From 019e7eea7fdc3eeab39e67a449797d8367b7c983 Mon Sep 17 00:00:00 2001
From: Marcin Kurczewski <mkurczew@gmail.com>
Date: Fri, 18 Oct 2013 00:09:50 +0200
Subject: [PATCH] Closed #43

---
 src/Controllers/CommentController.php |  7 ++---
 src/Controllers/PostController.php    | 44 ++++++++++++---------------
 src/Controllers/TagController.php     |  2 +-
 src/Controllers/UserController.php    | 33 +++++++++-----------
 src/Helpers/PrivilegesHelper.php      | 23 +++++++++-----
 src/Views/comment-small.phtml         |  3 +-
 src/Views/layout-normal.phtml         | 14 ++++-----
 src/Views/post-view.phtml             | 11 +++----
 src/Views/user-view.phtml             | 19 ++++++------
 9 files changed, 75 insertions(+), 81 deletions(-)

diff --git a/src/Controllers/CommentController.php b/src/Controllers/CommentController.php
index 259bd54e..4cf688b9 100644
--- a/src/Controllers/CommentController.php
+++ b/src/Controllers/CommentController.php
@@ -17,7 +17,7 @@ class CommentController
 
 		$page = intval($page);
 		$commentsPerPage = intval($this->config->comments->commentsPerPage);
-		PrivilegesHelper::confirmWithException($this->context->user, Privilege::ListComments);
+		PrivilegesHelper::confirmWithException(Privilege::ListComments);
 
 		$buildDbQuery = function($dbQuery)
 		{
@@ -59,7 +59,7 @@ class CommentController
 	*/
 	public function addAction($postId)
 	{
-		PrivilegesHelper::confirmWithException($this->context->user, Privilege::AddComment);
+		PrivilegesHelper::confirmWithException(Privilege::AddComment);
 		if ($this->config->registration->needEmailForCommenting)
 			PrivilegesHelper::confirmEmail($this->context->user);
 
@@ -90,8 +90,7 @@ class CommentController
 	public function deleteAction($id)
 	{
 		$comment = Model_Comment::locate($id);
-		$secondary = $comment->commenter->id == $this->context->user->id ? 'own' : 'all';
-		PrivilegesHelper::confirmWithException($this->context->user, Privilege::DeleteComment, $secondary);
+		PrivilegesHelper::confirmWithException(Privilege::DeleteComment, PrivilegesHelper::getIdentitySubPrivilege($comment->commenter));
 		R::trash($comment);
 		$this->context->transport->success = true;
 	}
diff --git a/src/Controllers/PostController.php b/src/Controllers/PostController.php
index 69b4423e..ee5e80b8 100644
--- a/src/Controllers/PostController.php
+++ b/src/Controllers/PostController.php
@@ -80,7 +80,7 @@ class PostController
 		$postsPerPage = intval($this->config->browsing->postsPerPage);
 		$this->context->subTitle = 'browsing posts';
 		$this->context->transport->searchQuery = $query;
-		PrivilegesHelper::confirmWithException($this->context->user, Privilege::ListPosts);
+		PrivilegesHelper::confirmWithException(Privilege::ListPosts);
 
 		$buildDbQuery = function($dbQuery, $query)
 		{
@@ -90,7 +90,7 @@ class PostController
 			/* safety */
 			$allowedSafety = array_filter(PostSafety::getAll(), function($safety)
 			{
-				return PrivilegesHelper::confirm($this->context->user, Privilege::ListPosts, PostSafety::toString($safety)) and
+				return PrivilegesHelper::confirm(Privilege::ListPosts, PostSafety::toString($safety)) and
 					$this->context->user->hasEnabledSafety($safety);
 			});
 			$dbQuery->where('safety IN (' . R::genSlots($allowedSafety) . ')');
@@ -99,7 +99,7 @@ class PostController
 
 
 			/* hidden */
-			if (!PrivilegesHelper::confirm($this->context->user, Privilege::ListPosts, 'hidden'))
+			if (!PrivilegesHelper::confirm(Privilege::ListPosts, 'hidden'))
 				$dbQuery->andNot('hidden');
 
 
@@ -158,7 +158,7 @@ class PostController
 		$this->context->stylesheets []= 'upload.css';
 		$this->context->scripts []= 'upload.js';
 		$this->context->subTitle = 'upload';
-		PrivilegesHelper::confirmWithException($this->context->user, Privilege::UploadPost);
+		PrivilegesHelper::confirmWithException(Privilege::UploadPost);
 		if ($this->config->registration->needEmailForUploading)
 			PrivilegesHelper::confirmEmail($this->context->user);
 
