badmanners/shimmie2
badmanners/shimmie2
Archived
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Permissions to constants

Browse source
This commit is contained in:
Matthew Barbour 2019-07-09 09:10:21 -05:00 committed by matthew
parent d16dfe24f2
commit cb1e9c0075
57 changed files with 323 additions and 257 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
README.markdown
View file

@ -100,10 +100,10 @@ permissions like so:
```php ```php
new UserClass("anonymous", "base", [ new UserClass("anonymous", "base", [
"create_comment" => True, Permissions::CREATE_COMMENT => True,
"edit_image_tag" => True, Permissions::EDIT_IMAGE_TAG => True,
"edit_image_source" => True, Permissions::EDIT_IMAGE_SOURCE => True,
"create_image_report" => True, Permissions::CREATE_IMAGE_REPORT => True,
]); ]);
``` ```
@ -111,12 +111,12 @@ For a moderator class, being a regular user who can delete images and comments:
```php ```php
new UserClass("moderator", "user", [ new UserClass("moderator", "user", [
"delete_image" => True, Permissions::DELETE_IMAGE => True,
"delete_comment" => True, Permissions::DELETE_COMMENT => True,
]); ]);
``` ```
For a list of permissions, see `core/userclass.php` For a list of permissions, see `core/permissions.php`
# Development Info # Development Info

2
core/imageboard/image.php
View file

@ -129,7 +129,7 @@ class Image
} }
if (SPEED_HAX) { if (SPEED_HAX) {
if (!$user->can("big_search") and count($tags) > 3) { if (!$user->can(Permissions::BIG_SEARCH) and count($tags) > 3) {
throw new SCoreException("Anonymous users may only search for up to 3 tags at a time"); throw new SCoreException("Anonymous users may only search for up to 3 tags at a time");
} }
} }

67
core/permissions.php Normal file
View file

@ -0,0 +1,67 @@
<?php
abstract class Permissions
{
public const CHANGE_SETTING = "change_setting"; # modify web-level settings, eg the config table
public const OVERRIDE_CONFIG = "override_config"; # modify sys-level settings, eg shimmie.conf.php
public const BIG_SEARCH = "big_search"; # search for more than 3 tags at once (speed mode only)
public const MANAGE_EXTENSION_LIST = "manage_extension_list";
public const MANAGE_ALIAS_LIST = "manage_alias_list";
public const MASS_TAG_EDIT = "mass_tag_edit";
public const VIEW_IP = "view_ip"; # view IP addresses associated with things
public const BAN_IP = "ban_ip";
public const EDIT_USER_NAME = "edit_user_name";
public const EDIT_USER_PASSWORD = "edit_user_password";
public const EDIT_USER_INFO = "edit_user_info"; # email address, etc
public const EDIT_USER_CLASS = "edit_user_class";
public const DELETE_USER = "delete_user";
public const CREATE_COMMENT = "create_comment";
public const DELETE_COMMENT = "delete_comment";
public const BYPASS_COMMENT_CHECKS = "bypass_comment_checks"; # spam etc
public const REPLACE_IMAGE = "replace_image";
public const CREATE_IMAGE = "create_image";
public const EDIT_IMAGE_TAG = "edit_image_tag";
public const EDIT_IMAGE_SOURCE = "edit_image_source";
public const EDIT_IMAGE_OWNER = "edit_image_owner";
public const EDIT_IMAGE_LOCK = "edit_image_lock";
public const BULK_EDIT_IMAGE_TAG = "bulk_edit_image_tag";
public const BULK_EDIT_IMAGE_SOURCE = "bulk_edit_image_source";
public const DELETE_IMAGE = "delete_image";
public const BAN_IMAGE = "ban_image";
public const VIEW_EVENTLOG = "view_eventlog";
public const IGNORE_DOWNTIME = "ignore_downtime";
public const CREATE_IMAGE_REPORT = "create_image_report";
public const VIEW_IMAGE_REPORT = "view_image_report"; # deal with reported images
public const EDIT_WIKI_PAGE = "edit_wiki_page";
public const DELETE_WIKI_PAGE = "delete_wiki_page";
public const MANAGE_BLOCKS = "manage_blocks";
public const MANAGE_ADMINTOOLS = "manage_admintools";
public const VIEW_OTHER_PMS = "view_other_pms";
public const EDIT_FEATURE = "edit_feature";
public const BULK_EDIT_VOTE = "bulk_edit_vote";
public const EDIT_OTHER_VOTE = "edit_other_vote";
public const VIEW_SYSINTO = "view_sysinfo";
public const HELLBANNED = "hellbanned";
public const VIEW_HELLBANNED = "view_hellbanned";
public const PROTECTED = "protected"; # only admins can modify protected users (stops a moderator changing an admin's password)
public const EDIT_IMAGE_RATING = "edit_image_rating";
public const BULK_EDIT_IMAGE_RATING = "bulk_edit_image_rating";
public const VIEW_TRASH = "view_trash";
}

197
core/userclass.php
View file

@ -72,134 +72,133 @@ class UserClass
// action = create / view / edit / delete // action = create / view / edit / delete
// object = image / user / tag / setting // object = image / user / tag / setting
new UserClass("base", null, [ new UserClass("base", null, [
"change_setting" => false, # modify web-level settings, eg the config table Permissions::CHANGE_SETTING => false, # modify web-level settings, eg the config table
"override_config" => false, # modify sys-level settings, eg shimmie.conf.php Permissions::OVERRIDE_CONFIG => false, # modify sys-level settings, eg shimmie.conf.php
"big_search" => false, # search for more than 3 tags at once (speed mode only) Permissions::BIG_SEARCH => false, # search for more than 3 tags at once (speed mode only)
"manage_extension_list" => false, Permissions::MANAGE_EXTENSION_LIST => false,
"manage_alias_list" => false, Permissions::MANAGE_ALIAS_LIST => false,
"mass_tag_edit" => false, Permissions::MASS_TAG_EDIT => false,
"view_ip" => false, # view IP addresses associated with things Permissions::VIEW_IP => false, # view IP addresses associated with things
"ban_ip" => false, Permissions::BAN_IP => false,
"edit_user_name" => false, Permissions::EDIT_USER_NAME => false,
"edit_user_password" => false, Permissions::EDIT_USER_PASSWORD => false,
"edit_user_info" => false, # email address, etc Permissions::EDIT_USER_INFO => false, # email address, etc
"edit_user_class" => false, Permissions::EDIT_USER_CLASS => false,
"delete_user" => false, Permissions::DELETE_USER => false,
"create_comment" => false, Permissions::CREATE_COMMENT => false,
"delete_comment" => false, Permissions::DELETE_COMMENT => false,
"bypass_comment_checks" => false, # spam etc Permissions::BYPASS_COMMENT_CHECKS => false, # spam etc
"replace_image" => false, Permissions::REPLACE_IMAGE => false,
"create_image" => false, Permissions::CREATE_IMAGE => false,
"edit_image_tag" => false, Permissions::EDIT_IMAGE_TAG => false,
"edit_image_source" => false, Permissions::EDIT_IMAGE_SOURCE => false,
"edit_image_owner" => false, Permissions::EDIT_IMAGE_OWNER => false,
"edit_image_lock" => false, Permissions::EDIT_IMAGE_LOCK => false,
"bulk_edit_image_tag" => false, Permissions::BULK_EDIT_IMAGE_TAG => false,
"bulk_edit_image_source" => false, Permissions::BULK_EDIT_IMAGE_SOURCE => false,
"delete_image" => false, Permissions::DELETE_IMAGE => false,
"ban_image" => false, Permissions::BAN_IMAGE => false,
"view_eventlog" => false, Permissions::VIEW_EVENTLOG => false,
"ignore_downtime" => false, Permissions::IGNORE_DOWNTIME => false,
"create_image_report" => false, Permissions::CREATE_IMAGE_REPORT => false,
"view_image_report" => false, # deal with reported images Permissions::VIEW_IMAGE_REPORT => false, # deal with reported images
"edit_wiki_page" => false, Permissions::EDIT_WIKI_PAGE => false,
"delete_wiki_page" => false, Permissions::DELETE_WIKI_PAGE => false,
"manage_blocks" => false, Permissions::MANAGE_BLOCKS => false,
"manage_admintools" => false, Permissions::MANAGE_ADMINTOOLS => false,
"view_other_pms" => false, Permissions::VIEW_OTHER_PMS => false,
"edit_feature" => false, Permissions::EDIT_FEATURE => false,
"bulk_edit_vote" => false, Permissions::BULK_EDIT_VOTE => false,
"edit_other_vote" => false, Permissions::EDIT_OTHER_VOTE => false,
"view_sysinfo" => false, Permissions::VIEW_SYSINTO => false,
"hellbanned" => false, Permissions::HELLBANNED => false,
"view_hellbanned" => false, Permissions::VIEW_HELLBANNED => false,
"protected" => false, # only admins can modify protected users (stops a moderator changing an admin's password) Permissions::PROTECTED => false, # only admins can modify protected users (stops a moderator changing an admin's password)
"edit_image_rating" => false, Permissions::EDIT_IMAGE_RATING => false,
"bulk_edit_image_rating" => false, Permissions::BULK_EDIT_IMAGE_RATING => false,
"view_trash" => false, Permissions::VIEW_TRASH => false,
"perform_bulk_actions" => false,
]); ]);
new UserClass("anonymous", "base", [ new UserClass("anonymous", "base", [
]); ]);
new UserClass("user", "base", [ new UserClass("user", "base", [
"big_search" => true, Permissions::BIG_SEARCH => true,
"create_image" => true, Permissions::CREATE_IMAGE => true,
"create_comment" => true, Permissions::CREATE_COMMENT => true,
"edit_image_tag" => true, Permissions::EDIT_IMAGE_TAG => true,
"edit_image_source" => true, Permissions::EDIT_IMAGE_SOURCE => true,
"create_image_report" => true, Permissions::CREATE_IMAGE_REPORT => true,
"edit_image_rating" => true, Permissions::EDIT_IMAGE_RATING => true,
]); ]);
new UserClass("admin", "base", [ new UserClass("admin", "base", [
"change_setting" => true, Permissions::CHANGE_SETTING => true,
"override_config" => true, Permissions::OVERRIDE_CONFIG => true,
"big_search" => true, Permissions::BIG_SEARCH => true,
"edit_image_lock" => true, Permissions::EDIT_IMAGE_LOCK => true,
"view_ip" => true, Permissions::VIEW_IP => true,
"ban_ip" => true, Permissions::BAN_IP => true,
"edit_user_name" => true, Permissions::EDIT_USER_NAME => true,
"edit_user_password" => true, Permissions::EDIT_USER_PASSWORD => true,
"edit_user_info" => true, Permissions::EDIT_USER_INFO => true,
"edit_user_class" => true, Permissions::EDIT_USER_CLASS => true,
"delete_user" => true, Permissions::DELETE_USER => true,
"create_image" => true, Permissions::CREATE_IMAGE => true,
"delete_image" => true, Permissions::DELETE_IMAGE => true,
"ban_image" => true, Permissions::BAN_IMAGE => true,
"create_comment" => true, Permissions::CREATE_COMMENT => true,
"delete_comment" => true, Permissions::DELETE_COMMENT => true,
"bypass_comment_checks" => true, Permissions::BYPASS_COMMENT_CHECKS => true,
"replace_image" => true, Permissions::REPLACE_IMAGE => true,
"manage_extension_list" => true, Permissions::MANAGE_EXTENSION_LIST => true,
"manage_alias_list" => true, Permissions::MANAGE_ALIAS_LIST => true,
"edit_image_tag" => true, Permissions::EDIT_IMAGE_TAG => true,
"edit_image_source" => true, Permissions::EDIT_IMAGE_SOURCE => true,
"edit_image_owner" => true, Permissions::EDIT_IMAGE_OWNER => true,
"bulk_edit_image_tag" => true, Permissions::BULK_EDIT_IMAGE_TAG => true,
"bulk_edit_image_source" => true, Permissions::BULK_EDIT_IMAGE_SOURCE => true,
"mass_tag_edit" => true, Permissions::MASS_TAG_EDIT => true,
"create_image_report" => true, Permissions::CREATE_IMAGE_REPORT => true,
"view_image_report" => true, Permissions::VIEW_IMAGE_REPORT => true,
"edit_wiki_page" => true, Permissions::EDIT_WIKI_PAGE => true,
"delete_wiki_page" => true, Permissions::DELETE_WIKI_PAGE => true,
"view_eventlog" => true, Permissions::VIEW_EVENTLOG => true,
"manage_blocks" => true, Permissions::MANAGE_BLOCKS => true,
"manage_admintools" => true, Permissions::MANAGE_ADMINTOOLS => true,
"ignore_downtime" => true, Permissions::IGNORE_DOWNTIME => true,
"view_other_pms" => true, Permissions::VIEW_OTHER_PMS => true,
"edit_feature" => true, Permissions::EDIT_FEATURE => true,
"bulk_edit_vote" => true, Permissions::BULK_EDIT_VOTE => true,
"edit_other_vote" => true, Permissions::EDIT_OTHER_VOTE => true,
"view_sysinfo" => true, Permissions::VIEW_SYSINTO => true,
"view_hellbanned" => true, Permissions::VIEW_HELLBANNED => true,
"protected" => true, Permissions::PROTECTED => true,
"edit_image_rating" => true, Permissions::EDIT_IMAGE_RATING => true,
"bulk_edit_image_rating" => true, Permissions::BULK_EDIT_IMAGE_RATING => true,
"view_trash" => true, Permissions::VIEW_TRASH => true,
"perform_bulk_actions" => true,
]); ]);
new UserClass("hellbanned", "user", [ new UserClass("hellbanned", "user", [
"hellbanned" => true, Permissions::HELLBANNED => true,
]); ]);
@include_once "data/config/user-classes.conf.php"; @include_once "data/config/user-classes.conf.php";

