function qa_permit_check($opt) { if (qa_opt($opt) == QA_PERMIT_POINTS) { return qa_get_logged_in_points() >= qa_opt($opt . '_points'); } return !qa_permit_value_error(qa_opt($opt), qa_get_logged_in_userid(), qa_get_logged_in_level(), qa_get_logged_in_flags()); }
/** * Test logic of permissions function. * User level values: QA_USER_LEVEL_* in app/users.php [BASIC..SUPER] * Permission values: QA_PERMIT_* in app/options.php [ALL..SUPERS] * User flag values: QA_USER_FLAGS_* in app/users.php */ public function test__qa_permit_value_error() { // set options cache to bypass database global $qa_options_cache; $qa_options_cache['confirm_user_emails'] = '1'; $qa_options_cache['moderate_users'] = '0'; $userFlags = QA_USER_FLAGS_EMAIL_CONFIRMED; $blockedFlags = QA_USER_FLAGS_EMAIL_CONFIRMED | QA_USER_FLAGS_USER_BLOCKED; // Admin trying to do Super stuff $error = qa_permit_value_error(QA_PERMIT_SUPERS, 1, QA_USER_LEVEL_ADMIN, $userFlags); $this->assertSame('level', $error); // Admin trying to do Admin stuff $error = qa_permit_value_error(QA_PERMIT_ADMINS, 1, QA_USER_LEVEL_ADMIN, $userFlags); $this->assertSame(false, $error); // Admin trying to do Editor stuff $error = qa_permit_value_error(QA_PERMIT_EDITORS, 1, QA_USER_LEVEL_ADMIN, $userFlags); $this->assertSame(false, $error); // Expert trying to do Moderator stuff $error = qa_permit_value_error(QA_PERMIT_MODERATORS, 1, QA_USER_LEVEL_EXPERT, $userFlags); $this->assertSame('level', $error); // Unconfirmed User trying to do Confirmed stuff $error = qa_permit_value_error(QA_PERMIT_CONFIRMED, 1, QA_USER_LEVEL_BASIC, 0); $this->assertSame('confirm', $error); // Blocked User trying to do anything $error = qa_permit_value_error(QA_PERMIT_ALL, 1, QA_USER_LEVEL_BASIC, $blockedFlags); $this->assertSame('userblock', $error); // Logged Out User trying to do User stuff $error = qa_permit_value_error(QA_PERMIT_USERS, null, null, 0); $this->assertSame('login', $error); // Logged Out User trying to do Moderator stuff $error = qa_permit_value_error(QA_PERMIT_MODERATORS, null, null, 0); $this->assertSame('login', $error); }
function qa_page_q_post_rules($post, $parentpost = null, $siblingposts = null, $childposts = null) { $rules = qa_page_q_post_rules_base($post, $parentpost, $siblingposts, $childposts); qa_db_query_sub('CREATE TABLE IF NOT EXISTS ^postmeta ( meta_id bigint(20) unsigned NOT NULL AUTO_INCREMENT, post_id bigint(20) unsigned NOT NULL, meta_key varchar(255) DEFAULT \'\', meta_value longtext, PRIMARY KEY (meta_id), KEY post_id (post_id), KEY meta_key (meta_key) ) ENGINE=MyISAM DEFAULT CHARSET=utf8'); $expert = qa_db_read_one_value(qa_db_query_sub("SELECT meta_value FROM ^postmeta WHERE meta_key='is_expert_question' AND post_id=#", $post['postid']), true); if ($expert) { if (!qa_permit_value_error(qa_opt('expert_question_roles'), qa_get_logged_in_userid(), qa_get_logged_in_level(), qa_get_logged_in_flags())) { $is_expert = true; } $users = qa_opt('expert_question_users'); $users = explode("\n", $users); $handle = qa_get_logged_in_handle(); foreach ($users as $idx => $user) { if ($user == $handle) { $is_expert = true; break; } if (strpos($user, '=')) { $user = explode('=', $user); if ($user[0] == $handle) { $catnames = explode(',', $user[1]); $cats = qa_db_read_all_values(qa_db_query_sub('SELECT categoryid FROM ^categories WHERE title IN ($)', $catnames)); $is_expert = $cats; } } } if (isset($is_expert) && !$rules['viewable']) { // experts that aren't allowed to change hidden questions if (is_array($is_expert)) { $in_cats = qa_db_read_one_value(qa_db_query_sub("SELECT COUNT(postid) FROM ^posts WHERE categoryid IN (#) AND postid=#", $is_expert, $post['postid']), true); if ($in_cats) { $rules['viewable'] = true; } } else { $rules['viewable'] = true; } } $rules['reshowable'] = false; $rules['answerbutton'] = true; $rules['commentbutton'] = true; $rules['commentable'] = true; } return $rules; }
