From 31378fd1b237100cadc35c72f142acd3fb533543 Mon Sep 17 00:00:00 2001 From: Alexander Ebert Date: Fri, 27 Jun 2014 14:36:39 +0200 Subject: [PATCH] Preventing deletion of delivered BBCodes, Page Menu Items and User Options All three types are either complex objects or have data or implicit properties associated with them which are not alterable through the ACP. For example user-created menu items will be assigned a generic name which cannot be used as a replacement for pre-defined items with a specific name (e.g. highliting the active menu item). In order to prevent users from accidentially breaking stuff, we disallow deletion. In return all three types support disabling of items, therefore they can be safely turned off which in return results in the same behavior compared to deleting them. --- .../install/files/acp/templates/bbcodeList.tpl | 6 +++++- .../install/files/acp/templates/userOptionList.tpl | 6 +++++- .../install/files/lib/data/bbcode/BBCode.class.php | 13 +++++++++++++ .../files/lib/data/bbcode/BBCodeAction.class.php | 14 ++++++++++++++ .../lib/data/page/menu/item/PageMenuItem.class.php | 6 +++++- .../page/menu/item/PageMenuItemAction.class.php | 13 +++++++++++++ .../lib/data/user/option/UserOption.class.php | 13 +++++++++++++ .../data/user/option/UserOptionAction.class.php | 14 ++++++++++++++ .../BBCodePackageInstallationPlugin.class.php | 3 ++- .../PageMenuPackageInstallationPlugin.class.php | 2 ++ .../UserOptionPackageInstallationPlugin.class.php | 3 ++- wcfsetup/setup/db/install.sql | 3 +++ 12 files changed, 91 insertions(+), 5 deletions(-) diff --git a/wcfsetup/install/files/acp/templates/bbcodeList.tpl b/wcfsetup/install/files/acp/templates/bbcodeList.tpl index 2f7e5793ad..57836e9cb3 100644 --- a/wcfsetup/install/files/acp/templates/bbcodeList.tpl +++ b/wcfsetup/install/files/acp/templates/bbcodeList.tpl @@ -48,7 +48,11 @@ - + {if $bbcode->canDelete()} + + {else} + + {/if} {event name='rowButtons'} diff --git a/wcfsetup/install/files/acp/templates/userOptionList.tpl b/wcfsetup/install/files/acp/templates/userOptionList.tpl index b9edb5bb4e..e252f5b9bd 100644 --- a/wcfsetup/install/files/acp/templates/userOptionList.tpl +++ b/wcfsetup/install/files/acp/templates/userOptionList.tpl @@ -50,7 +50,11 @@ - + {if $option->canDelete()} + + {else} + + {/if} {event name='rowButtons'} diff --git a/wcfsetup/install/files/lib/data/bbcode/BBCode.class.php b/wcfsetup/install/files/lib/data/bbcode/BBCode.class.php index 9de8da7197..485fbabd06 100644 --- a/wcfsetup/install/files/lib/data/bbcode/BBCode.class.php +++ b/wcfsetup/install/files/lib/data/bbcode/BBCode.class.php @@ -95,4 +95,17 @@ class BBCode extends ProcessibleDatabaseObject implements IRouteController { return in_array($bbcodeTag, $allowedBBCodeTags); } + + /** + * Returns true if this BBCode can be deleted. + * + * @return boolean + */ + public function canDelete() { + if ($this->originIsSystem) { + return false; + } + + return true; + } } diff --git a/wcfsetup/install/files/lib/data/bbcode/BBCodeAction.class.php b/wcfsetup/install/files/lib/data/bbcode/BBCodeAction.class.php index 75ea5b974a..6b6beda622 100644 --- a/wcfsetup/install/files/lib/data/bbcode/BBCodeAction.class.php +++ b/wcfsetup/install/files/lib/data/bbcode/BBCodeAction.class.php @@ -5,6 +5,7 @@ use wcf\data\user\group\UserGroupEditor; use wcf\data\AbstractDatabaseObjectAction; use wcf\data\IToggleAction; use wcf\system\database\util\PreparedStatementConditionBuilder; +use wcf\system\exception\PermissionDeniedException; use wcf\system\WCF; /** @@ -98,6 +99,19 @@ class BBCodeAction extends AbstractDatabaseObjectAction implements IToggleAction return $bbCode; } + /** + * @see \wcf\data\AbstractDatabaseObjectAction::validateDelete() + */ + public function validateDelete() { + parent::validateDelete(); + + foreach ($this->objects as $bbcode) { + if (!