From ed690615de8f6433a1a4d9a8fc7c28385af47d8a Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Thu, 12 Nov 2009 20:12:00 -0500 Subject: Added a User_username table that links the external username with a StatusNet user_id Added EmailAuthenticationPlugin Added ReverseUsernameAuthenticationPlugin Changed the StartChangePassword and EndChangePassword events to take a user, instead of a nickname User::allowed_nickname was declared non-static, but used as if it was static, so I made the declaration static --- classes/User.php | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'classes/User.php') diff --git a/classes/User.php b/classes/User.php index 9b90ce61b..9f1ee53f4 100644 --- a/classes/User.php +++ b/classes/User.php @@ -114,7 +114,7 @@ class User extends Memcached_DataObject return $result; } - function allowed_nickname($nickname) + static function allowed_nickname($nickname) { // XXX: should already be validated for size, content, etc. $blacklist = common_config('nickname', 'blacklist'); @@ -190,7 +190,17 @@ class User extends Memcached_DataObject $profile->query('BEGIN'); + if(!empty($email)) + { + $email = common_canonical_email($email); + } + + $nickname = common_canonical_nickname($nickname); $profile->nickname = $nickname; + if(! User::allowed_nickname($nickname)){ + common_log(LOG_WARNING, sprintf("Attempted to register a nickname that is not allowed: %s", $profile->nickname), + __FILE__); + } $profile->profileurl = common_profile_url($nickname); if (!empty($fullname)) { @@ -242,6 +252,10 @@ class User extends Memcached_DataObject } } + if(isset($email_confirmed) && $email_confirmed) { + $user->email = $email; + } + // This flag is ignored but still set to 1 $user->inboxed = 1; -- cgit v1.2.3-54-g00ecf From c9475c76a8b4c2bf32d1d3293b03b646e7e7a91e Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sun, 15 Nov 2009 15:59:10 +0100 Subject: define rights around how to silence, sandbox, and delete a user --- classes/User.php | 14 ++++++++++++++ classes/User_role.php | 2 ++ lib/right.php | 3 +++ 3 files changed, 19 insertions(+) (limited to 'classes/User.php') diff --git a/classes/User.php b/classes/User.php index 9f1ee53f4..0e8404377 100644 --- a/classes/User.php +++ b/classes/User.php @@ -720,10 +720,14 @@ class User extends Memcached_DataObject switch ($right) { case Right::DELETEOTHERSNOTICE: + case Right::SANDBOXUSER: + case Right::SILENCEUSER: + case Right::DELETEUSER: $result = $this->hasRole(User_role::MODERATOR); break; case Right::CONFIGURESITE: $result = $this->hasRole(User_role::ADMINISTRATOR); + break; default: $result = false; break; @@ -774,4 +778,14 @@ class User extends Memcached_DataObject $block->delete(); // XXX delete group block? Reset blocker? } + + function isSandboxed() + { + return $this->hasRole(User_role::SANDBOXED); + } + + function isSilenced() + { + return $this->hasRole(User_role::SILENCED); + } } diff --git a/classes/User_role.php b/classes/User_role.php index fc3806897..b415642fc 100644 --- a/classes/User_role.php +++ b/classes/User_role.php @@ -48,4 +48,6 @@ class User_role extends Memcached_DataObject const MODERATOR = 'moderator'; const ADMINISTRATOR = 'administrator'; + const SANDBOXED = 'sandboxed'; + const SILENCED = 'silenced'; } diff --git a/lib/right.php b/lib/right.php index 4fc981af0..88abdf780 100644 --- a/lib/right.php +++ b/lib/right.php @@ -47,5 +47,8 @@ class Right { const DELETEOTHERSNOTICE = 'deleteothersnotice'; const CONFIGURESITE = 'configuresite'; + const DELETEUSER = 'deleteuser'; + const SILENCEUSER = 'silenceuser'; + const SANDBOXUSER = 'sandboxuser'; } -- cgit v1.2.3-54-g00ecf From 792590bcdccfabc8565dea138d93f6f3405131da Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Mon, 16 Nov 2009 15:52:33 +0100 Subject: move role functions to Profile class --- classes/Profile.php | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++++ classes/User.php | 68 ++++++++++++++++-------------------------------- 