4
core/util.php
View file

@ -588,8 +588,8 @@ function show_ip(string $ip, string $ban_reason): string
global $user; global $user;
$u_reason = url_escape($ban_reason); $u_reason = url_escape($ban_reason);
$u_end = url_escape("+1 week"); $u_end = url_escape("+1 week");
$ban = $user->can("ban_ip") ? ", <a href='".make_link("ip_ban/list", "ip=$ip&reason=$u_reason&end=$u_end#add")."'>Ban</a>" : ""; $ban = $user->can(Permissions::BAN_IP) ? ", <a href='".make_link("ip_ban/list", "ip=$ip&reason=$u_reason&end=$u_end#add")."'>Ban</a>" : "";
$ip = $user->can("view_ip") ? $ip.$ban : ""; $ip = $user->can(Permissions::VIEW_IP) ? $ip.$ban : "";
return $ip; return $ip;
} }

4
ext/admin/main.php
View file

@ -54,7 +54,7 @@ class AdminPage extends Extension
global $page, $user; global $page, $user;
if ($event->page_matches("admin")) { if ($event->page_matches("admin")) {
if (!$user->can("manage_admintools")) { if (!$user->can(Permissions::MANAGE_ADMINTOOLS)) {
$this->theme->display_permission_denied(); $this->theme->display_permission_denied();
} else { } else {
if ($event->count_args() == 0) { if ($event->count_args() == 0) {
@ -111,7 +111,7 @@ class AdminPage extends Extension
public function onUserBlockBuilding(UserBlockBuildingEvent $event) public function onUserBlockBuilding(UserBlockBuildingEvent $event)
{ {
global $user; global $user;
if ($user->can("manage_admintools")) { if ($user->can(Permissions::MANAGE_ADMINTOOLS)) {
$event->add_link("Board Admin", make_link("admin")); $event->add_link("Board Admin", make_link("admin"));
} }
} }

8
ext/alias_editor/main.php
View file

@ -36,7 +36,7 @@ class AliasEditor extends Extension
if ($event->page_matches("alias")) { if ($event->page_matches("alias")) {
if ($event->get_arg(0) == "add") { if ($event->get_arg(0) == "add") {
if ($user->can("manage_alias_list")) { if ($user->can(Permissions::MANAGE_ALIAS_LIST))) {
if (isset($_POST['oldtag']) && isset($_POST['newtag'])) { if (isset($_POST['oldtag']) && isset($_POST['newtag'])) {
try { try {
$aae = new AddAliasEvent($_POST['oldtag'], $_POST['newtag']); $aae = new AddAliasEvent($_POST['oldtag'], $_POST['newtag']);
@ -49,7 +49,7 @@ class AliasEditor extends Extension
} }
} }
} elseif ($event->get_arg(0) == "remove") { } elseif ($event->get_arg(0) == "remove") {
if ($user->can("manage_alias_list")) { if ($user->can(Permissions::MANAGE_ALIAS_LIST))) {
if (isset($_POST['oldtag'])) { if (isset($_POST['oldtag'])) {
$database->execute("DELETE FROM aliases WHERE oldtag=:oldtag", ["oldtag" => $_POST['oldtag']]); $database->execute("DELETE FROM aliases WHERE oldtag=:oldtag", ["oldtag" => $_POST['oldtag']]);
log_info("alias_editor", "Deleted alias for ".$_POST['oldtag'], "Deleted alias"); log_info("alias_editor", "Deleted alias for ".$_POST['oldtag'], "Deleted alias");
@ -85,7 +85,7 @@ class AliasEditor extends Extension
$page->set_filename("aliases.csv"); $page->set_filename("aliases.csv");
$page->set_data($this->get_alias_csv($database)); $page->set_data($this->get_alias_csv($database));
} elseif ($event->get_arg(0) == "import") { } elseif ($event->get_arg(0) == "import") {
if ($user->can("manage_alias_list")) { if ($user->can(Permissions::MANAGE_ALIAS_LIST)) {
if (count($_FILES) > 0) { if (count($_FILES) > 0) {
$tmp = $_FILES['alias_file']['tmp_name']; $tmp = $_FILES['alias_file']['tmp_name'];
$contents = file_get_contents($tmp); $contents = file_get_contents($tmp);
@ -120,7 +120,7 @@ class AliasEditor extends Extension
public function onUserBlockBuilding(UserBlockBuildingEvent $event) public function onUserBlockBuilding(UserBlockBuildingEvent $event)
{ {
global $user; global $user;
if ($user->can("manage_alias_list")) { if ($user->can(Permissions::MANAGE_ALIAS_LIST)) {
$event->add_link("Alias Editor", make_link("alias/list")); $event->add_link("Alias Editor", make_link("alias/list"));
} }
} }

2
ext/alias_editor/theme.php
View file

@ -11,7 +11,7 @@ class AliasEditorTheme extends Themelet
{ {
global $page, $user; global $page, $user;
$can_manage = $user->can("manage_alias_list"); $can_manage = $user->can(Permissions::MANAGE_ALIAS_LIST);
if ($can_manage) { if ($can_manage) {
$h_action = "<th width='10%'>Action</th>"; $h_action = "<th width='10%'>Action</th>";
$h_add = " $h_add = "

2
ext/ban_words/main.php
View file

@ -58,7 +58,7 @@ xanax
public function onCommentPosting(CommentPostingEvent $event) public function onCommentPosting(CommentPostingEvent $event)
{ {
global $user; global $user;
if (!$user->can("bypass_comment_checks")) { if (!$user->can(Permissions::BYPASS_COMMENT_CHECKS)) {
$this->test_text($event->comment, new CommentPostingException("Comment contains banned terms")); $this->test_text($event->comment, new CommentPostingException("Comment contains banned terms"));
} }
} }

4
ext/blocks/main.php
View file

@ -29,7 +29,7 @@ class Blocks extends Extension
public function onUserBlockBuilding(UserBlockBuildingEvent $event) public function onUserBlockBuilding(UserBlockBuildingEvent $event)
{ {
global $user; global $user;
if ($user->can("manage_blocks")) { if ($user->can(Permissions::MANAGE_BLOCKS)) {
$event->add_link("Blocks Editor", make_link("blocks/list")); $event->add_link("Blocks Editor", make_link("blocks/list"));
} }
} }
@ -52,7 +52,7 @@ class Blocks extends Extension
} }
} }
if ($event->page_matches("blocks") && $user->can("manage_blocks")) { if ($event->page_matches("blocks") && $user->can(Permissions::MANAGE_BLOCKS)) {
if ($event->get_arg(0) == "add") { if ($event->get_arg(0) == "add") {
if ($user->check_auth_token()) { if ($user->check_auth_token()) {
$database->execute(" $database->execute("

12
ext/bulk_actions/main.php
View file

@ -85,11 +85,11 @@ class BulkActions extends Extension
{ {
global $user; global $user;
if ($user->can("delete_image")) { if ($user->can(Permissions::DELETE_IMAGE)) {
$event->add_action("bulk_delete", "(D)elete", "d", "Delete selected images?", $this->theme->render_ban_reason_input(), 10); $event->add_action("bulk_delete", "(D)elete", "d", "Delete selected images?", $this->theme->render_ban_reason_input(), 10);
} }
if ($user->can("bulk_edit_image_tag")) { if ($user->can(Permissions::BULK_EDIT_IMAGE_TAG)) {
$event->add_action( $event->add_action(
"bulk_tag", "bulk_tag",
@ -100,7 +100,7 @@ class BulkActions extends Extension
10); 10);
} }
if ($user->can("bulk_edit_image_source")) { if ($user->can(Permissions::BULK_EDIT_IMAGE_SOURCE)) {
$event->add_action("bulk_source", "Set (S)ource", "s","", $this->theme->render_source_input(), 10); $event->add_action("bulk_source", "Set (S)ource", "s","", $this->theme->render_source_input(), 10);
} }
} }
@ -111,7 +111,7 @@ class BulkActions extends Extension
switch ($event->action) { switch ($event->action) {
case "bulk_delete": case "bulk_delete":
if ($user->can("delete_image")) { if ($user->can(Permissions::DELETE_IMAGE)) {
$i = $this->delete_items($event->items); $i = $this->delete_items($event->items);
flash_message("Deleted $i items"); flash_message("Deleted $i items");
} }
@ -120,7 +120,7 @@ class BulkActions extends Extension
if (!isset($_POST['bulk_tags'])) { if (!isset($_POST['bulk_tags'])) {
return; return;
} }
if ($user->can("bulk_edit_image_tag")) { if ($user->can(Permissions::BULK_EDIT_IMAGE_TAG)) {
$tags = $_POST['bulk_tags']; $tags = $_POST['bulk_tags'];
$replace = false; $replace = false;
if (isset($_POST['bulk_tags_replace']) && $_POST['bulk_tags_replace'] == "true") { if (isset($_POST['bulk_tags_replace']) && $_POST['bulk_tags_replace'] == "true") {
@ -135,7 +135,7 @@ class BulkActions extends Extension
if (!isset($_POST['bulk_source'])) { if (!isset($_POST['bulk_source'])) {
return; return;
} }
if ($user->can("bulk_edit_image_source")) { if ($user->can(Permissions::BULK_EDIT_IMAGE_SOURCE)) {
$source = $_POST['bulk_source']; $source = $_POST['bulk_source'];
$i = $this->set_source($event->items, $source); $i = $this->set_source($event->items, $source);
flash_message("Set source for $i items"); flash_message("Set source for $i items");

12
ext/comment/main.php
View file

@ -189,7 +189,7 @@ class CommentList extends Extension
private function onPageRequest_delete(PageRequestEvent $event) private function onPageRequest_delete(PageRequestEvent $event)
{ {
global $user, $page; global $user, $page;
if ($user->can("delete_comment")) { if ($user->can(Permissions::DELETE_COMMENT)) {
// FIXME: post, not args // FIXME: post, not args
if ($event->count_args() === 3) { if ($event->count_args() === 3) {
send_event(new CommentDeletionEvent($event->get_arg(1))); send_event(new CommentDeletionEvent($event->get_arg(1)));
@ -209,7 +209,7 @@ class CommentList extends Extension
private function onPageRequest_bulk_delete() private function onPageRequest_bulk_delete()
{ {
global $user, $database, $page; global $user, $database, $page;
if ($user->can("delete_comment") && !empty($_POST["ip"])) { if ($user->can(Permissions::DELETE_COMMENT) && !empty($_POST["ip"])) {
$ip = $_POST['ip']; $ip = $_POST['ip'];
$comment_ids = $database->get_col(" $comment_ids = $database->get_col("
@ -288,7 +288,7 @@ class CommentList extends Extension
$this->theme->display_image_comments( $this->theme->display_image_comments(
$event->image, $event->image,
$this->get_comments($event->image->id), $this->get_comments($event->image->id),
$user->can("create_comment") $user->can(Permissions::CREATE_COMMENT)
); );
} }
@ -399,7 +399,7 @@ class CommentList extends Extension
} }
} }
$this->theme->display_comment_list($images, $current_page, $total_pages, $user->can("create_comment")); $this->theme->display_comment_list($images, $current_page, $total_pages, $user->can(Permissions::CREATE_COMMENT));
} }
// }}} // }}}
@ -574,7 +574,7 @@ class CommentList extends Extension
{ {
global $database, $page; global $database, $page;
if (!$user->can("bypass_comment_checks")) { if (!$user->can(Permissions::BYPASS_COMMENT_CHECKS)) {
// will raise an exception if anything is wrong // will raise an exception if anything is wrong
$this->comment_checks($image_id, $user, $comment); $this->comment_checks($image_id, $user, $comment);
} }
@ -600,7 +600,7 @@ class CommentList extends Extension
global $config, $page; global $config, $page;
// basic sanity checks // basic sanity checks
if (!$user->can("create_comment")) { if (!$user->can(Permissions::CREATE_COMMENT)) {
throw new CommentPostingException("Anonymous posting has been disabled"); throw new CommentPostingException("Anonymous posting has been disabled");
} elseif (is_null(Image::by_id($image_id))) { } elseif (is_null(Image::by_id($image_id))) {
throw new CommentPostingException("The image does not exist"); throw new CommentPostingException("The image does not exist");

