Fossil SCM
Extend the scope of the forum-close-policy setting to include giving forum moderators the ability to delete other users' forum post attachments.
Commit
9e60ef975b21fd666d7eb5cb5f4ca2e88a2349a4757927ba0b2707477cdc82b1
Parent
55b2a108449461a…
3 files changed
+8
-6
+1
-1
+6
-1
+8
-6
| --- src/attach.c | ||
| +++ src/attach.c | ||
| @@ -543,13 +543,13 @@ | ||
| 543 | 543 | int modPending; /* True if awaiting moderation */ |
| 544 | 544 | const char *zModAction; /* Moderation action or NULL */ |
| 545 | 545 | int isModerator; /* TRUE if user is the moderator */ |
| 546 | 546 | const char *zMime; /* MIME Type */ |
| 547 | 547 | Blob attach; /* Content of the attachment */ |
| 548 | - int fShowContent = 0; | |
| 548 | + int fShowContent = 0; /* True to emit the content */ | |
| 549 | 549 | int bUserIsOwner = 0; /* True if pAttach->zUser is login_name() */ |
| 550 | - int showDelMenu = 0; | |
| 550 | + int showDelMenu = 0; /* True to enable delete option */ | |
| 551 | 551 | const char *zLn = P("ln"); |
| 552 | 552 | |
| 553 | 553 | login_check_credentials(); |
| 554 | 554 | if( !g.perm.RdTkt && !g.perm.RdWiki ){ |
| 555 | 555 | login_needed(g.anon.RdTkt || g.anon.RdWiki); |
| @@ -592,11 +592,12 @@ | ||
| 592 | 592 | } |
| 593 | 593 | zDate = db_text(0, "SELECT datetime(%.12f)", pAttach->rDate); |
| 594 | 594 | |
| 595 | 595 | if( P("confirm") && |
| 596 | 596 | ((zForumPost |
| 597 | - && (g.perm.Admin || (g.perm.AttachForum && bUserIsOwner))) || | |
| 597 | + && ((bUserIsOwner && g.perm.AttachForum) || | |
| 598 | + forumpost_may_close())) || | |
| 598 | 599 | (zTktUuid && g.perm.WrTkt) || |
| 599 | 600 | (zWikiName && g.perm.WrWiki) || |
| 600 | 601 | (zTNUuid && g.perm.Write && g.perm.WrWiki)) |
| 601 | 602 | ){ |
| 602 | 603 | /* Delete attachment. */ |
| @@ -604,13 +605,14 @@ | ||
| 604 | 605 | char *zNewDate; |
| 605 | 606 | Blob manifest; |
| 606 | 607 | Blob cksum; |
| 607 | 608 | const char *zFile = zName; |
| 608 | 609 | |
| 609 | - if( !g.perm.Admin && !bUserIsOwner ){ | |
| 610 | - webpage_error("Only admins can delete other users' attachments from " | |
| 611 | - "forum posts."); | |
| 610 | + if( !bUserIsOwner ){ | |
| 611 | + if( zForumPost ? !forumpost_may_close() : !g.perm.Admin ){ | |
| 612 | + webpage_error("Only admins can delete other users' attachments."); | |
| 613 | + } | |
| 612 | 614 | } |
| 613 | 615 | db_begin_transaction(); |
| 614 | 616 | blob_zero(&manifest); |
| 615 | 617 | for(i=n=0; zFile[i]; i++){ |
| 616 | 618 | if( zFile[i]=='/' || zFile[i]=='\\' ) n = i; |
| 617 | 619 |
| --- src/attach.c | |
| +++ src/attach.c | |
| @@ -543,13 +543,13 @@ | |
| 543 | int modPending; /* True if awaiting moderation */ |
| 544 | const char *zModAction; /* Moderation action or NULL */ |
| 545 | int isModerator; /* TRUE if user is the moderator */ |
| 546 | const char *zMime; /* MIME Type */ |
| 547 | Blob attach; /* Content of the attachment */ |
| 548 | int fShowContent = 0; |
| 549 | int bUserIsOwner = 0; /* True if pAttach->zUser is login_name() */ |
| 550 | int showDelMenu = 0; |
| 551 | const char *zLn = P("ln"); |
| 552 | |
| 553 | login_check_credentials(); |
| 554 | if( !g.perm.RdTkt && !g.perm.RdWiki ){ |
| 555 | login_needed(g.anon.RdTkt || g.anon.RdWiki); |
| @@ -592,11 +592,12 @@ | |
| 592 | } |
| 593 | zDate = db_text(0, "SELECT datetime(%.12f)", pAttach->rDate); |
| 594 | |
| 595 | if( P("confirm") && |
| 596 | ((zForumPost |
| 597 | && (g.perm.Admin || (g.perm.AttachForum && bUserIsOwner))) || |
| 598 | (zTktUuid && g.perm.WrTkt) || |
| 599 | (zWikiName && g.perm.WrWiki) || |
| 600 | (zTNUuid && g.perm.Write && g.perm.WrWiki)) |
| 601 | ){ |
| 602 | /* Delete attachment. */ |
| @@ -604,13 +605,14 @@ | |
| 604 | char *zNewDate; |
| 605 | Blob manifest; |
| 606 | Blob cksum; |
| 607 | const char *zFile = zName; |
| 608 | |
| 609 | if( !g.perm.Admin && !bUserIsOwner ){ |
| 610 | webpage_error("Only admins can delete other users' attachments from " |
| 611 | "forum posts."); |
| 612 | } |
| 613 | db_begin_transaction(); |
| 614 | blob_zero(&manifest); |
