Closed #50

config.ini

@@ -81,6 +81,8 @@ changeUserEmail.own=registered
 changeUserEmail.all=admin
 changeUserAccessRank=admin
 changeUserName=moderator
+changeUserSettings.all=nobody
+changeUserSettings.own=registered
 acceptUserRegistration=moderator
 banUser.own=nobody
 banUser.all=admin

src/Controllers/UserController.php

@@ -226,6 +226,7 @@ class UserController
 	{
 		$user = Model_User::locate($name);
 		PrivilegesHelper::confirmWithException(Privilege::ViewUser, PrivilegesHelper::getIdentitySubPrivilege($user));
+		PrivilegesHelper::confirmWithException(Privilege::ChangeUserSettings, PrivilegesHelper::getIdentitySubPrivilege($user));
 
 		$this->context->handleExceptions = true;
 		$this->context->transport->user = $user;
@@ -444,8 +445,7 @@ class UserController
 	*/
 	public function toggleSafetyAction($safety)
 	{
-		if (!$this->context->loggedIn)
-			throw new SimpleException('Not logged in');
+		PrivilegesHelper::confirmWithException(Privilege::ChangeUserSettings, PrivilegesHelper::getIdentitySubPrivilege($this->context->user));
 
 		if (!in_array($safety, PostSafety::getAll()))
 			throw new SimpleExcetpion('Invalid safety');

src/Models/Privilege.php

@@ -23,6 +23,7 @@ class Privilege extends Enum
 	const ChangeUserAccessRank = 16;
 	const ChangeUserEmail = 17;
 	const ChangeUserName = 18;
+	const ChangeUserSettings = 28;
 	const DeleteUser = 19;
 
 	const ListComments = 20;

src/Views/user-view.phtml

@@ -121,15 +121,17 @@
 					</a>
 				</li>
 
-				<?php if ($this->context->transport->tab == 'settings'): ?>
-					<li class="selected settings">
-				<?php else: ?>
-					<li class="settings">
+				<?php if (PrivilegesHelper::confirm(Privilege::ChangeUserSettings, PrivilegesHelper::getIdentitySubPrivilege($this->context->transport->user))): ?>
+					<?php if ($this->context->transport->tab == 'settings'): ?>
+						<li class="selected settings">
+					<?php else: ?>
+						<li class="settings">
+					<?php endif ?>
+						<a href="<?php echo \Chibi\UrlHelper::route('user', 'settings', ['name' => $this->context->transport->user->name]) ?>">
+							Browsing settings
+						</a>
+					</li>
 				<?php endif ?>
-					<a href="<?php echo \Chibi\UrlHelper::route('user', 'settings', ['name' => $this->context->transport->user->name]) ?>">
-						Browsing settings
-					</a>
-				</li>
 
 				<?php if ($canModifyAnything): ?>
 					<?php if ($this->context->transport->tab == 'edit'): ?>