8
ext/comment/theme.php
View file

@ -218,9 +218,9 @@ class CommentListTheme extends Themelet
if (!array_key_exists($comment->poster_ip, $this->anon_map)) { if (!array_key_exists($comment->poster_ip, $this->anon_map)) {
$this->anon_map[$comment->poster_ip] = $this->anon_id; $this->anon_map[$comment->poster_ip] = $this->anon_id;
} }
#if($user->can("view_ip")) { #if($user->can(UserAbilities::VIEW_IP)) {
#$style = " style='color: ".$this->get_anon_colour($comment->poster_ip).";'"; #$style = " style='color: ".$this->get_anon_colour($comment->poster_ip).";'";
if ($user->can("view_ip") || $config->get_bool("comment_samefags_public", false)) { if ($user->can(Permissions::VIEW_IP) || $config->get_bool("comment_samefags_public", false)) {
if ($this->anon_map[$comment->poster_ip] != $this->anon_id) { if ($this->anon_map[$comment->poster_ip] != $this->anon_id) {
$anoncode2 = '<sup>('.$this->anon_map[$comment->poster_ip].')</sup>'; $anoncode2 = '<sup>('.$this->anon_map[$comment->poster_ip].')</sup>';
} }
@ -248,9 +248,9 @@ class CommentListTheme extends Themelet
$h_avatar = "<img src=\"//www.gravatar.com/avatar/$hash.jpg?cacheBreak=$cb\"><br>"; $h_avatar = "<img src=\"//www.gravatar.com/avatar/$hash.jpg?cacheBreak=$cb\"><br>";
} }
$h_reply = " - <a href='javascript: replyTo($i_image_id, $i_comment_id, \"$h_name\")'>Reply</a>"; $h_reply = " - <a href='javascript: replyTo($i_image_id, $i_comment_id, \"$h_name\")'>Reply</a>";
$h_ip = $user->can("view_ip") ? "<br>".show_ip($comment->poster_ip, "Comment posted {$comment->posted}") : ""; $h_ip = $user->can(Permissions::VIEW_IP) ? "<br>".show_ip($comment->poster_ip, "Comment posted {$comment->posted}") : "";
$h_del = ""; $h_del = "";
if ($user->can("delete_comment")) { if ($user->can(Permissions::DELETE_COMMENT)) {
$comment_preview = substr(html_unescape($tfe->stripped), 0, 50); $comment_preview = substr(html_unescape($tfe->stripped), 0, 50);
$j_delete_confirm_message = json_encode("Delete comment by {$comment->owner_name}:\n$comment_preview"); $j_delete_confirm_message = json_encode("Delete comment by {$comment->owner_name}:\n$comment_preview");
$h_delete_script = html_escape("return confirm($j_delete_confirm_message);"); $h_delete_script = html_escape("return confirm($j_delete_confirm_message);");

2
ext/danbooru_api/main.php
View file

@ -297,7 +297,7 @@ class DanbooruApi extends Extension
// Now we check if a file was uploaded or a url was provided to transload // Now we check if a file was uploaded or a url was provided to transload
// Much of this code is borrowed from /ext/upload // Much of this code is borrowed from /ext/upload
if (!$user->can("create_image")) { if (!$user->can(Permissions::CREATE_IMAGE)) {
$page->set_code(409); $page->set_code(409);
$page->add_http_header("X-Danbooru-Errors: authentication error"); $page->add_http_header("X-Danbooru-Errors: authentication error");
return; return;

2
ext/downtime/main.php
View file

@ -32,7 +32,7 @@ class Downtime extends Extension
global $config, $page, $user; global $config, $page, $user;
if ($config->get_bool("downtime")) { if ($config->get_bool("downtime")) {
if (!$user->can("ignore_downtime") && !$this->is_safe_page($event)) { if (!$user->can(Permissions::IGNORE_DOWNTIME) && !$this->is_safe_page($event)) {
$msg = $config->get_string("downtime_message"); $msg = $config->get_string("downtime_message");
$this->theme->display_message($msg); $this->theme->display_message($msg);
if (!defined("UNITTEST")) { // hax D: if (!defined("UNITTEST")) { // hax D:

4
ext/et/main.php
View file

@ -18,7 +18,7 @@ class ET extends Extension
{ {
global $user; global $user;
if ($event->page_matches("system_info")) { if ($event->page_matches("system_info")) {
if ($user->can("view_sysinfo")) { if ($user->can(Permissions::VIEW_SYSINTO)) {
$this->theme->display_info_page($this->get_info()); $this->theme->display_info_page($this->get_info());
} }
} }
@ -27,7 +27,7 @@ class ET extends Extension
public function onUserBlockBuilding(UserBlockBuildingEvent $event) public function onUserBlockBuilding(UserBlockBuildingEvent $event)
{ {
global $user; global $user;
if ($user->can("view_sysinfo")) { if ($user->can(Permissions::VIEW_SYSINTO)) {
$event->add_link("System Info", make_link("system_info")); $event->add_link("System Info", make_link("system_info"));
} }
} }

4
ext/ext_manager/main.php
View file

@ -118,7 +118,7 @@ class ExtManager extends Extension
{ {
global $page, $user; global $page, $user;
if ($event->page_matches("ext_manager")) { if ($event->page_matches("ext_manager")) {
if ($user->can("manage_extension_list")) { if ($user->can(Permissions::MANAGE_EXTENSION_LIST)) {
if ($event->get_arg(0) == "set" && $user->check_auth_token()) { if ($event->get_arg(0) == "set" && $user->check_auth_token()) {
if (is_writable("data/config")) { if (is_writable("data/config")) {
$this->set_things($_POST); $this->set_things($_POST);
@ -166,7 +166,7 @@ class ExtManager extends Extension
public function onUserBlockBuilding(UserBlockBuildingEvent $event) public function onUserBlockBuilding(UserBlockBuildingEvent $event)
{ {
global $user; global $user;
if ($user->can("manage_extension_list")) { if ($user->can(Permissions::MANAGE_EXTENSION_LIST)) {
$event->add_link("Extension Manager", make_link("ext_manager")); $event->add_link("Extension Manager", make_link("ext_manager"));
} else { } else {
$event->add_link("Help", make_link("ext_doc")); $event->add_link("Help", make_link("ext_doc"));

4
ext/featured/main.php
View file

@ -32,7 +32,7 @@ class Featured extends Extension
global $config, $page, $user; global $config, $page, $user;
if ($event->page_matches("featured_image")) { if ($event->page_matches("featured_image")) {
if ($event->get_arg(0) == "set" && $user->check_auth_token()) { if ($event->get_arg(0) == "set" && $user->check_auth_token()) {
if ($user->can("edit_feature") && isset($_POST['image_id'])) { if ($user->can(Permissions::EDIT_FEATURE) && isset($_POST['image_id'])) {
$id = int_escape($_POST['image_id']); $id = int_escape($_POST['image_id']);
if ($id > 0) { if ($id > 0) {
$config->set_int("featured_id", $id); $config->set_int("featured_id", $id);
@ -86,7 +86,7 @@ class Featured extends Extension
public function onImageAdminBlockBuilding(ImageAdminBlockBuildingEvent $event) public function onImageAdminBlockBuilding(ImageAdminBlockBuildingEvent $event)
{ {
global $user; global $user;
if ($user->can("edit_feature")) { if ($user->can(Permissions::EDIT_FEATURE)) {
$event->add_part($this->theme->get_buttons_html($event->image->id)); $event->add_part($this->theme->get_buttons_html($event->image->id));
} }
} }

4
ext/hellban/main.php
View file

@ -9,9 +9,9 @@ class HellBan extends Extension
{ {
global $page, $user; global $page, $user;
if ($user->can("hellbanned")) { if ($user->can(Permissions::HELLBANNED)) {
$s = ""; $s = "";
} elseif ($user->can("view_hellbanned")) { } elseif ($user->can(Permissions::VIEW_HELLBANNED)) {
$s = "DIV.hb, TR.hb TD {border: 1px solid red !important;}"; $s = "DIV.hb, TR.hb TD {border: 1px solid red !important;}";
} else { } else {
$s = ".hb {display: none !important;}"; $s = ".hb {display: none !important;}";

8
ext/image/main.php
View file

@ -73,7 +73,7 @@ class ImageIO extends Extension
{ {
if ($event->page_matches("image/delete")) { if ($event->page_matches("image/delete")) {
global $page, $user; global $page, $user;
if ($user->can("delete_image") && isset($_POST['image_id']) && $user->check_auth_token()) { if ($user->can(Permissions::DELETE_IMAGE) && isset($_POST['image_id']) && $user->check_auth_token()) {
$image = Image::by_id($_POST['image_id']); $image = Image::by_id($_POST['image_id']);
if ($image) { if ($image) {
send_event(new ImageDeletionEvent($image)); send_event(new ImageDeletionEvent($image));
@ -87,7 +87,7 @@ class ImageIO extends Extension
} }
} elseif ($event->page_matches("image/replace")) { } elseif ($event->page_matches("image/replace")) {
global $page, $user; global $page, $user;
if ($user->can("replace_image") && isset($_POST['image_id']) && $user->check_auth_token()) { if ($user->can(Permissions::REPLACE_IMAGE) && isset($_POST['image_id']) && $user->check_auth_token()) {
$image = Image::by_id($_POST['image_id']); $image = Image::by_id($_POST['image_id']);
if ($image) { if ($image) {
$page->set_mode(PageMode::REDIRECT); $page->set_mode(PageMode::REDIRECT);
@ -110,11 +110,11 @@ class ImageIO extends Extension
{ {
global $user; global $user;
if ($user->can("delete_image")) { if ($user->can(Permissions::DELETE_IMAGE)) {
$event->add_part($this->theme->get_deleter_html($event->image->id)); $event->add_part($this->theme->get_deleter_html($event->image->id));
} }
/* In the future, could perhaps allow users to replace images that they own as well... */ /* In the future, could perhaps allow users to replace images that they own as well... */
if ($user->can("replace_image")) { if ($user->can(Permissions::REPLACE_IMAGE)) {
$event->add_part($this->theme->get_replace_html($event->image->id)); $event->add_part($this->theme->get_replace_html($event->image->id));
} }
} }

6
ext/image_hash_ban/main.php
View file

@ -64,7 +64,7 @@ class ImageBan extends Extension
global $database, $page, $user; global $database, $page, $user;
if ($event->page_matches("image_hash_ban")) { if ($event->page_matches("image_hash_ban")) {
if ($user->can("ban_image")) { if ($user->can(Permissions::BAN_IMAGE)) {
if ($event->get_arg(0) == "add") { if ($event->get_arg(0) == "add") {
$image = isset($_POST['image_id']) ? Image::by_id(int_escape($_POST['image_id'])) : null; $image = isset($_POST['image_id']) ? Image::by_id(int_escape($_POST['image_id'])) : null;
$hash = isset($_POST["hash"]) ? $_POST["hash"] : $image->hash; $hash = isset($_POST["hash"]) ? $_POST["hash"] : $image->hash;
@ -106,7 +106,7 @@ class ImageBan extends Extension
public function onUserBlockBuilding(UserBlockBuildingEvent $event) public function onUserBlockBuilding(UserBlockBuildingEvent $event)
{ {
global $user; global $user;
if ($user->can("ban_image")) { if ($user->can(Permissions::BAN_IMAGE)) {
$event->add_link("Image Bans", make_link("image_hash_ban/list/1")); $event->add_link("Image Bans", make_link("image_hash_ban/list/1"));
} }
} }
@ -130,7 +130,7 @@ class ImageBan extends Extension
public function onImageAdminBlockBuilding(ImageAdminBlockBuildingEvent $event) public function onImageAdminBlockBuilding(ImageAdminBlockBuildingEvent $event)
{ {
global $user; global $user;
if ($user->can("ban_image")) { if ($user->can(Permissions::BAN_IMAGE)) {
$event->add_part($this->theme->get_buttons_html($event->image)); $event->add_part($this->theme->get_buttons_html($event->image));
} }
} }

