LoweBowe/libarea
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

FIX: Черновики

Browse source 
См. https://libarea.ru/post/1253/v-chem-smysl-chernovikov
This commit is contained in:
Evg 2023-02-10 20:08:09 +03:00
parent f9cfa4d0a9
commit ae1e2da4ef
17 changed files with 46 additions and 44 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/Controllers/ActionController.php
View file

@ -23,7 +23,7 @@ class ActionController extends Controller
// Access check
// Проверка доступа
$info_type = ActionModel::getInfoTypeContent($content_id, $type);
if (Access::author($type, $info_type, 30) == false) {
if (Access::author($type, $info_type) == false) {
redirect('/');
}

4
app/Controllers/Answer/EditAnswerController.php
View file

@ -21,7 +21,7 @@ class EditAnswerController extends Controller
public function index()
{
$answer = AnswerPresence::index(Request::getInt('id'));
if (Access::author('answer', $answer, config('trust-levels.edit_time_answer')) == false) {
if (Access::author('answer', $answer) == false) {
return false;
}
@ -50,7 +50,7 @@ class EditAnswerController extends Controller
// Access check
$answer = AnswerModel::getAnswerId($answer_id);
if (Access::author('answer', $answer, config('trust-levels.edit_time_answer')) == false) {
if (Access::author('answer', $answer) == false) {
return false;
}

4
app/Controllers/Comment/EditCommentController.php
View file

@ -18,7 +18,7 @@ class EditCommentController extends Controller
// Access verification
// Проверка доступа
$comment = CommentPresence::index(Request::getPostInt('comment_id'));
if (Access::author('comment', $comment, config('trust-levels.edit_time_comment')) == false) {
if (Access::author('comment', $comment) == false) {
return false;
}
@ -38,7 +38,7 @@ class EditCommentController extends Controller
{
// Access verification
$comment = CommentPresence::index(Request::getPostInt('comment_id'));
if (Access::author('comment', $comment, config('trust-levels.edit_time_comment')) == false) {
if (Access::author('comment', $comment) == false) {
redirect('/');
}

4
app/Controllers/Item/EditItemController.php
View file

@ -27,7 +27,7 @@ class EditItemController extends Controller
// Only the site author and staff can edit
// Редактировать может только автор сайта и персонал
if (Access::author('item', $domain, config('trust-levels.edit_time_item')) === false) {
if (Access::author('item', $domain) === false) {
redirect(url('web'));
}
@ -65,7 +65,7 @@ class EditItemController extends Controller
// Only the site author and staff can edit
// Редактировать может только автор сайта и персонал
if (Access::author('item', $item, config('trust-levels.edit_time_item')) === false) {
if (Access::author('item', $item) === false) {
return true;
}

4
app/Controllers/Item/ReplyController.php
View file

@ -21,7 +21,7 @@ class ReplyController extends Controller
$id = Request::getPostInt('id');
$reply = ReplyModel::getId($id);
if (Access::author('item', $reply, 0) === false) {
if (Access::author('reply', $reply) === false) {
return false;
}
@ -50,7 +50,7 @@ class ReplyController extends Controller
// Access verification
$reply = ReplyModel::getId($id);
if (Access::author('item', $reply, 0) === false) {
if (Access::author('reply', $reply)) === false) {
redirect('/');
}

6
app/Controllers/Post/EditPostController.php
View file

@ -160,7 +160,7 @@ class EditPostController extends Controller
{
$post = PostPresence::index(Request::getInt('id'), 'id');
if (Access::author('post', $post, 30) == false) {
if (Access::author('post', $post) == false) {
is_return(__('msg.went_wrong'), 'error');
}
@ -191,11 +191,11 @@ class EditPostController extends Controller
public function checkingEditPermissions($post, $blog)
{
if (empty($blog)) {
if (Access::postAuthorAndTeam($post, $blog[0]['facet_user_id'] ?? 0) == false) {
if (Access::author('post', $post) == false) {
is_return(__('msg.access_denied'), 'error');
}
} else {
if (Access::author('post', $post, config('trust-levels.edit_time_post')) == false) {
if (Access::postAuthorAndTeam($post, $blog[0]['facet_user_id'] ?? 0) == false) {
is_return(__('msg.access_denied'), 'error');
}
}

