use Permissions for Favourites / Artist / Relationships, and also check image lock when sending ImageInfoSet instead of getting each receiver to check it

This commit is contained in:
Shish 2020-02-08 00:24:13 +00:00
parent c6d50f417f
commit 0b304bdf2e
12 changed files with 44 additions and 42 deletions

View File

@ -31,6 +31,8 @@ abstract class Permissions
public const EDIT_IMAGE_OWNER = "edit_image_owner";
public const EDIT_IMAGE_LOCK = "edit_image_lock";
public const EDIT_IMAGE_TITLE = "edit_image_title";
public const EDIT_IMAGE_RELATIONSHIPS = "edit_image_relationships";
public const EDIT_IMAGE_ARTIST = "edit_image_artist";
public const BULK_EDIT_IMAGE_TAG = "bulk_edit_image_tag";
public const BULK_EDIT_IMAGE_SOURCE = "bulk_edit_image_source";
public const DELETE_IMAGE = "delete_image";
@ -77,6 +79,8 @@ abstract class Permissions
public const RESCAN_MEDIA = "rescan_media";
public const SEE_IMAGE_VIEW_COUNTS = "see_image_view_counts";
public const EDIT_FAVOURITES = "edit_favourites";
public const ARTISTS_ADMIN = "artists_admin";
public const BLOTTER_ADMIN = "blotter_admin";
public const FORUM_ADMIN = "forum_admin";

View File

@ -162,7 +162,9 @@ function stream_file(string $file, int $start, int $end): void
$buffer = $end - $p + 1;
}
echo fread($fp, $buffer);
if(!defined("UNITTEST")) @ob_flush();
if (!defined("UNITTEST")) {
@ob_flush();
}
flush();
// After flush, we can tell if the client browser has disconnected.

View File

@ -100,6 +100,8 @@ new UserClass("base", null, [
Permissions::EDIT_IMAGE_OWNER => false,
Permissions::EDIT_IMAGE_LOCK => false,
Permissions::EDIT_IMAGE_TITLE => false,
Permissions::EDIT_IMAGE_RELATIONSHIPS => false,
Permissions::EDIT_IMAGE_ARTIST => false,
Permissions::BULK_EDIT_IMAGE_TAG => false,
Permissions::BULK_EDIT_IMAGE_SOURCE => false,
Permissions::DELETE_IMAGE => false,
@ -146,6 +148,8 @@ new UserClass("base", null, [
Permissions::RESCAN_MEDIA => false,
Permissions::SEE_IMAGE_VIEW_COUNTS => false,
Permissions::EDIT_FAVOURITES => false,
Permissions::ARTISTS_ADMIN => false,
Permissions::BLOTTER_ADMIN => false,
Permissions::FORUM_ADMIN => false,
@ -175,8 +179,11 @@ new UserClass("user", "base", [
Permissions::EDIT_IMAGE_TAG => true,
Permissions::EDIT_IMAGE_SOURCE => true,
Permissions::EDIT_IMAGE_TITLE => true,
Permissions::EDIT_IMAGE_RELATIONSHIPS => true,
Permissions::EDIT_IMAGE_ARTIST => true,
Permissions::CREATE_IMAGE_REPORT => true,
Permissions::EDIT_IMAGE_RATING => true,
Permissions::EDIT_FAVOURITES => true,
Permissions::SEND_PM => true,
Permissions::READ_PM => true,
]);

View File

@ -26,7 +26,7 @@ class Artists extends Extension
public function onImageInfoSet(ImageInfoSetEvent $event)
{
global $user;
if (isset($_POST["tag_edit__author"])) {
if ($user->can(Permissions::EDIT_IMAGE_ARTIST) && isset($_POST["tag_edit__author"])) {
send_event(new AuthorSetEvent($event->image, $user, $_POST["tag_edit__author"]));
}
}

View File

@ -82,6 +82,7 @@ class Favorites extends Extension
{
global $user;
if (
$user->can(Permissions::EDIT_FAVOURITES) &&
in_array('favorite_action', $_POST) &&
(($_POST['favorite_action'] == "set") || ($_POST['favorite_action'] == "unset"))
) {

View File

@ -131,14 +131,6 @@ class Index extends Extension
$event->panel->add_block($sb);
}
public function onImageInfoSet(ImageInfoSetEvent $event)
{
global $cache;
if (SPEED_HAX) {
$cache->delete("thumb-block:{$event->image->id}");
}
}
public function onPageNavBuilding(PageNavBuildingEvent $event)
{
$event->add_nav_link("posts", new Link('post/list'), "Posts", NavLink::is_active(["post","view"]), 20);

View File

@ -40,11 +40,6 @@ class LiveFeed extends Extension
);
}
public function onImageInfoSet(ImageInfoSetEvent $event)
{
# $this->msg("Image info set");
}
public function get_priority(): int
{
return 99;

