GNUsocial
/
gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

Only administrators can delete other privileged users.

This commit is contained in:
Mikael Nordfeldth 2016-02-12 15:00:18 +01:00
parent 83f679fb57
commit c7c34ec05a
1 changed files with 15 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
actions/deleteuser.php
View File

@ -27,9 +27,7 @@
* @link http://status.net/ * @link http://status.net/
*/ */
if (!defined('STATUSNET') && !defined('LACONICA')) { if (!defined('GNUSOCIAL')) { exit(1); }
exit(1);
}
/** /**
* Delete a user * Delete a user
@ -44,33 +42,30 @@ class DeleteuserAction extends ProfileFormAction
{ {
var $user = null; var $user = null;
/** function prepare(array $args=array())
* Take arguments for running
*
* @param array $args $_REQUEST args
*
* @return boolean success flag
*/
function prepare($args)
{ {
if (!parent::prepare($args)) { if (!parent::prepare($args)) {
return false; return false;
} }
$cur = common_current_user(); assert($this->scoped instanceof Profile);
assert(!empty($cur)); // checked by parent if (!$this->scoped->hasRight(Right::DELETEUSER)) {
if (!$cur->hasRight(Right::DELETEUSER)) {
// TRANS: Client error displayed when trying to delete a user without having the right to delete users. // TRANS: Client error displayed when trying to delete a user without having the right to delete users.
$this->clientError(_('You cannot delete users.')); throw new AuthorizationException(_('You cannot delete users.'));
} }
$this->user = User::getKV('id', $this->profile->id); try {
$this->user = $this->profile->getUser();
if (empty($this->user)) { } catch (NoSuchUserException $e) {
// TRANS: Client error displayed when trying to delete a non-local user. // TRANS: Client error displayed when trying to delete a non-local user.
$this->clientError(_('You can only delete local users.')); throw new ClientException(_('You can only delete local users.'));
}
// Only administrators can delete other privileged users (such as others who have the right to silence).
if ($this->profile->isPrivileged() && !$this->scoped->hasRole(Profile_role::ADMINISTRATOR)) {
// TRANS: Client error displayed when trying to delete a user that has been granted moderation privileges
throw new AuthorizationException(_('You cannot delete other privileged users.'));
} }
return true; return true;