diff options
34 files changed, 1747 insertions, 563 deletions
diff --git a/actions/block.php b/actions/block.php index b125d2d8b..71a34e087 100644 --- a/actions/block.php +++ b/actions/block.php @@ -42,9 +42,11 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 * @link http://status.net/ */ -class BlockAction extends Action + +class BlockAction extends ProfileFormAction { var $profile = null; + /** * Take arguments for running * @@ -52,28 +54,22 @@ class BlockAction extends Action * * @return boolean success flag */ + function prepare($args) { - parent::prepare($args); - if (!common_logged_in()) { - $this->clientError(_('Not logged in.')); - return false; - } - $token = $this->trimmed('token'); - if (!$token || $token != common_session_token()) { - $this->clientError(_('There was a problem with your session token. Try again, please.')); - return; - } - $id = $this->trimmed('blockto'); - if (!$id) { - $this->clientError(_('No profile specified.')); + if (!parent::prepare($args)) { return false; } - $this->profile = Profile::staticGet('id', $id); - if (!$this->profile) { - $this->clientError(_('No profile with that ID.')); + + $cur = common_current_user(); + + assert(!empty($cur)); // checked by parent + + if ($cur->hasBlocked($this->profile)) { + $this->clientError(_("You already blocked that user.")); return false; } + return true; } @@ -86,18 +82,16 @@ class BlockAction extends Action * * @return void */ + function handle($args) { - parent::handle($args); if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($this->arg('no')) { - $cur = common_current_user(); - $other = Profile::staticGet('id', $this->arg('blockto')); - common_redirect(common_local_url('showstream', array('nickname' => $other->nickname)), - 303); + $this->returnToArgs(); } elseif ($this->arg('yes')) { - $this->blockProfile(); - } elseif ($this->arg('blockto')) { + $this->handlePost(); + $this->returnToArgs(); + } else { $this->showPage(); } } @@ -138,7 +132,7 @@ class BlockAction extends Action 'unable to subscribe to you in the future, and '. 'you will not be notified of any @-replies from them.')); $this->element('input', array('id' => 'blockto-' . $id, - 'name' => 'blockto', + 'name' => 'profileid', 'type' => 'hidden', 'value' => $id)); foreach ($this->args as $k => $v) { @@ -157,36 +151,17 @@ class BlockAction extends Action * * @return void */ - function blockProfile() + + function handlePost() { $cur = common_current_user(); - if ($cur->hasBlocked($this->profile)) { - $this->clientError(_('You have already blocked this user.')); - return; - } $result = $cur->block($this->profile); + if (!$result) { $this->serverError(_('Failed to save block information.')); return; } - - // Now, gotta figure where we go back to - foreach ($this->args as $k => $v) { - if ($k == 'returnto-action') { - $action = $v; - } elseif (substr($k, 0, 9) == 'returnto-') { - $args[substr($k, 9)] = $v; - } - } - - if ($action) { - common_redirect(common_local_url($action, $args), 303); - } else { - common_redirect(common_local_url('subscribers', - array('nickname' => $cur->nickname)), - 303); - } } } diff --git a/actions/deleteuser.php b/actions/deleteuser.php new file mode 100644 index 000000000..32b703aa7 --- /dev/null +++ b/actions/deleteuser.php @@ -0,0 +1,164 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * Action class to delete a user + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Action + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @copyright 2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET') && !defined('LACONICA')) { + exit(1); +} + +/** + * Delete a user + * + * @category Action + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @link http://status.net/ + */ + +class DeleteuserAction extends ProfileFormAction +{ + var $user = null; + + /** + * Take arguments for running + * + * @param array $args $_REQUEST args + * + * @return boolean success flag + */ + + function prepare($args) + { + if (!parent::prepare($args)) { + return false; + } + + $cur = common_current_user(); + + assert(!empty($cur)); // checked by parent + + if (!$cur->hasRight(Right::DELETEUSER)) { + $this->clientError(_("You cannot delete users.")); + return false; + } + + $this->user = User::staticGet('id', $this->profile->id); + + if (empty($this->user)) { + $this->clientError(_("You can only delete local users.")); + return false; + } + + return true; + } + + /** + * Handle request + * + * Shows a page with list of favorite notices + * + * @param array $args $_REQUEST args; handled in prepare() + * + * @return void + */ + + function handle($args) + { + if ($_SERVER['REQUEST_METHOD'] == 'POST') { + if ($this->arg('no')) { + $this->returnToArgs(); + } elseif ($this->arg('yes')) { + $this->handlePost(); + $this->returnToArgs(); + } else { + $this->showPage(); + } + } + } + + function showContent() { + $this->areYouSureForm(); + } + + function title() { + return _('Delete user'); + } + + function showNoticeForm() { + // nop + } + + /** + * Confirm with user. + * + * Shows a confirmation form. + * + * @return void + */ + function areYouSureForm() + { + $id = $this->profile->id; + $this->elementStart('form', array('id' => 'deleteuser-' . $id, + 'method' => 'post', + 'class' => 'form_settings form_entity_block', + 'action' => common_local_url('deleteuser'))); + $this->elementStart('fieldset'); + $this->hidden('token', common_session_token()); + $this->element('legend', _('Delete user')); + $this->element('p', null, + _('Are you sure you want to delete this user? '. + 'This will clear all data about the user from the '. + 'database, without a backup.')); + $this->element('input', array('id' => 'deleteuserto-' . $id, + 'name' => 'profileid', + 'type' => 'hidden', + 'value' => $id)); + foreach ($this->args as $k => $v) { + if (substr($k, 0, 9) == 'returnto-') { + $this->hidden($k, $v); + } + } + $this->submit('form_action-no', _('No'), 'submit form_action-primary', 'no', _("Do not block this user")); + $this->submit('form_action-yes', _('Yes'), 'submit form_action-secondary', 'yes', _('Delete this user')); + $this->elementEnd('fieldset'); + $this->elementEnd('form'); + } + + /** + * Actually delete a user. + * + * @return void + */ + + function handlePost() + { + $this->user->delete(); + } +} + diff --git a/actions/sandbox.php b/actions/sandbox.php new file mode 100644 index 000000000..5b034ff07 --- /dev/null +++ b/actions/sandbox.php @@ -0,0 +1,89 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * Action class to sandbox an abusive user + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Action + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @copyright 2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +/** + * Sandbox a user. + * + * @category Action + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @link http://status.net/ + */ + +class SandboxAction extends ProfileFormAction +{ + /** + * Check parameters + * + * @param array $args action arguments (URL, GET, POST) + * + * @return boolean success flag + */ + + function prepare($args) + { + if (!parent::prepare($args)) { + return false; + } + + $cur = common_current_user(); + + assert(!empty($cur)); // checked by parent + + if (!