From e398bc1b68644b7cb4bf833d6de4f52d4e652166 Mon Sep 17 00:00:00 2001 From: Andy Heathershaw Date: Thu, 20 Sep 2018 14:38:34 +0100 Subject: [PATCH] #4: Added a permission to determine if a user can post a comment - this supercedes the "photo:post-comment" gate. --- .../Gallery/PhotoCommentController.php | 4 ++-- app/Policies/AlbumPolicy.php | 18 ++++++++++++++++++ app/Policies/PhotoPolicy.php | 11 +++++++++++ app/Providers/AuthServiceProvider.php | 10 ---------- database/seeds/PermissionsSeeder.php | 8 ++++++++ resources/lang/en/permissions.php | 1 + .../base/partials/album_permissions.blade.php | 3 ++- .../base/partials/photo_comments.blade.php | 2 +- .../partials/photo_single_comment.blade.php | 2 +- 9 files changed, 44 insertions(+), 15 deletions(-) diff --git a/app/Http/Controllers/Gallery/PhotoCommentController.php b/app/Http/Controllers/Gallery/PhotoCommentController.php index 3a1802d..60c39ad 100644 --- a/app/Http/Controllers/Gallery/PhotoCommentController.php +++ b/app/Http/Controllers/Gallery/PhotoCommentController.php @@ -77,7 +77,7 @@ class PhotoCommentController extends Controller return null; } - if (!User::currentOrAnonymous()->can('photo:post-comment')) + if (!User::currentOrAnonymous()->can('post-comment', $photo)) { App::abort(403); return null; @@ -104,7 +104,7 @@ class PhotoCommentController extends Controller return null; } - if (!User::currentOrAnonymous()->can('photo:post-comment')) + if (!User::currentOrAnonymous()->can('post-comment', $photo)) { App::abort(403); return null; diff --git a/app/Policies/AlbumPolicy.php b/app/Policies/AlbumPolicy.php index 0eb2a9d..0eeed6f 100644 --- a/app/Policies/AlbumPolicy.php +++ b/app/Policies/AlbumPolicy.php @@ -3,6 +3,7 @@ namespace App\Policies; use App\Album; +use App\Facade\UserConfig; use App\Group; use App\Helpers\PermissionsHelper; use App\Permission; @@ -104,6 +105,23 @@ class AlbumPolicy return $this->userHasPermission($user, $album, 'moderate-comments'); } + public function postComment(User $user, Album $album) + { + if ($user->id == $album->user_id) + { + // The album's owner and can do everything + return true; + } + + // Don't allow comments to be posted if anonymous user, and anonymous comments disabled + if ($user->isAnonymous() && !UserConfig::get('allow_photo_comments_anonymous')) + { + return false; + } + + return $this->userHasPermission($user, $album, 'post-comment'); + } + public function uploadPhotos(User $user, Album $album) { if ($user->id == $album->user_id) diff --git a/app/Policies/PhotoPolicy.php b/app/Policies/PhotoPolicy.php index e39ae42..eaa0626 100644 --- a/app/Policies/PhotoPolicy.php +++ b/app/Policies/PhotoPolicy.php @@ -72,4 +72,15 @@ class PhotoPolicy return $user->can('moderate-comments', $photo->album); } + + public function postComment(User $user, Photo $photo) + { + if ($user->id == $photo->user_id) + { + // The photo's owner can do everything + return true; + } + + return $user->can('post-comment', $photo->album); + } } diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php index 6cc85d7..d37e63a 100644 --- a/app/Providers/AuthServiceProvider.php +++ b/app/Providers/AuthServiceProvider.php @@ -94,16 +94,6 @@ class AuthServiceProvider extends ServiceProvider { return UserConfig::get('public_statistics') || !$user->isAnonymous(); }); - - Gate::define('photo:post-comment', function(User $user) - { - if ($user->isAnonymous()) - { - return UserConfig::get('allow_photo_comments_anonymous'); - }; - - return true; - }); } private function userHasAdminPermission(User $user, $permissionDescription) diff --git a/database/seeds/PermissionsSeeder.php b/database/seeds/PermissionsSeeder.php index 37309ad..927c7e8 100644 --- a/database/seeds/PermissionsSeeder.php +++ b/database/seeds/PermissionsSeeder.php @@ -147,5 +147,13 @@ class PermissionsSeeder extends Seeder 'is_default' => false, 'sort_order' => 70 ]); + + // album:moderate-comments = moderate comments posted on photos + DatabaseSeeder::createOrUpdate('permissions', [ + 'section' => 'album', + 'description' => 'post-comment', + 'is_default' => false, + 'sort_order' => 80 + ]); } } diff --git a/resources/lang/en/permissions.php b/resources/lang/en/permissions.php index bcbe924..e32aeaf 100644 --- a/resources/lang/en/permissions.php +++ b/resources/lang/en/permissions.php @@ -17,6 +17,7 @@ return [ 'list' => 'See this album in listings', 'manipulate-photos' => 'Manipulate photos in this album', 'moderate-comments' => 'Moderate comments in this album', + 'post-comment' => 'Post a comment in this album', 'upload-photos' => 'Upload photos into this album', 'view' => 'Access this album' ] diff --git a/resources/views/themes/base/partials/album_permissions.blade.php b/resources/views/themes/base/partials/album_permissions.blade.php index e1d8ffc..c7dd426 100644 --- a/resources/views/themes/base/partials/album_permissions.blade.php +++ b/resources/views/themes/base/partials/album_permissions.blade.php @@ -14,8 +14,10 @@ @include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'list')]) @include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'view')]) + @include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'post-comment')]) @if ($object_id != 'anonymous') + @include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'moderate-comments')]) @include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'edit')]) @include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'delete')]) @endif @@ -29,7 +31,6 @@ @include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'manipulate-photos')]) @include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'change-photo-metadata')]) @include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'delete-photos')]) - @include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'moderate-comments')]) @endif diff --git a/resources/views/themes/base/partials/photo_comments.blade.php b/resources/views/themes/base/partials/photo_comments.blade.php index 2def8ca..a37d8a9 100644 --- a/resources/views/themes/base/partials/photo_comments.blade.php +++ b/resources/views/themes/base/partials/photo_comments.blade.php @@ -2,7 +2,7 @@

@lang('gallery.photo_comments_heading')

- @if (\App\User::currentOrAnonymous()->can('photo:post-comment')) + @if (\App\User::currentOrAnonymous()->can('post-comment', $photo))

@lang('gallery.photo_comments_reply_form_heading')

@lang('gallery.photo_comments_reply_form_p1')

diff --git a/resources/views/themes/base/partials/photo_single_comment.blade.php b/resources/views/themes/base/partials/photo_single_comment.blade.php index 73c33bb..349f0e8 100644 --- a/resources/views/themes/base/partials/photo_single_comment.blade.php +++ b/resources/views/themes/base/partials/photo_single_comment.blade.php @@ -9,7 +9,7 @@
{{ date(UserConfig::get('date_format'), strtotime($comment->created_at)) }}
{!! $comment->textAsHtml() !!} - @if (!$is_reply && ($comment->depth() < UserConfig::get('photo_comments_thread_depth') - 1)) + @if (!$is_reply && ($comment->depth() < UserConfig::get('photo_comments_thread_depth') - 1) && \App\User::currentOrAnonymous()->can('post-comment', $photo)) @lang('gallery.photo_comments_reply_action') @endif