#4: Added a permission to determine if a user can post a comment - this supercedes the "photo:post-comment" gate.
This commit is contained in:
parent
67bf7086c0
commit
e398bc1b68
@ -77,7 +77,7 @@ class PhotoCommentController extends Controller
|
|||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!User::currentOrAnonymous()->can('photo:post-comment'))
|
if (!User::currentOrAnonymous()->can('post-comment', $photo))
|
||||||
{
|
{
|
||||||
App::abort(403);
|
App::abort(403);
|
||||||
return null;
|
return null;
|
||||||
@ -104,7 +104,7 @@ class PhotoCommentController extends Controller
|
|||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!User::currentOrAnonymous()->can('photo:post-comment'))
|
if (!User::currentOrAnonymous()->can('post-comment', $photo))
|
||||||
{
|
{
|
||||||
App::abort(403);
|
App::abort(403);
|
||||||
return null;
|
return null;
|
||||||
|
@ -3,6 +3,7 @@
|
|||||||
namespace App\Policies;
|
namespace App\Policies;
|
||||||
|
|
||||||
use App\Album;
|
use App\Album;
|
||||||
|
use App\Facade\UserConfig;
|
||||||
use App\Group;
|
use App\Group;
|
||||||
use App\Helpers\PermissionsHelper;
|
use App\Helpers\PermissionsHelper;
|
||||||
use App\Permission;
|
use App\Permission;
|
||||||
@ -104,6 +105,23 @@ class AlbumPolicy
|
|||||||
return $this->userHasPermission($user, $album, 'moderate-comments');
|
return $this->userHasPermission($user, $album, 'moderate-comments');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function postComment(User $user, Album $album)
|
||||||
|
{
|
||||||
|
if ($user->id == $album->user_id)
|
||||||
|
{
|
||||||
|
// The album's owner and can do everything
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Don't allow comments to be posted if anonymous user, and anonymous comments disabled
|
||||||
|
if ($user->isAnonymous() && !UserConfig::get('allow_photo_comments_anonymous'))
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
return $this->userHasPermission($user, $album, 'post-comment');
|
||||||
|
}
|
||||||
|
|
||||||
public function uploadPhotos(User $user, Album $album)
|
public function uploadPhotos(User $user, Album $album)
|
||||||
{
|
{
|
||||||
if ($user->id == $album->user_id)
|
if ($user->id == $album->user_id)
|
||||||
|
@ -72,4 +72,15 @@ class PhotoPolicy
|
|||||||
|
|
||||||
return $user->can('moderate-comments', $photo->album);
|
return $user->can('moderate-comments', $photo->album);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function postComment(User $user, Photo $photo)
|
||||||
|
{
|
||||||
|
if ($user->id == $photo->user_id)
|
||||||
|
{
|
||||||
|
// The photo's owner can do everything
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
return $user->can('post-comment', $photo->album);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -94,16 +94,6 @@ class AuthServiceProvider extends ServiceProvider
|
|||||||
{
|
{
|
||||||
return UserConfig::get('public_statistics') || !$user->isAnonymous();
|
return UserConfig::get('public_statistics') || !$user->isAnonymous();
|
||||||
});
|
});
|
||||||
|
|
||||||
Gate::define('photo:post-comment', function(User $user)
|
|
||||||
{
|
|
||||||
if ($user->isAnonymous())
|
|
||||||
{
|
|
||||||
return UserConfig::get('allow_photo_comments_anonymous');
|
|
||||||
};
|
|
||||||
|
|
||||||
return true;
|
|
||||||
});
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private function userHasAdminPermission(User $user, $permissionDescription)
|
private function userHasAdminPermission(User $user, $permissionDescription)
|
||||||
|
@ -147,5 +147,13 @@ class PermissionsSeeder extends Seeder
|
|||||||
'is_default' => false,
|
'is_default' => false,
|
||||||
'sort_order' => 70
|
'sort_order' => 70
|
||||||
]);
|
]);
|
||||||
|
|
||||||
|
// album:moderate-comments = moderate comments posted on photos
|
||||||
|
DatabaseSeeder::createOrUpdate('permissions', [
|
||||||
|
'section' => 'album',
|
||||||
|
'description' => 'post-comment',
|
||||||
|
'is_default' => false,
|
||||||
|
'sort_order' => 80
|
||||||
|