function is_expert_user() { if (!qa_permit_value_error(qa_opt('expert_question_roles'), qa_get_logged_in_userid(), qa_get_logged_in_level(), qa_get_logged_in_flags())) { return true; } $users = qa_opt('expert_question_users'); $users = explode("\n", $users); $handle = qa_get_logged_in_handle(); foreach ($users as $idx => $user) { if ($user == $handle) { return true; } if (strpos($user, '=')) { $user = explode('=', $user); if ($user[0] == $handle) { $catnames = explode(',', $user[1]); $cats = qa_db_read_all_values(qa_db_query_sub('SELECT categoryid FROM ^categories WHERE title IN ($)', $catnames)); return $cats; } } } return false; }
function qa_permit_error($permitoption, $userid, $userlevel, $userflags, $userpoints = null) { if (qa_to_override(__FUNCTION__)) { $args = func_get_args(); return qa_call_override(__FUNCTION__, $args); } $permit = isset($permitoption) ? qa_opt($permitoption) : QA_PERMIT_ALL; if (isset($userid) && ($permit == QA_PERMIT_POINTS || $permit == QA_PERMIT_POINTS_CONFIRMED || $permit == QA_PERMIT_APPROVED_POINTS)) { // deal with points threshold by converting as appropriate if (!isset($userpoints) && $userid == qa_get_logged_in_userid()) { $userpoints = qa_get_logged_in_points(); } // allow late retrieval of points (to avoid unnecessary DB query when using external users) if ($userpoints >= qa_opt($permitoption . '_points')) { $permit = $permit == QA_PERMIT_APPROVED_POINTS ? QA_PERMIT_APPROVED : ($permit == QA_PERMIT_POINTS_CONFIRMED ? QA_PERMIT_CONFIRMED : QA_PERMIT_USERS); } else { $permit = QA_PERMIT_EXPERTS; } // otherwise show a generic message so they're not tempted to collect points just for this } return qa_permit_value_error($permit, $userid, $userlevel, $userflags); }
$slugs = array_slice($requestparts, 1); } elseif (strlen($requestparts[0])) { $slugs = $requestparts; } else { $slugs = array(); } $countslugs = count($slugs); // Get list of questions, other bits of information that might be useful $userid = qa_get_logged_in_userid(); list($questions1, $questions2, $categories, $categoryid, $custompage) = qa_db_select_with_pending(qa_db_qs_selectspec($userid, 'created', 0, $slugs, null, false, false, qa_opt_if_loaded('page_size_activity')), qa_db_recent_a_qs_selectspec($userid, 0, $slugs), qa_db_category_nav_selectspec($slugs, false, false, true), $countslugs ? qa_db_slugs_to_category_id_selectspec($slugs) : null, $countslugs == 1 && !$explicitqa ? qa_db_page_full_selectspec($slugs[0], false) : null); // First, if this matches a custom page, return immediately with that page's content if (isset($custompage) && !