ulysia/szurubooru
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Closed #43

Browse source
This commit is contained in:
Marcin Kurczewski 2013-10-18 00:09:50 +02:00
parent 73050f159f
commit 019e7eea7f
9 changed files with 75 additions and 81 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
src/Controllers/CommentController.php
View file

@ -17,7 +17,7 @@ class CommentController
$page = intval($page);
$commentsPerPage = intval($this->config->comments->commentsPerPage);
PrivilegesHelper::confirmWithException($this->context->user, Privilege::ListComments);
PrivilegesHelper::confirmWithException(Privilege::ListComments);
$buildDbQuery = function($dbQuery)
{
@ -59,7 +59,7 @@ class CommentController
*/
public function addAction($postId)
{
PrivilegesHelper::confirmWithException($this->context->user, Privilege::AddComment);
PrivilegesHelper::confirmWithException(Privilege::AddComment);
if ($this->config->registration->needEmailForCommenting)
PrivilegesHelper::confirmEmail($this->context->user);
@ -90,8 +90,7 @@ class CommentController
public function deleteAction($id)
{
$comment = Model_Comment::locate($id);
$secondary = $comment->commenter->id == $this->context->user->id ? 'own' : 'all';
PrivilegesHelper::confirmWithException($this->context->user, Privilege::DeleteComment, $secondary);
PrivilegesHelper::confirmWithException(Privilege::DeleteComment, PrivilegesHelper::getIdentitySubPrivilege($comment->commenter));
R::trash($comment);
$this->context->transport->success = true;
}

