summaryrefslogtreecommitdiff
path: root/classes/Profile.php
diff options
context:
space:
mode:
Diffstat (limited to 'classes/Profile.php')
-rw-r--r--classes/Profile.php120
1 files changed, 120 insertions, 0 deletions
diff --git a/classes/Profile.php b/classes/Profile.php
index 9348248af..1b9cdb52f 100644
--- a/classes/Profile.php
+++ b/classes/Profile.php
@@ -591,4 +591,124 @@ class Profile extends Memcached_DataObject
return $location;
}
+
+ function hasRole($name)
+ {
+ $role = Profile_role::pkeyGet(array('profile_id' => $this->id,
+ 'role' => $name));
+ return (!empty($role));
+ }
+
+ function grantRole($name)
+ {
+ $role = new Profile_role();
+
+ $role->profile_id = $this->id;
+ $role->role = $name;
+ $role->created = common_sql_now();
+
+ $result = $role->insert();
+
+ if (!$result) {
+ common_log_db_error($role, 'INSERT', __FILE__);
+ return false;
+ }
+
+ return true;
+ }
+
+ function revokeRole($name)
+ {
+ $role = Profile_role::pkeyGet(array('profile_id' => $this->id,
+ 'role' => $name));
+
+ if (empty($role)) {
+ throw new Exception('Cannot revoke role "'.$name.'" for user #'.$this->id.'; does not exist.');
+ }
+
+ $result = $role->delete();
+
+ if (!$result) {
+ common_log_db_error($role, 'DELETE', __FILE__);
+ throw new Exception('Cannot revoke role "'.$name.'" for user #'.$this->id.'; database error.');
+ }
+
+ return true;
+ }
+
+ function isSandboxed()
+ {
+ return $this->hasRole(Profile_role::SANDBOXED);
+ }
+
+ function isSilenced()
+ {
+ return $this->hasRole(Profile_role::SILENCED);
+ }
+
+ function sandbox()
+ {
+ $this->grantRole(Profile_role::SANDBOXED);
+ }
+
+ function unsandbox()
+ {
+ $this->revokeRole(Profile_role::SANDBOXED);
+ }
+
+ function silence()
+ {
+ $this->grantRole(Profile_role::SILENCED);
+ }
+
+ function unsilence()
+ {
+ $this->revokeRole(Profile_role::SILENCED);
+ }
+
+ /**
+ * Does this user have the right to do X?
+ *
+ * With our role-based authorization, this is merely a lookup for whether the user
+ * has a particular role. The implementation currently uses a switch statement
+ * to determine if the user has the pre-defined role to exercise the right. Future
+ * implementations may allow per-site roles, and different mappings of roles to rights.
+ *
+ * @param $right string Name of the right, usually a constant in class Right
+ * @return boolean whether the user has the right in question
+ */
+
+ function hasRight($right)
+ {
+ $result = false;
+ if (Event::handle('UserRightsCheck', array($this, $right, &$result))) {
+ switch ($right)
+ {
+ case Right::DELETEOTHERSNOTICE:
+ case Right::SANDBOXUSER:
+ case Right::SILENCEUSER:
+ case Right::DELETEUSER:
+ $result = $this->hasRole(Profile_role::MODERATOR);
+ break;
+ case Right::CONFIGURESITE:
+ $result = $this->hasRole(Profile_role::ADMINISTRATOR);
+ break;
+ case Right::NEWNOTICE:
+ case Right::NEWMESSAGE:
+ case Right::SUBSCRIBE:
+ $result = !$this->isSilenced();
+ break;
+ case Right::PUBLICNOTICE:
+ case Right::EMAILONREPLY:
+ case Right::EMAILONSUBSCRIBE:
+ case Right::EMAILONFAVE:
+ $result = !$this->isSandboxed();
+ break;
+ default:
+ $result = false;
+ break;
+ }
+ }
+ return $result;
+ }
}