mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-07-13 19:16:22 +02:00
Code Issues Releases Wiki Activity

Merge pull request #3482 from phibel/forum_moderator_delete_permissions

Browse Source 
FIX check if user has moderator permissions for the thread/forum
This commit is contained in:
Cameron
2018-10-02 09:47:27 -07:00
committed by GitHub
parent 3b25fe86b6 98213ec03c
commit 692509f40c
3 changed files with 36 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
e107_plugins/forum/forum_class.php
View File

@ -370,29 +370,39 @@ class e107forum
public function ajaxModerate() public function ajaxModerate()
{ {
$ret = array('hide' => false, 'msg' => 'unkown', 'status' => 'error');
if(!$this->isModerator(USERID)) //FIXME check permissions per forum. $modArray = array();
// get moderator-class for the thread to check permissions of the user
if (isset($_POST['thread']))
{ {
exit; $threadId = intval($_POST['thread']);
$sql = e107::getDb();
$query = "SELECT f.forum_moderators
FROM #forum AS f
INNER JOIN #forum_thread AS ft ON f.forum_id = ft.thread_forum_id
WHERE ft.thread_id = ". $threadId;
$sql->gen($query);
$row = $sql->fetch();
$modArray = $this->forumGetMods($row[forum_moderators]);
} }
if(!vartrue($_POST['thread']) && !vartrue($_POST['post'])) // Check if user has moderator permissions for this thread
{ if(!in_array(USERID, array_keys($modArray)))
exit; {
} $ret['msg'] = ''.LAN_FORUM_8030.' '. json_encode($_POST);
$ret['hide'] = false;
$id = intval($_POST['thread']); $ret['status'] = 'error';
}
// print_r($_POST); else
{
$ret = array('hide' => false, 'msg' => '', 'status' => null);
switch ($_POST['action']) switch ($_POST['action'])
{ {
case 'delete': case 'delete':
if($this->threadDelete($id)) if($this->threadDelete($threadId))
{ {
$ret['msg'] = ''.LAN_FORUM_8020.' #'.$id; $ret['msg'] = ''.LAN_FORUM_8020.' #'.$threadId;
$ret['hide'] = true; $ret['hide'] = true;
$ret['status'] = 'ok'; $ret['status'] = 'ok';
} }
@ -426,7 +436,7 @@ class e107forum
break; break;
case 'lock': case 'lock':
if(e107::getDb()->update('forum_thread', 'thread_active=0 WHERE thread_id='.$id)) if(e107::getDb()->update('forum_thread', 'thread_active=0 WHERE thread_id='.$threadId))
{ {
$ret['msg'] = LAN_FORUM_CLOSE; $ret['msg'] = LAN_FORUM_CLOSE;
$ret['status'] = 'ok'; $ret['status'] = 'ok';
@ -439,7 +449,7 @@ class e107forum
break; break;
case 'unlock': case 'unlock':
if(e107::getDb()->update('forum_thread', 'thread_active=1 WHERE thread_id='.$id)) if(e107::getDb()->update('forum_thread', 'thread_active=1 WHERE thread_id='.$threadId))
{ {
$ret['msg'] = LAN_FORUM_OPEN; $ret['msg'] = LAN_FORUM_OPEN;
$ret['status'] = 'ok'; $ret['status'] = 'ok';
@ -452,7 +462,7 @@ class e107forum
break; break;
case 'stick': case 'stick':
if(e107::getDb()->update('forum_thread', 'thread_sticky=1 WHERE thread_id='.$id)) if(e107::getDb()->update('forum_thread', 'thread_sticky=1 WHERE thread_id='.$threadId))
{ {
$ret['msg'] = LAN_FORUM_STICK; $ret['msg'] = LAN_FORUM_STICK;
$ret['status'] = 'ok'; $ret['status'] = 'ok';
@ -465,7 +475,7 @@ class e107forum
break; break;
case 'unstick': case 'unstick':
if(e107::getDb()->update('forum_thread', 'thread_sticky=0 WHERE thread_id='.$id)) if(e107::getDb()->update('forum_thread', 'thread_sticky=0 WHERE thread_id='.$threadId))
{ {
$ret['msg'] = LAN_FORUM_UNSTICK; $ret['msg'] = LAN_FORUM_UNSTICK;
$ret['status'] = 'ok'; $ret['status'] = 'ok';
@ -486,10 +496,10 @@ class e107forum
$ret['msg'] = LAN_FORUM_8027; $ret['msg'] = LAN_FORUM_8027;
break; break;
} }
}
echo json_encode($ret); echo json_encode($ret);
exit; exit();
} }

1
e107_plugins/forum/languages/English/English_front.php
View File

@ -345,6 +345,7 @@ define("LAN_FORUM_8026", "Failed to unstick thread");
define("LAN_FORUM_8027", "No action selected"); define("LAN_FORUM_8027", "No action selected");
define("LAN_FORUM_8028", "Return"); define("LAN_FORUM_8028", "Return");
define("LAN_FORUM_8029", "New topic created!"); define("LAN_FORUM_8029", "New topic created!");
define("LAN_FORUM_8030", "Couldn't delete post (moderator permission needed)");
/* THIS WILL BE DELETED ONCE THE REWRITE IS DONE /* THIS WILL BE DELETED ONCE THE REWRITE IS DONE
================================================== ==================================================

2
e107_plugins/forum/shortcodes/batch/view_shortcodes.php
View File

@ -889,7 +889,7 @@
// if(!$this->forum->threadDetermineInitialPost($this->postInfo['post_id'])) // if(!$this->forum->threadDetermineInitialPost($this->postInfo['post_id']))
if(empty($this->postInfo['thread_start'])) if(empty($this->postInfo['thread_start']))
{ {
$text .= "<li class='text-right'><a href='" . e_REQUEST_URI . "' data-forum-action='deletepost' data-forum-post='" . $this->postInfo['post_id'] . "'>" . LAN_DELETE . " " . $tp->toGlyph('trash') . "</a></li>"; $text .= "<li class='text-right'><a href='" . e_REQUEST_URI . "' data-forum-action='deletepost' data-forum-thread='" . $this->postInfo['post_thread'] . "' data-forum-post='" . $this->postInfo['post_id'] . "'>" . LAN_DELETE . " " . $tp->toGlyph('trash') . "</a></li>";
} }
if($type == 'thread') if($type == 'thread')