Enforce new canReply permission

author joshuaruesweg <josh@wcflabs.de>

Sun, 5 Jul 2020 12:45:13 +0000 (14:45 +0200)

committer joshuaruesweg <josh@wcflabs.de>

Sun, 5 Jul 2020 12:45:13 +0000 (14:45 +0200)
author joshuaruesweg <josh@wcflabs.de>
Sun, 5 Jul 2020 12:45:13 +0000 (14:45 +0200)
committer joshuaruesweg <josh@wcflabs.de>
Sun, 5 Jul 2020 12:45:13 +0000 (14:45 +0200)
diff --git a/files/lib/data/conversation/Conversation.class.php b/files/lib/data/conversation/Conversation.class.php

index 98d11bfc600d26c0de4670d2b20eb4bd30f51940..1c05a0d36ac96b6a8aed1d9801e94dd5fdb1efae 100644 (file)
--- a/files/lib/data/conversation/Conversation.class.php
+++ b/files/lib/data/conversation/Conversation.class.php
@@ -135,7 +135,7 @@ class Conversation extends DatabaseObject implements IPopoverObject, IRouteContr
          * @return      boolean
          */
         public function canReply() {
-               return !$this->isClosed && !$this->leftAt;
+               return !$this->isClosed && !$this->leftAt && WCF::getSession()->getPermission('user.conversation.canReplyToConversation');
         }
         
         /**
diff --git a/files/lib/data/conversation/message/ConversationMessage.class.php b/files/lib/data/conversation/message/ConversationMessage.class.php

index e05e26ab93900ea07b98811f6dcc2c23efd2c9a7..90b20ba5f2aed08096fc5712d010fa0a04c561be 100644 (file)
--- a/files/lib/data/conversation/message/ConversationMessage.class.php
+++ b/files/lib/data/conversation/message/ConversationMessage.class.php
@@ -147,7 +147,9 @@ class ConversationMessage extends DatabaseObject implements IMessage {
          * @return      boolean
          */
         public function canEdit() {
-               return (WCF::getUser()->userID == $this->userID && ($this->getConversation()->isDraft || WCF::getSession()->getPermission('user.conversation.canEditMessage')));
+               return  (WCF::getUser()->userID == $this->userID && 
+                       ($this->getConversation()->isDraft || WCF::getSession()->getPermission('user.conversation.canEditMessage')) 
+                       && $this->getConversation()->canReply());
         }
         
         /**
diff --git a/files/lib/data/conversation/message/ConversationMessageAction.class.php b/files/lib/data/conversation/message/ConversationMessageAction.class.php

index c1c73e1e0db7a7b477a1e96acdeffeda5d00a687..bed559f6dcfc79660c29255c1529d4b21a921e1c 100644 (file)
--- a/files/lib/data/conversation/message/ConversationMessageAction.class.php
+++ b/files/lib/data/conversation/message/ConversationMessageAction.class.php
@@ -488,7 +488,7 @@ class ConversationMessageAction extends AbstractDatabaseObjectAction implements
                         throw new PermissionDeniedException();
                 }
                 $conversation->loadUserParticipation();
-               if (!$conversation->canRead()) {
+               if (!$conversation->canRead() || !$conversation->canReply()) {
                         throw new PermissionDeniedException();
                 }
         }
author	joshuaruesweg <josh@wcflabs.de>
	Sun, 5 Jul 2020 12:45:13 +0000 (14:45 +0200)
committer	joshuaruesweg <josh@wcflabs.de>
	Sun, 5 Jul 2020 12:45:13 +0000 (14:45 +0200)
files/lib/data/conversation/Conversation.class.php		patch \| blob \| blame \| history
files/lib/data/conversation/message/ConversationMessage.class.php		patch \| blob \| blame \| history
files/lib/data/conversation/message/ConversationMessageAction.class.php		patch \| blob \| blame \| history