Skip to content

Commit 6c49943

Browse files
beaver-devbeaver-dev
committed
Use User::can('mod.**')
1 parent 70f06a4 commit 6c49943

File tree

7 files changed

+17
-15
lines changed

7 files changed

+17
-15
lines changed

featherbb/Controller/Admin/Users.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -96,7 +96,7 @@ public function display($req, $res, $args)
9696

9797
// Some helper variables for permissions
9898
$can_delete = $can_move = User::get()->g_id == ForumEnv::get('FEATHER_ADMIN');
99-
$can_ban = User::get()->g_id == ForumEnv::get('FEATHER_ADMIN') || (User::can('mod.is_mod') && User::get()->g_mod_ban_users == '1');
99+
$can_ban = User::get()->g_id == ForumEnv::get('FEATHER_ADMIN') || (User::can('mod.is_mod') && User::can('mod.ban_users'));
100100
$can_action = ($can_delete || $can_ban || $can_move) && $num_users > 0;
101101
View::addAsset('js', 'style/imports/common.js', array('type' => 'text/javascript'));
102102

featherbb/Controller/Profile.php

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,7 @@ public function display($req, $res, $args)
4747

4848
return $this->model->update_mod_forums($args['id']);
4949
} elseif (Input::post('ban')) {
50-
if (User::get()->g_id != ForumEnv::get('FEATHER_ADMIN') && (!User::can('mod.is_mod') || User::get()->g_mod_ban_users == '0')) {
50+
if (User::get()->g_id != ForumEnv::get('FEATHER_ADMIN') && (!User::can('mod.is_mod') || !User::can('mod.ban_users'))) {
5151
throw new Error(__('No permission'), 403);
5252
}
5353

@@ -75,7 +75,7 @@ public function display($req, $res, $args)
7575
if (User::get()->id != $args['id'] && // If we aren't the user (i.e. editing your own profile)
7676
(!User::get()->is_admmod || // and we are not an admin or mod
7777
(User::get()->g_id != ForumEnv::get('FEATHER_ADMIN') && // or we aren't an admin and ...
78-
(User::get()->g_mod_edit_users == '0' || // mods aren't allowed to edit users
78+
(!User::can('mod.edit_users') || // mods aren't allowed to edit users
7979
$info['group_id'] == ForumEnv::get('FEATHER_ADMIN') || // or the user is an admin
8080
$info['is_moderator'])))) { // or the user is another mod
8181
throw new Error(__('No permission'), 403);
@@ -94,7 +94,7 @@ public function display($req, $res, $args)
9494
if (User::get()->id != $args['id'] && // If we aren't the user (i.e. editing your own profile)
9595
(!User::get()->is_admmod || // and we are not an admin or mod
9696
(User::get()->g_id != ForumEnv::get('FEATHER_ADMIN') && // or we aren't an admin and ...
97-
(User::get()->g_mod_edit_users == '0' || // mods aren't allowed to edit users
97+
(!User::can('mod.edit_users') || // mods aren't allowed to edit users
9898
$user['g_id'] == ForumEnv::get('FEATHER_ADMIN') || // or the user is an admin
9999
$user['g_moderator'] == '1')))) { // or the user is another mod
100100
$user_info = $this->model->parse_user_info($user);
@@ -199,7 +199,7 @@ public function display($req, $res, $args)
199199

200200
} elseif ($args['section'] == 'admin') {
201201

202-
if (!User::get()->is_admmod || (User::can('mod.is_mod') && User::get()->g_mod_ban_users == '0')) {
202+
if (!User::get()->is_admmod || (User::can('mod.is_mod') && !User::can('mod.ban_users'))) {
203203
throw new Error(__('Bad request'), 404);
204204
}
205205

@@ -260,7 +260,7 @@ public function action($req, $res, $args)
260260
throw new Error(__('Bad request'), 404);
261261
}
262262

263-
if (User::get()->g_mod_edit_users == '0' || User::get()->g_mod_change_passwords == '0' || $user['group_id'] == ForumEnv::get('FEATHER_ADMIN') || $user['g_moderator'] == '1') {
263+
if (!User::can('mod.edit_users') || !User::can('mod.change_passwords') || $user['group_id'] == ForumEnv::get('FEATHER_ADMIN') || $user['g_moderator'] == '1') {
264264
throw new Error(__('No permission'), 403);
265265
}
266266
}
@@ -301,7 +301,7 @@ public function action($req, $res, $args)
301301
throw new Error(__('Bad request'), 404);
302302
}
303303

304-
if (User::get()->g_mod_edit_users == '0' || User::get()->g_mod_change_passwords == '0' || $user['group_id'] == ForumEnv::get('FEATHER_ADMIN') || $user['g_moderator'] == '1') {
304+
if (!User::can('mod.edit_users') || !User::can('mod.change_passwords') || $user['group_id'] == ForumEnv::get('FEATHER_ADMIN') || $user['g_moderator'] == '1') {
305305
throw new Error(__('No permission'), 403);
306306
}
307307
}
@@ -348,7 +348,7 @@ public function action($req, $res, $args)
348348