($custompage['flags'] & QA_PAGE_FLAGS_EXTERNAL)) { qa_set_template('custom-' . $custompage['pageid']); $qa_content = qa_content_prepare(); $level = qa_get_logged_in_level(); if (!qa_permit_value_error($custompage['permit'], $userid, $level, qa_get_logged_in_flags()) || !isset($custompage['permit'])) { $qa_content['title'] = qa_html($custompage['heading']); $qa_content['custom'] = $custompage['content']; if ($level >= QA_USER_LEVEL_ADMIN) { $qa_content['navigation']['sub'] = array('admin/pages' => array('label' => qa_lang('admin/edit_custom_page'), 'url' => qa_path_html('admin/pages', array('edit' => $custompage['pageid'])))); } } else { $qa_content['error'] = qa_lang_html('users/no_permission'); } return $qa_content; } // Then, see if we should redirect because the 'qa' page is the same as the home page if ($explicitqa && !qa_is_http_post() && !qa_has_custom_home()) { qa_redirect(qa_category_path_request($categories, $categoryid), $_GET); } // Then, if there's a slug that matches no category, check page modules provided by plugins
require_once QA_INCLUDE_DIR . 'qa-db-selects.php'; require_once QA_INCLUDE_DIR . 'qa-app-format.php'; require_once QA_INCLUDE_DIR . 'qa-app-limits.php'; require_once QA_INCLUDE_DIR . 'qa-app-updates.php'; // $handle, $userhtml are already set by qa-page-user.php - also $userid if using external user integration // Redirect to 'My Account' page if button clicked if (qa_clicked('doaccount')) { qa_redirect('account'); } // Find the user profile and questions and answers for this handle $loginuserid = qa_get_logged_in_userid(); $identifier = QA_FINAL_EXTERNAL_USERS ? $userid : $handle; list($useraccount, $userprofile, $userfields, $usermessages, $userpoints, $userlevels, $navcategories, $userrank) = qa_db_select_with_pending(QA_FINAL_EXTERNAL_USERS ? null : qa_db_user_account_selectspec($handle, false), QA_FINAL_EXTERNAL_USERS ? null : qa_db_user_profile_selectspec($handle, false), QA_FINAL_EXTERNAL_USERS ? null : qa_db_userfields_selectspec(), QA_FINAL_EXTERNAL_USERS ? null : qa_db_recent_messages_selectspec(null, null, $handle, false, qa_opt_if_loaded('page_size_wall')), qa_db_user_points_selectspec($identifier), qa_db_user_levels_selectspec($identifier, QA_FINAL_EXTERNAL_USERS, true), qa_db_category_nav_selectspec(null, true), qa_db_user_rank_selectspec($identifier)); if (!QA_FINAL_EXTERNAL_USERS) { foreach ($userfields as $index => $userfield) { if (isset($userfield['permit']) && qa_permit_value_error($userfield['permit'], $loginuserid, qa_get_logged_in_level(), qa_get_logged_in_flags())) { unset($userfields[$index]); } } } // don't pay attention to user fields we're not allowed to view // Check the user exists and work out what can and can't be set (if not using single sign-on) $errors = array(); $loginlevel = qa_get_logged_in_level(); if (!QA_FINAL_EXTERNAL_USERS) { // if we're using integrated user management, we can know and show more require_once QA_INCLUDE_DIR . 'qa-app-messages.php'; if (!is_array($userpoints) && !is_array($useraccount)) { return include QA_INCLUDE_DIR . 'qa-page-not-found.php'; } $userid = $useraccount['userid'];
function qa_navigation_add_page(&$navigation, $page) { if (!qa_permit_value_error($page['permit'], qa_get_logged_in_userid(), qa_get_logged_in_level(), qa_get_logged_in_flags()) || !isset($page['permit'])) { $url = qa_custom_page_url($page); $navigation[$page['flags'] & QA_PAGE_FLAGS_EXTERNAL ? 'custom-' . $page['pageid'] : $page['tags'] . '$'] = array('url' => qa_html($url), 'label' => qa_html($page['title']), 'opposite' => $page['nav'] == 'O', 'target' => $page['flags'] & QA_PAGE_FLAGS_NEW_WINDOW ? '_blank' : null, 'selected' => $page['flags'] & QA_PAGE_FLAGS_EXTERNAL && ($url == qa_path(qa_request()) || $url == qa_self_html())); } }