@@ -246,7 +246,6 @@ class PostController
 		$post = Model_Post::locate($id);
 		R::preload($post, ['uploader' => 'user']);
 		$edited = false;
-		$secondary = $post->uploader->id == $this->context->user->id ? 'own' : 'all';
 
 		$this->context->transport->post = $post;
 
@@ -254,7 +253,7 @@ class PostController
 		$suppliedSafety = InputHelper::get('safety');
 		if ($suppliedSafety !== null)
 		{
-			PrivilegesHelper::confirmWithException($this->context->user, Privilege::EditPostSafety, $secondary);
+			PrivilegesHelper::confirmWithException(Privilege::EditPostSafety, PrivilegesHelper::getIdentitySubPrivilege($post->uploader));
 			$suppliedSafety = Model_Post::validateSafety($suppliedSafety);
 			$post->safety = $suppliedSafety;
 			$edited = true;
@@ -265,7 +264,7 @@ class PostController
 		$suppliedTags = InputHelper::get('tags');
 		if ($suppliedTags !== null)
 		{
-			PrivilegesHelper::confirmWithException($this->context->user, Privilege::EditPostTags, $secondary);
+			PrivilegesHelper::confirmWithException(Privilege::EditPostTags, PrivilegesHelper::getIdentitySubPrivilege($post->uploader));
 			$currentToken = self::serializeTags($post);
 			if (InputHelper::get('tags-token') != $currentToken)
 				throw new SimpleException('Someone else has changed the tags in the meantime');
@@ -280,7 +279,7 @@ class PostController
 		/* thumbnail */
 		if (!empty($_FILES['thumb']['name']))
 		{
-			PrivilegesHelper::confirmWithException($this->context->user, Privilege::EditPostThumb, $secondary);
+			PrivilegesHelper::confirmWithException(Privilege::EditPostThumb, PrivilegesHelper::getIdentitySubPrivilege($post->uploader));
 			$suppliedFile = $_FILES['thumb'];
 			self::handleUploadErrors($suppliedFile);
 
@@ -312,8 +311,7 @@ class PostController
 	public function hideAction($id)
 	{
 		$post = Model_Post::locate($id);
-		$secondary = $post->uploader->id == $this->context->user->id ? 'own' : 'all';
-		PrivilegesHelper::confirmWithException($this->context->user, Privilege::HidePost, $secondary);
+		PrivilegesHelper::confirmWithException(Privilege::HidePost, PrivilegesHelper::getIdentitySubPrivilege($post->uploader));
 		$post->hidden = true;
 		R::store($post);
 		$this->context->transport->success = true;
@@ -325,8 +323,7 @@ class PostController
 	public function unhideAction($id)
 	{
 		$post = Model_Post::locate($id);
-		$secondary = $post->uploader->id == $this->context->user->id ? 'own' : 'all';
-		PrivilegesHelper::confirmWithException($this->context->user, Privilege::HidePost, $secondary);
+		PrivilegesHelper::confirmWithException(Privilege::HidePost, PrivilegesHelper::getIdentitySubPrivilege($post->uploader));
 		$post->hidden = false;
 		R::store($post);
 		$this->context->transport->success = true;
@@ -338,8 +335,7 @@ class PostController
 	public function deleteAction($id)
 	{
 		$post = Model_Post::locate($id);
-		$secondary = $post->uploader->id == $this->context->user->id ? 'own' : 'all';
-		PrivilegesHelper::confirmWithException($this->context->user, Privilege::DeletePost, $secondary);
+		PrivilegesHelper::confirmWithException(Privilege::DeletePost, PrivilegesHelper::getIdentitySubPrivilege($post->uploader));
 		//remove stuff from auxiliary tables
 		$post->ownFavoritee = [];
 		$post->sharedTag = [];
@@ -366,7 +362,7 @@ class PostController
 			if ($fav->id == $this->context->user->id)
 				throw new SimpleException('Already in favorites');
 
-		PrivilegesHelper::confirmWithException($this->context->user, Privilege::FavoritePost);
+		PrivilegesHelper::confirmWithException(Privilege::FavoritePost);
 		$post->link('favoritee')->user = $this->context->user;
 		R::store($post);
 		$this->context->transport->success = true;
@@ -381,7 +377,7 @@ class PostController
 		$post = Model_Post::locate($id);
 		R::preload($post, ['favoritee' => 'user']);
 