44
src/Controllers/PostController.php
View file

@ -80,7 +80,7 @@ class PostController
$postsPerPage = intval($this->config->browsing->postsPerPage);
$this->context->subTitle = 'browsing posts';
$this->context->transport->searchQuery = $query;
PrivilegesHelper::confirmWithException($this->context->user, Privilege::ListPosts);
PrivilegesHelper::confirmWithException(Privilege::ListPosts);
$buildDbQuery = function($dbQuery, $query)
{
@ -90,7 +90,7 @@ class PostController
/* safety */
$allowedSafety = array_filter(PostSafety::getAll(), function($safety)
{
return PrivilegesHelper::confirm($this->context->user, Privilege::ListPosts, PostSafety::toString($safety)) and
return PrivilegesHelper::confirm(Privilege::ListPosts, PostSafety::toString($safety)) and
$this->context->user->hasEnabledSafety($safety);
});
$dbQuery->where('safety IN (' . R::genSlots($allowedSafety) . ')');
@ -99,7 +99,7 @@ class PostController
/* hidden */
if (!PrivilegesHelper::confirm($this->context->user, Privilege::ListPosts, 'hidden'))
if (!PrivilegesHelper::confirm(Privilege::ListPosts, 'hidden'))
$dbQuery->andNot('hidden');
@ -158,7 +158,7 @@ class PostController
$this->context->stylesheets []= 'upload.css';
$this->context->scripts []= 'upload.js';
$this->context->subTitle = 'upload';
PrivilegesHelper::confirmWithException($this->context->user, Privilege::UploadPost);
PrivilegesHelper::confirmWithException(Privilege::UploadPost);
if ($this->config->registration->needEmailForUploading)
PrivilegesHelper::confirmEmail($this->context->user);
@ -246,7 +246,6 @@ class PostController
$post = Model_Post::locate($id);
R::preload($post, ['uploader' => 'user']);
$edited = false;
$secondary = $post->uploader->id == $this->context->user->id ? 'own' : 'all';
$this->context->transport->post = $post;
@ -254,7 +253,7 @@ class PostController
$suppliedSafety = InputHelper::get('safety');
if ($suppliedSafety !== null)
{
PrivilegesHelper::confirmWithException($this->context->user, Privilege::EditPostSafety, $secondary);
PrivilegesHelper::confirmWithException(Privilege::EditPostSafety, PrivilegesHelper::getIdentitySubPrivilege($post->uploader));
$suppliedSafety = Model_Post::validateSafety($suppliedSafety);
$post->safety = $suppliedSafety;
$edited = true;
@ -265,7 +264,7 @@ class PostController
$suppliedTags = InputHelper::get('tags');
if ($suppliedTags !== null)
{
PrivilegesHelper::confirmWithException($this->context->user, Privilege::EditPostTags, $secondary);
PrivilegesHelper::confirmWithException(Privilege::EditPostTags, PrivilegesHelper::getIdentitySubPrivilege($post->uploader));
$currentToken = self::serializeTags($post);
if (InputHelper::get('tags-token') != $currentToken)
throw new SimpleException('Someone else has changed the tags in the meantime');
@ -280,7 +279,7 @@ class PostController
/* thumbnail */
if (!empty($_FILES['thumb']['name']))
{
PrivilegesHelper::confirmWithException($this->context->user, Privilege::EditPostThumb, $secondary);
PrivilegesHelper::confirmWithException(Privilege::EditPostThumb, PrivilegesHelper::getIdentitySubPrivilege($post->uploader));
$suppliedFile = $_FILES['thumb'];
self::handleUploadErrors($suppliedFile);
@ -312,8 +311,7 @@ class PostController
public function hideAction($id)
{
$post = Model_Post::locate($id);
$secondary = $post->uploader->id == $this->context->user->id ? 'own' : 'all';
PrivilegesHelper::confirmWithException($this->context->user, Privilege::HidePost, $secondary);
PrivilegesHelper::confirmWithException(Privilege::HidePost, PrivilegesHelper::getIdentitySubPrivilege($post->uploader));
$post->hidden = true;
R::store($post);
$this->context->transport->success = true;
@ -325,8 +323,7 @@ class PostController
public function unhideAction($id)
{
$post = Model_Post::locate($id);