$cur->hasRight(Right::SANDBOXUSER)) { + $this->clientError(_("You cannot sandbox users on this site.")); + return false; + } + + assert(!empty($this->profile)); // checked by parent + + if ($this->profile->isSandboxed()) { + $this->clientError(_("User is already sandboxed.")); + return false; + } + + return true; + } + + /** + * Sandbox a user. + * + * @return void + */ + + function handlePost() + { + $this->profile->sandbox(); + } +} diff --git a/actions/silence.php b/actions/silence.php new file mode 100644 index 000000000..206e5ba87 --- /dev/null +++ b/actions/silence.php @@ -0,0 +1,89 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * Action class to silence an abusive user + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Action + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @copyright 2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +/** + * Silence a user. + * + * @category Action + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @link http://status.net/ + */ + +class SilenceAction extends ProfileFormAction +{ + /** + * Check parameters + * + * @param array $args action arguments (URL, GET, POST) + * + * @return boolean success flag + */ + + function prepare($args) + { + if (!parent::prepare($args)) { + return false; + } + + $cur = common_current_user(); + + assert(!empty($cur)); // checked by parent + + if (!$cur->hasRight(Right::SILENCEUSER)) { + $this->clientError(_("You cannot silence users on this site.")); + return false; + } + + assert(!empty($this->profile)); // checked by parent + + if ($this->profile->isSilenced()) { + $this->clientError(_("User is already silenced.")); + return false; + } + + return true; + } + + /** + * Silence a user. + * + * @return void + */ + + function handlePost() + { + $this->profile->silence(); + } +} diff --git a/actions/unblock.php b/actions/unblock.php index dc28d5d54..c60458cd3 100644 --- a/actions/unblock.php +++ b/actions/unblock.php @@ -42,57 +42,25 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 * @link http://status.net/ */ -class UnblockAction extends Action -{ - var $profile = null; - /** - * Take arguments for running - * - * @param array $args $_REQUEST args - * - * @return boolean success flag - */ +class UnblockAction extends ProfileFormAction +{ function prepare($args) { - parent::prepare($args); - if (!common_logged_in()) { - $this->clientError(_('Not logged in.')); - return false; - } - $token = $this->trimmed('token'); - if (!$token || $token != common_session_token()) { - $this->clientError(_('There was a problem with your session token. Try again, please.')); - return; - } - $id = $this->trimmed('unblockto'); - if (!$id) { - $this->clientError(_('No profile specified.')); + if (!parent::prepare($args)) { return false; } - $this->profile = Profile::staticGet('id', $id); - if (!$this->profile) { - $this->clientError(_('No profile with that ID.')); + + $cur = common_current_user(); + + assert(!empty($cur)); // checked by parent + + if (!$cur->hasBlocked($this->profile)) { + $this->clientError(_("You haven't blocked that user.")); return false; } - return true; - } - /** - * Handle request - * - * Shows a page with list of favorite notices - * - * @param array $args $_REQUEST args; handled in prepare() - * - * @return void - */ - function handle($args) - { - parent::handle($args); - if ($_SERVER['REQUEST_METHOD'] == 'POST') { - $this->unblockProfile(); - } + return true; } /** @@ -100,7 +68,8 @@ class UnblockAction extends Action * * @return void */ - function unblockProfile() + + function handlePost() { $cur = common_current_user(); $result = $cur->unblock($this->profile); @@ -108,20 +77,5 @@ class UnblockAction extends Action $this->serverError(_('Error removing the block.')); return; } - foreach ($this->args as $k => $v) { - if ($k == 'returnto-action') { - $action = $v; - } else if (substr($k, 0, 9) == 'returnto-') { - $args[substr($k, 9)] = $v; - } - } - if ($action) { - common_redirect(common_local_url($action, $args), 303); - } else { - common_redirect(common_local_url('subscribers', - array('nickname' => $cur->nickname)), - 303); - } } } - diff --git a/actions/unsandbox.php b/actions/unsandbox.php new file mode 100644 index 000000000..22f4d8e76 --- /dev/null +++ b/actions/unsandbox.php @@ -0,0 +1,89 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * Action class to unsandbox a user + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Action + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @copyright 2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +/** + * Unsandbox a user. + * + * @category Action + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @link http://status.net/ + */ + +class UnsandboxAction extends ProfileFormAction +{ + /** + * Check parameters + * + * @param array $args action arguments (URL, GET, POST) + * + * @return boolean success flag + */ + + function prepare($args) + { + if (!parent::prepare($args)) { + return false; + } + + $cur = common_current_user(); + + assert(!empty($cur)); // checked by parent + + if (!$cur->hasRight(Right::SANDBOXUSER)) { + $this->clientError(_("You cannot sandbox users on this site.")); + return false; + } + + assert(!empty($this->profile)); // checked by parent + + if (!$this->profile->isSandboxed()) { + $this->clientError(_("User is not sandboxed.")); + return false; + } + + return true; + } + + /** + * Unsandbox a user. + * + * @return void + */ + + function handlePost() + { + $this->profile->unsandbox(); + } +} diff --git a/actions/unsilence.php b/actions/unsilence.php new file mode 100644 index 000000000..9ff1b828b --- /dev/null +++ b/actions/unsilence.php @@ -0,0 +1,89 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * Action class to unsilence a user + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Action + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @copyright 2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +/** + * Silence a user. + * + * @category Action + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @link http://status.net/ + */ + +class UnsilenceAction extends ProfileFormAction +{ + /** + * Check parameters + * + * @param array $args action arguments (URL, GET, POST) + * + * @return boolean success flag + */ + + function prepare($args) + { + if (!parent::prepare($args)) { + return false; + } + + $cur = common_current_user(); + + assert(!empty($cur)); // checked by parent + + if (!$cur->hasRight(Right::SILENCEUSER)) { + $this->clientError(_("You cannot silence users on this site.")); + return false; + } + + assert(!empty($this->profile)); // checked by parent + + if (!