Prevent group creation by silenced users.
* adds Right::CREATEGROUP * logic in Profile::hasRight() checks for silencing * NewgroupAction checks for the permission before letting you see or process the form in the UI * User_group::register() logic does a low-level check on the specified initial group admin, and rejects creation if that user doesn't have the right; guaranteeing that API methods etc will also have this restriction applied sensibly.
This commit is contained in:
parent
46123e3754
commit
d3d9797496
@ -66,6 +66,13 @@ class NewgroupAction extends Action
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$user = common_current_user();
|
||||||
|
$profile = $user->getProfile();
|
||||||
|
if (!$profile->hasRight(Right::CREATEGROUP)) {
|
||||||
|
// TRANS: Client exception thrown when a user tries to create a group while banned.
|
||||||
|
throw new ClientException(_('You are not allowed to create groups on this site.'), 403);
|
||||||
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -909,6 +909,7 @@ class Profile extends Memcached_DataObject
|
|||||||
case Right::NEWNOTICE:
|
case Right::NEWNOTICE:
|
||||||
case Right::NEWMESSAGE:
|
case Right::NEWMESSAGE:
|
||||||
case Right::SUBSCRIBE:
|
case Right::SUBSCRIBE:
|
||||||
|
case Right::CREATEGROUP:
|
||||||
$result = !$this->isSilenced();
|
$result = !$this->isSilenced();
|
||||||
break;
|
break;
|
||||||
case Right::PUBLICNOTICE:
|
case Right::PUBLICNOTICE:
|
||||||
|
@ -465,6 +465,16 @@ class User_group extends Memcached_DataObject
|
|||||||
}
|
}
|
||||||
|
|
||||||
static function register($fields) {
|
static function register($fields) {
|
||||||
|
if (!empty($fields['userid'])) {
|
||||||
|
$profile = Profile::staticGet('id', $fields['userid']);
|
||||||
|
if ($profile && !$profile->hasRight(Right::CREATEGROUP)) {
|
||||||
|
common_log(LOG_WARNING, "Attempted group creation from banned user: " . $profile->nickname);
|
||||||
|
|
||||||
|
// TRANS: Client exception thrown when a user tries to create a group while banned.
|
||||||
|
throw new ClientException(_('You are not allowed to create groups on this site.'), 403);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// MAGICALLY put fields into current scope
|
// MAGICALLY put fields into current scope
|
||||||
|
|
||||||
extract($fields);
|
extract($fields);
|
||||||
|
@ -61,5 +61,6 @@ class Right
|
|||||||
const GRANTROLE = 'grantrole';
|
const GRANTROLE = 'grantrole';
|
||||||
const REVOKEROLE = 'revokerole';
|
const REVOKEROLE = 'revokerole';
|
||||||
const DELETEGROUP = 'deletegroup';
|
const DELETEGROUP = 'deletegroup';
|
||||||
|
const CREATEGROUP = 'creategroup';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user