$secondary = $post->uploader->id == $this->context->user->id ? 'own' : 'all';
PrivilegesHelper::confirmWithException($this->context->user, Privilege::HidePost, $secondary);
PrivilegesHelper::confirmWithException(Privilege::HidePost, PrivilegesHelper::getIdentitySubPrivilege($post->uploader));
$post->hidden = false;
R::store($post);
$this->context->transport->success = true;
@ -338,8 +335,7 @@ class PostController
public function deleteAction($id)
{
$post = Model_Post::locate($id);
$secondary = $post->uploader->id == $this->context->user->id ? 'own' : 'all';
PrivilegesHelper::confirmWithException($this->context->user, Privilege::DeletePost, $secondary);
PrivilegesHelper::confirmWithException(Privilege::DeletePost, PrivilegesHelper::getIdentitySubPrivilege($post->uploader));
//remove stuff from auxiliary tables
$post->ownFavoritee = [];
$post->sharedTag = [];
@ -366,7 +362,7 @@ class PostController
if ($fav->id == $this->context->user->id)
throw new SimpleException('Already in favorites');
PrivilegesHelper::confirmWithException($this->context->user, Privilege::FavoritePost);
PrivilegesHelper::confirmWithException(Privilege::FavoritePost);
$post->link('favoritee')->user = $this->context->user;
R::store($post);
$this->context->transport->success = true;
@ -381,7 +377,7 @@ class PostController
$post = Model_Post::locate($id);
R::preload($post, ['favoritee' => 'user']);
PrivilegesHelper::confirmWithException($this->context->user, Privilege::FavoritePost);
PrivilegesHelper::confirmWithException(Privilege::FavoritePost);
if (!$this->context->loggedIn)
throw new SimpleException('Not logged in');
@ -415,9 +411,9 @@ class PostController
'ownComment.commenter' => 'user']);
if ($post->hidden)
PrivilegesHelper::confirmWithException($this->context->user, Privilege::ViewPost, 'hidden');
PrivilegesHelper::confirmWithException($this->context->user, Privilege::ViewPost);
PrivilegesHelper::confirmWithException($this->context->user, Privilege::ViewPost, PostSafety::toString($post->safety));
PrivilegesHelper::confirmWithException(Privilege::ViewPost, 'hidden');
PrivilegesHelper::confirmWithException(Privilege::ViewPost);
PrivilegesHelper::confirmWithException(Privilege::ViewPost, PostSafety::toString($post->safety));
$buildNextPostQuery = function($dbQuery, $id, $next)
{
@ -425,7 +421,7 @@ class PostController
->from('post')
->where($next ? 'id > ?' : 'id < ?')
->put($id);
if (!PrivilegesHelper::confirm($this->context->user, Privilege::ListPosts, 'hidden'))
if (!PrivilegesHelper::confirm(Privilege::ListPosts, 'hidden'))
$dbQuery->andNot('hidden');
$dbQuery->orderBy($next ? 'id asc' : 'id desc')
->limit(1);
@ -481,8 +477,8 @@ class PostController
$this->context->layoutName = 'layout-file';
$post = Model_Post::locate($id);
PrivilegesHelper::confirmWithException($this->context->user, Privilege::ViewPost);
PrivilegesHelper::confirmWithException($this->context->user, Privilege::ViewPost, PostSafety::toString($post->safety));
PrivilegesHelper::confirmWithException(Privilege::ViewPost);
PrivilegesHelper::confirmWithException(Privilege::ViewPost, PostSafety::toString($post->safety));
$path = $this->config->main->thumbsPath . DS . $post->name;
if (!file_exists($path))
@ -554,8 +550,8 @@ class PostController
$post = Model_Post::locate($name, true);
R::preload($post, ['tag']);
PrivilegesHelper::confirmWithException($this->context->user, Privilege::RetrievePost);
PrivilegesHelper::confirmWithException($this->context->user, Privilege::RetrievePost, PostSafety::toString($post->safety));
PrivilegesHelper::confirmWithException(Privilege::RetrievePost);
PrivilegesHelper::confirmWithException(Privilege::RetrievePost, PostSafety::toString($post->safety));
$path = $this->config->main->filesPath . DS . $post->name;
if (!file_exists($path))

