Committer: azateev
LJSUP-12259 New priv to run change_journal_status console commandU trunk/bin/upgrading/base-data.sql U trunk/cgi-bin/LJ/Console/Command/ChangeJournalStatus.pm
Modified: trunk/bin/upgrading/base-data.sql
===================================================================
--- trunk/bin/upgrading/base-data.sql 2012-05-21 10:07:39 UTC (rev 22006)
+++ trunk/bin/upgrading/base-data.sql 2012-05-21 11:54:44 UTC (rev 22007)
@@ -520,6 +520,8 @@
UPDATE priv_list SET des='Allows a user to access new features that are under development. arg=Feature codename',is_public='1',privname='Beta Test Features',scope='general' WHERE privcode='betatest';
INSERT IGNORE INTO priv_list (des, is_public, privcode, privname, scope) VALUES ('Allows a user to view information that isn\'t otherwise available. All use is logged. arg=Arg=\"*\": can view everything, Arg=\"suspended\": can view public posts in a suspended journal, Arg=\"styles\": can see private styles.', '0', 'canview', 'View All Entries', 'general');
UPDATE priv_list SET des='Allows a user to view information that isn\'t otherwise available. All use is logged. arg=Arg=\"*\": can view everything, Arg=\"suspended\": can view public posts in a suspended journal, Arg=\"styles\": can see private styles.',is_public='0',privname='View All Entries',scope='general' WHERE privcode='canview';
+INSERT IGNORE INTO priv_list (des, is_public, privcode, privname, scope) VALUES ('Allows user to change the status of another account', '0', 'changejournalstatus', 'Change Journal Status', 'general');
+UPDATE priv_list SET des='Allows user to change the status of another account',is_public='0',privname='Change Journal Status',scope='general' WHERE privcode='changejournalstatus';
INSERT IGNORE INTO priv_list (des, is_public, privcode, privname, scope) VALUES ('Allows a user to change another user\'s journal type.', '1', 'changejournaltype', 'Change Journal Type', 'general');
UPDATE priv_list SET des='Allows a user to change another user\'s journal type.',is_public='1',privname='Change Journal Type',scope='general' WHERE privcode='changejournaltype';
INSERT IGNORE INTO priv_list (des, is_public, privcode, privname, scope) VALUES ('Allows a user to change the maintainer of a community.', '1', 'communityxfer', 'Community Maintainer Transfer', 'general');
@@ -576,8 +578,6 @@
UPDATE priv_list SET des='Allows a user to make use of the stock answers in a support category. arg=Unique support category',is_public='1',privname='View stock answers',scope='general' WHERE privcode='supportviewstocks';
INSERT IGNORE INTO priv_list (des, is_public, privcode, privname, scope) VALUES ('Allows a user to suspend or unsuspend user accounts. Used by the Abuse Team.', '0', 'suspend', 'Suspend accounts', 'general');
UPDATE priv_list SET des='Allows a user to suspend or unsuspend user accounts. Used by the Abuse Team.',is_public='0',privname='Suspend accounts',scope='general' WHERE privcode='suspend';
-INSERT IGNORE INTO priv_list (des, is_public, privcode, privname, scope) VALUES ('Allows a user to unsuspend user accounts. Used by the Support Team.', '0', 'unsuspend', 'Unsuspend accounts', 'general');
-UPDATE priv_list SET des='Allows a user to unsuspend user accounts. Used by the Support Team.',is_public='0',privname='Unsuspend accounts',scope='general' WHERE privcode='unsuspend';
INSERT IGNORE INTO priv_list (des, is_public, privcode, privname, scope) VALUES ('Allows editing settings of syndicated journal that shouldn\'t be editable by users.', '0', 'syn_edit', 'Edit Syndicated Settings', 'general');
UPDATE priv_list SET des='Allows editing settings of syndicated journal that shouldn\'t be editable by users.',is_public='0',privname='Edit Syndicated Settings',scope='general' WHERE privcode='syn_edit';
