diff --git a/e107_plugins/forum/forum_class.php b/e107_plugins/forum/forum_class.php index 49fc1c2f5..1af36d6c5 100644 --- a/e107_plugins/forum/forum_class.php +++ b/e107_plugins/forum/forum_class.php @@ -390,6 +390,49 @@ class e107forum } + /** + * get user ids with moderator permissions for the given $threadId + * @param $threadId id of a forum thread + * @return an array with user ids how have moderator permissions for the $threadId + */ + public function getModeratorUserIdsByThreadId($threadId) + { + // get moderator-class for the thread to check permissions of the user + $sql = e107::getDb(); + $query = "SELECT f.forum_moderators + FROM #forum AS f + INNER JOIN #forum_thread AS ft ON f.forum_id = ft.thread_forum_id + WHERE ft.thread_id = ". $threadId; + if ($sql->gen($query) > 0) + { + $row = $sql->fetch(); + return array_keys($this->forumGetMods($row['forum_moderators'])); + } + return array(); + } + + + /** + * get user ids with moderator permissions for the given $forumId + * @param $forumId id of a forum + * @return an array with user ids how have moderator permissions for the $forumId + */ + public function getModeratorUserIdsByForumId($forumId) + { + // get moderator-class for the thread to check permissions of the user + $sql = e107::getDb(); + $query = "SELECT f.forum_moderators + FROM #forum AS f + WHERE f.forum_id = ". $forumId; + if ($sql->gen($query) > 0) + { + $row = $sql->fetch(); + return array_keys($this->forumGetMods($row['forum_moderators'])); + } + return array(); + } + + public function ajaxModerate() { $ret = array('hide' => false, 'msg' => 'unkown', 'status' => 'error'); @@ -398,8 +441,13 @@ class e107forum if (isset($_POST['thread']) && is_numeric($_POST['thread'])) { $threadId = intval($_POST['thread']); + $moderatorUserIds = $this->getModeratorUserIdsByThreadId($threadId); } + /* If both, a thread-operation and a post-operation is submitted, the + * thread-permissions MUST be overwritten by the post-permissions! + * Otherwise it is possible that a moderator can transfer his + * permissions from one forum to another forum, where he has no permissions. */ if (isset($_POST['post']) && is_numeric($_POST['post'])) { $postId = intval($_POST['post']); diff --git a/e107_plugins/forum/forum_viewforum.php b/e107_plugins/forum/forum_viewforum.php index e74993d98..5e5dc75ca 100644 --- a/e107_plugins/forum/forum_viewforum.php +++ b/e107_plugins/forum/forum_viewforum.php @@ -200,21 +200,15 @@ if(!empty($forumInfo['forum_description'])) ), 250, '...')); } -//define('MODERATOR', $forum_info['forum_moderators'] != '' && check_class($forum_info['forum_moderators'])); -//$modArray = $forum->forum_getmods($forum_info['forum_moderators']); +$moderatorUserIds = $forum->getModeratorUserIdsByForumId($forumId); +define('MODERATOR', (USER && in_array(USERID, $moderatorUserIds))); -// $thread??? -$modArray = $forum->forumGetMods($thread->forum_info['forum_moderators']); -define('MODERATOR', (USER && is_array($modArray) && in_array(USERID, array_keys($modArray)))); - -//----$message = ''; if (MODERATOR) { if ($_POST) { require_once(e_PLUGIN.'forum/forum_mod.php'); -//-- $message = forum_thread_moderate($_POST); - $forumSCvars['message']=forum_thread_moderate($_POST); + $forumSCvars['message'] = forum_thread_moderate($_POST); } } diff --git a/e107_plugins/forum/shortcodes/batch/viewforum_shortcodes.php b/e107_plugins/forum/shortcodes/batch/viewforum_shortcodes.php index b0d60be22..e869e3b22 100644 --- a/e107_plugins/forum/shortcodes/batch/viewforum_shortcodes.php +++ b/e107_plugins/forum/shortcodes/batch/viewforum_shortcodes.php @@ -971,18 +971,18 @@ function sc_adminoptions() { - /*-- - if(!deftrue('BOOTSTRAP')) - { - return $this->sc_admin_icons; - } - if (MODERATOR) - { - return fadminoptions($this->var); - } - return ''; - --*/ - return (!deftrue('BOOTSTRAP') ? $this->sc_admin_icons() : ((MODERATOR) ? fadminoptions($this->var) : '')); + if(!deftrue('BOOTSTRAP')) + { + return $this->sc_admin_icons(); + } + else if (MODERATOR) + { + return fadminoptions($this->var); + } + else + { + return ''; + } }