Commit Graph

15 Commits

Author SHA1 Message Date
Evan Prodromou
0d487a1ea0 Add spam-training, spam-reviewing rights
Replaced the check for a moderator role in certain spam-training and
-reviewing points. Make sure modhelpers can check, too.
2012-03-25 13:16:23 -04:00
Evan Prodromou
1525acdca1 Extend authorization framework to cover login and API use
I've extended the rights framework (centering on the Right class and Profile::hasRight()) to cover
Web login and API use. This will make it possible to prevent login and API use by users.

I added two new Right constants to the Right class: WEBLOGIN and API. I check these rights using
Profile::hasRight() when initializing users. If the rights check fails, I throw an exception.

I created a new AuthorizationException class for this particular
exception, in order to allow a different UI for these kinds of exceptions (or whatever).
2011-02-21 10:20:42 -05:00
Brion Vibber
90c7ff1983 Merge branch 'master' into 0.9.x 2010-12-28 11:37:38 -08:00
Brion Vibber
d3d9797496 Prevent group creation by silenced users.
* adds Right::CREATEGROUP
* logic in Profile::hasRight() checks for silencing
* NewgroupAction checks for the permission before letting you see or process the form in the UI
* User_group::register() logic does a low-level check on the specified initial group admin, and rejects creation if that user doesn't have the right; guaranteeing that API methods etc will also have this restriction applied sensibly.
2010-12-28 11:34:02 -08:00
Evan Prodromou
75aaa98462 define rights for account maintenance and default rules 2010-12-13 16:28:32 -05:00
Brion Vibber
f4f16af8ac Add a basic group deletion for moderator users. 2010-10-12 15:49:20 -07:00
Brion Vibber
4a2511139e Initial user role controls on profile pages, for owner to add/remove administrator and moderator options.
Buttons need to be themed.
2010-03-03 15:43:49 -08:00
Evan Prodromou
5fdcd88176 Moderator can make users admins of a group 2010-02-06 11:36:59 +01:00
Evan Prodromou
d59af02960 disallow email on faves from sandboxed users 2009-11-16 14:28:55 -05:00
Evan Prodromou
e9321a1806 more rights denied to silenced and sandboxed 2009-11-16 19:46:08 +01:00
Evan Prodromou
f1efb845e4 don't allow sandboxed users to post public notices 2009-11-16 19:22:22 +01:00
Evan Prodromou
d2145a5b7f Move rights check to profile and add right for new notices
Added a right for new notices, realized that the hasRight() method
should be on the profile, and moved it.

Makes this a less atomic commit but that's the way it goes sometimes.
2009-11-16 19:03:59 +01:00
Evan Prodromou
c9475c76a8 define rights around how to silence, sandbox, and delete a user 2009-11-15 15:59:10 +01:00
Evan Prodromou
589185ce87 uppercase right constants 2009-11-07 19:16:15 -05:00
Evan Prodromou
6c069312e2 user rights 2009-09-27 21:11:45 -04:00