FIX: Черновики
См. https://libarea.ru/post/1253/v-chem-smysl-chernovikov
This commit is contained in:
parent
f9cfa4d0a9
commit
ae1e2da4ef
|
@ -23,7 +23,7 @@ class ActionController extends Controller
|
|||
// Access check
|
||||
// Проверка доступа
|
||||
$info_type = ActionModel::getInfoTypeContent($content_id, $type);
|
||||
if (Access::author($type, $info_type, 30) == false) {
|
||||
if (Access::author($type, $info_type) == false) {
|
||||
redirect('/');
|
||||
}
|
||||
|
||||
|
|
|
@ -21,7 +21,7 @@ class EditAnswerController extends Controller
|
|||
public function index()
|
||||
{
|
||||
$answer = AnswerPresence::index(Request::getInt('id'));
|
||||
if (Access::author('answer', $answer, config('trust-levels.edit_time_answer')) == false) {
|
||||
if (Access::author('answer', $answer) == false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -50,7 +50,7 @@ class EditAnswerController extends Controller
|
|||
// Access check
|
||||
$answer = AnswerModel::getAnswerId($answer_id);
|
||||
|
||||
if (Access::author('answer', $answer, config('trust-levels.edit_time_answer')) == false) {
|
||||
if (Access::author('answer', $answer) == false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
@ -18,7 +18,7 @@ class EditCommentController extends Controller
|
|||
// Access verification
|
||||
// Проверка доступа
|
||||
$comment = CommentPresence::index(Request::getPostInt('comment_id'));
|
||||
if (Access::author('comment', $comment, config('trust-levels.edit_time_comment')) == false) {
|
||||
if (Access::author('comment', $comment) == false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -38,7 +38,7 @@ class EditCommentController extends Controller
|
|||
{
|
||||
// Access verification
|
||||
$comment = CommentPresence::index(Request::getPostInt('comment_id'));
|
||||
if (Access::author('comment', $comment, config('trust-levels.edit_time_comment')) == false) {
|
||||
if (Access::author('comment', $comment) == false) {
|
||||
redirect('/');
|
||||
}
|
||||
|
||||
|
|
|
@ -27,7 +27,7 @@ class EditItemController extends Controller
|
|||
|
||||
// Only the site author and staff can edit
|
||||
// Редактировать может только автор сайта и персонал
|
||||
if (Access::author('item', $domain, config('trust-levels.edit_time_item')) === false) {
|
||||
if (Access::author('item', $domain) === false) {
|
||||
redirect(url('web'));
|
||||
}
|
||||
|
||||
|
@ -65,7 +65,7 @@ class EditItemController extends Controller
|
|||
|
||||
// Only the site author and staff can edit
|
||||
// Редактировать может только автор сайта и персонал
|
||||
if (Access::author('item', $item, config('trust-levels.edit_time_item')) === false) {
|
||||
if (Access::author('item', $item) === false) {
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
|
@ -21,7 +21,7 @@ class ReplyController extends Controller
|
|||
$id = Request::getPostInt('id');
|
||||
$reply = ReplyModel::getId($id);
|
||||
|
||||
if (Access::author('item', $reply, 0) === false) {
|
||||
if (Access::author('reply', $reply) === false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -50,7 +50,7 @@ class ReplyController extends Controller
|
|||
|
||||
// Access verification
|
||||
$reply = ReplyModel::getId($id);
|
||||
if (Access::author('item', $reply, 0) === false) {
|
||||
if (Access::author('reply', $reply)) === false) {
|
||||
redirect('/');
|
||||
}
|
||||
|
||||
|
|
|
@ -160,7 +160,7 @@ class EditPostController extends Controller
|
|||
{
|
||||
$post = PostPresence::index(Request::getInt('id'), 'id');
|
||||
|
||||
if (Access::author('post', $post, 30) == false) {
|
||||
if (Access::author('post', $post) == false) {
|
||||
is_return(__('msg.went_wrong'), 'error');
|
||||
}
|
||||
|
||||
|
@ -191,11 +191,11 @@ class EditPostController extends Controller
|
|||
public function checkingEditPermissions($post, $blog)
|
||||
{
|
||||
if (empty($blog)) {
|
||||
if (Access::postAuthorAndTeam($post, $blog[0]['facet_user_id'] ?? 0) == false) {
|
||||
if (Access::author('post', $post) == false) {
|
||||
is_return(__('msg.access_denied'), 'error');
|
||||
}
|
||||
} else {
|
||||
if (Access::author('post', $post, config('trust-levels.edit_time_post')) == false) {
|
||||
if (Access::postAuthorAndTeam($post, $blog[0]['facet_user_id'] ?? 0) == false) {
|
||||
is_return(__('msg.access_denied'), 'error');
|
||||
}
|
||||
}
|
||||
|
|
|
@ -188,7 +188,7 @@ class PostController extends Controller
|
|||
|
||||
// Access check
|
||||
// Проверка доступа
|
||||
if (Access::author('post', $post, 0) == false) {
|
||||
if ($post['post_user_id'] != UserData::getUserId()) {
|
||||
redirect('/');
|
||||
}
|
||||
|
||||
|
|
|
@ -94,7 +94,7 @@ class Access
|
|||
*
|
||||
* Тип контента, массив данных и сколько времени можно редактировать.
