Removed permissions stuff from the User object.

This commit is contained in:
flash 2023-07-29 18:15:30 +00:00
parent a89d8d26f4
commit 0158333c90
7 changed files with 45 additions and 52 deletions

View file

@ -31,7 +31,7 @@ if($msz->hasActiveBan()) {
$comments = $msz->getComments(); $comments = $msz->getComments();
$commentPerms = $currentUserInfo->commentPerms(); $commentPerms = perms_for_comments($currentUserInfo->getId());
$commentId = (string)filter_input(INPUT_GET, 'c', FILTER_SANITIZE_NUMBER_INT); $commentId = (string)filter_input(INPUT_GET, 'c', FILTER_SANITIZE_NUMBER_INT);
$commentMode = (string)filter_input(INPUT_GET, 'm'); $commentMode = (string)filter_input(INPUT_GET, 'm');

View file

@ -168,6 +168,11 @@ $hasManageAccess = User::hasCurrent()
&& perms_check_user(MSZ_PERMS_GENERAL, User::getCurrent()->getId(), MSZ_PERM_GENERAL_CAN_MANAGE); && perms_check_user(MSZ_PERMS_GENERAL, User::getCurrent()->getId(), MSZ_PERM_GENERAL_CAN_MANAGE);
Template::set('has_manage_access', $hasManageAccess); Template::set('has_manage_access', $hasManageAccess);
$canViewForumLeaderboard = User::hasCurrent()
&& !$msz->hasActiveBan()
&& perms_check_user(MSZ_PERMS_GENERAL, User::getCurrent()->getId(), MSZ_PERM_FORUM_VIEW_LEADERBOARD);
Template::set('can_view_forum_leaderboard', $canViewForumLeaderboard);
if($inManageMode) { if($inManageMode) {
if(!$hasManageAccess) { if(!$hasManageAccess) {
echo render_error(403); echo render_error(403);

View file

@ -19,7 +19,9 @@ class CommentsEx {
if(is_string($category)) if(is_string($category))
$category = $this->comments->ensureCategory($category); $category = $this->comments->ensureCategory($category);
$info->user = User::getCurrent(); $hasUser = User::hasCurrent();
$info->user = $hasUser ? User::getCurrent() : null;
$info->perms = $hasUser ? perms_for_comments($info->user->getId()) : [];
$info->category = $category; $info->category = $category;
$info->posts = []; $info->posts = [];

View file

@ -314,28 +314,6 @@ class User {
->execute(); ->execute();
} }
// TODO: Is this the proper location/implementation for this? (no)
private $commentPermsArray = null;
public function commentPerms(): array {
if($this->commentPermsArray === null)
$this->commentPermsArray = perms_check_user_bulk(MSZ_PERMS_COMMENTS, $this->getId(), [
'can_comment' => MSZ_PERM_COMMENTS_CREATE,
'can_delete' => MSZ_PERM_COMMENTS_DELETE_OWN | MSZ_PERM_COMMENTS_DELETE_ANY,
'can_delete_any' => MSZ_PERM_COMMENTS_DELETE_ANY,
'can_pin' => MSZ_PERM_COMMENTS_PIN,
'can_lock' => MSZ_PERM_COMMENTS_LOCK,
'can_vote' => MSZ_PERM_COMMENTS_VOTE,
]);
return $this->commentPermsArray;
}
private $legacyPerms = null;
public function getLegacyPerms(): array {
if($this->legacyPerms === null)
$this->legacyPerms = perms_get_user($this->getId());
return $this->legacyPerms;
}
/************ /************
* PASSWORD * * PASSWORD *
************/ ************/

View file

@ -261,3 +261,14 @@ function perms_check_user_bulk(string $prefix, ?int $userId, array $set, bool $s
$perms = perms_get_user($userId)[$prefix] ?? 0; $perms = perms_get_user($userId)[$prefix] ?? 0;
return perms_check_bulk($perms, $set, $strict); return perms_check_bulk($perms, $set, $strict);
} }
function perms_for_comments(string|int $userId): array {
return perms_check_user_bulk(MSZ_PERMS_COMMENTS, (int)$userId, [
'can_comment' => MSZ_PERM_COMMENTS_CREATE,
'can_delete' => MSZ_PERM_COMMENTS_DELETE_OWN | MSZ_PERM_COMMENTS_DELETE_ANY,
'can_delete_any' => MSZ_PERM_COMMENTS_DELETE_ANY,
'can_pin' => MSZ_PERM_COMMENTS_PIN,
'can_lock' => MSZ_PERM_COMMENTS_LOCK,
'can_vote' => MSZ_PERM_COMMENTS_VOTE,
]);
}

