1 files changed, 82 insertions, 5 deletions

diff --git a/classes/User.php b/classes/User.php
index 11cb4f08b..48df0cdd7 100644
--- a/classes/User.php
+++ b/classes/User.php
@@ -117,11 +117,15 @@ class User extends Memcached_DataObject
     function allowed_nickname($nickname)
     {
         // XXX: should already be validated for size, content, etc.
-        static $blacklist = array('rss', 'xrds', 'doc', 'main',
-                                  'settings', 'notice', 'user',
-                                  'search', 'avatar', 'tag', 'tags',
-                                  'api', 'message', 'group', 'groups',
-                                  'local');
+
+        $blacklist = array();
+
+        //all directory and file names should be blacklisted
+        $d = dir(INSTALLDIR);
+        while (false !== ($entry = $d->read())) {
+            $blacklist[]=$entry;
+        }
+        $d->close();
         $merged = array_merge($blacklist, common_config('nickname', 'blacklist'));
         return !in_array($nickname, $merged);
     }
@@ -707,4 +711,77 @@ class User extends Memcached_DataObject
 
         return true;
     }
+
+    /**
+     * Does this user have the right to do X?
+     *
+     * With our role-based authorization, this is merely a lookup for whether the user
+     * has a particular role. The implementation currently uses a switch statement
+     * to determine if the user has the pre-defined role to exercise the right. Future
+     * implementations may allow per-site roles, and different mappings of roles to rights.
+     *
+     * @param $right string Name of the right, usually a constant in class Right
+     * @return boolean whether the user has the right in question
+     */
+
+    function hasRight($right)
+    {
+        $result = false;
+        if (Event::handle('UserRightsCheck', array($this, $right, &$result))) {
+            switch ($right)
+            {
+             case Right::deleteOthersNotice:
+                $result = $this->hasRole('moderator');
+                break;
+             default:
+                $result = false;
+                break;
+            }
+        }
+        return $result;
+    }
+
+    function delete()
+    {
+        $profile = $this->getProfile();
+        $profile->delete();
+
+        $related = array('Fave',
+                         'User_openid',
+                         'Confirm_address',
+                         'Remember_me',
+                         'Foreign_link',
+                         'Invitation',
+                         );
+
+        if (common_config('inboxes', 'enabled')) {
+            $related[] = 'Notice_inbox';
+        }
+
+        foreach ($related as $cls) {
+            $inst = new $cls();
+            $inst->user_id = $this->id;
+            $inst->delete();
+        }
+
+        $this->_deleteTags();
+        $this->_deleteBlocks();
+
+        parent::delete();
+    }
+
+    function _deleteTags()
+    {
+        $tag = new Profile_tag();
+        $tag->tagger = $this->id;
+        $tag->delete();
+    }
+
+    function _deleteBlocks()
+    {
+        $block = new Profile_block();
+        $block->blocker = $this->id;
+        $block->delete();
+        // XXX delete group block? Reset blocker?
+    }
 }