From 8b6bb48231b2d3ecb7d632f3dc8c744cd9c39723 Mon Sep 17 00:00:00 2001 From: flashwave Date: Tue, 1 Nov 2016 22:14:02 +0100 Subject: [PATCH] some permission stuff (forum remaining) --- app/Console/Command/SetupCommand.php | 147 +++++++++++---- app/Controllers/AuthController.php | 9 +- app/Controllers/ChatController.php | 16 +- app/Controllers/CommentsController.php | 7 +- app/Controllers/FileController.php | 17 +- app/Controllers/FriendsController.php | 7 +- app/Controllers/NotificationsController.php | 4 +- app/Controllers/PremiumController.php | 6 +- .../Settings/AccountController.php | 26 +-- .../Settings/AdvancedController.php | 8 +- app/Controllers/Settings/Controller.php | 27 +-- .../Settings/FriendsController.php | 7 +- app/Controllers/UserController.php | 4 +- app/CurrentSession.php | 4 +- app/Forum/Forum.php | 32 ++-- app/Forum/ForumPerms.php | 46 +++++ app/Perms.php | 10 -- app/Perms/Manage.php | 30 ---- app/Perms/Site.php | 170 ------------------ app/Rank.php | 6 +- app/User.php | 13 +- app/UserPerms.php | 43 +++++ ...6_11_23_152450_restructure_permissions.php | 66 +++---- resources/views/yuuno/forum/topic.twig | 8 +- resources/views/yuuno/master.twig | 8 +- resources/views/yuuno/premium/index.twig | 10 +- .../views/yuuno/settings/account/details.twig | 20 +-- resources/views/yuuno/user/profile.twig | 19 +- utility.php | 6 + 29 files changed, 330 insertions(+), 446 deletions(-) create mode 100644 app/Forum/ForumPerms.php delete mode 100644 app/Perms/Manage.php delete mode 100644 app/Perms/Site.php create mode 100644 app/UserPerms.php diff --git a/app/Console/Command/SetupCommand.php b/app/Console/Command/SetupCommand.php index 929f9ad..867610f 100644 --- a/app/Console/Command/SetupCommand.php +++ b/app/Console/Command/SetupCommand.php @@ -112,48 +112,82 @@ class SetupCommand extends Command DB::table('ranks')->insert($rank); } - // Permission data (alumni doesn't have special privs) - $permissions = [ - [ - 'rank_id' => config('rank.inactive'), - 'permissions_site' => '00000000000000000000000000000001', - 'permissions_manage' => '000', - ], + // Permission data + $perms = [ [ 'rank_id' => config('rank.regular'), - 'permissions_site' => '11110000111111111100111101101100', - 'permissions_manage' => '000', + 'perm_change_profile' => true, + 'perm_change_avatar' => true, + 'perm_change_userpage' => true, + 'perm_change_signature' => true, + 'perm_deactivate_account' => true, + 'perm_view_user_links' => true, + 'perm_manage_ranks' => true, + 'perm_manage_friends' => true, + 'perm_comments_create' => true, + 'perm_comments_edit' => true, + 'perm_comments_delete' => true, + 'perm_comments_vote' => true, ], [ 'rank_id' => config('rank.mod'), - 'permissions_site' => '11110001111111111111111111111100', - 'permissions_manage' => '111', + 'perm_change_background' => true, + 'perm_change_header' => true, + 'perm_change_username' => true, + 'perm_change_user_title' => true, + 'perm_view_user_details' => true, + 'perm_is_mod' => true, + 'perm_can_restrict' => true, + 'perm_manage_profile_images' => true, ], [ 'rank_id' => config('rank.admin'), - 'permissions_site' => '11110111111111111111111111111100', - 'permissions_manage' => '111', - ], - [ - 'rank_id' => config('rank.bot'), - 'permissions_site' => '11110000111111111100111101101100', - 'permissions_manage' => '000', + 'perm_change_background' => true, + 'perm_change_header' => true, + 'perm_change_username' => true, + 'perm_change_user_title' => true, + 'perm_view_user_details' => true, + 'perm_is_mod' => true, + 'perm_is_admin' => true, + 'perm_can_restrict' => true, + 'perm_manage_profile_images' => true, ], [ 'rank_id' => config('rank.premium'), - 'permissions_site' => '11110001111111111111111111111100', - 'permissions_manage' => '000', + 'perm_change_background' => true, + 'perm_change_header' => true, + 'perm_change_username' => true, + 'perm_change_user_title' => true, ], [ 'rank_id' => config('rank.banned'), - 'permissions_site' => '11110000000011010100101000100010', - 'permissions_manage' => '000', + 'perm_change_profile' => false, + 'perm_change_avatar' => false, + 'perm_change_background' => false, + 'perm_change_header' => false, + 'perm_change_userpage' => false, + 'perm_change_signature' => false, + 'perm_change_username' => false, + 'perm_change_user_title' => false, + 'perm_deactivate_account' => false, + 'perm_view_user_links' => false, + 'perm_view_user_details' => false, + 'perm_manage_ranks' => false, + 'perm_manage_friends' => false, + 'perm_comments_create' => false, + 'perm_comments_edit' => false, + 'perm_comments_delete' => false, + 'perm_comments_vote' => false, + 'perm_is_mod' => false, + 'perm_is_admin' => false, + 'perm_can_restrict' => false, + 'perm_manage_profile_images' => false, ], ]; - // Insert all the permission strings into the database - foreach ($permissions as $perm) { - DB::table('permissions')->insert($perm); + // Insert all the permissions into the database + foreach ($perms as $perm) { + DB::table('perms')->insert($perm); } // Forum data @@ -194,58 +228,93 @@ class SetupCommand extends Command [ 'forum_id' => 1, 'rank_id' => config('rank.inactive'), - 'forum_perms' => '00000000001', + 'perm_view' => true, ], [ 'forum_id' => 3, 