github-mirror/framework
2
0
Fork 0
mirror of https://github.com/flarum/framework.git synced 2025-02-19 16:12:45 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
43c44efe3d
framework/src/Core/Access/PostPolicy.php

122 lines
3.2 KiB
PHP
Raw Normal View History

Major refactor and improvements - Reorganised all namespaces and class names for consistency and structure. Following PSR bylaws (Abstract prefix, Interface/Trait suffix). - Move models into root of Core, because writing `use Flarum\Core\Discussion` is nice. Namespace the rest by type. (Namespacing by entity was too arbitrary.) - Moved some non-domain stuff out of Core: Database, Formatter, Settings. - Renamed config table and all references to "settings" for consistency. - Remove Core class and add url()/isInstalled()/inDebugMode() as instance methods of Foundation\Application. - Cleanup, docblocking, etc. - Improvements to HTTP architecture - API and forum/admin Actions are now actually all the same thing (simple PSR-7 Request handlers), renamed to Controllers. - Upgrade to tobscure/json-api 0.2 branch. - Where possible, moved generic functionality to tobscure/json-api (e.g. pagination links). I'm quite happy with the backend balance now re: #262 - Improvements to other architecture - Use Illuminate's Auth\Access\Gate interface/implementation instead of our old Locked trait. We still use events to actually determine the permissions though. Our Policy classes are actually glorified event subscribers. - Extract model validation into Core\Validator classes. - Make post visibility permission stuff much more efficient and DRY. - Renamed Flarum\Event classes for consistency. ref #246 - `Configure` prefix for events dedicated to configuring an object. - `Get` prefix for events whose listeners should return something. - `Prepare` prefix when a variable is passed by reference so it can be modified. - `Scope` prefix when a query builder is passed. - Miscellaneous improvements/bug-fixes. I'm easily distracted! - Increase default height of post composer. - Improve post stream redraw flickering in Safari by keying loading post placeholders with their IDs. ref #451 - Use a PHP JavaScript minification library for minifying TextFormatter's JavaScript, instead of ClosureCompilerService (can't rely on external service!) - Use UrlGenerator properly in various places. closes #123 - Make Api\Client return Response object. closes #128 - Allow extensions to specify custom icon images. - Allow external API/admin URLs to be optionally specified in config.php. If the value or "url" is an array, we look for the corresponding path inside. Otherwise, we append the path to the base URL, using the corresponding value in "paths" if present. closes #244
2015-10-08 11:58:02 +08:00
<?php
/*
* This file is part of Flarum.
*
* (c) Toby Zerner <toby.zerner@gmail.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Flarum\Core\Access;
use Carbon\Carbon;
use Flarum\Core\Post;
use Flarum\Core\User;
use Flarum\Event\ScopePostVisibility;
use Flarum\Settings\SettingsRepository;
use Illuminate\Contracts\Events\Dispatcher;
class PostPolicy extends AbstractPolicy
{
/**
* {@inheritdoc}
*/
protected $model = Post::class;
/**
* @var SettingsRepository
*/
protected $settings;
/**
* @var Gate
*/
protected $gate;
/**
* @param SettingsRepository $settings
* @param Gate $gate
*/
public function __construct(SettingsRepository $settings, Gate $gate)
{
$this->settings = $settings;
$this->gate = $gate;
}
/**
* @inheritDoc
*/
public function subscribe(Dispatcher $events)
{
parent::subscribe($events);
$events->listen(ScopePostVisibility::class, [$this, 'scopePostVisibility']);
}
/**
* @param User $actor
* @param string $ability
* @param Post $post
* @return bool|null
*/
public function before(User $actor, $ability, Post $post)
{
if ($this->discussionAllows($actor, $ability, $post)) {
return true;
}
}
/**
* @param ScopePostVisibility $event
*/
public function scopePostVisibility(ScopePostVisibility $event)
{
// When fetching a discussion's posts: if the user doesn't have permission
// to moderate the discussion, then they can't see posts that have been
// hidden by someone other than themself.
if ($this->gate->forUser($event->actor)->denies('editPosts', $event->discussion)) {
$event->query->where(function ($query) use ($event) {
$query->whereNull('hide_time')
->orWhere('user_id', $event->actor->id);
});
}
}
/**
* @param User $actor
* @param Post $post
* @return bool|null
*/
public function edit(User $actor, Post $post)
{
if ($this->discussionAllows($actor, 'edit', $post)) {
return true;
}
// A post is allowed to be edited if the user has permission to moderate
// the discussion which it's in, or if they are the author and the post
// hasn't been deleted by someone else.
if ($post->user_id == $actor->id && (! $post->hide_time || $post->hide_user_id == $actor->id)) {
$allowEditing = $this->settings->get('allow_post_editing');
if ($allowEditing === '-1'
|| ($allowEditing === 'reply' && $post->number >= $post->discussion->last_post_number)
|| ($post->time->diffInMinutes(new Carbon) < $allowEditing)) {
return true;
}
}
}
/**
* @param User $actor
* @param string $ability
* @param Post $post
* @return bool
*/
protected function discussionAllows(User $actor, $ability, Post $post)
{
return $this->gate->forUser($actor)->allows($ability.'Posts', $post->discussion);
}
}
Reference in New Issue Copy Permalink