From 03c6304e19d5d3ecd276dd3f42220db301ab511d Mon Sep 17 00:00:00 2001 From: Lukas Fleischer Date: Tue, 15 Jul 2014 20:52:54 +0200 Subject: Rework permission handling Add a new function has_credential() that checks whether the currently logged in user is allowed to perform a given action. Moving all permission handling to this central place makes adding new user groups and adjusting permissions much more convenient. Signed-off-by: Lukas Fleischer --- web/html/account.php | 20 +++---- web/html/addvote.php | 7 +-- web/html/packages.php | 7 --- web/html/pkgbase.php | 31 +++++------ web/html/pkgdel.php | 8 +-- web/html/pkgmerge.php | 8 +-- web/html/pkgreq.php | 2 +- web/html/tu.php | 9 +--- web/html/voters.php | 3 +- web/lib/acctfuncs.inc.php | 37 ++++--------- web/lib/aur.inc.php | 11 +--- web/lib/credentials.inc.php | 76 +++++++++++++++++++++++++++ web/lib/pkgbasefuncs.inc.php | 93 ++++++++++++++------------------- web/lib/pkgfuncs.inc.php | 36 +++---------- web/lib/pkgreqfuncs.inc.php | 2 +- web/template/account_details.php | 4 +- web/template/account_edit_form.php | 7 +-- web/template/account_search_results.php | 11 ++-- web/template/actions_form.php | 5 +- web/template/header.php | 6 +-- web/template/pkg_comments.php | 3 +- web/template/pkg_details.php | 14 ++--- web/template/pkg_search_results.php | 10 +--- web/template/pkgbase_details.php | 14 ++--- 24 files changed, 187 insertions(+), 237 deletions(-) create mode 100644 web/lib/credentials.inc.php (limited to 'web') diff --git a/web/html/account.php b/web/html/account.php index 47cf6d2..f212eab 100644 --- a/web/html/account.php +++ b/web/html/account.php @@ -18,18 +18,14 @@ echo "

".__("Accounts")."

\n"; $action = in_request("Action"); if (isset($_COOKIE["AURSID"])) { - # visitor is logged in - # - $atype = account_from_sid($_COOKIE["AURSID"]); - if ($action == "SearchAccounts") { # security check # - if ($atype == "Trusted User" || $atype == "Developer") { + if (has_credential(CRED_ACCOUNT_SEARCH)) { # the user has entered search criteria, find any matching accounts # - search_results_page($atype, in_request("O"), in_request("SB"), + search_results_page(in_request("O"), in_request("SB"), in_request("U"), in_request("T"), in_request("S"), in_request("E"), in_request("R"), in_request("I"), in_request("K")); @@ -48,8 +44,8 @@ if (isset($_COOKIE["AURSID"])) { print __("Could not retrieve information for the specified user."); } else { /* Verify user has permission to edit the account */ - if (can_edit_account($atype, $row, uid_from_sid($_COOKIE["AURSID"]))) { - display_account_form($atype, "UpdateAccount", $row["Username"], + if (can_edit_account($row)) { + display_account_form("UpdateAccount", $row["Username"], $row["AccountTypeID"], $row["Suspended"], $row["Email"], "", "", $row["RealName"], $row["LangPreference"], $row["IRCNick"], $row["PGPKey"], @@ -70,22 +66,20 @@ if (isset($_COOKIE["AURSID"])) { } } elseif ($action == "UpdateAccount") { - $uid = uid_from_sid($_COOKIE['AURSID']); - /* Details for account being updated */ $acctinfo = account_details(in_request('ID'), in_request('U')); /* Verify user permissions and that the request is a valid POST */ - if (can_edit_account($atype, $acctinfo, $uid) && check_token()) { + if (can_edit_account($acctinfo) && check_token()) { /* Update the details for the existing account */ - process_account_form($atype, "edit", "UpdateAccount", + process_account_form("edit", "UpdateAccount", in_request("U"), in_request("T"), in_request("S"), in_request("E"), in_request("P"), in_request("C"), in_request("R"), in_request("L"), in_request("I"), in_request("K"), in_request("J"), in_request("ID")); } } else { - if ($atype == "Trusted User" || $atype == "Developer") { + if (has_credential(CRED_ACCOUNT_SEARCH)) { # display the search page if they're a TU/dev # print __("Use this form to search existing accounts.")."
