summaryrefslogtreecommitdiff
path: root/src/index.php
diff options
context:
space:
mode:
authorJonas Kohl2024-09-19 14:19:35 +0200
committerJonas Kohl2024-09-19 14:19:35 +0200
commit95bfdb59b6a1e04e474551c23c7caef619c79839 (patch)
tree0fe7bf17c5767df5084dac05c61b4167781b9b1b /src/index.php
parentd7faf7053803aaa9eb8ae85a864ea1b2cccaa586 (diff)
Topic locking
Diffstat (limited to 'src/index.php')
-rw-r--r--src/index.php94
1 files changed, 93 insertions, 1 deletions
diff --git a/src/index.php b/src/index.php
index d651400..cc9e99d 100644
--- a/src/index.php
+++ b/src/index.php
@@ -572,6 +572,12 @@ if ($_action === "auth") {
msg_error("You need to be logged in to add new posts!");
exit;
}
+
+ if ($topic->isLocked) {
+ http_response_code(403);
+ msg_error("This topic is locked!");
+ exit;
+ }
$attachments = reArrayFiles($_FILES["files"]);
@@ -658,12 +664,15 @@ if ($_action === "auth") {
"postAuthor" => $postAuthor,
"topicAuthor" => $topicAuthor,
"attachments" => $attachments,
+ "topic" => $topic,
]);
}
_view("view_topic_end");
- if ($currentUser) {
+ if ($topic->isLocked) {
+ _view("view_topic_locked");
+ } elseif ($currentUser) {
_view("form_addpost");
} else {
_view("view_logintoreply");
@@ -709,6 +718,7 @@ if ($_action === "auth") {
$topic->id = $db->generateId();
$topic->title = $title;
$topic->creationDate = new DateTimeImmutable();
+ $topic->isLocked = false;
$db->insert($topic);
@@ -1169,6 +1179,12 @@ if ($_action === "auth") {
if (!$db->fetch($topicAuthor))
$topicAuthor = null;
+ $topic = new Topic();
+ $topic->id = $post->topicId;
+
+ if (!$db->fetch($topic))
+ $topic = null;
+
$canEdit = ($currentUser->id === $topicAuthor?->id && $topicAuthor?->hasPermission(UserPermissions::DELETE_OWN_POST))
|| ($currentUser->hasPermission(UserPermissions::DELETE_OTHER_POST));
@@ -1217,6 +1233,7 @@ if ($_action === "auth") {
"postAuthor" => $topicAuthor,
"topicAuthor" => null,
"attachments" => $attachments,
+ "topic" => $topic,
]);
_view("template_end", [...getThemeAndLangInfo()]);
}
@@ -1251,6 +1268,18 @@ if ($_action === "auth") {
$canEdit = ($currentUser->id === $topicAuthor?->id && $topicAuthor?->hasPermission(UserPermissions::EDIT_OWN_POST))
|| ($currentUser->hasPermission(UserPermissions::EDIT_OTHER_POST));
+ $topic = new Topic();
+ $topic->id = $post->topicId;
+
+ if (!$db->fetch($topic))
+ $topic = null;
+
+ if ($topic->isLocked) {
+ http_response_code(403);
+ msg_error(__("This topic has been locked"));
+ exit;
+ }
+
if (!$canEdit) {
http_response_code(403);
msg_error(__("You don't have permission to edit this post"));
@@ -1360,6 +1389,12 @@ if ($_action === "auth") {
if (!$db->fetch($topicAuthor))
$topicAuthor = null;
+ if ($topic->isLocked) {
+ http_response_code(403);
+ msg_error(__("This topic has been locked"));
+ exit;
+ }
+
$canEdit = ($currentUser->id === $topicAuthor?->id && $topicAuthor?->hasPermission(UserPermissions::EDIT_OWN_TOPIC))
|| ($currentUser->hasPermission(UserPermissions::EDIT_OTHER_TOPIC));
@@ -1378,6 +1413,63 @@ if ($_action === "auth") {
}
header("Location: ./?_action=viewtopic&topic=" . urlencode($topicId));
+} elseif ($_action === "locktopic") {
+ RequestUtils::ensureRequestMethod("POST");
+ $topicId = $_POST["topic"] ?? null;
+ if ($topicId === null) {
+ http_response_code(400);
+ msg_error(__("Missing topic id"));
+ exit;
+ }
+ RequestUtils::setFormErrorDestination($dest = "Location: ./?_action=viewtopic&topic=" . urlencode($topicId));
+
+ if (!$currentUser) {
+ http_response_code(403);
+ msg_error(__("You need to be logged in to lock topics!"));
+ exit;
+ }
+
+ $formId = "locktopic";
+ $locked = RequestUtils::getRequiredField("locked", $formId);
+ if ($locked === "true") {
+ $locked = true;
+ } elseif ($locked === "false") {
+ $locked = false;
+ } else RequestUtils::triggerFormError("Invalid value", $formId);
+
+ $topic = new Topic();
+ $topic->id = $topicId;
+
+ if (!$db->fetch($topic)) {
+ http_response_code(404);
+ msg_error(__("No topic exists with this id"));
+ exit;
+ }
+
+ $topicAuthor = new User();
+ $topicAuthor->id = $topic->createdBy;
+
+ if (!$db->fetch($topicAuthor))
+ $topicAuthor = null;
+
+ $canEdit = ($currentUser->id === $topicAuthor?->id && $topicAuthor?->hasPermission(UserPermissions::EDIT_OWN_TOPIC))
+ || ($currentUser->hasPermission(UserPermissions::EDIT_OTHER_TOPIC));
+
+ if (!$canEdit) {
+ http_response_code(403);
+ msg_error(__("You don't have permission to lock or unlock this topic"));
+ exit;
+ }
+
+ $topic->isLocked = $locked;
+
+ if (!$db->update($topic)) {
+ http_response_code(500);
+ msg_error(__("Failed to lock or unlock topic"));
+ exit;
+ }
+
+ header($dest);
} elseif ($_action === "search") {
$query = $_GET["query"] ?? null;
if ($query !== null) {