summaryrefslogtreecommitdiff
path: root/classes
diff options
context:
space:
mode:
authorEvan Prodromou <evan@status.net>2009-11-16 19:03:59 +0100
committerEvan Prodromou <evan@status.net>2009-11-16 19:03:59 +0100
commitd2145a5b7f3a95dcfa90edb4bcd5e5b3bf66c116 (patch)
treeef31dc1aeb9e111fb0ca3e0b44c347e4203561ac /classes
parent02cc7af1b6a6f8c460550ad0f884bf5e7a18d176 (diff)
Move rights check to profile and add right for new notices
Added a right for new notices, realized that the hasRight() method should be on the profile, and moved it. Makes this a less atomic commit but that's the way it goes sometimes.
Diffstat (limited to 'classes')
-rw-r--r--classes/Notice.php6
-rw-r--r--classes/Profile.php38
-rw-r--r--classes/User.php33
3 files changed, 42 insertions, 35 deletions
diff --git a/classes/Notice.php b/classes/Notice.php
index 291e6202b..fde40240f 100644
--- a/classes/Notice.php
+++ b/classes/Notice.php
@@ -195,10 +195,8 @@ class Notice extends Memcached_DataObject
' take a breather and post again in a few minutes.'));
}
- $banned = common_config('profile', 'banned');
-
- if ( in_array($profile_id, $banned) || in_array($profile->nickname, $banned)) {
- common_log(LOG_WARNING, "Attempted post from banned user: $profile->nickname (user id = $profile_id).");
+ if (!$profile->hasRight(Right::NEWNOTICE)) {
+ common_log(LOG_WARNING, "Attempted post from user disallowed to post: " . $profile->nickname);
throw new ClientException(_('You are banned from posting notices on this site.'));
}
diff --git a/classes/Profile.php b/classes/Profile.php
index 5b4394d3b..e3b35533a 100644
--- a/classes/Profile.php
+++ b/classes/Profile.php
@@ -661,4 +661,42 @@ class Profile extends Memcached_DataObject
{
$this->revokeRole(Profile_role::SILENCED);
}
+
+ /**
+ * Does this user have the right to do X?
+ *
+ * With our role-based authorization, this is merely a lookup for whether the user
+ * has a particular role. The implementation currently uses a switch statement
+ * to determine if the user has the pre-defined role to exercise the right. Future
+ * implementations may allow per-site roles, and different mappings of roles to rights.
+ *
+ * @param $right string Name of the right, usually a constant in class Right
+ * @return boolean whether the user has the right in question
+ */
+
+ function hasRight($right)
+ {
+ $result = false;
+ if (Event::handle('UserRightsCheck', array($this, $right, &$result))) {
+ switch ($right)
+ {
+ case Right::DELETEOTHERSNOTICE:
+ case Right::SANDBOXUSER:
+ case Right::SILENCEUSER:
+ case Right::DELETEUSER:
+ $result = $this->hasRole(Profile_role::MODERATOR);
+ break;
+ case Right::CONFIGURESITE:
+ $result = $this->hasRole(Profile_role::ADMINISTRATOR);
+ break;
+ case Right::NEWNOTICE:
+ $result = !$this->isSilenced();
+ break;
+ default:
+ $result = false;
+ break;
+ }
+ }
+ return $result;
+ }
}
diff --git a/classes/User.php b/classes/User.php
index 82d3bd59a..a466369a1 100644
--- a/classes/User.php
+++ b/classes/User.php
@@ -657,39 +657,10 @@ class User extends Memcached_DataObject
return Design::staticGet('id', $this->design_id);
}
- /**
- * Does this user have the right to do X?
- *
- * With our role-based authorization, this is merely a lookup for whether the user
- * has a particular role. The implementation currently uses a switch statement
- * to determine if the user has the pre-defined role to exercise the right. Future
- * implementations may allow per-site roles, and different mappings of roles to rights.
- *
- * @param $right string Name of the right, usually a constant in class Right
- * @return boolean whether the user has the right in question
- */
-
function hasRight($right)
{
- $result = false;
- if (Event::handle('UserRightsCheck', array($this, $right, &$result))) {
- switch ($right)
- {
- case Right::DELETEOTHERSNOTICE:
- case Right::SANDBOXUSER:
- case Right::SILENCEUSER:
- case Right::DELETEUSER:
- $result = $this->hasRole(Profile_role::MODERATOR);
- break;
- case Right::CONFIGURESITE:
- $result = $this->hasRole(Profile_role::ADMINISTRATOR);
- break;
- default:
- $result = false;
- break;
- }
- }
- return $result;
+ $profile = $this->getProfile();
+ return $profile->hasRight($right);
}
function delete()