Allow unauthenticated users to view /api/statuses/replies/id.format

[quix0rs-gnu-social.git] / actions / editgroup.php

diff --git a/actions/editgroup.php b/actions/editgroup.php
index 5f853a089492c94afe925bfb5642a75389c02b18..e7e79040a4811622473f1296e52da72b90420bcc 100644 (file)
--- a/actions/editgroup.php
+++ b/actions/editgroup.php
@@ -72,9 +72,7 @@ class EditgroupAction extends Action
             return false;
         }
 
-        return true;
-
-        $nickname_arg = $this->arg('nickname');
+        $nickname_arg = $this->trimmed('nickname');
         $nickname = common_canonical_nickname($nickname_arg);
 
         // Permanent redirect on non-canonical nickname
@@ -90,12 +88,26 @@ class EditgroupAction extends Action
             return false;
         }
 
-        $this->group = User_group::staticGet('nickname', $nickname);
+        $groupid = $this->trimmed('groupid');
+        if ($groupid) {
+            $this->group = User_group::staticGet('id', $groupid);
+        } else {
+            $this->group = User_group::staticGet('nickname', $nickname);
+        }
 
         if (!$this->group) {
             $this->clientError(_('No such group'), 404);
             return false;
         }
+
+        $cur = common_current_user();
+
+        if (!$cur->isAdmin($this->group)) {
+            $this->clientError(_('You must be an admin to edit the group'), 403);
+            return false;
+        }
+
+        return true;
     }
 
     /**
@@ -124,6 +136,12 @@ class EditgroupAction extends Action
         $this->showPage();
     }
 
+    function showLocalNav()
+    {
+        $nav = new GroupNav($this, $this->group);
+        $nav->show();
+    }
+
     function showContent()
     {
         $form = new GroupEditForm($this, $this->group);
@@ -142,6 +160,13 @@ class EditgroupAction extends Action
 
     function trySave()
     {
+        $cur = common_current_user();
+        if (!$cur->isAdmin($this->group)) {
+            $this->clientError(_('You must be an admin to edit the group'), 403);
+            return;
+        }
+
+
         $nickname    = common_canonical_nickname($this->trimmed('nickname'));
         $fullname    = $this->trimmed('fullname');
         $homepage    = $this->trimmed('homepage');
@@ -166,13 +191,13 @@ class EditgroupAction extends Action
                                         array('http', 'https')))) {
             $this->showForm(_('Homepage is not a valid URL.'));
             return;
-        } else if (!is_null($fullname) && strlen($fullname) > 255) {
+        } else if (!is_null($fullname) && mb_strlen($fullname) > 255) {
             $this->showForm(_('Full name is too long (max 255 chars).'));
             return;
-        } else if (!is_null($description) && strlen($description) > 140) {
+        } else if (!is_null($description) && mb_strlen($description) > 140) {
             $this->showForm(_('description is too long (max 140 chars).'));
             return;
-        } else if (!is_null($location) && strlen($location) > 255) {
+        } else if (!is_null($location) && mb_strlen($location) > 255) {
             $this->showForm(_('Location is too long (max 255 chars).'));
             return;
         }
@@ -209,4 +234,5 @@ class EditgroupAction extends Action
                 $group != false &&
                 $group->id != $this->group->id);
     }
-}
\ No newline at end of file
+}
+