diff options
-rw-r--r-- | classes/Notice.php | 6 | ||||
-rw-r--r-- | classes/Profile.php | 38 | ||||
-rw-r--r-- | classes/User.php | 33 | ||||
-rw-r--r-- | lib/right.php | 1 |
4 files changed, 43 insertions, 35 deletions
diff --git a/classes/Notice.php b/classes/Notice.php index 291e6202b..fde40240f 100644 --- a/classes/Notice.php +++ b/classes/Notice.php @@ -195,10 +195,8 @@ class Notice extends Memcached_DataObject ' take a breather and post again in a few minutes.')); } - $banned = common_config('profile', 'banned'); - - if ( in_array($profile_id, $banned) || in_array($profile->nickname, $banned)) { - common_log(LOG_WARNING, "Attempted post from banned user: $profile->nickname (user id = $profile_id)."); + if (!$profile->hasRight(Right::NEWNOTICE)) { + common_log(LOG_WARNING, "Attempted post from user disallowed to post: " . $profile->nickname); throw new ClientException(_('You are banned from posting notices on this site.')); } diff --git a/classes/Profile.php b/classes/Profile.php index 5b4394d3b..e3b35533a 100644 --- a/classes/Profile.php +++ b/classes/Profile.php @@ -661,4 +661,42 @@ class Profile extends Memcached_DataObject { $this->revokeRole(Profile_role::SILENCED); } + + /** + * Does this user have the right to do X? + * + * With our role-based authorization, this is merely a lookup for whether the user + * has a particular role. The implementation currently uses a switch statement + * to determine if the user has the pre-defined role to exercise the right. Future + * implementations may allow per-site roles, and different mappings of roles to rights. + * + * @param $right string Name of the right, usually a constant in class Right + * @return boolean whether the user has the right in question + */ + + function hasRight($right) + { + $result = false; + if (Event::handle('UserRightsCheck', array($this, $right, &$result))) { + switch ($right) + { + case Right::DELETEOTHERSNOTICE: + case Right::SANDBOXUSER: + case Right::SILENCEUSER: + case Right::DELETEUSER: + $result = $this->hasRole(Profile_role::MODERATOR); + break; + case Right::CONFIGURESITE: + $result = $this->hasRole(Profile_role::ADMINISTRATOR); + break; + case Right::NEWNOTICE: + $result = !$this->isSilenced(); + break; + default: + $result = false; + break; + } + } + return $result; + } } diff --git a/classes/User.php b/classes/User.php index 82d3bd59a..a466369a1 100644 --- a/classes/User.php +++ b/classes/User.php @@ -657,39 +657,10 @@ class User extends Memcached_DataObject return Design::staticGet('id', $this->design_id); } - /** - * Does this user have the right to do X? - * - * With our role-based authorization, this is merely a lookup for whether the user - * has a particular role. The implementation currently uses a switch statement - * to determine if the user has the pre-defined role to exercise the right. Future - * implementations may allow per-site roles, and different mappings of roles to rights. - * - * @param $right string Name of the right, usually a constant in class Right - * @return boolean whether the user has the right in question - */ - function hasRight($right) { - $result = false; - if (Event::handle('UserRightsCheck', array($this, $right, &$result))) { - switch ($right) - { - case Right::DELETEOTHERSNOTICE: - case Right::SANDBOXUSER: - case Right::SILENCEUSER: - case Right::DELETEUSER: - $result = $this->hasRole(Profile_role::MODERATOR); - break; - case Right::CONFIGURESITE: - $result = $this->hasRole(Profile_role::ADMINISTRATOR); - break; - default: - $result = false; - break; - } - } - return $result; + $profile = $this->getProfile(); + return $profile->hasRight($right); } function delete() diff --git a/lib/right.php b/lib/right.php index 88abdf780..ae8516602 100644 --- a/lib/right.php +++ b/lib/right.php @@ -50,5 +50,6 @@ class Right const DELETEUSER = 'deleteuser'; const SILENCEUSER = 'silenceuser'; const SANDBOXUSER = 'sandboxuser'; + const NEWNOTICE = 'newnotice'; } |