2
app/Controllers/Post/PostController.php
View file

@ -188,7 +188,7 @@ class PostController extends Controller
// Access check
// Проверка доступа
if (Access::author('post', $post, 0) == false) {
if ($post['post_user_id'] != UserData::getUserId()) {
redirect('/');
}

14
app/Core/Access.php
View file

@ -94,7 +94,7 @@ class Access
*
* Тип контента, массив данных и сколько времени можно редактировать.
*/
public static function author(string $type_content, array $info_type, int $limit_time = 30): bool
public static function author(string $type_content, array $info_type): bool
{
if (UserData::checkAdmin()) {
return true;
@ -125,7 +125,13 @@ class Access
*
* Лимит по времени.
*/
if (self::limiTime($info_type[$type_content . '_date'], $limit_time) === false) {
$time_edit = config('trust-levels.edit_time_' . $type_content);
if ($type_content == 'post') {
$time_edit = $post['post_draft'] == 1 ? 0 : config('trust-levels.edit_time_post');
}
if (self::limiTime($info_type[$type_content . '_date'], $time_edit) === false) {
return false;
}
@ -163,7 +169,9 @@ class Access
*
* Лимит по времени.
*/
if (self::limiTime($info_type['post_date'], config('trust-levels.edit_time_post')) === false) {
$time_edit = $info_type['post_draft'] == 1 ? 0 : config('trust-levels.edit_time_post');
if (self::limiTime($info_type['post_date'], $time_edit) === false) {
return false;
}

9
app/Services/AnswerBest.php
View file

@ -12,13 +12,6 @@ use UserData, Access;
class AnswerBest extends Base
{
protected $user;
public function __construct()
{
$this->user = UserData::get();
}
public function index()
{
// Get the answer data (for which the "best answer" is selected)
@ -31,7 +24,7 @@ class AnswerBest extends Base
// Let's check the access. Only the staff and the author of the post can choose the best answer (without regard to time)
// Проверим доступ. Только персонал и автор поста может выбирать лучший ответ (без учета времени)
if (Access::author('post', $post, 0) == false) {
if ($post['post_user_id'] != UserData::getUserId() && !UserData::checkAdmin()) {
return false;
}

1
config/trust-levels.php
View file

@ -84,6 +84,7 @@ return [
'edit_time_answer' => 30,
'edit_time_comment' => 30,
'edit_time_item' => 0,
'edit_time_reply' => 0,
/*
|--------------------------------------------------------------------------

2
resources/views/default/content/item/item-card.php
View file

@ -15,7 +15,7 @@
<div class="list-items__description">
<?= Html::facets($item['facet_list'], 'category', 'tag mr15', $sort); ?>
<?php if (Access::author('item', $item, 30) === true) : ?>
<?php if (Access::author('item', $item) === true) : ?>
<a href="<?= url('content.edit', ['type' => 'item', 'id' => $item['item_id']]); ?>">
<svg class="icons">
<use xlink:href="/assets/svg/icons.svg#edit"></use>

2
resources/views/default/content/item/item-classic.php
View file

@ -42,7 +42,7 @@
<?= __('web.more'); ?>
</a>
<?php if (Access::author('item', $item, 30) === true) : ?>
<?php if (Access::author('item', $item) === true) : ?>
<a class="ml10" href="<?= url('content.edit', ['type' => 'item', 'id' => $item['item_id']]); ?>">
<svg class="icons">
<use xlink:href="/assets/svg/icons.svg#edit"></use>

2
resources/views/default/content/item/user-sites.php
View file

@ -24,7 +24,7 @@
<?php endif; ?>
<?= Html::facets($item['facet_list'], 'category', 'tag mr15', 'all'); ?>
<?php if (Access::author('item', $item, 30) === true) : ?>
<?php if (Access::author('item', $item) === true) : ?>
<a href="<?= url('content.edit', ['type' => 'item', 'id' => $item['item_id']]); ?>">
<svg class="icons">
<use xlink:href="/assets/svg/icons.svg#edit"></use>

