Committer: sbelyaev
LJSUP-10091: Not maintainer/owner of community can create sticky postU trunk/cgi-bin/LJ/DelayedEntry.pm U trunk/cgi-bin/LJ/Widget/EntryForm.pm U trunk/cgi-bin/ljprotocol.pl
Modified: trunk/cgi-bin/LJ/DelayedEntry.pm
===================================================================
--- trunk/cgi-bin/LJ/DelayedEntry.pm 2011-10-19 08:45:26 UTC (rev 20380)
+++ trunk/cgi-bin/LJ/DelayedEntry.pm 2011-10-19 09:09:51 UTC (rev 20381)
@@ -10,8 +10,10 @@
my ($class, $url, $opts) = @_;
if ($url =~ m!(.+)/d(\d+)\.html!) {
- my $u = LJ::User->new_from_url($1) or return undef;
- return LJ::DelayedEntry->get_entry_by_id($u, $2, $opts);
+ my $username = $1;
+ my $delayed_id = $2;
+ my $u = LJ::User->new_from_url($username) or return undef;
+ return LJ::DelayedEntry->get_entry_by_id($u, $delayed_id, $opts);
}
return undef;
@@ -20,10 +22,10 @@
sub create {
my ( $class, $req, $opts ) = @_;
- __assert( $opts );
- __assert( $opts->{journal} );
- __assert( $opts->{poster} );
- __assert( $req );
+ __assert( $opts , "no options");
+ __assert( $opts->{journal}, "no journal");
+ __assert( $opts->{poster}, "no poster" );
+ __assert( $req, "no request" );
my $self = bless {}, $class;
@@ -212,7 +214,7 @@
sub is_future_date {
my ($req) = @_;
my $now = __get_now();
- my $request_time = __get_datatime($req);
+ my $request_time = __get_datetime($req);
return $request_time ge $now;
}
@@ -273,7 +275,7 @@
# if it's usemask, we have to refuse non-personal journals,
# so we have to load the user
- return 0 unless $remote->{'journaltype'} eq 'P' || $remote->{'journaltype'} eq 'I';
+ return 0 unless $remote->is_person() || $remote->is_identity();
my $gmask = LJ::get_groupmask($userid, $remoteid);
my $allowed = (int($gmask) & int($self->allowmask));
@@ -577,8 +579,8 @@
sub delete {
my ($self) = @_;
- __assert( $self->{delayed_id} );
- __assert( $self->{journal} );
+ __assert( $self->{delayed_id}, "no delayed id" );
+ __assert( $self->{journal}, "no journal" );
my $journal = $self->{journal};
my $delayed_id = $self->{delayed_id};
@@ -625,16 +627,16 @@
sub update {
my ($self, $req) = @_;
- __assert( $self->{delayed_id} );
- __assert( $self->{journal} );
- __assert( $self->{poster} );
+ __assert( $self->{delayed_id}, "no delayed id" );
+ __assert( $self->{journal}, "no journal" );
+ __assert( $self->{poster}, "no poster" );
$req->{tz} = $req->{tz} || $self->data->{tz};
my $journalid = $self->journal->userid;
my $posterid = $self->poster->userid;
my $subject = $req->{subject};
- my $posttime = __get_datatime($req);
+ my $posttime = __get_datetime($req);
my $data_ser = __serialize($self->journal, $req);
my $delayedid = $self->{delayed_id};
my $dbh = LJ::get_db_writer();
@@ -703,9 +705,9 @@
sub load_data {
my ($class, $dbcr, $opts) = @_;
- __assert($opts->{journalid});
- __assert($opts->{delayed_id});
- __assert($opts->{posterid});
+ __assert($opts->{journalid}, "no journal id");
+ __assert($opts->{delayed_id}, "no delayed id");
+ __assert($opts->{posterid}, "no poster id");
my $journalid = $opts->{journalid};
my $delayedid = $opts->{delayed_id};
@@ -720,14 +722,14 @@
$self->{data} = __deserialize($self->journal, $data_ser);
$self->{poster} = LJ::want_user($opts->{posterid});
$self->{delayed_id} = $delayedid;
- $self->{posttime} = __get_datatime($self->{data});
+ $self->{posttime} = __get_datetime($self->{data});
return $self;
}
sub get_entry_by_id {
my ($class, $journal, $delayedid, $options) = @_;
- __assert($journal);
+ __assert($journal, "no journal");
return undef unless $delayedid;
@@ -772,14 +774,14 @@
$self->{journal} = $journal;
$self->{poster} = LJ::want_user($opts->[2]);
$self->{delayed_id} = $delayedid;
- $self->{posttime} = __get_datatime($self->{data});
+ $self->{posttime} = __get_datetime($self->{data});
$self->{alldatepart} = $opts->[3];
$self->{logtime} = $opts->[5];
$self->{system_alldatepart} = $opts->[4];
$self->{taglist} = __extract_tag_list(\$self->{data}->{props}->{taglist});
- __assert( $self->{poster} );
- __assert( $self->{journal} );
+ __assert( $self->{poster}, "no poster" );
+ __assert( $self->{journal}, "no journal" );
return $self;
}
@@ -825,7 +827,7 @@
sub get_entries_count {
my ( $class, $journal, $skip, $elements_to_show, $userid ) = @_;
- __assert($journal);
+ __assert($journal, "no journal");
my $journalid = $journal->userid;
my $dbcr = LJ::get_cluster_def_reader($journal)
@@ -851,7 +853,7 @@
sub get_entries_by_journal {
my ( $class, $journal, $skip, $elements_to_show, $userid ) = @_;
- __assert($journal);
+ __assert($journal, "no journal");
my $journalid = $journal->userid;
my $dbcr = LJ::get_cluster_def_reader($journal)
@@ -1104,7 +1106,7 @@
}
my $jid = $self->journalid;
- my $field = $u->{'journaltype'} eq "P" ? "revptime" : "rlogtime";
+ my $field = $u->is_person() ? "revptime" : "rlogtime";
my $stime = $dbr->selectrow_array( "SELECT $field FROM delayedlog2 WHERE ".