4
ext/ipban/main.php
View file

@ -66,7 +66,7 @@ class IPBan extends Extension
{ {
if ($event->page_matches("ip_ban")) { if ($event->page_matches("ip_ban")) {
global $page, $user; global $page, $user;
if ($user->can("ban_ip")) { if ($user->can(Permissions::BAN_IP)) {
if ($event->get_arg(0) == "add" && $user->check_auth_token()) { if ($event->get_arg(0) == "add" && $user->check_auth_token()) {
if (isset($_POST['ip']) && isset($_POST['reason']) && isset($_POST['end'])) { if (isset($_POST['ip']) && isset($_POST['reason']) && isset($_POST['end'])) {
if (empty($_POST['end'])) { if (empty($_POST['end'])) {
@ -108,7 +108,7 @@ class IPBan extends Extension
public function onUserBlockBuilding(UserBlockBuildingEvent $event) public function onUserBlockBuilding(UserBlockBuildingEvent $event)
{ {
global $user; global $user;
if ($user->can("ban_ip")) { if ($user->can(Permissions::BAN_IP)) {
$event->add_link("IP Bans", make_link("ip_ban/list")); $event->add_link("IP Bans", make_link("ip_ban/list"));
} }
} }

4
ext/log_db/main.php
View file

@ -48,7 +48,7 @@ class LogDatabase extends Extension
{ {
global $database, $user; global $database, $user;
if ($event->page_matches("log/view")) { if ($event->page_matches("log/view")) {
if ($user->can("view_eventlog")) { if ($user->can(Permissions::VIEW_EVENTLOG)) {
$wheres = []; $wheres = [];
$args = []; $args = [];
$page_num = int_escape($event->get_arg(0)); $page_num = int_escape($event->get_arg(0));
@ -123,7 +123,7 @@ class LogDatabase extends Extension
public function onUserBlockBuilding(UserBlockBuildingEvent $event) public function onUserBlockBuilding(UserBlockBuildingEvent $event)
{ {
global $user; global $user;
if ($user->can("view_eventlog")) { if ($user->can(Permissions::VIEW_EVENTLOG)) {
$event->add_link("Event Log", make_link("log/view")); $event->add_link("Event Log", make_link("log/view"));
} }
} }

2
ext/media/main.php
View file

@ -316,7 +316,7 @@ class Media extends Extension
public function onImageAdminBlockBuilding(ImageAdminBlockBuildingEvent $event) public function onImageAdminBlockBuilding(ImageAdminBlockBuildingEvent $event)
{ {
global $user; global $user;
if ($user->can("delete_image")) { if ($user->can(Permissions::DELETE_IMAGE)) {
$event->add_part($this->theme->get_buttons_html($event->image->id)); $event->add_part($this->theme->get_buttons_html($event->image->id));
} }
} }

4
ext/not_a_tag/main.php
View file

@ -61,7 +61,7 @@ class NotATag extends Extension
public function onUserBlockBuilding(UserBlockBuildingEvent $event) public function onUserBlockBuilding(UserBlockBuildingEvent $event)
{ {
global $user; global $user;
if ($user->can("ban_image")) { if ($user->can(Permissions::BAN_IMAGE)) {
$event->add_link("UnTags", make_link("untag/list/1")); $event->add_link("UnTags", make_link("untag/list/1"));
} }
} }
@ -71,7 +71,7 @@ class NotATag extends Extension
global $database, $page, $user; global $database, $page, $user;
if ($event->page_matches("untag")) { if ($event->page_matches("untag")) {
if ($user->can("ban_image")) { if ($user->can(Permissions::BAN_IMAGE)) {
if ($event->get_arg(0) == "add") { if ($event->get_arg(0) == "add") {
$tag = $_POST["tag"]; $tag = $_POST["tag"];
$redirect = isset($_POST['redirect']) ? $_POST['redirect'] : "DNP"; $redirect = isset($_POST['redirect']) ? $_POST['redirect'] : "DNP";

6
ext/numeric_score/main.php
View file

@ -45,7 +45,7 @@ class NumericScore extends Extension
public function onUserPageBuilding(UserPageBuildingEvent $event) public function onUserPageBuilding(UserPageBuildingEvent $event)
{ {
global $user; global $user;
if ($user->can("edit_other_vote")) { if ($user->can(Permissions::EDIT_OTHER_VOTE)) {
$this->theme->get_nuller($event->display_user); $this->theme->get_nuller($event->display_user);
} }
@ -98,7 +98,7 @@ class NumericScore extends Extension
$page->set_redirect(make_link("post/view/$image_id")); $page->set_redirect(make_link("post/view/$image_id"));
} }
} elseif ($event->page_matches("numeric_score/remove_votes_on") && $user->check_auth_token()) { } elseif ($event->page_matches("numeric_score/remove_votes_on") && $user->check_auth_token()) {
if ($user->can("edit_other_vote")) { if ($user->can(Permissions::EDIT_OTHER_VOTE)) {
$image_id = int_escape($_POST['image_id']); $image_id = int_escape($_POST['image_id']);
$database->execute( $database->execute(
"DELETE FROM numeric_score_votes WHERE image_id=?", "DELETE FROM numeric_score_votes WHERE image_id=?",
@ -112,7 +112,7 @@ class NumericScore extends Extension
$page->set_redirect(make_link("post/view/$image_id")); $page->set_redirect(make_link("post/view/$image_id"));
} }
} elseif ($event->page_matches("numeric_score/remove_votes_by") && $user->check_auth_token()) { } elseif ($event->page_matches("numeric_score/remove_votes_by") && $user->check_auth_token()) {
if ($user->can("edit_other_vote")) { if ($user->can(Permissions::EDIT_OTHER_VOTE)) {
$this->delete_votes_by(int_escape($_POST['user_id'])); $this->delete_votes_by(int_escape($_POST['user_id']));
$page->set_mode(PageMode::REDIRECT); $page->set_mode(PageMode::REDIRECT);
$page->set_redirect(make_link()); $page->set_redirect(make_link());

2
ext/numeric_score/theme.php
View file

@ -32,7 +32,7 @@ class NumericScoreTheme extends Themelet
<input type='submit' value='Vote Down'> <input type='submit' value='Vote Down'>
</form> </form>
"; ";
if ($user->can("edit_other_vote")) { if ($user->can(Permissions::EDIT_OTHER_VOTE)) {
$html .= " $html .= "
<form action='".make_link("numeric_score/remove_votes_on")."' method='POST'> <form action='".make_link("numeric_score/remove_votes_on")."' method='POST'>
".$user->get_auth_html()." ".$user->get_auth_html()."

4
ext/oekaki/main.php
View file

@ -12,7 +12,7 @@ class Oekaki extends Extension
global $user, $page; global $user, $page;
if ($event->page_matches("oekaki")) { if ($event->page_matches("oekaki")) {
if ($user->can("create_image")) { if ($user->can(Permissions::CREATE_IMAGE)) {
if ($event->get_arg(0) == "create") { if ($event->get_arg(0) == "create") {
$this->theme->display_page(); $this->theme->display_page();
$this->theme->display_block(); $this->theme->display_block();
@ -84,7 +84,7 @@ class Oekaki extends Extension
public function onPostListBuilding(PostListBuildingEvent $event) public function onPostListBuilding(PostListBuildingEvent $event)
{ {
global $user; global $user;
if ($user->can("create_image")) { if ($user->can(Permissions::CREATE_IMAGE)) {
$this->theme->display_block(); $this->theme->display_block();
} }
} }

2
ext/ouroboros_api/main.php
View file

@ -410,7 +410,7 @@ class OuroborosAPI extends Extension
if ($event->page_matches('post')) { if ($event->page_matches('post')) {
if ($this->match('create')) { if ($this->match('create')) {
// Create // Create
if ($user->can("create_image")) { if ($user->can(Permissions::CREATE_IMAGE)) {
$md5 = !empty($_REQUEST['md5']) ? filter_var($_REQUEST['md5'], FILTER_SANITIZE_STRING) : null; $md5 = !empty($_REQUEST['md5']) ? filter_var($_REQUEST['md5'], FILTER_SANITIZE_STRING) : null;
$this->postCreate(new OuroborosPost($_REQUEST['post']), $md5); $this->postCreate(new OuroborosPost($_REQUEST['post']), $md5);
} else { } else {

6
ext/pm/main.php
View file

@ -108,7 +108,7 @@ class PrivMsg extends Extension
global $page, $user; global $page, $user;
$duser = $event->display_user; $duser = $event->display_user;
if (!$user->is_anonymous() && !$duser->is_anonymous()) { if (!$user->is_anonymous() && !$duser->is_anonymous()) {
if (($user->id == $duser->id) || $user->can("view_other_pms")) { if (($user->id == $duser->id) || $user->can(Permissions::VIEW_OTHER_PMS)) {
$this->theme->display_pms($page, $this->get_pms($duser)); $this->theme->display_pms($page, $this->get_pms($duser));
} }
if ($user->id != $duser->id) { if ($user->id != $duser->id) {
@ -128,7 +128,7 @@ class PrivMsg extends Extension
$pm = $database->get_row("SELECT * FROM private_message WHERE id = :id", ["id" => $pm_id]); $pm = $database->get_row("SELECT * FROM private_message WHERE id = :id", ["id" => $pm_id]);
if (is_null($pm)) { if (is_null($pm)) {
$this->theme->display_error(404, "No such PM", "There is no PM #$pm_id"); $this->theme->display_error(404, "No such PM", "There is no PM #$pm_id");
} elseif (($pm["to_id"] == $user->id) || $user->can("view_other_pms")) { } elseif (($pm["to_id"] == $user->id) || $user->can(Permissions::VIEW_OTHER_PMS)) {
$from_user = User::by_id(int_escape($pm["from_id"])); $from_user = User::by_id(int_escape($pm["from_id"]));
if ($pm["to_id"] == $user->id) { if ($pm["to_id"] == $user->id) {
$database->execute("UPDATE private_message SET is_read='Y' WHERE id = :id", ["id" => $pm_id]); $database->execute("UPDATE private_message SET is_read='Y' WHERE id = :id", ["id" => $pm_id]);
@ -145,7 +145,7 @@ class PrivMsg extends Extension
$pm = $database->get_row("SELECT * FROM private_message WHERE id = :id", ["id" => $pm_id]); $pm = $database->get_row("SELECT * FROM private_message WHERE id = :id", ["id" => $pm_id]);
if (is_null($pm)) { if (is_null($pm)) {
$this->theme->display_error(404, "No such PM", "There is no PM #$pm_id"); $this->theme->display_error(404, "No such PM", "There is no PM #$pm_id");
} elseif (($pm["to_id"] == $user->id) || $user->can("view_other_pms")) { } elseif (($pm["to_id"] == $user->id) || $user->can(Permissions::VIEW_OTHER_PMS)) {
$database->execute("DELETE FROM private_message WHERE id = :id", ["id" => $pm_id]); $database->execute("DELETE FROM private_message WHERE id = :id", ["id" => $pm_id]);
$database->cache->delete("pm-count-{$user->id}"); $database->cache->delete("pm-count-{$user->id}");
log_info("pm", "Deleted PM #$pm_id", "PM deleted"); log_info("pm", "Deleted PM #$pm_id", "PM deleted");

2
ext/pm/theme.php
View file

@ -27,7 +27,7 @@ class PrivMsgTheme extends Themelet
$h_subject = "<b>$h_subject</b>"; $h_subject = "<b>$h_subject</b>";
$readYN = "N"; $readYN = "N";
} }
$hb = $from->can("hellbanned") ? "hb" : ""; $hb = $from->can(Permissions::HELLBANNED) ? "hb" : "";
$html .= "<tr class='$hb'> $html .= "<tr class='$hb'>
<td>$readYN</td> <td>$readYN</td>
<td><a href='$pm_url'>$h_subject</a></td> <td><a href='$pm_url'>$h_subject</a></td>

