By default, disallow users to set private_stream

2016-02-17 22:58:31 +01:00 · 2016-02-17 22:58:31 +01:00 · 5fbb01130a
parent 47dc15c9f6
commit 5fbb01130a
2 changed files with 19 additions and 8 deletions
--- a/actions/profilesettings.php
+++ b/actions/profilesettings.php
@ -207,13 +207,15 @@ class ProfilesettingsAction extends SettingsAction
                            (empty($user->subscribe_policy)) ? User::SUBSCRIBE_POLICY_OPEN : $user->subscribe_policy);
            $this->elementEnd('li');
        }
-        $this->elementStart('li');
-        $this->checkbox('private_stream',
-                        // TRANS: Checkbox label in profile settings.
-                        _('Make updates visible only to my followers'),
-                        ($this->arg('private_stream')) ?
-                        $this->boolean('private_stream') : $user->private_stream);
-        $this->elementEnd('li');
+        if (common_config('profile', 'allowprivate') || $user->private_stream) {
+            $this->elementStart('li');
+            $this->checkbox('private_stream',
+                            // TRANS: Checkbox label in profile settings.
+                            _('Make updates visible only to my followers'),
+                            ($this->arg('private_stream')) ?
+                            $this->boolean('private_stream') : $user->private_stream);
+            $this->elementEnd('li');
+        }
        $this->elementEnd('ul');
        // TRANS: Button to save input in profile settings.
        $this->submit('save', _m('BUTTON','Save'));
@ -255,7 +257,6 @@ class ProfilesettingsAction extends SettingsAction
            $location = $this->trimmed('location');
            $autosubscribe = $this->booleanintstring('autosubscribe');
            $subscribe_policy = $this->trimmed('subscribe_policy');
-            $private_stream = $this->booleanintstring('private_stream');
            $language = $this->trimmed('language');
            $timezone = $this->trimmed('timezone');
            $tagstring = $this->trimmed('tags');
@ -310,6 +311,15 @@ class ProfilesettingsAction extends SettingsAction
            $user = $this->scoped->getUser();
            $user->query('BEGIN');

+            // Only allow setting private_stream if site policy allows it
+            // (or user already _has_ a private stream, then you can unset it)
+            if (common_config('profile', 'allowprivate') || $user->private_stream) {
+                $private_stream = $this->booleanintstring('private_stream');
+            } else {
+                // if not allowed, we set to the existing value
+                $private_stream = $user->private_stream;
+            }
+
            // $user->nickname is updated through Profile->update();

            // XXX: XOR
--- a/lib/default.php
+++ b/lib/default.php
@ -129,6 +129,7 @@ $default =
        array('banned' => array(),
              'biolimit' => null,
              'changenick' => false,
+              'allowprivate' => false,  // whether to allow setting stream to private ("only followers can read")
              'backup' => false,    // can cause DoS, so should be done via CLI
              'restore' => false,
              'delete' => false,