$this->profile->isSilenced()) { + $this->clientError(_("User is not silenced.")); + return false; + } + + return true; + } + + /** + * Silence a user. + * + * @return void + */ + + function handlePost() + { + $this->profile->unsilence(); + } +} diff --git a/classes/Message.php b/classes/Message.php index 979e6e87c..718a9d922 100644 --- a/classes/Message.php +++ b/classes/Message.php @@ -39,6 +39,12 @@ class Message extends Memcached_DataObject static function saveNew($from, $to, $content, $source) { + $sender = Profile::staticGet('id', $from); + + if (!$sender->hasRight(Right::NEWMESSAGE)) { + throw new ClientException(_('You are banned from sending direct messages.')); + } + $msg = new Message(); $msg->from_profile = $from; diff --git a/classes/Notice.php b/classes/Notice.php index 291e6202b..1db431f2a 100644 --- a/classes/Notice.php +++ b/classes/Notice.php @@ -195,22 +195,19 @@ class Notice extends Memcached_DataObject ' take a breather and post again in a few minutes.')); } - $banned = common_config('profile', 'banned'); - - if ( in_array($profile_id, $banned) || in_array($profile->nickname, $banned)) { - common_log(LOG_WARNING, "Attempted post from banned user: $profile->nickname (user id = $profile_id)."); + if (!$profile->hasRight(Right::NEWNOTICE)) { + common_log(LOG_WARNING, "Attempted post from user disallowed to post: " . $profile->nickname); throw new ClientException(_('You are banned from posting notices on this site.')); } $notice = new Notice(); $notice->profile_id = $profile_id; - $blacklist = common_config('public', 'blacklist'); $autosource = common_config('public', 'autosource'); - # Blacklisted are non-false, but not 1, either + # Sandboxed are non-false, but not 1, either - if (($blacklist && in_array($profile_id, $blacklist)) || + if (!$user->hasRight(Right::PUBLICNOTICE) || ($source && $autosource && in_array($source, $autosource))) { $notice->is_local = Notice::LOCAL_NONPUBLIC; } else { diff --git a/classes/Profile.php b/classes/Profile.php index 9348248af..1b9cdb52f 100644 --- a/classes/Profile.php +++ b/classes/Profile.php @@ -591,4 +591,124 @@ class Profile extends Memcached_DataObject return $location; } + + function hasRole($name) + { + $role = Profile_role::pkeyGet(array('profile_id' => $this->id, + 'role' => $name)); + return (!empty($role)); + } + + function grantRole($name) + { + $role = new Profile_role(); + + $role->profile_id = $this->id; + $role->role = $name; + $role->created = common_sql_now(); + + $result = $role->insert(); + + if (!$result) { + common_log_db_error($role, 'INSERT', __FILE__); + return false; + } + + return true; + } + + function revokeRole($name) + { + $role = Profile_role::pkeyGet(array('profile_id' => $this->id, + 'role' => $name)); + + if (empty($role)) { + throw new Exception('Cannot revoke role "'.$name.'" for user #'.$this->id.'; does not exist.'); + } + + $result = $role->delete(); + + if (!$result) { + common_log_db_error($role, 'DELETE', __FILE__); + throw new Exception('Cannot revoke role "'.$name.'" for user #'.$this->id.'; database error.'); + } + + return true; + } + + function isSandboxed() + { + return $this->hasRole(Profile_role::SANDBOXED); + } + + function isSilenced() + { + return $this->hasRole(Profile_role::SILENCED); + } + + function sandbox() + { + $this->grantRole(Profile_role::SANDBOXED); + } + + function unsandbox() + { + $this->revokeRole(Profile_role::SANDBOXED); + } + + function silence() + { + $this->grantRole(Profile_role::SILENCED); + } + + function unsilence() + { + $this->revokeRole(Profile_role::SILENCED); + } + + /** + * Does this user have the right to do X? + * + * With our role-based authorization, this is merely a lookup for whether the user + * has a particular role. The implementation currently uses a switch statement + * to determine if the user has the pre-defined role to exercise the right. Future + * implementations may allow per-site roles, and different mappings of roles to rights. + * + * @param $right string Name of the right, usually a constant in class Right + * @return boolean whether the user has the right in question + */ + + function hasRight($right) + { + $result = false; + if (Event::handle('UserRightsCheck', array($this, $right, &$result))) { + switch ($right) + { + case Right::DELETEOTHERSNOTICE: + case Right::SANDBOXUSER: + case Right::SILENCEUSER: + case Right::DELETEUSER: + $result = $this->hasRole(Profile_role::MODERATOR); + break; + case Right::CONFIGURESITE: + $result = $this->hasRole(Profile_role::ADMINISTRATOR); + break; + case Right::NEWNOTICE: + case Right::NEWMESSAGE: + case Right::SUBSCRIBE: + $result = !$this->isSilenced(); + break; + case Right::PUBLICNOTICE: + case Right::EMAILONREPLY: + case Right::EMAILONSUBSCRIBE: + case Right::EMAILONFAVE: + $result = !$this->isSandboxed(); + break; + default: + $result = false; + break; + } + } + return $result; + } } diff --git a/classes/User_role.php b/classes/Profile_role.php index fc3806897..afa7fb74e 100644 --- a/classes/User_role.php +++ b/classes/Profile_role.php @@ -1,7 +1,7 @@ <?php /* * StatusNet - the distributed open-source microblogging tool - * Copyright (C) 2008, 2009, StatusNet, Inc. + * Copyright (C) 2009, StatusNet, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as published by @@ -10,42 +10,46 @@ * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. + * along with this program. If not, see <http://www.gnu.org/licenses/>. */ -if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } +if (!defined('STATUSNET')) { + exit(1); +} /** - * Table Definition for user_role + * Table Definition for profile_role */ require_once INSTALLDIR.'/classes/Memcached_DataObject.php'; -class User_role extends Memcached_DataObject +class Profile_role extends Memcached_DataObject { ###START_AUTOCODE /* the code below is auto generated do not remove the above tag */ - public $__table = 'user_role'; // table name - public $user_id; // int(4) primary_key not_null + public $__table = 'profile_role'; // table name + public $profile_id; // int(4) primary_key not_null public $role; // varchar(32) primary_key not_null - public $created; // datetime() not_null + public $created; // datetime not_null default_0000-00-00%2000%3A00%3A00 /* Static get */ - function staticGet($k,$v=NULL) { return Memcached_DataObject::staticGet('User_role',$k,$v); } + function staticGet($k,$v=NULL) { return Memcached_DataObject::staticGet('Profile_role',$k,$v); } /* the code above is auto generated do not remove the tag below */ ###END_AUTOCODE function &pkeyGet($kv) { - return Memcached_DataObject::pkeyGet('User_role', $kv); + return Memcached_DataObject::pkeyGet('Profile_role', $kv); } const MODERATOR = 'moderator'; const ADMINISTRATOR = 'administrator'; + const SANDBOXED = 'sandboxed'; + const SILENCED = 'silenced'; } diff --git a/classes/User.php b/classes/User.php index 4ddf94916..f905ea2b7 100644 --- a/classes/User.php +++ b/classes/User.php @@ -659,79 +659,10 @@ class User extends Memcached_DataObject return Design::staticGet('id', $this->design_id); } - function hasRole($name) - { - $role = User_role::pkeyGet(array('user_id' => $this->id, - 'role' => $name)); - return (!empty($role)); - } - - function grantRole($name) - { - $role = new User_role(); - - $role->user_id = $this->id; - $role->role = $name; - $role->created = common_sql_now(); - - $result = $role->insert(); - - if (!