Move rights check to profile and add right for new notices

Added a right for new notices, realized that the hasRight() method
should be on the profile, and moved it.

Makes this a less atomic commit but that's the way it goes sometimes.

3 files changed, 42 insertions, 35 deletions

diff --git a/classes/Notice.php b/classes/Notice.php
index 291e6202b..fde40240f 100644
--- a/classes/Notice.php
+++ b/classes/Notice.php
@@ -195,10 +195,8 @@ class Notice extends Memcached_DataObject
                                         ' take a breather and post again in a few minutes.'));
         }
 
-        $banned = common_config('profile', 'banned');
-
-        if ( in_array($profile_id, $banned) || in_array($profile->nickname, $banned)) {
-            common_log(LOG_WARNING, "Attempted post from banned user: $profile->nickname (user id = $profile_id).");
+        if (!$profile->hasRight(Right::NEWNOTICE)) {
+            common_log(LOG_WARNING, "Attempted post from user disallowed to post: " . $profile->nickname);
             throw new ClientException(_('You are banned from posting notices on this site.'));
         }
 
diff --git a/classes/Profile.php b/classes/Profile.php
index 5b4394d3b..e3b35533a 100644
--- a/classes/Profile.php
+++ b/classes/Profile.php
@@ -661,4 +661,42 @@ class Profile extends Memcached_DataObject
     {
         $this->revokeRole(Profile_role::SILENCED);
     }
+
+    /**
+     * Does this user have the right to do X?
+     *
+     * With our role-based authorization, this is merely a lookup for whether the user
+     * has a particular role. The implementation currently uses a switch statement
+     * to determine if the user has the pre-defined role to exercise the right. Future
+     * implementations may allow per-site roles, and different mappings of roles to rights.
+     *
+     * @param $right string Name of the right, usually a constant in class Right
+     * @return boolean whether the user has the right in question
+     */
+
+    function hasRight($right)
+    {
+        $result = false;
+        if (Event::handle('UserRightsCheck', array($this, $right, &$result))) {
+            switch ($right)
+            {
+            case Right::DELETEOTHERSNOTICE:
+            case Right::SANDBOXUSER:
+            case Right::SILENCEUSER:
+            case Right::DELETEUSER:
+                $result = $this->hasRole(Profile_role::MODERATOR);
+                break;
+            case Right::CONFIGURESITE:
+                $result = $this->hasRole(Profile_role::ADMINISTRATOR);
+                break;
+            case Right::NEWNOTICE:
+                $result = !$this->isSilenced();
+                break;
+            default:
+                $result = false;
+                break;
+            }
+        }
+        return $result;
+    }
 }
diff --git a/classes/User.php b/classes/User.php
index 82d3bd59a..a466369a1 100644
--- a/classes/User.php
+++ b/classes/User.php
@@ -657,39 +657,10 @@ class User extends Memcached_DataObject
         return Design::staticGet('id', $this->design_id);
     }
 
-    /**
-     * Does this user have the right to do X?
-     *
-     * With our role-based authorization, this is merely a lookup for whether the user
-     * has a particular role. The implementation currently uses a switch statement
-     * to determine if the user has the pre-defined role to exercise the right. Future
-     * implementations may allow per-site roles, and different mappings of roles to rights.
-     *
-     * @param $right string Name of the right, usually a constant in class Right
-     * @return boolean whether the user has the right in question
-     */
-
     function hasRight($right)
     {
-        $result = false;
-        if (Event::handle('UserRightsCheck', array($this, $right, &$result))) {
-            switch ($right)
-            {
-            case Right::DELETEOTHERSNOTICE:
-            case Right::SANDBOXUSER:
-            case Right::SILENCEUSER:
-            case Right::DELETEUSER:
-                $result = $this->hasRole(Profile_role::MODERATOR);
-                break;
-            case Right::CONFIGURESITE:
-                $result = $this->hasRole(Profile_role::ADMINISTRATOR);
-                break;
-            default:
-                $result = false;
-                break;
-            }
-        }
-        return $result;
+        $profile = $this->getProfile();
+        return $profile->hasRight($right);
     }
 
     function delete()