diff --git a/contrib/downtime/main.php b/contrib/downtime/main.php index 462e530f..63421db8 100644 --- a/contrib/downtime/main.php +++ b/contrib/downtime/main.php @@ -26,7 +26,7 @@ class Downtime extends Extension { global $config, $page, $user; if($config->get_bool("downtime")) { - if(!$user->is_admin() && !$this->is_safe_page($event)) { + if(!$user->can("ignore_downtime") && !$this->is_safe_page($event)) { $msg = $config->get_string("downtime_message"); $this->theme->display_message($msg); exit; diff --git a/contrib/featured/main.php b/contrib/featured/main.php index 5dbc41dd..dda66100 100644 --- a/contrib/featured/main.php +++ b/contrib/featured/main.php @@ -29,7 +29,7 @@ class Featured extends Extension { global $config, $page, $user; if($event->page_matches("featured_image")) { if($event->get_arg(0) == "set" && $user->check_auth_token()) { - if($user->is_admin() && isset($_POST['image_id'])) { + if($user->can("edit_feature") && isset($_POST['image_id'])) { $id = int_escape($_POST['image_id']); if($id > 0) { $config->set_int("featured_id", $id); @@ -77,7 +77,7 @@ class Featured extends Extension { public function onImageAdminBlockBuilding(ImageAdminBlockBuildingEvent $event) { global $user; - if($user->is_admin()) { + if($user->can("edit_feature")) { $event->add_part($this->theme->get_buttons_html($event->image->id)); } } diff --git a/contrib/ipban/main.php b/contrib/ipban/main.php index 4e50c3de..f3346a6c 100644 --- a/contrib/ipban/main.php +++ b/contrib/ipban/main.php @@ -49,7 +49,7 @@ class IPBan extends Extension { public function onPageRequest(PageRequestEvent $event) { if($event->page_matches("ip_ban")) { global $config, $database, $page, $user; - if($user->is_admin()) { + if($user->can("ban_ip")) { if($event->get_arg(0) == "add" && $user->check_auth_token()) { if(isset($_POST['ip']) && isset($_POST['reason']) && isset($_POST['end'])) { if(empty($_POST['end'])) $end = null; diff --git a/contrib/numeric_score/main.php b/contrib/numeric_score/main.php index 70ac2379..98aaf45d 100644 --- a/contrib/numeric_score/main.php +++ b/contrib/numeric_score/main.php @@ -38,7 +38,7 @@ class NumericScore extends Extension { public function onUserPageBuilding(UserPageBuildingEvent $event) { global $page, $user; - if($user->is_admin()) { + if($user->can("edit_other_votes")) { $html = $this->theme->get_nuller_html($event->display_user); $page->add_block(new Block("Votes", $html, "main", 60)); } @@ -79,7 +79,7 @@ class NumericScore extends Extension { } } if($event->page_matches("numeric_score/remove_votes_on") && $user->check_auth_token()) { - if($user->is_admin()) { + if($user->can("edit_other_vote")) { $image_id = int_escape($_POST['image_id']); $database->execute( "DELETE FROM numeric_score_votes WHERE image_id=?", @@ -92,7 +92,7 @@ class NumericScore extends Extension { } } if($event->page_matches("numeric_score/remove_votes_by") && $user->check_auth_token()) { - if($user->is_admin()) { + if($user->can("edit_other_vote")) { $this->delete_votes_by(int_escape($_POST['user_id'])); $page->set_mode("redirect"); $page->set_redirect(make_link()); diff --git a/contrib/numeric_score/theme.php b/contrib/numeric_score/theme.php index b33043e0..fdd2fa90 100644 --- a/contrib/numeric_score/theme.php +++ b/contrib/numeric_score/theme.php @@ -30,7 +30,7 @@ class NumericScoreTheme extends Themelet { "; - if($user->is_admin()) { + if($user->can("edit_other_vote")) { $html .= "
".$user->get_auth_html()." diff --git a/contrib/pm/main.php b/contrib/pm/main.php index b1b6f81b..d33c975d 100644 --- a/contrib/pm/main.php +++ b/contrib/pm/main.php @@ -90,7 +90,7 @@ class PrivMsg extends Extension { global $page, $user; $duser = $event->display_user; if(!$user->is_anonymous() && !$duser->is_anonymous()) { - if(($user->id == $duser->id) || $user->is_admin()) { + if(($user->id == $duser->id) || $user->can("view_other_pms")) { $this->theme->display_pms($page, $this->get_pms($duser)); } if($user->id != $duser->id) { @@ -110,7 +110,7 @@ class PrivMsg extends Extension { if(is_null($pm)) { $this->theme->display_error(404, "No such PM", "There is no PM #$pm_id"); } - else if(($pm["to_id"] == $user->id) || $user->is_admin()) { + else if(($pm["to_id"] == $user->id) || $user->can("view_other_pms")) { $from_user = User::by_id(int_escape($pm["from_id"])); $database->execute("UPDATE private_message SET is_read='Y' WHERE id = :id", array("id" => $pm_id)); $database->cache->delete("pm-count-{$user->id}"); @@ -127,7 +127,7 @@ class PrivMsg extends Extension { if(is_null($pm)) { $this->theme->display_error(404, "No such PM", "There is no PM #$pm_id"); } - else if(($pm["to_id"] == $user->id) || $user->is_admin()) { + else if(($pm["to_id"] == $user->id) || $user->can("view_other_pms")) { $database->execute("DELETE FROM private_message WHERE id = :id", array("id" => $pm_id)); $database->cache->delete("pm-count-{$user->id}"); log_info("pm", "Deleted PM #$pm_id"); diff --git a/core/userclass.class.php b/core/userclass.class.php index e6b219f4..be8acb16 100644 --- a/core/userclass.class.php +++ b/core/userclass.class.php @@ -68,6 +68,7 @@ new UserClass("base", null, array( "ban_image" => False, "view_eventlog" => False, + "ignore_downtime" => False, "create_image_report" => False, "view_image_report" => False, # deal with reported images @@ -79,6 +80,11 @@ new UserClass("base", null, array( "manage_admintools" => False, + "view_other_pms" => False, + "edit_feature" => False, + "bulk_edit_vote" => False, + "edit_other_vote" => False, + "protected" => False, # only admins can modify protected users (stops a moderator changing an admin's password) )); @@ -123,6 +129,11 @@ new UserClass("admin", "base", array( "view_eventlog" => True, "manage_blocks" => True, "manage_admintools" => True, + "ignore_downtime" => True, + "view_other_pms" => True, + "edit_feature" => True, + "bulk_edit_vote" => True, + "edit_other_vote" => True, "protected" => True, ));