Policy Extender and Tests (#2461)

Policy application has also been refactored, so that policies return one of `allow`, `deny`, `forceAllow`, `forceDeny`. The result of a set of policies is no longer the first non-null result, but rather the highest priority result (forceDeny > forceAllow > deny > allow, so if a single forceDeny is present, that beats out all other returned results). This removes order in which extensions boot as a factor.
2025-10-12 15:34:26 +02:00 · 2020-12-08 19:10:06 -05:00
parent 8901073d12
commit d1dfa758e4
15 changed files with 597 additions and 125 deletions
--- a/src/Post/Access/PostPolicy.php
+++ b/src/Post/Access/PostPolicy.php
@@ -0,0 +1,76 @@
+<?php
+
+/*
+ * This file is part of Flarum.
+ *
+ * For detailed copyright and license information, please view the
+ * LICENSE file that was distributed with this source code.
+ */
+
+namespace Flarum\Post\Access;
+
+use Carbon\Carbon;
+use Flarum\Post\Post;
+use Flarum\Settings\SettingsRepositoryInterface;
+use Flarum\User\Access\AbstractPolicy;
+use Flarum\User\User;
+
+class PostPolicy extends AbstractPolicy
+{
+    /**
+     * @var SettingsRepositoryInterface
+     */
+    protected $settings;
+
+    /**
+     * @param SettingsRepositoryInterface $settings
+     */
+    public function __construct(SettingsRepositoryInterface $settings)
+    {
+        $this->settings = $settings;
+    }
+
+    /**
+     * @param User $actor
+     * @param string $ability
+     * @param \Flarum\Post\Post $post
+     * @return bool|null
+     */
+    public function can(User $actor, $ability, Post $post)
+    {
+        if ($actor->can($ability.'Posts', $post->discussion)) {
+            return $this->allow();
+        }
+    }
+
+    /**
+     * @param User $actor
+     * @param Post $post
+     * @return bool|null
+     */
+    public function edit(User $actor, Post $post)
+    {
+        // A post is allowed to be edited if the user is the author, the post
+        // hasn't been deleted by someone else, and the user is allowed to
+        // create new replies in the discussion.
+        if ($post->user_id == $actor->id && (! $post->hidden_at || $post->hidden_user_id == $actor->id) && $actor->can('reply', $post->discussion)) {
+            $allowEditing = $this->settings->get('allow_post_editing');
+
+            if ($allowEditing === '-1'
+                || ($allowEditing === 'reply' && $post->number >= $post->discussion->last_post_number)
+                || ($post->created_at->diffInMinutes(new Carbon) < $allowEditing)) {
+                return $this->allow();
+            }
+        }
+    }
+
+    /**
+     * @param User $actor
+     * @param Post $post
+     * @return bool|null
+     */
+    public function hide(User $actor, Post $post)
+    {
+        return $this->edit($actor, $post);
+    }
+}