summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEvan Prodromou <evan@status.net>2009-12-27 11:04:53 -0800
committerEvan Prodromou <evan@status.net>2009-12-27 11:04:53 -0800
commit5d6b6bfd3494a7829c8fdccfdf85278811db83c8 (patch)
tree72ca422c3972a4f15fa4eb1d0534f29d237d1aeb
parent1a462b04d7594159e90b514538ddbe3f7effd7f8 (diff)
admin page checks for right to review flags
-rw-r--r--plugins/UserFlag/UserFlagPlugin.php12
-rw-r--r--plugins/UserFlag/adminprofileflag.php43
2 files changed, 54 insertions, 1 deletions
diff --git a/plugins/UserFlag/UserFlagPlugin.php b/plugins/UserFlag/UserFlagPlugin.php
index 75dcca4fc..b4f9bd783 100644
--- a/plugins/UserFlag/UserFlagPlugin.php
+++ b/plugins/UserFlag/UserFlagPlugin.php
@@ -43,6 +43,8 @@ if (!defined('STATUSNET') && !defined('LACONICA')) {
class UserFlagPlugin extends Plugin
{
+ const REVIEWFLAGS = 'UserFlagPlugin::reviewflags';
+
function onCheckSchema()
{
$schema = Schema::get();
@@ -138,7 +140,7 @@ class UserFlagPlugin extends Plugin
function onEndShowStatusNetStyles($action)
{
- $action->cssLink(common_path('plugins/UserFlag/userflag.css'),
+ $action->cssLink(common_path('plugins/UserFlag/userflag.css'),
null, 'screen, projection, tv');
return true;
}
@@ -148,4 +150,12 @@ class UserFlagPlugin extends Plugin
$action->inlineScript('if ($(".form_entity_flag").length > 0) { SN.U.FormXHR($(".form_entity_flag")); }');
return true;
}
+
+ function onUserRightsCheck($user, $right, &$result) {
+ if ($right == self::REVIEWFLAGS) {
+ $result = $user->hasRole('moderator');
+ return false; // done processing!
+ }
+ return true; // unchanged!
+ }
}
diff --git a/plugins/UserFlag/adminprofileflag.php b/plugins/UserFlag/adminprofileflag.php
index 20b808637..5d6acf086 100644
--- a/plugins/UserFlag/adminprofileflag.php
+++ b/plugins/UserFlag/adminprofileflag.php
@@ -43,6 +43,8 @@ if (!defined('STATUSNET')) {
class AdminprofileflagAction extends Action
{
+ var $page = null;
+
/**
* Take arguments for running
*
@@ -55,6 +57,47 @@ class AdminprofileflagAction extends Action
{
parent::prepare($args);
+ $user = common_current_user();
+
+ // User must be logged in.
+
+ if (!common_logged_in()) {
+ $this->clientError(_('Not logged in.'));
+ return;
+ }
+
+ $user = common_current_user();
+
+ // ...because they're logged in
+
+ assert(!empty($user));
+
+ // It must be a "real" login, not saved cookie login
+
+ if (!common_is_real_login()) {
+ // Cookie theft is too easy; we require automatic
+ // logins to re-authenticate before admining the site
+ common_set_returnto($this->selfUrl());
+ if (Event::handle('RedirectToLogin', array($this, $user))) {
+ common_redirect(common_local_url('login'), 303);
+ }
+ }
+
+ // User must have the right to review flags
+
+ if (!$user->hasRight(UserFlagPlugin::REVIEWFLAGS)) {
+ $this->clientError(_('You cannot review profile flags.'));
+ return false;
+ }
+
+ $page = $this->int('page');
+
+ if (empty($page)) {
+ $this->page = 1;
+ } else {
+ $this->page = $page;
+ }
+
return true;
}