$result) { - common_log_db_error($role, 'INSERT', __FILE__); - return false; - } - - return true; - } - - function revokeRole($name) - { - $role = User_role::pkeyGet(array('user_id' => $this->id, - 'role' => $name)); - - if (empty($role)) { - throw new Exception('Cannot revoke role "'.$name.'" for user #'.$this->id.'; does not exist.'); - } - - $result = $role->delete(); - - if (!$result) { - common_log_db_error($role, 'DELETE', __FILE__); - throw new Exception('Cannot revoke role "'.$name.'" for user #'.$this->id.'; database error.'); - } - - return true; - } - - /** - * Does this user have the right to do X? - * - * With our role-based authorization, this is merely a lookup for whether the user - * has a particular role. The implementation currently uses a switch statement - * to determine if the user has the pre-defined role to exercise the right. Future - * implementations may allow per-site roles, and different mappings of roles to rights. - * - * @param $right string Name of the right, usually a constant in class Right - * @return boolean whether the user has the right in question - */ - function hasRight($right) { - $result = false; - if (Event::handle('UserRightsCheck', array($this, $right, &$result))) { - switch ($right) - { - case Right::DELETEOTHERSNOTICE: - $result = $this->hasRole(User_role::MODERATOR); - break; - case Right::CONFIGURESITE: - $result = $this->hasRole(User_role::ADMINISTRATOR); - default: - $result = false; - break; - } - } - return $result; + $profile = $this->getProfile(); + return $profile->hasRight($right); } function delete() @@ -776,4 +707,34 @@ class User extends Memcached_DataObject $block->delete(); // XXX delete group block? Reset blocker? } + + function hasRole($name) + { + $profile = $this->getProfile(); + return $profile->hasRole($name); + } + + function grantRole($name) + { + $profile = $this->getProfile(); + return $profile->grantRole($name); + } + + function revokeRole($name) + { + $profile = $this->getProfile(); + return $profile->revokeRole($name); + } + + function isSandboxed() + { + $profile = $this->getProfile(); + return $profile->isSandboxed(); + } + + function isSilenced() + { + $profile = $this->getProfile(); + return $profile->isSilenced(); + } } diff --git a/classes/statusnet.ini b/classes/statusnet.ini index 8572ea8ac..b2509dac5 100644 --- a/classes/statusnet.ini +++ b/classes/statusnet.ini @@ -253,6 +253,15 @@ modified = 384 [location_namespace__keys] id = K +[login_token] +user_id = 129 +token = 130 +created = 142 +modified = 384 + +[login_token__keys] +user_id = K + [message] id = 129 uri = 2 @@ -358,6 +367,15 @@ modified = 384 blocker = K blocked = K +[profile_role] +profile_id = 129 +role = 130 +created = 142 + +[profile_role__keys] +profile_id = K +role = K + [profile_tag] tagger = 129 tagged = 129 @@ -524,24 +542,4 @@ created = 142 modified = 384 [user_group__keys] -id = N - -[user_role] -user_id = 129 -role = 130 -created = 142 - -[user_role__keys] -user_id = K -role = K - -[login_token] -user_id = 129 -token = 130 -created = 142 -modified = 384 - -[login_token__keys] -user_id = K -token = K - +id = N
\ No newline at end of file diff --git a/db/statusnet.sql b/db/statusnet.sql index 732aded5a..18abcdfdb 100644 --- a/db/statusnet.sql +++ b/db/statusnet.sql @@ -557,13 +557,13 @@ create table config ( ) ENGINE=InnoDB CHARACTER SET utf8 COLLATE utf8_bin; -create table user_role ( +create table profile_role ( - user_id integer not null comment 'user having the role' references user (id), + profile_id integer not null comment 'account having the role' references profile (id), role varchar(32) not null comment 'string representing the role', created datetime not null comment 'date the role was granted', - constraint primary key (user_id, role) + constraint primary key (profile_id, role) ) ENGINE=InnoDB CHARACTER SET utf8 COLLATE utf8_bin; diff --git a/lib/action.php b/lib/action.php index b5cf3240c..4c1e73564 100644 --- a/lib/action.php +++ b/lib/action.php @@ -986,6 +986,18 @@ class Action extends HTMLOutputter // lawsuit function selfUrl() { + list($action, $args) = $this->returnToArgs(); + return common_local_url($action, $args); + } + + /** + * Returns arguments sufficient for re-constructing URL + * + * @return array two elements: action, other args + */ + + function returnToArgs() + { $action = $this->trimmed('action'); $args = $this->args; unset($args['action']); @@ -998,8 +1010,7 @@ class Action extends HTMLOutputter // lawsuit foreach (array_keys($_COOKIE) as $cookie) { unset($args[$cookie]); } - - return common_local_url($action, $args); + return array($action, $args); } /** diff --git a/lib/blockform.php b/lib/blockform.php index 4820d09af..b6652b1f6 100644 --- a/lib/blockform.php +++ b/lib/blockform.php @@ -32,8 +32,6 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } -require_once INSTALLDIR.'/lib/form.php'; - /** * Form for blocking a user * @@ -47,109 +45,38 @@ require_once INSTALLDIR.'/lib/form.php'; * @see UnblockForm */ -class BlockForm extends Form +class BlockForm extends ProfileActionForm { /** - * Profile of user to block - */ - - var $profile = null; - - /** - * Return-to args - */ - - var $args = null; - - /** - * Constructor + * Action this form provides * - * @param HTMLOutputter $out output channel - * @param Profile $profile profile of user to block - * @param array $args return-to args + * @return string Name of the action, lowercased. */ - function __construct($out=null, $profile=null, $args=null) + function target() { - parent::__construct($out); - - $this->profile = $profile; - $this->args = $args; + return 'block'; } /** - * ID of the form - * - * @return int ID of the form - */ - - function id() - { - return 'block-' . $this->profile->id; - } - - - /** - * class of the form - * - * @return string class of the form - */ - - function formClass() - { - return 'form_user_block'; - } - - - /** - * Action of the form - * - * @return string URL of the action - */ - - function action() - { - return common_local_url('block'); - } - - - /** - * Legend of the Form - * - * @return void - */ - function formLegend() - { - $this->out->element('legend', null, _('Block this user')); - } - - - /** - * Data elements of the form + * Title of the form * - * @return void + * @return string Title of the form, internationalized */ - function formData() + function title() { - $this->out->hidden('blockto-' . $this->profile->id, - $this->profile->id, - 'blockto'); - if ($this->args) { - foreach ($this->args as $k => $v) { - $this->out->hidden('returnto-' . $k, $v); - } - } + return _('Block'); } /** - * Action elements + * Description of the form * - * @return void + * @return string description of the form, internationalized */ - function formActions() + function description() { - $this->out->submit('submit', _('Block'), 'submit', null, _('Block this user')); + return _('Block this user'); } } diff --git a/lib/deleteuserform.php b/lib/deleteuserform.php new file mode 100644 index 000000000..09ea8f68d --- /dev/null +++ b/lib/deleteuserform.php @@ -0,0 +1,79 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * Form for deleting a user + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Form + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @copyright 2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +/** + * Form for deleting a user + * + * @category Form + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + * + */ + +class DeleteUserForm extends ProfileActionForm +{ + /** + * Action this form provides + * + * @return string Name of the action, lowercased. + */ + + function target() + { + return 'deleteuser'; + } + + /** + * Title of the form + * + * @return string Title of the form, internationalized + */ + + function title() + { + return _('Delete'); + } + + /** + * Description of the form + * + * @return string description of the form, internationalized + */ + + function description() + { + return _('Delete this user'); + } +} diff --git a/lib/mail.php b/lib/mail.php index 5218059e9..dffac3262 100644 --- a/lib/mail.php +++ b/lib/mail.php @@ -216,7 +216,8 @@ function mail_subscribe_notify($listenee, $listener) function mail_subscribe_notify_profile($listenee, $other) { - if ($listenee->email && $listenee->emailnotifysub) { + if ($other->hasRight(Right::EMAILONSUBSCRIBE) && + $listenee->email && $listenee->emailnotifysub) { // use the recipient's localization common_init_locale($listenee->language); @@ -545,6 +546,10 @@ function mail_notify_message($message, $from=null, $to=null) function mail_notify_fave($other, $user, $notice) { + if (!$user->hasRight(Right::EMAILONFAVE)) { + return; + } + $profile = $user->getProfile(); $bestname = $profile->getBestName(); @@ -594,10 +599,14 @@ function mail_notify_attn($user, $notice) $sender = $notice->getProfile(); + if (!$sender->hasRight(Right::EMAILONREPLY)) { + return; + } + $bestname = $sender->getBestName(); common_init_locale($user->language); - + if ($notice->conversation != $notice->id) { $conversationEmailText = "The full conversation can be read here:\n\n". "\t%5\$s\n\n "; @@ -607,9 +616,9 @@ function mail_notify_attn($user, $notice) $conversationEmailText = "%5\$s"; $conversationUrl = null; } - + $subject = sprintf(_('%s (@%s) sent a notice to your attention'), $bestname, $sender->nickname); - + $body = sprintf(_("%1\$s (@%9\$s) just sent a notice to your attention (an '@-reply') on %2\$s.\n\n". "The notice is here:\n\n". "\t%3\$s\n\n" . @@ -635,7 +644,7 @@ function mail_notify_attn($user, $notice) array('nickname' => $user->nickname)),//%7 common_local_url('emailsettings'), //%8 $sender->nickname); //%9 - + common_init_locale(); mail_to_user($user, $subject, $body); } diff --git a/lib/oauthstore.php b/lib/oauthstore.php index a4ea5ad4d..b04bcbb8b 100644 --- a/lib/oauthstore.php +++ b/lib/oauthstore.php @@ -462,6 +462,10 @@ class StatusNetOAuthDataStore extends OAuthDataStore $subscribed = $this->_getAnyProfile($subscribed_user_uri); $subscriber = $this->_getAnyProfile($subscriber_uri); + if (!$subscriber->hasRight(Right::SUBSCRIBE)) { + return _('You have been banned from subscribing.'); + } + $sub->subscribed = $subscribed->id; $sub->subscriber = $subscriber->id; diff --git a/lib/profileactionform.php b/lib/profileactionform.php new file mode 100644 index 000000000..24d4595c0 --- /dev/null +++ b/lib/profileactionform.php @@ -0,0 +1,187 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * Superclass for forms that operate on a profile + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Form + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @copyright 2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +/** + * Superclass for forms that operate on a profile + * + * Certain forms (block, silence, userflag, sandbox, delete) work on + * a single profile and work almost the same. So, this form extracts + * a lot of the common code to simplify those forms. + * + * @category Form + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +class ProfileActionForm extends Form +{ + /** + * Profile of user to act on + */ + + var $profile = null; + + /** + * Return-to args + */ + + var $args = null; + + /** + * Constructor + * + * @param HTMLOutputter $out output channel + * @param Profile $profile profile of user to act on + * @param array $args return-to args + */ + + function __construct($out=null, $profile=null, $args=null) + { + parent::__construct($out); + + $this->profile = $profile; + $this->args = $args; + } + + /** + * ID of the form + * + * @return int ID of the form + */ + + function id() + { + return $this->target() . '-' . $this->profile->id; + } + + /** + * class of the form + * + * @return string class of the form + */ + + function formClass() + { + return 'form_user_'.$this->target(); + } + + /** + * Action of the form + * + * @return string URL of the action + */ + + function action() + { + return common_local_url($this->target()); + } + + /** + * Legend of the Form + * + * @return void + */ + + function formLegend() + { + $this->out->element('legend', null, $this->description()); + } + + /** + * Data elements of the form + * + * @return void + */ + + function formData() + { + $action = $this->target(); + + $this->out->hidden($action.'to-' . $this->profile->id, + $this->profile->id, + 'profileid'); + + if ($this->args) { + foreach ($this->args as $k => $v) { + $this->out->hidden('returnto-' . $k, $v); + } + } + } + + /** + * Action elements + * + * @return void + */ + + function formActions() + { + $this->out->submit('submit', $this->title(), 'submit', + null, $this->description()); + } + + /** + * Action this form targets + * + * @return string Name of the action, lowercased. + */ + + function target() + { + return null; + } + + /** + * Title of the form + * + * @return string Title of the form, internationalized + */ + + function title() + { + return null; + } + + /** + * Description of the form + * + * @return string description of the form, internationalized + */ + + function description() + { + return null; + } +} diff --git a/lib/profileformaction.php b/lib/profileformaction.php new file mode 100644 index 000000000..8cb5f6a93 --- /dev/null +++ b/lib/profileformaction.php @@ -0,0 +1,139 @@ +<?php +/** + * Superclass for actions that operate on a user + * + * PHP version 5 + * + * StatusNet - the distributed open-source microblogging tool + * Copyright (C) 2009, StatusNet, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Action + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @link http://status.net/ + */ + +if (!defined('STATUSNET') && !defined('LACONICA')) { + exit(1); +} + +/** + * Superclass for actions that operate on a user + * + * @category Action + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @link http://status.net/ + */ + +class ProfileFormAction extends Action +{ + var $profile = null; + + /** + * Take arguments for running + * + * @param array $args $_REQUEST args + * + * @return boolean success flag + */ + + function prepare($args) + { + parent::prepare($args); + + $this->checkSessionToken(); + + if (!common_logged_in()) { + $this->clientError(_('Not logged in.')); + return false; + } + + $id = $this->trimmed('profileid'); + + if (!