2 files changed, 96 insertions(+), 46 deletions(-) (limited to 'classes/User.php') diff --git a/classes/Profile.php b/classes/Profile.php index 7c1e9db33..2668efcc7 100644 --- a/classes/Profile.php +++ b/classes/Profile.php @@ -587,4 +587,78 @@ class Profile extends Memcached_DataObject return $location; } + + function hasRole($name) + { + $role = User_role::pkeyGet(array('user_id' => $this->id, + 'role' => $name)); + return (!empty($role)); + } + + function grantRole($name) + { + $role = new User_role(); + + $role->user_id = $this->id; + $role->role = $name; + $role->created = common_sql_now(); + + $result = $role->insert(); + + if (!$result) { + common_log_db_error($role, 'INSERT', __FILE__); + return false; + } + + return true; + } + + function revokeRole($name) + { + $role = User_role::pkeyGet(array('user_id' => $this->id, + 'role' => $name)); + + if (empty($role)) { + throw new Exception('Cannot revoke role "'.$name.'" for user #'.$this->id.'; does not exist.'); + } + + $result = $role->delete(); + + if (!$result) { + common_log_db_error($role, 'DELETE', __FILE__); + throw new Exception('Cannot revoke role "'.$name.'" for user #'.$this->id.'; database error.'); + } + + return true; + } + + function isSandboxed() + { + return $this->hasRole(User_role::SANDBOXED); + } + + function isSilenced() + { + return $this->hasRole(User_role::SILENCED); + } + + function sandbox() + { + $this->grantRole(User_role::SANDBOXED); + } + + function unsandbox() + { + $this->revokeRole(User_role::SANDBOXED); + } + + function silence() + { + $this->grantRole(User_role::SILENCED); + } + + function unsilence() + { + $this->revokeRole(User_role::SILENCED); + } } diff --git a/classes/User.php b/classes/User.php index 0e8404377..1dca59f23 100644 --- a/classes/User.php +++ b/classes/User.php @@ -657,50 +657,6 @@ class User extends Memcached_DataObject return Design::staticGet('id', $this->design_id); } - function hasRole($name) - { - $role = User_role::pkeyGet(array('user_id' => $this->id, - 'role' => $name)); - return (!empty($role)); - } - - function grantRole($name) - { - $role = new User_role(); - - $role->user_id = $this->id; - $role->role = $name; - $role->created = common_sql_now(); - - $result = $role->insert(); - - if (!$result) { - common_log_db_error($role, 'INSERT', __FILE__); - return false; - } - - return true; - } - - function revokeRole($name) - { - $role = User_role::pkeyGet(array('user_id' => $this->id, - 'role' => $name)); - - if (empty($role)) { - throw new Exception('Cannot revoke role "'.$name.'" for user #'.$this->id.'; does not exist.'); - } - - $result = $role->delete(); - - if (!$result) { - common_log_db_error($role, 'DELETE', __FILE__); - throw new Exception('Cannot revoke role "'.$name.'" for user #'.$this->id.'; database error.'); - } - - return true; - } - /** * Does this user have the right to do X? * @@ -779,13 +735,33 @@ class User extends Memcached_DataObject // XXX delete group block? Reset blocker? } + function hasRole($name) + { + $profile = $this->getProfile(); + return $profile->hasRole($name); + } + + function grantRole($name) + { + $profile = $this->getProfile(); + return $profile->grantRole($name); + } + + function revokeRole($name) + { + $profile = $this->getProfile(); + return $profile->revokeRole($name); + } + function isSandboxed() { - return $this->hasRole(User_role::SANDBOXED); + $profile = $this->getProfile(); + return $profile->isSandboxed(); } function isSilenced() { - return $this->hasRole(User_role::SILENCED); + $profile = $this->getProfile(); + return $profile->isSilenced(); } } -- cgit v1.2.3-54-g00ecf From 3e08309826f1f627676a02b85d6809fcbd27a37b Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Mon, 16 Nov 2009 16:06:52 +0100 Subject: change uses of User_role to Profile_role --- classes/Profile.php | 28 ++++++++++++++-------------- classes/User.php | 4 ++-- 2 files changed, 16 insertions(+), 