github-mirror/framework
2
0
Fork 0
mirror of https://github.com/flarum/framework.git synced 2024-11-25 06:50:36 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Improve some post/discussion permission logic

Browse Source 
- Allow users to see their own posts, even if they have been hidden by
someone else
- Don't require hiding a post to be necessarily attributed to a user
- Hide discussions with zero posts, unless the user can edit posts, or
they are the discussion author
This commit is contained in:
Toby Zerner 2015-09-04 12:22:27 +09:30
parent 9277fca0ec
commit 276334ec52
4 changed files with 61 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/Core/Discussions/DiscussionsServiceProvider.php
View File

@ -13,7 +13,9 @@ namespace Flarum\Core\Discussions;
use Flarum\Core\Search\GambitManager;
use Flarum\Core\Users\User;
use Flarum\Events\ModelAllow;
use Flarum\Events\ScopeModelVisibility;
use Flarum\Events\RegisterDiscussionGambits;
use Flarum\Events\ScopeEmptyDiscussionVisibility;
use Flarum\Support\ServiceProvider;
use Flarum\Extend;
use Illuminate\Contracts\Container\Container;
@ -53,6 +55,19 @@ class DiscussionsServiceProvider extends ServiceProvider
}
}
});
$events->listen(ScopeModelVisibility::class, function (ScopeModelVisibility $event) {
if ($event->model instanceof Discussion) {
if (! $event->actor->hasPermission('discussion.editPosts')) {
$event->query->where(function ($query) use ($event) {
$query->where('comments_count', '>', '0')
->orWhere('start_user_id', $event->actor->id);
event(new ScopeEmptyDiscussionVisibility($query, $event->actor));
});
}
}
});
}
/**

4
src/Core/Posts/CommentPost.php
View File

@ -87,7 +87,7 @@ class CommentPost extends Post
* @param User $actor
* @return $this
*/
public function hide(User $actor)
public function hide(User $actor = null)
{
if ($this->number == 1) {
throw new DomainException('Cannot hide the first post of a discussion');
@ -95,7 +95,7 @@ class CommentPost extends Post
if (! $this->hide_time) {
$this->hide_time = time();
$this->hide_user_id = $actor->id;
$this->hide_user_id = $actor ? $actor->id : null;
$this->raise(new PostWasHidden($this));
}

8
src/Core/Posts/PostsServiceProvider.php
View File

@ -44,7 +44,7 @@ class PostsServiceProvider extends ServiceProvider
$actor = $event->actor;
if ($action === 'view' &&
(! $post->hide_user_id || $post->hide_user_id == $actor->id || $post->can($actor, 'edit'))) {
(! $post->hide_time || $post->user_id == $actor->id || $post->can($actor, 'edit'))) {
return true;
}
@ -55,7 +55,7 @@ class PostsServiceProvider extends ServiceProvider
if ($post->discussion->can($actor, 'editPosts')) {
return true;
}
if ($post->user_id == $actor->id && (! $post->hide_user_id || $post->hide_user_id == $actor->id)) {
if ($post->user_id == $actor->id && (! $post->hide_time || $post->hide_user_id == $actor->id)) {
$allowEditing = $settings->get('allow_post_editing');
if ($allowEditing === '-1' ||
@ -80,8 +80,8 @@ class PostsServiceProvider extends ServiceProvider
if (! $event->discussion->can($user, 'editPosts')) {
$event->query->where(function ($query) use ($user) {
$query->whereNull('hide_user_id')
->orWhere('hide_user_id', $user->id);
$query->whereNull('hide_time')
->orWhere('user_id', $user->id);
});
}
});

40
src/Events/ScopeEmptyDiscussionVisibility.php Normal file
View File

@ -0,0 +1,40 @@
<?php
/*
* This file is part of Flarum.
*
* (c) Toby Zerner <toby.zerner@gmail.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Flarum\Events;
use Flarum\Core\Users\User;
use Illuminate\Database\Eloquent\Builder;
/**
* The `ScopeEmptyDiscussionVisibility` event
*/
class ScopeEmptyDiscussionVisibility
{
/**
* @var Builder
*/
public $query;
/**
* @var User
*/
public $actor;
/**
* @param Builder $query
* @param User $actor
*/
public function __construct(Builder $query, User $actor)
{
$this->query = $query;
$this->actor = $actor;
}
}