/** * Bootstrap the application events. * * @return void */ public function boot() { Post::setValidator($this->app->make('validator')); CommentPost::setFormatter($this->app->make('flarum.formatter')); $this->registerPostTypes(); $events = $this->app->make('events'); $settings = $this->app->make('Flarum\\Core\\Settings\\SettingsRepository'); $events->listen(ModelAllow::class, function (ModelAllow $event) use($settings) { if ($event->model instanceof Post) { $post = $event->model; $action = $event->action; $actor = $event->actor; if ($action === 'view' && (!$post->hide_time || $post->user_id == $actor->id || $post->can($actor, 'edit'))) { return true; } // A post is allowed to be edited if the user has permission to moderate // the discussion which it's in, or if they are the author and the post // hasn't been deleted by someone else. if ($action === 'edit') { if ($post->discussion->can($actor, 'editPosts')) { return true; } if ($post->user_id == $actor->id && (!$post->hide_time || $post->hide_user_id == $actor->id)) { $allowEditing = $settings->get('allow_post_editing'); if ($allowEditing === '-1' || $allowEditing === 'reply' && $event->model->number == $event->model->discussion->last_post_number || $event->model->time->diffInMinutes(Carbon::now()) < $allowEditing) { return true; } } } if ($post->discussion->can($actor, $action . 'Posts')) { return true; } } }); // When fetching a discussion's posts: if the user doesn't have permission // to moderate the discussion, then they can't see posts that have been // hidden by someone other than themself. $events->listen(ScopePostVisibility::class, function (ScopePostVisibility $event) { $user = $event->actor; if (!$event->discussion->can($user, 'editPosts')) { $event->query->where(function ($query) use($user) { $query->whereNull('hide_time')->orWhere('user_id', $user->id); }); } }); }