$id) { + $this->clientError(_('No profile specified.')); + return false; + } + + $this->profile = Profile::staticGet('id', $id); + + if (!$this->profile) { + $this->clientError(_('No profile with that ID.')); + return false; + } + + return true; + } + + /** + * Handle request + * + * Shows a page with list of favorite notices + * + * @param array $args $_REQUEST args; handled in prepare() + * + * @return void + */ + + function handle($args) + { + parent::handle($args); + + if ($_SERVER['REQUEST_METHOD'] == 'POST') { + $this->handlePost(); + $this->returnToArgs(); + } + } + + /** + * Return to the calling page based on hidden arguments + * + * @return void + */ + + function returnToArgs() + { + foreach ($this->args as $k => $v) { + if ($k == 'returnto-action') { + $action = $v; + } else if (substr($k, 0, 9) == 'returnto-') { + $args[substr($k, 9)] = $v; + } + } + + if ($action) { + common_redirect(common_local_url($action, $args), 303); + } else { + $this->clientError(_("No return-to arguments")); + } + } + + /** + * handle a POST request + * + * sub-classes should overload this request + * + * @return void + */ + + function handlePost() + { + $this->serverError(_("unimplemented method")); + } +} diff --git a/lib/right.php b/lib/right.php index 4fc981af0..5e66eae0e 100644 --- a/lib/right.php +++ b/lib/right.php @@ -47,5 +47,15 @@ class Right { const DELETEOTHERSNOTICE = 'deleteothersnotice'; const CONFIGURESITE = 'configuresite'; + const DELETEUSER = 'deleteuser'; + const SILENCEUSER = 'silenceuser'; + const SANDBOXUSER = 'sandboxuser'; + const NEWNOTICE = 'newnotice'; + const PUBLICNOTICE = 'publicnotice'; + const NEWMESSAGE = 'newmessage'; + const SUBSCRIBE = 'subscribe'; + const EMAILONREPLY = 'emailonreply'; + const EMAILONSUBSCRIBE = 'emailonsubscribe'; + const EMAILONFAVE = 'emailonfave'; } diff --git a/lib/router.php b/lib/router.php index bad3decad..53f30dd3e 100644 --- a/lib/router.php +++ b/lib/router.php @@ -96,7 +96,10 @@ class Router 'unsubscribe', 'confirmaddress', 'recoverpassword', 'invite', 'favor', 'disfavor', 'sup', 'block', 'unblock', 'subedit', - 'groupblock', 'groupunblock'); + 'groupblock', 'groupunblock', + 'sandbox', 'unsandbox', + 'silence', 'unsilence', + 'deleteuser'); foreach ($main as $a) { $m->connect('main/'.$a, array('action' => $a)); diff --git a/lib/sandboxform.php b/lib/sandboxform.php new file mode 100644 index 000000000..7a98e0a5f --- /dev/null +++ b/lib/sandboxform.php @@ -0,0 +1,80 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * Form for sandboxing a user + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Form + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @copyright 2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +/** + * Form for sandboxing a user + * + * @category Form + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + * + * @see UnSandboxForm + */ + +class SandboxForm extends ProfileActionForm +{ + /** + * Action this form provides + * + * @return string Name of the action, lowercased. + */ + + function target() + { + return 'sandbox'; + } + + /** + * Title of the form + * + * @return string Title of the form, internationalized + */ + + function title() + { + return _('Sandbox'); + } + + /** + * Description of the form + * + * @return string description of the form, internationalized + */ + + function description() + { + return _('Sandbox this user'); + } +} diff --git a/lib/silenceform.php b/lib/silenceform.php new file mode 100644 index 000000000..9673fa120 --- /dev/null +++ b/lib/silenceform.php @@ -0,0 +1,80 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * Form for silencing a user + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Form + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @copyright 2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +/** + * Form for silencing a user + * + * @category Form + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + * + * @see UnSilenceForm + */ + +class SilenceForm extends ProfileActionForm +{ + /** + * Action this form provides + * + * @return string Name of the action, lowercased. + */ + + function target() + { + return 'silence'; + } + + /** + * Title of the form + * + * @return string Title of the form, internationalized + */ + + function title() + { + return _('Silence'); + } + + /** + * Description of the form + * + * @return string description of the form, internationalized + */ + + function description() + { + return _('Silence this user'); + } +} diff --git a/lib/subs.php b/lib/subs.php index 2f0f97049..2fc3160de 100644 --- a/lib/subs.php +++ b/lib/subs.php @@ -44,6 +44,10 @@ function subs_subscribe_user($user, $other_nickname) function subs_subscribe_to($user, $other) { + if (!$user->hasRight(Right::SUBSCRIBE)) { + return _('You have been banned from subscribing.'); + } + if ($user->isSubscribed($other)) { return _('Already subscribed!'); } diff --git a/lib/unblockform.php b/lib/unblockform.php index f1343757c..4fe28b21a 100644 --- a/lib/unblockform.php +++ b/lib/unblockform.php @@ -28,12 +28,10 @@ * @link http://status.net/ */ -if (!defined('STATUSNET') && !defined('LACONICA')) { +if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR.'/lib/form.php'; - /** * Form for unblocking a user * @@ -47,106 +45,38 @@ require_once INSTALLDIR.'/lib/form.php'; * @see BlockForm */ -class UnblockForm extends Form +class UnblockForm extends ProfileActionForm { /** - * Profile of user to unblock - */ - - var $profile = null; - - /** - * Return-to args - */ - - var $args = null; - - /** - * Constructor - * - * @param HTMLOutputter $out output channel - * @param Profile $profile profile of user to unblock - * @param array $args return-to args - */ - - function __construct($out=null, $profile=null, $args=null) - { - parent::__construct($out); - - $this->profile = $profile; - $this->args = $args; - } - - /** - * ID of the form - * - * @return int ID of the form - */ - - function id() - { - return 'unblock-' . $this->profile->id; - } - - /** - * class of the form + * Action this form provides * - * @return string class of the form + * @return string Name of the action, lowercased. */ - function formClass() + function target() { - return 'form_user_unblock'; + return 'unblock'; } /** - * Action of the form - * - * @return string URL of the action - */ - - function action() - { - return common_local_url('unblock'); - } - - /** - * Legend of the Form - * - * @return void - */ - function