Optionally use separate permission checks to view likes
authorAlexander Ebert <ebert@woltlab.com>
Fri, 9 Jun 2017 14:47:24 +0000 (16:47 +0200)
committerAlexander Ebert <ebert@woltlab.com>
Fri, 9 Jun 2017 14:47:24 +0000 (16:47 +0200)
See #2300

wcfsetup/install/files/lib/data/like/IRestrictedLikeObjectTypeProvider.class.php [new file with mode: 0644]
wcfsetup/install/files/lib/data/like/LikeAction.class.php

diff --git a/wcfsetup/install/files/lib/data/like/IRestrictedLikeObjectTypeProvider.class.php b/wcfsetup/install/files/lib/data/like/IRestrictedLikeObjectTypeProvider.class.php
new file mode 100644 (file)
index 0000000..7ca6414
--- /dev/null
@@ -0,0 +1,31 @@
+<?php
+namespace wcf\data\like;
+use wcf\data\like\object\ILikeObject;
+
+/**
+ * Extended interface for like object type providers that use different permissions
+ * to like content, while using different requirements to display the actual likes.
+ * 
+ * @author     Alexander Ebert
+ * @copyright  2001-2017 WoltLab GmbH
+ * @license    GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @package    WoltLabSuite\Core\Data\Like
+ * @since      3.1
+ */
+interface IRestrictedLikeObjectTypeProvider extends ILikeObjectTypeProvider {
+       /**
+        * Returns true if the active user can like the provided object.
+        * 
+        * @param       ILikeObject     $object
+        * @return      boolean
+        */
+       public function canLike(ILikeObject $object);
+       
+       /**
+        * Returns true if the active user can view the likes of to the provided object.
+        * 
+        * @param       ILikeObject     $object
+        * @return      boolean
+        */
+       public function canViewLikes(ILikeObject $object);
+}
index 1546578539bcde41fc370b6b7265a6456bb15e89..bd041d7ee420b9efbf24975e0c7c3ec8e87c36c9 100644 (file)
@@ -209,7 +209,12 @@ class LikeAction extends AbstractDatabaseObjectAction implements IGroupedUserLis
                $this->objectTypeProvider = $this->objectType->getProcessor();
                $this->likeableObject = $this->objectTypeProvider->getObjectByID($this->parameters['data']['objectID']);
                $this->likeableObject->setObjectType($this->objectType);
-               if (!$this->objectTypeProvider->checkPermissions($this->likeableObject)) {
+               if ($this->objectTypeProvider instanceof IRestrictedLikeObjectTypeProvider) {
+                       if (!$this->objectTypeProvider->canViewLikes($this->likeableObject)) {
+                               throw new PermissionDeniedException();
+                       }
+               }
+               else if (!$this->objectTypeProvider->checkPermissions($this->likeableObject)) {
                        throw new PermissionDeniedException();
                }
        }