From 95bfdb59b6a1e04e474551c23c7caef619c79839 Mon Sep 17 00:00:00 2001 From: Jonas Kohl Date: Thu, 19 Sep 2024 14:19:35 +0200 Subject: Topic locking --- src/index.php | 94 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 93 insertions(+), 1 deletion(-) (limited to 'src/index.php') diff --git a/src/index.php b/src/index.php index d651400..cc9e99d 100644 --- a/src/index.php +++ b/src/index.php @@ -572,6 +572,12 @@ if ($_action === "auth") { msg_error("You need to be logged in to add new posts!"); exit; } + + if ($topic->isLocked) { + http_response_code(403); + msg_error("This topic is locked!"); + exit; + } $attachments = reArrayFiles($_FILES["files"]); @@ -658,12 +664,15 @@ if ($_action === "auth") { "postAuthor" => $postAuthor, "topicAuthor" => $topicAuthor, "attachments" => $attachments, + "topic" => $topic, ]); } _view("view_topic_end"); - if ($currentUser) { + if ($topic->isLocked) { + _view("view_topic_locked"); + } elseif ($currentUser) { _view("form_addpost"); } else { _view("view_logintoreply"); @@ -709,6 +718,7 @@ if ($_action === "auth") { $topic->id = $db->generateId(); $topic->title = $title; $topic->creationDate = new DateTimeImmutable(); + $topic->isLocked = false; $db->insert($topic); @@ -1169,6 +1179,12 @@ if ($_action === "auth") { if (!$db->fetch($topicAuthor)) $topicAuthor = null; + $topic = new Topic(); + $topic->id = $post->topicId; + + if (!$db->fetch($topic)) + $topic = null; + $canEdit = ($currentUser->id === $topicAuthor?->id && $topicAuthor?->hasPermission(UserPermissions::DELETE_OWN_POST)) || ($currentUser->hasPermission(UserPermissions::DELETE_OTHER_POST)); @@ -1217,6 +1233,7 @@ if ($_action === "auth") { "postAuthor" => $topicAuthor, "topicAuthor" => null, "attachments" => $attachments, + "topic" => $topic, ]); _view("template_end", [...getThemeAndLangInfo()]); } @@ -1251,6 +1268,18 @@ if ($_action === "auth") { $canEdit = ($currentUser->id === $topicAuthor?->id && $topicAuthor?->hasPermission(UserPermissions::EDIT_OWN_POST)) || ($currentUser->hasPermission(UserPermissions::EDIT_OTHER_POST)); + $topic = new Topic(); + $topic->id = $post->topicId; + + if (!$db->fetch($topic)) + $topic = null; + + if ($topic->isLocked) { + http_response_code(403); + msg_error(__("This topic has been locked")); + exit; + } + if (!$canEdit) { http_response_code(403); msg_error(__("You don't have permission to edit this post")); @@ -1360,6 +1389,12 @@ if ($_action === "auth") { if (!$db->fetch($topicAuthor)) $topicAuthor = null; + if ($topic->isLocked) { + http_response_code(403); + msg_error(__("This topic has been locked")); + exit; + } + $canEdit = ($currentUser->id === $topicAuthor?->id && $topicAuthor?->hasPermission(UserPermissions::EDIT_OWN_TOPIC)) || ($currentUser->hasPermission(UserPermissions::EDIT_OTHER_TOPIC)); @@ -1378,6 +1413,63 @@ if ($_action === "auth") { } header("Location: ./?_action=viewtopic&topic=" . urlencode($topicId)); +} elseif ($_action === "locktopic") { + RequestUtils::ensureRequestMethod("POST"); + $topicId = $_POST["topic"] ?? null; + if ($topicId === null) { + http_response_code(400); + msg_error(__("Missing topic id")); + exit; + } + RequestUtils::setFormErrorDestination($dest = "Location: ./?_action=viewtopic&topic=" . urlencode($topicId)); + + if (!$currentUser) { + http_response_code(403); + msg_error(__("You need to be logged in to lock topics!")); + exit; + } + + $formId = "locktopic"; + $locked = RequestUtils::getRequiredField("locked", $formId); + if ($locked === "true") { + $locked = true; + } elseif ($locked === "false") { + $locked = false; + } else RequestUtils::triggerFormError("Invalid value", $formId); + + $topic = new Topic(); + $topic->id = $topicId; + + if (!$db->fetch($topic)) { + http_response_code(404); + msg_error(__("No topic exists with this id")); + exit; + } + + $topicAuthor = new User(); + $topicAuthor->id = $topic->createdBy; + + if (!$db->fetch($topicAuthor)) + $topicAuthor = null; + + $canEdit = ($currentUser->id === $topicAuthor?->id && $topicAuthor?->hasPermission(UserPermissions::EDIT_OWN_TOPIC)) + || ($currentUser->hasPermission(UserPermissions::EDIT_OTHER_TOPIC)); + + if (!$canEdit) { + http_response_code(403); + msg_error(__("You don't have permission to lock or unlock this topic")); + exit; + } + + $topic->isLocked = $locked; + + if (!$db->update($topic)) { + http_response_code(500); + msg_error(__("Failed to lock or unlock topic")); + exit; + } + + header($dest); } elseif ($_action === "search") { $query = $_GET["query"] ?? null; if ($query !== null) { -- cgit v1.2.3