arteman (arteman) wrote in changelog,
arteman
arteman
changelog

[livejournal] r22007: LJSUP-12259 New priv to run change_journ...

Committer: azateev
LJSUP-12259 New priv to run change_journal_status console command
U   trunk/bin/upgrading/base-data.sql
U   trunk/cgi-bin/LJ/Console/Command/ChangeJournalStatus.pm
Modified: trunk/bin/upgrading/base-data.sql
===================================================================
--- trunk/bin/upgrading/base-data.sql	2012-05-21 10:07:39 UTC (rev 22006)
+++ trunk/bin/upgrading/base-data.sql	2012-05-21 11:54:44 UTC (rev 22007)
@@ -520,6 +520,8 @@
 UPDATE priv_list SET des='Allows a user to access new features that are under development. arg=Feature codename',is_public='1',privname='Beta Test Features',scope='general' WHERE privcode='betatest';
 INSERT IGNORE INTO priv_list (des, is_public, privcode, privname, scope) VALUES ('Allows a user to view information that isn\'t otherwise available.  All use is logged.  arg=Arg=\"*\": can view everything, Arg=\"suspended\": can view public posts in a suspended journal, Arg=\"styles\": can see private styles.', '0', 'canview', 'View All Entries', 'general');
 UPDATE priv_list SET des='Allows a user to view information that isn\'t otherwise available.  All use is logged.  arg=Arg=\"*\": can view everything, Arg=\"suspended\": can view public posts in a suspended journal, Arg=\"styles\": can see private styles.',is_public='0',privname='View All Entries',scope='general' WHERE privcode='canview';
+INSERT IGNORE INTO priv_list (des, is_public, privcode, privname, scope) VALUES ('Allows user to change the status of another account', '0', 'changejournalstatus', 'Change Journal Status', 'general');
+UPDATE priv_list SET des='Allows user to change the status of another account',is_public='0',privname='Change Journal Status',scope='general' WHERE privcode='changejournalstatus';
 INSERT IGNORE INTO priv_list (des, is_public, privcode, privname, scope) VALUES ('Allows a user to change another user\'s journal type.', '1', 'changejournaltype', 'Change Journal Type', 'general');
 UPDATE priv_list SET des='Allows a user to change another user\'s journal type.',is_public='1',privname='Change Journal Type',scope='general' WHERE privcode='changejournaltype';
 INSERT IGNORE INTO priv_list (des, is_public, privcode, privname, scope) VALUES ('Allows a user to change the maintainer of a community.', '1', 'communityxfer', 'Community Maintainer Transfer', 'general');
@@ -576,8 +578,6 @@
 UPDATE priv_list SET des='Allows a user to make use of the stock answers in a support category. arg=Unique support category',is_public='1',privname='View stock answers',scope='general' WHERE privcode='supportviewstocks';
 INSERT IGNORE INTO priv_list (des, is_public, privcode, privname, scope) VALUES ('Allows a user to suspend or unsuspend user accounts. Used by the Abuse Team.', '0', 'suspend', 'Suspend accounts', 'general');
 UPDATE priv_list SET des='Allows a user to suspend or unsuspend user accounts. Used by the Abuse Team.',is_public='0',privname='Suspend accounts',scope='general' WHERE privcode='suspend';
-INSERT IGNORE INTO priv_list (des, is_public, privcode, privname, scope) VALUES ('Allows a user to unsuspend user accounts. Used by the Support Team.', '0', 'unsuspend', 'Unsuspend accounts', 'general');
-UPDATE priv_list SET des='Allows a user to unsuspend user accounts. Used by the Support Team.',is_public='0',privname='Unsuspend accounts',scope='general' WHERE privcode='unsuspend';
 INSERT IGNORE INTO priv_list (des, is_public, privcode, privname, scope) VALUES ('Allows editing settings of syndicated journal that shouldn\'t be editable by users.', '0', 'syn_edit', 'Edit Syndicated Settings', 'general');
 UPDATE priv_list SET des='Allows editing settings of syndicated journal that shouldn\'t be editable by users.',is_public='0',privname='Edit Syndicated Settings',scope='general' WHERE privcode='syn_edit';
 INSERT IGNORE INTO priv_list (des, is_public, privcode, privname, scope) VALUES ('Allows a user to modify bans with the sysban mechanism.  arg=A specific ban type the user can modify, or \"*\" for all ban type.', '0', 'sysban', 'Modify System Bans', 'general');
@@ -590,6 +590,8 @@
 UPDATE priv_list SET des='Allows a user to approve or deny entries that are submitted to the directory. arg=Unique category number that the user has access in, or \"*\" for all categories',is_public='1',privname='Topic Dir - Screen Submissions',scope='general' WHERE privcode='topicscreencat';
 INSERT IGNORE INTO priv_list (des, is_public, privcode, privname, scope) VALUES ('Allows a user to edit site text in a given language. arg=Unique language code, optionally appended by |domainid.domaincode', '1', 'translate', 'Translate/Update Text', 'general');
 UPDATE priv_list SET des='Allows a user to edit site text in a given language. arg=Unique language code, optionally appended by |domainid.domaincode',is_public='1',privname='Translate/Update Text',scope='general' WHERE privcode='translate';
+INSERT IGNORE INTO priv_list (des, is_public, privcode, privname, scope) VALUES ('Allows a user to unsuspend user accounts. Used by the Support Team.', '0', 'unsuspend', 'Unsuspend accounts', 'general');
+UPDATE priv_list SET des='Allows a user to unsuspend user accounts. Used by the Support Team.',is_public='0',privname='Unsuspend accounts',scope='general' WHERE privcode='unsuspend';
 INSERT IGNORE INTO priv_list (des, is_public, privcode, privname, scope) VALUES ('Allows a user to add and remove entries from a vertical. arg=The vertical name, or \"*\" for all verticals', '0', 'vertical', 'Moderate Vertical', 'general');
 UPDATE priv_list SET des='Allows a user to add and remove entries from a vertical. arg=The vertical name, or \"*\" for all verticals',is_public='0',privname='Moderate Vertical',scope='general' WHERE privcode='vertical';
 INSERT IGNORE INTO priv_list (des, is_public, privcode, privname, scope) VALUES ('Allows a user to view entries that aren\'t otherwise available.  No argument means the user can view all entries, regardless of security.  Arg=\"suspended\" means the user can view public posts in a suspended journal.  All use is logged.', '0', 'viewall', 'View All Entries', 'general');