View File

@ -48,11 +48,14 @@ class Relationships extends Extension
public function onImageInfoSet(ImageInfoSetEvent $event)
{
if (isset($_POST['tag_edit__tags']) ? !preg_match('/parent[=|:]/', $_POST["tag_edit__tags"]) : true) { //Ignore tag_edit__parent if tags contain parent metatag
if (isset($_POST["tag_edit__parent"]) ? ctype_digit($_POST["tag_edit__parent"]) : false) {
send_event(new ImageRelationshipSetEvent($event->image->id, (int) $_POST["tag_edit__parent"]));
} else {
$this->remove_parent($event->image->id);
global $user;
if ($user->can(Permissions::EDIT_IMAGE_RELATIONSHIPS)) {
if (isset($_POST['tag_edit__tags']) ? !preg_match('/parent[=|:]/', $_POST["tag_edit__tags"]) : true) { //Ignore tag_edit__parent if tags contain parent metatag
if (isset($_POST["tag_edit__parent"]) ? ctype_digit($_POST["tag_edit__parent"]) : false) {
send_event(new ImageRelationshipSetEvent($event->image->id, (int) $_POST["tag_edit__parent"]));
} else {
$this->remove_parent($event->image->id);
}
}
}
}

View File

@ -19,6 +19,12 @@ class Rule34 extends Extension
$database->execute("NOTIFY shm_image_bans, '{$event->image->hash}';");
}
public function onImageInfoSet(ImageInfoSetEvent $event)
{
global $cache;
$cache->delete("thumb-block:{$event->image->id}");
}
public function onImageInfoBoxBuilding(ImageInfoBoxBuildingEvent $event)
{
global $config;

View File

@ -171,10 +171,10 @@ class TagEdit extends Extension
throw new NullUserException("Error: No user with that name was found.");
}
}
if ($this->can_tag($event->image) && isset($_POST['tag_edit__tags'])) {
if ($user->can(Permissions::EDIT_IMAGE_TAG) && isset($_POST['tag_edit__tags'])) {
send_event(new TagSetEvent($event->image, Tag::explode($_POST['tag_edit__tags'])));
}
if ($this->can_source($event->image) && isset($_POST['tag_edit__source'])) {
if ($user->can(Permissions::EDIT_IMAGE_SOURCE) && isset($_POST['tag_edit__source'])) {
if (isset($_POST['tag_edit__tags']) ? !preg_match('/source[=|:]/', $_POST["tag_edit__tags"]) : true) {
send_event(new SourceSetEvent($event->image, $_POST['tag_edit__source']));
}
@ -270,18 +270,6 @@ class TagEdit extends Extension
}
}
private function can_tag(Image $image): bool
{
global $user;
return ($user->can(Permissions::EDIT_IMAGE_TAG) || !$image->is_locked());
}
private function can_source(Image $image): bool
{
global $user;
return ($user->can(Permissions::EDIT_IMAGE_SOURCE) || !$image->is_locked());
}
private function mass_tag_edit(string $search, string $replace)
{
global $database;

View File

@ -4,15 +4,15 @@ class TagHistoryTest extends ShimmiePHPUnitTestCase
public function testTagHistory()
{
$this->log_in_as_admin();
$image_id = $this->post_image("tests/pbx_screenshot.jpg", "pbx");
$image_id = $this->post_image("tests/pbx_screenshot.jpg", "old_tag");
$image = Image::by_id($image_id);
// Original
$this->get_page("post/view/$image_id");
$this->assert_title("Image $image_id: pbx");
$this->assert_title("Image $image_id: old_tag");
// Modified
send_event(new TagSetEvent($image, ["new"]));
send_event(new TagSetEvent($image, ["new_tag"]));
// FIXME
// $this->click("View Tag History");
@ -23,5 +23,6 @@ class TagHistoryTest extends ShimmiePHPUnitTestCase
$this->get_page("tag_history/all/1");
$this->assert_title("Global Tag History");
$this->assert_text("new_tag");
}
}

View File

@ -74,11 +74,14 @@ class ViewImage extends Extension
}
$image_id = int_escape($_POST['image_id']);
send_event(new ImageInfoSetEvent(Image::by_id($image_id)));
$page->set_mode(PageMode::REDIRECT);
$page->set_redirect(make_link("post/view/$image_id", url_escape(@$_POST['query'])));
$image = Image::by_id($image_id);
if (!$image->is_locked()) {
send_event(new ImageInfoSetEvent($image));
$page->set_mode(PageMode::REDIRECT);
$page->set_redirect(make_link("post/view/$image_id", url_escape(@$_POST['query'])));
} else {
$this->theme->display_error(403, "Image Locked", "An admin has locked this image");
}
}
}