From 35b893db9da46b4304a012b60b173233294f6441 Mon Sep 17 00:00:00 2001 From: Marcin Kurczewski Date: Tue, 14 Oct 2014 22:38:02 +0200 Subject: [PATCH] Fixed user banning privilege --- data/config.ini | 2 +- public_html/js/Auth.js | 2 +- public_html/js/Presenters/UserAccountSettingsPresenter.js | 2 +- src/Controllers/UserController.php | 5 +++++ src/FormData/UserEditFormData.php | 3 ++- src/Privilege.php | 2 +- 6 files changed, 11 insertions(+), 5 deletions(-) diff --git a/data/config.ini b/data/config.ini index a9327bcc..2686cdc2 100644 --- a/data/config.ini +++ b/data/config.ini @@ -41,7 +41,7 @@ changeAllPasswords = moderator, administrator changeAccessRank = administrator viewAllEmailAddresses = moderator, administrator viewAllAccessRanks = moderator, administrator -ban = moderator, administrator +banUsers = moderator, administrator listPosts = regularUser, powerUser, moderator, administrator viewPosts = regularUser, powerUser, moderator, administrator diff --git a/public_html/js/Auth.js b/public_html/js/Auth.js index 8079d33b..8d24d97b 100644 --- a/public_html/js/Auth.js +++ b/public_html/js/Auth.js @@ -19,7 +19,7 @@ App.Auth = function(_, jQuery, util, api, appState, promise) { changeAllPasswords: 'changeAllPasswords', deleteOwnAccount: 'deleteOwnAccount', deleteAllAccounts: 'deleteAllAccounts', - ban: 'ban', + banUsers: 'banUsers', listPosts: 'listPosts', viewPosts: 'viewPosts', diff --git a/public_html/js/Presenters/UserAccountSettingsPresenter.js b/public_html/js/Presenters/UserAccountSettingsPresenter.js index 4aa7e843..c488769c 100644 --- a/public_html/js/Presenters/UserAccountSettingsPresenter.js +++ b/public_html/js/Presenters/UserAccountSettingsPresenter.js @@ -23,7 +23,7 @@ App.Presenters.UserAccountSettingsPresenter = function( privileges = { canBan: - auth.hasPrivilege(auth.privileges.ban), + auth.hasPrivilege(auth.privileges.banUsers), canChangeAccessRank: auth.hasPrivilege(auth.privileges.changeAccessRank), canChangeAvatarStyle: diff --git a/src/Controllers/UserController.php b/src/Controllers/UserController.php index 9529c92f..8e436017 100644 --- a/src/Controllers/UserController.php +++ b/src/Controllers/UserController.php @@ -130,6 +130,11 @@ final class UserController extends AbstractController $this->privilegeService->assertLoggedIn($userNameOrEmail); } + if ($formData->banned !== null) + { + $this->privilegeService->assertPrivilege(Privilege::BAN_USERS); + } + $user = $this->userService->updateUser($user, $formData); return $this->userViewProxy->fromEntity($user); } diff --git a/src/FormData/UserEditFormData.php b/src/FormData/UserEditFormData.php index 04054c00..4f41492e 100644 --- a/src/FormData/UserEditFormData.php +++ b/src/FormData/UserEditFormData.php @@ -29,7 +29,8 @@ class UserEditFormData implements IValidatable $this->avatarStyle = EnumHelper::avatarStyleFromString($inputReader->avatarStyle); $this->avatarContent = $inputReader->decodeBase64($inputReader->avatarContent); $this->browsingSettings = json_decode($inputReader->browsingSettings); - $this->banned = boolval($inputReader->banned); + if ($inputReader->banned !== null) + $this->banned = boolval($inputReader->banned); } } diff --git a/src/Privilege.php b/src/Privilege.php index 5b9525c5..33238a2b 100644 --- a/src/Privilege.php +++ b/src/Privilege.php @@ -19,7 +19,7 @@ class Privilege const CHANGE_ALL_PASSWORDS = 'changeAllPasswords'; const DELETE_OWN_ACCOUNT = 'deleteOwnAccount'; const DELETE_ALL_ACCOUNTS = 'deleteAllAccounts'; - const BAN = 'ban'; + const BAN_USERS = 'banUsers'; const LIST_POSTS = 'listPosts'; const VIEW_POSTS = 'viewPosts';