projects
/
GitHub
/
WoltLab
/
com.woltlab.wcf.conversation.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
50ad293
)
Enforce new canReply permission
author
joshuaruesweg
<josh@wcflabs.de>
Sun, 5 Jul 2020 12:45:13 +0000
(14:45 +0200)
committer
joshuaruesweg
<josh@wcflabs.de>
Sun, 5 Jul 2020 12:45:13 +0000
(14:45 +0200)
files/lib/data/conversation/Conversation.class.php
patch
|
blob
|
blame
|
history
files/lib/data/conversation/message/ConversationMessage.class.php
patch
|
blob
|
blame
|
history
files/lib/data/conversation/message/ConversationMessageAction.class.php
patch
|
blob
|
blame
|
history
diff --git
a/files/lib/data/conversation/Conversation.class.php
b/files/lib/data/conversation/Conversation.class.php
index 98d11bfc600d26c0de4670d2b20eb4bd30f51940..1c05a0d36ac96b6a8aed1d9801e94dd5fdb1efae 100644
(file)
--- a/
files/lib/data/conversation/Conversation.class.php
+++ b/
files/lib/data/conversation/Conversation.class.php
@@
-135,7
+135,7
@@
class Conversation extends DatabaseObject implements IPopoverObject, IRouteContr
* @return boolean
*/
public function canReply() {
* @return boolean
*/
public function canReply() {
- return !$this->isClosed && !$this->leftAt;
+ return !$this->isClosed && !$this->leftAt
&& WCF::getSession()->getPermission('user.conversation.canReplyToConversation')
;
}
/**
}
/**
diff --git
a/files/lib/data/conversation/message/ConversationMessage.class.php
b/files/lib/data/conversation/message/ConversationMessage.class.php
index e05e26ab93900ea07b98811f6dcc2c23efd2c9a7..90b20ba5f2aed08096fc5712d010fa0a04c561be 100644
(file)
--- a/
files/lib/data/conversation/message/ConversationMessage.class.php
+++ b/
files/lib/data/conversation/message/ConversationMessage.class.php
@@
-147,7
+147,9
@@
class ConversationMessage extends DatabaseObject implements IMessage {
* @return boolean
*/
public function canEdit() {
* @return boolean
*/
public function canEdit() {
- return (WCF::getUser()->userID == $this->userID && ($this->getConversation()->isDraft || WCF::getSession()->getPermission('user.conversation.canEditMessage')));
+ return (WCF::getUser()->userID == $this->userID &&
+ ($this->getConversation()->isDraft || WCF::getSession()->getPermission('user.conversation.canEditMessage'))
+ && $this->getConversation()->canReply());
}
/**
}
/**
diff --git
a/files/lib/data/conversation/message/ConversationMessageAction.class.php
b/files/lib/data/conversation/message/ConversationMessageAction.class.php
index c1c73e1e0db7a7b477a1e96acdeffeda5d00a687..bed559f6dcfc79660c29255c1529d4b21a921e1c 100644
(file)
--- a/
files/lib/data/conversation/message/ConversationMessageAction.class.php
+++ b/
files/lib/data/conversation/message/ConversationMessageAction.class.php
@@
-488,7
+488,7
@@
class ConversationMessageAction extends AbstractDatabaseObjectAction implements
throw new PermissionDeniedException();
}
$conversation->loadUserParticipation();
throw new PermissionDeniedException();
}
$conversation->loadUserParticipation();
- if (!$conversation->canRead()) {
+ if (!$conversation->canRead()
|| !$conversation->canReply()
) {
throw new PermissionDeniedException();
}
}
throw new PermissionDeniedException();
}
}