View file

@ -1,4 +1,4 @@
{% macro comments_input(category, user, reply_to) %} {% macro comments_input(category, user, perms, reply_to) %}
{% set reply_mode = reply_to is not null %} {% set reply_mode = reply_to is not null %}
{% from 'macros.twig' import avatar %} {% from 'macros.twig' import avatar %}
@ -24,10 +24,10 @@
name="comment[text]" placeholder="Share your extensive insights..."></textarea> name="comment[text]" placeholder="Share your extensive insights..."></textarea>
<div class="comment__actions"> <div class="comment__actions">
{% if not reply_mode %} {% if not reply_mode %}
{% if user.commentPerms.can_pin|default(false) %} {% if perms.can_pin|default(false) %}
{{ input_checkbox('comment[pin]', 'Pin this comment', false, 'comment__action') }} {{ input_checkbox('comment[pin]', 'Pin this comment', false, 'comment__action') }}
{% endif %} {% endif %}
{% if user.commentPerms.can_lock|default(false) %} {% if perms.can_lock|default(false) %}
{{ input_checkbox('comment[lock]', 'Toggle locked status', false, 'comment__action') }} {{ input_checkbox('comment[lock]', 'Toggle locked status', false, 'comment__action') }}
{% endif %} {% endif %}
{% endif %} {% endif %}
@ -40,7 +40,7 @@
</form> </form>
{% endmacro %} {% endmacro %}
{% macro comments_entry(comment, indent, category, user) %} {% macro comments_entry(comment, indent, category, user, perms) %}
{% from 'macros.twig' import avatar %} {% from 'macros.twig' import avatar %}
{% from '_layout/input.twig' import input_checkbox_raw %} {% from '_layout/input.twig' import input_checkbox_raw %}
@ -61,9 +61,9 @@
{% set isReply = comment.hasParent %} {% set isReply = comment.hasParent %}
{% endif %} {% endif %}
{% set hide_details = poster is null or comment.deleted and not user.commentPerms.can_delete_any|default(false) %} {% set hide_details = poster is null or comment.deleted and not perms.can_delete_any|default(false) %}
{% if user.commentPerms.can_delete_any|default(false) or (not comment.deleted or replies|length > 0) %} {% if perms.can_delete_any|default(false) or (not comment.deleted or replies|length > 0) %}
<div class="comment{% if comment.deleted %} comment--deleted{% endif %}" id="comment-{{ comment.id }}"> <div class="comment{% if comment.deleted %} comment--deleted{% endif %}" id="comment-{{ comment.id }}">
<div class="comment__container"> <div class="comment__container">
{% if hide_details %} {% if hide_details %}
@ -106,7 +106,7 @@
</div> </div>
<div class="comment__actions"> <div class="comment__actions">
{% if not comment.deleted and user is not null %} {% if not comment.deleted and user is not null %}
{% if user.commentPerms.can_vote|default(false) %} {% if perms.can_vote|default(false) %}
{% set like_vote_state = userVote > 0 ? 0 : 1 %} {% set like_vote_state = userVote > 0 ? 0 : 1 %}
{% set dislike_vote_state = userVote < 0 ? 0 : -1 %} {% set dislike_vote_state = userVote < 0 ? 0 : -1 %}
@ -125,19 +125,19 @@
{% endif %} {% endif %}
</a> </a>
{% endif %} {% endif %}
{% if user.commentPerms.can_comment|default(false) %} {% if perms.can_comment|default(false) %}
<label class="comment__action comment__action--link" for="comment-reply-toggle-{{ comment.id }}">Reply</label> <label class="comment__action comment__action--link" for="comment-reply-toggle-{{ comment.id }}">Reply</label>
{% endif %} {% endif %}
{% if user.commentPerms.can_delete_any|default(false) or (poster.id|default(0) == user.id and user.commentPerms.can_delete|default(false)) %} {% if perms.can_delete_any|default(false) or (poster.id|default(0) == user.id and perms.can_delete|default(false)) %}
<a class="comment__action comment__action--link comment__action--hide comment__action--delete" data-comment-id="{{ comment.id }}" href="{{ url('comment-delete', {'comment':comment.id}) }}">Delete</a> <a class="comment__action comment__action--link comment__action--hide comment__action--delete" data-comment-id="{{ comment.id }}" href="{{ url('comment-delete', {'comment':comment.id}) }}">Delete</a>
{% endif %} {% endif %}
{# if user is not null %} {# if user is not null %}
<a class="comment__action comment__action--link comment__action--hide" href="#">Report</a> <a class="comment__action comment__action--link comment__action--hide" href="#">Report</a>
{% endif #} {% endif #}
{% if not isReply and user.commentPerms.can_pin|default(false) %} {% if not isReply and perms.can_pin|default(false) %}
<a class="comment__action comment__action--link comment__action--hide comment__action--pin" data-comment-id="{{ comment.id }}" data-comment-pinned="{{ comment.pinned ? '1' : '0' }}" href="{{ url('comment-' ~ (comment.pinned ? 'unpin' : 'pin'), {'comment':comment.id}) }}">{{ comment.pinned ? 'Unpin' : 'Pin' }}</a> <a class="comment__action comment__action--link comment__action--hide comment__action--pin" data-comment-id="{{ comment.id }}" data-comment-pinned="{{ comment.pinned ? '1' : '0' }}" href="{{ url('comment-' ~ (comment.pinned ? 'unpin' : 'pin'), {'comment':comment.id}) }}">{{ comment.pinned ? 'Unpin' : 'Pin' }}</a>
{% endif %} {% endif %}
