/** * Get the postcount for displaying * * @param int|bool $access_level Bool False to get the post count for the current user, access level id for finding from a specific level * * @return int The post count for the current user's access level */ public function get_postcount($access_level = false) { if ($access_level === false) { $access_level = $this->access->get_level(); } $is_mod = phpbb::$auth->acl_get('u_titania_mod_post_mod'); $flags = count::get_flags($access_level, $is_mod, $is_mod); return count::from_db($this->topic_posts, $flags); }
/** * Get quote for a post. * * @param int $post_id * @return string */ protected function get_quote($post_id) { $text = ''; $quote = $this->load_post($post_id); $quoted_post_is_accessible = $this->access->get_level() <= min($quote->post_access, $quote->topic->topic_access); $can_quote_post = $this->auth->acl_get('u_titania_mod_post_mod') || $quote->post_approved && (!$quote->post_deleted || $quote->post_deleted == $this->user->data['user_id']); // Permission check if ($quoted_post_is_accessible && $can_quote_post) { $for_edit = $quote->generate_text_for_edit(); $quote_username = \users_overlord::get_user($quote->post_user_id, '_username', true); $text = '[quote="' . $quote_username . '"]' . $for_edit['text'] . '[/quote]'; } return $text; }
/** * Check if the current user has permission to do something * * @param string $option The auth option to check ('post', 'edit', 'soft_delete', 'hard_delete') * * @return bool True if they have permission False if not */ public function acl_get($option) { // First check anonymous/bots for things they can *never* do $no_anon = array('edit', 'soft_delete', 'undelete', 'hard_delete'); $no_bot = array('post', 'edit', 'soft_delete', 'undelete', 'hard_delete'); if (!phpbb::$user->data['is_registered'] && in_array($option, $no_anon) || phpbb::$user->data['is_bot'] && in_array($option, $no_bot)) { return false; } // Can never do anything if the topic access level is greater than current access level if (is_object($this->topic) && $this->topic->topic_access < $this->access->get_level()) { return false; } $is_poster = $this->post_user_id == phpbb::$user->data['user_id'] ? true : false; // Poster $is_author = is_object($this->topic) && is_object(titania::$contrib) && titania::$contrib->contrib_id == $this->topic->parent_id && (titania::$contrib->is_author || titania::$contrib->is_active_coauthor) ? true : false; // Contribution author $is_deleter = $this->post_delete_user == phpbb::$user->data['user_id'] ? true : false; switch ($option) { case 'post': case 'reply': if ((!is_object($this->topic) || !$this->topic->topic_locked) && phpbb::$auth->acl_get('u_titania_post') || $is_author && phpbb::$auth->acl_get('u_titania_post_mod_own') || phpbb::$auth->acl_get('u_titania_mod_post_mod')) { return true; } break; case 'edit': if ($is_poster && !$this->post_locked && $this->post_access >= $this->access->get_level() && phpbb::$auth->acl_get('u_titania_post_edit_own') || $is_author && !$this->post_locked && $this->post_access >= $this->access->get_level() && phpbb::$auth->acl_get('u_titania_post_mod_own') || phpbb::$auth->acl_get('u_titania_mod_post_mod')) { return true; } break; case 'delete': return $this->post_deleted ? $this->acl_get('hard_delete') : $this->acl_get('soft_delete'); break; case 'soft_delete': if ($is_poster && !$this->post_locked && $this->post_access >= $this->access->get_level() && phpbb::$auth->acl_get('u_titania_post_delete_own') || $is_author && !$this->post_locked && $this->post_access >= $this->access->get_level() && phpbb::$auth->acl_get('u_titania_post_mod_own') || phpbb::$auth->acl_get('u_titania_mod_post_mod')) { return true; } break; case 'undelete': if ($is_poster && $is_deleter && !$this->post_locked && $this->post_access >= $this->access->get_level() && phpbb::$auth->acl_get('u_titania_post_delete_own') || $is_author && $is_deleter && !$this->post_locked && $this->post_access >= $this->access->get_level() && phpbb::$auth->acl_get('u_titania_post_mod_own') || phpbb::$auth->acl_get('u_titania_mod_post_mod')) { return true; } break; case 'hard_delete': if (phpbb::$auth->acl_get('u_titania_mod_post_mod')) { return true; } break; } return false; }