-		PrivilegesHelper::confirmWithException($this->context->user, Privilege::FavoritePost);
+		PrivilegesHelper::confirmWithException(Privilege::FavoritePost);
 		if (!$this->context->loggedIn)
 			throw new SimpleException('Not logged in');
 
@@ -415,9 +411,9 @@ class PostController
 			'ownComment.commenter' => 'user']);
 
 		if ($post->hidden)
-			PrivilegesHelper::confirmWithException($this->context->user, Privilege::ViewPost, 'hidden');
-		PrivilegesHelper::confirmWithException($this->context->user, Privilege::ViewPost);
-		PrivilegesHelper::confirmWithException($this->context->user, Privilege::ViewPost, PostSafety::toString($post->safety));
+			PrivilegesHelper::confirmWithException(Privilege::ViewPost, 'hidden');
+		PrivilegesHelper::confirmWithException(Privilege::ViewPost);
+		PrivilegesHelper::confirmWithException(Privilege::ViewPost, PostSafety::toString($post->safety));
 
 		$buildNextPostQuery = function($dbQuery, $id, $next)
 		{
@@ -425,7 +421,7 @@ class PostController
 				->from('post')
 				->where($next ? 'id > ?' : 'id < ?')
 				->put($id);
-			if (!PrivilegesHelper::confirm($this->context->user, Privilege::ListPosts, 'hidden'))
+			if (!PrivilegesHelper::confirm(Privilege::ListPosts, 'hidden'))
 				$dbQuery->andNot('hidden');
 			$dbQuery->orderBy($next ? 'id asc' : 'id desc')
 				->limit(1);
@@ -481,8 +477,8 @@ class PostController
 		$this->context->layoutName = 'layout-file';
 		$post = Model_Post::locate($id);
 
-		PrivilegesHelper::confirmWithException($this->context->user, Privilege::ViewPost);
-		PrivilegesHelper::confirmWithException($this->context->user, Privilege::ViewPost, PostSafety::toString($post->safety));
+		PrivilegesHelper::confirmWithException(Privilege::ViewPost);
+		PrivilegesHelper::confirmWithException(Privilege::ViewPost, PostSafety::toString($post->safety));
 
 		$path = $this->config->main->thumbsPath . DS . $post->name;
 		if (!file_exists($path))
@@ -554,8 +550,8 @@ class PostController
 		$post = Model_Post::locate($name, true);
 		R::preload($post, ['tag']);
 
-		PrivilegesHelper::confirmWithException($this->context->user, Privilege::RetrievePost);
-		PrivilegesHelper::confirmWithException($this->context->user, Privilege::RetrievePost, PostSafety::toString($post->safety));
+		PrivilegesHelper::confirmWithException(Privilege::RetrievePost);
+		PrivilegesHelper::confirmWithException(Privilege::RetrievePost, PostSafety::toString($post->safety));
 
 		$path = $this->config->main->filesPath . DS . $post->name;
 		if (!file_exists($path))
diff --git a/src/Controllers/TagController.php b/src/Controllers/TagController.php
index 6c330d13..d78a1f94 100644
--- a/src/Controllers/TagController.php
+++ b/src/Controllers/TagController.php
@@ -8,7 +8,7 @@ class TagController
 	{
 		$this->context->subTitle = 'tags';
 
-		PrivilegesHelper::confirmWithException($this->context->user, Privilege::ListTags);
+		PrivilegesHelper::confirmWithException(Privilege::ListTags);
 
 		$dbQuery = R::$f->begin();
 		$dbQuery->select('tag.name, COUNT(1) AS count');
diff --git a/src/Controllers/UserController.php b/src/Controllers/UserController.php
index c74940d0..397260ed 100644
--- a/src/Controllers/UserController.php
+++ b/src/Controllers/UserController.php
@@ -59,7 +59,7 @@ class UserController
 		$page = intval($page);
 		$usersPerPage = intval($this->config->browsing->usersPerPage);
 		$this->context->subTitle = 'browsing users';
-		PrivilegesHelper::confirmWithException($this->context->user, Privilege::ListUsers);
+		PrivilegesHelper::confirmWithException(Privilege::ListUsers);
 
