diff options
author | Evan Prodromou <evan@status.net> | 2009-11-16 19:03:59 +0100 |
---|---|---|
committer | Evan Prodromou <evan@status.net> | 2009-11-16 19:03:59 +0100 |
commit | d2145a5b7f3a95dcfa90edb4bcd5e5b3bf66c116 (patch) | |
tree | ef31dc1aeb9e111fb0ca3e0b44c347e4203561ac /classes | |
parent | 02cc7af1b6a6f8c460550ad0f884bf5e7a18d176 (diff) |
Move rights check to profile and add right for new notices
Added a right for new notices, realized that the hasRight() method
should be on the profile, and moved it.
Makes this a less atomic commit but that's the way it goes sometimes.
Diffstat (limited to 'classes')
-rw-r--r-- | classes/Notice.php | 6 | ||||
-rw-r--r-- | classes/Profile.php | 38 | ||||
-rw-r--r-- | classes/User.php | 33 |
3 files changed, 42 insertions, 35 deletions
diff --git a/classes/Notice.php b/classes/Notice.php index 291e6202b..fde40240f 100644 --- a/classes/Notice.php +++ b/classes/Notice.php @@ -195,10 +195,8 @@ class Notice extends Memcached_DataObject ' take a breather and post again in a few minutes.')); } - $banned = common_config('profile', 'banned'); - - if ( in_array($profile_id, $banned) || in_array($profile->nickname, $banned)) { - common_log(LOG_WARNING, "Attempted post from banned user: $profile->nickname (user id = $profile_id)."); + if (!$profile->hasRight(Right::NEWNOTICE)) { + common_log(LOG_WARNING, "Attempted post from user disallowed to post: " . $profile->nickname); throw new ClientException(_('You are banned from posting notices on this site.')); } diff --git a/classes/Profile.php b/classes/Profile.php index 5b4394d3b..e3b35533a 100644 --- a/classes/Profile.php +++ b/classes/Profile.php @@ -661,4 +661,42 @@ class Profile extends Memcached_DataObject { $this->revokeRole(Profile_role::SILENCED); } + + /** + * Does this user have the right to do X? + * + * With our role-based authorization, this is merely a lookup for whether the user + * has a particular role. The implementation currently uses a switch statement + * to determine if the user has the pre-defined role to exercise the right. Future + * implementations may allow per-site roles, and different mappings of roles to rights. + * + * @param $right string Name of the right, usually a constant in class Right + * @return boolean whether the user has the right in question + */ + + function hasRight($right) + { + $result = false; + if (Event::handle('UserRightsCheck', array($this, $right, &$result))) { + switch ($right) + { + case Right::DELETEOTHERSNOTICE: + case Right::SANDBOXUSER: + case Right::SILENCEUSER: + case Right::DELETEUSER: + $result = $this->hasRole(Profile_role::MODERATOR); + break; + case Right::CONFIGURESITE: + $result = $this->hasRole(Profile_role::ADMINISTRATOR); + break; + case Right::NEWNOTICE: + $result = !$this->isSilenced(); + break; + default: + $result = false; + break; + } + } + return $result; + } } diff --git a/classes/User.php b/classes/User.php index 82d3bd59a..a466369a1 100644 --- a/classes/User.php +++ b/classes/User.php @@ -657,39 +657,10 @@ class User extends Memcached_DataObject return Design::staticGet('id', $this->design_id); } - /** - * Does this user have the right to do X? - * - * With our role-based authorization, this is merely a lookup for whether the user - * has a particular role. The implementation currently uses a switch statement - * to determine if the user has the pre-defined role to exercise the right. Future - * implementations may allow per-site roles, and different mappings of roles to rights. - * - * @param $right string Name of the right, usually a constant in class Right - * @return boolean whether the user has the right in question - */ - function hasRight($right) { - $result = false; - if (Event::handle('UserRightsCheck', array($this, $right, &$result))) { - switch ($right) - { - case Right::DELETEOTHERSNOTICE: - case Right::SANDBOXUSER: - case Right::SILENCEUSER: - case Right::DELETEUSER: - $result = $this->hasRole(Profile_role::MODERATOR); - break; - case Right::CONFIGURESITE: - $result = $this->hasRole(Profile_role::ADMINISTRATOR); - break; - default: - $result = false; - break; - } - } - return $result; + $profile = $this->getProfile(); + return $profile->hasRight($right); } function delete() |