Enforce discussion renaming/deleting/post editing timed permissions

2024-12-12 06:03:39 +08:00 · 2015-08-05 19:21:33 +09:30 · 2015-08-05 19:21:33 +09:30 · dd7bfb17ed
commit dd7bfb17ed
parent 15019fc0ab
2 changed files with 30 additions and 18 deletions
--- a/framework/core/src/Core/Discussions/DiscussionsServiceProvider.php
+++ b/framework/core/src/Core/Discussions/DiscussionsServiceProvider.php
@ -7,6 +7,7 @@ use Flarum\Events\RegisterDiscussionGambits;
 use Flarum\Support\ServiceProvider;
 use Flarum\Extend;
 use Illuminate\Contracts\Container\Container;
+use Carbon\Carbon;

 class DiscussionsServiceProvider extends ServiceProvider
 {
@ -20,25 +21,26 @@ class DiscussionsServiceProvider extends ServiceProvider
        Discussion::setValidator($this->app->make('validator'));

        $events = $this->app->make('events');
+        $settings = $this->app->make('Flarum\Core\Settings\SettingsRepository');

        $events->subscribe('Flarum\Core\Discussions\Listeners\DiscussionMetadataUpdater');

-        $events->listen(ModelAllow::class, function (ModelAllow $event) {
+        $events->listen(ModelAllow::class, function (ModelAllow $event) use ($settings) {
            if ($event->model instanceof Discussion) {
-                if ($event->action === 'rename' &&
-                    $event->model->start_user_id == $event->actor->id) {
-                    return true;
-                }
-
-                if ($event->action === 'delete' &&
-                    $event->model->start_user_id == $event->actor->id &&
-                    $event->model->participants_count == 1) {
-                    return true;
-                }
-
                if ($event->actor->hasPermission('discussion.'.$event->action)) {
                    return true;
                }
+
+                if (($event->action === 'rename' || $event->action === 'delete') &&
+                    $event->model->start_user_id == $event->actor->id) {
+                    $allowRenaming = $settings->get('allow_renaming');
+
+                    if ($allowRenaming === '-1' ||
+                        ($allowRenaming === 'reply' && $event->model->participants_count == 1) ||
+                        ($event->model->start_time->diffInMinutes(Carbon::now()) < $allowRenaming)) {
+                        return true;
+                    }
+                }
            }
        });
    }
--- a/framework/core/src/Core/Posts/PostsServiceProvider.php
+++ b/framework/core/src/Core/Posts/PostsServiceProvider.php
@ -7,6 +7,7 @@ use Flarum\Events\RegisterPostTypes;
 use Flarum\Events\ScopePostVisibility;
 use Flarum\Support\ServiceProvider;
 use Flarum\Extend;
+use Carbon\Carbon;

 class PostsServiceProvider extends ServiceProvider
 {
@ -24,8 +25,9 @@ class PostsServiceProvider extends ServiceProvider
        $this->registerPostTypes();

        $events = $this->app->make('events');
+        $settings = $this->app->make('Flarum\Core\Settings\SettingsRepository');

-        $events->listen(ModelAllow::class, function (ModelAllow $event) {
+        $events->listen(ModelAllow::class, function (ModelAllow $event) use ($settings) {
            if ($event->model instanceof Post) {
                $post = $event->model;
                $action = $event->action;
@ -39,12 +41,20 @@ class PostsServiceProvider extends ServiceProvider
                // A post is allowed to be edited if the user has permission to moderate
                // the discussion which it's in, or if they are the author and the post
                // hasn't been deleted by someone else.
-                if ($action === 'edit' &&
-                    ($post->discussion->can($actor, 'editPosts') ||
-                        ($post->user_id == $actor->id &&
-                            (! $post->hide_user_id || $post->hide_user_id == $actor->id)))) {
+                if ($action === 'edit') {
+                    if ($post->discussion->can($actor, 'editPosts')) {
                        return true;
                    }
+                    if ($post->user_id == $actor->id && (! $post->hide_user_id || $post->hide_user_id == $actor->id)) {
+                        $allowEditing = $settings->get('allow_post_editing');
+
+                        if ($allowEditing === '-1' ||
+                            ($allowEditing === 'reply' && $event->model->number == $event->model->discussion->last_post_number) ||
+                            ($event->model->time->diffInMinutes(Carbon::now()) < $allowEditing)) {
+                            return true;
+                        }
+                    }
+                }

                if ($post->discussion->can($actor, $action.'Posts')) {
                    return true;