 		if ($sortStyle == '' or $sortStyle == 'alpha')
 			$sortStyle = 'alpha,asc';
@@ -127,8 +127,7 @@ class UserController
 	public function banAction($name)
 	{
 		$user = Model_User::locate($name);
-		$secondary = $user->id == $this->context->user->id ? 'own' : 'all';
-		PrivilegesHelper::confirmWithException($this->context->user, Privilege::BanUser, $secondary);
+		PrivilegesHelper::confirmWithException(Privilege::BanUser, PrivilegesHelper::getIdentitySubPrivilege($user));
 		$user->banned = true;
 		R::store($user);
 		$this->context->transport->success = true;
@@ -141,8 +140,7 @@ class UserController
 	public function unbanAction($name)
 	{
 		$user = Model_User::locate($name);
-		$secondary = $user->id == $this->context->user->id ? 'own' : 'all';
-		PrivilegesHelper::confirmWithException($this->context->user, Privilege::BanUser, $secondary);
+		PrivilegesHelper::confirmWithException(Privilege::BanUser, PrivilegesHelper::getIdentitySubPrivilege($user));
 		$user->banned = false;
 		R::store($user);
 		$this->context->transport->success = true;
@@ -155,7 +153,7 @@ class UserController
 	public function acceptRegistrationAction($name)
 	{
 		$user = Model_User::locate($name);
-		PrivilegesHelper::confirmWithException($this->context->user, Privilege::AcceptUserRegistration);
+		PrivilegesHelper::confirmWithException(Privilege::AcceptUserRegistration);
 		$user->staff_confirmed = true;
 		R::store($user);
 		$this->context->transport->success = true;
@@ -171,9 +169,8 @@ class UserController
 	public function deleteAction($name)
 	{
 		$user = Model_User::locate($name);
-		$secondary = $user->id == $this->context->user->id ? 'own' : 'all';
-		PrivilegesHelper::confirmWithException($this->context->user, Privilege::ViewUser, $secondary);
-		PrivilegesHelper::confirmWithException($this->context->user, Privilege::DeleteUser, $secondary);
+		PrivilegesHelper::confirmWithException(Privilege::ViewUser, PrivilegesHelper::getIdentitySubPrivilege($user));
+		PrivilegesHelper::confirmWithException(Privilege::DeleteUser, PrivilegesHelper::getIdentitySubPrivilege($user));
 
 		$this->context->handleExceptions = true;
 		$this->context->transport->user = $user;
@@ -213,8 +210,7 @@ class UserController
 
 			$user = Model_User::locate($name);
 			$edited = false;
-			$secondary = $user->id == $this->context->user->id ? 'own' : 'all';
-			PrivilegesHelper::confirmWithException($this->context->user, Privilege::ViewUser, $secondary);
+			PrivilegesHelper::confirmWithException(Privilege::ViewUser, PrivilegesHelper::getIdentitySubPrivilege($user));
 
 			$this->context->handleExceptions = true;
 			$this->context->transport->user = $user;
@@ -233,7 +229,7 @@ class UserController
 
 			if ($suppliedName != '' and $suppliedName != $user->name)
 			{
-				PrivilegesHelper::confirmWithException($this->context->user, Privilege::ChangeUserName, $secondary);
+				PrivilegesHelper::confirmWithException(Privilege::ChangeUserName, PrivilegesHelper::getIdentitySubPrivilege($user));
 				$suppliedName = Model_User::validateUserName($suppliedName);
 				$user->name = $suppliedName;
 				$edited = true;
@@ -241,7 +237,7 @@ class UserController
 
 			if ($suppliedPassword1 != '')
 			{
-				PrivilegesHelper::confirmWithException($this->context->user, Privilege::ChangeUserPassword, $secondary);
+				PrivilegesHelper::confirmWithException(Privilege::ChangeUserPassword, PrivilegesHelper::getIdentitySubPrivilege($user));
 				if ($suppliedPassword1 != $suppliedPassword2)
 					throw new SimpleException('Specified passwords must be the same');
 				$suppliedPassword = Model_User::validatePassword($suppliedPassword1);
@@ -251,7 +247,7 @@ class UserController
 
 			if ($suppliedEmail != '' and $suppliedEmail != $user->email_confirmed)
 			{
-				PrivilegesHelper::confirmWithException($this->context->user, Privilege::ChangeUserEmail, $secondary);
+				PrivilegesHelper::confirmWithException(Privilege::ChangeUserEmail, PrivilegesHelper::getIdentitySubPrivilege($user));
 				$suppliedEmail = Model_User::validateEmail($suppliedEmail);
 				if ($this->context->user->id == $user->id)
 				{
@@ -268,7 +264,7 @@ class UserController
 
 			if ($suppliedAccessRank != '' and $suppliedAccessRank != $user->access_rank)
 			{
-				PrivilegesHelper::confirmWithException($this->context->user, Privilege::ChangeUserAccessRank, $secondary);
+				PrivilegesHelper::confirmWithException(Privilege::ChangeUserAccessRank, PrivilegesHelper::getIdentitySubPrivilege($user));
 				$suppliedAccessRank = Model_User::validateAccessRank($suppliedAccessRank);
 				$user->access_rank = $suppliedAccessRank;
 				$edited = true;
@@ -312,8 +308,7 @@ class UserController
 		if ($page === null)
 			$page = 1;
 
