Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Profile activity: Allow users to curate the activity on their own wall. #2679

Merged
merged 5 commits into from Apr 16, 2015
Merged

Profile activity: Allow users to curate the activity on their own wall. #2679

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
c7c30e3
Profile activity: Allow users to curate the activity on their own wall.
beckyvb Apr 16, 2015
f7e173c
Activity: Remove unnecessary params in controller methods.
beckyvb Apr 16, 2015
f1428f2
Reorganize commented code
beckyvb Apr 16, 2015
38b9aa5
Throw a not found error if trying to delete an activity comment that …
tburry Apr 16, 2015
97b09d0
Only allow non-mods to delete status updates and wall posts on their …
tburry Apr 16, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
52 changes: 28 additions & 24 deletions applications/dashboard/controllers/class.activitycontroller.php
View file
Open in desktop
Expand Up @@ -151,23 +151,32 @@ public function Index($Filter = FALSE, $Page = FALSE) {
}

public function DeleteComment($ID, $TK, $Target = '') {
$Session = Gdn::Session();

if (!$Session->ValidateTransientKey($TK))
$session = Gdn::Session();
if (!$session->ValidateTransientKey($TK)) {
throw PermissionException();
}

$Comment = $this->ActivityModel->GetComment($ID);
if (!$ID)
throw NotFoundException();
if (!is_numeric($ID)) {
throw Gdn_UserException('Invalid ID');
}

if ($Session->CheckPermission('Garden.Activity.Delete') || $Comment['InsertUserID'] = $Session->UserID) {
$this->ActivityModel->DeleteComment($ID);
} else {
throw PermissionException();
$comment = $this->ActivityModel->GetComment($ID);
if (!$comment) {
throw NotFoundException('Comment');
}

$activity = $this->ActivityModel->GetID(val('ActivityID', $comment));
if (!$activity) {
throw NotFoundException('Activity');
}

if ($this->DeliveryType() === DELIVERY_TYPE_ALL)
if (!$this->ActivityModel->canDelete($activity)) {
throw PermissionException();
}
$this->ActivityModel->DeleteComment($ID);
if ($this->DeliveryType() === DELIVERY_TYPE_ALL) {
Redirect($Target);
}

$this->Render('Blank', 'Utility', 'Dashboard');
}
Expand All @@ -182,23 +191,18 @@ public function DeleteComment($ID, $TK, $Target = '') {
* @param string $TransientKey Verify intent.
*/
public function Delete($ActivityID = '', $TransientKey = '') {
$Session = Gdn::Session();
if (!$Session->ValidateTransientKey($TransientKey))
$session = Gdn::Session();
if (!$session->ValidateTransientKey($TransientKey)) {
throw PermissionException();
}

if (!is_numeric($ActivityID))
throw Gdn_UserException('Invalid activity ID');


$HasPermission = $Session->CheckPermission('Garden.Activity.Delete');
if (!$HasPermission) {
$Activity = $this->ActivityModel->GetID($ActivityID);
if (!$Activity)
throw NotFoundException('Activity');
$HasPermission = $Activity['InsertUserID'] == $Session->UserID;
if (!is_numeric($ActivityID)) {
throw Gdn_UserException('Invalid ID');
}
if (!$HasPermission)

if (!$this->ActivityModel->canDelete($this->ActivityModel->GetID($ActivityID))) {
throw PermissionException();
}

$this->ActivityModel->Delete($ActivityID);

Expand Down
39 changes: 39 additions & 0 deletions applications/dashboard/models/class.activitymodel.php
View file
Open in desktop
Expand Up @@ -479,6 +479,45 @@ public function GetNotifications($NotifyUserID, $Offset = '0', $Limit = '30') {
return $Result;
}


/**
* @param $activity
* @return bool
*/
public static function canDelete($activity) {
$session = Gdn::Session();

$profileUserId = val('ActivityUserID', $activity);
$notifyUserId = val('NotifyUserID', $activity);

// User can delete any activity
if ($session->CheckPermission('Garden.Activity.Delete')) {
return true;
}

$notifyUserIds = array(ActivityModel::NOTIFY_PUBLIC);
if (Gdn::Session()->CheckPermission('Garden.Moderation.Manage')) {
$notifyUserIds[] = ActivityModel::NOTIFY_MODS;
}

// Is this a wall post?
if (!in_array(val('ActivityType', $activity), array('Status', 'WallPost')) || !in_array($notifyUserId, $notifyUserIds)) {
return false;
}
// Is this on the user's wall?
if ($profileUserId && $session->UserID == $profileUserId && $session->CheckPermission('Garden.Profiles.Edit')) {
return true;
}

// The user inserted the activity --- may be added in later
// $insertUserId = val('InsertUserID', $activity);
// if ($insertUserId && $insertUserId == $session->UserID) {
// return true;
// }

return false;
}

/**
* Get notifications for a user since designated ActivityID.
*
Expand Down
16 changes: 7 additions & 9 deletions applications/dashboard/views/activity/helper_functions.php
View file
Open in desktop
Expand Up @@ -50,13 +50,9 @@ function WriteActivity($Activity, &$Sender, &$Session) {
?>
<li id="Activity_<?php echo $Activity->ActivityID; ?>" class="<?php echo $CssClass; ?>">
<?php
if (
$Session->IsValid()
&& ($Session->UserID == $Activity->InsertUserID
|| $Session->CheckPermission('Garden.Activity.Delete'))
)
if (ActivityModel::canDelete($Activity)) {
echo '<div class="Options">'.Anchor('×', 'dashboard/activity/delete/'.$Activity->ActivityID.'/'.$Session->TransientKey().'?Target='.urlencode($Sender->SelfUrl), 'Delete').'</div>';

}
if ($PhotoAnchor != '') {
?>
<div class="Author Photo"><?php echo $PhotoAnchor; ?></div>
Expand Down Expand Up @@ -106,7 +102,7 @@ function WriteActivity($Activity, &$Sender, &$Session) {
if (count($Comments) > 0) {
echo '<ul class="DataList ActivityComments">';
foreach ($Comments as $Comment) {
WriteActivityComment($Comment, $Sender, $Session);
WriteActivityComment($Comment, $Activity);
}
} else {
echo '<ul class="DataList ActivityComments Hidden">';
Expand Down Expand Up @@ -141,7 +137,8 @@ function WriteActivity($Activity, &$Sender, &$Session) {

if (!function_exists('WriteActivityComment')):

function WriteActivityComment($Comment, &$Sender, &$Session) {
function WriteActivityComment($Comment, $Activity) {
$Session = Gdn::Session();
$Author = UserBuilder($Comment, 'Insert');
$PhotoAnchor = UserPhoto($Author, 'Photo');
$CssClass = 'Item ActivityComment ActivityComment';
Expand All @@ -159,8 +156,9 @@ function WriteActivityComment($Comment, &$Sender, &$Session) {
<div class="Meta">
<span class="DateCreated"><?php echo Gdn_Format::Date($Comment['DateInserted'], 'html'); ?></span>
<?php
if ($Session->UserID == $Comment['InsertUserID'] || $Session->CheckPermission('Garden.Activity.Delete'))
if (ActivityModel::canDelete($Activity)) {
echo Anchor(T('Delete'), "dashboard/activity/deletecomment?id={$Comment['ActivityCommentID']}&tk=".$Session->TransientKey().'&target='.urlencode(Gdn_Url::Request()), 'DeleteComment');
}
?>
</div>
</div>
Expand Down