'rank_id' => config('rank.inactive'), - 'forum_perms' => '00000000000', + 'perm_view' => false, ], [ 'forum_id' => 1, 'rank_id' => config('rank.regular'), 'forum_perms' => '00000011111', + 'perm_view' => true, + 'perm_reply' => true, + 'perm_topic_create' => true, + 'perm_edit' => true, + 'perm_delete' => true, ], [ 'forum_id' => 3, 'rank_id' => config('rank.regular'), - 'forum_perms' => '00000000000', + 'perm_view' => false, ], [ 'forum_id' => 1, 'rank_id' => config('rank.mod'), - 'forum_perms' => '11111111111', + 'perm_topic_delete' => true, + 'perm_topic_move' => true, + 'perm_edit_any' => true, + 'perm_delete_any' => true, + 'perm_change_type' => true, + 'perm_change_status' => true, ], [ 'forum_id' => 3, 'rank_id' => config('rank.mod'), - 'forum_perms' => '00000111111', + 'perm_topic_delete' => true, + 'perm_topic_move' => true, + 'perm_edit_any' => true, + 'perm_delete_any' => true, + 'perm_change_type' => true, ], [ - 'forum_id' => 1, + 'forum_id' => 0, 'rank_id' => config('rank.admin'), - 'forum_perms' => '11111111111', + 'perm_view' => true, + 'perm_reply' => true, + 'perm_topic_create' => true, + 'perm_topic_delete' => true, + 'perm_topic_move' => true, + 'perm_edit' => true, + 'perm_edit_any' => true, + 'perm_delete' => true, + 'perm_delete_any' => true, + 'perm_bypass_rules' => true, + 'perm_change_type' => true, + 'perm_change_status' => true, ], [ - 'forum_id' => 3, - 'rank_id' => config('rank.admin'), - 'forum_perms' => '11111111111', + 'forum_id' => 0, + 'rank_id' => config('rank.banned'), + 'perm_reply' => false, + 'perm_topic_create' => false, + 'perm_topic_delete' => false, + 'perm_topic_move' => false, + 'perm_edit' => false, + 'perm_edit_any' => false, + 'perm_delete' => false, + 'perm_delete_any' => false, + 'perm_bypass_rules' => false, + 'perm_change_type' => false, + 'perm_change_status' => false, ], [ 'forum_id' => 1, 'rank_id' => config('rank.banned'), - 'forum_perms' => '00000000001', + 'perm_view' => true, ], [ 'forum_id' => 3, 'rank_id' => config('rank.banned'), - 'forum_perms' => '00000000000', + 'perm_view' => false, ], ]; // Insert all the forum permissions into the database foreach ($forum_perms as $fperm) { - DB::table('forum_permissions')->insert($fperm); + DB::table('forum_perms')->insert($fperm); } // Bot user @@ -259,6 +328,8 @@ class SetupCommand extends Command 'user_registered' => time(), 'user_last_online' => 0, 'user_country' => 'JP', + 'user_activated' => true, + 'user_verified' => true, ]); // Create the actual user object diff --git a/app/Controllers/AuthController.php b/app/Controllers/AuthController.php index 4b749ec..aaf4d20 100644 --- a/app/Controllers/AuthController.php +++ b/app/Controllers/AuthController.php @@ -11,7 +11,6 @@ use Sakura\Config; use Sakura\CurrentSession; use Sakura\DB; use Sakura\Net; -use Sakura\Perms\Site; use Sakura\User; /** @@ -107,7 +106,7 @@ class AuthController extends Controller } // Check if the user has the required privs to log in - if ($user->permission(Site::DEACTIVATED)) { + if (!$user->activated) { $this->touchRateLimit($user->id); $message = 'Your account is deactivated, activate it first!'; $redirect = route('auth.reactivate'); @@ -284,7 +283,7 @@ class AuthController extends Controller } // Check if the user is already active - if (!$user->permission(Site::DEACTIVATED)) { + if (!$user->activated) { $message = "Your account is already activated! Why are you here?"; return view('global/information', compact('message', 'redirect')); } @@ -345,7 +344,7 @@ class AuthController extends Controller $user = User::construct($getUser[0]->user_id); // Check if a user is activated - if (!$user->permission(Site::DEACTIVATED)) { + if (!$user->activated) { $message = "Your account is already activated! Why are you here?"; return view('global/information', compact('message', 'redirect')); } @@ -389,7 +388,7 @@ class AuthController extends Controller } // Check if the user is active - if ($user->permission(Site::DEACTIVATED)) { + if (!$user->activated) { $message = "Your account is deactivated, go activate it first..."; return view('global/information', compact('message', 'redirect')); } diff --git a/app/Controllers/ChatController.php b/app/Controllers/ChatController.php index 3ab8c90..105b6c0 100644 --- a/app/Controllers/ChatController.php +++ b/app/Controllers/ChatController.php @@ -10,9 +10,6 @@ use Sakura\Chat\LinkInfo; use Sakura\Chat\Settings; use Sakura\Chat\URLResolver; use Sakura\DB; -use Sakura\Perms; -use Sakura\Perms\Manage; -use Sakura\Perms\Site; use Sakura\Session; use Sakura\User; @@ -111,13 +108,14 @@ class ChatController extends Controller $session = new Session($_GET['arg2'] ?? null); if ($session->validate($user->id) - && !$user->permission(Site::DEACTIVATED) - && !$user->permission(Site::RESTRICTED)) { + && !$user->activated + && $user->verified + && !$user->restricted) { $hierarchy = $user->hierarchy(); - $moderator = $user->permission(Manage::USE_MANAGE, Perms::MANAGE) ? 1 : 0; - $changeName = $user->permission(Site::CHANGE_USERNAME) ? 1 : 0; - $createChans = $user->permission(Site::MULTIPLE_GROUPS) ? 2 : ( - $user->permission(Site::CREATE_GROUP) ? 1 : 0 + $moderator = $user->perms->isMod || $user->perms->isAdmin ? 