Browse Source

#4: Added a permission to determine if a user can post a comment - this supercedes the "photo:post-comment" gate.

tags/v2.2.0-beta.1
Andy Heathershaw 1 year ago
parent
commit
e398bc1b68
9 changed files with 44 additions and 15 deletions
  1. +2
    -2
      app/Http/Controllers/Gallery/PhotoCommentController.php
  2. +18
    -0
      app/Policies/AlbumPolicy.php
  3. +11
    -0
      app/Policies/PhotoPolicy.php
  4. +0
    -10
      app/Providers/AuthServiceProvider.php
  5. +8
    -0
      database/seeds/PermissionsSeeder.php
  6. +1
    -0
      resources/lang/en/permissions.php
  7. +2
    -1
      resources/views/themes/base/partials/album_permissions.blade.php
  8. +1
    -1
      resources/views/themes/base/partials/photo_comments.blade.php
  9. +1
    -1
      resources/views/themes/base/partials/photo_single_comment.blade.php

+ 2
- 2
app/Http/Controllers/Gallery/PhotoCommentController.php View File

@@ -77,7 +77,7 @@ class PhotoCommentController extends Controller
return null;
}

if (!User::currentOrAnonymous()->can('photo:post-comment'))
if (!User::currentOrAnonymous()->can('post-comment', $photo))
{
App::abort(403);
return null;
@@ -104,7 +104,7 @@ class PhotoCommentController extends Controller
return null;
}

if (!User::currentOrAnonymous()->can('photo:post-comment'))
if (!User::currentOrAnonymous()->can('post-comment', $photo))
{
App::abort(403);
return null;


+ 18
- 0
app/Policies/AlbumPolicy.php View File

@@ -3,6 +3,7 @@
namespace App\Policies;

use App\Album;
use App\Facade\UserConfig;
use App\Group;
use App\Helpers\PermissionsHelper;
use App\Permission;
@@ -104,6 +105,23 @@ class AlbumPolicy
return $this->userHasPermission($user, $album, 'moderate-comments');
}

public function postComment(User $user, Album $album)
{
if ($user->id == $album->user_id)
{
// The album's owner and can do everything
return true;
}

// Don't allow comments to be posted if anonymous user, and anonymous comments disabled
if ($user->isAnonymous() && !UserConfig::get('allow_photo_comments_anonymous'))
{
return false;
}

return $this->userHasPermission($user, $album, 'post-comment');
}

public function uploadPhotos(User $user, Album $album)
{
if ($user->id == $album->user_id)


+ 11
- 0
app/Policies/PhotoPolicy.php View File

@@ -72,4 +72,15 @@ class PhotoPolicy

return $user->can('moderate-comments', $photo->album);
}

public function postComment(User $user, Photo $photo)
{
if ($user->id == $photo->user_id)
{
// The photo's owner can do everything
return true;
}

return $user->can('post-comment', $photo->album);
}
}

+ 0
- 10
app/Providers/AuthServiceProvider.php View File

@@ -94,16 +94,6 @@ class AuthServiceProvider extends ServiceProvider
{
return UserConfig::get('public_statistics') || !$user->isAnonymous();
});

Gate::define('photo:post-comment', function(User $user)
{
if ($user->isAnonymous())
{
return UserConfig::get('allow_photo_comments_anonymous');
};

return true;
});
}

private function userHasAdminPermission(User $user, $permissionDescription)


+ 8
- 0
database/seeds/PermissionsSeeder.php View File

@@ -147,5 +147,13 @@ class PermissionsSeeder extends Seeder
'is_default' => false,
'sort_order' => 70
]);

// album:moderate-comments = moderate comments posted on photos
DatabaseSeeder::createOrUpdate('permissions', [
'section' => 'album',
'description' => 'post-comment',
'is_default' => false,
'sort_order' => 80
]);
}
}

+ 1
- 0
resources/lang/en/permissions.php View File

@@ -17,6 +17,7 @@ return [
'list' => 'See this album in listings',
'manipulate-photos' => 'Manipulate photos in this album',
'moderate-comments' => 'Moderate comments in this album',
'post-comment' => 'Post a comment in this album',
'upload-photos' => 'Upload photos into this album',
'view' => 'Access this album'
]

+ 2
- 1
resources/views/themes/base/partials/album_permissions.blade.php View File

@@ -14,8 +14,10 @@

@include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'list')])
@include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'view')])
@include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'post-comment')])

@if ($object_id != 'anonymous')
@include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'moderate-comments')])
@include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'edit')])
@include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'delete')])
@endif
@@ -29,7 +31,6 @@
@include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'manipulate-photos')])
@include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'change-photo-metadata')])
@include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'delete-photos')])
@include(Theme::viewName('partials.permission_checkbox'), ['permission' => Theme::getPermission($all_permissions, 'album', 'moderate-comments')])
</div>
@endif
</div>


+ 1
- 1
resources/views/themes/base/partials/photo_comments.blade.php View File

@@ -2,7 +2,7 @@
<div class="col mt-4">
<h2>@lang('gallery.photo_comments_heading')</h2>

@if (\App\User::currentOrAnonymous()->can('photo:post-comment'))
@if (\App\User::currentOrAnonymous()->can('post-comment', $photo))
<h3>@lang('gallery.photo_comments_reply_form_heading')</h3>
<p>@lang('gallery.photo_comments_reply_form_p1')</p>
<hr/>


+ 1
- 1
resources/views/themes/base/partials/photo_single_comment.blade.php View File

@@ -9,7 +9,7 @@
<h6 class="card-subtitle mb-4 text-muted">{{ date(UserConfig::get('date_format'), strtotime($comment->created_at)) }}</h6>
{!! $comment->textAsHtml() !!}

@if (!$is_reply && ($comment->depth() < UserConfig::get('photo_comments_thread_depth') - 1))
@if (!$is_reply && ($comment->depth() < UserConfig::get('photo_comments_thread_depth') - 1) && \App\User::currentOrAnonymous()->can('post-comment', $photo))
<a href="{{ $photo->replyToCommentFormUrl($comment->id) }}" v-on:click="replyToComment" class="card-link">@lang('gallery.photo_comments_reply_action')</a>
@endif
</div>


Loading…
Cancel
Save