\n"; diff --git a/web/html/addvote.php b/web/html/addvote.php index 3ce99c0..0b6b9c6 100644 --- a/web/html/addvote.php +++ b/web/html/addvote.php @@ -11,13 +11,10 @@ $title = __("Add Proposal"); html_header($title); if (isset($_COOKIE["AURSID"])) { - $atype = account_from_sid($_COOKIE["AURSID"]); - $uid = uid_from_sid($_COOKIE["AURSID"]); -} else { - $atype = ""; + $uid = uid_from_sid($_COOKIE["AURSID"]); } -if ($atype == "Trusted User" || $atype == "Developer") { +if (has_credential(CRED_TU_ADD_VOTE)) { if (!empty($_POST['addVote']) && !check_token()) { $error = __("Invalid token for user action."); diff --git a/web/html/packages.php b/web/html/packages.php index 2fb9cbc..645806e 100644 --- a/web/html/packages.php +++ b/web/html/packages.php @@ -35,13 +35,6 @@ if (isset($pkgname)) { $title = __("Packages"); } -# Retrieve account type -if (isset($_COOKIE["AURSID"])) { - $atype = account_from_sid($_COOKIE["AURSID"]); -} else { - $atype = ""; -} - $details = array(); if (isset($pkgname)) { $details = pkg_get_details($pkgid); diff --git a/web/html/pkgbase.php b/web/html/pkgbase.php index cf2b774..4f35a67 100644 --- a/web/html/pkgbase.php +++ b/web/html/pkgbase.php @@ -32,13 +32,6 @@ if (!isset($base_id) || !isset($pkgbase_name)) { /* Set the title to package base name. */ $title = $pkgbase_name; -/* Retrieve account type. */ -if (isset($_COOKIE["AURSID"])) { - $atype = account_from_sid($_COOKIE["AURSID"]); -} else { - $atype = ""; -} - /* Grab the list of package base IDs to be operated on. */ $ids = array(); if (isset($_POST['IDs'])) { @@ -55,29 +48,29 @@ $ret = false; $output = ""; if (check_token()) { if (current_action("do_Flag")) { - list($ret, $output) = pkgbase_flag($atype, $ids); + list($ret, $output) = pkgbase_flag($ids); } elseif (current_action("do_UnFlag")) { - list($ret, $output) = pkgbase_unflag($atype, $ids); + list($ret, $output) = pkgbase_unflag($ids); } elseif (current_action("do_Adopt")) { - list($ret, $output) = pkgbase_adopt($atype, $ids, true, NULL); + list($ret, $output) = pkgbase_adopt($ids, true, NULL); } elseif (current_action("do_Disown")) { $via = isset($_POST['via']) ? $_POST['via'] : NULL; - list($ret, $output) = pkgbase_adopt($atype, $ids, false, $via); + list($ret, $output) = pkgbase_adopt($ids, false, $via); } elseif (current_action("do_Vote")) { - list($ret, $output) = pkgbase_vote($atype, $ids, true); + list($ret, $output) = pkgbase_vote($ids, true); } elseif (current_action("do_UnVote")) { - list($ret, $output) = pkgbase_vote($atype, $ids, false); + list($ret, $output) = pkgbase_vote($ids, false); } elseif (current_action("do_Delete")) { if (isset($_POST['confirm_Delete'])) { $via = isset($_POST['via']) ? $_POST['via'] : NULL; if (!isset($_POST['merge_Into']) || empty($_POST['merge_Into'])) { - list($ret, $output) = pkgbase_delete($atype, $ids, NULL, $via); + list($ret, $output) = pkgbase_delete($ids, NULL, $via); unset($_GET['ID']); } else { $merge_base_id = pkgbase_from_name($_POST['merge_Into']); if ($merge_base_id) { - list($ret, $output) = pkgbase_delete($atype, $ids, $merge_base_id, $via); + list($ret, $output) = pkgbase_delete($ids, $merge_base_id, $via); unset($_GET['ID']); } else { $output = __("Cannot find package to merge votes and comments into."); @@ -90,13 +83,13 @@ if (check_token()) { $ret = false; } } elseif (current_action("do_Notify")) { - list($ret, $output) = pkgbase_notify($atype, $ids); + list($ret, $output) = pkgbase_notify($ids); } elseif (current_action("do_UnNotify")) { - list($ret, $output) = pkgbase_notify($atype, $ids, false); + list($ret, $output) = pkgbase_notify($ids, false); } elseif (current_action("do_DeleteComment")) { - list($ret, $output) = pkgbase_delete_comment($atype); + list($ret, $output) = pkgbase_delete_comment(); } elseif (current_action("do_ChangeCategory")) { - list($ret, $output) = pkgbase_change_category($base_id, $atype); + list($ret, $output) = pkgbase_change_category($base_id); } elseif (current_action("do_FileRequest")) { list($ret, $output) = pkgreq_file($ids, $_POST['type'], $_POST['merge_into'], $_POST['comments']); } elseif (current_action("do_CloseRequest")) { diff --git a/web/html/pkgdel.php b/web/html/pkgdel.php index 621c3c9..41900e4 100644 --- a/web/html/pkgdel.php +++ b/web/html/pkgdel.php @@ -10,13 +10,7 @@ check_sid(); html_header(__("Package Deletion")); -$atype = ""; - -if (isset($_COOKIE["AURSID"])) { - $atype = account_from_sid($_COOKIE["AURSID"]); -} - -if ($atype == "Trusted User" || $atype == "Developer"): ?> +if (has_credential(CRED_PKGBASE_DELETE)): ?>

diff --git a/web/html/pkgmerge.php b/web/html/pkgmerge.php index ba3f742..6a3b3c5 100644 --- a/web/html/pkgmerge.php +++ b/web/html/pkgmerge.php @@ -10,13 +10,7 @@ check_sid(); html_header(__("Package Merging")); -$atype = ""; - -if (isset($_COOKIE["AURSID"])) { - $atype = account_from_sid($_COOKIE["AURSID"]); -} - -if ($atype == "Trusted User" || $atype == "Developer"): ?> +if (has_credential(CRED_PKGBASE_DELETE)): ?>

diff --git a/web/html/pkgreq.php b/web/html/pkgreq.php index 9dec1f6..03b31b8 100644 --- a/web/html/pkgreq.php +++ b/web/html/pkgreq.php @@ -16,7 +16,7 @@ if (isset($base_id)) { $pkgbase_name = pkgreq_get_pkgbase_name($pkgreq_id); include('pkgreq_close_form.php'); } else { - if (!check_user_privileges()) { + if (!has_credential(CRED_PKGREQ_LIST)) { header('Location: /'); exit(); } diff --git a/web/html/tu.php b/web/html/tu.php index 5d4e37d..158632a 100644 --- a/web/html/tu.php +++ b/web/html/tu.php @@ -14,12 +14,7 @@ html_header($title); $pp = 10; $prev_Len = 75; -$atype = ""; -if (isset($_COOKIE["AURSID"])) { - $atype = account_from_sid($_COOKIE["AURSID"]); -} - -if ($atype == "Trusted User" || $atype == "Developer") { +if (has_credential(CRED_TU_LIST_VOTES)) { if (isset($_GET['id'])) { if (is_numeric($_GET['id'])) { @@ -39,7 +34,7 @@ if ($atype == "Trusted User" || $atype == "Developer") { if ($isrunning == 0) { $canvote = 0; $errorvote = __("Voting is closed for this proposal."); - } else if ($atype == "Developer") { + } else if (!has_credential(CRED_TU_VOTE)) { $canvote = 0; $errorvote = __("Only Trusted Users are allowed to vote."); } else if ($row['User'] == username_from_sid($_COOKIE["AURSID"])) { diff --git a/web/html/voters.php b/web/html/voters.php index bbcf547..8766fa7 100644 --- a/web/html/voters.php +++ b/web/html/voters.php @@ -6,11 +6,10 @@ include_once('pkgfuncs.inc.php'); $SID = $_COOKIE['AURSID']; $pkgname = htmlspecialchars($_GET['N']); $votes = pkgbase_votes_from_name($pkgname); -$atype = account_from_sid($SID); html_header(__("Voters")); -if ($atype == 'Trusted User' || $atype== 'Developer'): +if (has_credential(CRED_PKGBASE_LIST_VOTERS)): ?>

diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index 06d4311..e2e37b8 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -42,7 +42,6 @@ function html_format_pgp_fingerprint($fingerprint) { * Loads the account editing form, with any values that are already saved * * @global array $SUPPORTED_LANGS Languages that are supported by the AUR - * @param string $UTYPE User type of the account accessing the form * @param string $A Form to use, either UpdateAccount or NewAccount * @param string $U The username to display * @param string $T The account type of the displayed user @@ -59,7 +58,7 @@ function html_format_pgp_fingerprint($fingerprint) { * * @return void */ -function display_account_form($UTYPE,$A,$U="",$T="",$S="", +function display_account_form($A,$U="",$T="",$S="", $E="",$P="",$C="",$R="",$L="",$I="",$K="",$J="", $UID=0) { global $SUPPORTED_LANGS; @@ -71,7 +70,6 @@ function display_account_form($UTYPE,$A,$U="",$T="",$S="", * Process information given to new/edit account form * * @global array $SUPPORTED_LANGS Languages that are supported by