From 95d4af02b3eb58002511825d7e526583ce995a50 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Joshua=20R=C3=BCsweg?= Date: Tue, 31 Jul 2018 18:08:41 +0200 Subject: [PATCH] Add missign permission checks for reactions See #2508 --- com.woltlab.wcf/templates/article.tpl | 29 ++++++++++++------- com.woltlab.wcf/templates/commentList.tpl | 5 +++- .../templates/commentResponseList.tpl | 2 +- .../templates/reactionSummaryList.tpl | 16 +++++----- .../js/WoltLabSuite/Core/Ui/Like/Handler.js | 2 +- .../WoltLabSuite/Core/Ui/Reaction/Handler.js | 3 +- .../data/reaction/ReactionAction.class.php | 4 +++ 7 files changed, 39 insertions(+), 22 deletions(-) diff --git a/com.woltlab.wcf/templates/article.tpl b/com.woltlab.wcf/templates/article.tpl index 38c669098c..d1ab534bfd 100644 --- a/com.woltlab.wcf/templates/article.tpl +++ b/com.woltlab.wcf/templates/article.tpl @@ -151,18 +151,25 @@ {/if} -
-
-
- {include file="reactionSummaryList" reactionData=$articleLikeData objectType="com.woltlab.wcf.likeableArticle" objectID=$article->articleID} -
-
-
-
    -
  • {if $articleLikeData[$article->articleID]|isset && $articleLikeData[$article->articleID]->reactionTypeID}{@$__wcf->getReactionHandler()->getReactionTypeByID($articleLikeData[$article->articleID]->reactionTypeID)->renderIcon()}{else}{/if}
  • -
+ {if MODULE_LIKE && ARTICLE_ENABLE_LIKE && ($__wcf->session->getPermission('user.like.canLike') || $__wcf->session->getPermission('user.like.canViewLike'))} +
+ {if $__wcf->session->getPermission('user.like.canViewLike')} +
+
+ {include file="reactionSummaryList" reactionData=$articleLikeData objectType="com.woltlab.wcf.likeableArticle" objectID=$article->articleID} +
+
+ {/if} + + {if MODULE_LIKE && $__wcf->session->getPermission('user.like.canLike') && (LIKE_ALLOW_FOR_OWN_CONTENT || $article->userID != $__wcf->user->userID)} +
+
    +
  • {if $articleLikeData[$article->articleID]|isset && $articleLikeData[$article->articleID]->reactionTypeID}{@$__wcf->getReactionHandler()->getReactionTypeByID($articleLikeData[$article->articleID]->reactionTypeID)->renderIcon()}{else}{/if}
  • +
+
+ {/if}
-
+ {/if}
{event name='afterArticleContent'} diff --git a/com.woltlab.wcf/templates/commentList.tpl b/com.woltlab.wcf/templates/commentList.tpl index abfad31c99..20ab1684be 100644 --- a/com.woltlab.wcf/templates/commentList.tpl +++ b/com.woltlab.wcf/templates/commentList.tpl @@ -55,7 +55,10 @@
  • {/if} - {if MODULE_LIKE}
  • {if $likeData[comment][$comment->commentID]|isset && $likeData[comment][$comment->commentID]->reactionTypeID}{@$__wcf->getReactionHandler()->getReactionTypeByID($likeData[comment][$comment->commentID]->reactionTypeID)->renderIcon()}{else}{/if}
  • {/if} + {if MODULE_LIKE && $__wcf->session->getPermission('user.like.canLike') && (LIKE_ALLOW_FOR_OWN_CONTENT || $comment->userID != $__wcf->user->userID)} +
  • {if $likeData[comment][$comment->commentID]|isset && $likeData[comment][$comment->commentID]->reactionTypeID}{@$__wcf->getReactionHandler()->getReactionTypeByID($likeData[comment][$comment->commentID]->reactionTypeID)->renderIcon()}{else}{/if}
  • + {/if} + {event name='commentOptions'} diff --git a/com.woltlab.wcf/templates/commentResponseList.tpl b/com.woltlab.wcf/templates/commentResponseList.tpl index 0204703c7b..714cab266e 100644 --- a/com.woltlab.wcf/templates/commentResponseList.tpl +++ b/com.woltlab.wcf/templates/commentResponseList.tpl @@ -48,7 +48,7 @@
