more perms
This commit is contained in:
Shish
parent
f7f70b8600
commit
7ef52c853f
@ -26,7 +26,7 @@ class Downtime extends Extension {
|
||||
global $config, $page, $user;
|
||||
|
||||
if($config->get_bool("downtime")) {
|
||||
if(!$user->is_admin() && !$this->is_safe_page($event)) {
|
||||
if(!$user->can("ignore_downtime") && !$this->is_safe_page($event)) {
|
||||
$msg = $config->get_string("downtime_message");
|
||||
$this->theme->display_message($msg);
|
||||
exit;
|
||||
|
||||
@ -29,7 +29,7 @@ class Featured extends Extension {
|
||||
global $config, $page, $user;
|
||||
if($event->page_matches("featured_image")) {
|
||||
if($event->get_arg(0) == "set" && $user->check_auth_token()) {
|
||||
if($user->is_admin() && isset($_POST['image_id'])) {
|
||||
if($user->can("edit_feature") && isset($_POST['image_id'])) {
|
||||
$id = int_escape($_POST['image_id']);
|
||||
if($id > 0) {
|
||||
$config->set_int("featured_id", $id);
|
||||
@ -77,7 +77,7 @@ class Featured extends Extension {
|
||||
|
||||
public function onImageAdminBlockBuilding(ImageAdminBlockBuildingEvent $event) {
|
||||
global $user;
|
||||
if($user->is_admin()) {
|
||||
if($user->can("edit_feature")) {
|
||||
$event->add_part($this->theme->get_buttons_html($event->image->id));
|
||||
}
|
||||
}
|
||||
|
||||
@ -49,7 +49,7 @@ class IPBan extends Extension {
|
||||
public function onPageRequest(PageRequestEvent $event) {
|
||||
if($event->page_matches("ip_ban")) {
|
||||
global $config, $database, $page, $user;
|
||||
if($user->is_admin()) {
|
||||
if($user->can("ban_ip")) {
|
||||
if($event->get_arg(0) == "add" && $user->check_auth_token()) {
|
||||
if(isset($_POST['ip']) && isset($_POST['reason']) && isset($_POST['end'])) {
|
||||
if(empty($_POST['end'])) $end = null;
|
||||
|
||||
@ -38,7 +38,7 @@ class NumericScore extends Extension {
|
||||
|
||||
public function onUserPageBuilding(UserPageBuildingEvent $event) {
|
||||
global $page, $user;
|
||||
if($user->is_admin()) {
|
||||
if($user->can("edit_other_votes")) {
|
||||
$html = $this->theme->get_nuller_html($event->display_user);
|
||||
$page->add_block(new Block("Votes", $html, "main", 60));
|
||||
}
|
||||
@ -79,7 +79,7 @@ class NumericScore extends Extension {
|
||||
}
|
||||
}
|
||||
if($event->page_matches("numeric_score/remove_votes_on") && $user->check_auth_token()) {
|
||||
if($user->is_admin()) {
|
||||
if($user->can("edit_other_vote")) {
|
||||
$image_id = int_escape($_POST['image_id']);
|
||||
$database->execute(
|
||||
"DELETE FROM numeric_score_votes WHERE image_id=?",
|
||||
@ -92,7 +92,7 @@ class NumericScore extends Extension {
|
||||
}
|
||||
}
|
||||
if($event->page_matches("numeric_score/remove_votes_by") && $user->check_auth_token()) {
|
||||
if($user->is_admin()) {
|
||||
if($user->can("edit_other_vote")) {
|
||||
$this->delete_votes_by(int_escape($_POST['user_id']));
|
||||
$page->set_mode("redirect");
|
||||
$page->set_redirect(make_link());
|
||||
|
||||
@ -30,7 +30,7 @@ class NumericScoreTheme extends Themelet {
|
||||
<input type='submit' value='Vote Down'>
|
||||
</form>
|
||||
";
|
||||
if($user->is_admin()) {
|
||||
if($user->can("edit_other_vote")) {
|
||||
$html .= "
|
||||
<form action='".make_link("numeric_score/remove_votes_on")."' method='POST'>
|
||||
".$user->get_auth_html()."
|
||||
|
||||
@ -90,7 +90,7 @@ class PrivMsg extends Extension {
|
||||
global $page, $user;
|
||||
$duser = $event->display_user;
|
||||
if(!$user->is_anonymous() && !$duser->is_anonymous()) {
|
||||
if(($user->id == $duser->id) || $user->is_admin()) {
|
||||
if(($user->id == $duser->id) || $user->can("view_other_pms")) {
|
||||
$this->theme->display_pms($page, $this->get_pms($duser));
|
||||
}
|
||||
if($user->id != $duser->id) {
|
||||
@ -110,7 +110,7 @@ class PrivMsg extends Extension {
|
||||
if(is_null($pm)) {
|
||||
$this->theme->display_error(404, "No such PM", "There is no PM #$pm_id");
|
||||
}
|
||||
else if(($pm["to_id"] == $user->id) || $user->is_admin()) {
|
||||
else if(($pm["to_id"] == $user->id) || $user->can("view_other_pms")) {
|
||||
$from_user = User::by_id(int_escape($pm["from_id"]));
|
||||
$database->execute("UPDATE private_message SET is_read='Y' WHERE id = :id", array("id" => $pm_id));
|
||||
$database->cache->delete("pm-count-{$user->id}");
|
||||
@ -127,7 +127,7 @@ class PrivMsg extends Extension {
|
||||
if(is_null($pm)) {
|
||||
$this->theme->display_error(404, "No such PM", "There is no PM #$pm_id");
|
||||
}
|
||||
else if(($pm["to_id"] == $user->id) || $user->is_admin()) {
|
||||
else if(($pm["to_id"] == $user->id) || $user->can("view_other_pms")) {
|
||||
$database->execute("DELETE FROM private_message WHERE id = :id", array("id" => $pm_id));
|
||||
$database->cache->delete("pm-count-{$user->id}");
|
||||
log_info("pm", "Deleted PM #$pm_id");
|
||||
|
||||
@ -68,6 +68,7 @@ new UserClass("base", null, array(
|
||||
"ban_image" => False,
|
||||
|
||||
"view_eventlog" => False,
|
||||
"ignore_downtime" => False,
|
||||
|
||||
"create_image_report" => False,
|
||||
"view_image_report" => False, # deal with reported images
|
||||
@ -79,6 +80,11 @@ new UserClass("base", null, array(
|
||||
|
||||
"manage_admintools" => False,
|
||||
|
||||
"view_other_pms" => False,
|
||||
"edit_feature" => False,
|
||||
"bulk_edit_vote" => False,
|
||||
"edit_other_vote" => False,
|
||||
|
||||
"protected" => False, # only admins can modify protected users (stops a moderator changing an admin's password)
|
||||
));
|
||||
|
||||
@ -123,6 +129,11 @@ new UserClass("admin", "base", array(
|
||||
"view_eventlog" => True,
|
||||
"manage_blocks" => True,
|
||||
"manage_admintools" => True,
|
||||
"ignore_downtime" => True,
|
||||
"view_other_pms" => True,
|
||||
"edit_feature" => True,
|
||||
"bulk_edit_vote" => True,
|
||||
"edit_other_vote" => True,
|
||||
"protected" => True,
|
||||
));
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user