-		$secondary = $user->id == $this->context->user->id ? 'own' : 'all';
-		PrivilegesHelper::confirmWithException($this->context->user, Privilege::ViewUser, $secondary);
+		PrivilegesHelper::confirmWithException(Privilege::ViewUser, PrivilegesHelper::getIdentitySubPrivilege($user));
 		$this->context->stylesheets []= 'user-view.css';
 		$this->context->stylesheets []= 'post-list.css';
 		$this->context->stylesheets []= 'paginator.css';
@@ -329,7 +324,7 @@ class UserController
 			/* safety */
 			$allowedSafety = array_filter(PostSafety::getAll(), function($safety)
 			{
-				return PrivilegesHelper::confirm($this->context->user, Privilege::ListPosts, PostSafety::toString($safety)) and
+				return PrivilegesHelper::confirm(Privilege::ListPosts, PostSafety::toString($safety)) and
 					$this->context->user->hasEnabledSafety($safety);
 			});
 			$dbQuery->where('safety IN (' . R::genSlots($allowedSafety) . ')');
@@ -338,7 +333,7 @@ class UserController
 
 
 			/* hidden */
-			if (!PrivilegesHelper::confirm($this->context->user, Privilege::ListPosts, 'hidden'))
+			if (!PrivilegesHelper::confirm(Privilege::ListPosts, 'hidden'))
 				$dbQuery->andNot('hidden');
 
 
diff --git a/src/Helpers/PrivilegesHelper.php b/src/Helpers/PrivilegesHelper.php
index c80e1174..5c1a9e1e 100644
--- a/src/Helpers/PrivilegesHelper.php
+++ b/src/Helpers/PrivilegesHelper.php
@@ -10,18 +10,19 @@ class PrivilegesHelper
 		{
 			if (strpos($key, '.') === false)
 				$key .= '.';
-			list ($privilegeName, $flag) = explode('.', $key);
+			list ($privilegeName, $subPrivilegeName) = explode('.', $key);
 			$privilegeName = TextHelper::camelCaseToKebabCase($privilegeName);
-			$flag = TextHelper::camelCaseToKebabCase($flag);
-			$key = rtrim($privilegeName . '.' . $flag, '.');
+			$subPrivilegeName = TextHelper::camelCaseToKebabCase($subPrivilegeName);
+			$key = rtrim($privilegeName . '.' . $subPrivilegeName, '.');
 
 			$minAccessRank = TextHelper::resolveConstant($minAccessRankName, 'AccessRank');
 			self::$privileges[$key] = $minAccessRank;
 		}
 	}
 
-	public static function confirm($user, $privilege, $flag = null)
+	public static function confirm($privilege, $subPrivilege = null)
 	{
+		$user = \Chibi\Registry::getContext()->user;
 		$minAccessRank = AccessRank::Admin;
 
 		$key = TextHelper::camelCaseToKebabCase(Privilege::toString($privilege));
@@ -29,9 +30,9 @@ class PrivilegesHelper
 		{
 			$minAccessRank = self::$privileges[$key];
 		}
-		if ($flag != null)
+		if ($subPrivilege != null)
 		{
-			$key2 = $key . '.' . strtolower($flag);
+			$key2 = $key . '.' . strtolower($subPrivilege);
 			if (isset(self::$privileges[$key2]))
 			{
 				$minAccessRank = self::$privileges[$key2];
@@ -41,14 +42,20 @@ class PrivilegesHelper
 		return intval($user->access_rank) >= $minAccessRank;
 	}
 
-	public static function confirmWithException($user, $privilege, $flag = null)
+	public static function confirmWithException($privilege, $subPrivilege = null)
 	{
-		if (!self::confirm($user, $privilege, $flag))
+		if (!self::confirm($privilege, $subPrivilege))
 		{
 			throw new SimpleException('Insufficient privileges');
 		}
 	}
 
+	public static function getIdentitySubPrivilege($user)
+	{
+		$userFromContext = \Chibi\Registry::getContext()->user;
+		return $user->id == $userFromContext->id ? 'own' : 'all';
+	}
+
 	public static function confirmEmail($user)
 	{
 		if (!$user->email_confirmed)
diff --git a/src/Views/comment-small.phtml b/src/Views/comment-small.phtml
index 935fb1e2..18b9d77c 100644
--- a/src/Views/comment-small.phtml
+++ b/src/Views/comment-small.phtml
@@ -25,8 +25,7 @@
 				<?php echo date('Y-m-d H:i', $this->context->comment->comment_date) ?>
 			</span>
 
