Merge remote-tracking branch 'github-exreaction/ticket/8323' into develop-ascraeus

* github-exreaction/ticket/8323: [ticket/8323] Cache auth request [ticket/8323] Combine into a single query [ticket/8323] Comments on phpbb_get_banned_user_ids input for test [ticket/8323] More readability in test case [ticket/8323] Comments [ticket/8323] dataProvider for the test; better test data [ticket/8323] Comments [ticket/8323] Unit test for phpbb_get_banned_user_ids [ticket/8323] Comments for inactive reasons in constants.php [ticket/8323] Only disable administrative deactivated accounts from receiving PMs [ticket/8323] Allow temporarily banned users to receive PMs, but not a notification [ticket/8323] Correct PM notification settings (only notify those who can receive them) [ticket/8323] Cleanup viewtopic code (not sure how this mess happened) [ticket/8323] Allow sending PMs to temporarily banned users [ticket/8323] Do not allow sending PMs to Inactive users [ticket/8323] Hide the Send PM link if users cannot receive the PM [ticket/8323] Correcting the comment [ticket/8323] Do not allow sending of Private Messages to users who are banned [ticket/8323] Remove code used for testing [ticket/8323] Do not allow sending of Private Messages to users who do not have permission to read private messages Conflicts: phpBB/language/en/ucp.php
2025-07-31 22:10:45 +02:00 · 2014-05-02 15:54:10 +02:00
parent d52c2d1b5c d14aed0819
commit 97e651a491
8 changed files with 248 additions and 27 deletions
--- a/phpBB/includes/ucp/ucp_pm_compose.php
+++ b/phpBB/includes/ucp/ucp_pm_compose.php
@@ -1226,29 +1226,81 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove
 	// Check for disallowed recipients
 	if (!empty($address_list['u']))
 	{
-		// We need to check their PM status (do they want to receive PM's?)
-		// Only check if not a moderator or admin, since they are allowed to override this user setting
-		if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_'))
+		// Administrator deactivated users check and we need to check their
+		//		PM status (do they want to receive PM's?)
+		// 		Only check PM status if not a moderator or admin, since they
+		//		are allowed to override this user setting
+		$sql = 'SELECT user_id, user_allow_pm
+			FROM ' . USERS_TABLE . '
+			WHERE ' . $db->sql_in_set('user_id', array_keys($address_list['u'])) . '
+				AND (user_type = ' . USER_INACTIVE . '
+					AND user_inactive_reason = ' . INACTIVE_MANUAL . ')';
+
+		$can_ignore_allow_pm = ($auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_'));
+		if (!$can_ignore_allow_pm)
 		{
-			$sql = 'SELECT user_id
-				FROM ' . USERS_TABLE . '
-				WHERE ' . $db->sql_in_set('user_id', array_keys($address_list['u'])) . '
-					AND user_allow_pm = 0';
-			$result = $db->sql_query($sql);
+			$sql .= ' OR user_allow_pm = 0';
+		}

-			$removed = false;
-			while ($row = $db->sql_fetchrow($result))
-			{
-				$removed = true;
-				unset($address_list['u'][$row['user_id']]);
-			}
-			$db->sql_freeresult($result);
+		$result = $db->sql_query($sql);

-			// print a notice about users not being added who do not want to receive pms
-			if ($removed)
+		$removed_no_pm = $removed_no_permission = false;
+		while ($row = $db->sql_fetchrow($result))
+		{
+			if (!$can_ignore_allow_pm && !$row['user_allow_pm'])
 			{
-				$error[] = $user->lang['PM_USERS_REMOVED_NO_PM'];
+				$removed_no_pm = true;
 			}
+			else
+			{
+				$removed_no_permission = true;
+			}
+
+			unset($address_list['u'][$row['user_id']]);
+		}
+		$db->sql_freeresult($result);
+
+		// print a notice about users not being added who do not want to receive pms
+		if ($removed_no_pm)
+		{
+			$error[] = $user->lang['PM_USERS_REMOVED_NO_PM'];
+		}
+
+		// print a notice about users not being added who do not have permission to receive PMs
+		if ($removed_no_permission)
+		{
+			$error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION'];
+		}
+
+		if (!sizeof(array_keys($address_list['u'])))
+		{
+			return;
+		}
+
+		// Check if users have permission to read PMs
+		$can_read = $auth->acl_get_list(array_keys($address_list['u']), 'u_readpm');
+		$can_read = (empty($can_read) || !isset($can_read[0]['u_readpm'])) ? array() : $can_read[0]['u_readpm'];
+		$cannot_read_list = array_diff(array_keys($address_list['u']), $can_read);
+		if (!empty($cannot_read_list))
+		{
+			foreach ($cannot_read_list as $cannot_read)
+			{
+				unset($address_list['u'][$cannot_read]);
+			}
+
+			$error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION'];
+		}
+
+		// Check if users are banned
+		$banned_user_list = phpbb_get_banned_user_ids(array_keys($address_list['u']), false);
+		if (!empty($banned_user_list))
+		{
+			foreach ($banned_user_list as $banned_user)
+			{
+				unset($address_list['u'][$banned_user]);
+			}
+
+			$error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION'];
 		}
 	}
 }