Modified: trunk/cgi-bin/LJ/Console/Command/ChangeJournalStatus.pm
===================================================================
--- trunk/cgi-bin/LJ/Console/Command/ChangeJournalStatus.pm	2012-05-21 10:07:39 UTC (rev 22006)
+++ trunk/cgi-bin/LJ/Console/Command/ChangeJournalStatus.pm	2012-05-21 11:54:44 UTC (rev 22007)
@@ -18,7 +18,8 @@
 
 sub can_execute {
     my $remote = LJ::get_remote();
-    return LJ::check_priv($remote, "siteadmin", "users");
+    return LJ::check_priv($remote, "siteadmin", "users") ||
+           LJ::check_priv($remote, "changejournalstatus");
 }
 
 sub execute {
@@ -42,8 +43,18 @@
     return $self->error("Account is already in that state.")
         if $u->statusvis eq $statusvis;
 
+    # respect unsuspend procedure
+    return $self->error("Unsuspend command should be used for suspended journals")
+        if $u->is_suspended;
+
+    # respect arg of changejournalstatus
+    my $remote = LJ::get_remote();
+    if (! LJ::check_priv($remote, "siteadmin", "users") &&
+        ! LJ::check_priv($remote, "changejournalstatus", "$statusvis")) {
+            return $self->error("You are not permitted to change status to '$statusvis'");
+    }
+
     # update statushistory first so we have the old statusvis
-    my $remote = LJ::get_remote();
     my $reason = '';
     $reason = join ' ', '. Reason:', @args if @args;
     LJ::statushistory_add($u, $remote, "journal_status", "Changed status to $status from " . $u->statusvis. $reason);

Tags: arteman, azateev, livejournal, pm, sql
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 0 comments