-			<?php $secondary = $this->context->comment->commenter->id == $this->context->user->id ? 'own' : 'all' ?>
-			<?php if (PrivilegesHelper::confirm($this->context->user, Privilege::DeleteComment, $secondary)): ?>
+			<?php if (PrivilegesHelper::confirm(Privilege::DeleteComment, PrivilegesHelper::getIdentitySubPrivilege($this->context->comment->commenter))): ?>
 				<span class="delete">
 					<a class="simple-action" href="<?php echo \Chibi\UrlHelper::route('comment', 'delete', ['id' => $this->context->comment->id]) ?>" data-confirm-text="Are you sure you want to delete this comment?">
 						delete
diff --git a/src/Views/layout-normal.phtml b/src/Views/layout-normal.phtml
index abb1fc75..d971c52f 100644
--- a/src/Views/layout-normal.phtml
+++ b/src/Views/layout-normal.phtml
@@ -23,22 +23,22 @@
 						$nav = [];
 
 						$nav []= ['Home', \Chibi\UrlHelper::route('index', 'index')];
-						if (PrivilegesHelper::confirm($this->context->user, Privilege::ListPosts))
+						if (PrivilegesHelper::confirm(Privilege::ListPosts))
 							$nav []= ['Browse', \Chibi\UrlHelper::route('post', 'list')];
 
-						if (PrivilegesHelper::confirm($this->context->user, Privilege::ListPosts))
+						if (PrivilegesHelper::confirm(Privilege::ListPosts))
 							$nav []= ['Favorites', \Chibi\UrlHelper::route('post', 'favorites')];
 
-						if (PrivilegesHelper::confirm($this->context->user, Privilege::UploadPost))
+						if (PrivilegesHelper::confirm(Privilege::UploadPost))
 							$nav []= ['Upload', \Chibi\UrlHelper::route('post', 'upload')];
 
-						if (PrivilegesHelper::confirm($this->context->user, Privilege::ListComments))
+						if (PrivilegesHelper::confirm(Privilege::ListComments))
 							$nav []= ['Comments', \Chibi\UrlHelper::route('comment', 'list')];
 
-						if (PrivilegesHelper::confirm($this->context->user, Privilege::ListTags))
+						if (PrivilegesHelper::confirm(Privilege::ListTags))
 							$nav []= ['Tags', \Chibi\UrlHelper::route('tag', 'list')];
 
-						if (PrivilegesHelper::confirm($this->context->user, Privilege::ListUsers))
+						if (PrivilegesHelper::confirm(Privilege::ListUsers))
 							$nav []= ['Users', \Chibi\UrlHelper::route('user', 'list')];
 
 						if (!$this->context->loggedIn)
@@ -67,7 +67,7 @@
 						<li class="safety">
 							<ul>
 								<?php foreach (PostSafety::getAll() as $safety): ?>
-									<?php if (PrivilegesHelper::confirm($this->context->user, Privilege::ListPosts, PostSafety::toString($safety))): ?>
+									<?php if (PrivilegesHelper::confirm(Privilege::ListPosts, PostSafety::toString($safety))): ?>
 										<li class="safety-<?php echo TextHelper::camelCaseToHumanCase(PostSafety::toString($safety)) ?>">
 											<a href="<?php echo \Chibi\UrlHelper::route('user', 'toggle-safety', ['safety' => $safety]) ?>" class="<?php echo $this->context->user->hasEnabledSafety($safety) ? 'enabled' : 'disabled' ?>" title="Searching <?php echo TextHelper::camelCaseToHumanCase(PostSafety::ToString($safety)) ?> posts: <?php echo $this->context->user->hasEnabledSafety($safety) ? 'enabled' : 'disabled' ?>">
 												<span><?php echo TextHelper::camelCaseToHumanCase(PostSafety::toString($safety), true) ?></span>
diff --git a/src/Views/post-view.phtml b/src/Views/post-view.phtml
index ed06c2c5..96c7aa4f 100644
--- a/src/Views/post-view.phtml
+++ b/src/Views/post-view.phtml
@@ -119,7 +119,7 @@
 		<h1>options</h1>
 