1 : 0; + $changeName = $user->perms->changeUsername ? 1 : 0; + $createChans = $user->perms->isAdmin ? 2 : ( + $user->perms->isMod ? 1 : 0 ); // The single 0 in here is used to determine log access, which isn't supported by sakurako anymore since it diff --git a/app/Controllers/CommentsController.php b/app/Controllers/CommentsController.php index 6566977..5c28d52 100644 --- a/app/Controllers/CommentsController.php +++ b/app/Controllers/CommentsController.php @@ -9,7 +9,6 @@ namespace Sakura\Controllers; use Sakura\Comment; use Sakura\Config; use Sakura\CurrentSession; -use Sakura\Perms\Site; /** * Handles comment stuff. @@ -33,7 +32,7 @@ class CommentsController extends Controller } // Check if the user can comment - if (!CurrentSession::$user->permission(Site::CREATE_COMMENTS)) { + if (!CurrentSession::$user->perms->commentsCreate) { $error = "You aren't allowed to make comments!"; return $this->json(compact('error')); } @@ -74,7 +73,7 @@ class CommentsController extends Controller public function delete($id = 0) { // Check if the user can delete comments - if (!CurrentSession::$user->permission(Site::DELETE_COMMENTS)) { + if (!CurrentSession::$user->perms->commentsDelete) { $error = "You aren't allowed to delete comments!"; return $this->json(compact('error')); } @@ -109,7 +108,7 @@ class CommentsController extends Controller $vote = $vote != 0; // Check if the user can delete comments - if (!CurrentSession::$user->permission(Site::VOTE_COMMENTS)) { + if (!CurrentSession::$user->perms->commentsVote) { $error = "You aren't allowed to vote on comments!"; return $this->json(compact('error')); } diff --git a/app/Controllers/FileController.php b/app/Controllers/FileController.php index 1ff1940..2d45912 100644 --- a/app/Controllers/FileController.php +++ b/app/Controllers/FileController.php @@ -13,9 +13,6 @@ use Sakura\CurrentSession; use Sakura\DB; use Sakura\Exceptions\FileException; use Sakura\File; -use Sakura\Perms; -use Sakura\Perms\Manage; -use Sakura\Perms\Site; use Sakura\Template; use Sakura\User; @@ -163,11 +160,13 @@ class FileController extends Controller $user = User::construct($params[0] ?? 0); if (session_check()) { - if (!CurrentSession::$user->permission(Manage::CHANGE_IMAGES, Perms::MANAGE) + $perm_var = "change" . ucfirst(strtolower($method)); + + if (!CurrentSession::$user->perms->manageProfileImages && ($user->id !== CurrentSession::$user->id - || !$user->permission(constant("Sakura\Perms\Site::CHANGE_" . strtoupper($method))) - || $user->permission(Site::DEACTIVATED) - || $user->permission(Site::RESTRICTED)) + || !$user->perms->{$perm_var} + || !$user->activated + || $user->restricted) ) { throw new HttpMethodNotAllowedException; } @@ -199,8 +198,8 @@ class FileController extends Controller 'mime' => getimagesizefromstring($noFile)['mime'], ]; - if ($user->permission(Site::DEACTIVATED) - || $user->permission(Site::RESTRICTED) + if (!$user->activated + || $user->restricted || !$user->{$method}) { return $this->serve($none['data'], $none['mime'], $none['name']); } diff --git a/app/Controllers/FriendsController.php b/app/Controllers/FriendsController.php index 12b4a7e..e7f5064 100644 --- a/app/Controllers/FriendsController.php +++ b/app/Controllers/FriendsController.php @@ -8,7 +8,6 @@ namespace Sakura\Controllers; use Sakura\CurrentSession; use Sakura\Notification; -use Sakura\Perms\Site; use Sakura\User; /** @@ -57,8 +56,7 @@ class FriendsController extends Controller $friend = User::construct($id); - if ($friend->permission(Site::DEACTIVATED) - || $user->permission(Site::DEACTIVATED)) { + if (!$friend->activated || !$user->activated) { $error = "The user you tried to add does not exist!"; return $this->json(compact('error')); } @@ -119,8 +117,7 @@ class FriendsController extends Controller $friend = User::construct($id); - if ($friend->permission(Site::DEACTIVATED) - || $user->permission(Site::DEACTIVATED)) { + if (!$friend->activated || !$user->activated) { $error = "The user you tried to remove does not exist!"; return $this->json(compact('error')); } diff --git a/app/Controllers/NotificationsController.php b/app/Controllers/NotificationsController.php index ff4b59a..98a625b 100644 --- a/app/Controllers/NotificationsController.php +++ b/app/Controllers/NotificationsController.php @@ -8,7 +8,6 @@ namespace Sakura\Controllers; use Sakura\CurrentSession; use Sakura\Notification; -use Sakura\Perms\Site; /** * Notification stuff. @@ -34,8 +33,7 @@ class NotificationsController extends Controller */ public function mark($id = 0) { - // Check permission - if (CurrentSession::$user->permission(Site::DEACTIVATED)) { + if (!CurrentSession::$user->activated) { return '0'; } diff --git a/app/Controllers/PremiumController.php b/app/Controllers/PremiumController.php index 30a0222..58d078e 100644 --- a/app/Controllers/PremiumController.php +++ b/app/Controllers/PremiumController.php @@ -11,7 +11,6 @@ use Phroute\Phroute\Exception\HttpMethodNotAllowedException; use Sakura\Config; use Sakura\CurrentSession; use Sakura\Payments; -use Sakura\Perms\Site; /** * Premium pages controller. @@ -56,8 +55,9 @@ class PremiumController extends Controller // Check if the session is valid if (!session_check() - || CurrentSession::$user->permission(Site::DEACTIVATED) - || !CurrentSession::$user->permission(Site::OBTAIN_PREMIUM)) { + || !CurrentSession::$user->activated + || !CurrentSession::$user->verified + || CurrentSession::$user->restricted) { throw new HttpMethodNotAllowedException(); } diff --git a/app/Controllers/Settings/AccountController.php b/app/Controllers/Settings/AccountController.php index 45cf2a1..fe8e327 100644 --- a/app/Controllers/Settings/AccountController.php +++ b/app/Controllers/Settings/AccountController.php @@ -9,7 +9,6 @@ namespace Sakura\Controllers\Settings; use Phroute\Phroute\Exception\HttpMethodNotAllowedException; use Sakura\CurrentSession; use Sakura\DB; -use Sakura\Perms\Site; /** * Account settings. @@ -24,8 +23,7 @@ class AccountController extends Controller */ public function profile() { - // Check permission - if (!CurrentSession::$user->permission(Site::ALTER_PROFILE)) { + if (!CurrentSession::$user->perms->changeProfile) { throw new HttpMethodNotAllowedException(); } @@ -92,12 +90,8 @@ class AccountController extends Controller public function details() { $user = CurrentSession::$user; - - // Check permissions - $edit_email = $user->permission(Site::CHANGE_EMAIL); - $edit_usern = $user->permission(Site::CHANGE_USERNAME); - $edit_title = $user->permission(Site::CHANGE_USERTITLE); - $edit_passw = $user->permission(Site::CHANGE_PASSWORD); + $edit_usern = $user->perms->changeUsername; + $edit_title = $user->perms->changeUserTitle; $last_name_change = 0; if ($edit_usern) { @@ -222,10 +216,8 @@ class AccountController extends Controller } return view('settings/account/details', compact( - 'edit_email', 'edit_usern', 'edit_title', - 'edit_passw', 'last_name_change', 'username_allow' )); @@ -237,8 +229,7 @@ class AccountController extends Controller */ public function ranks() { - // Check permission - if (!CurrentSession::$user->permission(Site::ALTER_RANKS)) { + if (!CurrentSession::$user->perms->manageRanks) { throw new HttpMethodNotAllowedException(); } @@ -287,11 +278,7 @@ class AccountController extends Controller */ public function userpage() { - // Check permission - if (!( - CurrentSession::$user->page - && CurrentSession::$user->permission(Site::CHANGE_USERPAGE) - ) && !CurrentSession::$user->permission(Site::CREATE_USERPAGE)) { + if (!CurrentSession::$user->perms->changeUserpage) { throw new HttpMethodNotAllowedException(); } @@ -325,8 +312,7 @@ class AccountController extends Controller */ public function signature() { - // Check permission - if (!CurrentSession::$user->permission(Site::CHANGE_SIGNATURE)) { + if (!CurrentSession::$user->perms->changeSignature) { throw new HttpMethodNotAllowedException(); } diff --git a/app/Controllers/Settings/AdvancedController.php b/app/Controllers/Settings/AdvancedController.php index 763adb6..d558ebd 100644 --- a/app/Controllers/Settings/AdvancedController.php +++ b/app/Controllers/Settings/AdvancedController.php @@ -8,7 +8,6 @@ namespace Sakura\Controllers\Settings; use Phroute\Phroute\Exception\HttpMethodNotAllowedException; use Sakura\CurrentSession; -use Sakura\Perms\Site; use Sakura\Session; /** @@ -24,11 +23,6 @@ class AdvancedController extends Controller */ public function sessions() { - // Check permission - if (!CurrentSession::$user->permission(Site::MANAGE_SESSIONS)) { - throw new HttpMethodNotAllowedException(); - } - $id = $_POST['id'] ?? null; $all = isset($_POST['all']); @@ -70,7 +64,7 @@ class AdvancedController extends Controller */ public function deactivate() { - if (!CurrentSession::$user->permission(Site::DEACTIVATE_ACCOUNT)) { + if (!CurrentSession::$user->perms->deactivateAccount) { throw new HttpMethodNotAllowedException(); } diff --git a/app/Controllers/Settings/Controller.php b/app/Controllers/Settings/Controller.php index fbdb596..792ae1b 100644 --- a/app/Controllers/Settings/Controller.php +++ b/app/Controllers/Settings/Controller.php @@ -8,7 +8,6 @@ namespace Sakura\Controllers\Settings; use Sakura\Controllers\Controller as BaseController; use Sakura\CurrentSession; -use Sakura\Perms\Site; use Sakura\Template; /** @@ -35,39 +34,29 @@ class Controller extends BaseController $nav = []; // Account - if (CurrentSession::$user->permission(Site::ALTER_PROFILE)) { + if (CurrentSession::$user->perms->changeProfile) { $nav["Account"]["Profile"] = route('settings.account.profile'); } - if (CurrentSession::$user->permission(Site::CHANGE_EMAIL) - || CurrentSession::$user->permission(Site::CHANGE_USERNAME) - || CurrentSession::$user->permission(Site::CHANGE_USERTITLE) - || CurrentSession::$user->permission(Site::CHANGE_PASSWORD)) { - $nav["Account"]["Details"] = route('settings.account.details'); - } - if (CurrentSession::$user->permission(Site::ALTER_RANKS)) { + $nav["Account"]["Details"] = route('settings.account.details'); + if (CurrentSession::$user->perms->manageRanks) { $nav["Account"]["Ranks"] = route('settings.account.ranks'); } - if (( - CurrentSession::$user->page - && CurrentSession::$user->permission(Site::CHANGE_USERPAGE) - ) || CurrentSession::$user->permission(Site::CREATE_USERPAGE)) { + if (CurrentSession::$user->perms->changeUserpage) { $nav["Account"]["Userpage"] = route('settings.account.userpage'); } - if (CurrentSession::$user->permission(Site::CHANGE_SIGNATURE)) { + if (CurrentSession::$user->perms->changeSignature) { $nav["Account"]["Signature"] = route('settings.account.signature'); } // Friends - if (CurrentSession::$user->permission(Site::MANAGE_FRIENDS)) { + if (CurrentSession::$user->perms->manageFriends) { $nav["Friends"]["Listing"] = route('settings.friends.listing'); $nav["Friends"]["Requests"] = route('settings.friends.requests'); } // Advanced - if (CurrentSession::$user->permission(Site::MANAGE_SESSIONS)) { - $nav["Advanced"]["Sessions"] = route('settings.advanced.sessions'); - } - if (CurrentSession::$user->permission(Site::DEACTIVATE_ACCOUNT)) { + $nav["Advanced"]["Sessions"] = route('settings.advanced.sessions'); + if (CurrentSession::$user->perms->deactivateAccount) { $nav["Advanced"]["Deactivate"] = route('settings.advanced.deactivate'); } diff --git a/app/Controllers/Settings/FriendsController.php b/app/Controllers/Settings/FriendsController.php index b9f9668..b3e86a8 100644 --- a/app/Controllers/Settings/FriendsController.php +++ b/app/Controllers/Settings/FriendsController.php @@ -8,7 +8,6 @@ namespace Sakura\Controllers\Settings; use Phroute\Phroute\Exception\HttpMethodNotAllowedException; use Sakura\CurrentSession; -use Sakura\Perms\Site; /** * Friends settings. @@ -23,8 +22,7 @@ class FriendsController extends Controller */ public function listing() { - // Check permission - if (!CurrentSession::$user->permission(Site::MANAGE_FRIENDS)) { + if (!CurrentSession::$user->perms->manageFriends) { throw new HttpMethodNotAllowedException(); } @@ -37,8 +35,7 @@ class FriendsController extends Controller */ public function requests() { - // Check permission - if (!CurrentSession::$user->permission(Site::MANAGE_FRIENDS)) { + if (!CurrentSession::$user->perms->manageFriends) { throw new HttpMethodNotAllowedException(); } diff --git a/app/Controllers/UserController.php b/app/Controllers/UserController.php index 4146078..7c01016 100644 --- a/app/Controllers/UserController.php +++ b/app/Controllers/UserController.php @@ -11,7 +11,6 @@ use Phroute\Phroute\Exception\HttpRouteNotFoundException; use Sakura\Config; use Sakura\CurrentSession; use Sakura\DB; -use Sakura\Perms\Site; use Sakura\Rank; use Sakura\User; @@ -86,8 +85,7 @@ class UserController extends Controller */ public function members($rank = null) { - // Check permission - if (!CurrentSession::$user->permission(Site::VIEW_MEMBERLIST)) { + if (!CurrentSession::$user->activated) { throw new HttpMethodNotAllowedException; } diff --git a/app/CurrentSession.php b/app/CurrentSession.php index 696d9f7..abea0cb 100644 --- a/app/CurrentSession.php +++ b/app/CurrentSession.php @@ -6,8 +6,6 @@ namespace Sakura; -use Sakura\Perms\Site; - /** * Information about the current active user and session. * @package Sakura @@ -48,7 +46,7 @@ class CurrentSession // Check if the session exists and check if the user is activated if (self::$session->validate($user->id, $ip) - && !$user->permission(Site::DEACTIVATED)) { + && $user->activated) { // Assign the user object self::$user = $user; } else { diff --git a/app/Forum/Forum.php b/app/Forum/Forum.php index 0904f67..3fb3f79 100644 --- a/app/Forum/Forum.php +++ b/app/Forum/Forum.php @@ -7,7 +7,7 @@ namespace Sakura\Forum; use Sakura\DB; -use Sakura\Perms; +use Sakura\CurrentSession; /** * Used to serve forums. @@ -64,6 +64,12 @@ class Forum */ public $icon = ""; + /** + * Holds the permission handler. + * @var ForumPerms + */ + public $perms; + /** * A cached instance of the first post in this forum. * @var Post @@ -88,12 +94,6 @@ class Forum */ private $topicsCache = []; - /** - * The permission container. - * @var Perms - */ - private $permissionsCache; - /** * Constructor. * @param int $forumId @@ -105,9 +105,6 @@ class Forum ->where('forum_id', $forumId) ->first(); - // Create permissions object - $this->permissionsCache = new Perms(Perms::FORUM); - // Populate the variables if ($forumRow) { $this->id = intval($forumRow->forum_id); @@ -121,6 +118,8 @@ class Forum } elseif ($forumId !== 0) { $this->id = -1; } + + $this->perms = new ForumPerms($this, CurrentSession::$user); } /** @@ -132,18 +131,7 @@ class Forum */ public function permission($flag, $user, $raw = false) { - // Set default permission value - $perm = 0; - - // Get the permissions of the parent forum if there is one - if ($this->category) { - $perm = $perm | (new Forum($this->category))->permission($flag, $user, true); - } - - // Bitwise OR it with the permissions for this forum - $perm = $perm | $this->permissionsCache->user($user, ['forum_id' => [$this->id, '=']]); - - return $raw ? $perm : $this->permissionsCache->check($flag, $perm); + return $raw ? 