StatusNet::setApi(true);
}
- $id = $this->arg('notice');
+ $this->notice = $this->getNotice();
- $this->notice = Notice::staticGet($id);
+ $cur = common_current_user();
- if (empty($this->notice)) {
- // Did we used to have it, and it got deleted?
- $deleted = Deleted_notice::staticGet($id);
- if (!empty($deleted)) {
- // TRANS: Client error displayed trying to show a deleted notice.
- $this->clientError(_('Notice deleted.'), 410);
- } else {
- // TRANS: Client error displayed trying to show a non-existing notice.
- $this->clientError(_('No such notice.'), 404);
- }
- return false;
+ if (!empty($cur)) {
+ $curProfile = $cur->getProfile();
+ } else {
+ $curProfile = null;
+ }
+
+ if (!$this->notice->inScope($curProfile)) {
+ // TRANS: Client exception thrown when trying a view a notice the user has no access to.
+ throw new ClientException(_('Not available.'), 403);
}
$this->profile = $this->notice->getProfile();
return true;
}
+ /**
+ * Fetch the notice to show. This may be overridden by child classes to
+ * customize what we fetch without duplicating all of the prepare() method.
+ *
+ * @return Notice
+ */
+ function getNotice()
+ {
+ $id = $this->arg('notice');
+
+ $notice = Notice::staticGet('id', $id);
+
+ if (empty($notice)) {
+ // Did we used to have it, and it got deleted?
+ $deleted = Deleted_notice::staticGet($id);
+ if (!empty($deleted)) {
+ // TRANS: Client error displayed trying to show a deleted notice.
+ $this->clientError(_('Notice deleted.'), 410);
+ } else {
+ // TRANS: Client error displayed trying to show a non-existing notice.
+ $this->clientError(_('No such notice.'), 404);
+ }
+ return false;
+ }
+ return $notice;
+ }
+
/**
* Is this action read-only?
*
projects / quix0rs-gnu-social.git / blobdiff