madeon (madeon) wrote in changelog,
madeon
madeon
changelog

[livejournal] r20381: LJSUP-10091: Not maintainer/owner of com...

Committer: sbelyaev
LJSUP-10091: Not maintainer/owner of community can create sticky post
U   trunk/cgi-bin/LJ/DelayedEntry.pm
U   trunk/cgi-bin/LJ/Widget/EntryForm.pm
U   trunk/cgi-bin/ljprotocol.pl
Modified: trunk/cgi-bin/LJ/DelayedEntry.pm
===================================================================
--- trunk/cgi-bin/LJ/DelayedEntry.pm	2011-10-19 08:45:26 UTC (rev 20380)
+++ trunk/cgi-bin/LJ/DelayedEntry.pm	2011-10-19 09:09:51 UTC (rev 20381)
@@ -10,8 +10,10 @@
     my ($class, $url, $opts) = @_;
 
     if ($url =~ m!(.+)/d(\d+)\.html!) {
-        my $u = LJ::User->new_from_url($1) or return undef;
-        return LJ::DelayedEntry->get_entry_by_id($u, $2, $opts);
+        my $username = $1;
+        my $delayed_id = $2;
+        my $u = LJ::User->new_from_url($username) or return undef;
+        return LJ::DelayedEntry->get_entry_by_id($u, $delayed_id, $opts);
     }
 
     return undef;
@@ -20,10 +22,10 @@
 sub create {
     my ( $class, $req, $opts ) = @_;
 
-    __assert( $opts );
-    __assert( $opts->{journal} );
-    __assert( $opts->{poster}  );
-    __assert( $req );
+    __assert( $opts , "no options");
+    __assert( $opts->{journal}, "no journal");
+    __assert( $opts->{poster}, "no poster" );
+    __assert( $req, "no request" );
 
     my $self = bless {}, $class;
 
@@ -212,7 +214,7 @@
 sub is_future_date {
     my ($req) = @_;
     my $now = __get_now();
-    my $request_time = __get_datatime($req);
+    my $request_time = __get_datetime($req);
 
     return $request_time ge $now;
 }
@@ -273,7 +275,7 @@
 
     # if it's usemask, we have to refuse non-personal journals,
     # so we have to load the user
-    return 0 unless $remote->{'journaltype'} eq 'P' || $remote->{'journaltype'} eq 'I';
+    return 0 unless $remote->is_person() || $remote->is_identity();
 
     my $gmask = LJ::get_groupmask($userid, $remoteid);
     my $allowed = (int($gmask) & int($self->allowmask));
@@ -577,8 +579,8 @@
 
 sub delete {
     my ($self) = @_;
-    __assert( $self->{delayed_id} );
-    __assert( $self->{journal} );
+    __assert( $self->{delayed_id}, "no delayed id" );
+    __assert( $self->{journal}, "no journal" );
 
     my $journal = $self->{journal};
     my $delayed_id = $self->{delayed_id};
@@ -625,16 +627,16 @@
 
 sub update {
     my ($self, $req) = @_;
-    __assert( $self->{delayed_id} );
-    __assert( $self->{journal} );
-    __assert( $self->{poster} );
+    __assert( $self->{delayed_id}, "no delayed id" );
+    __assert( $self->{journal}, "no journal" );
+    __assert( $self->{poster}, "no poster" );
 
     $req->{tz} = $req->{tz} || $self->data->{tz};
 
     my $journalid = $self->journal->userid;
     my $posterid  = $self->poster->userid;
     my $subject   = $req->{subject};
-    my $posttime  = __get_datatime($req);
+    my $posttime  = __get_datetime($req);
     my $data_ser  = __serialize($self->journal, $req);
     my $delayedid = $self->{delayed_id};
     my $dbh       = LJ::get_db_writer();
@@ -703,9 +705,9 @@
 
 sub load_data {
     my ($class, $dbcr, $opts) = @_;
-    __assert($opts->{journalid});
-    __assert($opts->{delayed_id});
-    __assert($opts->{posterid});
+    __assert($opts->{journalid}, "no journal id");
+    __assert($opts->{delayed_id}, "no delayed id");
+    __assert($opts->{posterid}, "no poster id");
 