4
resources/views/default/content/post/format-discussion.php
View file

@ -61,7 +61,7 @@
</span>
<ul class="dropdown">
<?php if (Access::author('answer', $answer, 30) === true) : ?>
<?php if (Access::author('answer', $answer) === true) : ?>
<li>
<a class="editansw" href="<?= url('content.edit', ['type' => 'answer', 'id' => $answer['answer_id']]); ?>">
<svg class="icons">
@ -178,7 +178,7 @@
</span>
<ul class="dropdown">
<?php if (Access::author('comment', $comment, 30) === true) : ?>
<?php if (Access::author('comment', $comment) === true) : ?>
<li>
<a data-post_id="<?= $post['post_id']; ?>" data-comment_id="<?= $comment['comment_id']; ?>" class="editcomm gray-600">
<svg class="icons">

26
resources/views/default/content/post/format-qa.php
View file

@ -19,12 +19,23 @@
</span>
<ul class="dropdown">
<?php if (Access::author('answer', $answer) === true) : ?>
<li>
<a class="editansw gray" href="<?= url('content.edit', ['type' => 'answer', 'id' => $answer['answer_id']]); ?>">
<svg class="icons">
<use xlink:href="/assets/svg/icons.svg#edit"></use>
</svg>
<?= __('app.edit'); ?>
</a>
</li>
<?php endif; ?>
<li>
<?= Html::favorite($answer['answer_id'], 'answer', $answer['tid'], 'heading'); ?>
</li>
<?php if ($post['amount_content'] > 1) : ?>
<?php if (UserData::getUserId() == $answer['answer_user_id'] || UserData::checkAdmin()) : ?>
<?php if (UserData::getUserId() == $post['post_user_id'] || UserData::checkAdmin()) : ?>
<li>
<a id="best_<?= $answer['answer_id']; ?>" data-id="<?= $answer['answer_id']; ?>" class="answer-best">
<svg class="icons">
@ -36,17 +47,6 @@
<?php endif; ?>
<?php endif; ?>
<?php if (Access::author('answer', $answer, 30) === true) : ?>
<li>
<a class="editansw gray" href="<?= url('content.edit', ['type' => 'answer', 'id' => $answer['answer_id']]); ?>">
<svg class="icons">
<use xlink:href="/assets/svg/icons.svg#edit"></use>
</svg>
<?= __('app.edit'); ?>
</a>
</li>
<?php endif; ?>
<?php if (UserData::checkAdmin()) : ?>
<li>
<a data-type="answer" data-id="<?= $answer['answer_id']; ?>" class="type-action gray-600">
@ -137,7 +137,7 @@
<?php endif; ?>
<?php endif; ?>
<?php if (Access::author('comment', $comment, 30) === true) : ?>
<?php if (Access::author('comment', $comment) === true) : ?>
<a data-post_id="<?= $post['post_id']; ?>" data-comment_id="<?= $comment['comment_id']; ?>" class="editcomm gray-600 ml5 mr5">
<svg class="icons">
<use xlink:href="/assets/svg/icons.svg#edit"></use>

2
resources/views/default/content/post/page-view.php
View file

@ -18,7 +18,7 @@
<?= Html::votes($page, 'post'); ?>
<div class="gray-600 italic ml15">
<?= $page['post_modified']; ?>
<?php if (Access::author('post', $page, 30) === true) : ?>
<?php if (Access::author('post', $page) === true) : ?>
<a class="gray-600 ml5" title="<?= __('app.edit'); ?>" href="<?= url('content.edit', ['type' => $page['post_type'], 'id' => $page['post_id']]); ?>">
<svg class="icons">
<use xlink:href="/assets/svg/icons.svg#edit"></use>

2
resources/views/default/content/post/post-view.php
View file

@ -46,7 +46,7 @@ $facet_view_policy = $blog['facet_view_policy'] ?? null;
<?php endif; ?>
<?php if (UserData::checkActiveUser()) : ?>
<?php if (Access::postAuthorAndTeam($post, $blog['facet_user_id'] ?? 0) == true) : ?>
<?php if (Access::postAuthorAndTeam($post, $blog['facet_user_id'] ?? 0) == true || $post['post_draft'] == true) : ?>
<a class="gray-600 lowercase" href="<?= url('content.edit', ['type' => 'post', 'id' => $post['post_id']]); ?>">
<?= __('app.edit'); ?>
</a>