Move rights check to profile and add right for new notices
Added a right for new notices, realized that the hasRight() method should be on the profile, and moved it. Makes this a less atomic commit but that's the way it goes sometimes.
This commit is contained in:
parent
02cc7af1b6
commit
d2145a5b7f
@ -195,10 +195,8 @@ class Notice extends Memcached_DataObject
|
|||||||
' take a breather and post again in a few minutes.'));
|
' take a breather and post again in a few minutes.'));
|
||||||
}
|
}
|
||||||
|
|
||||||
$banned = common_config('profile', 'banned');
|
if (!$profile->hasRight(Right::NEWNOTICE)) {
|
||||||
|
common_log(LOG_WARNING, "Attempted post from user disallowed to post: " . $profile->nickname);
|
||||||
if ( in_array($profile_id, $banned) || in_array($profile->nickname, $banned)) {
|
|
||||||
common_log(LOG_WARNING, "Attempted post from banned user: $profile->nickname (user id = $profile_id).");
|
|
||||||
throw new ClientException(_('You are banned from posting notices on this site.'));
|
throw new ClientException(_('You are banned from posting notices on this site.'));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -661,4 +661,42 @@ class Profile extends Memcached_DataObject
|
|||||||
{
|
{
|
||||||
$this->revokeRole(Profile_role::SILENCED);
|
$this->revokeRole(Profile_role::SILENCED);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Does this user have the right to do X?
|
||||||
|
*
|
||||||
|
* With our role-based authorization, this is merely a lookup for whether the user
|
||||||
|
* has a particular role. The implementation currently uses a switch statement
|
||||||
|
* to determine if the user has the pre-defined role to exercise the right. Future
|
||||||
|
* implementations may allow per-site roles, and different mappings of roles to rights.
|
||||||
|
*
|
||||||
|
* @param $right string Name of the right, usually a constant in class Right
|
||||||
|
* @return boolean whether the user has the right in question
|
||||||
|
*/
|
||||||
|
|
||||||
|
function hasRight($right)
|
||||||
|
{
|
||||||
|
$result = false;
|
||||||
|
if (Event::handle('UserRightsCheck', array($this, $right, &$result))) {
|
||||||
|
switch ($right)
|
||||||
|
{
|
||||||
|
case Right::DELETEOTHERSNOTICE:
|
||||||
|
case Right::SANDBOXUSER:
|
||||||
|
case Right::SILENCEUSER:
|
||||||
|
case Right::DELETEUSER:
|
||||||
|
$result = $this->hasRole(Profile_role::MODERATOR);
|
||||||
|
break;
|
||||||
|
case Right::CONFIGURESITE:
|
||||||
|
$result = $this->hasRole(Profile_role::ADMINISTRATOR);
|
||||||
|
break;
|
||||||
|
case Right::NEWNOTICE:
|
||||||
|
$result = !$this->isSilenced();
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
$result = false;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return $result;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -657,39 +657,10 @@ class User extends Memcached_DataObject
|
|||||||
return Design::staticGet('id', $this->design_id);
|
return Design::staticGet('id', $this->design_id);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Does this user have the right to do X?
|
|
||||||
*
|
|
||||||
* With our role-based authorization, this is merely a lookup for whether the user
|
|
||||||
* has a particular role. The implementation currently uses a switch statement
|
|
||||||
* to determine if the user has the pre-defined role to exercise the right. Future
|
|
||||||
* implementations may allow per-site roles, and different mappings of roles to rights.
|
|
||||||
*
|
|
||||||
* @param $right string Name of the right, usually a constant in class Right
|
|
||||||
* @return boolean whether the user has the right in question
|
|
||||||
*/
|
|
||||||
|
|
||||||
function hasRight($right)
|
function hasRight($right)
|
||||||
{
|
{
|
||||||
$result = false;
|
$profile = $this->getProfile();
|
||||||
if (Event::handle('UserRightsCheck', array($this, $right, &$result))) {
|
return $profile->hasRight($right);
|
||||||
switch ($right)
|
|
||||||
{
|
|
||||||
case Right::DELETEOTHERSNOTICE:
|
|
||||||
case Right::SANDBOXUSER:
|
|
||||||
case Right::SILENCEUSER:
|
|
||||||
case Right::DELETEUSER:
|
|
||||||
$result = $this->hasRole(Profile_role::MODERATOR);
|
|
||||||
break;
|
|
||||||
case Right::CONFIGURESITE:
|
|
||||||
$result = $this->hasRole(Profile_role::ADMINISTRATOR);
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
$result = false;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return $result;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function delete()
|
function delete()
|
||||||
|
@ -50,5 +50,6 @@ class Right
|
|||||||
const DELETEUSER = 'deleteuser';
|
const DELETEUSER = 'deleteuser';
|
||||||
const SILENCEUSER = 'silenceuser';
|
const SILENCEUSER = 'silenceuser';
|
||||||
const SANDBOXUSER = 'sandboxuser';
|
const SANDBOXUSER = 'sandboxuser';
|
||||||
|
const NEWNOTICE = 'newnotice';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user