Prevent group creation by silenced users.

* adds Right::CREATEGROUP
* logic in Profile::hasRight() checks for silencing
* NewgroupAction checks for the permission before letting you see or process the form in the UI
* User_group::register() logic does a low-level check on the specified initial group admin, and rejects creation if that user doesn't have the right; guaranteeing that API methods etc will also have this restriction applied sensibly.
This commit is contained in:
Brion Vibber 2010-12-28 11:34:02 -08:00
parent 46123e3754
commit d3d9797496
4 changed files with 19 additions and 0 deletions

View File

@ -66,6 +66,13 @@ class NewgroupAction extends Action
return false; return false;
} }
$user = common_current_user();
$profile = $user->getProfile();
if (!$profile->hasRight(Right::CREATEGROUP)) {
// TRANS: Client exception thrown when a user tries to create a group while banned.
throw new ClientException(_('You are not allowed to create groups on this site.'), 403);
}
return true; return true;
} }

View File

@ -909,6 +909,7 @@ class Profile extends Memcached_DataObject
case Right::NEWNOTICE: case Right::NEWNOTICE:
case Right::NEWMESSAGE: case Right::NEWMESSAGE:
case Right::SUBSCRIBE: case Right::SUBSCRIBE:
case Right::CREATEGROUP:
$result = !$this->isSilenced(); $result = !$this->isSilenced();
break; break;
case Right::PUBLICNOTICE: case Right::PUBLICNOTICE:

View File

@ -465,6 +465,16 @@ class User_group extends Memcached_DataObject
} }
static function register($fields) { static function register($fields) {
if (!empty($fields['userid'])) {
$profile = Profile::staticGet('id', $fields['userid']);
if ($profile && !$profile->hasRight(Right::CREATEGROUP)) {
common_log(LOG_WARNING, "Attempted group creation from banned user: " . $profile->nickname);
// TRANS: Client exception thrown when a user tries to create a group while banned.
throw new ClientException(_('You are not allowed to create groups on this site.'), 403);
}
}
// MAGICALLY put fields into current scope // MAGICALLY put fields into current scope
extract($fields); extract($fields);

View File

@ -61,5 +61,6 @@ class Right
const GRANTROLE = 'grantrole'; const GRANTROLE = 'grantrole';
const REVOKEROLE = 'revokerole'; const REVOKEROLE = 'revokerole';
const DELETEGROUP = 'deletegroup'; const DELETEGROUP = 'deletegroup';
const CREATEGROUP = 'creategroup';
} }