mirror of
https://github.com/flarum/framework.git
synced 2024-11-25 09:41:49 +08:00
Improve some post/discussion permission logic
- Allow users to see their own posts, even if they have been hidden by someone else - Don't require hiding a post to be necessarily attributed to a user - Hide discussions with zero posts, unless the user can edit posts, or they are the discussion author
This commit is contained in:
parent
9277fca0ec
commit
276334ec52
|
@ -13,7 +13,9 @@ namespace Flarum\Core\Discussions;
|
|||
use Flarum\Core\Search\GambitManager;
|
||||
use Flarum\Core\Users\User;
|
||||
use Flarum\Events\ModelAllow;
|
||||
use Flarum\Events\ScopeModelVisibility;
|
||||
use Flarum\Events\RegisterDiscussionGambits;
|
||||
use Flarum\Events\ScopeEmptyDiscussionVisibility;
|
||||
use Flarum\Support\ServiceProvider;
|
||||
use Flarum\Extend;
|
||||
use Illuminate\Contracts\Container\Container;
|
||||
|
@ -53,6 +55,19 @@ class DiscussionsServiceProvider extends ServiceProvider
|
|||
}
|
||||
}
|
||||
});
|
||||
|
||||
$events->listen(ScopeModelVisibility::class, function (ScopeModelVisibility $event) {
|
||||
if ($event->model instanceof Discussion) {
|
||||
if (! $event->actor->hasPermission('discussion.editPosts')) {
|
||||
$event->query->where(function ($query) use ($event) {
|
||||
$query->where('comments_count', '>', '0')
|
||||
->orWhere('start_user_id', $event->actor->id);
|
||||
|
||||
event(new ScopeEmptyDiscussionVisibility($query, $event->actor));
|
||||
});
|
||||
}
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -87,7 +87,7 @@ class CommentPost extends Post
|
|||
* @param User $actor
|
||||
* @return $this
|
||||
*/
|
||||
public function hide(User $actor)
|
||||
public function hide(User $actor = null)
|
||||
{
|
||||
if ($this->number == 1) {
|
||||
throw new DomainException('Cannot hide the first post of a discussion');
|
||||
|
@ -95,7 +95,7 @@ class CommentPost extends Post
|
|||
|
||||
if (! $this->hide_time) {
|
||||
$this->hide_time = time();
|
||||
$this->hide_user_id = $actor->id;
|
||||
$this->hide_user_id = $actor ? $actor->id : null;
|
||||
|
||||
$this->raise(new PostWasHidden($this));
|
||||
}
|
||||
|
|
|
@ -44,7 +44,7 @@ class PostsServiceProvider extends ServiceProvider
|
|||
$actor = $event->actor;
|
||||
|
||||
if ($action === 'view' &&
|
||||
(! $post->hide_user_id || $post->hide_user_id == $actor->id || $post->can($actor, 'edit'))) {
|
||||
(! $post->hide_time || $post->user_id == $actor->id || $post->can($actor, 'edit'))) {
|
||||
return true;
|
||||
}
|
||||
|
||||
|
@ -55,7 +55,7 @@ class PostsServiceProvider extends ServiceProvider
|
|||
if ($post->discussion->can($actor, 'editPosts')) {
|
||||
return true;
|
||||
}
|
||||
if ($post->user_id == $actor->id && (! $post->hide_user_id || $post->hide_user_id == $actor->id)) {
|
||||
if ($post->user_id == $actor->id && (! $post->hide_time || $post->hide_user_id == $actor->id)) {
|
||||
$allowEditing = $settings->get('allow_post_editing');
|
||||
|
||||
if ($allowEditing === '-1' ||
|
||||
|
@ -80,8 +80,8 @@ class PostsServiceProvider extends ServiceProvider
|
|||
|
||||
if (! $event->discussion->can($user, 'editPosts')) {
|
||||
$event->query->where(function ($query) use ($user) {
|
||||
$query->whereNull('hide_user_id')
|
||||
->orWhere('hide_user_id', $user->id);
|
||||
$query->whereNull('hide_time')
|
||||
->orWhere('user_id', $user->id);
|
||||
});
|
||||
}
|
||||
});
|
||||
|
|
40
src/Events/ScopeEmptyDiscussionVisibility.php
Normal file
40
src/Events/ScopeEmptyDiscussionVisibility.php
Normal file
|
@ -0,0 +1,40 @@
|
|||
<?php
|
||||
/*
|
||||
* This file is part of Flarum.
|
||||
*
|
||||
* (c) Toby Zerner <toby.zerner@gmail.com>
|
||||
*
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*/
|
||||
|
||||
namespace Flarum\Events;
|
||||
|
||||
use Flarum\Core\Users\User;
|
||||
use Illuminate\Database\Eloquent\Builder;
|
||||
|
||||
/**
|
||||
* The `ScopeEmptyDiscussionVisibility` event
|
||||
*/
|
||||
class ScopeEmptyDiscussionVisibility
|
||||
{
|
||||
/**
|
||||
* @var Builder
|
||||
*/
|
||||
public $query;
|
||||
|
||||
/**
|
||||
* @var User
|
||||
*/
|
||||
public $actor;
|
||||
|
||||
/**
|
||||
* @param Builder $query
|
||||
* @param User $actor
|
||||
*/
|
||||
public function __construct(Builder $query, User $actor)
|
||||
{
|
||||
$this->query = $query;
|
||||
$this->actor = $actor;
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user