2
src/Controllers/TagController.php
View file

@ -8,7 +8,7 @@ class TagController
{
$this->context->subTitle = 'tags';
PrivilegesHelper::confirmWithException($this->context->user, Privilege::ListTags);
PrivilegesHelper::confirmWithException(Privilege::ListTags);
$dbQuery = R::$f->begin();
$dbQuery->select('tag.name, COUNT(1) AS count');

33
src/Controllers/UserController.php
View file

@ -59,7 +59,7 @@ class UserController
$page = intval($page);
$usersPerPage = intval($this->config->browsing->usersPerPage);
$this->context->subTitle = 'browsing users';
PrivilegesHelper::confirmWithException($this->context->user, Privilege::ListUsers);
PrivilegesHelper::confirmWithException(Privilege::ListUsers);
if ($sortStyle == '' or $sortStyle == 'alpha')
$sortStyle = 'alpha,asc';
@ -127,8 +127,7 @@ class UserController
public function banAction($name)
{
$user = Model_User::locate($name);
$secondary = $user->id == $this->context->user->id ? 'own' : 'all';
PrivilegesHelper::confirmWithException($this->context->user, Privilege::BanUser, $secondary);
PrivilegesHelper::confirmWithException(Privilege::BanUser, PrivilegesHelper::getIdentitySubPrivilege($user));
$user->banned = true;
R::store($user);
$this->context->transport->success = true;
@ -141,8 +140,7 @@ class UserController
public function unbanAction($name)
{
$user = Model_User::locate($name);
$secondary = $user->id == $this->context->user->id ? 'own' : 'all';
PrivilegesHelper::confirmWithException($this->context->user, Privilege::BanUser, $secondary);
PrivilegesHelper::confirmWithException(Privilege::BanUser, PrivilegesHelper::getIdentitySubPrivilege($user));
$user->banned = false;
R::store($user);
$this->context->transport->success = true;
@ -155,7 +153,7 @@ class UserController
public function acceptRegistrationAction($name)
{
$user = Model_User::locate($name);
PrivilegesHelper::confirmWithException($this->context->user, Privilege::AcceptUserRegistration);
PrivilegesHelper::confirmWithException(Privilege::AcceptUserRegistration);
$user->staff_confirmed = true;
R::store($user);
$this->context->transport->success = true;
@ -171,9 +169,8 @@ class UserController
public function deleteAction($name)
{
$user = Model_User::locate($name);
$secondary = $user->id == $this->context->user->id ? 'own' : 'all';
PrivilegesHelper::confirmWithException($this->context->user, Privilege::ViewUser, $secondary);
PrivilegesHelper::confirmWithException($this->context->user, Privilege::DeleteUser, $secondary);
PrivilegesHelper::confirmWithException(Privilege::ViewUser, PrivilegesHelper::getIdentitySubPrivilege($user));
PrivilegesHelper::confirmWithException(Privilege::DeleteUser, PrivilegesHelper::getIdentitySubPrivilege($user));
$this->context->handleExceptions = true;
$this->context->transport->user = $user;
@ -213,8 +210,7 @@ class UserController
$user = Model_User::locate($name);
$edited = false;
$secondary = $user->id == $this->context->user->id ? 'own' : 'all';
PrivilegesHelper::confirmWithException($this->context->user, Privilege::ViewUser, $secondary);
PrivilegesHelper::confirmWithException(Privilege::ViewUser, PrivilegesHelper::getIdentitySubPrivilege($user));
$this->context->handleExceptions = true;
$this->context->transport->user = $user;
@ -233,7 +229,7 @@ class UserController
if ($suppliedName != '' and $suppliedName != $user->name)
{
PrivilegesHelper::confirmWithException($this->context->user, Privilege::ChangeUserName, $secondary);
PrivilegesHelper::confirmWithException(Privilege::ChangeUserName, PrivilegesHelper::getIdentitySubPrivilege($user));
$suppliedName = Model_User::validateUserName($suppliedName);
$user->name = $suppliedName;
$edited = true;
@ -241,7 +237,7 @@ class UserController
if ($suppliedPassword1 != '')
{
PrivilegesHelper::confirmWithException($this->context->user, Privilege::ChangeUserPassword, $secondary);
PrivilegesHelper::confirmWithException(Privilege::ChangeUserPassword, PrivilegesHelper::getIdentitySubPrivilege($user));
if ($suppliedPassword1 != $suppliedPassword2)
throw new SimpleException('Specified passwords must be the same');
$suppliedPassword = Model_User::validatePassword($suppliedPassword1);
@ -251,7 +247,7 @@ class UserController
if ($suppliedEmail != '' and $suppliedEmail != $user->email_confirmed)
{
PrivilegesHelper::confirmWithException($this->context->user, Privilege::ChangeUserEmail, $secondary);
PrivilegesHelper::confirmWithException(Privilege::ChangeUserEmail, PrivilegesHelper::getIdentitySubPrivilege($user));
$suppliedEmail = Model_User::validateEmail($suppliedEmail);
if ($this->context->user->id == $user->id)
{
@ -268,7 +264,7 @@ class UserController
if ($suppliedAccessRank != '' and $suppliedAccessRank != $user->access_rank)
{
PrivilegesHelper::confirmWithException($this->context->user, Privilege::ChangeUserAccessRank, $secondary);
PrivilegesHelper::confirmWithException(Privilege::ChangeUserAccessRank, PrivilegesHelper::getIdentitySubPrivilege($user));
$suppliedAccessRank = Model_User::validateAccessRank($suppliedAccessRank);
$user->access_rank = $suppliedAccessRank;
$edited = true;
@ -312,8 +308,7 @@ class UserController
if ($page === null)
$page = 1;
$secondary = $user->id == $this->context->user->id ? 'own' : 'all';
PrivilegesHelper::confirmWithException($this->context->user, Privilege::ViewUser, $secondary);
PrivilegesHelper::confirmWithException(Privilege::ViewUser, PrivilegesHelper::getIdentitySubPrivilege($user));
$this->context->stylesheets []= 'user-view.css';
$this->context->stylesheets []= 'post-list.css';
$this->context->stylesheets []= 'paginator.css';
@ -329,7 +324,7 @@ class UserController
/* safety */
$allowedSafety = array_filter(PostSafety::getAll(), function($safety)
{
return PrivilegesHelper::confirm($this->context->user, Privilege::ListPosts, PostSafety::toString($safety)) and
return PrivilegesHelper::confirm(Privilege::ListPosts, PostSafety::toString($safety)) and
$this->context->user->hasEnabledSafety($safety);
});
$dbQuery->where('safety IN (' . R::genSlots($allowedSafety) . ')');
@ -338,7 +333,7 @@ class UserController
/* hidden */
if (!PrivilegesHelper::confirm($this->context->user, Privilege::ListPosts, 'hidden'))
if (!PrivilegesHelper::confirm(Privilege::ListPosts, 'hidden'))
$dbQuery->andNot('hidden');