| 615 | for(i=n=0; zFile[i]; i++){ |
| 616 | if( zFile[i]=='/' || zFile[i]=='\\' ) n = i; |
| 617 |
| --- src/attach.c | |
| +++ src/attach.c | |
| @@ -543,13 +543,13 @@ | |
| 543 | int modPending; /* True if awaiting moderation */ |
| 544 | const char *zModAction; /* Moderation action or NULL */ |
| 545 | int isModerator; /* TRUE if user is the moderator */ |
| 546 | const char *zMime; /* MIME Type */ |
| 547 | Blob attach; /* Content of the attachment */ |
| 548 | int fShowContent = 0; /* True to emit the content */ |
| 549 | int bUserIsOwner = 0; /* True if pAttach->zUser is login_name() */ |
| 550 | int showDelMenu = 0; /* True to enable delete option */ |
| 551 | const char *zLn = P("ln"); |
| 552 | |
| 553 | login_check_credentials(); |
| 554 | if( !g.perm.RdTkt && !g.perm.RdWiki ){ |
| 555 | login_needed(g.anon.RdTkt || g.anon.RdWiki); |
| @@ -592,11 +592,12 @@ | |
| 592 | } |
| 593 | zDate = db_text(0, "SELECT datetime(%.12f)", pAttach->rDate); |
| 594 | |
| 595 | if( P("confirm") && |
| 596 | ((zForumPost |
| 597 | && ((bUserIsOwner && g.perm.AttachForum) || |
| 598 | forumpost_may_close())) || |
| 599 | (zTktUuid && g.perm.WrTkt) || |
| 600 | (zWikiName && g.perm.WrWiki) || |
| 601 | (zTNUuid && g.perm.Write && g.perm.WrWiki)) |
| 602 | ){ |
| 603 | /* Delete attachment. */ |
| @@ -604,13 +605,14 @@ | |
| 605 | char *zNewDate; |
| 606 | Blob manifest; |
| 607 | Blob cksum; |
| 608 | const char *zFile = zName; |
| 609 | |
| 610 | if( !bUserIsOwner ){ |
| 611 | if( zForumPost ? !forumpost_may_close() : !g.perm.Admin ){ |
| 612 | webpage_error("Only admins can delete other users' attachments."); |
| 613 | } |
| 614 | } |
| 615 | db_begin_transaction(); |
| 616 | blob_zero(&manifest); |
| 617 | for(i=n=0; zFile[i]; i++){ |
| 618 | if( zFile[i]=='/' || zFile[i]=='\\' ) n = i; |
| 619 |
M
src/db.c
+1
-1
| --- src/db.c | ||
| +++ src/db.c | ||
| @@ -3576,11 +3576,11 @@ | ||
| 3576 | 3576 | } |
| 3577 | 3577 | |
| 3578 | 3578 | /* |
| 3579 | 3579 | ** Attempt to look up the input in the CONCEALED table. If found, |
| 3580 | 3580 | ** and if the okRdAddr permission is enabled then return the |
| 3581 | -** original value for which the input is a hash. If okRdAddr is | |
| 3581 | +** original value for which the input is a hash. If g.perm.RdAddr is | |
| 3582 | 3582 | ** false or if the lookup fails, return the original string content. |
| 3583 | 3583 | ** |
| 3584 | 3584 | ** In either case, the string returned is stored in space obtained |
| 3585 | 3585 | ** from malloc and should be freed by the calling function. |
| 3586 | 3586 | */ |
| 3587 | 3587 |
| --- src/db.c | |
| +++ src/db.c | |
| @@ -3576,11 +3576,11 @@ | |
| 3576 | } |
| 3577 | |
| 3578 | /* |
| 3579 | ** Attempt to look up the input in the CONCEALED table. If found, |
| 3580 | ** and if the okRdAddr permission is enabled then return the |
| 3581 | ** original value for which the input is a hash. If okRdAddr is |
| 3582 | ** false or if the lookup fails, return the original string content. |
| 3583 | ** |
| 3584 | ** In either case, the string returned is stored in space obtained |
| 3585 | ** from malloc and should be freed by the calling function. |
| 3586 | */ |
| 3587 |
| --- src/db.c | |
| +++ src/db.c | |
| @@ -3576,11 +3576,11 @@ | |
| 3576 | } |
| 3577 | |
| 3578 | /* |
| 3579 | ** Attempt to look up the input in the CONCEALED table. If found, |
| 3580 | ** and if the okRdAddr permission is enabled then return the |
| 3581 | ** original value for which the input is a hash. If g.perm.RdAddr is |
| 3582 | ** false or if the lookup fails, return the original string content. |
| 3583 | ** |
| 3584 | ** In either case, the string returned is stored in space obtained |
| 3585 | ** from malloc and should be freed by the calling function. |
| 3586 | */ |
| 3587 |
+6
-1
| --- src/forum.c | ||
| +++ src/forum.c | ||
| @@ -370,12 +370,15 @@ | ||
| 370 | 370 | |
| 371 | 371 | /* |
| 372 | 372 | ** Returns 1 if the current user is an admin, -1 if the current user |
| 373 | 373 | ** is a forum moderator and the forum-close-policy setting is true, |