the AUR - * @param string $UTYPE The account type of the user modifying the account * @param string $TYPE Either "edit" for editing or "new" for registering an account * @param string $A Form to use, either UpdateAccount or NewAccount * @param string $U The username for the account @@ -89,7 +87,7 @@ function display_account_form($UTYPE,$A,$U="",$T="",$S="", * * @return string|void Return void if successful, otherwise return error */ -function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", +function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="", $P="",$C="",$R="",$L="",$I="",$K="",$J="",$UID=0) { global $SUPPORTED_LANGS, $AUR_LOCATION; @@ -143,7 +141,8 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", $error = __("The PGP key fingerprint is invalid."); } - if (($UTYPE == "User" && $T > 1) || ($UTYPE == "Trusted User" && $T > 2)) { + $atype = account_from_sid($_COOKIE['AURSID']); + if (($atype == "User" && $T > 1) || ($atype == "Trusted User" && $T > 2)) { $error = __("Cannot increase account permissions."); } if (!$error && !array_key_exists($L, $SUPPORTED_LANGS)) { @@ -188,7 +187,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", if ($error) { print "
  • ".$error."
\n"; - display_account_form($UTYPE, $A, $U, $T, $S, $E, "", "", + display_account_form($A, $U, $T, $S, $E, "", "", $R, $L, $I, $K, $J, $UID); return; } @@ -299,7 +298,6 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", /** * Display the search results page * - * @param string $UTYPE User type of the account accessing the form * @param string $O The offset for the results page * @param string $SB The column to sort the results page by * @param string $U The username search criteria @@ -312,7 +310,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", * * @return void */ -function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="", +function search_results_page($O=0,$SB="",$U="",$T="", $S="",$E="",$R="",$I="",$K="") { $HITS_PER_PAGE = 50; @@ -1098,28 +1096,15 @@ function cast_proposal_vote($voteid, $uid, $vote, $newtotal) { /** * Verify a user has the proper permissions to edit an account * - * @param string $atype Account type of the editing user * @param array $acctinfo User account information for edited account - * @param int $uid User ID of the editing user * * @return bool True if permission to edit the account, otherwise false */ -function can_edit_account($atype, $acctinfo, $uid) { - /* Developers can edit any account */ - if ($atype == 'Developer') { - return true; - } - - /* Trusted Users can edit all accounts except Developer accounts */ - if ($atype == 'Trusted User' && - $acctinfo['AccountType'] != 'Developer') { - return true; +function can_edit_account($acctinfo) { + if ($acctinfo['AccountType'] == 'Developer') { + return has_credential(CRED_ACCOUNT_EDIT_DEV); } - /* Users can edit only their own account */ - if ($acctinfo['ID'] == $uid) { - return true; - } - - return false; + $uid = uid_from_sid($_COOKIE['AURSID']); + return has_credential(CRED_ACCOUNT_EDIT, array($uid)); } diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php index 7fa792b..82730bb 100644 --- a/web/lib/aur.inc.php +++ b/web/lib/aur.inc.php @@ -16,6 +16,7 @@ include_once("routing.inc.php"); include_once("version.inc.php"); include_once("acctfuncs.inc.php"); include_once("cachefuncs.inc.php"); +include_once("credentials.inc.php"); /** * Check if a visitor is logged in @@ -406,16 +407,6 @@ function uid_from_email($email) { return $row[0]; } -/** - * Determine if a user has TU or Developer privileges - * - * @return bool Return true if the user is a TU or developer, otherwise false - */ -function check_user_privileges() { - $type = account_from_sid($_COOKIE['AURSID']); - return ($type == 'Trusted User' || $type == 'Developer'); -} - /** * Generate clean url with edited/added user values * diff --git