23
src/Helpers/PrivilegesHelper.php
View file

@ -10,18 +10,19 @@ class PrivilegesHelper
{
if (strpos($key, '.') === false)
$key .= '.';
list ($privilegeName, $flag) = explode('.', $key);
list ($privilegeName, $subPrivilegeName) = explode('.', $key);
$privilegeName = TextHelper::camelCaseToKebabCase($privilegeName);
$flag = TextHelper::camelCaseToKebabCase($flag);
$key = rtrim($privilegeName . '.' . $flag, '.');
$subPrivilegeName = TextHelper::camelCaseToKebabCase($subPrivilegeName);
$key = rtrim($privilegeName . '.' . $subPrivilegeName, '.');
$minAccessRank = TextHelper::resolveConstant($minAccessRankName, 'AccessRank');
self::$privileges[$key] = $minAccessRank;
}
}
public static function confirm($user, $privilege, $flag = null)
public static function confirm($privilege, $subPrivilege = null)
{
$user = \Chibi\Registry::getContext()->user;
$minAccessRank = AccessRank::Admin;
$key = TextHelper::camelCaseToKebabCase(Privilege::toString($privilege));
@ -29,9 +30,9 @@ class PrivilegesHelper
{
$minAccessRank = self::$privileges[$key];
}
if ($flag != null)
if ($subPrivilege != null)
{
$key2 = $key . '.' . strtolower($flag);
$key2 = $key . '.' . strtolower($subPrivilege);
if (isset(self::$privileges[$key2]))
{
$minAccessRank = self::$privileges[$key2];
@ -41,14 +42,20 @@ class PrivilegesHelper
return intval($user->access_rank) >= $minAccessRank;
}
public static function confirmWithException($user, $privilege, $flag = null)
public static function confirmWithException($privilege, $subPrivilege = null)
{
if (!self::confirm($user, $privilege, $flag))
if (!self::confirm($privilege, $subPrivilege))
{
throw new SimpleException('Insufficient privileges');
}
}
public static function getIdentitySubPrivilege($user)
{
$userFromContext = \Chibi\Registry::getContext()->user;
return $user->id == $userFromContext->id ? 'own' : 'all';
}
public static function confirmEmail($user)
{
if (!$user->email_confirmed)

