/** * Set user's access level. * * @return null */ protected function set_access_level() { if ($this->access->is_public() && $this->user->data['is_registered'] && !$this->user->data['is_bot']) { if ($this->is_author) { $this->access->set_level(access::AUTHOR_LEVEL); } } }
/** * Load author object and set access level. * * @param string|int $author Author username or user id. * @throws \Exception Throws exception if user is not found. * @return null */ protected function load_author($author) { $this->author = new \titania_author(false); if (!$this->author->load($author)) { throw new \Exception($this->user->lang['AUTHOR_NOT_FOUND']); } $this->is_owner = $this->user->data['user_id'] == $this->author->user_id; // Check to see if the currently accessing user is the author if ($this->access->is_public() && $this->is_owner) { $this->access->set_level(access::AUTHOR_LEVEL); } }
/** * Check user's access against attachment access level. * * @return int Returns HTTP status code. */ protected function check_author_level_access() { // Author level check $contrib = false; switch ((int) $this->file['object_type']) { case TITANIA_FAQ: $sql = 'SELECT c.contrib_id, c.contrib_user_id FROM ' . TITANIA_CONTRIB_FAQ_TABLE . ' f, ' . TITANIA_CONTRIBS_TABLE . ' c WHERE f.faq_id = ' . (int) $this->file['object_id'] . ' AND c.contrib_id = f.contrib_id'; $result = $this->db->sql_query($sql); $contrib = $this->db->sql_fetchrow($result); $this->db->sql_freeresult($result); break; case TITANIA_SUPPORT: case TITANIA_QUEUE_DISCUSSION: $sql = 'SELECT c.contrib_id, c.contrib_user_id FROM ' . TITANIA_POSTS_TABLE . ' p, ' . TITANIA_TOPICS_TABLE . ' t, ' . TITANIA_CONTRIBS_TABLE . ' c WHERE p.post_id = ' . (int) $this->file['object_id'] . ' AND t.topic_id = p.topic_id AND c.contrib_id = t.parent_id'; $result = $this->db->sql_query($sql); $contrib = $this->db->sql_fetchrow($result); $this->db->sql_freeresult($result); break; } if ($contrib !== false) { if ($contrib['contrib_user_id'] == $this->user->data['user_id']) { // Main author $this->access->set_level(access::AUTHOR_LEVEL); } else { // Coauthor $sql = 'SELECT user_id FROM ' . TITANIA_CONTRIB_COAUTHORS_TABLE . ' WHERE contrib_id = ' . (int) $contrib['contrib_id'] . ' AND user_id = ' . (int) $this->user->data['user_id'] . ' AND active = 1'; $result = $this->db->sql_query($sql); if ($this->db->sql_fetchrow($result)) { $this->access->set_level(access::AUTHOR_LEVEL); } $this->db->sql_freeresult($result); } } // Still not authorised? return $this->file['attachment_access'] < $this->access->get_level() ? self::FORBIDDEN : self::OK; }