16 deletions(-) (limited to 'classes/User.php') diff --git a/classes/Profile.php b/classes/Profile.php index 2668efcc7..5b4394d3b 100644 --- a/classes/Profile.php +++ b/classes/Profile.php @@ -590,18 +590,18 @@ class Profile extends Memcached_DataObject function hasRole($name) { - $role = User_role::pkeyGet(array('user_id' => $this->id, - 'role' => $name)); + $role = Profile_role::pkeyGet(array('profile_id' => $this->id, + 'role' => $name)); return (!empty($role)); } function grantRole($name) { - $role = new User_role(); + $role = new Profile_role(); - $role->user_id = $this->id; - $role->role = $name; - $role->created = common_sql_now(); + $role->profile_id = $this->id; + $role->role = $name; + $role->created = common_sql_now(); $result = $role->insert(); @@ -615,8 +615,8 @@ class Profile extends Memcached_DataObject function revokeRole($name) { - $role = User_role::pkeyGet(array('user_id' => $this->id, - 'role' => $name)); + $role = Profile_role::pkeyGet(array('profile_id' => $this->id, + 'role' => $name)); if (empty($role)) { throw new Exception('Cannot revoke role "'.$name.'" for user #'.$this->id.'; does not exist.'); @@ -634,31 +634,31 @@ class Profile extends Memcached_DataObject function isSandboxed() { - return $this->hasRole(User_role::SANDBOXED); + return $this->hasRole(Profile_role::SANDBOXED); } function isSilenced() { - return $this->hasRole(User_role::SILENCED); + return $this->hasRole(Profile_role::SILENCED); } function sandbox() { - $this->grantRole(User_role::SANDBOXED); + $this->grantRole(Profile_role::SANDBOXED); } function unsandbox() { - $this->revokeRole(User_role::SANDBOXED); + $this->revokeRole(Profile_role::SANDBOXED); } function silence() { - $this->grantRole(User_role::SILENCED); + $this->grantRole(Profile_role::SILENCED); } function unsilence() { - $this->revokeRole(User_role::SILENCED); + $this->revokeRole(Profile_role::SILENCED); } } diff --git a/classes/User.php b/classes/User.php index 1dca59f23..82d3bd59a 100644 --- a/classes/User.php +++ b/classes/User.php @@ -679,10 +679,10 @@ class User extends Memcached_DataObject case Right::SANDBOXUSER: case Right::SILENCEUSER: case Right::DELETEUSER: - $result = $this->hasRole(User_role::MODERATOR); + $result = $this->hasRole(Profile_role::MODERATOR); break; case Right::CONFIGURESITE: - $result = $this->hasRole(User_role::ADMINISTRATOR); + $result = $this->hasRole(Profile_role::ADMINISTRATOR); break; default: $result = false; -- cgit v1.2.3-54-g00ecf From 717758563038e802976fbd5fcdede45804b82c51 Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Mon, 16 Nov 2009 11:22:45 -0500 Subject: getGroups was not handling the case where limit=null correctly --- classes/User.php | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'classes/User.php') diff --git a/classes/User.php b/classes/User.php index 9f1ee53f4..4ddf94916 100644 --- a/classes/User.php +++ b/classes/User.php @@ -577,11 +577,13 @@ class User extends Memcached_DataObject 'WHERE group_member.profile_id = %d ' . 'ORDER BY group_member.created DESC '; - if ($offset) { - if (common_config('db','type') == 'pgsql') { - $qry .= ' LIMIT ' . $limit . ' OFFSET ' . $offset; - } else { - $qry .= ' LIMIT ' . $offset . ', ' . $limit; + if ($offset>0 && !is_null($limit)) { + if ($offset) { + if (common_config('db','type') == 'pgsql') { + $qry .= ' LIMIT ' . $limit . ' OFFSET ' . $offset; + } else { + $qry .