mirror/php-flarum
1
0
Fork 0
mirror of https://github.com/flarum/core.git synced 2025-06-07 15:16:00 +02:00
Code Issues Releases Wiki Activity

Flatten implementation of SelfDemotionGuard listener

Browse Source 
Refs #736 and #1195.
This commit is contained in:
Franz Liedke 2017-07-06 21:57:47 +02:00
parent 99d42372c3
commit 8ea13dc826
No known key found for this signature in database
GPG Key ID: 9A0231A879B055F4
1 changed files with 27 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
src/Core/Listener/SelfDemotionGuard.php
View File

@ -33,18 +33,35 @@ class SelfDemotionGuard
*/ */
public function whenUserWillBeSaved(UserWillBeSaved $event) public function whenUserWillBeSaved(UserWillBeSaved $event)
{ {
$actor = $event->actor; // Non-admin users pose no problem
$user = $event->user; if (! $event->actor->isAdmin()) {
return;
}
// Only admins can demote users, which means demoting other users is
// fine, because we still have at least one admin (the actor) left
if ($event->actor->id !== $event->user->id) {
return;
}
$groups = array_get($event->data, 'relationships.groups.data'); $groups = array_get($event->data, 'relationships.groups.data');
if (isset($groups) && $actor->id === $user->id && $actor->isAdmin()) { // If there is no group data (not even an empty array), this means
$adminGroupRemoved = empty(array_filter($groups, function ($group) { // groups were not changed (and thus not removed) - we're fine!
return $group['id'] == Group::ADMINISTRATOR_ID; if (! isset($groups)) {
})); return;
if ($adminGroupRemoved) {
throw new PermissionDeniedException;
}
} }
$adminGroups = array_filter($groups, function ($group) {
return $group['id'] == Group::ADMINISTRATOR_ID;
});
// As long as the user is still part of the admin group, all is good
if ($adminGroups) {
return;
}
// If we get to this point, we have to prohibit the edit
throw new PermissionDeniedException;
} }
} }