 		<ul>
-			<?php if (PrivilegesHelper::confirm($this->context->user, Privilege::FavoritePost)): ?>
+			<?php if (PrivilegesHelper::confirm(Privilege::FavoritePost)): ?>
 				<?php if (!$this->context->favorite): ?>
 					<li class="add-fav">
 						<a class="simple-action" href="<?php echo \Chibi\UrlHelper::route('post', 'add-favorite', ['id' => $this->context->transport->post->id]) ?>">
@@ -136,7 +136,6 @@
 			<?php endif ?>
 
 			<?php
-				$secondary = $this->context->transport->post->uploader->id == $this->context->user->id ? 'own' : 'all';
 				$editPostPrivileges = [
 					Privilege::EditPostSafety,
 					Privilege::EditPostTags,
@@ -145,7 +144,7 @@
 				$editPostPrivileges = array_fill_keys($editPostPrivileges, false);
 				foreach (array_keys($editPostPrivileges) as $privilege)
 				{
-					if (PrivilegesHelper::confirm($this->context->user, $privilege, $secondary))
+					if (PrivilegesHelper::confirm($privilege, PrivilegesHelper::getIdentitySubPrivilege($this->context->transport->post->uploader)))
 						$editPostPrivileges[$privilege] = true;
 				}
 				$canEditAnything = count(array_filter($editPostPrivileges)) > 0;
@@ -159,7 +158,7 @@
 				</li>
 			<?php endif ?>
 
-			<?php if (PrivilegesHelper::confirm($this->context->user, Privilege::HidePost, $secondary)): ?>
+			<?php if (PrivilegesHelper::confirm(Privilege::HidePost, PrivilegesHelper::getIdentitySubPrivilege($this->context->transport->post->uploader))): ?>
 				<?php if ($this->context->transport->post->hidden): ?>
 					<li class="unhide">
 						<a class="simple-action" href="<?php echo \Chibi\UrlHelper::route('post', 'unhide', ['id' => $this->context->transport->post->id]) ?>">
@@ -175,7 +174,7 @@
 				<?php endif ?>
 			<?php endif ?>
 
-			<?php if (PrivilegesHelper::confirm($this->context->user, Privilege::DeletePost, $secondary)): ?>
+			<?php if (PrivilegesHelper::confirm(Privilege::DeletePost, PrivilegesHelper::getIdentitySubPrivilege($this->context->transport->post->uploader))): ?>
 				<li class="delete">
 					<a class="simple-action" href="<?php echo \Chibi\UrlHelper::route('post', 'delete', ['id' => $this->context->transport->post->id]) ?>" data-confirm-text="Are you sure?" data-redirect-url="<?php echo \Chibi\UrlHelper::route('post', 'list') ?>">
 						Delete
@@ -252,7 +251,7 @@
 		<?php endif ?>
 	</div>
 
-	<?php if (PrivilegesHelper::confirm($this->context->user, Privilege::AddComment)): ?>
+	<?php if (PrivilegesHelper::confirm(Privilege::AddComment)): ?>
 		<form action="<?php echo \Chibi\UrlHelper::route('comment', 'add', ['postId' => $this->context->transport->post->id]) ?>" method="post" class="add-comment aligned footer-unit">
 			<h1>add comment</h1>
 
diff --git a/src/Views/user-view.phtml b/src/Views/user-view.phtml
index f13fd9ae..3e2edb2b 100644
--- a/src/Views/user-view.phtml
+++ b/src/Views/user-view.phtml
@@ -19,7 +19,7 @@
 			<span class="value" title="<?php echo $val = TextHelper::camelCaseToHumanCase(AccessRank::toString($this->context->transport->user->access_rank)) ?>"><?php echo $val ?></span>
 		</div>
 
-		<?php if (PrivilegesHelper::confirm($this->context->user, Privilege::ViewUserEmail)): ?>
+		<?php if (PrivilegesHelper::confirm(Privilege::ViewUserEmail)): ?>
 			<div class="key-value email">
 				<span class="key">E-mail:</span>
 				<span class="value" title="<?php echo $val = ($this->context->transport->user->email_unconfirmed ? '(unconfirmed) ' . $this->context->transport->user->email_unconfirmed : $this->context->transport->user->email_confirmed ?: 'none specified') ?>"><?php echo $val ?></span>
@@ -33,7 +33,6 @@
 
 		<ul>
 			<?php
-				$secondary = $this->context->transport->user->id == $this->context->user->id ? 'own' : 'all';
 				$userModificationPrivileges = [
 					Privilege::ChangeUserName,
 					Privilege::ChangeUserEmail,
@@ -44,7 +43,7 @@
 				foreach (array_keys($userModificationPrivileges) as $privilege)
 				{
 
