Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Add a moderator role that can edit and delete releases. Changes the d…

…efault roles, would need a patch to convert existing users/roles to deploy this on a running site.
  • Loading branch information...
commit 4cf267ae8de838502545f3a7e5db54355695e868 1 parent 1139213
@midgetspy midgetspy authored Nic Wolfe committed
View
3  db/schema.sql
@@ -727,7 +727,8 @@ INSERT INTO `userroles` (`ID`, `name`, `apirequests`, `downloadrequests`, `defau
(2, 'User', 10, 10, 1, 1, 0),
(3, 'Admin', 1000, 1000, 1000, 0, 1),
(4, 'Disabled', 0, 0, 0, 0, 0),
-(5, 'Friend', 100, 100, 5, 0, 1);
+(5, 'Moderator', 1000, 1000, 1000, 0, 1);
+(6, 'Friend', 100, 100, 5, 0, 1);
UPDATE `userroles` SET `ID` = `ID`-1;
View
2  www/admin/release-delete.php
@@ -3,7 +3,7 @@
require_once(WWW_DIR."/lib/releases.php");
require_once(WWW_DIR."/lib/adminpage.php");
-$page = new AdminPage();
+$page = new AdminPage(true);
if (isset($_GET['id']))
{
View
2  www/admin/release-edit.php
@@ -5,7 +5,7 @@
require_once(WWW_DIR."/lib/releases.php");
require_once(WWW_DIR."/lib/category.php");
-$page = new AdminPage();
+$page = new AdminPage(true);
$releases = new Releases();
$category = new Category();
$id = 0;
View
9 www/lib/adminpage.php
@@ -6,13 +6,18 @@
class AdminPage extends BasePage
{
- function AdminPage()
+ function AdminPage($mod = false)
{
+ $this->allow_mods = $mod;
$this->template_dir = 'admin';
parent::BasePage();
$users = new Users();
- if (!$users->isLoggedIn() || !isset($this->userdata["role"]) || $this->userdata["role"] != Users::ROLE_ADMIN)
+ if (!$users->isLoggedIn() || !isset($this->userdata["role"]))
+ $this->show403(true);
+
+ // if the user isn't an admin or mod then access is denied, OR if they're a mod and mods aren't allowed then access is denied
+ if (($this->userdata["role"] != Users::ROLE_ADMIN && $this->userdata["role"] != Users::ROLE_MODERATOR) || ($this->userdata["role"] == Users::ROLE_MODERATOR && $mod === false))
$this->show403(true);
}
View
7 www/lib/framework/basepage.php
@@ -80,12 +80,15 @@ function BasePage()
}
if ($this->userdata["role"] == Users::ROLE_ADMIN)
$this->smarty->assign('isadmin',"true");
-
+ elseif ($this->userdata["role"] == Users::ROLE_MODERATOR)
+ $this->smarty->assign('ismod',"true");
+
$this->floodCheck(true, $this->userdata["role"]);
}
else
{
- $this->smarty->assign('isadmin',"false");
+ $this->smarty->assign('isadmin',"false");
+ $this->smarty->assign('ismod',"false");
$this->smarty->assign('loggedin',"false");
$this->floodCheck(false, "");
View
1  www/lib/users.php
@@ -22,6 +22,7 @@ class Users
const ROLE_USER = 1;
const ROLE_ADMIN = 2;
const ROLE_DISABLED = 3;
+ const ROLE_MODERATOR = 4;
const DEFAULT_INVITES = 1;
const DEFAULT_INVITE_EXPIRY_DAYS = 7;
View
2  www/pages/ajax_release-admin.php
@@ -3,7 +3,7 @@
require_once(WWW_DIR."/lib/releases.php");
require_once(WWW_DIR."/lib/category.php");
-$page = new AdminPage();
+$page = new AdminPage(true);
$releases = new Releases();
$category = new Category();
View
2  www/views/templates/admin/role-list.tpl
@@ -22,7 +22,7 @@
<td>{$role.defaultinvites}</td>
<td>{if $role.canpreview == 1}Yes{else}No{/if}</td>
<td>{if $role.isdefault=="1"}Yes{else}No{/if}</td>
- <td><a href="{$smarty.const.WWW_TOP}/role-edit.php?id={$role.ID}">edit</a>&nbsp;{if $role.ID>"3"}<a class="confirm_action" href="{$smarty.const.WWW_TOP}/role-delete.php?id={$role.ID}">delete</a>{/if}</td>
+ <td><a href="{$smarty.const.WWW_TOP}/role-edit.php?id={$role.ID}">edit</a>&nbsp;{if $role.ID>"4"}<a class="confirm_action" href="{$smarty.const.WWW_TOP}/role-delete.php?id={$role.ID}">delete</a>{/if}</td>
</tr>
{/foreach}
View
4 www/views/templates/frontend/browse.tpl
@@ -21,7 +21,7 @@
<input type="button" class="nzb_multi_operations_download" value="Download NZBs" />
<input type="button" class="nzb_multi_operations_cart" value="Add to Cart" />
{if $sabintegrated}<input type="button" class="nzb_multi_operations_sab" value="Send to SAB" />{/if}
- {if $isadmin}
+ {if $isadmin || $ismod}
&nbsp;&nbsp;
<input type="button" class="nzb_multi_operations_edit" value="Edit" />
<input type="button" class="nzb_multi_operations_delete" value="Del" />
@@ -102,7 +102,7 @@
<input type="button" class="nzb_multi_operations_download" value="Download NZBs" />
<input type="button" class="nzb_multi_operations_cart" value="Add to Cart" />
{if $sabintegrated}<input type="button" class="nzb_multi_operations_sab" value="Send to SAB" />{/if}
- {if $isadmin}
+ {if $isadmin || $ismod}
&nbsp;&nbsp;
<input type="button" class="nzb_multi_operations_edit" value="Edit" />
<input type="button" class="nzb_multi_operations_delete" value="Del" />
View
2  www/views/templates/frontend/viewnzb.tpl
@@ -10,7 +10,7 @@
{if $music && $music.cover == 1}<img class="shadow" src="{$smarty.const.WWW_TOP}/covers/music/{$music.ID}.jpg" width="160" alt="{$music.title|escape:"htmlall"}" style="float:right;" />{/if}
<table class="data" id="detailstable" >
- {if $isadmin}
+ {if $isadmin || $ismod}
<tr><th>Admin:</th><td><a class="rndbtn" href="{$smarty.const.WWW_TOP}/admin/release-edit.php?id={$release.ID}&amp;from={$smarty.server.REQUEST_URI}" title="Edit Release">Edit</a> <a class="rndbtn confirm_action" href="{$smarty.const.WWW_TOP}/admin/release-delete.php?id={$release.ID}&amp;from={$smarty.server.HTTP_REFERER}" title="Delete Release">Delete</a> <a class="rndbtn confirm_action" href="{$smarty.const.WWW_TOP}/admin/release-rebuild.php?id={$release.ID}&amp;from={$smarty.server.HTTP_REFERER}" title="Rebuild Release - Delete and reset for reprocessing if binaries still exist.">Rebuild</a></td></tr>
{/if}
<tr><th>Name:</th><td>{$release.name|escape:"htmlall"}</td></tr>
Please sign in to comment.
Something went wrong with that request. Please try again.