$bbcode->canDelete()) { + throw new PermissionDeniedException(); + } + } + } + /** * @see \wcf\data\IToggleAction::validateToggle() */ diff --git a/wcfsetup/install/files/lib/data/page/menu/item/PageMenuItem.class.php b/wcfsetup/install/files/lib/data/page/menu/item/PageMenuItem.class.php index 6d73797420..3edcb522d2 100644 --- a/wcfsetup/install/files/lib/data/page/menu/item/PageMenuItem.class.php +++ b/wcfsetup/install/files/lib/data/page/menu/item/PageMenuItem.class.php @@ -104,7 +104,11 @@ class PageMenuItem extends ProcessibleDatabaseObject implements ITreeMenuItem { * @return boolean */ public function canDelete() { - return ($this->isLandingPage ? false : true); + if ($this->originIsSystem || $this->isLandingPage) { + return false; + } + + return true; } /** diff --git a/wcfsetup/install/files/lib/data/page/menu/item/PageMenuItemAction.class.php b/wcfsetup/install/files/lib/data/page/menu/item/PageMenuItemAction.class.php index 68d3173f2e..a26b1b743e 100644 --- a/wcfsetup/install/files/lib/data/page/menu/item/PageMenuItemAction.class.php +++ b/wcfsetup/install/files/lib/data/page/menu/item/PageMenuItemAction.class.php @@ -160,6 +160,19 @@ class PageMenuItemAction extends AbstractDatabaseObjectAction implements ISortab } } + /** + * @see \wcf\data\AbstractDatabaseObjectAction::validateDelete() + */ + public function validateDelete() { + parent::validateDelete(); + + foreach ($this->objects as $pageMenuItem) { + if (!$pageMenuItem->canDelete()) { + throw new PermissionDeniedException(); + } + } + } + /** * @see \wcf\data\IToggleAction::validateToggle() */ diff --git a/wcfsetup/install/files/lib/data/user/option/UserOption.class.php b/wcfsetup/install/files/lib/data/user/option/UserOption.class.php index 3cedf2db31..9d1cafd91a 100644 --- a/wcfsetup/install/files/lib/data/user/option/UserOption.class.php +++ b/wcfsetup/install/files/lib/data/user/option/UserOption.class.php @@ -159,4 +159,17 @@ class UserOption extends Option { return false; } + + /** + * Returns true if this user option can be deleted. + * + * @return boolean + */ + public function canDelete() { + if ($this->originIsSystem) { + return false; + } + + return true; + } } diff --git a/wcfsetup/install/files/lib/data/user/option/UserOptionAction.class.php b/wcfsetup/install/files/lib/data/user/option/UserOptionAction.class.php index 858b6e5175..fc05ed9d83 100644 --- a/wcfsetup/install/files/lib/data/user/option/UserOptionAction.class.php +++ b/wcfsetup/install/files/lib/data/user/option/UserOptionAction.class.php @@ -2,6 +2,7 @@ namespace wcf\data\user\option; use wcf\data\AbstractDatabaseObjectAction; use wcf\data\IToggleAction; +use wcf\system\exception\PermissionDeniedException; /** * Executes user option-related actions. @@ -39,6 +40,19 @@ class UserOptionAction extends AbstractDatabaseObjectAction implements IToggleAc */ protected $requireACP = array('create', 'delete', 'toggle', 'update'); + /** + * @see \wcf\data\AbstractDatabaseObjectAction::validateDelete() + */ + public function validateDelete() { + parent::validateDelete(); + + foreach ($this->objects as $userOption) { + if (!