diff options
author | Evan Prodromou <evan@status.net> | 2009-12-27 11:04:53 -0800 |
---|---|---|
committer | Evan Prodromou <evan@status.net> | 2009-12-27 11:04:53 -0800 |
commit | 5d6b6bfd3494a7829c8fdccfdf85278811db83c8 (patch) | |
tree | 72ca422c3972a4f15fa4eb1d0534f29d237d1aeb | |
parent | 1a462b04d7594159e90b514538ddbe3f7effd7f8 (diff) |
admin page checks for right to review flags
-rw-r--r-- | plugins/UserFlag/UserFlagPlugin.php | 12 | ||||
-rw-r--r-- | plugins/UserFlag/adminprofileflag.php | 43 |
2 files changed, 54 insertions, 1 deletions
diff --git a/plugins/UserFlag/UserFlagPlugin.php b/plugins/UserFlag/UserFlagPlugin.php index 75dcca4fc..b4f9bd783 100644 --- a/plugins/UserFlag/UserFlagPlugin.php +++ b/plugins/UserFlag/UserFlagPlugin.php @@ -43,6 +43,8 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { class UserFlagPlugin extends Plugin { + const REVIEWFLAGS = 'UserFlagPlugin::reviewflags'; + function onCheckSchema() { $schema = Schema::get(); @@ -138,7 +140,7 @@ class UserFlagPlugin extends Plugin function onEndShowStatusNetStyles($action) { - $action->cssLink(common_path('plugins/UserFlag/userflag.css'), + $action->cssLink(common_path('plugins/UserFlag/userflag.css'), null, 'screen, projection, tv'); return true; } @@ -148,4 +150,12 @@ class UserFlagPlugin extends Plugin $action->inlineScript('if ($(".form_entity_flag").length > 0) { SN.U.FormXHR($(".form_entity_flag")); }'); return true; } + + function onUserRightsCheck($user, $right, &$result) { + if ($right == self::REVIEWFLAGS) { + $result = $user->hasRole('moderator'); + return false; // done processing! + } + return true; // unchanged! + } } diff --git a/plugins/UserFlag/adminprofileflag.php b/plugins/UserFlag/adminprofileflag.php index 20b808637..5d6acf086 100644 --- a/plugins/UserFlag/adminprofileflag.php +++ b/plugins/UserFlag/adminprofileflag.php @@ -43,6 +43,8 @@ if (!defined('STATUSNET')) { class AdminprofileflagAction extends Action { + var $page = null; + /** * Take arguments for running * @@ -55,6 +57,47 @@ class AdminprofileflagAction extends Action { parent::prepare($args); + $user = common_current_user(); + + // User must be logged in. + + if (!common_logged_in()) { + $this->clientError(_('Not logged in.')); + return; + } + + $user = common_current_user(); + + // ...because they're logged in + + assert(!empty($user)); + + // It must be a "real" login, not saved cookie login + + if (!common_is_real_login()) { + // Cookie theft is too easy; we require automatic + // logins to re-authenticate before admining the site + common_set_returnto($this->selfUrl()); + if (Event::handle('RedirectToLogin', array($this, $user))) { + common_redirect(common_local_url('login'), 303); + } + } + + // User must have the right to review flags + + if (!$user->hasRight(UserFlagPlugin::REVIEWFLAGS)) { + $this->clientError(_('You cannot review profile flags.')); + return false; + } + + $page = $this->int('page'); + + if (empty($page)) { + $this->page = 1; + } else { + $this->page = $page; + } + return true; } |