projects / GitHub / WoltLab / WCF.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add permission to manage own articles
[GitHub/WoltLab/WCF.git] / wcfsetup / install / files / lib / data / article / ArticleAction.class.php
diff --git a/wcfsetup/install/files/lib/data/article/ArticleAction.class.php b/wcfsetup/install/files/lib/data/article/ArticleAction.class.php
index 2e6e9444e6ba795875362b6025de49ac295b47f4..bd76ed3fef5207734529c7489ca7e6acc25f53d4 100644 (file)
--- a/wcfsetup/install/files/lib/data/article/ArticleAction.class.php
+++ b/wcfsetup/install/files/lib/data/article/ArticleAction.class.php
@@ -1,5 +1,4 @@
 <?php
-declare(strict_types=1);
 namespace wcf\data\article;
 use wcf\data\article\category\ArticleCategory;
 use wcf\data\article\content\ArticleContent;
@@ -9,6 +8,7 @@ use wcf\data\language\Language;
 use wcf\data\AbstractDatabaseObjectAction;
 use wcf\system\clipboard\ClipboardHandler;
 use wcf\system\comment\CommentHandler;
+use wcf\system\exception\PermissionDeniedException;
 use wcf\system\exception\UserInputException;
 use wcf\system\language\LanguageFactory;
 use wcf\system\like\LikeHandler;
@@ -275,8 +275,6 @@ class ArticleAction extends AbstractDatabaseObjectAction {
         * @throws      UserInputException
         */
        public function validateDelete() {
-               WCF::getSession()->checkPermissions(['admin.content.article.canManageArticle']);
-               
                if (empty($this->objects)) {
                        $this->readObjects();
                        
@@ -286,6 +284,10 @@ class ArticleAction extends AbstractDatabaseObjectAction {
                }
                
                foreach ($this->getObjects() as $article) {
+                       if (!$article->canDelete()) {
+                               throw new PermissionDeniedException();
+                       }
+                       
                        if (!$article->isDeleted) {
                                throw new UserInputException('objectIDs');
                        }
@@ -332,8 +334,6 @@ class ArticleAction extends AbstractDatabaseObjectAction {
         * @throws      UserInputException
         */
        public function validateTrash() {
-               WCF::getSession()->checkPermissions(['admin.content.article.canManageArticle']);
-               
                if (empty($this->objects)) {
                        $this->readObjects();
                        
@@ -343,6 +343,10 @@ class ArticleAction extends AbstractDatabaseObjectAction {
                }
                
                foreach ($this->getObjects() as $article) {
+                       if (!$article->canDelete()) {
+                               throw new PermissionDeniedException();
+                       }
+                       
                        if ($article->isDeleted) {
                                throw new UserInputException('objectIDs');
                        }
@@ -557,8 +561,6 @@ class ArticleAction extends AbstractDatabaseObjectAction {
         * @throws      UserInputException
         */
        public function validatePublish() {
-               WCF::getSession()->checkPermissions(['admin.content.article.canManageArticle']);
-               
                if (empty($this->objects)) {
                        $this->readObjects();
                        
@@ -568,6 +570,10 @@ class ArticleAction extends AbstractDatabaseObjectAction {
                }
                
                foreach ($this->getObjects() as $article) {
+                       if (!$article->canPublish()) {
+                               throw new PermissionDeniedException();  
+                       }
+                       
                        if ($article->publicationStatus == Article::PUBLISHED) {
                                throw new UserInputException('objectIDs');
                        }
@@ -604,8 +610,6 @@ class ArticleAction extends AbstractDatabaseObjectAction {
         * @throws      UserInputException
         */
        public function validateUnpublish() {
-               WCF::getSession()->checkPermissions(['admin.content.article.canManageArticle']);
-               
                if (empty($this->objects)) {
                        $this->readObjects();
                        
@@ -615,6 +619,10 @@ class ArticleAction extends AbstractDatabaseObjectAction {
                }
                
                foreach ($this->getObjects() as $article) {
+                       if (!$article->canPublish()) {
+                               throw new PermissionDeniedException();
+                       }
+                       
                        if ($article->publicationStatus != Article::PUBLISHED) {
                                throw new UserInputException('objectIDs');
                        }
WoltLab Suite Core (previously WoltLab Community Framework)