6
ext/rating/main.php
View file

@ -169,7 +169,7 @@ class Ratings extends Extension
{ {
global $user; global $user;
if ($user->can("bulk_edit_image_rating")) { if ($user->can(Permissions::BULK_EDIT_IMAGE_RATING)) {
$event->add_action("bulk_rate","Set (R)ating", "r","",$this->theme->get_selection_rater_html("u","bulk_rating")); $event->add_action("bulk_rate","Set (R)ating", "r","",$this->theme->get_selection_rater_html("u","bulk_rating"));
} }
} }
@ -183,7 +183,7 @@ class Ratings extends Extension
if (!isset($_POST['bulk_rating'])) { if (!isset($_POST['bulk_rating'])) {
return; return;
} }
if ($user->can("bulk_edit_image_rating")) { if ($user->can(Permissions::BULK_EDIT_IMAGE_RATING)) {
$rating = $_POST['bulk_rating']; $rating = $_POST['bulk_rating'];
$total = 0; $total = 0;
foreach ($event->items as $image) { foreach ($event->items as $image) {
@ -201,7 +201,7 @@ class Ratings extends Extension
global $user, $page; global $user, $page;
if ($event->page_matches("admin/bulk_rate")) { if ($event->page_matches("admin/bulk_rate")) {
if (!$user->can("bulk_edit_image_rating")) { if (!$user->can(Permissions::BULK_EDIT_IMAGE_RATING)) {
throw new PermissionDeniedException(); throw new PermissionDeniedException();
} else { } else {
$n = 0; $n = 0;

12
ext/regen_thumb/main.php
View file

@ -28,14 +28,14 @@ class RegenThumb extends Extension
{ {
global $database, $page, $user; global $database, $page, $user;
if ($event->page_matches("regen_thumb/one") && $user->can("delete_image") && isset($_POST['image_id'])) { if ($event->page_matches("regen_thumb/one") && $user->can(Permissions::DELETE_IMAGE) && isset($_POST['image_id'])) {
$image = Image::by_id(int_escape($_POST['image_id'])); $image = Image::by_id(int_escape($_POST['image_id']));
$this->regenerate_thumbnail($image); $this->regenerate_thumbnail($image);
$this->theme->display_results($page, $image); $this->theme->display_results($page, $image);
} }
if ($event->page_matches("regen_thumb/mass") && $user->can("delete_image") && isset($_POST['tags'])) { if ($event->page_matches("regen_thumb/mass") && $user->can(Permissions::DELETE_IMAGE) && isset($_POST['tags'])) {
$tags = Tag::explode(strtolower($_POST['tags']), false); $tags = Tag::explode(strtolower($_POST['tags']), false);
$images = Image::find_images(0, 10000, $tags); $images = Image::find_images(0, 10000, $tags);
@ -51,7 +51,7 @@ class RegenThumb extends Extension
public function onImageAdminBlockBuilding(ImageAdminBlockBuildingEvent $event) public function onImageAdminBlockBuilding(ImageAdminBlockBuildingEvent $event)
{ {
global $user; global $user;
if ($user->can("delete_image")) { if ($user->can(Permissions::DELETE_IMAGE)) {
$event->add_part($this->theme->get_buttons_html($event->image->id)); $event->add_part($this->theme->get_buttons_html($event->image->id));
} }
} }
@ -59,7 +59,7 @@ class RegenThumb extends Extension
// public function onPostListBuilding(PostListBuildingEvent $event) // public function onPostListBuilding(PostListBuildingEvent $event)
// { // {
// global $user; // global $user;
// if ($user->can("delete_image") && !empty($event->search_terms)) { // if ($user->can(UserAbilities::DELETE_IMAGE) && !empty($event->search_terms)) {
// $event->add_control($this->theme->mtr_html(Tag::implode($event->search_terms))); // $event->add_control($this->theme->mtr_html(Tag::implode($event->search_terms)));
// } // }
// } // }
@ -68,7 +68,7 @@ class RegenThumb extends Extension
{ {
global $user; global $user;
if ($user->can("delete_image")) { if ($user->can(Permissions::DELETE_IMAGE)) {
$event->add_action("bulk_regen", "Regen Thumbnails", "","", $this->theme->bulk_html()); $event->add_action("bulk_regen", "Regen Thumbnails", "","", $this->theme->bulk_html());
} }
} }
@ -79,7 +79,7 @@ class RegenThumb extends Extension
switch ($event->action) { switch ($event->action) {
case "bulk_regen": case "bulk_regen":
if ($user->can("delete_image")) { if ($user->can(Permissions::DELETE_IMAGE)) {
$force = true; $force = true;
if (isset($_POST["bulk_regen_thumb_missing_only"]) if (isset($_POST["bulk_regen_thumb_missing_only"])
&&$_POST["bulk_regen_thumb_missing_only"]=="true") { &&$_POST["bulk_regen_thumb_missing_only"]=="true") {

12
ext/report_image/main.php
View file

@ -74,7 +74,7 @@ class ReportImage extends Extension
} }
} elseif ($event->get_arg(0) == "remove") { } elseif ($event->get_arg(0) == "remove") {
if (!empty($_POST['id'])) { if (!empty($_POST['id'])) {
if ($user->can("view_image_report")) { if ($user->can(Permissions::VIEW_IMAGE_REPORT)) {
send_event(new RemoveReportedImageEvent($_POST['id'])); send_event(new RemoveReportedImageEvent($_POST['id']));
$page->set_mode(PageMode::REDIRECT); $page->set_mode(PageMode::REDIRECT);
$page->set_redirect(make_link("image_report/list")); $page->set_redirect(make_link("image_report/list"));
@ -83,13 +83,13 @@ class ReportImage extends Extension
$this->theme->display_error(500, "Missing input", "Missing image ID"); $this->theme->display_error(500, "Missing input", "Missing image ID");
} }
} elseif ($event->get_arg(0) == "remove_reports_by" && $user->check_auth_token()) { } elseif ($event->get_arg(0) == "remove_reports_by" && $user->check_auth_token()) {
if ($user->can("view_image_report")) { if ($user->can(Permissions::VIEW_IMAGE_REPORT)) {
$this->delete_reports_by(int_escape($_POST['user_id'])); $this->delete_reports_by(int_escape($_POST['user_id']));
$page->set_mode(PageMode::REDIRECT); $page->set_mode(PageMode::REDIRECT);
$page->set_redirect(make_link()); $page->set_redirect(make_link());
} }
} elseif ($event->get_arg(0) == "list") { } elseif ($event->get_arg(0) == "list") {
if ($user->can("view_image_report")) { if ($user->can(Permissions::VIEW_IMAGE_REPORT)) {
$this->theme->display_reported_images($page, $this->get_reported_images()); $this->theme->display_reported_images($page, $this->get_reported_images());
} }
} }
@ -118,7 +118,7 @@ class ReportImage extends Extension
public function onUserPageBuilding(UserPageBuildingEvent $event) public function onUserPageBuilding(UserPageBuildingEvent $event)
{ {
global $user; global $user;
if ($user->can("view_image_report")) { if ($user->can(Permissions::VIEW_IMAGE_REPORT)) {
$this->theme->get_nuller($event->display_user); $this->theme->get_nuller($event->display_user);
} }
} }
@ -126,7 +126,7 @@ class ReportImage extends Extension
public function onDisplayingImage(DisplayingImageEvent $event) public function onDisplayingImage(DisplayingImageEvent $event)
{ {
global $user; global $user;
if ($user->can('create_image_report')) { if ($user->can(Permissions::CREATE_IMAGE_REPORT)) {
$reps = $this->get_reports($event->image); $reps = $this->get_reports($event->image);
$this->theme->display_image_banner($event->image, $reps); $this->theme->display_image_banner($event->image, $reps);
} }
@ -135,7 +135,7 @@ class ReportImage extends Extension
public function onUserBlockBuilding(UserBlockBuildingEvent $event) public function onUserBlockBuilding(UserBlockBuildingEvent $event)
{ {
global $user; global $user;
if ($user->can("view_image_report")) { if ($user->can(Permissions::VIEW_IMAGE_REPORT)) {
$count = $this->count_reported_images(); $count = $this->count_reported_images();
$h_count = $count > 0 ? " ($count)" : ""; $h_count = $count > 0 ? " ($count)" : "";
$event->add_link("Reported Images$h_count", make_link("image_report/list")); $event->add_link("Reported Images$h_count", make_link("image_report/list"));

12
ext/rule34/main.php
View file

@ -50,7 +50,7 @@ class Rule34 extends Extension
public function onUserPageBuilding(UserPageBuildingEvent $event) public function onUserPageBuilding(UserPageBuildingEvent $event)
{ {
global $database, $user, $config; global $database, $user, $config;
if ($user->can("change_setting") && $config->get_bool('r34_comic_integration')) { if ($user->can(Permissions::CHANGE_SETTING) && $config->get_bool('r34_comic_integration')) {
$current_state = bool_escape($database->get_one("SELECT comic_admin FROM users WHERE id=?", [$event->display_user->id])); $current_state = bool_escape($database->get_one("SELECT comic_admin FROM users WHERE id=?", [$event->display_user->id]));
$this->theme->show_comic_changer($event->display_user, $current_state); $this->theme->show_comic_changer($event->display_user, $current_state);
} }
@ -59,7 +59,7 @@ class Rule34 extends Extension
public function onThumbnailGeneration(ThumbnailGenerationEvent $event) public function onThumbnailGeneration(ThumbnailGenerationEvent $event)
{ {
global $database, $user; global $database, $user;
if ($user->can("manage_admintools")) { if ($user->can(Permissions::MANAGE_ADMINTOOLS)) {
$database->execute("NOTIFY shm_image_bans, '{$event->hash}';"); $database->execute("NOTIFY shm_image_bans, '{$event->hash}';");
} }
} }
@ -72,7 +72,7 @@ class Rule34 extends Extension
{ {
global $database, $page, $user; global $database, $page, $user;
if ($user->can("delete_user")) { // deleting users can take a while if ($user->can(Permissions::DELETE_USER)) { // deleting users can take a while
$database->execute("SET statement_timeout TO ".(DATABASE_TIMEOUT+15000).";"); $database->execute("SET statement_timeout TO ".(DATABASE_TIMEOUT+15000).";");
} }
@ -81,7 +81,7 @@ class Rule34 extends Extension
} }
if ($event->page_matches("rule34/comic_admin")) { if ($event->page_matches("rule34/comic_admin")) {
if ($user->can("change_setting") && $user->check_auth_token()) { if ($user->can(Permissions::CHANGE_SETTING) && $user->check_auth_token()) {
$input = validate_input([ $input = validate_input([
'user_id' => 'user_id,exists', 'user_id' => 'user_id,exists',
'is_admin' => 'bool', 'is_admin' => 'bool',
@ -102,7 +102,7 @@ class Rule34 extends Extension
} }
if ($event->page_matches("admin/cache_purge")) { if ($event->page_matches("admin/cache_purge")) {
if (!$user->can("manage_admintools")) { if (!$user->can(Permissions::MANAGE_ADMINTOOLS)) {
$this->theme->display_permission_denied(); $this->theme->display_permission_denied();
} else { } else {
if ($user->check_auth_token()) { if ($user->check_auth_token()) {
@ -130,7 +130,7 @@ class Rule34 extends Extension
if ($event->page_matches("sys_ip_ban")) { if ($event->page_matches("sys_ip_ban")) {
global $page, $user; global $page, $user;
if ($user->can("ban_ip")) { if ($user->can(Permissions::BAN_IP)) {
if ($event->get_arg(0) == "list") { if ($event->get_arg(0) == "list") {
$bans = (isset($_GET["all"])) ? $this->get_bans() : $this->get_active_bans(); $bans = (isset($_GET["all"])) ? $this->get_bans() : $this->get_active_bans();
$this->theme->display_bans($page, $bans); $this->theme->display_bans($page, $bans);