formLegend() - { - $this->out->element('legend', null, _('Unblock this user')); - } - - - /** - * Data elements of the form + * Title of the form * - * @return void + * @return string Title of the form, internationalized */ - function formData() + function title() { - $this->out->hidden('unblockto-' . $this->profile->id, - $this->profile->id, - 'unblockto'); - if ($this->args) { - foreach ($this->args as $k => $v) { - $this->out->hidden('returnto-' . $k, $v); - } - } + return _('Unblock'); } /** - * Action elements + * Description of the form * - * @return void + * @return string description of the form, internationalized */ - function formActions() + function description() { - $this->out->submit('submit', _('Unblock'), 'submit', null, _('Unblock this user')); + return _('Unlock this user'); } } diff --git a/lib/unsandboxform.php b/lib/unsandboxform.php new file mode 100644 index 000000000..a77634244 --- /dev/null +++ b/lib/unsandboxform.php @@ -0,0 +1,82 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * Form for unsandboxing a user + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Form + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @copyright 2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +/** + * Form for unsandboxing a user + * + * Removes the "sandboxed" role for a user. + * + * @category Form + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + * + * @see UnSandboxForm + */ + +class UnsandboxForm extends ProfileActionForm +{ + /** + * Action this form provides + * + * @return string Name of the action, lowercased. + */ + + function target() + { + return 'unsandbox'; + } + + /** + * Title of the form + * + * @return string Title of the form, internationalized + */ + + function title() + { + return _('Unsandbox'); + } + + /** + * Description of the form + * + * @return string description of the form, internationalized + */ + + function description() + { + return _('Unsandbox this user'); + } +} diff --git a/lib/unsilenceform.php b/lib/unsilenceform.php new file mode 100644 index 000000000..ac02b8b6c --- /dev/null +++ b/lib/unsilenceform.php @@ -0,0 +1,80 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * Form for unsilencing a user + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Form + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @copyright 2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +/** + * Form for unsilencing a user + * + * @category Form + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + * + * @see SilenceForm + */ + +class UnSilenceForm extends ProfileActionForm +{ + /** + * Action this form provides + * + * @return string Name of the action, lowercased. + */ + + function target() + { + return 'unsilence'; + } + + /** + * Title of the form + * + * @return string Title of the form, internationalized + */ + + function title() + { + return _('Unsilence'); + } + + /** + * Description of the form + * + * @return string description of the form, internationalized + */ + + function description() + { + return _('Unsilence this user'); + } +} diff --git a/lib/userprofile.php b/lib/userprofile.php index 4f9d4984f..ee205af85 100644 --- a/lib/userprofile.php +++ b/lib/userprofile.php @@ -283,22 +283,57 @@ class UserProfile extends Widget } } + // return-to args, so we don't have to keep re-writing them + + list($action, $r2args) = $this->out->returnToArgs(); + + // push the action into the list + + $r2args['action'] = $action; + // block/unblock $blocked = $cur->hasBlocked($this->profile); $this->out->elementStart('li', 'entity_block'); if ($blocked) { - $ubf = new UnblockForm($this->out, $this->profile, - array('action' => 'showstream', - 'nickname' => $this->profile->nickname)); + $ubf = new UnblockForm($this->out, $this->profile, $r2args); $ubf->show(); } else { - $bf = new BlockForm($this->out, $this->profile, - array('action' => 'showstream', - 'nickname' => $this->profile->nickname)); + $bf = new BlockForm($this->out, $this->profile, $r2args); $bf->show(); } $this->out->elementEnd('li'); + + if ($cur->hasRight(Right::SANDBOXUSER)) { + $this->out->elementStart('li', 'entity_sandbox'); + if ($this->user->isSandboxed()) { + $usf = new UnSandboxForm($this->out, $this->profile, $r2args); + $usf->show(); + } else { + $sf = new SandboxForm($this->out, $this->profile, $r2args); + $sf->show(); + } + $this->out->elementEnd('li'); + } + + if ($cur->hasRight(Right::SILENCEUSER)) { + $this->out->elementStart('li', 'entity_silence'); + if ($this->user->isSilenced()) { + $usf = new UnSilenceForm($this->out, $this->profile, $r2args); + $usf->show(); + } else { + $sf = new SilenceForm($this->out, $this->profile, $r2args); + $sf->show(); + } + $this->out->elementEnd('li'); + } + + if ($cur->hasRight(Right::DELETEUSER)) { + $this->out->elementStart('li', 'entity_delete'); + $df = new DeleteUserForm($this->out, $this->profile, $r2args); + $df->show(); + $this->out->elementEnd('li'); + } } } diff --git a/plugins/UserFlag/UserFlagPlugin.php b/plugins/UserFlag/UserFlagPlugin.php index b4d48c74b..4d8671c72 100644 --- a/plugins/UserFlag/UserFlagPlugin.php +++ b/plugins/UserFlag/UserFlagPlugin.php @@ -113,7 +113,11 @@ class UserFlagPlugin extends Plugin if (!empty($user)) { - $form = new FlagProfileForm($item->action, $item->profile); + list($action, $args) = $item->action->returnToArgs(); + + $args['action'] = $action; + + $form = new FlagProfileForm($item->action, $item->profile, $args); $form->show(); } diff --git a/plugins/UserFlag/adminprofileflag.php b/plugins/UserFlag/adminprofileflag.php index b264beecb..1ac76b506 100644 --- a/plugins/UserFlag/adminprofileflag.php +++ b/plugins/UserFlag/adminprofileflag.php @@ -53,6 +53,8 @@ class AdminprofileflagAction extends Action function prepare($args) { + parent::prepare($args); + return true; } @@ -83,6 +85,117 @@ class AdminprofileflagAction extends Action function showContent() { + $profile = $this->getProfiles(); + + $pl = new FlaggedProfileList($profile, $this); + + $pl->show(); + } + + function getProfiles() + { + $ufp = new User_flag_profile(); + + $ufp->selectAdd(); + $ufp->selectAdd('profile_id'); + $ufp->selectAdd('count(*) as flag_count'); + + $ufp->whereAdd('cleared is NULL'); + + $ufp->groupBy('profile_id'); + $ufp->orderBy('flag_count DESC'); + + $profiles = array(); + + if ($ufp->find()) { + while ($ufp->fetch()) { + $profile = Profile::staticGet('id', $ufp->profile_id); + if (!empty($profile)) { + $profiles[] = $profile; + } + } + } + + $ufp->free(); + + return new ArrayWrapper($profiles); + } +} + +class FlaggedProfileList extends ProfileList { + + function newListItem($profile) + { + return new FlaggedProfileListItem($this->profile, $this->action); } } +class FlaggedProfileListItem extends ProfileListItem +{ + var $user = null; + var $r2args = null; + + function showActions() + { + $this->user = common_current_user(); + + list($action, $this->r2args) = $this->out->returnToArgs(); + + $this->r2args['action'] = $action; + + $this->startActions(); + if (Event::handle('StartProfileListItemActionElements', array($this))) { + $this->showSandboxButton(); + $this->showSilenceButton(); + $this->showDeleteButton(); + $this->showClearButton(); + Event::handle('EndProfileListItemActionElements', array($this)); + } + $this->endActions(); + } + + function showSandboxButton() + { + if ($this->user->hasRight(Right::SANDBOXUSER)) { + $this->out->elementStart('li', 'entity_sandbox'); + if ($this->profile->isSandboxed()) { + $usf = new UnSandboxForm($this->out, $this->profile, $this->r2args); + $usf->show(); + } else { + $sf = new SandboxForm($this->out, $this->profile, $this->r2args); + $sf->show(); + } + $this->out->elementEnd('li'); + } + } + + function showSilenceButton() + { + if ($this->user->hasRight(Right::SILENCEUSER)) { + $this->out->elementStart('li', 'entity_silence'); + if ($this->profile->isSilenced()) { + $usf = new UnSilenceForm($this->out, $this->profile, $this->r2args); + $usf->show(); + } else { + $sf = new SilenceForm($this->out, $this->profile, $this->r2args); + $sf->show(); + } + $this->out->elementEnd('li'); + } + } + + function showDeleteButton() + { + + if ($this->user->hasRight(Right::DELETEUSER)) { + $this->out->elementStart('li', 'entity_delete'); + $df = new DeleteUserForm($this->out, $this->profile, $this->r2args); + $df->show(); + $this->out->elementEnd('li'); + } + } + + function showClearButton() + { + } +} diff --git a/plugins/UserFlag/flagprofile.php b/plugins/UserFlag/flagprofile.php index 77c86b233..8ff2f1f72 100644 --- a/plugins/UserFlag/flagprofile.php +++ b/plugins/UserFlag/flagprofile.php @@ -41,11 +41,8 @@ if (!defined('STATUSNET')) { * @link http://status.net/ */ -class FlagprofileAction extends Action +class FlagprofileAction extends ProfileFormAction { - var $profile = null; - var $flag = null; - /** * Take arguments for running * @@ -56,34 +53,14 @@ class FlagprofileAction extends Action function prepare($args) { - parent::prepare($args); - - if ($_SERVER['REQUEST_METHOD'] != 'POST') { - throw new ClientException(_('Action only accepts POST')); - } - - if (!common_logged_in()) { - $this->clientError(_('Not logged in.')); - return false; - } - - $id = $this->trimmed('flagprofileto'); - - if (!$id) { - $this->clientError(_('No profile specified.')); - return false; - } - - $this->profile = Profile::staticGet('id', $id); - - if (empty($this->profile)) { - $this->clientError(_('No profile with that ID.')); + if (!parent::prepare($args)) { return false; } $user = common_current_user(); assert(!empty($user)); // checked above + assert(!empty($this->profile)); // checked above if (User_flag_profile::exists($this->profile->id, $user->id)) @@ -96,46 +73,12 @@ class FlagprofileAction extends Action } /** - * Handle request - * - * @param array $args $_REQUEST args; handled in prepare() + * Handle POST * * @return void */ - function handle($args) - { - parent::handle($args); - - $this->flagProfile(); - - if ($this->boolean('ajax')) { - header('Content-Type: text/xml;charset=utf-8'); - $this->xw->startDocument('1.0', 'UTF-8'); - $this->elementStart('html'); - $this->elementStart('head'); - $this->element('title', null, _('Flagged for review')); - $this->elementEnd('head'); - $this->elementStart('body'); - $this->element('p', 'flagged', _('Flagged')); - $this->elementEnd('body'); - $this->elementEnd('html'); - } else { - $this->returnTo(); - } - } - - function title() { - return _('Flag profile'); - } - - /** - * save the profile flag - * - * @return void - */ - - function flagProfile() + function handlePost() { $user = common_current_user(); @@ -149,25 +92,24 @@ class FlagprofileAction extends Action $ufp->created = common_sql_now(); if (!$ufp->insert()) { - throw new ServerException(sprintf(_("Couldn't flag profile '%s' with flag '%s'."), - $this->profile->nickname, $this->flag)); + throw new ServerException(sprintf(_("Couldn't flag profile '%s' for review."), + $this->profile->nickname)); } $ufp->free(); } - function returnTo() - { - // Now, gotta figure where we go back to - foreach ($this->args as $k => $v) { - if ($k == 'returnto-action') { - $action = $v; - } elseif (substr($k, 0, 9) == 'returnto-') { - $args[substr($k, 9)] = $v; - } - } - - common_redirect(common_local_url($action, $args), 303); + function ajaxResults() { + header('Content-Type: text/xml;charset=utf-8'); + $this->xw->startDocument('1.0', 'UTF-8'); + $this->elementStart('html'); + $this->elementStart('head'); + $this->element('title', null, _('Flagged for review')); + $this->elementEnd('head'); + $this->elementStart('body'); + $this->element('p', 'flagged', _('Flagged')); + $this->elementEnd('body'); + $this->elementEnd('html'); } } diff --git a/plugins/UserFlag/flagprofileform.php b/plugins/UserFlag/flagprofileform.php index a8396e2d5..262dad4a7 100644 --- a/plugins/UserFlag/flagprofileform.php +++ b/plugins/UserFlag/flagprofileform.php @@ -45,108 +45,38 @@ require_once INSTALLDIR.'/lib/form.php'; * @link http://status.net/ */ -class FlagProfileForm extends Form +class FlagProfileForm extends ProfileActionForm { /** - * Profile of profile to flag - */ - - var $profile = null; - - /** - * Return-to args - */ - - var $args = null; - - /** - * Constructor - * - * @param HTMLOutputter $out output channel - * @param Profile $profile profile of user to flag - * @param array $args return-to args - */ - - function __construct($out=null, $profile=null, $args=null) - { - parent::__construct($out); - - $this->profile = $profile; - $this->args = $args; - } - - /** - * ID of the form - * - * @return int ID of the form - */ - - function id() - { - return 'flagprofile-' . $this->profile->id; - } - - /** - * class of the form + * Action this form provides * - * @return string class of the form + * @return string Name of the action, lowercased. */ - function formClass() + function target() { - return 'form_entity_flag'; + return 'flagprofile'; } /** - * Action of the form + * Title of the form * - * @return string URL of the action + * @return string Title of the form, internationalized */ - function action() - { - return common_local_url('flagprofile'); - } - - /** - * Legend of the Form - * - * @return void - */ - function formLegend() + function title() { - $this->out->element('legend', null, _('Flag profile for review')); - } - - /** - * Data elements of the form - * - * @return void - */ - - function formData() - { - // TODO: let the user choose a flag - - $this->out->hidden('flagprofileto-' . $this->profile->id, - $this->profile->id, - 'flagprofileto'); - - if ($this->args) { - foreach ($this->args as $k => $v) { - $this->out->hidden('returnto-' . $k, $v); - } - } + return _('Flag'); } /** - * Action elements + * Description of the form * - * @return void + * @return string description of the form, internationalized */ - function formActions() + function description() { - $this->out->submit('submit', _('Flag'), 'submit', null, _('Flag profile for review')); + return _('Flag profile for review'); } } |