mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-01 20:30:39 +02:00
Code Issues Releases Wiki Activity

Fix for PM Send permissions.

Browse Source
This commit is contained in:
Cameron
2016-04-25 09:31:55 -07:00
parent 8762cf82ca
commit 79c6e80c4f
5 changed files with 57 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
e107_handlers/userclass_class.php
View File

@@ -531,7 +531,7 @@ class user_class
if (count($opt_arr) == 0) if (count($opt_arr) == 0)
{ {
$opt_arr = array('public' => 1, 'guest' => 1, 'nobody' => 1, 'member' => 1, 'classes' => 1); $opt_arr = array('public' => 1, 'guest' => 1, 'new'=>1, 'nobody' => 1, 'member' => 1, 'classes' => 1);
} }
if (isset($opt_arr['all'])) if (isset($opt_arr['all']))

12
e107_plugins/pm/e_shortcode.php
View File

@@ -75,8 +75,10 @@ class pm_shortcodes extends e_shortcode
} }
/**
* @param int $parm - User ID.
* @return null|string
*/
function sc_sendpm($parm='') function sc_sendpm($parm='')
{ {
@@ -86,8 +88,12 @@ class pm_shortcodes extends e_shortcode
$url = e107::url('pm','index').'?send.'.$parm; $url = e107::url('pm','index').'?send.'.$parm;
require_once(e_PLUGIN."pm/pm_class.php");
if(check_class($pm_prefs['pm_class'])) $pm = new private_message;
if(check_class($pm_prefs['pm_class']) && $pm->canSendTo($parm)) // check $this->pmPrefs['send_to_class'].
{ {
if(deftrue('FONTAWESOME') && deftrue('BOOTSTRAP')) if(deftrue('FONTAWESOME') && deftrue('BOOTSTRAP'))
{ {

1
e107_plugins/pm/languages/English.php
View File

@@ -88,4 +88,5 @@ define("LAN_PM_111", "Read");
define("LAN_PM_112", "User(s)"); define("LAN_PM_112", "User(s)");
define("LAN_PM_113", "Read Message"); define("LAN_PM_113", "Read Message");
define("LAN_PM_114", "You do not have access to send to this user.");
?> ?>

8
e107_plugins/pm/pm.php
View File

@@ -148,8 +148,16 @@ class pm_extended extends private_message
$to_uid = $pm_info['pm_from']; $to_uid = $pm_info['pm_from'];
} }
if(!empty($to_uid)) if(!empty($to_uid))
{ {
if($this->canSendTo($to_uid) == false)
{
return "<div class='alert alert-danger'>".LAN_PM_114."</div>";// sending to this user is not permitted.
}
$sql2 = e107::getDb('sql2'); $sql2 = e107::getDb('sql2');
if($sql2->select('user', 'user_name', 'user_id = '.intval($to_uid))) //TODO add a check for userclass. if($sql2->select('user', 'user_name', 'user_id = '.intval($to_uid))) //TODO add a check for userclass.
{ {

39
e107_plugins/pm/pm_class.php
View File

@@ -35,7 +35,8 @@ class private_message
public function __construct($prefs=null) public function __construct($prefs=null)
{ {
$this->e107 = e107::getInstance(); $this->e107 = e107::getInstance();
$this->pmPrefs = $prefs; } $this->pmPrefs = e107::pref('pm');
}
/** /**
@@ -262,6 +263,10 @@ class private_message
else else
{ // Sending to a single person { // Sending to a single person
$info['pm_to'] = intval($vars['to_info']['user_id']); // Sending to a single user now $info['pm_to'] = intval($vars['to_info']['user_id']); // Sending to a single user now
if($pmid = $sql->insert('private_msg', $info)) if($pmid = $sql->insert('private_msg', $info))
{ {
$info['pm_id'] = $pmid; $info['pm_id'] = $pmid;
@@ -634,6 +639,7 @@ class private_message
function get_users_inclass($class) function get_users_inclass($class)
{ {
$sql = e107::getDb(); $sql = e107::getDb();
if($class == e_UC_MEMBER) if($class == e_UC_MEMBER)
{ {
$qry = "SELECT user_id, user_name, user_email, user_class FROM `#user` WHERE 1"; $qry = "SELECT user_id, user_name, user_email, user_class FROM `#user` WHERE 1";
@@ -658,6 +664,37 @@ class private_message
} }
/**
* Check permission to send a PM to someone.
* @param int $uid user_id of the person to send to
* @return bool
*/
function canSendTo($uid)
{
if(empty($uid))
{
return false;
}
$user = e107::user($uid);
$uclass = explode(",", $user['user_class']);
if($this->pmPrefs['send_to_class'] == 'matchclass')
{
$tmp = explode(",", USERCLASS);
$result = array_intersect($uclass, $tmp);
return !empty($result);
}
return in_array($this->pmPrefs['send_to_class'], $uclass);
}
/** /**
* Get inbox - up to $limit messages from $from * Get inbox - up to $limit messages from $from
* *