diff --git a/actions/newgroup.php b/actions/newgroup.php index 95af6415e5..42d488e54e 100644 --- a/actions/newgroup.php +++ b/actions/newgroup.php @@ -66,6 +66,13 @@ class NewgroupAction extends Action return false; } + $user = common_current_user(); + $profile = $user->getProfile(); + if (!$profile->hasRight(Right::CREATEGROUP)) { + // TRANS: Client exception thrown when a user tries to create a group while banned. + throw new ClientException(_('You are not allowed to create groups on this site.'), 403); + } + return true; } diff --git a/classes/Profile.php b/classes/Profile.php index 972351a75b..adad0c6157 100644 --- a/classes/Profile.php +++ b/classes/Profile.php @@ -850,6 +850,7 @@ class Profile extends Memcached_DataObject case Right::NEWNOTICE: case Right::NEWMESSAGE: case Right::SUBSCRIBE: + case Right::CREATEGROUP: $result = !$this->isSilenced(); break; case Right::PUBLICNOTICE: diff --git a/classes/User_group.php b/classes/User_group.php index cffc786458..68f61cb7f4 100644 --- a/classes/User_group.php +++ b/classes/User_group.php @@ -476,6 +476,16 @@ class User_group extends Memcached_DataObject } static function register($fields) { + if (!empty($fields['userid'])) { + $profile = Profile::staticGet('id', $fields['userid']); + if ($profile && !$profile->hasRight(Right::CREATEGROUP)) { + common_log(LOG_WARNING, "Attempted group creation from banned user: " . $profile->nickname); + + // TRANS: Client exception thrown when a user tries to create a group while banned. + throw new ClientException(_('You are not allowed to create groups on this site.'), 403); + } + } + // MAGICALLY put fields into current scope extract($fields); diff --git a/lib/right.php b/lib/right.php index 5bf9c41161..d144b21ae9 100644 --- a/lib/right.php +++ b/lib/right.php @@ -65,5 +65,6 @@ class Right const RESTOREACCOUNT = 'restoreaccount'; const DELETEACCOUNT = 'deleteaccount'; const MOVEACCOUNT = 'moveaccount'; + const CREATEGROUP = 'creategroup'; }