1
0
mirror of https://github.com/e107inc/e107.git synced 2025-07-30 03:10:50 +02:00

Fix for PM Send permissions.

This commit is contained in:
Cameron
2016-04-25 09:31:55 -07:00
parent 8762cf82ca
commit 79c6e80c4f
5 changed files with 57 additions and 5 deletions

View File

@@ -531,7 +531,7 @@ class user_class
if (count($opt_arr) == 0)
{
$opt_arr = array('public' => 1, 'guest' => 1, 'nobody' => 1, 'member' => 1, 'classes' => 1);
$opt_arr = array('public' => 1, 'guest' => 1, 'new'=>1, 'nobody' => 1, 'member' => 1, 'classes' => 1);
}
if (isset($opt_arr['all']))

View File

@@ -75,8 +75,10 @@ class pm_shortcodes extends e_shortcode
}
/**
* @param int $parm - User ID.
* @return null|string
*/
function sc_sendpm($parm='')
{
@@ -86,8 +88,12 @@ class pm_shortcodes extends e_shortcode
$url = e107::url('pm','index').'?send.'.$parm;
require_once(e_PLUGIN."pm/pm_class.php");
if(check_class($pm_prefs['pm_class']))
$pm = new private_message;
if(check_class($pm_prefs['pm_class']) && $pm->canSendTo($parm)) // check $this->pmPrefs['send_to_class'].
{
if(deftrue('FONTAWESOME') && deftrue('BOOTSTRAP'))
{

View File

@@ -88,4 +88,5 @@ define("LAN_PM_111", "Read");
define("LAN_PM_112", "User(s)");
define("LAN_PM_113", "Read Message");
define("LAN_PM_114", "You do not have access to send to this user.");
?>

View File

@@ -148,8 +148,16 @@ class pm_extended extends private_message
$to_uid = $pm_info['pm_from'];
}
if(!empty($to_uid))
{
if($this->canSendTo($to_uid) == false)
{
return "<div class='alert alert-danger'>".LAN_PM_114."</div>";// sending to this user is not permitted.
}
$sql2 = e107::getDb('sql2');
if($sql2->select('user', 'user_name', 'user_id = '.intval($to_uid))) //TODO add a check for userclass.
{

View File

@@ -35,7 +35,8 @@ class private_message
public function __construct($prefs=null)
{
$this->e107 = e107::getInstance();
$this->pmPrefs = $prefs; }
$this->pmPrefs = e107::pref('pm');
}
/**
@@ -262,6 +263,10 @@ class private_message
else
{ // Sending to a single person
$info['pm_to'] = intval($vars['to_info']['user_id']); // Sending to a single user now
if($pmid = $sql->insert('private_msg', $info))
{
$info['pm_id'] = $pmid;
@@ -634,6 +639,7 @@ class private_message
function get_users_inclass($class)
{
$sql = e107::getDb();
if($class == e_UC_MEMBER)
{
$qry = "SELECT user_id, user_name, user_email, user_class FROM `#user` WHERE 1";
@@ -658,6 +664,37 @@ class private_message
}
/**
* Check permission to send a PM to someone.
* @param int $uid user_id of the person to send to
* @return bool
*/
function canSendTo($uid)
{
if(empty($uid))
{
return false;
}
$user = e107::user($uid);
$uclass = explode(",", $user['user_class']);
if($this->pmPrefs['send_to_class'] == 'matchclass')
{
$tmp = explode(",", USERCLASS);
$result = array_intersect($uclass, $tmp);
return !empty($result);
}
return in_array($this->pmPrefs['send_to_class'], $uclass);
}
/**
* Get inbox - up to $limit messages from $from
*