$userOption->canDelete()) { + throw new PermissionDeniedException(); + } + } + } + /** * @see \wcf\data\IToggleAction::toggle() */ diff --git a/wcfsetup/install/files/lib/system/package/plugin/BBCodePackageInstallationPlugin.class.php b/wcfsetup/install/files/lib/system/package/plugin/BBCodePackageInstallationPlugin.class.php index 69cf4e399b..94cf103bd1 100644 --- a/wcfsetup/install/files/lib/system/package/plugin/BBCodePackageInstallationPlugin.class.php +++ b/wcfsetup/install/files/lib/system/package/plugin/BBCodePackageInstallationPlugin.class.php @@ -91,7 +91,8 @@ class BBCodePackageInstallationPlugin extends AbstractXMLPackageInstallationPlug 'attributes' => (isset($data['elements']['attributes']) ? $data['elements']['attributes'] : array()), 'className' => (!empty($data['elements']['classname']) ? $data['elements']['classname'] : ''), 'isSourceCode' => (!empty($data['elements']['sourcecode']) ? 1 : 0), - 'buttonLabel' => (isset($data['elements']['buttonlabel']) ? $data['elements']['buttonlabel'] : '') + 'buttonLabel' => (isset($data['elements']['buttonlabel']) ? $data['elements']['buttonlabel'] : ''), + 'originIsSystem' => 1 ); if ($data['wysiwygIcon'] && $data['buttonLabel']) { diff --git a/wcfsetup/install/files/lib/system/package/plugin/PageMenuPackageInstallationPlugin.class.php b/wcfsetup/install/files/lib/system/package/plugin/PageMenuPackageInstallationPlugin.class.php index dc918b6746..cff138fe4d 100644 --- a/wcfsetup/install/files/lib/system/package/plugin/PageMenuPackageInstallationPlugin.class.php +++ b/wcfsetup/install/files/lib/system/package/plugin/PageMenuPackageInstallationPlugin.class.php @@ -40,6 +40,8 @@ class PageMenuPackageInstallationPlugin extends AbstractMenuPackageInstallationP throw new SystemException("Menu item '".$result['menuItem']."' neither has a link nor a controller given"); } + $result['originIsSystem'] = 1; + return $result; } diff --git a/wcfsetup/install/files/lib/system/package/plugin/UserOptionPackageInstallationPlugin.class.php b/wcfsetup/install/files/lib/system/package/plugin/UserOptionPackageInstallationPlugin.class.php index 9954d6c58a..757cf1d446 100644 --- a/wcfsetup/install/files/lib/system/package/plugin/UserOptionPackageInstallationPlugin.class.php +++ b/wcfsetup/install/files/lib/system/package/plugin/UserOptionPackageInstallationPlugin.class.php @@ -124,7 +124,8 @@ class UserOptionPackageInstallationPlugin extends AbstractOptionPackageInstallat 'isDisabled' => $isDisabled, 'permissions' => $permissions, 'options' => $options, - 'additionalData' => serialize($additionalData) + 'additionalData' => serialize($additionalData), + 'originIsSystem' => 1 ); // update option diff --git a/wcfsetup/setup/db/install.sql b/wcfsetup/setup/db/install.sql index 448703ccc8..8b0dfc1b7f 100644 --- a/wcfsetup/setup/db/install.sql +++ b/wcfsetup/setup/db/install.sql @@ -180,6 +180,7 @@ CREATE TABLE wcf1_bbcode ( isSourceCode TINYINT(1) NOT NULL DEFAULT 0, isDisabled TINYINT(1) NOT NULL DEFAULT 0, showButton TINYINT(1) NOT NULL DEFAULT 0, + originIsSystem TINYINT(1) NOT NULL DEFAULT 0, UNIQUE KEY bbcodeTag (bbcodeTag) ); @@ -761,6 +762,7 @@ CREATE TABLE wcf1_page_menu_item ( isDisabled TINYINT(1) NOT NULL DEFAULT 0, className VARCHAR(255) NOT NULL DEFAULT '', isLandingPage TINYINT(1) NOT NULL DEFAULT 0, + originIsSystem TINYINT(1) NOT NULL DEFAULT 0, UNIQUE KEY (packageID, menuItem) ); @@ -1312,6 +1314,7 @@ CREATE TABLE wcf1_user_option ( permissions TEXT, options TEXT, additionalData MEDIUMTEXT, + originIsSystem TINYINT(1) NOT NULL DEFAULT 0, UNIQUE KEY optionName (optionName, packageID), KEY categoryName (categoryName) ); -- 2.20.1