4
ext/setup/main.php
View file

@ -293,7 +293,7 @@ class Setup extends Extension
} }
if ($event->page_matches("setup")) { if ($event->page_matches("setup")) {
if (!$user->can("change_setting")) { if (!$user->can(Permissions::CHANGE_SETTING)) {
$this->theme->display_permission_denied(); $this->theme->display_permission_denied();
} else { } else {
if ($event->get_arg(0) == "save" && $user->check_auth_token()) { if ($event->get_arg(0) == "save" && $user->check_auth_token()) {
@ -413,7 +413,7 @@ class Setup extends Extension
public function onUserBlockBuilding(UserBlockBuildingEvent $event) public function onUserBlockBuilding(UserBlockBuildingEvent $event)
{ {
global $user; global $user;
if ($user->can("change_setting")) { if ($user->can(Permissions::CHANGE_SETTING)) {
$event->add_link("Board Config", make_link("setup")); $event->add_link("Board Config", make_link("setup"));
} }
} }

6
ext/source_history/main.php
View file

@ -35,13 +35,13 @@ class Source_History extends Extension
if ($event->page_matches("source_history/revert")) { if ($event->page_matches("source_history/revert")) {
// this is a request to revert to a previous version of the source // this is a request to revert to a previous version of the source
if ($user->can("edit_image_tag")) { if ($user->can(Permissions::EDIT_IMAGE_TAG)) {
if (isset($_POST['revert'])) { if (isset($_POST['revert'])) {
$this->process_revert_request($_POST['revert']); $this->process_revert_request($_POST['revert']);
} }
} }
} elseif ($event->page_matches("source_history/bulk_revert")) { } elseif ($event->page_matches("source_history/bulk_revert")) {
if ($user->can("bulk_edit_image_tag") && $user->check_auth_token()) { if ($user->can(Permissions::BULK_EDIT_IMAGE_TAG) && $user->check_auth_token()) {
$this->process_bulk_revert_request(); $this->process_bulk_revert_request();
} }
} elseif ($event->page_matches("source_history/all")) { } elseif ($event->page_matches("source_history/all")) {
@ -85,7 +85,7 @@ class Source_History extends Extension
public function onUserBlockBuilding(UserBlockBuildingEvent $event) public function onUserBlockBuilding(UserBlockBuildingEvent $event)
{ {
global $user; global $user;
if ($user->can("bulk_edit_image_tag")) { if ($user->can(Permissions::BULK_EDIT_IMAGE_TAG)) {
$event->add_link("Source Changes", make_link("source_history/all/1")); $event->add_link("Source Changes", make_link("source_history/all/1"));
} }
} }

4
ext/source_history/theme.php
View file

@ -20,7 +20,7 @@ class Source_HistoryTheme extends Themelet
$current_source = html_escape($fields['source']); $current_source = html_escape($fields['source']);
$name = $fields['name']; $name = $fields['name'];
$date_set = autodate($fields['date_set']); $date_set = autodate($fields['date_set']);
$h_ip = $user->can("view_ip") ? " ".show_ip($fields['user_ip'], "Sourcing Image #$image_id as '$current_source'") : ""; $h_ip = $user->can(Permissions::VIEW_IP) ? " ".show_ip($fields['user_ip'], "Sourcing Image #$image_id as '$current_source'") : "";
$setter = "<a href='".make_link("user/".url_escape($name))."'>".html_escape($name)."</a>$h_ip"; $setter = "<a href='".make_link("user/".url_escape($name))."'>".html_escape($name)."</a>$h_ip";
$selected = ($n == 2) ? " checked" : ""; $selected = ($n == 2) ? " checked" : "";
@ -72,7 +72,7 @@ class Source_HistoryTheme extends Themelet
$image_id = $fields['image_id']; $image_id = $fields['image_id'];
$current_source = html_escape($fields['source']); $current_source = html_escape($fields['source']);
$name = $fields['name']; $name = $fields['name'];
$h_ip = $user->can("view_ip") ? " ".show_ip($fields['user_ip'], "Sourcing Image #$image_id as '$current_source'") : ""; $h_ip = $user->can(Permissions::VIEW_IP) ? " ".show_ip($fields['user_ip'], "Sourcing Image #$image_id as '$current_source'") : "";
$setter = "<a href='".make_link("user/".url_escape($name))."'>".html_escape($name)."</a>$h_ip"; $setter = "<a href='".make_link("user/".url_escape($name))."'>".html_escape($name)."</a>$h_ip";
$history_list .= ' $history_list .= '

22
ext/tag_edit/main.php
View file

@ -161,7 +161,7 @@ class TagEdit extends Extension
global $user, $page; global $user, $page;
if ($event->page_matches("tag_edit")) { if ($event->page_matches("tag_edit")) {
if ($event->get_arg(0) == "replace") { if ($event->get_arg(0) == "replace") {
if ($user->can("mass_tag_edit") && isset($_POST['search']) && isset($_POST['replace'])) { if ($user->can(Permissions::MASS_TAG_EDIT) && isset($_POST['search']) && isset($_POST['replace'])) {
$search = $_POST['search']; $search = $_POST['search'];
$replace = $_POST['replace']; $replace = $_POST['replace'];
$this->mass_tag_edit($search, $replace); $this->mass_tag_edit($search, $replace);
@ -170,7 +170,7 @@ class TagEdit extends Extension
} }
} }
if ($event->get_arg(0) == "mass_source_set") { if ($event->get_arg(0) == "mass_source_set") {
if ($user->can("mass_tag_edit") && isset($_POST['tags']) && isset($_POST['source'])) { if ($user->can(Permissions::MASS_TAG_EDIT) && isset($_POST['tags']) && isset($_POST['source'])) {
$this->mass_source_edit($_POST['tags'], $_POST['source']); $this->mass_source_edit($_POST['tags'], $_POST['source']);
$page->set_mode(PageMode::REDIRECT); $page->set_mode(PageMode::REDIRECT);
$page->set_redirect(make_link("post/list")); $page->set_redirect(make_link("post/list"));
@ -182,7 +182,7 @@ class TagEdit extends Extension
// public function onPostListBuilding(PostListBuildingEvent $event) // public function onPostListBuilding(PostListBuildingEvent $event)
// { // {
// global $user; // global $user;
// if ($user->can("bulk_edit_image_source") && !empty($event->search_terms)) { // if ($user->can(UserAbilities::BULK_EDIT_IMAGE_SOURCE) && !empty($event->search_terms)) {
// $event->add_control($this->theme->mss_html(Tag::implode($event->search_terms))); // $event->add_control($this->theme->mss_html(Tag::implode($event->search_terms)));
// } // }
// } // }
@ -190,7 +190,7 @@ class TagEdit extends Extension
public function onImageInfoSet(ImageInfoSetEvent $event) public function onImageInfoSet(ImageInfoSetEvent $event)
{ {
global $user; global $user;
if ($user->can("edit_image_owner") && isset($_POST['tag_edit__owner'])) { if ($user->can(Permissions::EDIT_IMAGE_OWNER) && isset($_POST['tag_edit__owner'])) {
$owner = User::by_name($_POST['tag_edit__owner']); $owner = User::by_name($_POST['tag_edit__owner']);
if ($owner instanceof User) { if ($owner instanceof User) {
send_event(new OwnerSetEvent($event->image, $owner)); send_event(new OwnerSetEvent($event->image, $owner));
@ -206,7 +206,7 @@ class TagEdit extends Extension
send_event(new SourceSetEvent($event->image, $_POST['tag_edit__source'])); send_event(new SourceSetEvent($event->image, $_POST['tag_edit__source']));
} }
} }
if ($user->can("edit_image_lock")) { if ($user->can(Permissions::EDIT_IMAGE_LOCK)) {
$locked = isset($_POST['tag_edit__locked']) && $_POST['tag_edit__locked']=="on"; $locked = isset($_POST['tag_edit__locked']) && $_POST['tag_edit__locked']=="on";
send_event(new LockSetEvent($event->image, $locked)); send_event(new LockSetEvent($event->image, $locked));
} }
@ -215,7 +215,7 @@ class TagEdit extends Extension
public function onOwnerSet(OwnerSetEvent $event) public function onOwnerSet(OwnerSetEvent $event)
{ {
global $user; global $user;
if ($user->can("edit_image_owner") && (!$event->image->is_locked() || $user->can("edit_image_lock"))) { if ($user->can(Permissions::EDIT_IMAGE_OWNER) && (!$event->image->is_locked() || $user->can(Permissions::EDIT_IMAGE_LOCK))) {
$event->image->set_owner($event->owner); $event->image->set_owner($event->owner);
} }
} }
@ -223,7 +223,7 @@ class TagEdit extends Extension
public function onTagSet(TagSetEvent $event) public function onTagSet(TagSetEvent $event)
{ {
global $user; global $user;
if ($user->can("edit_image_tag") && (!$event->image->is_locked() || $user->can("edit_image_lock"))) { if ($user->can(Permissions::EDIT_IMAGE_TAG) && (!$event->image->is_locked() || $user->can(Permissions::EDIT_IMAGE_LOCK))) {
$event->image->set_tags($event->tags); $event->image->set_tags($event->tags);
} }
$event->image->parse_metatags($event->metatags, $event->image->id); $event->image->parse_metatags($event->metatags, $event->image->id);
@ -232,7 +232,7 @@ class TagEdit extends Extension
public function onSourceSet(SourceSetEvent $event) public function onSourceSet(SourceSetEvent $event)
{ {
global $user; global $user;
if ($user->can("edit_image_source") && (!$event->image->is_locked() || $user->can("edit_image_lock"))) { if ($user->can(Permissions::EDIT_IMAGE_SOURCE) && (!$event->image->is_locked() || $user->can(Permissions::EDIT_IMAGE_LOCK))) {
$event->image->set_source($event->source); $event->image->set_source($event->source);
} }
} }
@ -240,7 +240,7 @@ class TagEdit extends Extension
public function onLockSet(LockSetEvent $event) public function onLockSet(LockSetEvent $event)
{ {
global $user; global $user;
if ($user->can("edit_image_lock")) { if ($user->can(Permissions::EDIT_IMAGE_LOCK)) {
$event->image->set_locked($event->locked); $event->image->set_locked($event->locked);
} }
} }
@ -288,13 +288,13 @@ class TagEdit extends Extension
private function can_tag(Image $image): bool private function can_tag(Image $image): bool
{ {
global $user; global $user;
return ($user->can("edit_image_tag") || !$image->is_locked()); return ($user->can(Permissions::EDIT_IMAGE_TAG) || !$image->is_locked());
} }
private function can_source(Image $image): bool private function can_source(Image $image): bool
{ {
global $user; global $user;
return ($user->can("edit_image_source") || !$image->is_locked()); return ($user->can(Permissions::EDIT_IMAGE_SOURCE) || !$image->is_locked());
} }
private function mass_tag_edit(string $search, string $replace) private function mass_tag_edit(string $search, string $replace)

10
ext/tag_edit/theme.php
View file

@ -51,7 +51,7 @@ class TagEditTheme extends Themelet
<tr> <tr>
<th width='50px'>Tags</th> <th width='50px'>Tags</th>
<td> <td>
".($user->can("edit_image_tag") ? " ".($user->can(Permissions::EDIT_IMAGE_TAG) ? "
<span class='view'>$h_tag_links</span> <span class='view'>$h_tag_links</span>
<input class='edit autocomplete_tags' type='text' name='tag_edit__tags' value='$h_tags' id='tag_editor' autocomplete='off'> <input class='edit autocomplete_tags' type='text' name='tag_edit__tags' value='$h_tags' id='tag_editor' autocomplete='off'>
" : " " : "
@ -68,12 +68,12 @@ class TagEditTheme extends Themelet
$h_owner = html_escape($image->get_owner()->name); $h_owner = html_escape($image->get_owner()->name);
$h_av = $image->get_owner()->get_avatar_html(); $h_av = $image->get_owner()->get_avatar_html();
$h_date = autodate($image->posted); $h_date = autodate($image->posted);
$h_ip = $user->can("view_ip") ? " (".show_ip($image->owner_ip, "Image posted {$image->posted}").")" : ""; $h_ip = $user->can(Permissions::VIEW_IP) ? " (".show_ip($image->owner_ip, "Image posted {$image->posted}").")" : "";
return " return "
<tr> <tr>
<th>Uploader</th> <th>Uploader</th>
<td> <td>
".($user->can("edit_image_owner") ? " ".($user->can(Permissions::EDIT_IMAGE_OWNER) ? "
<span class='view'><a class='username' href='".make_link("user/$h_owner")."'>$h_owner</a>$h_ip, $h_date</span> <span class='view'><a class='username' href='".make_link("user/$h_owner")."'>$h_owner</a>$h_ip, $h_date</span>
<input class='edit' type='text' name='tag_edit__owner' value='$h_owner'> <input class='edit' type='text' name='tag_edit__owner' value='$h_owner'>
" : " " : "
@ -95,7 +95,7 @@ class TagEditTheme extends Themelet
<tr> <tr>
<th>Source</th> <th>Source</th>
<td> <td>
".($user->can("edit_image_source") ? " ".($user->can(Permissions::EDIT_IMAGE_SOURCE) ? "
<div class='view' style='$style'>$f_source</div> <div class='view' style='$style'>$f_source</div>
<input class='edit' type='text' name='tag_edit__source' value='$h_source'> <input class='edit' type='text' name='tag_edit__source' value='$h_source'>
" : " " : "
@ -132,7 +132,7 @@ class TagEditTheme extends Themelet
<tr> <tr>
<th>Locked</th> <th>Locked</th>
<td> <td>
".($user->can("edit_image_lock") ? " ".($user->can(Permissions::EDIT_IMAGE_LOCK) ? "
<span class='view'>$b_locked</span> <span class='view'>$b_locked</span>
<input class='edit' type='checkbox' name='tag_edit__locked'$h_locked> <input class='edit' type='checkbox' name='tag_edit__locked'$h_locked>
" : " " : "