     my $journalid = $opts->{journalid};
     my $delayedid = $opts->{delayed_id};
@@ -720,14 +722,14 @@
     $self->{data} = __deserialize($self->journal, $data_ser);
     $self->{poster} = LJ::want_user($opts->{posterid});
     $self->{delayed_id} = $delayedid;
-    $self->{posttime} = __get_datatime($self->{data});
+    $self->{posttime} = __get_datetime($self->{data});
 
     return $self;
 }
 
 sub get_entry_by_id {
     my ($class, $journal, $delayedid, $options) = @_;
-    __assert($journal);
+    __assert($journal, "no journal");
     
     return undef unless $delayedid;
 
@@ -772,14 +774,14 @@
     $self->{journal}            = $journal;
     $self->{poster}             = LJ::want_user($opts->[2]);
     $self->{delayed_id}         = $delayedid;
-    $self->{posttime}           = __get_datatime($self->{data});
+    $self->{posttime}           = __get_datetime($self->{data});
     $self->{alldatepart}        = $opts->[3];
     $self->{logtime}            = $opts->[5];
     $self->{system_alldatepart} = $opts->[4];
     $self->{taglist}            = __extract_tag_list(\$self->{data}->{props}->{taglist});
 
-    __assert( $self->{poster} );
-    __assert( $self->{journal} );
+    __assert( $self->{poster}, "no poster" );
+    __assert( $self->{journal}, "no journal" );
 
     return $self;
 }
@@ -825,7 +827,7 @@
 
 sub get_entries_count {
     my ( $class, $journal, $skip, $elements_to_show, $userid ) = @_;
-    __assert($journal);
+    __assert($journal, "no journal");
     my $journalid = $journal->userid;
 
     my $dbcr = LJ::get_cluster_def_reader($journal) 
@@ -851,7 +853,7 @@
 
 sub get_entries_by_journal {
     my ( $class, $journal, $skip, $elements_to_show, $userid ) = @_;
-    __assert($journal);
+    __assert($journal, "no journal");
     my $journalid = $journal->userid;
 
     my $dbcr = LJ::get_cluster_def_reader($journal) 
@@ -1104,7 +1106,7 @@
     }
 
     my $jid = $self->journalid;
-    my $field = $u->{'journaltype'} eq "P" ? "revptime" : "rlogtime";
+    my $field = $u->is_person() ? "revptime" : "rlogtime";
 
     my $stime = $dbr->selectrow_array(  "SELECT $field FROM delayedlog2 WHERE ".
                                         "journalid=$jid AND delayedid=$delayedid");
@@ -1116,7 +1118,7 @@
     if ($remote) {
         if ($remote->userid == $self->journalid) {
             $secwhere = "";   # see everything
-        } elsif ($remote->{'journaltype'} eq 'P' || $remote->{'journaltype'} eq 'I') {
+        } elsif ($remote->is_person() || $remote->is_identity) {
             my $gmask = LJ::get_groupmask($u, $remote);
             $secwhere = "AND (security='public' OR (security='usemask' AND allowmask & $gmask))"
             if $gmask;
@@ -1227,9 +1229,9 @@
     my $posterid = $poster->userid;
 
     my $can_manage = $poster->can_manage($uowner) || 0;
-    my $moderated = $uowner->prop('moderated');
+    my $moderated = $uowner->prop('moderated') || '';
     my $need_moderated = ( $moderated =~ /^[1A]$/ ) ? 1 : 0;
-    my $can_post = ($uowner->{'journaltype'} eq 'C' && !$need_moderated) || $can_manage;
+    my $can_post = ($uowner->is_community() && !$need_moderated) || $can_manage;
    
     if ($can_post) {
         return 1;
@@ -1237,9 +1239,9 @@
 
     # don't moderate admins, moderators & pre-approved users
     my $dbh = LJ::get_db_writer();
-    my $relcount = $dbh->selectrow_array("SELECT COUNT(*) FROM reluser ".
+    my $relcount = $dbh->selectrow_array("SELECT 1 FROM reluser ".
                                          "WHERE userid=$uownerid AND targetid=$posterid ".
-                                         "AND type IN ('A','M','N')");
+                                         "AND type IN ('A','M','N') LIMIT 1");
     return $relcount ? 1 : 0;
 }
 
