From af5650d4f628e472f5bd523b58105f0f1dd6da74 Mon Sep 17 00:00:00 2001
From: Marcin Kurczewski <mkurczew@gmail.com>
Date: Sun, 6 Oct 2013 13:21:16 +0200
Subject: [PATCH] Added privileges support

---
 config.ini                       |  3 +++
 src/Helpers/PrivilegesHelper.php | 34 ++++++++++++++++++++++++++++++++
 src/Helpers/TextHelper.php       | 18 +++++++++++++++++
 src/Models/Privilege.php         |  5 +++++
 src/Views/layout-normal.phtml    |  5 ++++-
 5 files changed, 64 insertions(+), 1 deletion(-)
 create mode 100644 src/Helpers/PrivilegesHelper.php
 create mode 100644 src/Models/Privilege.php

diff --git a/config.ini b/config.ini
index 96e64001..5f524247 100644
--- a/config.ini
+++ b/config.ini
@@ -24,3 +24,6 @@ You received this e-mail because someone registered an user with this address at
 
 Kind regards,
 {host} registration engine"
+
+[privileges]
+uploadPost=registered
diff --git a/src/Helpers/PrivilegesHelper.php b/src/Helpers/PrivilegesHelper.php
new file mode 100644
index 00000000..8fe7f642
--- /dev/null
+++ b/src/Helpers/PrivilegesHelper.php
@@ -0,0 +1,34 @@
+<?php
+class PrivilegesHelper
+{
+	private static $privileges = [];
+
+	public static function init()
+	{
+		$privileges = \Chibi\Registry::getConfig()->privileges;
+		foreach ($privileges as $privilegeName => $minAccessRankName)
+		{
+			$privilege = TextHelper::resolveConstant($privilegeName, 'Privilege');
+			$minAccessRank = TextHelper::resolveConstant($minAccessRankName, 'AccessRank');
+			self::$privileges[$privilege] = $minAccessRank;
+		}
+	}
+
+	public static function confirm($user, $privilege)
+	{
+		$minAccessRank = isset(self::$privileges[$privilege])
+			? AccessRank::Admin
+			: self::$privileges[$privilege];
+		return $user->access_rank >= $minAccessRank;
+	}
+
+	public static function confirmWithException($user, $privilege)
+	{
+		if (!self::confirm($user, $privilege))
+		{
+			throw new SimpleException('Insufficient privileges');
+		}
+	}
+}
+
+PrivilegesHelper::init();
diff --git a/src/Helpers/TextHelper.php b/src/Helpers/TextHelper.php
index d3fd3d89..6f74b16f 100644
--- a/src/Helpers/TextHelper.php
+++ b/src/Helpers/TextHelper.php
@@ -16,4 +16,22 @@ class TextHelper
 		}
 		return $text;
 	}
+
+	public static function resolveConstant($constantName, $className = null)
+	{
+		//convert from kebab-case to CamelCase
+		$constantName = preg_split('/-/', $constantName);
+		$constantName = array_map('trim', $constantName);
+		$constantName = array_map('ucfirst', $constantName);
+		$constantName = join('', $constantName);
+		if ($className !== null)
+		{
+			$constantName = $className . '::' . $constantName;
+		}
+		if (!defined($constantName))
+		{
+			throw new Exception('Undefined constant: ' . $constantName);
+		}
+		return constant($constantName);
+	}
 }
diff --git a/src/Models/Privilege.php b/src/Models/Privilege.php
new file mode 100644
index 00000000..38217899
--- /dev/null
+++ b/src/Models/Privilege.php
@@ -0,0 +1,5 @@
+<?php
+class Privilege
+{
+	const UploadPost = 1;
+}
diff --git a/src/Views/layout-normal.phtml b/src/Views/layout-normal.phtml
index 8b4da758..997374ac 100644
--- a/src/Views/layout-normal.phtml
+++ b/src/Views/layout-normal.phtml
@@ -10,6 +10,7 @@
 		<?php foreach ($this->context->stylesheets as $name): ?>
 			<link rel="stylesheet" type="text/css" href="<?php echo \Chibi\UrlHelper::absoluteUrl('/media/css/' . $name) ?>" />
 		<?php endforeach ?>
+		<script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script>
 	</head>
 
 	<body>
@@ -24,7 +25,9 @@
 						$preNav []= ['Browse', \Chibi\UrlHelper::route('post', 'list')];
 						$preNav []= ['Comments', \Chibi\UrlHelper::route('comment', 'list')];
 						$preNav []= ['Favorites', \Chibi\UrlHelper::route('post', 'favorites')];
-						$preNav []= ['Upload', \Chibi\UrlHelper::route('post', 'upload')];
+						if (PrivilegesHelper::confirm($this->context->user, Privilege::UploadPost))
+							$preNav []= ['Upload', \Chibi\UrlHelper::route('post', 'upload')];
+
 						if (!$this->context->loggedIn)
 						{
 							$postNav []= ['Login', \Chibi\UrlHelper::route('auth', 'login')];