2
ext/tag_editcloud/main.php
View file

@ -180,6 +180,6 @@ class TagEditCloud extends Extension
private function can_tag(Image $image): bool private function can_tag(Image $image): bool
{ {
global $user; global $user;
return ($user->can("edit_image_tag") && (!$image->is_locked() || $user->can("edit_image_lock"))); return ($user->can(Permissions::EDIT_IMAGE_TAG) && (!$image->is_locked() || $user->can(Permissions::EDIT_IMAGE_LOCK)));
} }
} }

6
ext/tag_history/main.php
View file

@ -35,13 +35,13 @@ class Tag_History extends Extension
if ($event->page_matches("tag_history/revert")) { if ($event->page_matches("tag_history/revert")) {
// this is a request to revert to a previous version of the tags // this is a request to revert to a previous version of the tags
if ($user->can("edit_image_tag")) { if ($user->can(Permissions::EDIT_IMAGE_TAG)) {
if (isset($_POST['revert'])) { if (isset($_POST['revert'])) {
$this->process_revert_request($_POST['revert']); $this->process_revert_request($_POST['revert']);
} }
} }
} elseif ($event->page_matches("tag_history/bulk_revert")) { } elseif ($event->page_matches("tag_history/bulk_revert")) {
if ($user->can("bulk_edit_image_tag") && $user->check_auth_token()) { if ($user->can(Permissions::BULK_EDIT_IMAGE_TAG) && $user->check_auth_token()) {
$this->process_bulk_revert_request(); $this->process_bulk_revert_request();
} }
} elseif ($event->page_matches("tag_history/all")) { } elseif ($event->page_matches("tag_history/all")) {
@ -85,7 +85,7 @@ class Tag_History extends Extension
public function onUserBlockBuilding(UserBlockBuildingEvent $event) public function onUserBlockBuilding(UserBlockBuildingEvent $event)
{ {
global $user; global $user;
if ($user->can("bulk_edit_image_tag")) { if ($user->can(Permissions::BULK_EDIT_IMAGE_TAG)) {
$event->add_link("Tag Changes", make_link("tag_history/all/1")); $event->add_link("Tag Changes", make_link("tag_history/all/1"));
} }
} }

4
ext/tag_history/theme.php
View file

@ -25,7 +25,7 @@ class Tag_HistoryTheme extends Themelet
$current_tags = html_escape($fields['tags']); $current_tags = html_escape($fields['tags']);
$name = $fields['name']; $name = $fields['name'];
$date_set = autodate($fields['date_set']); $date_set = autodate($fields['date_set']);
$h_ip = $user->can("view_ip") ? " ".show_ip($fields['user_ip'], "Tagging Image #$image_id as '$current_tags'") : ""; $h_ip = $user->can(Permissions::VIEW_IP) ? " ".show_ip($fields['user_ip'], "Tagging Image #$image_id as '$current_tags'") : "";
$setter = "<a href='".make_link("user/".url_escape($name))."'>".html_escape($name)."</a>$h_ip"; $setter = "<a href='".make_link("user/".url_escape($name))."'>".html_escape($name)."</a>$h_ip";
$selected = ($n == 2) ? " checked" : ""; $selected = ($n == 2) ? " checked" : "";
@ -84,7 +84,7 @@ class Tag_HistoryTheme extends Themelet
$image_id = $fields['image_id']; $image_id = $fields['image_id'];
$current_tags = html_escape($fields['tags']); $current_tags = html_escape($fields['tags']);
$name = $fields['name']; $name = $fields['name'];
$h_ip = $user->can("view_ip") ? " ".show_ip($fields['user_ip'], "Tagging Image #$image_id as '$current_tags'") : ""; $h_ip = $user->can(Permissions::VIEW_IP) ? " ".show_ip($fields['user_ip'], "Tagging Image #$image_id as '$current_tags'") : "";
$setter = "<a href='".make_link("user/".url_escape($name))."'>".html_escape($name)."</a>$h_ip"; $setter = "<a href='".make_link("user/".url_escape($name))."'>".html_escape($name)."</a>$h_ip";
$history_list .= ' $history_list .= '

2
ext/tagger/main.php
View file

@ -12,7 +12,7 @@ class Tagger extends Extension
{ {
global $page, $user; global $page, $user;
if ($user->can("edit_image_tag") && ($event->image->is_locked() || $user->can("edit_image_lock"))) { if ($user->can(Permissions::EDIT_IMAGE_TAG) && ($event->image->is_locked() || $user->can(Permissions::EDIT_IMAGE_LOCK))) {
$this->theme->build_tagger($page, $event); $this->theme->build_tagger($page, $event);
} }
} }

12
ext/trash/main.php
View file

@ -37,7 +37,7 @@ class Trash extends Extension
{ {
global $page, $user; global $page, $user;
if ($event->page_matches("trash_restore") && $user->can("view_trash")) { if ($event->page_matches("trash_restore") && $user->can(Permissions::VIEW_TRASH)) {
// Try to get the image ID // Try to get the image ID
$image_id = int_escape($event->get_arg(0)); $image_id = int_escape($event->get_arg(0));
if (empty($image_id)) { if (empty($image_id)) {
@ -59,7 +59,7 @@ class Trash extends Extension
{ {
global $user, $page; global $user, $page;
if($event->image->trash===true && !$user->can("view_trash")) { if($event->image->trash===true && !$user->can(Permissions::VIEW_TRASH)) {
$page->set_mode(PageMode::REDIRECT); $page->set_mode(PageMode::REDIRECT);
$page->set_redirect(make_link("post/list")); $page->set_redirect(make_link("post/list"));
} }
@ -87,7 +87,7 @@ class Trash extends Extension
if (preg_match(self::SEARCH_REGEXP, strtolower($event->term), $matches)) { if (preg_match(self::SEARCH_REGEXP, strtolower($event->term), $matches)) {
if($user->can("view_trash")) { if($user->can(Permissions::VIEW_TRASH)) {
$event->add_querylet(new Querylet($database->scoreql_to_sql("trash = SCORE_BOOL_Y "))); $event->add_querylet(new Querylet($database->scoreql_to_sql("trash = SCORE_BOOL_Y ")));
} }
} }
@ -114,7 +114,7 @@ class Trash extends Extension
public function onImageAdminBlockBuilding(ImageAdminBlockBuildingEvent $event) public function onImageAdminBlockBuilding(ImageAdminBlockBuildingEvent $event)
{ {
global $config, $database, $user; global $config, $database, $user;
if($event->image->trash===true && $user->can("view_trash")) { if($event->image->trash===true && $user->can(Permissions::VIEW_TRASH)) {
$event->add_part($this->theme->get_image_admin_html($event->image->id)); $event->add_part($this->theme->get_image_admin_html($event->image->id));
} }
} }
@ -123,7 +123,7 @@ class Trash extends Extension
{ {
global $user; global $user;
if ($user->can("view_trash")&&in_array("in:trash", $event->search_terms)) { if ($user->can(Permissions::VIEW_TRASH)&&in_array("in:trash", $event->search_terms)) {
$event->add_action("bulk_trash_restore","(U)ndelete", "u"); $event->add_action("bulk_trash_restore","(U)ndelete", "u");
} }
} }
@ -134,7 +134,7 @@ class Trash extends Extension
switch ($event->action) { switch ($event->action) {
case "bulk_trash_restore": case "bulk_trash_restore":
if ($user->can("view_trash")) { if ($user->can(Permissions::VIEW_TRASH)) {
$total = 0; $total = 0;
foreach ($event->items as $image) { foreach ($event->items as $image) {
self::set_trash($image->id, false); self::set_trash($image->id, false);

8
ext/upload/main.php
View file

@ -155,7 +155,7 @@ class Upload extends Extension
{ {
global $database, $page, $user; global $database, $page, $user;
if ($user->can("create_image")) { if ($user->can(Permissions::CREATE_IMAGE)) {
if ($this->is_full) { if ($this->is_full) {
$this->theme->display_full($page); $this->theme->display_full($page);
} else { } else {
@ -165,7 +165,7 @@ class Upload extends Extension
if ($event->page_matches("upload/replace")) { if ($event->page_matches("upload/replace")) {
// check if the user is an administrator and can upload files. // check if the user is an administrator and can upload files.
if (!$user->can("replace_image")) { if (!$user->can(Permissions::REPLACE_IMAGE)) {
$this->theme->display_permission_denied(); $this->theme->display_permission_denied();
} else { } else {
if ($this->is_full) { if ($this->is_full) {
@ -221,7 +221,7 @@ class Upload extends Extension
} }
} }
} elseif ($event->page_matches("upload")) { } elseif ($event->page_matches("upload")) {
if (!$user->can("create_image")) { if (!$user->can(Permissions::CREATE_IMAGE)) {
$this->theme->display_permission_denied(); $this->theme->display_permission_denied();
} else { } else {
/* Regular Upload Image */ /* Regular Upload Image */
@ -371,7 +371,7 @@ class Upload extends Extension
$ok = true; $ok = true;
// Checks if user is admin > check if you want locked. // Checks if user is admin > check if you want locked.
if ($user->can("edit_image_lock") && !empty($_GET['locked'])) { if ($user->can(Permissions::EDIT_IMAGE_LOCK) && !empty($_GET['locked'])) {
$locked = bool_escape($_GET['locked']); $locked = bool_escape($_GET['locked']);
} }