  • {/if} -
  • {if $likeData[response][$response->responseID]|isset && $likeData[response][$response->responseID]->reactionTypeID}{@$__wcf->getReactionHandler()->getReactionTypeByID($likeData[response][$response->responseID]->reactionTypeID)->renderIcon()}{else}{/if}
  • + {if MODULE_LIKE && $__wcf->session->getPermission('user.like.canLike') && (LIKE_ALLOW_FOR_OWN_CONTENT || $response->userID != $__wcf->user->userID)}
  • {if $likeData[response][$response->responseID]|isset && $likeData[response][$response->responseID]->reactionTypeID}{@$__wcf->getReactionHandler()->getReactionTypeByID($likeData[response][$response->responseID]->reactionTypeID)->renderIcon()}{else}{/if}
  • {/if} {event name='commentOptions'} diff --git a/com.woltlab.wcf/templates/reactionSummaryList.tpl b/com.woltlab.wcf/templates/reactionSummaryList.tpl index dcefe25b72..f9108f15f9 100644 --- a/com.woltlab.wcf/templates/reactionSummaryList.tpl +++ b/com.woltlab.wcf/templates/reactionSummaryList.tpl @@ -1,7 +1,9 @@ - \ No newline at end of file +{if $__wcf->session->getPermission('user.like.canViewLike')} + +{/if} \ No newline at end of file diff --git a/wcfsetup/install/files/js/WoltLabSuite/Core/Ui/Like/Handler.js b/wcfsetup/install/files/js/WoltLabSuite/Core/Ui/Like/Handler.js index 951b729e0b..b5fa93554f 100644 --- a/wcfsetup/install/files/js/WoltLabSuite/Core/Ui/Like/Handler.js +++ b/wcfsetup/install/files/js/WoltLabSuite/Core/Ui/Like/Handler.js @@ -129,7 +129,7 @@ define( isSummaryPosition = false; } - if (badgeContainer !== null) { + if (badgeContainer !== null && this._options.canViewSummary) { summaryList = elCreate('ul'); summaryList.className = 'reactionSummaryList' + (isSummaryPosition ? ' likesSummary' : ' reactionSummaryListTiny') + ((isSummaryPosition && this._options.badgeClassNames) ? ' ' + this._options.badgeClassNames : ''); diff --git a/wcfsetup/install/files/js/WoltLabSuite/Core/Ui/Reaction/Handler.js b/wcfsetup/install/files/js/WoltLabSuite/Core/Ui/Reaction/Handler.js index fcf8390a37..e04c6fbca7 100644 --- a/wcfsetup/install/files/js/WoltLabSuite/Core/Ui/Reaction/Handler.js +++ b/wcfsetup/install/files/js/WoltLabSuite/Core/Ui/Reaction/Handler.js @@ -109,7 +109,8 @@ define( elementData.reactButton = elBySel(this._options.buttonSelector, element); if (elementData.reactButton === null || elementData.reactButton.length === 0) { - throw new Error("[WoltLabSuite/Core/Ui/Reaction/Handler] Unable to find reactButton."); + // the element may have no react button + return; } elementData.reactButton.addEventListener(WCF_CLICK_EVENT, this._toggleReactPopover.bind(this, elementData.objectId, elementData.reactButton)); diff --git a/wcfsetup/install/files/lib/data/reaction/ReactionAction.class.php b/wcfsetup/install/files/lib/data/reaction/ReactionAction.class.php index 21e3ba9dd2..57b68115db 100644 --- a/wcfsetup/install/files/lib/data/reaction/ReactionAction.class.php +++ b/wcfsetup/install/files/lib/data/reaction/ReactionAction.class.php @@ -66,6 +66,10 @@ class ReactionAction extends AbstractDatabaseObjectAction { public function validateGetReactionDetails() { $this->validateObjectParameters(); + if (!WCF::getSession()->getPermission('user.like.canViewLike')) { + throw new PermissionDeniedException(); + } + $this->readInteger('reactionTypeID'); $this->readInteger('pageNo'); -- 2.20.1