@@ -1278,7 +1280,7 @@
 
 sub __extract_tag_list {
     my ($tags) = @_;
-    __assert($tags);
+    __assert($tags, "no tags");
 
     return [] unless $$tags;
 
@@ -1313,8 +1315,8 @@
 
 sub __serialize {
     my ($journal, $req) = @_;
-    __assert($journal);
-    __assert($req);
+    __assert($journal, "no journal");
+    __assert($req, "no request");
 
     my $dbcm = LJ::get_cluster_master($journal);
 
@@ -1324,8 +1326,8 @@
 
 sub __deserialize {
     my ($journal, $req) = @_;
-    __assert($journal);
-    __assert($req);
+    __assert($journal, "no journal");
+    __assert($req, "no request");
 
     #return LJ::JSON->from_json( $data );
     return Storable::thaw($req);
@@ -1342,10 +1344,10 @@
                                                 $dt->minute );
 }
 
-sub __get_datatime {
+sub __get_datetime {
     my ($req, $dont_use_tz) = @_;
-    __assert($req);
-    __assert($req->{'tz'});
+    __assert($req, "No request");
+    __assert($req->{'tz'}, "time zone is not set");
 
     my $dt = DateTime->new(
         year      => $req->{'year'}, 
@@ -1369,10 +1371,10 @@
 }
 
 sub __assert {
-    my ($statement) = @_;
-
+    my ($statement, $error) = @_;
+    $error ||= '';
     unless ($statement) {
-        die "assertion failed!";
+        die "assertion failed! $error";
     }
 }
 

Modified: trunk/cgi-bin/LJ/Widget/EntryForm.pm
===================================================================
--- trunk/cgi-bin/LJ/Widget/EntryForm.pm	2011-10-19 08:45:26 UTC (rev 20380)
+++ trunk/cgi-bin/LJ/Widget/EntryForm.pm	2011-10-19 09:09:51 UTC (rev 20381)
@@ -848,6 +848,7 @@
             };
 
             my $disabled = !($remote->can_manage($journalu) || 0);
+            return '' if $disabled;
 
             my $selected = $is_checked->();
             my $sticky_check = LJ::html_check({
@@ -856,7 +857,6 @@
                 'value' => 'sticky',
                 'name' => 'sticky_type',
                 'id' => 'sticky_type',
-                'disabled' => $disabled,
                 'selected' => $selected,
                 $opts->{'prop_opt_preformatted'} || $opts->{'event_format'},
                 'label' => "",

Modified: trunk/cgi-bin/ljprotocol.pl
===================================================================
--- trunk/cgi-bin/ljprotocol.pl	2011-10-19 08:45:26 UTC (rev 20380)
+++ trunk/cgi-bin/ljprotocol.pl	2011-10-19 09:09:51 UTC (rev 20381)
@@ -2000,9 +2000,8 @@
     }
    
     if ( $req->{sticky} &&
-         $uowner->{'journaltype'} eq 'C' &&
-          !( LJ::check_rel($ownerid, $posterid, 'S') ||
-             LJ::check_rel($ownerid, $posterid, 'M') ) )
+         $uowner->is_community() &&
+         !$u->can_manage($uowner) )
     {
         return fail($err, 158);
     }
@@ -2321,16 +2320,15 @@
     return $fail->($err,501,$dberr) if $dberr;
 
     if ( $req->{sticky} &&
-         $uowner->{'journaltype'} eq 'C' &&
-          !( LJ::check_rel($ownerid, $posterid, 'S') ||
-             LJ::check_rel($ownerid, $posterid, 'M') ) )
+         $uowner->is_community() &&
+         !$u->can_manage($uowner) )
     {
         return fail($err, 158);
     }
 
     # post become 'sticky post'
     if ( $req->{sticky} ) {
-        $uowner->set_sticky($jitemid);
+        $uowner->set_sticky_id($jitemid);
     }
 
     LJ::MemCache::incr([$ownerid, "log2ct:$ownerid"]);

Tags: livejournal, madeon, pl, pm, sbelyaev
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 0 comments