1024 : true; } /** diff --git a/app/Forum/ForumPerms.php b/app/Forum/ForumPerms.php new file mode 100644 index 0000000..b2a0cb2 --- /dev/null +++ b/app/Forum/ForumPerms.php @@ -0,0 +1,46 @@ + + */ +class ForumPerms +{ + private $forum = []; + private $user = 0; + private $ranks = []; + private $cache = []; + + public function __construct(Forum $forum, User $user) + { + // + } + + public function __get($name) + { + if (!array_key_exists($name, $this->cache)) { + $column = 'perm_' . camel_to_snake($name); + + $result = array_column(DB::table('forum_perms') + ->whereIn('forum_id', $this->forum) + ->where(function ($query) { + $query->whereIn('rank_id', $this->ranks) + ->orWhere('user_id', $this->user); + }) + ->get([$column]), $column); + + $this->cache[$name] = !in_array('0', $result, true) && in_array('1', $result, true); + } + + return $this->cache[$name]; + } +} diff --git a/app/Perms.php b/app/Perms.php index ffa4433..50166ef 100644 --- a/app/Perms.php +++ b/app/Perms.php @@ -13,16 +13,6 @@ namespace Sakura; */ class Perms { - /** - * SITE permission mode, used for general permissions. - */ - const SITE = 'permissions\permissions_site'; - - /** - * MANAGE permission mode, used for site management actions. - */ - const MANAGE = 'permissions\permissions_manage'; - /** * FORUM permission mode, used per forum. */ diff --git a/app/Perms/Manage.php b/app/Perms/Manage.php deleted file mode 100644 index 3ae616e..0000000 --- a/app/Perms/Manage.php +++ /dev/null @@ -1,30 +0,0 @@ - - */ -class Manage -{ - /** - * Can this user use the management panel? - */ - const USE_MANAGE = 1; - - /** - * Can this user toggle the restriction status of users? - */ - const CAN_RESTRICT_USERS = 2; - - /** - * Can this user alter other user's profile images? - */ - const CHANGE_IMAGES = 4; -} diff --git a/app/Perms/Site.php b/app/Perms/Site.php deleted file mode 100644 index 86dc815..0000000 --- a/app/Perms/Site.php +++ /dev/null @@ -1,170 +0,0 @@ - - */ -class Site -{ - /** - * Is this user deactivated? - */ - const DEACTIVATED = 1; - - /** - * Is this user restricted? - */ - const RESTRICTED = 2; - - /** - * Can this user alter their profile? - */ - const ALTER_PROFILE = 4; - - /** - * Can this user change their avatar? - */ - const CHANGE_AVATAR = 8; - - /** - * Can this user change their profile background? - */ - const CHANGE_BACKGROUND = 16; - - /** - * Can this user change their profile header? - */ - const CHANGE_HEADER = 32; - - /** - * Can this user view the memberlist? - */ - const VIEW_MEMBERLIST = 64; - - /** - * Can this user create a userpage? - */ - const CREATE_USERPAGE = 128; - - /** - * Can this user change their userpage? - */ - const CHANGE_USERPAGE = 256; - - /** - * Can this user use the private messaging system? - */ - const USE_MESSAGES = 512; - - /** - * Can this user send private messages? - */ - const SEND_MESSAGES = 1024; - - /** - * Can this user change the e-mail address associated with their account? - */ - const CHANGE_EMAIL = 2048; - - /** - * Can this user change their username (within the configured timeframe)? - */ - const CHANGE_USERNAME = 4096; - - /** - * Can this user change the user title? - */ - const CHANGE_USERTITLE = 8192; - - /** - * Can this user change the password to their account? - */ - const CHANGE_PASSWORD = 16384; - - /** - * Can this user manage the ranks they're part of? - */ - const ALTER_RANKS = 32768; - - /** - * Can this user manage the active sessions on their account? - */ - const MANAGE_SESSIONS = 65536; - - /** - * Can this user change their forum signature? - */ - const CHANGE_SIGNATURE = 131072; - - /** - * Can this user deactivate their account? - */ - const DEACTIVATE_ACCOUNT = 262144; - - /** - * Can this user view the external accounts on other's profiles? - */ - const VIEW_PROFILE_DATA = 524288; - - /** - * Can this user manage friends? - */ - const MANAGE_FRIENDS = 1048576; - - /** - * Can this user report other users? - */ - const REPORT_USERS = 2097152; - - /** - * Is this user allowed to buy premium? - */ - const OBTAIN_PREMIUM = 4194304; - - /** - * Can this user join groups? - */ - const JOIN_GROUPS = 8388608; - - /** - * Can this user create a group? - */ - const CREATE_GROUP = 16777216; - - /** - * Can this user create more than one group (requires CREATE_GROUP permission as well)? - */ - const MULTIPLE_GROUPS = 33554432; - - /** - * Can this user change the colour of their username? - */ - const CHANGE_NAMECOLOUR = 67108864; - - /** - * Does this user have infinite premium? - */ - const STATIC_PREMIUM = 134217728; - - /** - * Can this user create comments? - */ - const CREATE_COMMENTS = 268435456; - - /** - * Can this user delete their own comments? - */ - const DELETE_COMMENTS = 536870912; - - /** - * Can this user vote on comments? - */ - const VOTE_COMMENTS = 1073741824; -} diff --git a/app/Rank.php b/app/Rank.php index ed9c9fe..1386f44 100644 --- a/app/Rank.php +++ b/app/Rank.php @@ -7,7 +7,6 @@ namespace Sakura; use Sakura\Perms; -use Sakura\Perms\Site; /** * Serves Rank data. @@ -116,9 +115,6 @@ class Rank $this->description = $rankRow->rank_description; $this->title = $rankRow->rank_title; } - - // Init the permissions - $this->permissions = new Perms(Perms::SITE); } /** @@ -137,7 +133,7 @@ class Rank */ public function hidden() { - return $this->hidden || $this->permission(Site::DEACTIVATED) || $this->permission(Site::RESTRICTED); + return $this->hidden; } /** diff --git a/app/User.php b/app/User.php index 0239319..e096fdc 100644 --- a/app/User.php +++ b/app/User.php @@ -12,7 +12,6 @@ use LastFmApi\Api\UserApi; use LastFmApi\Exception\LastFmApiExeption; use Sakura\Exceptions\NetAddressTypeException; use Sakura\Perms; -use Sakura\Perms\Site; use stdClass; /** @@ -263,10 +262,10 @@ class User private $birthday = '0000-00-00'; /** - * The user's permission container. - * @var Perms + * Holds the permission checker for this user. + * @var UserPerms */ - private $permissions; + public $perms; /** * The User instance cache array. @@ -445,7 +444,7 @@ class User $this->title = $this->title ? $this->title : $this->mainRank->title; // Init the permissions - $this->permissions = new Perms(Perms::SITE); + $this->perms = new UserPerms($this); } /** @@ -542,7 +541,7 @@ class User */ public function isActive() { - return $this->id !