From dd7bfb17eda8b6923927efbe5f386bbe77cc98ce Mon Sep 17 00:00:00 2001 From: Toby Zerner Date: Wed, 5 Aug 2015 19:21:33 +0930 Subject: [PATCH] Enforce discussion renaming/deleting/post editing timed permissions --- .../DiscussionsServiceProvider.php | 26 ++++++++++--------- .../src/Core/Posts/PostsServiceProvider.php | 22 +++++++++++----- 2 files changed, 30 insertions(+), 18 deletions(-) diff --git a/framework/core/src/Core/Discussions/DiscussionsServiceProvider.php b/framework/core/src/Core/Discussions/DiscussionsServiceProvider.php index de3c961f2..fac492e13 100644 --- a/framework/core/src/Core/Discussions/DiscussionsServiceProvider.php +++ b/framework/core/src/Core/Discussions/DiscussionsServiceProvider.php @@ -7,6 +7,7 @@ use Flarum\Events\RegisterDiscussionGambits; use Flarum\Support\ServiceProvider; use Flarum\Extend; use Illuminate\Contracts\Container\Container; +use Carbon\Carbon; class DiscussionsServiceProvider extends ServiceProvider { @@ -20,25 +21,26 @@ class DiscussionsServiceProvider extends ServiceProvider Discussion::setValidator($this->app->make('validator')); $events = $this->app->make('events'); + $settings = $this->app->make('Flarum\Core\Settings\SettingsRepository'); $events->subscribe('Flarum\Core\Discussions\Listeners\DiscussionMetadataUpdater'); - $events->listen(ModelAllow::class, function (ModelAllow $event) { + $events->listen(ModelAllow::class, function (ModelAllow $event) use ($settings) { if ($event->model instanceof Discussion) { - if ($event->action === 'rename' && - $event->model->start_user_id == $event->actor->id) { - return true; - } - - if ($event->action === 'delete' && - $event->model->start_user_id == $event->actor->id && - $event->model->participants_count == 1) { - return true; - } - if ($event->actor->hasPermission('discussion.'.$event->action)) { return true; } + + if (($event->action === 'rename' || $event->action === 'delete') && + $event->model->start_user_id == $event->actor->id) { + $allowRenaming = $settings->get('allow_renaming'); + + if ($allowRenaming === '-1' || + ($allowRenaming === 'reply' && $event->model->participants_count == 1) || + ($event->model->start_time->diffInMinutes(Carbon::now()) < $allowRenaming)) { + return true; + } + } } }); } diff --git a/framework/core/src/Core/Posts/PostsServiceProvider.php b/framework/core/src/Core/Posts/PostsServiceProvider.php index cb93b7fd6..3cf5d456d 100644 --- a/framework/core/src/Core/Posts/PostsServiceProvider.php +++ b/framework/core/src/Core/Posts/PostsServiceProvider.php @@ -7,6 +7,7 @@ use Flarum\Events\RegisterPostTypes; use Flarum\Events\ScopePostVisibility; use Flarum\Support\ServiceProvider; use Flarum\Extend; +use Carbon\Carbon; class PostsServiceProvider extends ServiceProvider { @@ -24,8 +25,9 @@ class PostsServiceProvider extends ServiceProvider $this->registerPostTypes(); $events = $this->app->make('events'); + $settings = $this->app->make('Flarum\Core\Settings\SettingsRepository'); - $events->listen(ModelAllow::class, function (ModelAllow $event) { + $events->listen(ModelAllow::class, function (ModelAllow $event) use ($settings) { if ($event->model instanceof Post) { $post = $event->model; $action = $event->action; @@ -39,11 +41,19 @@ class PostsServiceProvider extends ServiceProvider // A post is allowed to be edited if the user has permission to moderate // the discussion which it's in, or if they are the author and the post // hasn't been deleted by someone else. - if ($action === 'edit' && - ($post->discussion->can($actor, 'editPosts') || - ($post->user_id == $actor->id && - (! $post->hide_user_id || $post->hide_user_id == $actor->id)))) { - return true; + if ($action === 'edit') { + if ($post->discussion->can($actor, 'editPosts')) { + return true; + } + if ($post->user_id == $actor->id && (! $post->hide_user_id || $post->hide_user_id == $actor->id)) { + $allowEditing = $settings->get('allow_post_editing'); + + if ($allowEditing === '-1' || + ($allowEditing === 'reply' && $event->model->number == $event->model->discussion->last_post_number) || + ($event->model->time->diffInMinutes(Carbon::now()) < $allowEditing)) { + return true; + } + } } if ($post->discussion->can($actor, $action.'Posts')) {