{% elseif user.commentPerms.can_delete_any|default(false) %} {% elseif perms.can_delete_any|default(false) %}
<a class="comment__action comment__action--link comment__action--restore" data-comment-id="{{ comment.id }}" href="{{ url('comment-restore', {'comment':comment.id}) }}">Restore</a> <a class="comment__action comment__action--link comment__action--restore" data-comment-id="{{ comment.id }}" href="{{ url('comment-restore', {'comment':comment.id}) }}">Restore</a>
{% endif %} {% endif %}
</div> </div>
@ -146,13 +146,13 @@
<div class="comment__replies comment__replies--indent-{{ indent }}" id="comment-{{ comment.id }}-replies"> <div class="comment__replies comment__replies--indent-{{ indent }}" id="comment-{{ comment.id }}-replies">
{% from _self import comments_entry, comments_input %} {% from _self import comments_entry, comments_input %}
{% if user|default(null) is not null and category|default(null) is not null and user.commentPerms.can_comment|default(false) %} {% if user|default(null) is not null and category|default(null) is not null and perms.can_comment|default(false) %}
{{ input_checkbox_raw('', false, 'comment__reply-toggle', '', false, {'id':'comment-reply-toggle-' ~ comment.id}) }} {{ input_checkbox_raw('', false, 'comment__reply-toggle', '', false, {'id':'comment-reply-toggle-' ~ comment.id}) }}
{{ comments_input(category, user, comment) }} {{ comments_input(category, user, perms, comment) }}
{% endif %} {% endif %}
{% if replies|length > 0 %} {% if replies|length > 0 %}
{% for reply in replies %} {% for reply in replies %}
{{ comments_entry(reply, indent + 1, category, user) }} {{ comments_entry(reply, indent + 1, category, user, perms) }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
</div> </div>
@ -160,14 +160,11 @@
{% endif %} {% endif %}
{% endmacro %} {% endmacro %}
{% macro comments_section(category, user) %} {% macro comments_section(category) %}
{% if category.category is defined %}
{% set user = category.user %} {% set user = category.user %}
{% set posts = category.posts %} {% set posts = category.posts %}
{% set perms = category.perms %}
{% set category = category.category %} {% set category = category.category %}
{% else %}
{% set posts = category.posts %}
{% endif %}
<div class="comments" id="comments"> <div class="comments" id="comments">
<div class="comments__input"> <div class="comments__input">
@ -179,21 +176,21 @@
<div class="comments__notice"> <div class="comments__notice">
Posting new comments here is disabled. Posting new comments here is disabled.
</div> </div>
{% elseif not user.commentPerms.can_lock|default(false) and category.locked %} {% elseif not perms.can_lock|default(false) and category.locked %}
<div class="comments__notice"> <div class="comments__notice">
This comment section was locked, <time datetime="{{ category.lockedTime|date('c') }}" title="{{ category.lockedTime|date('r') }}">{{ category.lockedTime|time_format }}</time>. This comment section was locked, <time datetime="{{ category.lockedTime|date('c') }}" title="{{ category.lockedTime|date('r') }}">{{ category.lockedTime|time_format }}</time>.
</div> </div>
{% elseif not user.commentPerms.can_comment|default(false) %} {% elseif not perms.can_comment|default(false) %}
<div class="comments__notice"> <div class="comments__notice">
You are not allowed to post comments. You are not allowed to post comments.
</div> </div>
{% else %} {% else %}
{% from _self import comments_input %} {% from _self import comments_input %}
{{ comments_input(category, user) }} {{ comments_input(category, user, perms) }}
{% endif %} {% endif %}
</div> </div>
{% if user.commentPerms.can_lock|default(false) and category.locked %} {% if perms.can_lock|default(false) and category.locked %}
<div class="comments__notice comments__notice--staff"> <div class="comments__notice comments__notice--staff">
This comment section was locked, <time datetime="{{ category.lockedTime|date('c') }}" title="{{ category.lockedTime|date('r') }}">{{ category.lockedTime|time_format }}</time>. This comment section was locked, <time datetime="{{ category.lockedTime|date('c') }}" title="{{ category.lockedTime|date('r') }}">{{ category.lockedTime|time_format }}</time>.
</div> </div>
@ -209,7 +206,7 @@
{% if posts|length > 0 %} {% if posts|length > 0 %}
{% from _self import comments_entry %} {% from _self import comments_entry %}
{% for comment in posts %} {% for comment in posts %}
{{ comments_entry(comment, 1, category, user) }} {{ comments_entry(comment, 1, category, user, perms) }}
{% endfor %} {% endfor %}
{% else %} {% else %}
<div class="comments__none" id="_no_comments_notice_{{ category.id }}"> <div class="comments__none" id="_no_comments_notice_{{ category.id }}">

View file

@ -61,7 +61,7 @@
{ {
'title': 'Leaderboard', 'title': 'Leaderboard',
'url': url('forum-leaderboard'), 'url': url('forum-leaderboard'),
'display': current_user.legacyPerms.forum|default(0)|perms_check(constant('MSZ_PERM_FORUM_VIEW_LEADERBOARD')), 'display': can_view_forum_leaderboard,
}, },
], ],
}, },