Silence action can only be used on non-priviliged users

This commit is contained in:
Mikael Nordfeldth 2016-02-12 14:22:25 +01:00
parent 5dce08d068
commit e5ad98e601
4 changed files with 45 additions and 84 deletions

View File

@ -27,9 +27,7 @@
* @link http://status.net/
*/
if (!defined('STATUSNET')) {
exit(1);
}
if (!defined('GNUSOCIAL')) { exit(1); }
/**
* Silence a user.
@ -42,45 +40,11 @@ if (!defined('STATUSNET')) {
*/
class SilenceAction extends ProfileFormAction
{
/**
* Check parameters
*
* @param array $args action arguments (URL, GET, POST)
*
* @return boolean success flag
*/
function prepare($args)
{
if (!parent::prepare($args)) {
return false;
}
$cur = common_current_user();
assert(!empty($cur)); // checked by parent
if (!$cur->hasRight(Right::SILENCEUSER)) {
// TRANS: Client error displayed trying to silence a user on a site where the feature is not enabled.
$this->clientError(_('You cannot silence users on this site.'));
}
assert(!empty($this->profile)); // checked by parent
if ($this->profile->isSilenced()) {
// TRANS: Client error displayed trying to silence an already silenced user.
$this->clientError(_('User is already silenced.'));
}
return true;
}
/**
* Silence a user.
*
* @return void
*/
function handlePost()
{
$this->profile->silence();
assert($this->scoped instanceof Profile);
assert($this->profile instanceof Profile);
$this->profile->silenceAs($this->scoped);
}
}

View File

@ -27,12 +27,10 @@
* @link http://status.net/
*/
if (!defined('STATUSNET')) {
exit(1);
}
if (!defined('GNUSOCIAL')) { exit(1); }
/**
* Silence a user.
* Unsilence a user.
*
* @category Action
* @package StatusNet
@ -42,45 +40,11 @@ if (!defined('STATUSNET')) {
*/
class UnsilenceAction extends ProfileFormAction
{
/**
* Check parameters
*
* @param array $args action arguments (URL, GET, POST)
*
* @return boolean success flag
*/
function prepare($args)
{
if (!parent::prepare($args)) {
return false;
}
$cur = common_current_user();
assert(!empty($cur)); // checked by parent
if (!$cur->hasRight(Right::SILENCEUSER)) {
// TRANS: Client error on page to unsilence a user when the feature is not enabled.
$this->clientError(_('You cannot silence users on this site.'));
}
assert(!empty($this->profile)); // checked by parent
if (!$this->profile->isSilenced()) {
// TRANS: Client error on page to unsilence a user when the to be unsilenced user has not been silenced.
$this->clientError(_('User is not silenced.'));
}
return true;
}
/**
* Silence a user.
*
* @return void
*/
function handlePost()
{
$this->profile->unsilence();
assert($this->scoped instanceof Profile);
assert($this->profile instanceof Profile);
$this->profile->unsilenceAs($this->scoped);
}
}

View File

@ -1174,6 +1174,22 @@ class Profile extends Managed_DataObject
}
}
function silenceAs(Profile $actor)
{
if (!$actor->hasRight(Right::SILENCEUSER)) {
throw new AuthorizationException(_('You cannot silence users on this site.'));
}
// Only administrators can silence other priviliged users (those who have the right to silence as well).
if ($this->hasRight(Right::SILENCEUSER) && !$actor->hasRole(Profile_role::ADMINISTRATOR)) {
throw new AuthorizationException(_('You cannot silence other priviliged users.'));
}
if ($this->isSilenced()) {
// TRANS: Client error displayed trying to silence an already silenced user.
throw new AlreadyFulfilledException(_('User is already silenced.'));
}
return $this->silence();
}
function unsilence()
{
$this->revokeRole(Profile_role::SILENCED);
@ -1182,6 +1198,19 @@ class Profile extends Managed_DataObject
}
}
function unsilenceAs(Profile $actor)
{
if (!$actor->hasRight(Right::SILENCEUSER)) {
// TRANS: Client error displayed trying to unsilence a user when the user does not have the right.
throw new AuthorizationException(_('You cannot unsilence users on this site.'));
}
if (!$this->isSilenced()) {
// TRANS: Client error displayed trying to unsilence a user when the target user has not been silenced.
throw new AlreadyFulfilledException(_('User is not silenced.'));
}
return $this->unsilence();
}
function flushVisibility()
{
// Get all notices

View File

@ -101,7 +101,11 @@ class ProfileFormAction extends RedirectingAction
parent::handle($args);
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
try {
$this->handlePost();
} catch (AlreadyFulfilledException $e) {
// 'tis alright
}
$this->returnToPrevious();
}
}