* adds Right::CREATEGROUP
* logic in Profile::hasRight() checks for silencing
* NewgroupAction checks for the permission before letting you see or process the form in the UI
* User_group::register() logic does a low-level check on the specified initial group admin, and rejects creation if that user doesn't have the right; guaranteeing that API methods etc will also have this restriction applied sensibly.
return false;
}
+ $user = common_current_user();
+ $profile = $user->getProfile();
+ if (!$profile->hasRight(Right::CREATEGROUP)) {
+ // TRANS: Client exception thrown when a user tries to create a group while banned.
+ throw new ClientException(_('You are not allowed to create groups on this site.'), 403);
+ }
+
return true;
}
case Right::NEWNOTICE:
case Right::NEWMESSAGE:
case Right::SUBSCRIBE:
+ case Right::CREATEGROUP:
$result = !$this->isSilenced();
break;
case Right::PUBLICNOTICE:
}
static function register($fields) {
+ if (!empty($fields['userid'])) {
+ $profile = Profile::staticGet('id', $fields['userid']);
+ if ($profile && !$profile->hasRight(Right::CREATEGROUP)) {
+ common_log(LOG_WARNING, "Attempted group creation from banned user: " . $profile->nickname);
+
+ // TRANS: Client exception thrown when a user tries to create a group while banned.
+ throw new ClientException(_('You are not allowed to create groups on this site.'), 403);
+ }
+ }
+
// MAGICALLY put fields into current scope
extract($fields);
const GRANTROLE = 'grantrole';
const REVOKEROLE = 'revokerole';
const DELETEGROUP = 'deletegroup';
+ const CREATEGROUP = 'creategroup';
}
projects / quix0rs-gnu-social.git / commitdiff