mirror/php-flarum
1
0
Fork 0
mirror of https://github.com/flarum/core.git synced 2025-05-05 15:07:17 +02:00
Code Issues Releases Wiki Activity

Enforce discussion renaming/deleting/post editing timed permissions

Browse Source
This commit is contained in:
Toby Zerner 2015-08-05 19:21:33 +09:30
parent 0d968536bc
commit c361c97394
2 changed files with 30 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/Core/Discussions/DiscussionsServiceProvider.php
View File

@ -7,6 +7,7 @@ use Flarum\Events\RegisterDiscussionGambits;
use Flarum\Support\ServiceProvider; use Flarum\Support\ServiceProvider;
use Flarum\Extend; use Flarum\Extend;
use Illuminate\Contracts\Container\Container; use Illuminate\Contracts\Container\Container;
use Carbon\Carbon;
class DiscussionsServiceProvider extends ServiceProvider class DiscussionsServiceProvider extends ServiceProvider
{ {
@ -20,25 +21,26 @@ class DiscussionsServiceProvider extends ServiceProvider
Discussion::setValidator($this->app->make('validator')); Discussion::setValidator($this->app->make('validator'));
$events = $this->app->make('events'); $events = $this->app->make('events');
$settings = $this->app->make('Flarum\Core\Settings\SettingsRepository');
$events->subscribe('Flarum\Core\Discussions\Listeners\DiscussionMetadataUpdater'); $events->subscribe('Flarum\Core\Discussions\Listeners\DiscussionMetadataUpdater');
$events->listen(ModelAllow::class, function (ModelAllow $event) { $events->listen(ModelAllow::class, function (ModelAllow $event) use ($settings) {
if ($event->model instanceof Discussion) { if ($event->model instanceof Discussion) {
if ($event->action === 'rename' &&
$event->model->start_user_id == $event->actor->id) {
return true;
}
if ($event->action === 'delete' &&
$event->model->start_user_id == $event->actor->id &&
$event->model->participants_count == 1) {
return true;
}
if ($event->actor->hasPermission('discussion.'.$event->action)) { if ($event->actor->hasPermission('discussion.'.$event->action)) {
return true; return true;
} }
if (($event->action === 'rename' || $event->action === 'delete') &&
$event->model->start_user_id == $event->actor->id) {
$allowRenaming = $settings->get('allow_renaming');
if ($allowRenaming === '-1' ||
($allowRenaming === 'reply' && $event->model->participants_count == 1) ||
($event->model->start_time->diffInMinutes(Carbon::now()) < $allowRenaming)) {
return true;
}
}
} }
}); });
} }

22
src/Core/Posts/PostsServiceProvider.php
View File

@ -7,6 +7,7 @@ use Flarum\Events\RegisterPostTypes;
use Flarum\Events\ScopePostVisibility; use Flarum\Events\ScopePostVisibility;
use Flarum\Support\ServiceProvider; use Flarum\Support\ServiceProvider;
use Flarum\Extend; use Flarum\Extend;
use Carbon\Carbon;
class PostsServiceProvider extends ServiceProvider class PostsServiceProvider extends ServiceProvider
{ {
@ -24,8 +25,9 @@ class PostsServiceProvider extends ServiceProvider
$this->registerPostTypes(); $this->registerPostTypes();
$events = $this->app->make('events'); $events = $this->app->make('events');
$settings = $this->app->make('Flarum\Core\Settings\SettingsRepository');
$events->listen(ModelAllow::class, function (ModelAllow $event) { $events->listen(ModelAllow::class, function (ModelAllow $event) use ($settings) {
if ($event->model instanceof Post) { if ($event->model instanceof Post) {
$post = $event->model; $post = $event->model;
$action = $event->action; $action = $event->action;
@ -39,11 +41,19 @@ class PostsServiceProvider extends ServiceProvider
// A post is allowed to be edited if the user has permission to moderate // A post is allowed to be edited if the user has permission to moderate
// the discussion which it's in, or if they are the author and the post // the discussion which it's in, or if they are the author and the post
// hasn't been deleted by someone else. // hasn't been deleted by someone else.
if ($action === 'edit' && if ($action === 'edit') {
($post->discussion->can($actor, 'editPosts') || if ($post->discussion->can($actor, 'editPosts')) {
($post->user_id == $actor->id && return true;
(! $post->hide_user_id || $post->hide_user_id == $actor->id)))) { }
return true; if ($post->user_id == $actor->id && (! $post->hide_user_id || $post->hide_user_id == $actor->id)) {
$allowEditing = $settings->get('allow_post_editing');
if ($allowEditing === '-1' ||
($allowEditing === 'reply' && $event->model->number == $event->model->discussion->last_post_number) ||
($event->model->time->diffInMinutes(Carbon::now()) < $allowEditing)) {
return true;
}
}
} }
if ($post->discussion->can($actor, $action.'Posts')) { if ($post->discussion->can($actor, $action.'Posts')) {