INSERT IGNORE INTO priv_list (des, is_public, privcode, privname, scope) VALUES ('Allows a user to modify bans with the sysban mechanism. arg=A specific ban type the user can modify, or \"*\" for all ban type.', '0', 'sysban', 'Modify System Bans', 'general');
@@ -590,6 +590,8 @@
UPDATE priv_list SET des='Allows a user to approve or deny entries that are submitted to the directory. arg=Unique category number that the user has access in, or \"*\" for all categories',is_public='1',privname='Topic Dir - Screen Submissions',scope='general' WHERE privcode='topicscreencat';
INSERT IGNORE INTO priv_list (des, is_public, privcode, privname, scope) VALUES ('Allows a user to edit site text in a given language. arg=Unique language code, optionally appended by |domainid.domaincode', '1', 'translate', 'Translate/Update Text', 'general');
UPDATE priv_list SET des='Allows a user to edit site text in a given language. arg=Unique language code, optionally appended by |domainid.domaincode',is_public='1',privname='Translate/Update Text',scope='general' WHERE privcode='translate';
+INSERT IGNORE INTO priv_list (des, is_public, privcode, privname, scope) VALUES ('Allows a user to unsuspend user accounts. Used by the Support Team.', '0', 'unsuspend', 'Unsuspend accounts', 'general');
+UPDATE priv_list SET des='Allows a user to unsuspend user accounts. Used by the Support Team.',is_public='0',privname='Unsuspend accounts',scope='general' WHERE privcode='unsuspend';
INSERT IGNORE INTO priv_list (des, is_public, privcode, privname, scope) VALUES ('Allows a user to add and remove entries from a vertical. arg=The vertical name, or \"*\" for all verticals', '0', 'vertical', 'Moderate Vertical', 'general');
UPDATE priv_list SET des='Allows a user to add and remove entries from a vertical. arg=The vertical name, or \"*\" for all verticals',is_public='0',privname='Moderate Vertical',scope='general' WHERE privcode='vertical';
INSERT IGNORE INTO priv_list (des, is_public, privcode, privname, scope) VALUES ('Allows a user to view entries that aren\'t otherwise available. No argument means the user can view all entries, regardless of security. Arg=\"suspended\" means the user can view public posts in a suspended journal. All use is logged.', '0', 'viewall', 'View All Entries', 'general');
Modified: trunk/cgi-bin/LJ/Console/Command/ChangeJournalStatus.pm
===================================================================
--- trunk/cgi-bin/LJ/Console/Command/ChangeJournalStatus.pm 2012-05-21 10:07:39 UTC (rev 22006)
+++ trunk/cgi-bin/LJ/Console/Command/ChangeJournalStatus.pm 2012-05-21 11:54:44 UTC (rev 22007)
@@ -18,7 +18,8 @@
sub can_execute {
my $remote = LJ::get_remote();
- return LJ::check_priv($remote, "siteadmin", "users");
+ return LJ::check_priv($remote, "siteadmin", "users") ||
+ LJ::check_priv($remote, "changejournalstatus");
}
sub execute {
@@ -42,8 +43,18 @@
return $self->error("Account is already in that state.")
if $u->statusvis eq $statusvis;
+ # respect unsuspend procedure
+ return $self->error("Unsuspend command should be used for suspended journals")
+ if $u->is_suspended;
+
+ # respect arg of changejournalstatus
+ my $remote = LJ::get_remote();
+ if (! LJ::check_priv($remote, "siteadmin", "users") &&
+ ! LJ::check_priv($remote, "changejournalstatus", "$statusvis")) {
+ return $self->error("You are not permitted to change status to '$statusvis'");
+ }
+
# update statushistory first so we have the old statusvis
- my $remote = LJ::get_remote();
my $reason = '';
$reason = join ' ', '. Reason:', @args if @args;
LJ::statushistory_add($u, $remote, "journal_status", "Changed status to $status from " . $u->statusvis. $reason);