349349
return Router::redirect(Router::pathFor('profileSection', array('id' => $args['id'], 'section' => 'personality')), __('Avatar deleted redirect'));
350350
} elseif ($args['action'] == 'promote') {
351-
if (User::get()->g_id != ForumEnv::get('FEATHER_ADMIN') && (!User::can('mod.is_mod') || User::get()->g_mod_promote_users == '0')) {
351+
if (User::get()->g_id != ForumEnv::get('FEATHER_ADMIN') && (!User::can('mod.is_mod') || !User::can('mod.promote_users'))) {
352352
throw new Error(__('No permission'), 403);
353353
}
354354

featherbb/Model/Admin/Groups.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -171,7 +171,7 @@ public function add_edit_group($groups)
171171
'g_user_title' => $user_title,
172172
'g_promote_min_posts' => $promote_min_posts,
173173
'g_promote_next_group' => $promote_next_group,
174-
// 'g_moderator' => $moderator,
174+
// *** 'g_moderator' => $moderator,
175175
// 'g_mod_edit_users' => $mod_edit_users,
176176
// 'g_mod_rename_users' => $mod_rename_users,
177177
// 'g_mod_change_passwords'=> $mod_change_passwords,

featherbb/Model/Profile.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -713,7 +713,7 @@ public function update_profile($id, $info, $section)
713713
$form['admin_note'] = Utils::trim(Input::post('admin_note'));
714714

715715
// Are we allowed to change usernames?
716-
if (User::get()->g_id == ForumEnv::get('FEATHER_ADMIN') || (User::can('mod.is_mod') && User::get()->g_mod_rename_users == '1')) {
716+
if (User::get()->g_id == ForumEnv::get('FEATHER_ADMIN') || (User::can('mod.is_mod') && User::can('mod.rename_users'))) {
717717
$form['username'] = Utils::trim(Input::post('req_username'));
718718

719719
if ($form['username'] != $info['old_username']) {
@@ -1110,7 +1110,7 @@ public function edit_essentials($id, $user)
11101110
$user_disp = Container::get('hooks')->fire('model.profile.edit_essentials_start', $user_disp, $id, $user);
11111111

11121112
if (User::get()->is_admmod) {
1113-
if (User::get()->g_id == ForumEnv::get('FEATHER_ADMIN') || User::get()->g_mod_rename_users == '1') {
1113+
if (User::get()->g_id == ForumEnv::get('FEATHER_ADMIN') || User::can('mod.rename_users')) {
11141114
$user_disp['username_field'] = '<label class="required"><strong>'.__('Username').' <span>'.__('Required').'</span></strong><br /><input type="text" name="req_username" value="'.Utils::escape($user['username']).'" size="25" maxlength="25" required /><br /></label>'."\n";
11151115
} else {
11161116
$user_disp['username_field'] = '<p>'.sprintf(__('Username info'), Utils::escape($user['username'])).'</p>'."\n";

featherbb/Model/Topic.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -918,7 +918,7 @@ public function print_posts($topic_id, $start_from, $cur_topic, $is_admmod)
918918
}
919919
}
920920

921-
if (User::get()->g_id == ForumEnv::get('FEATHER_ADMIN') || (User::can('mod.is_mod') && User::get()->g_mod_promote_users == '1')) {
921+
if (User::get()->g_id == ForumEnv::get('FEATHER_ADMIN') || (User::can('mod.is_mod') && User::can('mod.promote_users'))) {
922922
if ($cur_post['g_promote_next_group']) {
923923
$cur_post['user_info'][] = '<dd><span><a href="'.Router::pathFor('profileAction', ['id' => $cur_post['poster_id'], 'action' => 'promote', 'pid' => $cur_post['id']]).'">'.__('Promote user').'</a></span></dd>';
924924
}

featherbb/View/profile/menu.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@
2727
<?php endif;?>
2828
<li<?php if ($page == 'display') {echo ' class="isactive"';}?>><a href="<?= Router::pathFor('profileSection', ['id' => $id, 'section' => 'display']) ?>"><?php _e('Section display') ?></a></li>
2929
<li<?php if ($page == 'privacy') {echo ' class="isactive"';}?>><a href="<?= Router::pathFor('profileSection', ['id' => $id, 'section' => 'privacy']) ?>"><?php _e('Section privacy') ?></a></li>
30-
<?php if (User::get()->g_id == ForumEnv::get('FEATHER_ADMIN') || (User::can('mod.is_mod') && User::get()->g_mod_ban_users == '1')): ?>
30+
<?php if (User::get()->g_id == ForumEnv::get('FEATHER_ADMIN') || (User::can('mod.is_mod') && User::can('mod.ban_users'))): ?>
3131
<li<?php if ($page == 'admin') {echo ' class="isactive"';}?>><a href="<?= Router::pathFor('profileSection', ['id' => $id, 'section' => 'admin']) ?>"><?php _e('Section admin') ?></a></li>
3232
<?php endif;?>
3333
</ul>

featherbb/View/profile/section_essentials.php

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -27,8 +27,10 @@
2727
<div class="infldset">
2828
<input type="hidden" name="form_sent" value="1" />
2929
<?= $user_disp['username_field'] ?>
30-
<?php if (User::get()->id == $id || User::get()->g_id == ForumEnv::get('FEATHER_ADMIN') || ($user['g_moderator'] == '0' && User::get()->g_mod_change_passwords == '1')): ?> <p class="actions"><span><a href="<?= Router::pathFor('profileAction', ['id' => $id, 'action' => 'change_pass']) ?>"><?php _e('Change pass') ?></a></span></p>
31-
<?php endif; ?> </div>
30+
<?php if (User::get()->id == $id || User::get()->g_id == ForumEnv::get('FEATHER_ADMIN') || (User::can('mod.is_mod') && User::can('mod.change_passwords'))): ?>
31+
<p class="actions"><span><a href="<?= Router::pathFor('profileAction', ['id' => $id, 'action' => 'change_pass']) ?>"><?php _e('Change pass') ?></a></span></p>
32+
<?php endif; ?>
33+
</div>
3234
</fieldset>
3335
</div>
3436
<div class="inform">

0 commit comments

Comments
 (0)