diff options
| author | Yorhel <git@yorhel.nl> | 2019-12-01 09:22:20 +0100 |
|---|---|---|
| committer | Yorhel <git@yorhel.nl> | 2019-12-01 13:40:59 +0100 |
| commit | 165b62acc991cbf30cb721af27b04a066dbc9413 (patch) | |
| tree | 34cbe7fef4a020fe121ddf1026dd6be13e9498a2 /lib/VNWeb/Validation.pm | |
| parent | b2ba46a9a0900d2b9d62a5ff84c4d4c9d9780abc (diff) | |
v2rw: Convert thread display + poll voting
I did not reimplement the 'poll_recast' and 'poll_preview' settings,
these actions are now always permitted.
Updated CSS a little bit to highlight the linked post and fix the double
border at the bottom.
The nice thing about the sql_visible_threads() function I wrote earlier
is that is can also be used for access control on a single thread. More
code re-use. \o/
Diffstat (limited to 'lib/VNWeb/Validation.pm')
| -rw-r--r-- | lib/VNWeb/Validation.pm | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/lib/VNWeb/Validation.pm b/lib/VNWeb/Validation.pm index 7f60d1ac..e3254866 100644 --- a/lib/VNWeb/Validation.pm +++ b/lib/VNWeb/Validation.pm @@ -127,12 +127,47 @@ sub validate_dbid { # Returns whether the current user can edit the given database entry. +# +# Supported types: +# +# u: +# Requires 'id' field, can only test for editing. +# +# t: +# If no 'id' field, checks if the user can create a new thread +# (permission to post in specific boards is not handled here). +# If no 'num' field, checks if the user can reply to the existing thread. +# Requires the 'locked' field. +# Assumes the user is permitted to see the thread in the first place, i.e. neither hidden nor private. +# Otherwise, checks if the user can edit the post. +# Requires the 'user_id', 'date' and 'hidden' fields. +# +# 'dbentry_type's: +# If no 'id' field, checks whether the user can create a new entry. +# Otherwise, requires 'entry_hidden' and 'entry_locked' fields. +# sub can_edit { my($type, $entry) = @_; return auth->permUsermod || (auth && $entry->{id} == auth->uid) if $type eq 'u'; return auth->permDbmod if $type eq 'd'; + if($type eq 't') { + return 0 if !auth->permBoard; + return 1 if auth->permBoardmod; + if(!$entry->{id}) { + # Allow at most 5 new threads per day per user. + return auth && tuwf->dbVali('SELECT count(*) < 5 FROM threads_posts WHERE num = 1 AND date > NOW()-\'1 day\'::interval AND uid =', \auth->uid); + } elsif(!$entry->{num}) { + die "Can't do authorization test when 'locked' field isn't present" if !exists $entry->{locked}; + return !$entry->{locked}; + } else { + die "Can't do authorization test when hidden/date/user_id fields aren't present" + if !exists $entry->{hidden} || !exists $entry->{date} || !exists $entry->{user_id}; + return auth && $entry->{user_id} == auth->uid && !$entry->{hidden} && $entry->{date} > time-config->{board_edit_time}; + } + } + die "Can't do authorization test when entry_hidden/entry_locked fields aren't present" if $entry->{id} && (!exists $entry->{entry_hidden} || !exists $entry->{entry_locked}); |