#4: Added a permission to determine if a user can post a comment - this supercedes the "photo:post-comment" gate.

This commit is contained in:
Andy Heathershaw 2018-09-20 14:38:34 +01:00
parent 67bf7086c0
commit e398bc1b68
9 changed files with 44 additions and 15 deletions

View File

@ -77,7 +77,7 @@ class PhotoCommentController extends Controller
return null;
}
if (!User::currentOrAnonymous()->can('photo:post-comment'))
if (!User::currentOrAnonymous()->can('post-comment', $photo))
{
App::abort(403);
return null;
@ -104,7 +104,7 @@ class PhotoCommentController extends Controller
return null;
}
if (!User::currentOrAnonymous()->can('photo:post-comment'))
if (!User::currentOrAnonymous()->can('post-comment', $photo))
{
App::abort(403);
return null;

View File

@ -3,6 +3,7 @@
namespace App\Policies;
use App\Album;
use App\Facade\UserConfig;
use App\Group;
use App\Helpers\PermissionsHelper;
use App\Permission;
@ -104,6 +105,23 @@ class AlbumPolicy
return $this->userHasPermission($user, $album, 'moderate-comments');
}
public function postComment(User $user, Album $album)
{
if ($user->id == $album->user_id)
{
// The album's owner and can do everything
return true;
}
// Don't allow comments to be posted if anonymous user, and anonymous comments disabled
if ($user->isAnonymous() && !UserConfig::get('allow_photo_comments_anonymous'))
{
return false;
}
return $this->userHasPermission($user, $album, 'post-comment');
}
public function uploadPhotos(User $user, Album $album)
{
if ($user->id == $album->user_id)

View File

@ -72,4 +72,15 @@ class PhotoPolicy
return $user->can('moderate-comments', $photo->album);
}
public function postComment(User $user, Photo $photo)
{
if ($user->id == $photo->user_id)
{
// The photo's owner can do everything
return true;
}
return $user->can('post-comment', $photo->album);
}
}

View File

@ -94,16 +94,6 @@ class AuthServiceProvider extends ServiceProvider
{
return UserConfig::get('public_statistics') || !$user->isAnonymous();
});
Gate::define('photo:post-comment', function(User $user)
{
if ($user->isAnonymous())
{
return UserConfig::get('allow_photo_comments_anonymous');
};
return true;
});
}
private function userHasAdminPermission(User $user, $permissionDescription)

View File

@ -147,5 +147,13 @@ class PermissionsSeeder extends Seeder
'is_default' => false,
'sort_order' => 70
]);
// album:moderate-comments = moderate comments posted on photos
DatabaseSeeder::createOrUpdate('permissions', [
'section' => 'album',
'description' => 'post-comment',
'is_default' => false,
'sort_order' => 80
]);
}
}

View File

@ -17,6 +17,7 @@ return [
'list' => 'See this album in listings',
'manipulate-photos' => 'Manipulate photos in this album',
'moderate-comments' => 'Moderate comments in this album',
'post-comment' => 'Post a comment in this album',
'upload-photos' => 'Upload photos into this album',
'view' => 'Access this album'
]

View File

@ -14,8 +14,10 @@
@include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'list')])
@include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'view')])
@include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'post-comment')])
@if ($object_id != 'anonymous')
@include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'moderate-comments')])
@include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'edit')])
@include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'delete')])
@endif
@ -29,7 +31,6 @@
@include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'manipulate-photos')])
@include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'change-photo-metadata')])
@include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'delete-photos')])
@include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'moderate-comments')])
</div>
@endif
</div>

View File

@ -2,7 +2,7 @@
<div class="col mt-4">
<h2>@lang('gallery.photo_comments_heading')</h2>
@if (\App\User::currentOrAnonymous()->can('photo:post-comment'))
@if (\App\User::currentOrAnonymous()->can('post-comment', $photo))
<h3>@lang('gallery.photo_comments_reply_form_heading')</h3>
<p>@lang('gallery.photo_comments_reply_form_p1')</p>
<hr/>

View File

@ -9,7 +9,7 @@
<h6 class="card-subtitle mb-4 text-muted">{{ date(UserConfig::get('date_format'), strtotime($comment->created_at)) }}</h6>
{!! $comment->textAsHtml() !!}
@if (!$is_reply && ($comment->depth() < UserConfig::get('photo_comments_thread_depth') - 1))
@if (!$is_reply && ($comment->depth() < UserConfig::get('photo_comments_thread_depth') - 1) && \App\User::currentOrAnonymous()->can('post-comment', $photo))
<a href="{{ $photo->replyToCommentFormUrl($comment->id) }}" v-on:click="replyToComment" class="card-link">@lang('gallery.photo_comments_reply_action')</a>
@endif
</div>