a/web/lib/credentials.inc.php b/web/lib/credentials.inc.php new file mode 100644 index 0000000..22068e4 --- /dev/null +++ b/web/lib/credentials.inc.php @@ -0,0 +1,76 @@ +exec($q); @@ -439,19 +438,14 @@ function pkgbase_unflag($atype, $base_ids) { /** * Delete package bases * - * @param string $atype Account type, output of account_from_sid * @param array $base_ids Array of package base IDs to delete * @param int $merge_base_id Package base to merge the deleted ones into * @param int $via Package request to close upon deletion * * @return array Tuple of success/failure indicator and error message */ -function pkgbase_delete ($atype, $base_ids, $merge_base_id, $via) { - if (!$atype) { - return array(false, __("You must be logged in before you can delete packages.")); - } - - if ($atype != "Trusted User" && $atype != "Developer") { +function pkgbase_delete ($base_ids, $merge_base_id, $via) { + if (!has_credential(CRED_PKGBASE_DELETE)) { return array(false, __("You do not have permission to delete packages.")); } @@ -552,15 +546,15 @@ function pkgbase_delete ($atype, $base_ids, $merge_base_id, $via) { /** * Adopt or disown packages * - * @param string $atype Account type, output of account_from_sid * @param array $base_ids Array of package base IDs to adopt/disown * @param bool $action Adopts if true, disowns if false. Adopts by default * @param int $via Package request to close upon adoption * * @return array Tuple of success/failure indicator and error message */ -function pkgbase_adopt ($atype, $base_ids, $action=true, $via) { - if (!$atype) { +function pkgbase_adopt ($base_ids, $action=true, $via) { + $uid = uid_from_sid($_COOKIE["AURSID"]); + if (!$uid) { if ($action) { return array(false, __("You must be logged in before you can adopt packages.")); } else { @@ -579,23 +573,21 @@ function pkgbase_adopt ($atype, $base_ids, $action=true, $via) { $dbh = DB::connect(); - $field = "MaintainerUID"; $q = "UPDATE PackageBases "; - if ($action) { - $user = uid_from_sid($_COOKIE["AURSID"]); + $q.= "SET MaintainerUID = $uid "; } else { - $user = 'NULL'; + $q.= "SET MaintainerUID = NULL "; } - - $q.= "SET $field = $user "; $q.= "WHERE ID IN (" . implode(",", $base_ids) . ") "; - if ($action && $atype == "User") { + if ($action && !has_credential(CRED_PKGBASE_ADOPT)) { /* Regular users may only adopt orphan packages. */ - $q.= "AND $field IS NULL "; - } else if ($atype == "User") { - $q.= "AND $field = " . uid_from_sid($_COOKIE["AURSID"]); + $q.= "AND MaintainerUID IS NULL"; + } + if (!$action && !has_credential(CRED_PKGBASE_DISOWN)) { + /* Regular users may only disown their own packages. */ + $q.= "AND MaintainerUID = " . $uid; } $dbh->exec($q); @@ -615,14 +607,13 @@ function pkgbase_adopt ($atype, $base_ids, $action=true, $via) { /** * Vote and un-vote for packages * - * @param string $atype Account type, output of account_from_sid * @param array $base_ids Array of package base IDs to vote/un-vote * @param bool $action Votes if true, un-votes if false. Votes by default * * @return array Tuple of success/failure indicator and error message */ -function pkgbase_vote ($atype, $base_ids, $action=true) { - if (!$atype) { +function pkgbase_vote ($base_ids, $action=true) { + if (!has_credential(CRED_PKGBASE_VOTE)) { if ($action) { return array(false, __("You must be logged in before you can vote for packages.")); } else { @@ -767,13 +758,12 @@ function pkgbase_user_notify($uid, $base_id) { /** * Toggle notification of packages * - * @param string $atype Account type, output of account_from_sid * @param array $base_ids Array of package base IDs to toggle * * @return array Tuple of success/failure indicator and error message */ -function pkgbase_notify ($atype, $base_ids, $action=true) { - if (!