mirror of
https://github.com/flarum/framework.git
synced 2024-11-28 20:16:08 +08:00
Improve some post/discussion permission logic
- Allow users to see their own posts, even if they have been hidden by someone else - Don't require hiding a post to be necessarily attributed to a user - Hide discussions with zero posts, unless the user can edit posts, or they are the discussion author
This commit is contained in:
parent
9277fca0ec
commit
276334ec52
|
@ -13,7 +13,9 @@ namespace Flarum\Core\Discussions;
|
||||||
use Flarum\Core\Search\GambitManager;
|
use Flarum\Core\Search\GambitManager;
|
||||||
use Flarum\Core\Users\User;
|
use Flarum\Core\Users\User;
|
||||||
use Flarum\Events\ModelAllow;
|
use Flarum\Events\ModelAllow;
|
||||||
|
use Flarum\Events\ScopeModelVisibility;
|
||||||
use Flarum\Events\RegisterDiscussionGambits;
|
use Flarum\Events\RegisterDiscussionGambits;
|
||||||
|
use Flarum\Events\ScopeEmptyDiscussionVisibility;
|
||||||
use Flarum\Support\ServiceProvider;
|
use Flarum\Support\ServiceProvider;
|
||||||
use Flarum\Extend;
|
use Flarum\Extend;
|
||||||
use Illuminate\Contracts\Container\Container;
|
use Illuminate\Contracts\Container\Container;
|
||||||
|
@ -53,6 +55,19 @@ class DiscussionsServiceProvider extends ServiceProvider
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
|
$events->listen(ScopeModelVisibility::class, function (ScopeModelVisibility $event) {
|
||||||
|
if ($event->model instanceof Discussion) {
|
||||||
|
if (! $event->actor->hasPermission('discussion.editPosts')) {
|
||||||
|
$event->query->where(function ($query) use ($event) {
|
||||||
|
$query->where('comments_count', '>', '0')
|
||||||
|
->orWhere('start_user_id', $event->actor->id);
|
||||||
|
|
||||||
|
event(new ScopeEmptyDiscussionVisibility($query, $event->actor));
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -87,7 +87,7 @@ class CommentPost extends Post
|
||||||
* @param User $actor
|
* @param User $actor
|
||||||
* @return $this
|
* @return $this
|
||||||
*/
|
*/
|
||||||
public function hide(User $actor)
|
public function hide(User $actor = null)
|
||||||
{
|
{
|
||||||
if ($this->number == 1) {
|
if ($this->number == 1) {
|
||||||
throw new DomainException('Cannot hide the first post of a discussion');
|
throw new DomainException('Cannot hide the first post of a discussion');
|
||||||
|
@ -95,7 +95,7 @@ class CommentPost extends Post
|
||||||
|
|
||||||
if (! $this->hide_time) {
|
if (! $this->hide_time) {
|
||||||
$this->hide_time = time();
|
$this->hide_time = time();
|
||||||
$this->hide_user_id = $actor->id;
|
$this->hide_user_id = $actor ? $actor->id : null;
|
||||||
|
|
||||||
$this->raise(new PostWasHidden($this));
|
$this->raise(new PostWasHidden($this));
|
||||||
}
|
}
|
||||||
|
|
|
@ -44,7 +44,7 @@ class PostsServiceProvider extends ServiceProvider
|
||||||
$actor = $event->actor;
|
$actor = $event->actor;
|
||||||
|
|
||||||
if ($action === 'view' &&
|
if ($action === 'view' &&
|
||||||
(! $post->hide_user_id || $post->hide_user_id == $actor->id || $post->can($actor, 'edit'))) {
|
(! $post->hide_time || $post->user_id == $actor->id || $post->can($actor, 'edit'))) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -55,7 +55,7 @@ class PostsServiceProvider extends ServiceProvider
|
||||||
if ($post->discussion->can($actor, 'editPosts')) {
|
if ($post->discussion->can($actor, 'editPosts')) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
if ($post->user_id == $actor->id && (! $post->hide_user_id || $post->hide_user_id == $actor->id)) {
|
if ($post->user_id == $actor->id && (! $post->hide_time || $post->hide_user_id == $actor->id)) {
|
||||||
$allowEditing = $settings->get('allow_post_editing');
|
$allowEditing = $settings->get('allow_post_editing');
|
||||||
|
|
||||||
if ($allowEditing === '-1' ||
|
if ($allowEditing === '-1' ||
|
||||||
|
@ -80,8 +80,8 @@ class PostsServiceProvider extends ServiceProvider
|
||||||
|
|
||||||
if (! $event->discussion->can($user, 'editPosts')) {
|
if (! $event->discussion->can($user, 'editPosts')) {
|
||||||
$event->query->where(function ($query) use ($user) {
|
$event->query->where(function ($query) use ($user) {
|
||||||
$query->whereNull('hide_user_id')
|
$query->whereNull('hide_time')
|
||||||
->orWhere('hide_user_id', $user->id);
|
->orWhere('user_id', $user->id);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
40
src/Events/ScopeEmptyDiscussionVisibility.php
Normal file
40
src/Events/ScopeEmptyDiscussionVisibility.php
Normal file
|
@ -0,0 +1,40 @@
|
||||||
|
<?php
|
||||||
|
/*
|
||||||
|
* This file is part of Flarum.
|
||||||
|
*
|
||||||
|
* (c) Toby Zerner <toby.zerner@gmail.com>
|
||||||
|
*
|
||||||
|
* For the full copyright and license information, please view the LICENSE
|
||||||
|
* file that was distributed with this source code.
|
||||||
|
*/
|
||||||
|
|
||||||
|
namespace Flarum\Events;
|
||||||
|
|
||||||
|
use Flarum\Core\Users\User;
|
||||||
|
use Illuminate\Database\Eloquent\Builder;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The `ScopeEmptyDiscussionVisibility` event
|
||||||
|
*/
|
||||||
|
class ScopeEmptyDiscussionVisibility
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* @var Builder
|
||||||
|
*/
|
||||||
|
public $query;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @var User
|
||||||
|
*/
|
||||||
|
public $actor;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param Builder $query
|
||||||
|
* @param User $actor
|
||||||
|
*/
|
||||||
|
public function __construct(Builder $query, User $actor)
|
||||||
|
{
|
||||||
|
$this->query = $query;
|
||||||
|
$this->actor = $actor;
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user