Move rights check to profile and add right for new notices

Added a right for new notices, realized that the hasRight() method
should be on the profile, and moved it.

Makes this a less atomic commit but that's the way it goes sometimes.
This commit is contained in:
Evan Prodromou 2009-11-16 19:03:59 +01:00
parent 02cc7af1b6
commit d2145a5b7f
4 changed files with 43 additions and 35 deletions

View File

@ -195,10 +195,8 @@ class Notice extends Memcached_DataObject
' take a breather and post again in a few minutes.')); ' take a breather and post again in a few minutes.'));
} }
$banned = common_config('profile', 'banned'); if (!$profile->hasRight(Right::NEWNOTICE)) {
common_log(LOG_WARNING, "Attempted post from user disallowed to post: " . $profile->nickname);
if ( in_array($profile_id, $banned) || in_array($profile->nickname, $banned)) {
common_log(LOG_WARNING, "Attempted post from banned user: $profile->nickname (user id = $profile_id).");
throw new ClientException(_('You are banned from posting notices on this site.')); throw new ClientException(_('You are banned from posting notices on this site.'));
} }

View File

@ -661,4 +661,42 @@ class Profile extends Memcached_DataObject
{ {
$this->revokeRole(Profile_role::SILENCED); $this->revokeRole(Profile_role::SILENCED);
} }
/**
* Does this user have the right to do X?
*
* With our role-based authorization, this is merely a lookup for whether the user
* has a particular role. The implementation currently uses a switch statement
* to determine if the user has the pre-defined role to exercise the right. Future
* implementations may allow per-site roles, and different mappings of roles to rights.
*
* @param $right string Name of the right, usually a constant in class Right
* @return boolean whether the user has the right in question
*/
function hasRight($right)
{
$result = false;
if (Event::handle('UserRightsCheck', array($this, $right, &$result))) {
switch ($right)
{
case Right::DELETEOTHERSNOTICE:
case Right::SANDBOXUSER:
case Right::SILENCEUSER:
case Right::DELETEUSER:
$result = $this->hasRole(Profile_role::MODERATOR);
break;
case Right::CONFIGURESITE:
$result = $this->hasRole(Profile_role::ADMINISTRATOR);
break;
case Right::NEWNOTICE:
$result = !$this->isSilenced();
break;
default:
$result = false;
break;
}
}
return $result;
}
} }

View File

@ -657,39 +657,10 @@ class User extends Memcached_DataObject
return Design::staticGet('id', $this->design_id); return Design::staticGet('id', $this->design_id);
} }
/**
* Does this user have the right to do X?
*
* With our role-based authorization, this is merely a lookup for whether the user
* has a particular role. The implementation currently uses a switch statement
* to determine if the user has the pre-defined role to exercise the right. Future
* implementations may allow per-site roles, and different mappings of roles to rights.
*
* @param $right string Name of the right, usually a constant in class Right
* @return boolean whether the user has the right in question
*/
function hasRight($right) function hasRight($right)
{ {
$result = false; $profile = $this->getProfile();
if (Event::handle('UserRightsCheck', array($this, $right, &$result))) { return $profile->hasRight($right);
switch ($right)
{
case Right::DELETEOTHERSNOTICE:
case Right::SANDBOXUSER:
case Right::SILENCEUSER:
case Right::DELETEUSER:
$result = $this->hasRole(Profile_role::MODERATOR);
break;
case Right::CONFIGURESITE:
$result = $this->hasRole(Profile_role::ADMINISTRATOR);
break;
default:
$result = false;
break;
}
}
return $result;
} }
function delete() function delete()

View File

@ -50,5 +50,6 @@ class Right
const DELETEUSER = 'deleteuser'; const DELETEUSER = 'deleteuser';
const SILENCEUSER = 'silenceuser'; const SILENCEUSER = 'silenceuser';
const SANDBOXUSER = 'sandboxuser'; const SANDBOXUSER = 'sandboxuser';
const NEWNOTICE = 'newnotice';
} }