$atype) { +function pkgbase_notify ($base_ids, $action=true) { + if (!has_credential(CRED_PKGBASE_NOTIFY)) { return; } @@ -845,12 +835,11 @@ function pkgbase_notify ($atype, $base_ids, $action=true) { /** * Delete a package comment * - * @param string $atype Account type, output of account_from_sid - * * @return array Tuple of success/failure indicator and error message */ -function pkgbase_delete_comment($atype) { - if (!$atype) { +function pkgbase_delete_comment() { + $uid = uid_from_sid($_COOKIE["AURSID"]); + if (!$uid) { return array(false, __("You must be logged in before you can edit package information.")); } @@ -861,8 +850,7 @@ function pkgbase_delete_comment($atype) { } $dbh = DB::connect(); - $uid = uid_from_sid($_COOKIE["AURSID"]); - if (can_delete_comment($comment_id, $atype, $uid)) { + if (can_delete_comment($comment_id)) { $q = "UPDATE PackageComments "; $q.= "SET DelUsersID = ".$uid." "; $q.= "WHERE ID = ".intval($comment_id); @@ -877,12 +865,12 @@ function pkgbase_delete_comment($atype) { * Change package base category * * @param int Package base ID of the package base to modify - * @param string $atype Account type, output of account_from_sid * * @return array Tuple of success/failure indicator and error message */ -function pkgbase_change_category($base_id, $atype) { - if (!$atype) { +function pkgbase_change_category($base_id) { + $uid = uid_from_sid($_COOKIE["AURSID"]); + if (!$uid) { return array(false, __("You must be logged in before you can edit package information.")); } @@ -906,21 +894,16 @@ function pkgbase_change_category($base_id, $atype) { if ($result) { $row = $result->fetch(PDO::FETCH_ASSOC); } - else { - return array(false, __("You are not allowed to change this package category.")); - } - $uid = uid_from_sid($_COOKIE["AURSID"]); - if ($uid == $row["MaintainerUID"] || - ($atype == "Developer" || $atype == "Trusted User")) { - $q = "UPDATE PackageBases "; - $q.= "SET CategoryID = ".intval($category_id)." "; - $q.= "WHERE ID = ".intval($base_id); - $dbh->exec($q); - return array(true, __("Package category changed.")); - } else { + if (!$result || !has_credential(CRED_PKGBASE_CHANGE_CATEGORY, array($row["MaintainerUID"]))) { return array(false, __("You are not allowed to change this package category.")); } + + $q = "UPDATE PackageBases "; + $q.= "SET CategoryID = ".intval($category_id)." "; + $q.= "WHERE ID = ".intval($base_id); + $dbh->exec($q); + return array(true, __("Package category changed.")); } /** diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php index a2b8a0d..29da97b 100644 --- a/web/lib/pkgfuncs.inc.php +++ b/web/lib/pkgfuncs.inc.php @@ -9,17 +9,15 @@ include_once("pkgbasefuncs.inc.php"); * comments. This function is used for the backend side of comment deletion. * * @param string $comment_id The comment ID in the database - * @param string $atype The account type of the user trying to delete a comment - * @param string|int $uid The user ID of the individual trying to delete a comment * * @return bool True if the user can delete the comment, otherwise false */ -function can_delete_comment($comment_id=0, $atype="", $uid=0) { - if (!$uid) { +function can_delete_comment($comment_id=0) { + if (!uid_from_sid($_COOKIE["AURSID"])) { /* Unauthenticated users cannot delete anything. */ return false; } - if ($atype == "Trusted User" || $atype == "Developer") { + if (has_credential(CRED_COMMENT_DELETE)) { /* TUs and developers can delete any comment. */ return true; } @@ -45,23 +43,11 @@ function can_delete_comment($comment_id=0, $atype="", $uid=0) { * comments. This function is used for the frontend side of comment deletion. * * @param array $comment All database information relating a specific comment - * @param string $atype The account type of the user trying to delete a comment - * @param string|int $uid The user ID of the individual trying to delete a comment * * @return bool True if the user can delete the comment, otherwise false */ -function can_delete_comment_array($comment, $atype="", $uid=0) { - if (!