| 374 | 374 | ** else returns 0. The value is cached for subsequent calls. |
| 375 | +** | |
| 376 | +** This policy also determines whether non-admin forum moderators | |
| 377 | +** may delete forum attachments. | |
| 375 | 378 | */ |
| 376 | -static int forumpost_may_close(void){ | |
| 379 | +int forumpost_may_close(void){ | |
| 377 | 380 | static int permClose = -99; |
| 378 | 381 | if( permClose!=-99 ){ |
| 379 | 382 | return permClose; |
| 380 | 383 | }else if( g.perm.Admin ){ |
| 381 | 384 | return permClose = 1; |
| @@ -1925,10 +1928,12 @@ | ||
| 1925 | 1928 | ** SETTING: forum-close-policy boolean default=off |
| 1926 | 1929 | ** If true, forum moderators may close/re-open forum posts, and reply |
| 1927 | 1930 | ** to closed posts. If false, only administrators may do so. Note that |
| 1928 | 1931 | ** this only affects the forum web UI, not post-closing tags which |
| 1929 | 1932 | ** arrive via the command-line or from synchronization with a remote. |
| 1933 | +** This policy also determines whether moderators may delete forum | |
| 1934 | +** attachments. | |
| 1930 | 1935 | */ |
| 1931 | 1936 | /* |
| 1932 | 1937 | ** SETTING: forum-title width=20 default=Forum |
| 1933 | 1938 | ** This is the name or "title" of the Forum for this repository. The |
| 1934 | 1939 | ** default is just "Forum". But in some setups, admins might want to |
| 1935 | 1940 |
| --- src/forum.c | |
| +++ src/forum.c | |
| @@ -370,12 +370,15 @@ | |
| 370 | |
| 371 | /* |
| 372 | ** Returns 1 if the current user is an admin, -1 if the current user |
| 373 | ** is a forum moderator and the forum-close-policy setting is true, |
| 374 | ** else returns 0. The value is cached for subsequent calls. |
| 375 | */ |
| 376 | static int forumpost_may_close(void){ |
| 377 | static int permClose = -99; |
| 378 | if( permClose!=-99 ){ |
| 379 | return permClose; |
| 380 | }else if( g.perm.Admin ){ |
| 381 | return permClose = 1; |
| @@ -1925,10 +1928,12 @@ | |
| 1925 | ** SETTING: forum-close-policy boolean default=off |
| 1926 | ** If true, forum moderators may close/re-open forum posts, and reply |
| 1927 | ** to closed posts. If false, only administrators may do so. Note that |
| 1928 | ** this only affects the forum web UI, not post-closing tags which |
| 1929 | ** arrive via the command-line or from synchronization with a remote. |
| 1930 | */ |
| 1931 | /* |
| 1932 | ** SETTING: forum-title width=20 default=Forum |
| 1933 | ** This is the name or "title" of the Forum for this repository. The |
| 1934 | ** default is just "Forum". But in some setups, admins might want to |
| 1935 |
| --- src/forum.c | |
| +++ src/forum.c | |
| @@ -370,12 +370,15 @@ | |
| 370 | |
| 371 | /* |
| 372 | ** Returns 1 if the current user is an admin, -1 if the current user |
| 373 | ** is a forum moderator and the forum-close-policy setting is true, |
| 374 | ** else returns 0. The value is cached for subsequent calls. |
| 375 | ** |
| 376 | ** This policy also determines whether non-admin forum moderators |
| 377 | ** may delete forum attachments. |
| 378 | */ |
| 379 | int forumpost_may_close(void){ |
| 380 | static int permClose = -99; |
| 381 | if( permClose!=-99 ){ |
| 382 | return permClose; |
| 383 | }else if( g.perm.Admin ){ |
| 384 | return permClose = 1; |
| @@ -1925,10 +1928,12 @@ | |
| 1928 | ** SETTING: forum-close-policy boolean default=off |
| 1929 | ** If true, forum moderators may close/re-open forum posts, and reply |
| 1930 | ** to closed posts. If false, only administrators may do so. Note that |
| 1931 | ** this only affects the forum web UI, not post-closing tags which |
| 1932 | ** arrive via the command-line or from synchronization with a remote. |
| 1933 | ** This policy also determines whether moderators may delete forum |
| 1934 | ** attachments. |
| 1935 | */ |
| 1936 | /* |
| 1937 | ** SETTING: forum-title width=20 default=Forum |
| 1938 | ** This is the name or "title" of the Forum for this repository. The |
| 1939 | ** default is just "Forum". But in some setups, admins might want to |
| 1940 |