== 0 && !$this->permission(Site::DEACTIVATED); + return $this->id !== 0 && $this->activated; } /** @@ -911,7 +910,7 @@ class User $expire = $this->premiumInfo()->expire; // Check if the user has static premium - if (!$expire && $this->permission(Site::STATIC_PREMIUM)) { + if (!$expire) { $expire = time() + 1; } diff --git a/app/UserPerms.php b/app/UserPerms.php new file mode 100644 index 0000000..7b7a8d7 --- /dev/null +++ b/app/UserPerms.php @@ -0,0 +1,43 @@ + + */ +class UserPerms +{ + private $user = 0; + private $ranks = []; + private $cache = []; + + public function __construct(User $user) + { + $this->user = $user->id; + $this->ranks = array_keys($user->ranks); + } + + public function __get($name) + { + if (!array_key_exists($name, $this->cache)) { + $column = 'perm_' . camel_to_snake($name); + + $result = array_column(DB::table('perms') + ->where(function ($query) { + $query->whereIn('rank_id', $this->ranks) + ->orWhere('user_id', $this->user); + }) + ->get([$column]), $column); + + $this->cache[$name] = !in_array('0', $result, true) && in_array('1', $result, true); + } + + return $this->cache[$name]; + } +} diff --git a/database/2016_11_23_152450_restructure_permissions.php b/database/2016_11_23_152450_restructure_permissions.php index 7124382..dfbbcfe 100644 --- a/database/2016_11_23_152450_restructure_permissions.php +++ b/database/2016_11_23_152450_restructure_permissions.php @@ -28,32 +28,32 @@ class RestructurePermissions extends Migration $table->integer('user_id')->default(0); $table->integer('rank_id')->default(0); - $table->boolean('perm_change_profile')->default(false); - $table->boolean('perm_change_avatar')->default(false); - $table->boolean('perm_change_background')->default(false); - $table->boolean('perm_change_header')->default(false); - $table->boolean('perm_change_userpage')->default(false); - $table->boolean('perm_change_signature')->default(false); - $table->boolean('perm_change_username')->default(false); - $table->boolean('perm_change_user_title')->default(false); + $table->boolean('perm_change_profile')->nullable()->default(null); + $table->boolean('perm_change_avatar')->nullable()->default(null); + $table->boolean('perm_change_background')->nullable()->default(null); + $table->boolean('perm_change_header')->nullable()->default(null); + $table->boolean('perm_change_userpage')->nullable()->default(null); + $table->boolean('perm_change_signature')->nullable()->default(null); + $table->boolean('perm_change_username')->nullable()->default(null); + $table->boolean('perm_change_user_title')->nullable()->default(null); - $table->boolean('perm_deactivate_account')->default(false); + $table->boolean('perm_deactivate_account')->nullable()->default(null); - $table->boolean('perm_view_user_links')->default(false); - $table->boolean('perm_view_user_details')->default(false); + $table->boolean('perm_view_user_links')->nullable()->default(null); + $table->boolean('perm_view_user_details')->nullable()->default(null); - $table->boolean('perm_manage_ranks')->default(false); - $table->boolean('perm_manage_friends')->default(false); + $table->boolean('perm_manage_ranks')->nullable()->default(null); + $table->boolean('perm_manage_friends')->nullable()->default(null); - $table->boolean('perm_comments_create')->default(false); - $table->boolean('perm_comments_edit')->default(false); - $table->boolean('perm_comments_delete')->default(false); - $table->boolean('perm_comments_vote')->default(false); + $table->boolean('perm_comments_create')->nullable()->default(null); + $table->boolean('perm_comments_edit')->nullable()->default(null); + $table->boolean('perm_comments_delete')->nullable()->default(null); + $table->boolean('perm_comments_vote')->nullable()->default(null); - $table->boolean('perm_is_mod')->default(false); - $table->boolean('perm_is_admin')->default(false); - $table->boolean('perm_can_restrict')->default(false); - $table->boolean('perm_manage_profile_images')->default(false); + $table->boolean('perm_is_mod')->nullable()->default(null); + $table->boolean('perm_is_admin')->nullable()->default(null); + $table->boolean('perm_can_restrict')->nullable()->default(null); + $table->boolean('perm_manage_profile_images')->nullable()->default(null); }); $schema->create('forum_perms', function (Blueprint $table) { @@ -61,23 +61,23 @@ class RestructurePermissions extends Migration $table->integer('user_id')->default(0); $table->integer('rank_id')->default(0); - $table->boolean('perm_view')->default(false); - $table->boolean('perm_reply')->default(false); + $table->boolean('perm_view')->nullable()->default(null); + $table->boolean('perm_reply')->nullable()->default(null); - $table->boolean('perm_topic_create')->default(false); - $table->boolean('perm_topic_delete')->default(false); - $table->boolean('perm_topic_move')->default(false); + $table->boolean('perm_topic_create')->nullable()->default(null); + $table->boolean('perm_topic_delete')->nullable()->default(null); + $table->boolean('perm_topic_move')->nullable()->default(null); - $table->boolean('perm_edit')->default(false); - $table->boolean('perm_edit_any')->default(false); + $table->boolean('perm_edit')->nullable()->default(null); + $table->boolean('perm_edit_any')->nullable()->default(null); - $table->boolean('perm_delete')->default(false); - $table->boolean('perm_delete_any')->default(false); + $table->boolean('perm_delete')->nullable()->default(null); + $table->boolean('perm_delete_any')->nullable()->default(null); - $table->boolean('perm_bypass_rules')->default(false); + $table->boolean('perm_bypass_rules')->nullable()->default(null); - $table->boolean('perm_change_type')->default(false); - $table->boolean('perm_change_status')->default(false); + $table->boolean('perm_change_type')->nullable()->default(null); + $table->boolean('perm_change_status')->nullable()->default(null); }); } diff --git a/resources/views/yuuno/forum/topic.twig b/resources/views/yuuno/forum/topic.twig index 45f1c25..6987963 100644 --- a/resources/views/yuuno/forum/topic.twig +++ b/resources/views/yuuno/forum/topic.twig @@ -106,7 +106,7 @@ {% for post in posts[get.page|default(1) - 1] %} - {% if not post.poster.permission(constant('Sakura\\Perms\\Site::DEACTIVATED')) or post.poster.permission(constant('Sakura\\Perms\\Site::RESTRICTED')) %}{{ post.poster.username }} + {% if post.poster.activated or post.poster.restricted %}{{ post.poster.username }} {{ post.poster.username }} {% else %} [deleted user] @@ -122,7 +122,7 @@ {% if (user.id == post.poster.id and forum.permission(constant('Sakura\\Perms\\Forum::DELETE_OWN'), user.id)) or forum.permission(constant('Sakura\\Perms\\Forum::DELETE_ANY'), user.id) %} {% endif %} - {% if not (post.poster.permission(constant('Sakura\\Perms\\Site::DEACTIVATED')) or post.poster.permission(constant('Sakura\\Perms\\Site::RESTRICTED')) or user.id == post.poster.id) %} + {% if not (post.poster.activated or post.poster.restricted or user.id == post.poster.id) %} @@ -145,7 +145,7 @@
{{ post.parsed|raw }}
- {% if post.poster.signature and post.poster.permission(constant('Sakura\\Perms\\Site::CHANGE_SIGNATURE')) %} + {% if post.poster.signature and post.poster.perms.changeSignature %}
{{ post.poster.signature()|raw|nl2br }} @@ -176,7 +176,7 @@
- {% if user.signature and user.permission(constant('Sakura\\Perms\\Site::CHANGE_SIGNATURE')) %} + {% if user.signature and user.perms.changeSignature %}
{{ user.signature()|raw|nl2br }} diff --git a/resources/views/yuuno/master.twig b/resources/views/yuuno/master.twig index 5c8968c..d3a02aa 100644 --- a/resources/views/yuuno/master.twig +++ b/resources/views/yuuno/master.twig @@ -13,7 +13,7 @@ {{ block('css') }} - + {{ block('js') }} @@ -47,7 +47,7 @@ - {% if user.permission(constant('Sakura\\Perms\\Manage::USE_MANAGE'), constant('Sakura\\Perms::MANAGE')) %} + {% if user.perms.isMod or user.perms.isAdmin %} {% endif %} @@ -62,7 +62,7 @@
- {% if profile is defined ? profile.background : (user.permission(constant('Sakura\\Perms\\Site::CHANGE_BACKGROUND')) and (user.backgroundSitewide or showBG) and user.background) %} + {% if profile is defined ? profile.background : (user.perms.changeBackground and (user.backgroundSitewide or showBG) and user.background) %}
{% endif %} {% if not user.isActive and server['REQUEST_URI'] != route('auth.login') %} @@ -87,7 +87,7 @@
{% endif %} - {% if user.permission(constant('Sakura\\Perms\\Site::RESTRICTED')) %} + {% if user.restricted %}

Your account is currently in restricted mode!

A staff member has set your account to restricted mode most likely due to violation of the rules. While restricted you won't be able to use most public features of the site. If you think this is a mistake please get in touch with one of our staff members.
diff --git a/resources/views/yuuno/premium/index.twig b/resources/views/yuuno/premium/index.twig index 705885b..3c146d9 100644 --- a/resources/views/yuuno/premium/index.twig +++ b/resources/views/yuuno/premium/index.twig @@ -2,8 +2,6 @@ {% set title %}Support {{ config('general.name') }}{% endset %} -{% set persistentPremium = user.permission(constant('Sakura\\Perms\\Site::STATIC_PREMIUM')) %} - {% set features = { "money": "Helping us pay for the bills to survive", "certificate": "A special name colour to stand out in the crowd", @@ -24,8 +22,8 @@ Your current Tenshi tag
-

{% if persistentPremium %}Your rank has persistent Tenshi.{% else %}Your Tenshi tag is valid till {{ user.premiumInfo.expire|date(config('general.date_format')) }}.{% endif %}

- +

Your Tenshi tag is valid till {{ user.premiumInfo.expire|date(config('general.date_format')) }}.

+
{% endif %}
@@ -60,7 +58,7 @@
- {% if user.isActive and user.permission(constant('Sakura\\Perms\\Site::OBTAIN_PREMIUM')) %} + {% if user.isActive and user.verified %}
@@ -79,7 +77,7 @@

You need to be logged in to get Tenshi!

{% endif %} - {% if user.isActive and user.permission(constant('Sakura\\Perms\\Site::OBTAIN_PREMIUM')) %} + {% if user.isActive and user.verified %}