/** * Check user's access against attachment access level. * * @return int Returns HTTP status code. */ protected function check_author_level_access() { // Author level check $contrib = false; switch ((int) $this->file['object_type']) { case TITANIA_FAQ: $sql = 'SELECT c.contrib_id, c.contrib_user_id FROM ' . TITANIA_CONTRIB_FAQ_TABLE . ' f, ' . TITANIA_CONTRIBS_TABLE . ' c WHERE f.faq_id = ' . (int) $this->file['object_id'] . ' AND c.contrib_id = f.contrib_id'; $result = $this->db->sql_query($sql); $contrib = $this->db->sql_fetchrow($result); $this->db->sql_freeresult($result); break; case TITANIA_SUPPORT: case TITANIA_QUEUE_DISCUSSION: $sql = 'SELECT c.contrib_id, c.contrib_user_id FROM ' . TITANIA_POSTS_TABLE . ' p, ' . TITANIA_TOPICS_TABLE . ' t, ' . TITANIA_CONTRIBS_TABLE . ' c WHERE p.post_id = ' . (int) $this->file['object_id'] . ' AND t.topic_id = p.topic_id AND c.contrib_id = t.parent_id'; $result = $this->db->sql_query($sql); $contrib = $this->db->sql_fetchrow($result); $this->db->sql_freeresult($result); break; } if ($contrib !== false) { if ($contrib['contrib_user_id'] == $this->user->data['user_id']) { // Main author $this->access->set_level(access::AUTHOR_LEVEL); } else { // Coauthor $sql = 'SELECT user_id FROM ' . TITANIA_CONTRIB_COAUTHORS_TABLE . ' WHERE contrib_id = ' . (int) $contrib['contrib_id'] . ' AND user_id = ' . (int) $this->user->data['user_id'] . ' AND active = 1'; $result = $this->db->sql_query($sql); if ($this->db->sql_fetchrow($result)) { $this->access->set_level(access::AUTHOR_LEVEL); } $this->db->sql_freeresult($result); } } // Still not authorised? return $this->file['attachment_access'] < $this->access->get_level() ? self::FORBIDDEN : self::OK; }
/** * Create select with Titania's accesses * * @param int|bool $default Default access level. False for none. * @param int $min_access Minimum access level to display * @return string */ protected function get_access_select($default = false, $min_access = access::PUBLIC_LEVEL) { if ($this->access->is_public()) { return ''; } $access_types = array(access::TEAM_LEVEL => 'ACCESS_TEAMS', access::AUTHOR_LEVEL => 'ACCESS_AUTHORS', access::PUBLIC_LEVEL => 'ACCESS_PUBLIC'); if ($default === false) { $default = access::PUBLIC_LEVEL; } $s_options = ''; foreach ($access_types as $type => $lang_key) { if ($this->access->get_level() > $type || $min_access < $type) { continue; } $selected = $default == $type ? ' selected="selected"' : ''; $s_options .= '<option value="' . $type . '"' . $selected . '>' . $this->user->lang($lang_key) . '</option>'; } return $s_options; }
/** * Assign navigation tabs. * * @param string $page Current active page. * @return null */ protected function generate_navigation($page) { // Count the number of FAQ items to display $flags = count::get_flags($this->access->get_level()); $faq_count = count::from_db($this->contrib->contrib_faq_count, $flags); $is_disabled = in_array($this->contrib->contrib_status, array(TITANIA_CONTRIB_CLEANED, TITANIA_CONTRIB_DISABLED)); /** * Menu Array * * 'filename' => array( * 'title' => 'nav menu title', * 'url' => $page_url, * 'auth' => ($can_see_page) ? true : false, // Not required, always true if missing * ), */ $nav_ary = array('details' => array('title' => 'CONTRIB_DETAILS', 'url' => $this->contrib->get_url()), 'faq' => array('title' => 'CONTRIB_FAQ', 'url' => $this->contrib->get_url('faq'), 'auth' => !$this->access->is_public() || $faq_count, 'count' => $faq_count), 'support' => array('title' => 'CONTRIB_SUPPORT', 'url' => $this->contrib->get_url('support'), 'auth' => $this->ext_config->support_in_titania || $this->access->get_level() < access::PUBLIC_LEVEL), 'demo' => array('title' => 'CONTRIB_DEMO', 'url' => '', 'auth' => !empty($this->contrib->contrib_demo)), 'manage' => array('title' => 'CONTRIB_MANAGE', 'url' => $this->contrib->get_url('manage'), 'auth' => $this->is_author && $this->auth->acl_get('u_titania_post_edit_own') && !$is_disabled || $this->auth->acl_get('u_titania_mod_contrib_mod') || $this->contrib->type->acl_get('moderate'))); if ($this->contrib->contrib_demo) { $demo_menu = array(); $allowed_branches = $this->contrib->type->get_allowed_branches(true); krsort($allowed_branches); $is_external = $this->contrib->contrib_status != TITANIA_CONTRIB_APPROVED || !$this->contrib->options['demo']; foreach ($allowed_branches as $branch => $name) { $demo_url = $this->contrib->get_demo_url($branch, !$is_external); if ($demo_url) { $demo_menu[] = array('url' => $demo_url, 'title' => $name, 'external' => $is_external); } } if (sizeof($demo_menu) == 1) { $nav_ary['demo']['url'] = $demo_menu[0]['url']; $nav_ary['demo']['external'] = $demo_menu[0]['external']; } else { if (!empty($demo_menu)) { $nav_ary['demo']['sub_menu'] = $demo_menu; } else { unset($nav_ary['demo']); } } } $this->display->generate_nav($nav_ary, $page, 'details'); }