|
||||
*/
|
||||
public static function author(string $type_content, array $info_type, int $limit_time = 30): bool
|
||||
public static function author(string $type_content, array $info_type): bool
|
||||
{
|
||||
if (UserData::checkAdmin()) {
|
||||
return true;
|
||||
|
@ -125,7 +125,13 @@ class Access
|
|||
*
|
||||
* Лимит по времени.
|
||||
*/
|
||||
if (self::limiTime($info_type[$type_content . '_date'], $limit_time) === false) {
|
||||
|
||||
$time_edit = config('trust-levels.edit_time_' . $type_content);
|
||||
if ($type_content == 'post') {
|
||||
$time_edit = $post['post_draft'] == 1 ? 0 : config('trust-levels.edit_time_post');
|
||||
}
|
||||
|
||||
if (self::limiTime($info_type[$type_content . '_date'], $time_edit) === false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -163,7 +169,9 @@ class Access
|
|||
*
|
||||
* Лимит по времени.
|
||||
*/
|
||||
if (self::limiTime($info_type['post_date'], config('trust-levels.edit_time_post')) === false) {
|
||||
|
||||
$time_edit = $info_type['post_draft'] == 1 ? 0 : config('trust-levels.edit_time_post');
|
||||
if (self::limiTime($info_type['post_date'], $time_edit) === false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
@ -12,13 +12,6 @@ use UserData, Access;
|
|||
|
||||
class AnswerBest extends Base
|
||||
{
|
||||
protected $user;
|
||||
|
||||
public function __construct()
|
||||
{
|
||||
$this->user = UserData::get();
|
||||
}
|
||||
|
||||
public function index()
|
||||
{
|
||||
// Get the answer data (for which the "best answer" is selected)
|
||||
|
@ -31,7 +24,7 @@ class AnswerBest extends Base
|
|||
|
||||
// Let's check the access. Only the staff and the author of the post can choose the best answer (without regard to time)
|
||||
// Проверим доступ. Только персонал и автор поста может выбирать лучший ответ (без учета времени)
|
||||
if (Access::author('post', $post, 0) == false) {
|
||||
if ($post['post_user_id'] != UserData::getUserId() && !UserData::checkAdmin()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
@ -84,6 +84,7 @@ return [
|
|||
'edit_time_answer' => 30,
|
||||
'edit_time_comment' => 30,
|
||||
'edit_time_item' => 0,
|
||||
'edit_time_reply' => 0,
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
<div class="list-items__description">
|
||||
<?= Html::facets($item['facet_list'], 'category', 'tag mr15', $sort); ?>
|
||||
|
||||
<?php if (Access::author('item', $item, 30) === true) : ?>
|
||||
<?php if (Access::author('item', $item) === true) : ?>
|
||||
<a href="<?= url('content.edit', ['type' => 'item', 'id' => $item['item_id']]); ?>">
|
||||
<svg class="icons">
|
||||
<use xlink:href="/assets/svg/icons.svg#edit"></use>
|
||||
|
|
|
@ -42,7 +42,7 @@
|
|||
<?= __('web.more'); ?>
|
||||
</a>
|
||||
|
||||
<?php if (Access::author('item', $item, 30) === true) : ?>
|
||||
<?php if (Access::author('item', $item) === true) : ?>
|
||||
<a class="ml10" href="<?= url('content.edit', ['type' => 'item', 'id' => $item['item_id']]); ?>">
|
||||
<svg class="icons">
|
||||
<use xlink:href="/assets/svg/icons.svg#edit"></use>
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
<?php endif; ?>
|
||||
<?= Html::facets($item['facet_list'], 'category', 'tag mr15', 'all'); ?>
|
||||
|
||||
<?php if (Access::author('item', $item, 30) === true) : ?>
|
||||
<?php if (Access::author('item', $item) === true) : ?>
|
||||
<a href="<?= url('content.edit', ['type' => 'item', 'id' => $item['item_id']]); ?>">
|
||||
<svg class="icons">
|
||||
<use xlink:href="/assets/svg/icons.svg#edit"></use>
|
||||
|
|
|
@ -61,7 +61,7 @@
|
|||
</span>
|
||||
<ul class="dropdown">
|
||||
|
||||
<?php if (Access::author('answer', $answer, 30) === true) : ?>
|
||||
<?php if (Access::author('answer', $answer) === true) : ?>
