Make it impossible to block (and thus unsubscribe from your

self-subscription) via the API.  Additionally, make it impossible
to block yourself or unsubscribe from yourself, period.

I also made User use the subs.php helper function for unsubscribing
during a block.

Hopefully, these changes will get rid of the problem of people
accidentally deleting their self-subscriptions once and for all
(knock on wood).
This commit is contained in:
Zach Copley 2009-12-03 17:06:58 -08:00
parent c89b10ffe4
commit aef4cc0a59
3 changed files with 43 additions and 8 deletions

View File

@ -98,6 +98,17 @@ class ApiBlockCreateAction extends ApiAuthAction
return; return;
} }
// Don't allow blocking yourself!
if ($this->user->id == $this->other->id) {
$this->clientError(
_("You cannot block yourself!"),
403,
$this->format
);
return;
}
if ($this->user->hasBlocked($this->other) if ($this->user->hasBlocked($this->other)
|| $this->user->block($this->other) || $this->user->block($this->other)
) { ) {

View File

@ -502,6 +502,19 @@ class User extends Memcached_DataObject
{ {
// Add a new block record // Add a new block record
// no blocking (and thus unsubbing from) yourself
if ($this->id == $other->id) {
common_log(LOG_WARNING,
sprintf(
"Profile ID %d (%s) tried to block his or herself.",
$profile->id,
$profile->nickname
)
);
return false;
}
$block = new Profile_block(); $block = new Profile_block();
// Begin a transaction // Begin a transaction
@ -520,15 +533,20 @@ class User extends Memcached_DataObject
// Cancel their subscription, if it exists // Cancel their subscription, if it exists
$sub = Subscription::pkeyGet(array('subscriber' => $other->id, $result = subs_unsubscribe_to($this, $other);
'subscribed' => $this->id));
if ($sub) { if ($result !== true) {
$result = $sub->delete(); common_log(LOG_WARNING,
if (!$result) { sprintf(
common_log_db_error($sub, 'DELETE', __FILE__); "Error trying to unsubscribe profile ID %d (%s) from user ID %d (%s): %s",
return false; $other->id,
} $other->nickname,
$this->id,
$this->nickname,
$result
)
);
return false;
} }
$block->query('COMMIT'); $block->query('COMMIT');

View File

@ -127,6 +127,12 @@ function subs_unsubscribe_to($user, $other)
if (!$user->isSubscribed($other)) if (!$user->isSubscribed($other))
return _('Not subscribed!'); return _('Not subscribed!');
// Don't allow deleting self subs
if ($user->id == $other->id) {
return _('Couldn\'t delete self-subscription.');
}
$sub = DB_DataObject::factory('subscription'); $sub = DB_DataObject::factory('subscription');
$sub->subscriber = $user->id; $sub->subscriber = $user->id;