3
src/Views/comment-small.phtml
View file

@ -25,8 +25,7 @@
<?php echo date('Y-m-d H:i', $this->context->comment->comment_date) ?>
</span>
<?php $secondary = $this->context->comment->commenter->id == $this->context->user->id ? 'own' : 'all' ?>
<?php if (PrivilegesHelper::confirm($this->context->user, Privilege::DeleteComment, $secondary)): ?>
<?php if (PrivilegesHelper::confirm(Privilege::DeleteComment, PrivilegesHelper::getIdentitySubPrivilege($this->context->comment->commenter))): ?>
<span class="delete">
<a class="simple-action" href="<?php echo \Chibi\UrlHelper::route('comment', 'delete', ['id' => $this->context->comment->id]) ?>" data-confirm-text="Are you sure you want to delete this comment?">
delete

14
src/Views/layout-normal.phtml
View file

@ -23,22 +23,22 @@
$nav = [];
$nav []= ['Home', \Chibi\UrlHelper::route('index', 'index')];
if (PrivilegesHelper::confirm($this->context->user, Privilege::ListPosts))
if (PrivilegesHelper::confirm(Privilege::ListPosts))
$nav []= ['Browse', \Chibi\UrlHelper::route('post', 'list')];
if (PrivilegesHelper::confirm($this->context->user, Privilege::ListPosts))
if (PrivilegesHelper::confirm(Privilege::ListPosts))
$nav []= ['Favorites', \Chibi\UrlHelper::route('post', 'favorites')];
if (PrivilegesHelper::confirm($this->context->user, Privilege::UploadPost))
if (PrivilegesHelper::confirm(Privilege::UploadPost))
$nav []= ['Upload', \Chibi\UrlHelper::route('post', 'upload')];
if (PrivilegesHelper::confirm($this->context->user, Privilege::ListComments))
if (PrivilegesHelper::confirm(Privilege::ListComments))
$nav []= ['Comments', \Chibi\UrlHelper::route('comment', 'list')];
if (PrivilegesHelper::confirm($this->context->user, Privilege::ListTags))
if (PrivilegesHelper::confirm(Privilege::ListTags))
$nav []= ['Tags', \Chibi\UrlHelper::route('tag', 'list')];
if (PrivilegesHelper::confirm($this->context->user, Privilege::ListUsers))
if (PrivilegesHelper::confirm(Privilege::ListUsers))
$nav []= ['Users', \Chibi\UrlHelper::route('user', 'list')];
if (!$this->context->loggedIn)
@ -67,7 +67,7 @@
<li class="safety">
<ul>
<?php foreach (PostSafety::getAll() as $safety): ?>
<?php if (PrivilegesHelper::confirm($this->context->user, Privilege::ListPosts, PostSafety::toString($safety))): ?>
<?php if (PrivilegesHelper::confirm(Privilege::ListPosts, PostSafety::toString($safety))): ?>
<li class="safety-<?php echo TextHelper::camelCaseToHumanCase(PostSafety::toString($safety)) ?>">
<a href="<?php echo \Chibi\UrlHelper::route('user', 'toggle-safety', ['safety' => $safety]) ?>" class="<?php echo $this->context->user->hasEnabledSafety($safety) ? 'enabled' : 'disabled' ?>" title="Searching <?php echo TextHelper::camelCaseToHumanCase(PostSafety::ToString($safety)) ?> posts: <?php echo $this->context->user->hasEnabledSafety($safety) ? 'enabled' : 'disabled' ?>">
<span><?php echo TextHelper::camelCaseToHumanCase(PostSafety::toString($safety), true) ?></span>

