diff --git a/database/2020_05_30_142750_add_owner_id_to_comments.php b/database/2020_05_30_142750_add_owner_id_to_comments.php new file mode 100644 index 00000000..91305091 --- /dev/null +++ b/database/2020_05_30_142750_add_owner_id_to_comments.php @@ -0,0 +1,26 @@ +exec(" + ALTER TABLE `msz_comments_categories` + ADD COLUMN `owner_id` INT UNSIGNED NULL DEFAULT NULL AFTER `category_name`, + ADD INDEX `comments_categories_owner_foreign` (`owner_id`), + ADD CONSTRAINT `comments_categories_owner_foreign` + FOREIGN KEY (`owner_id`) + REFERENCES `msz_users` (`user_id`) + ON UPDATE CASCADE + ON DELETE SET NULL; + "); +} + +function migrate_down(PDO $conn): void { + $conn->exec(" + ALTER TABLE `msz_comments_categories` + DROP COLUMN `owner_id`, + DROP INDEX `comments_categories_owner_foreign`, + DROP FOREIGN KEY `comments_categories_owner_foreign`; + "); +} diff --git a/public/comments.php b/public/comments.php index 8f496b3b..556976dc 100644 --- a/public/comments.php +++ b/public/comments.php @@ -63,7 +63,7 @@ if($commentId > 0) switch($commentMode) { case 'pin': case 'unpin': - if(!$commentPerms['can_pin']) { + if(!$commentPerms['can_pin'] && !$commentInfo2->isOwner($currentUserInfo)) { echo render_info_or_json($isXHR, "You're not allowed to pin comments.", 403); break; } @@ -103,7 +103,7 @@ switch($commentMode) { break; case 'vote': - if(!$commentPerms['can_vote']) { + if(!$commentPerms['can_vote'] && !$commentInfo2->isOwner($currentUserInfo)) { echo render_info_or_json($isXHR, "You're not allowed to vote on comments.", 403); break; } @@ -129,7 +129,7 @@ switch($commentMode) { break; case 'delete': - if(!$commentPerms['can_delete']) { + if(!$commentPerms['can_delete'] && !$commentInfo2->isOwner($currentUserInfo)) { echo render_info_or_json($isXHR, "You're not allowed to delete comments.", 403); break; } @@ -205,7 +205,7 @@ switch($commentMode) { break; case 'create': - if(!$commentPerms['can_comment']) { + if(!$commentPerms['can_comment'] && !$commentInfo2->isOwner($currentUserInfo)) { echo render_info_or_json($isXHR, "You're not allowed to post comments.", 403); break; } diff --git a/src/Comments/CommentsCategory.php b/src/Comments/CommentsCategory.php index ef99182d..9efffd9e 100644 --- a/src/Comments/CommentsCategory.php +++ b/src/Comments/CommentsCategory.php @@ -14,14 +14,16 @@ class CommentsCategory implements JsonSerializable { // Database fields private $category_id = -1; private $category_name = ''; + private $owner_id = null; private $category_created = null; private $category_locked = null; private $postCount = -1; + private $owner = null; public const TABLE = 'comments_categories'; private const QUERY_SELECT = 'SELECT %1$s FROM `' . DB::PREFIX . self::TABLE . '` AS '. self::TABLE; - private const SELECT = '%1$s.`category_id`, %1$s.`category_name`' + private const SELECT = '%1$s.`category_id`, %1$s.`category_name`, %1$s.`owner_id`' . ', UNIX_TIMESTAMP(%1$s.`category_created`) AS `category_created`' . ', UNIX_TIMESTAMP(%1$s.`category_locked`) AS `category_locked`'; @@ -42,6 +44,21 @@ class CommentsCategory implements JsonSerializable { return $this; } + public function getOwnerId(): int { + return $this->owner_id < 1 ? -1 : $this->owner_id; + } + public function hasOwner(): bool { + return $this->owner_id !== null; + } + public function getOwner(): User { + if($this->owner === null && ($ownerId = $this->getOwnerId()) >= 1) + $this->owner = User::byId($ownerId); + return $this->owner; + } + public function isOwner(User $user): bool { + return $this->hasOwner() && $user->getId() === $this->getOwnerId(); + } + public function getCreatedTime(): int { return $this->category_created === null ? -1 : $this->category_created; }