Move rights check to profile and add right for new notices
Added a right for new notices, realized that the hasRight() method should be on the profile, and moved it. Makes this a less atomic commit but that's the way it goes sometimes.
This commit is contained in:
parent
02cc7af1b6
commit
d2145a5b7f
@ -195,10 +195,8 @@ class Notice extends Memcached_DataObject
|
||||
' take a breather and post again in a few minutes.'));
|
||||
}
|
||||
|
||||
$banned = common_config('profile', 'banned');
|
||||
|
||||
if ( in_array($profile_id, $banned) || in_array($profile->nickname, $banned)) {
|
||||
common_log(LOG_WARNING, "Attempted post from banned user: $profile->nickname (user id = $profile_id).");
|
||||
if (!$profile->hasRight(Right::NEWNOTICE)) {
|
||||
common_log(LOG_WARNING, "Attempted post from user disallowed to post: " . $profile->nickname);
|
||||
throw new ClientException(_('You are banned from posting notices on this site.'));
|
||||
}
|
||||
|
||||
|
@ -661,4 +661,42 @@ class Profile extends Memcached_DataObject
|
||||
{
|
||||
$this->revokeRole(Profile_role::SILENCED);
|
||||
}
|
||||
|
||||
/**
|
||||
* Does this user have the right to do X?
|
||||
*
|
||||
* With our role-based authorization, this is merely a lookup for whether the user
|
||||
* has a particular role. The implementation currently uses a switch statement
|
||||
* to determine if the user has the pre-defined role to exercise the right. Future
|
||||
* implementations may allow per-site roles, and different mappings of roles to rights.
|
||||
*
|
||||
* @param $right string Name of the right, usually a constant in class Right
|
||||
* @return boolean whether the user has the right in question
|
||||
*/
|
||||
|
||||
function hasRight($right)
|
||||
{
|
||||
$result = false;
|
||||
if (Event::handle('UserRightsCheck', array($this, $right, &$result))) {
|
||||
switch ($right)
|
||||
{
|
||||
case Right::DELETEOTHERSNOTICE:
|
||||
case Right::SANDBOXUSER:
|
||||
case Right::SILENCEUSER:
|
||||
case Right::DELETEUSER:
|
||||
$result = $this->hasRole(Profile_role::MODERATOR);
|
||||
break;
|
||||
case Right::CONFIGURESITE:
|
||||
$result = $this->hasRole(Profile_role::ADMINISTRATOR);
|
||||
break;
|
||||
case Right::NEWNOTICE:
|
||||
$result = !$this->isSilenced();
|
||||
break;
|
||||
default:
|
||||
$result = false;
|
||||
break;
|
||||
}
|
||||
}
|
||||
return $result;
|
||||
}
|
||||
}
|
||||
|
@ -657,39 +657,10 @@ class User extends Memcached_DataObject
|
||||
return Design::staticGet('id', $this->design_id);
|
||||
}
|
||||
|
||||
/**
|
||||
* Does this user have the right to do X?
|
||||
*
|
||||
* With our role-based authorization, this is merely a lookup for whether the user
|
||||
* has a particular role. The implementation currently uses a switch statement
|
||||
* to determine if the user has the pre-defined role to exercise the right. Future
|
||||
* implementations may allow per-site roles, and different mappings of roles to rights.
|
||||
*
|
||||
* @param $right string Name of the right, usually a constant in class Right
|
||||
* @return boolean whether the user has the right in question
|
||||
*/
|
||||
|
||||
function hasRight($right)
|
||||
{
|
||||
$result = false;
|
||||
if (Event::handle('UserRightsCheck', array($this, $right, &$result))) {
|
||||
switch ($right)
|
||||
{
|
||||
case Right::DELETEOTHERSNOTICE:
|
||||
case Right::SANDBOXUSER:
|
||||
case Right::SILENCEUSER:
|
||||
case Right::DELETEUSER:
|
||||
$result = $this->hasRole(Profile_role::MODERATOR);
|
||||
break;
|
||||
case Right::CONFIGURESITE:
|
||||
$result = $this->hasRole(Profile_role::ADMINISTRATOR);
|
||||
break;
|
||||
default:
|
||||
$result = false;
|
||||
break;
|
||||
}
|
||||
}
|
||||
return $result;
|
||||
$profile = $this->getProfile();
|
||||
return $profile->hasRight($right);
|
||||
}
|
||||
|
||||
function delete()
|
||||
|
@ -50,5 +50,6 @@ class Right
|
||||
const DELETEUSER = 'deleteuser';
|
||||
const SILENCEUSER = 'silenceuser';
|
||||
const SANDBOXUSER = 'sandboxuser';
|
||||
const NEWNOTICE = 'newnotice';
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user