11
src/Views/post-view.phtml
View file

@ -119,7 +119,7 @@
<h1>options</h1>
<ul>
<?php if (PrivilegesHelper::confirm($this->context->user, Privilege::FavoritePost)): ?>
<?php if (PrivilegesHelper::confirm(Privilege::FavoritePost)): ?>
<?php if (!$this->context->favorite): ?>
<li class="add-fav">
<a class="simple-action" href="<?php echo \Chibi\UrlHelper::route('post', 'add-favorite', ['id' => $this->context->transport->post->id]) ?>">
@ -136,7 +136,6 @@
<?php endif ?>
<?php
$secondary = $this->context->transport->post->uploader->id == $this->context->user->id ? 'own' : 'all';
$editPostPrivileges = [
Privilege::EditPostSafety,
Privilege::EditPostTags,
@ -145,7 +144,7 @@
$editPostPrivileges = array_fill_keys($editPostPrivileges, false);
foreach (array_keys($editPostPrivileges) as $privilege)
{
if (PrivilegesHelper::confirm($this->context->user, $privilege, $secondary))
if (PrivilegesHelper::confirm($privilege, PrivilegesHelper::getIdentitySubPrivilege($this->context->transport->post->uploader)))
$editPostPrivileges[$privilege] = true;
}
$canEditAnything = count(array_filter($editPostPrivileges)) > 0;
@ -159,7 +158,7 @@
</li>
<?php endif ?>
<?php if (PrivilegesHelper::confirm($this->context->user, Privilege::HidePost, $secondary)): ?>
<?php if (PrivilegesHelper::confirm(Privilege::HidePost, PrivilegesHelper::getIdentitySubPrivilege($this->context->transport->post->uploader))): ?>
<?php if ($this->context->transport->post->hidden): ?>
<li class="unhide">
<a class="simple-action" href="<?php echo \Chibi\UrlHelper::route('post', 'unhide', ['id' => $this->context->transport->post->id]) ?>">
@ -175,7 +174,7 @@
<?php endif ?>
<?php endif ?>
<?php if (PrivilegesHelper::confirm($this->context->user, Privilege::DeletePost, $secondary)): ?>
<?php if (PrivilegesHelper::confirm(Privilege::DeletePost, PrivilegesHelper::getIdentitySubPrivilege($this->context->transport->post->uploader))): ?>
<li class="delete">
<a class="simple-action" href="<?php echo \Chibi\UrlHelper::route('post', 'delete', ['id' => $this->context->transport->post->id]) ?>" data-confirm-text="Are you sure?" data-redirect-url="<?php echo \Chibi\UrlHelper::route('post', 'list') ?>">
Delete
@ -252,7 +251,7 @@
<?php endif ?>
</div>
<?php if (PrivilegesHelper::confirm($this->context->user, Privilege::AddComment)): ?>
<?php if (PrivilegesHelper::confirm(Privilege::AddComment)): ?>
<form action="<?php echo \Chibi\UrlHelper::route('comment', 'add', ['postId' => $this->context->transport->post->id]) ?>" method="post" class="add-comment aligned footer-unit">
<h1>add comment</h1>