"journalid=$jid AND delayedid=$delayedid");
@@ -1116,7 +1118,7 @@
if ($remote) {
if ($remote->userid == $self->journalid) {
$secwhere = ""; # see everything
- } elsif ($remote->{'journaltype'} eq 'P' || $remote->{'journaltype'} eq 'I') {
+ } elsif ($remote->is_person() || $remote->is_identity) {
my $gmask = LJ::get_groupmask($u, $remote);
$secwhere = "AND (security='public' OR (security='usemask' AND allowmask & $gmask))"
if $gmask;
@@ -1227,9 +1229,9 @@
my $posterid = $poster->userid;
my $can_manage = $poster->can_manage($uowner) || 0;
- my $moderated = $uowner->prop('moderated');
+ my $moderated = $uowner->prop('moderated') || '';
my $need_moderated = ( $moderated =~ /^[1A]$/ ) ? 1 : 0;
- my $can_post = ($uowner->{'journaltype'} eq 'C' && !$need_moderated) || $can_manage;
+ my $can_post = ($uowner->is_community() && !$need_moderated) || $can_manage;
if ($can_post) {
return 1;
@@ -1237,9 +1239,9 @@
# don't moderate admins, moderators & pre-approved users
my $dbh = LJ::get_db_writer();
- my $relcount = $dbh->selectrow_array("SELECT COUNT(*) FROM reluser ".
+ my $relcount = $dbh->selectrow_array("SELECT 1 FROM reluser ".
"WHERE userid=$uownerid AND targetid=$posterid ".
- "AND type IN ('A','M','N')");
+ "AND type IN ('A','M','N') LIMIT 1");
return $relcount ? 1 : 0;
}
@@ -1278,7 +1280,7 @@
sub __extract_tag_list {
my ($tags) = @_;
- __assert($tags);
+ __assert($tags, "no tags");
return [] unless $$tags;
@@ -1313,8 +1315,8 @@
sub __serialize {
my ($journal, $req) = @_;
- __assert($journal);
- __assert($req);
+ __assert($journal, "no journal");
+ __assert($req, "no request");
my $dbcm = LJ::get_cluster_master($journal);
@@ -1324,8 +1326,8 @@
sub __deserialize {
my ($journal, $req) = @_;
- __assert($journal);
- __assert($req);
+ __assert($journal, "no journal");
+ __assert($req, "no request");
#return LJ::JSON->from_json( $data );
return Storable::thaw($req);
@@ -1342,10 +1344,10 @@
$dt->minute );
}
-sub __get_datatime {
+sub __get_datetime {
my ($req, $dont_use_tz) = @_;
- __assert($req);
- __assert($req->{'tz'});
+ __assert($req, "No request");
+ __assert($req->{'tz'}, "time zone is not set");
my $dt = DateTime->new(
year => $req->{'year'},
@@ -1369,10 +1371,10 @@
}
sub __assert {
- my ($statement) = @_;
-
+ my ($statement, $error) = @_;
+ $error ||= '';
unless ($statement) {
- die "assertion failed!";
+ die "assertion failed! $error";
}
}
Modified: trunk/cgi-bin/LJ/Widget/EntryForm.pm
===================================================================
--- trunk/cgi-bin/LJ/Widget/EntryForm.pm 2011-10-19 08:45:26 UTC (rev 20380)
+++ trunk/cgi-bin/LJ/Widget/EntryForm.pm 2011-10-19 09:09:51 UTC (rev 20381)
@@ -848,6 +848,7 @@
};
my $disabled = !($remote->can_manage($journalu) || 0);
+ return '' if $disabled;
my $selected = $is_checked->();
my $sticky_check = LJ::html_check({
@@ -856,7 +857,6 @@
'value' => 'sticky',
'name' => 'sticky_type',
'id' => 'sticky_type',
- 'disabled' => $disabled,
'selected' => $selected,
$opts->{'prop_opt_preformatted'} || $opts->{'event_format'},
'label' => "",
Modified: trunk/cgi-bin/ljprotocol.pl
===================================================================
--- trunk/cgi-bin/ljprotocol.pl 2011-10-19 08:45:26 UTC (rev 20380)
+++ trunk/cgi-bin/ljprotocol.pl 2011-10-19 09:09:51 UTC (rev 20381)
@@ -2000,9 +2000,8 @@
}
if ( $req->{sticky} &&
- $uowner->{'journaltype'} eq 'C' &&
- !( LJ::check_rel($ownerid, $posterid, 'S') ||
- LJ::check_rel($ownerid, $posterid, 'M') ) )
+ $uowner->is_community() &&
+ !$u->can_manage($uowner) )
{
return fail($err, 158);
}
@@ -2321,16 +2320,15 @@
return $fail->($err,501,$dberr) if $dberr;
if ( $req->{sticky} &&
- $uowner->{'journaltype'} eq 'C' &&
- !( LJ::check_rel($ownerid, $posterid, 'S') ||
- LJ::check_rel($ownerid, $posterid, 'M') ) )
+ $uowner->is_community() &&
+ !$u->can_manage($uowner) )
{
return fail($err, 158);
}
# post become 'sticky post'
if ( $req->{sticky} ) {
- $uowner->set_sticky($jitemid);
+ $uowner->set_sticky_id($jitemid);
}
LJ::MemCache::incr([$ownerid, "log2ct:$ownerid"]);
