From e5ad98e60150ec04686f6e58449e6ea914ca271c Mon Sep 17 00:00:00 2001 From: Mikael Nordfeldth Date: Fri, 12 Feb 2016 14:22:25 +0100 Subject: [PATCH] Silence action can only be used on non-priviliged users --- actions/silence.php | 46 ++++--------------------------------- actions/unsilence.php | 48 +++++---------------------------------- classes/Profile.php | 29 +++++++++++++++++++++++ lib/profileformaction.php | 6 ++++- 4 files changed, 45 insertions(+), 84 deletions(-) diff --git a/actions/silence.php b/actions/silence.php index 6a4f84deb9..dccaf70a37 100644 --- a/actions/silence.php +++ b/actions/silence.php @@ -27,9 +27,7 @@ * @link http://status.net/ */ -if (!defined('STATUSNET')) { - exit(1); -} +if (!defined('GNUSOCIAL')) { exit(1); } /** * Silence a user. @@ -42,45 +40,11 @@ if (!defined('STATUSNET')) { */ class SilenceAction extends ProfileFormAction { - /** - * Check parameters - * - * @param array $args action arguments (URL, GET, POST) - * - * @return boolean success flag - */ - function prepare($args) - { - if (!parent::prepare($args)) { - return false; - } - - $cur = common_current_user(); - - assert(!empty($cur)); // checked by parent - - if (!$cur->hasRight(Right::SILENCEUSER)) { - // TRANS: Client error displayed trying to silence a user on a site where the feature is not enabled. - $this->clientError(_('You cannot silence users on this site.')); - } - - assert(!empty($this->profile)); // checked by parent - - if ($this->profile->isSilenced()) { - // TRANS: Client error displayed trying to silence an already silenced user. - $this->clientError(_('User is already silenced.')); - } - - return true; - } - - /** - * Silence a user. - * - * @return void - */ function handlePost() { - $this->profile->silence(); + assert($this->scoped instanceof Profile); + assert($this->profile instanceof Profile); + + $this->profile->silenceAs($this->scoped); } } diff --git a/actions/unsilence.php b/actions/unsilence.php index c01c141b1c..f1305373df 100644 --- a/actions/unsilence.php +++ b/actions/unsilence.php @@ -27,12 +27,10 @@ * @link http://status.net/ */ -if (!defined('STATUSNET')) { - exit(1); -} +if (!defined('GNUSOCIAL')) { exit(1); } /** - * Silence a user. + * Unsilence a user. * * @category Action * @package StatusNet @@ -42,45 +40,11 @@ if (!defined('STATUSNET')) { */ class UnsilenceAction extends ProfileFormAction { - /** - * Check parameters - * - * @param array $args action arguments (URL, GET, POST) - * - * @return boolean success flag - */ - function prepare($args) - { - if (!parent::prepare($args)) { - return false; - } - - $cur = common_current_user(); - - assert(!empty($cur)); // checked by parent - - if (!$cur->hasRight(Right::SILENCEUSER)) { - // TRANS: Client error on page to unsilence a user when the feature is not enabled. - $this->clientError(_('You cannot silence users on this site.')); - } - - assert(!empty($this->profile)); // checked by parent - - if (!$this->profile->isSilenced()) { - // TRANS: Client error on page to unsilence a user when the to be unsilenced user has not been silenced. - $this->clientError(_('User is not silenced.')); - } - - return true; - } - - /** - * Silence a user. - * - * @return void - */ function handlePost() { - $this->profile->unsilence(); + assert($this->scoped instanceof Profile); + assert($this->profile instanceof Profile); + + $this->profile->unsilenceAs($this->scoped); } } diff --git a/classes/Profile.php b/classes/Profile.php index e4ab508c06..0eaa06120a 100644 --- a/classes/Profile.php +++ b/classes/Profile.php @@ -1174,6 +1174,22 @@ class Profile extends Managed_DataObject } } + function silenceAs(Profile $actor) + { + if (!$actor->hasRight(Right::SILENCEUSER)) { + throw new AuthorizationException(_('You cannot silence users on this site.')); + } + // Only administrators can silence other priviliged users (those who have the right to silence as well). + if ($this->hasRight(Right::SILENCEUSER) && !$actor->hasRole(Profile_role::ADMINISTRATOR)) { + throw new AuthorizationException(_('You cannot silence other priviliged users.')); + } + if ($this->isSilenced()) { + // TRANS: Client error displayed trying to silence an already silenced user. + throw new AlreadyFulfilledException(_('User is already silenced.')); + } + return $this->silence(); + } + function unsilence() { $this->revokeRole(Profile_role::SILENCED); @@ -1182,6 +1198,19 @@ class Profile extends Managed_DataObject } } + function unsilenceAs(Profile $actor) + { + if (!$actor->hasRight(Right::SILENCEUSER)) { + // TRANS: Client error displayed trying to unsilence a user when the user does not have the right. + throw new AuthorizationException(_('You cannot unsilence users on this site.')); + } + if (!$this->isSilenced()) { + // TRANS: Client error displayed trying to unsilence a user when the target user has not been silenced. + throw new AlreadyFulfilledException(_('User is not silenced.')); + } + return $this->unsilence(); + } + function flushVisibility() { // Get all notices diff --git a/lib/profileformaction.php b/lib/profileformaction.php index 9ace6676c3..1e00e6f12b 100644 --- a/lib/profileformaction.php +++ b/lib/profileformaction.php @@ -101,7 +101,11 @@ class ProfileFormAction extends RedirectingAction parent::handle($args); if ($_SERVER['REQUEST_METHOD'] == 'POST') { - $this->handlePost(); + try { + $this->handlePost(); + } catch (AlreadyFulfilledException $e) { + // 'tis alright + } $this->returnToPrevious(); } } -- 2.39.5