From 72208b066cc09189e648c14c3e174e9123af40a6 Mon Sep 17 00:00:00 2001 From: Hugo Sales Date: Thu, 10 Sep 2020 20:29:57 +0000 Subject: [PATCH] [NoteActions] Refactor note actions and fix bug in favourite --- plugins/Favourite/Favourite.php | 7 +---- plugins/Repeat/Repeat.php | 47 +++++++++++++++++---------------- src/Twig/Runtime.php | 5 ++++ 3 files changed, 30 insertions(+), 29 deletions(-) diff --git a/plugins/Favourite/Favourite.php b/plugins/Favourite/Favourite.php index 3db1dab8c3..37b267c12a 100644 --- a/plugins/Favourite/Favourite.php +++ b/plugins/Favourite/Favourite.php @@ -35,12 +35,7 @@ class Favourite extends Module { public function onAddNoteActions(Request $request, Note $note, array &$actions) { - $user = Common::user(); - // Only show buttons if a user is logged in - if ($user == null) { - return Event::next; - } - + $user = Common::user(); $opts = ['note_id' => $note->getId(), 'gsactor_id' => $user->getId()]; $is_set = DB::find('favourite', $opts) != null; $form = Form::create([ diff --git a/plugins/Repeat/Repeat.php b/plugins/Repeat/Repeat.php index bba86d939a..3cba900c1f 100644 --- a/plugins/Repeat/Repeat.php +++ b/plugins/Repeat/Repeat.php @@ -34,15 +34,8 @@ class Repeat extends Module { public function onAddNoteActions(Request $request, Note $note, array &$actions) { - $user = Common::user(); - // Only show buttons if a user is logged in - if ($user == null) { - return Event::next; - } - - $to_repeat = DB::find('note', ['id' => $note->getId()]); - $is_set = false; - $form = Form::create([ + $is_set = false; + $form = Form::create([ ['is_set', HiddenType::class, ['data' => $is_set ? '1' : '0']], ['note_id', HiddenType::class, ['data' => $note->getId()]], ['repeat', SubmitType::class, ['label' => ' ']], @@ -52,22 +45,30 @@ class Repeat extends Module $form->handleRequest($request); if ($form->isSubmitted()) { $data = $form->getData(); - // Loose comparison - if ($data['note_id'] != $to_repeat) { + if ($data['note_id'] != $note . getId()) { + // ^ Loose comparison return Event::next; - } - - if ($form->isValid()) { - if (!$data['is_set']) { - DB::persist(Note::create(['gsactor_id' => $user->getId(), 'repeat_of' => $note->getId(), 'content' => $note->getContent(), 'is_local' => true])); - DB::flush(); - } else { - DB::remove($to_repeat); - DB::flush(); - } - return Event::stop; } else { - throw new InvalidFormException(); + if (!$note->isVisibleTo(Common::user())) { + // ^ Ensure user isn't trying to trip us up + Log::error('Suspicious activity: user ' . $user->getNickname() . + ' tried to repeat note ' . $note->getId() . + ', but they shouldn\'t have access to it'); + throw new NoSuchNoteException(); + } else { + if ($form->isValid()) { + if (!$data['is_set']) { + DB::persist(Note::create(['gsactor_id' => $user->getId(), 'repeat_of' => $note->getId(), 'content' => $note->getContent(), 'is_local' => true])); + DB::flush(); + } else { + DB::remove(DB::findOneBy('note', ['gsactor_id' => $user->getId(), 'repeat_of' => $note->getId()])); + DB::flush(); + } + return Event::stop; + } else { + throw new InvalidFormException(); + } + } } } } diff --git a/src/Twig/Runtime.php b/src/Twig/Runtime.php index d1d0022505..b61086f5b0 100644 --- a/src/Twig/Runtime.php +++ b/src/Twig/Runtime.php @@ -60,6 +60,11 @@ class Runtime implements RuntimeExtensionInterface, EventSubscriberInterface public function getNoteActions(Note $note) { + // Only show buttons if a user is logged in + if (Common::user() == null) { + return []; + } + $actions = []; Event::handle('add_note_actions', [$this->request, $note, &$actions]); return $actions;