$uid) { - /* Unauthenticated users cannot delete anything. */ - return false; - } elseif ($atype == "Trusted User" || $atype == "Developer") { - /* TUs and developers can delete any comment. */ - return true; - } else if ($comment['UsersID'] == $uid) { - /* Users can delete their own comments. */ - return true; - } - return false; +function can_delete_comment_array($comment) { + return has_credential(CRED_COMMENT_DELETE, array($comment['UsersID'])); } /** @@ -70,18 +56,10 @@ function can_delete_comment_array($comment, $atype="", $uid=0) { * Only Trusted Users and Developers can delete blacklisted packages. Packages * are blacklisted if they are include in the official repositories. * - * @param string $atype The account type of the user - * * @return bool True if the user can submit blacklisted packages, otherwise false */ -function can_submit_blacklisted($atype = "") { - if ($atype == "Trusted User" || $atype == "Developer") { - /* Only TUs and developers can submit blacklisted packages. */ - return true; - } - else { - return false; - } +function can_submit_blacklisted() { + return has_credential(CRED_PKGBASE_SUBMIT_BLACKLISTED); } /** diff --git a/web/lib/pkgreqfuncs.inc.php b/web/lib/pkgreqfuncs.inc.php index 76780fe..09047eb 100644 --- a/web/lib/pkgreqfuncs.inc.php +++ b/web/lib/pkgreqfuncs.inc.php @@ -182,7 +182,7 @@ function pkgreq_close($id, $reason, $comments) { $dbh = DB::connect(); $id = intval($id); - if (!check_user_privileges()) { + if (!has_credential(CRED_PKGREQ_CLOSE)) { return array(false, __("Only TUs and developers can close requests.")); } diff --git a/web/template/account_details.php b/web/template/account_details.php index a4e20c9..c4263d7 100644 --- a/web/template/account_details.php +++ b/web/template/account_details.php @@ -43,7 +43,7 @@ - + @@ -55,7 +55,7 @@ Links:
    • - +
diff --git a/web/template/account_edit_form.php b/web/template/account_edit_form.php index 30b26fd..9a99e78 100644 --- a/web/template/account_edit_form.php +++ b/web/template/account_edit_form.php @@ -17,7 +17,7 @@

@@ -32,10 +32,7 @@ - +

  • ">
    • - +
    • - +
    • -
    • +
    • diff --git a/web/template/pkg_comments.php b/web/template/pkg_comments.php index ca4abc6..20521a0 100644 --- a/web/template/pkg_comments.php +++ b/web/template/pkg_comments.php @@ -1,5 +1,4 @@ @@ -14,7 +13,7 @@ $count = pkgbase_comments_count($base_id); $row['UserName'] = "{$row['UserName']}"; endif; ?>

    - +
    diff --git a/web/template/pkg_details.php b/web/template/pkg_details.php index 6f39514..7f01d2f 100644 --- a/web/template/pkg_details.php +++ b/web/template/pkg_details.php @@ -1,5 +1,4 @@ " /> - +
  • @@ -108,7 +106,7 @@ $sources = pkg_sources($row["ID"]);
  • 0) { echo _n('%d pending request', '%d pending requests', $row["RequestCount"]); } ?>
    • - +
    • @@ -121,8 +119,7 @@ $sources = pkg_sources($row["ID"]);
    • - +
  • @@ -150,8 +147,7 @@ $sources = pkg_sources($row["ID"]); @@ -312,7 +308,7 @@ if ($row["PackagerUID"]): - + diff --git a/web/template/pkg_search_results.php b/web/template/pkg_search_results.php index 75131fc..e901408 100644 --- a/web/template/pkg_search_results.php +++ b/web/template/pkg_search_results.php @@ -1,10 +1,4 @@

    @@ -119,13 +113,13 @@ if (!$result): ?> - + - + diff --git a/web/template/pkgbase_details.php b/web/template/pkgbase_details.php index 64df72b..fb11e60 100644 --- a/web/template/pkgbase_details.php +++ b/web/template/pkgbase_details.php @@ -1,5 +1,4 @@ " />
    • - +
  • @@ -83,7 +81,7 @@ $pkgs = pkgbase_get_pkgnames($base_id);
  • 0) { echo _n('%d pending request', '%d pending requests', $row["RequestCount"]); } ?>
    • - +
    • @@ -96,8 +94,7 @@ $pkgs = pkgbase_get_pkgnames($base_id);
    • - +
  • @@ -113,8 +110,7 @@ $pkgs = pkgbase_get_pkgnames($base_id); @@ -195,7 +191,7 @@ if ($row["PackagerUID"]): - + -- cgit v1.2.3-54-g00ecf