19
src/Views/user-view.phtml
View file

@ -19,7 +19,7 @@
<span class="value" title="<?php echo $val = TextHelper::camelCaseToHumanCase(AccessRank::toString($this->context->transport->user->access_rank)) ?>"><?php echo $val ?></span>
</div>
<?php if (PrivilegesHelper::confirm($this->context->user, Privilege::ViewUserEmail)): ?>
<?php if (PrivilegesHelper::confirm(Privilege::ViewUserEmail)): ?>
<div class="key-value email">
<span class="key">E-mail:</span>
<span class="value" title="<?php echo $val = ($this->context->transport->user->email_unconfirmed ? '(unconfirmed) ' . $this->context->transport->user->email_unconfirmed : $this->context->transport->user->email_confirmed ?: 'none specified') ?>"><?php echo $val ?></span>
@ -33,7 +33,6 @@
<ul>
<?php
$secondary = $this->context->transport->user->id == $this->context->user->id ? 'own' : 'all';
$userModificationPrivileges = [
Privilege::ChangeUserName,
Privilege::ChangeUserEmail,
@ -44,7 +43,7 @@
foreach (array_keys($userModificationPrivileges) as $privilege)
{
if (PrivilegesHelper::confirm($this->context->user, $privilege, $secondary))
if (PrivilegesHelper::confirm($privilege, PrivilegesHelper::getIdentitySubPrivilege($this->context->transport->user)))
$userModificationPrivileges[$privilege] = true;
}
$canModifyAnything = count(array_filter($userModificationPrivileges)) > 0;
@ -58,7 +57,7 @@
</li>
<?php endif ?>
<?php if (PrivilegesHelper::confirm($this->context->user, Privilege::BanUser, $secondary)): ?>
<?php if (PrivilegesHelper::confirm(Privilege::BanUser, PrivilegesHelper::getIdentitySubPrivilege($this->context->transport->user))): ?>
<?php if (!$this->context->transport->user->banned): ?>
<li class="ban">
<a class="simple-action" href="<?php echo \Chibi\UrlHelper::route('user', 'ban', ['name' => $this->context->transport->user->name]) ?>" data-confirm-text="Are you sure?">
@ -74,7 +73,7 @@
<?php endif ?>
<?php endif ?>
<?php if (PrivilegesHelper::confirm($this->context->user, Privilege::AcceptUserRegistration) and !$this->context->transport->user->staff_confirmed and $this->config->registration->staffActivation): ?>
<?php if (PrivilegesHelper::confirm(Privilege::AcceptUserRegistration) and !$this->context->transport->user->staff_confirmed and $this->config->registration->staffActivation): ?>
<li class="accept-registration">
<a class="simple-action" href="<?php echo \Chibi\UrlHelper::route('user', 'accept-registration', ['name' => $this->context->transport->user->name]) ?>">
Accept registration
@ -126,7 +125,7 @@
</li>
<?php endif ?>
<?php if (PrivilegesHelper::confirm($this->context->user, Privilege::DeleteUser, $secondary)): ?>
<?php if (PrivilegesHelper::confirm(Privilege::DeleteUser, PrivilegesHelper::getIdentitySubPrivilege($this->context->transport->user))): ?>
<?php if ($this->context->transport->tab == 'delete'): ?>
<li class="selected delete">
<?php else: ?>
@ -155,21 +154,21 @@
<hr>
<?php endif ?>
<?php if (PrivilegesHelper::confirm($this->context->user, Privilege::ChangeUserName, $secondary)): ?>
<?php if (PrivilegesHelper::confirm(Privilege::ChangeUserName, PrivilegesHelper::getIdentitySubPrivilege($this->context->transport->user))): ?>
<div class="nickname">
<label class="left" for="name">Name:</label>
<input type="text" name="name" id="name" placeholder="New name&hellip;" value="<?php echo $this->context->suppliedName ?>"/>
</div>
<?php endif ?>
<?php if (PrivilegesHelper::confirm($this->context->user, Privilege::ChangeUserEmail, $secondary)): ?>
<?php if (PrivilegesHelper::confirm(Privilege::ChangeUserEmail, PrivilegesHelper::getIdentitySubPrivilege($this->context->transport->user))): ?>
<div class="email">
<label class="left" for="name">E-mail:</label>
<input type="text" name="email" id="email" placeholder="New e-mail&hellip;" value="<?php echo $this->context->suppliedEmail ?>"/>
</div>
<?php endif ?>
<?php if (PrivilegesHelper::confirm($this->context->user, Privilege::ChangeUserPassword, $secondary)): ?>
<?php if (PrivilegesHelper::confirm(Privilege::ChangeUserPassword, PrivilegesHelper::getIdentitySubPrivilege($this->context->transport->user))): ?>
<div class="password1">
<label class="left" for="password1">New password:</label>
<input type="password" name="password1" id="password1" placeholder="New password&hellip;" value="<?php echo $this->context->suppliedPassword1 ?>"/>
@ -180,7 +179,7 @@
</div>
<?php endif ?>
<?php if (PrivilegesHelper::confirm($this->context->user, Privilege::ChangeUserAccessRank, $secondary)): ?>
<?php if (PrivilegesHelper::confirm(Privilege::ChangeUserAccessRank, PrivilegesHelper::getIdentitySubPrivilege($this->context->transport->user))): ?>
<div class="access-rank">
<label class="left" for="access-rank">Access rank:</label>
<select name="access-rank" id="access-rank">