-					if (PrivilegesHelper::confirm($this->context->user, $privilege, $secondary))
+					if (PrivilegesHelper::confirm($privilege, PrivilegesHelper::getIdentitySubPrivilege($this->context->transport->user)))
 						$userModificationPrivileges[$privilege] = true;
 				}
 				$canModifyAnything = count(array_filter($userModificationPrivileges)) > 0;
@@ -58,7 +57,7 @@
 				</li>
 			<?php endif ?>
 
-			<?php if (PrivilegesHelper::confirm($this->context->user, Privilege::BanUser, $secondary)): ?>
+			<?php if (PrivilegesHelper::confirm(Privilege::BanUser, PrivilegesHelper::getIdentitySubPrivilege($this->context->transport->user))): ?>
 				<?php if (!$this->context->transport->user->banned): ?>
 					<li class="ban">
 						<a class="simple-action" href="<?php echo \Chibi\UrlHelper::route('user', 'ban', ['name' => $this->context->transport->user->name]) ?>" data-confirm-text="Are you sure?">
@@ -74,7 +73,7 @@
 				<?php endif ?>
 			<?php endif ?>
 
-			<?php if (PrivilegesHelper::confirm($this->context->user, Privilege::AcceptUserRegistration) and !$this->context->transport->user->staff_confirmed and $this->config->registration->staffActivation): ?>
+			<?php if (PrivilegesHelper::confirm(Privilege::AcceptUserRegistration) and !$this->context->transport->user->staff_confirmed and $this->config->registration->staffActivation): ?>
 				<li class="accept-registration">
 					<a class="simple-action" href="<?php echo \Chibi\UrlHelper::route('user', 'accept-registration', ['name' => $this->context->transport->user->name]) ?>">
 						Accept registration
@@ -126,7 +125,7 @@
 					</li>
 				<?php endif ?>
 
-				<?php if (PrivilegesHelper::confirm($this->context->user, Privilege::DeleteUser, $secondary)): ?>
+				<?php if (PrivilegesHelper::confirm(Privilege::DeleteUser, PrivilegesHelper::getIdentitySubPrivilege($this->context->transport->user))): ?>
 					<?php if ($this->context->transport->tab == 'delete'): ?>
 						<li class="selected delete">
 					<?php else: ?>
@@ -155,21 +154,21 @@
 				<hr>
 			<?php endif ?>
 
-			<?php if (PrivilegesHelper::confirm($this->context->user, Privilege::ChangeUserName, $secondary)): ?>
+			<?php if (PrivilegesHelper::confirm(Privilege::ChangeUserName, PrivilegesHelper::getIdentitySubPrivilege($this->context->transport->user))): ?>
 				<div class="nickname">
 					<label class="left" for="name">Name:</label>
 					<input type="text" name="name" id="name" placeholder="New name&hellip;" value="<?php echo $this->context->suppliedName ?>"/>
 				</div>
 			<?php endif ?>
 
-			<?php if (PrivilegesHelper::confirm($this->context->user, Privilege::ChangeUserEmail, $secondary)): ?>
+			<?php if (PrivilegesHelper::confirm(Privilege::ChangeUserEmail, PrivilegesHelper::getIdentitySubPrivilege($this->context->transport->user))): ?>
 				<div class="email">
 					<label class="left" for="name">E-mail:</label>
 					<input type="text" name="email" id="email" placeholder="New e-mail&hellip;" value="<?php echo $this->context->suppliedEmail ?>"/>
 				</div>
 			<?php endif ?>
 
-			<?php if (PrivilegesHelper::confirm($this->context->user, Privilege::ChangeUserPassword, $secondary)): ?>
+			<?php if (PrivilegesHelper::confirm(Privilege::ChangeUserPassword, PrivilegesHelper::getIdentitySubPrivilege($this->context->transport->user))): ?>
 				<div class="password1">
 					<label class="left" for="password1">New password:</label>
 					<input type="password" name="password1" id="password1" placeholder="New password&hellip;" value="<?php echo $this->context->suppliedPassword1 ?>"/>
@@ -180,7 +179,7 @@
 				</div>
 			<?php endif ?>
 
-			<?php if (PrivilegesHelper::confirm($this->context->user, Privilege::ChangeUserAccessRank, $secondary)): ?>
+			<?php if (PrivilegesHelper::confirm(Privilege::ChangeUserAccessRank, PrivilegesHelper::getIdentitySubPrivilege($this->context->transport->user))): ?>
 				<div class="access-rank">
 					<label class="left" for="access-rank">Access rank:</label>
 					<select name="access-rank" id="access-rank">