if ($duser->id != $config->get_int('anon_id')) { //justa fool-admin protection so they dont mess around with anon users.
if ($user->can('edit_user_name')) {
if ($user->can(Permissions::EDIT_USER_NAME)) {
$html .= "
<p>".make_form(make_link("user_admin/change_name"))."
<input type='hidden' name='id' value='{$duser->id}'>
@ -298,7 +298,7 @@ class UserPageTheme extends Themelet
$i_user_id = int_escape($duser->id);
if ($user->can("edit_user_class")) {
if ($user->can(Permissions::EDIT_USER_CLASS)) {
global $_shm_user_classes;
$class_html = "";
foreach ($_shm_user_classes as $name => $values) {
@ -319,7 +319,7 @@ class UserPageTheme extends Themelet
";
}
if ($user->can("delete_user")) {
if ($user->can(Permissions::DELETE_USER)) {
$html .= "
<p>".make_form(make_link("user_admin/delete_user"))."
<input type='hidden' name='id' value='$i_user_id'>

4
ext/view/theme.php
View file

@ -81,8 +81,8 @@ class ViewImageTheme extends Themelet
$html .= $part;
}
if (
(!$image->is_locked() || $user->can("edit_image_lock")) &&
$user->can("edit_image_tag")
(!$image->is_locked() || $user->can(Permissions::EDIT_IMAGE_LOCK)) &&
$user->can(Permissions::EDIT_IMAGE_TAG)
) {
$html .= "
<tr><td colspan='4'>

2
ext/wiki/main.php
View file

@ -206,7 +206,7 @@ class Wiki extends Extension
}
// anon / user can edit if allowed by config
if ($user->can("edit_wiki_page")) {
if ($user->can(Permissions::EDIT_WIKI_PAGE)) {
return true;
}

2
themes/danbooru/comment.theme.php
View file

@ -104,7 +104,7 @@ class CustomCommentListTheme extends CommentListTheme
$h_userlink = "<a class='username' href='".make_link("user/$h_name")."'>$h_name</a>";
$h_del = "";
if ($user->can("delete_comment")) {
if ($user->can(Permissions::DELETE_COMMENT)) {
$comment_preview = substr(html_unescape($tfe->stripped), 0, 50);
$j_delete_confirm_message = json_encode("Delete comment by {$comment->owner_name}:\n$comment_preview");
$h_delete_script = html_escape("return confirm($j_delete_confirm_message);");

2
themes/danbooru/view.theme.php
View file

@ -23,7 +23,7 @@ class CustomViewImageTheme extends ViewImageTheme
$h_filesize = to_shorthand_int($image->filesize);
global $user;
if ($user->can("view_ip")) {
if ($user->can(Permissions::VIEW_IP)) {
$h_ownerlink .= " ($h_ip)";
}

2
themes/danbooru2/comment.theme.php
View file

@ -105,7 +105,7 @@ class CustomCommentListTheme extends CommentListTheme
$h_userlink = "<a class='username' href='".make_link("user/$h_name")."'>$h_name</a>";
$h_del = "";
if ($user->can("delete_comment")) {
if ($user->can(Permissions::DELETE_COMMENT)) {
$comment_preview = substr(html_unescape($tfe->stripped), 0, 50);
$j_delete_confirm_message = json_encode("Delete comment by {$comment->owner_name}:\n$comment_preview");
$h_delete_script = html_escape("return confirm($j_delete_confirm_message);");

2
themes/danbooru2/view.theme.php
View file

@ -22,7 +22,7 @@ class CustomViewImageTheme extends ViewImageTheme
$h_filesize = to_shorthand_int($image->filesize);
global $user;
if ($user->can("view_ip")) {
if ($user->can(Permissions::VIEW_IP)) {
$h_ownerlink .= " ($h_ip)";
}

2
themes/futaba/comment.theme.php
View file

@ -78,7 +78,7 @@ class CustomCommentListTheme extends CommentListTheme
$h_userlink = "<a href='".make_link("user/$h_name")."'>$h_name</a>";
$h_date = $comment->posted;
$h_del = "";
if ($user->can("delete_comment")) {
if ($user->can(Permissions::DELETE_COMMENT)) {
$comment_preview = substr(html_unescape($tfe->stripped), 0, 50);
$j_delete_confirm_message = json_encode("Delete comment by {$comment->owner_name}:\n$comment_preview");
$h_delete_script = html_escape("return confirm($j_delete_confirm_message);");

2
themes/lite/view.theme.php
View file

@ -23,7 +23,7 @@ class CustomViewImageTheme extends ViewImageTheme
$h_filesize = to_shorthand_int($image->filesize);
global $user;
if ($user->can("view_ip")) {
if ($user->can(Permissions::VIEW_IP)) {
$h_ownerlink .= " ($h_ip)";
}

4
themes/material/view.theme.php
View file

@ -57,8 +57,8 @@ class CustomViewImageTheme extends ViewImageTheme
$html .= $part;
}
if (
(!$image->is_locked() || $user->can("edit_image_lock")) &&
$user->can("edit_image_tag")
(!$image->is_locked() || $user->can(Permissions::EDIT_IMAGE_LOCK)) &&
$user->can(Permissions::EDIT_IMAGE_TAG)
) {
$html .= "
<tr><td colspan='4'>