= ' LIMIT ' . $offset . ', ' . $limit; + } } } -- cgit v1.2.3-54-g00ecf From d2145a5b7f3a95dcfa90edb4bcd5e5b3bf66c116 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Mon, 16 Nov 2009 19:03:59 +0100 Subject: Move rights check to profile and add right for new notices Added a right for new notices, realized that the hasRight() method should be on the profile, and moved it. Makes this a less atomic commit but that's the way it goes sometimes. --- classes/Notice.php | 6 ++---- classes/Profile.php | 38 ++++++++++++++++++++++++++++++++++++++ classes/User.php | 33 ++------------------------------- lib/right.php | 1 + 4 files changed, 43 insertions(+), 35 deletions(-) (limited to 'classes/User.php') diff --git a/classes/Notice.php b/classes/Notice.php index 291e6202b..fde40240f 100644 --- a/classes/Notice.php +++ b/classes/Notice.php @@ -195,10 +195,8 @@ class Notice extends Memcached_DataObject ' take a breather and post again in a few minutes.')); } - $banned = common_config('profile', 'banned'); - - if ( in_array($profile_id, $banned) || in_array($profile->nickname, $banned)) { - common_log(LOG_WARNING, "Attempted post from banned user: $profile->nickname (user id = $profile_id)."); + if (!$profile->hasRight(Right::NEWNOTICE)) { + common_log(LOG_WARNING, "Attempted post from user disallowed to post: " . $profile->nickname); throw new ClientException(_('You are banned from posting notices on this site.')); } diff --git a/classes/Profile.php b/classes/Profile.php index 5b4394d3b..e3b35533a 100644 --- a/classes/Profile.php +++ b/classes/Profile.php @@ -661,4 +661,42 @@ class Profile extends Memcached_DataObject { $this->revokeRole(Profile_role::SILENCED); } + + /** + * Does this user have the right to do X? + * + * With our role-based authorization, this is merely a lookup for whether the user + * has a particular role. The implementation currently uses a switch statement + * to determine if the user has the pre-defined role to exercise the right. Future + * implementations may allow per-site roles, and different mappings of roles to rights. + * + * @param $right string Name of the right, usually a constant in class Right + * @return boolean whether the user has the right in question + */ + + function hasRight($right) + { + $result = false; + if (Event::handle('UserRightsCheck', array($this, $right, &$result))) { + switch ($right) + { + case Right::DELETEOTHERSNOTICE: + case Right::SANDBOXUSER: + case Right::SILENCEUSER: + case Right::DELETEUSER: + $result = $this->hasRole(Profile_role::MODERATOR); + break; + case Right::CONFIGURESITE: + $result = $this->hasRole(Profile_role::ADMINISTRATOR); + break; + case Right::NEWNOTICE: + $result = !$this->isSilenced(); + break; + default: + $result = false; + break; + } + } + return $result; + } } diff --git a/classes/User.php b/classes/User.php index 82d3bd59a..a466369a1 100644 --- a/classes/User.php +++ b/classes/User.php @@ -657,39 +657,10 @@ class User extends Memcached_DataObject return Design::staticGet('id', $this->design_id); } - /** - * Does this user have the right to do X? - * - * With our role-based authorization, this is merely a lookup for whether the user - * has a particular role. The implementation currently uses a switch statement - * to determine if the user has the pre-defined role to exercise the right. Future - * implementations may allow per-site roles, and different mappings of roles to rights. - * - * @param $right string Name of the right, usually a constant in class Right - * @return boolean whether the user has the right in question - */ - function hasRight($right) { - $result = false; - if (Event::handle('UserRightsCheck', array($this, $right, &$result))) { - switch ($right) - { - case Right::DELETEOTHERSNOTICE: - case Right::SANDBOXUSER: - case Right::SILENCEUSER: - case Right::DELETEUSER: - $result = $this->hasRole(Profile_role::MODERATOR); - break; - case Right::CONFIGURESITE: - $result = $this->hasRole(Profile_role::ADMINISTRATOR); - break; - default: - $result = false; - break; - } - } - return $result; + $profile = $this->getProfile(); + return $profile->hasRight($right); } function delete() diff --git a/lib/right.php b/lib/right.php index 88abdf780..ae8516602 100644 --- a/lib/right.php +++ b/lib/right.php @@ -50,5 +50,6 @@ class Right const DELETEUSER = 'deleteuser'; const SILENCEUSER = 'silenceuser'; const SANDBOXUSER = 'sandboxuser'; + const NEWNOTICE = 'newnotice'; } -- cgit v1.2.3-54-g00ecf