]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -17,6 +17,7 @@ return [
|
|||||||
'list' => 'See this album in listings',
|
'list' => 'See this album in listings',
|
||||||
'manipulate-photos' => 'Manipulate photos in this album',
|
'manipulate-photos' => 'Manipulate photos in this album',
|
||||||
'moderate-comments' => 'Moderate comments in this album',
|
'moderate-comments' => 'Moderate comments in this album',
|
||||||
|
'post-comment' => 'Post a comment in this album',
|
||||||
'upload-photos' => 'Upload photos into this album',
|
'upload-photos' => 'Upload photos into this album',
|
||||||
'view' => 'Access this album'
|
'view' => 'Access this album'
|
||||||
]
|
]
|
||||||
|
@ -14,8 +14,10 @@
|
|||||||
|
|
||||||
@include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'list')])
|
@include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'list')])
|
||||||
@include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'view')])
|
@include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'view')])
|
||||||
|
@include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'post-comment')])
|
||||||
|
|
||||||
@if ($object_id != 'anonymous')
|
@if ($object_id != 'anonymous')
|
||||||
|
@include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'moderate-comments')])
|
||||||
@include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'edit')])
|
@include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'edit')])
|
||||||
@include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'delete')])
|
@include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'delete')])
|
||||||
@endif
|
@endif
|
||||||
@ -29,7 +31,6 @@
|
|||||||
@include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'manipulate-photos')])
|
@include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'manipulate-photos')])
|
||||||
@include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'change-photo-metadata')])
|
@include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'change-photo-metadata')])
|
||||||
@include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'delete-photos')])
|
@include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'delete-photos')])
|
||||||
@include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'moderate-comments')])
|
|
||||||
</div>
|
</div>
|
||||||
@endif
|
@endif
|
||||||
</div>
|
</div>
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
<div class="col mt-4">
|
<div class="col mt-4">
|
||||||
<h2>@lang('gallery.photo_comments_heading')</h2>
|
<h2>@lang('gallery.photo_comments_heading')</h2>
|
||||||
|
|
||||||
@if (\App\User::currentOrAnonymous()->can('photo:post-comment'))
|
@if (\App\User::currentOrAnonymous()->can('post-comment', $photo))
|
||||||
<h3>@lang('gallery.photo_comments_reply_form_heading')</h3>
|
<h3>@lang('gallery.photo_comments_reply_form_heading')</h3>
|
||||||
<p>@lang('gallery.photo_comments_reply_form_p1')</p>
|
<p>@lang('gallery.photo_comments_reply_form_p1')</p>
|
||||||
<hr/>
|
<hr/>
|
||||||
|
@ -9,7 +9,7 @@
|
|||||||
<h6 class="card-subtitle mb-4 text-muted">{{ date(UserConfig::get('date_format'), strtotime($comment->created_at)) }}</h6>
|
<h6 class="card-subtitle mb-4 text-muted">{{ date(UserConfig::get('date_format'), strtotime($comment->created_at)) }}</h6>
|
||||||
{!! $comment->textAsHtml() !!}
|
{!! $comment->textAsHtml() !!}
|
||||||
|
|
||||||
@if (!$is_reply && ($comment->depth() < UserConfig::get('photo_comments_thread_depth') - 1))
|
@if (!$is_reply && ($comment->depth() < UserConfig::get('photo_comments_thread_depth') - 1) && \App\User::currentOrAnonymous()->can('post-comment', $photo))
|
||||||
<a href="{{ $photo->replyToCommentFormUrl($comment->id) }}" v-on:click="replyToComment" class="card-link">@lang('gallery.photo_comments_reply_action')</a>
|
<a href="{{ $photo->replyToCommentFormUrl($comment->id) }}" v-on:click="replyToComment" class="card-link">@lang('gallery.photo_comments_reply_action')</a>
|
||||||
@endif
|
@endif
|
||||||
</div>
|
</div>
|
||||||
|
Loading…
Reference in New Issue
Block a user