18
ext/user/main.php
View file

@ -127,7 +127,7 @@ class UserPage extends Extension
$a["name"] = '%' . $_GET['username'] . '%'; $a["name"] = '%' . $_GET['username'] . '%';
} }
if ($user->can('delete_user') && @$_GET['email']) { if ($user->can(Permissions::DELETE_USER) && @$_GET['email']) {
$q .= " AND SCORE_STRNORM(email) LIKE SCORE_STRNORM(:email)"; $q .= " AND SCORE_STRNORM(email) LIKE SCORE_STRNORM(:email)";
$a["email"] = '%' . $_GET['email'] . '%'; $a["email"] = '%' . $_GET['email'] . '%';
} }
@ -212,7 +212,7 @@ class UserPage extends Extension
global $user, $config; global $user, $config;
$h_join_date = autodate($event->display_user->join_date); $h_join_date = autodate($event->display_user->join_date);
if ($event->display_user->can("hellbanned")) { if ($event->display_user->can(Permissions::HELLBANNED)) {
$h_class = $event->display_user->class->parent->name; $h_class = $event->display_user->class->parent->name;
} else { } else {
$h_class = $event->display_user->class->name; $h_class = $event->display_user->class->name;
@ -250,7 +250,7 @@ class UserPage extends Extension
$this->theme->display_user_links($page, $user, $ubbe->parts); $this->theme->display_user_links($page, $user, $ubbe->parts);
} }
if ( if (
($user->can("view_ip") || ($user->is_logged_in() && $user->id == $event->display_user->id)) && # admin or self-user ($user->can(Permissions::VIEW_IP) || ($user->is_logged_in() && $user->id == $event->display_user->id)) && # admin or self-user
($event->display_user->id != $config->get_int('anon_id')) # don't show anon's IP list, it is le huge ($event->display_user->id != $config->get_int('anon_id')) # don't show anon's IP list, it is le huge
) { ) {
$this->theme->display_ip_list( $this->theme->display_ip_list(
@ -309,7 +309,7 @@ class UserPage extends Extension
{ {
global $user; global $user;
$event->add_link("My Profile", make_link("user")); $event->add_link("My Profile", make_link("user"));
if ($user->can("edit_user_class")) { if ($user->can(Permissions::EDIT_USER_CLASS)) {
$event->add_link("User List", make_link("user_admin/list"), 98); $event->add_link("User List", make_link("user_admin/list"), 98);
} }
$event->add_link("Log Out", make_link("user_admin/logout"), 99); $event->add_link("Log Out", make_link("user_admin/logout"), 99);
@ -337,7 +337,7 @@ class UserPage extends Extension
} elseif (preg_match("/^(?:poster|user)_id[=|:]([0-9]+)$/i", $event->term, $matches)) { } elseif (preg_match("/^(?:poster|user)_id[=|:]([0-9]+)$/i", $event->term, $matches)) {
$user_id = int_escape($matches[1]); $user_id = int_escape($matches[1]);
$event->add_querylet(new Querylet("images.owner_id = $user_id")); $event->add_querylet(new Querylet("images.owner_id = $user_id"));
} elseif ($user->can("view_ip") && preg_match("/^(?:poster|user)_ip[=|:]([0-9\.]+)$/i", $event->term, $matches)) { } elseif ($user->can(Permissions::VIEW_IP) && preg_match("/^(?:poster|user)_ip[=|:]([0-9\.]+)$/i", $event->term, $matches)) {
$user_ip = $matches[1]; // FIXME: ip_escape? $user_ip = $matches[1]; // FIXME: ip_escape?
$event->add_querylet(new Querylet("images.owner_ip = '$user_ip'")); $event->add_querylet(new Querylet("images.owner_ip = '$user_ip'"));
} }
@ -517,8 +517,8 @@ class UserPage extends Extension
if ( if (
($a->name == $b->name) || ($a->name == $b->name) ||
($b->can("protected") && $a->class->name == "admin") || ($b->can(Permissions::PROTECTED) && $a->class->name == "admin") ||
(!$b->can("protected") && $a->can("edit_user_info")) (!$b->can(Permissions::PROTECTED) && $a->can(Permissions::EDIT_USER_INFO))
) { ) {
return true; return true;
} else { } else {
@ -544,7 +544,7 @@ class UserPage extends Extension
{ {
global $user; global $user;
if ($user->can('edit_user_name') && $this->user_can_edit_user($user, $duser)) { if ($user->can(Permissions::EDIT_USER_NAME) && $this->user_can_edit_user($user, $duser)) {
$duser->set_name($name); $duser->set_name($name);
flash_message("Username changed"); flash_message("Username changed");
// TODO: set login cookie if user changed themselves // TODO: set login cookie if user changed themselves
@ -652,7 +652,7 @@ class UserPage extends Extension
$page->set_heading("Error"); $page->set_heading("Error");
$page->add_block(new NavBlock()); $page->add_block(new NavBlock());
if (!$user->can("delete_user")) { if (!$user->can(Permissions::DELETE_USER)) {
$page->add_block(new Block("Not Admin", "Only admins can delete accounts")); $page->add_block(new Block("Not Admin", "Only admins can delete accounts"));
} elseif (!isset($_POST['id']) || !is_numeric($_POST['id'])) { } elseif (!isset($_POST['id']) || !is_numeric($_POST['id'])) {
$page->add_block(new Block( $page->add_block(new Block(

12
ext/user/theme.php
View file

@ -26,7 +26,7 @@ class UserPageTheme extends Themelet
$html .= "<tr>"; $html .= "<tr>";
$html .= "<td>Name</td>"; $html .= "<td>Name</td>";
if ($user->can('delete_user')) { if ($user->can(Permissions::DELETE_USER)) {
$html .= "<td>Email</td>"; $html .= "<td>Email</td>";
} }
$html .= "<td>Class</td>"; $html .= "<td>Class</td>";
@ -39,7 +39,7 @@ class UserPageTheme extends Themelet
$html .= "<tr>" . make_form("user_admin/list", "GET"); $html .= "<tr>" . make_form("user_admin/list", "GET");
$html .= "<td><input type='text' name='username' value='$h_username'/></td>"; $html .= "<td><input type='text' name='username' value='$h_username'/></td>";
if ($user->can('delete_user')) { if ($user->can(Permissions::DELETE_USER)) {
$html .= "<td><input type='text' name='email' value='$h_email'/></td>"; $html .= "<td><input type='text' name='email' value='$h_email'/></td>";
} }
$html .= "<td><input type='text' name='class' value='$h_class'/></td>"; $html .= "<td><input type='text' name='class' value='$h_class'/></td>";
@ -55,7 +55,7 @@ class UserPageTheme extends Themelet
$html .= "<tr>"; $html .= "<tr>";
$html .= "<td><a href='$u_link'>$h_name</a></td>"; $html .= "<td><a href='$u_link'>$h_name</a></td>";
if ($user->can('delete_user')) { if ($user->can(Permissions::DELETE_USER)) {
$html .= "<td>$h_email</td>"; $html .= "<td>$h_email</td>";
} }
$html .= "<td>$h_class</td>"; $html .= "<td>$h_class</td>";
@ -256,7 +256,7 @@ class UserPageTheme extends Themelet
$html = ""; $html = "";
if ($duser->id != $config->get_int('anon_id')) { //justa fool-admin protection so they dont mess around with anon users. if ($duser->id != $config->get_int('anon_id')) { //justa fool-admin protection so they dont mess around with anon users.
if ($user->can('edit_user_name')) { if ($user->can(Permissions::EDIT_USER_NAME)) {
$html .= " $html .= "
<p>".make_form(make_link("user_admin/change_name"))." <p>".make_form(make_link("user_admin/change_name"))."
<input type='hidden' name='id' value='{$duser->id}'> <input type='hidden' name='id' value='{$duser->id}'>
@ -298,7 +298,7 @@ class UserPageTheme extends Themelet
$i_user_id = int_escape($duser->id); $i_user_id = int_escape($duser->id);
if ($user->can("edit_user_class")) { if ($user->can(Permissions::EDIT_USER_CLASS)) {
global $_shm_user_classes; global $_shm_user_classes;
$class_html = ""; $class_html = "";
foreach ($_shm_user_classes as $name => $values) { foreach ($_shm_user_classes as $name => $values) {
@ -319,7 +319,7 @@ class UserPageTheme extends Themelet
"; ";
} }
if ($user->can("delete_user")) { if ($user->can(Permissions::DELETE_USER)) {
$html .= " $html .= "
<p>".make_form(make_link("user_admin/delete_user"))." <p>".make_form(make_link("user_admin/delete_user"))."
<input type='hidden' name='id' value='$i_user_id'> <input type='hidden' name='id' value='$i_user_id'>

4
ext/view/theme.php
View file

@ -81,8 +81,8 @@ class ViewImageTheme extends Themelet
$html .= $part; $html .= $part;
} }
if ( if (
(!$image->is_locked() || $user->can("edit_image_lock")) && (!$image->is_locked() || $user->can(Permissions::EDIT_IMAGE_LOCK)) &&
$user->can("edit_image_tag") $user->can(Permissions::EDIT_IMAGE_TAG)
) { ) {
$html .= " $html .= "
<tr><td colspan='4'> <tr><td colspan='4'>

2
ext/wiki/main.php
View file

@ -206,7 +206,7 @@ class Wiki extends Extension
} }
// anon / user can edit if allowed by config // anon / user can edit if allowed by config
if ($user->can("edit_wiki_page")) { if ($user->can(Permissions::EDIT_WIKI_PAGE)) {
return true; return true;
} }

2
themes/danbooru/comment.theme.php
View file

@ -104,7 +104,7 @@ class CustomCommentListTheme extends CommentListTheme
$h_userlink = "<a class='username' href='".make_link("user/$h_name")."'>$h_name</a>"; $h_userlink = "<a class='username' href='".make_link("user/$h_name")."'>$h_name</a>";
$h_del = ""; $h_del = "";
if ($user->can("delete_comment")) { if ($user->can(Permissions::DELETE_COMMENT)) {
$comment_preview = substr(html_unescape($tfe->stripped), 0, 50); $comment_preview = substr(html_unescape($tfe->stripped), 0, 50);
$j_delete_confirm_message = json_encode("Delete comment by {$comment->owner_name}:\n$comment_preview"); $j_delete_confirm_message = json_encode("Delete comment by {$comment->owner_name}:\n$comment_preview");
$h_delete_script = html_escape("return confirm($j_delete_confirm_message);"); $h_delete_script = html_escape("return confirm($j_delete_confirm_message);");

2
themes/danbooru/view.theme.php
View file

@ -23,7 +23,7 @@ class CustomViewImageTheme extends ViewImageTheme
$h_filesize = to_shorthand_int($image->filesize); $h_filesize = to_shorthand_int($image->filesize);
global $user; global $user;
if ($user->can("view_ip")) { if ($user->can(Permissions::VIEW_IP)) {
$h_ownerlink .= " ($h_ip)"; $h_ownerlink .= " ($h_ip)";
} }

2
themes/danbooru2/comment.theme.php
View file

@ -105,7 +105,7 @@ class CustomCommentListTheme extends CommentListTheme
$h_userlink = "<a class='username' href='".make_link("user/$h_name")."'>$h_name</a>"; $h_userlink = "<a class='username' href='".make_link("user/$h_name")."'>$h_name</a>";
$h_del = ""; $h_del = "";
if ($user->can("delete_comment")) { if ($user->can(Permissions::DELETE_COMMENT)) {
$comment_preview = substr(html_unescape($tfe->stripped), 0, 50); $comment_preview = substr(html_unescape($tfe->stripped), 0, 50);
$j_delete_confirm_message = json_encode("Delete comment by {$comment->owner_name}:\n$comment_preview"); $j_delete_confirm_message = json_encode("Delete comment by {$comment->owner_name}:\n$comment_preview");
$h_delete_script = html_escape("return confirm($j_delete_confirm_message);"); $h_delete_script = html_escape("return confirm($j_delete_confirm_message);");

2
themes/danbooru2/view.theme.php
View file

@ -22,7 +22,7 @@ class CustomViewImageTheme extends ViewImageTheme
$h_filesize = to_shorthand_int($image->filesize); $h_filesize = to_shorthand_int($image->filesize);
global $user; global $user;
if ($user->can("view_ip")) { if ($user->can(Permissions::VIEW_IP)) {
$h_ownerlink .= " ($h_ip)"; $h_ownerlink .= " ($h_ip)";
} }

2
themes/futaba/comment.theme.php
View file

@ -78,7 +78,7 @@ class CustomCommentListTheme extends CommentListTheme
$h_userlink = "<a href='".make_link("user/$h_name")."'>$h_name</a>"; $h_userlink = "<a href='".make_link("user/$h_name")."'>$h_name</a>";
$h_date = $comment->posted; $h_date = $comment->posted;
$h_del = ""; $h_del = "";
if ($user->can("delete_comment")) { if ($user->can(Permissions::DELETE_COMMENT)) {
$comment_preview = substr(html_unescape($tfe->stripped), 0, 50); $comment_preview = substr(html_unescape($tfe->stripped), 0, 50);
$j_delete_confirm_message = json_encode("Delete comment by {$comment->owner_name}:\n$comment_preview"); $j_delete_confirm_message = json_encode("Delete comment by {$comment->owner_name}:\n$comment_preview");
$h_delete_script = html_escape("return confirm($j_delete_confirm_message);"); $h_delete_script = html_escape("return confirm($j_delete_confirm_message);");

2
themes/lite/view.theme.php
View file

@ -23,7 +23,7 @@ class CustomViewImageTheme extends ViewImageTheme
$h_filesize = to_shorthand_int($image->filesize); $h_filesize = to_shorthand_int($image->filesize);
global $user; global $user;
if ($user->can("view_ip")) { if ($user->can(Permissions::VIEW_IP)) {
$h_ownerlink .= " ($h_ip)"; $h_ownerlink .= " ($h_ip)";
} }

4
themes/material/view.theme.php
View file

@ -57,8 +57,8 @@ class CustomViewImageTheme extends ViewImageTheme
$html .= $part; $html .= $part;
} }
if ( if (
(!$image->is_locked() || $user->can("edit_image_lock")) && (!$image->is_locked() || $user->can(Permissions::EDIT_IMAGE_LOCK)) &&
$user->can("edit_image_tag") $user->can(Permissions::EDIT_IMAGE_TAG)
) { ) {
$html .= " $html .= "
<tr><td colspan='4'> <tr><td colspan='4'>