Fixed user banning privilege

2014-10-14 22:38:02 +02:00 · 2014-10-14 22:38:02 +02:00 · 35b893db9d
commit 35b893db9d
parent d6b05e5968
6 changed files with 11 additions and 5 deletions
--- a/data/config.ini
+++ b/data/config.ini
@ -41,7 +41,7 @@ changeAllPasswords      = moderator, administrator
 changeAccessRank        = administrator
 viewAllEmailAddresses   = moderator, administrator
 viewAllAccessRanks      = moderator, administrator
-ban                     = moderator, administrator
+banUsers                = moderator, administrator

 listPosts               = regularUser, powerUser, moderator, administrator
 viewPosts               = regularUser, powerUser, moderator, administrator
--- a/public_html/js/Auth.js
+++ b/public_html/js/Auth.js
@ -19,7 +19,7 @@ App.Auth = function(_, jQuery, util, api, appState, promise) {
 		changeAllPasswords: 'changeAllPasswords',
 		deleteOwnAccount: 'deleteOwnAccount',
 		deleteAllAccounts: 'deleteAllAccounts',
-		ban: 'ban',
+		banUsers: 'banUsers',

 		listPosts: 'listPosts',
 		viewPosts: 'viewPosts',
--- a/public_html/js/Presenters/UserAccountSettingsPresenter.js
+++ b/public_html/js/Presenters/UserAccountSettingsPresenter.js
@ -23,7 +23,7 @@ App.Presenters.UserAccountSettingsPresenter = function(

 		privileges = {
 			canBan:
-				auth.hasPrivilege(auth.privileges.ban),
+				auth.hasPrivilege(auth.privileges.banUsers),
 			canChangeAccessRank:
 				auth.hasPrivilege(auth.privileges.changeAccessRank),
 			canChangeAvatarStyle:
--- a/src/Controllers/UserController.php
+++ b/src/Controllers/UserController.php
@ -130,6 +130,11 @@ final class UserController extends AbstractController
 			$this->privilegeService->assertLoggedIn($userNameOrEmail);
 		}

+		if ($formData->banned !== null)
+		{
+			$this->privilegeService->assertPrivilege(Privilege::BAN_USERS);
+		}
+
 		$user = $this->userService->updateUser($user, $formData);
 		return $this->userViewProxy->fromEntity($user);
 	}
--- a/src/FormData/UserEditFormData.php
+++ b/src/FormData/UserEditFormData.php
@ -29,7 +29,8 @@ class UserEditFormData implements IValidatable
 				$this->avatarStyle = EnumHelper::avatarStyleFromString($inputReader->avatarStyle);
 			$this->avatarContent = $inputReader->decodeBase64($inputReader->avatarContent);
 			$this->browsingSettings = json_decode($inputReader->browsingSettings);
-			$this->banned = boolval($inputReader->banned);
+			if ($inputReader->banned !== null)
+				$this->banned = boolval($inputReader->banned);
 		}
 	}

--- a/src/Privilege.php
+++ b/src/Privilege.php
@ -19,7 +19,7 @@ class Privilege
 	const CHANGE_ALL_PASSWORDS = 'changeAllPasswords';
 	const DELETE_OWN_ACCOUNT = 'deleteOwnAccount';
 	const DELETE_ALL_ACCOUNTS = 'deleteAllAccounts';
-	const BAN = 'ban';
+	const BAN_USERS = 'banUsers';

 	const LIST_POSTS = 'listPosts';
 	const VIEW_POSTS = 'viewPosts';