|
||||
<li>
|
||||
<a class="editansw" href="<?= url('content.edit', ['type' => 'answer', 'id' => $answer['answer_id']]); ?>">
|
||||
<svg class="icons">
|
||||
|
@ -178,7 +178,7 @@
|
|||
</span>
|
||||
<ul class="dropdown">
|
||||
|
||||
<?php if (Access::author('comment', $comment, 30) === true) : ?>
|
||||
<?php if (Access::author('comment', $comment) === true) : ?>
|
||||
<li>
|
||||
<a data-post_id="<?= $post['post_id']; ?>" data-comment_id="<?= $comment['comment_id']; ?>" class="editcomm gray-600">
|
||||
<svg class="icons">
|
||||
|
|
|
@ -19,12 +19,23 @@
|
|||
</span>
|
||||
<ul class="dropdown">
|
||||
|
||||
<?php if (Access::author('answer', $answer) === true) : ?>
|
||||
<li>
|
||||
<a class="editansw gray" href="<?= url('content.edit', ['type' => 'answer', 'id' => $answer['answer_id']]); ?>">
|
||||
<svg class="icons">
|
||||
<use xlink:href="/assets/svg/icons.svg#edit"></use>
|
||||
</svg>
|
||||
<?= __('app.edit'); ?>
|
||||
</a>
|
||||
</li>
|
||||
<?php endif; ?>
|
||||
|
||||
<li>
|
||||
<?= Html::favorite($answer['answer_id'], 'answer', $answer['tid'], 'heading'); ?>
|
||||
</li>
|
||||
|
||||
<?php if ($post['amount_content'] > 1) : ?>
|
||||
<?php if (UserData::getUserId() == $answer['answer_user_id'] || UserData::checkAdmin()) : ?>
|
||||
<?php if (UserData::getUserId() == $post['post_user_id'] || UserData::checkAdmin()) : ?>
|
||||
<li>
|
||||
<a id="best_<?= $answer['answer_id']; ?>" data-id="<?= $answer['answer_id']; ?>" class="answer-best">
|
||||
<svg class="icons">
|
||||
|
@ -36,17 +47,6 @@
|
|||
<?php endif; ?>
|
||||
<?php endif; ?>
|
||||
|
||||
<?php if (Access::author('answer', $answer, 30) === true) : ?>
|
||||
<li>
|
||||
<a class="editansw gray" href="<?= url('content.edit', ['type' => 'answer', 'id' => $answer['answer_id']]); ?>">
|
||||
<svg class="icons">
|
||||
<use xlink:href="/assets/svg/icons.svg#edit"></use>
|
||||
</svg>
|
||||
<?= __('app.edit'); ?>
|
||||
</a>
|
||||
</li>
|
||||
<?php endif; ?>
|
||||
|
||||
<?php if (UserData::checkAdmin()) : ?>
|
||||
<li>
|
||||
<a data-type="answer" data-id="<?= $answer['answer_id']; ?>" class="type-action gray-600">
|
||||
|
@ -137,7 +137,7 @@
|
|||
<?php endif; ?>
|
||||
<?php endif; ?>
|
||||
|
||||
<?php if (Access::author('comment', $comment, 30) === true) : ?>
|
||||
<?php if (Access::author('comment', $comment) === true) : ?>
|
||||
<a data-post_id="<?= $post['post_id']; ?>" data-comment_id="<?= $comment['comment_id']; ?>" class="editcomm gray-600 ml5 mr5">
|
||||
<svg class="icons">
|
||||
<use xlink:href="/assets/svg/icons.svg#edit"></use>
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
<?= Html::votes($page, 'post'); ?>
|
||||
<div class="gray-600 italic ml15">
|
||||
<?= $page['post_modified']; ?>
|
||||
<?php if (Access::author('post', $page, 30) === true) : ?>
|
||||
<?php if (Access::author('post', $page) === true) : ?>
|
||||
<a class="gray-600 ml5" title="<?= __('app.edit'); ?>" href="<?= url('content.edit', ['type' => $page['post_type'], 'id' => $page['post_id']]); ?>">
|
||||
<svg class="icons">
|
||||
<use xlink:href="/assets/svg/icons.svg#edit"></use>
|
||||
|
|
|
@ -46,7 +46,7 @@ $facet_view_policy = $blog['facet_view_policy'] ?? null;
|
|||
<?php endif; ?>
|
||||
|
||||
<?php if (UserData::checkActiveUser()) : ?>
|
||||
<?php if (Access::postAuthorAndTeam($post, $blog['facet_user_id'] ?? 0) == true) : ?>
|
||||
<?php if (Access::postAuthorAndTeam($post, $blog['facet_user_id'] ?? 0) == true || $post['post_draft'] == true) : ?>
|
||||
<a class="gray-600 lowercase" href="<?= url('content.edit', ['type' => 'post', 'id' => $post['post_id']]); ?>">
|
||||
<?= __('app.edit'); ?>
|
||||
</a>
|
||||
|
|
Loading…
Reference in a new issue