Андрей (andy) wrote in changelog,
Андрей
andy
changelog

[livejournal] r16156: LJSV-915 (ESN refactoring, part 1 // Tra...

Committer: ailyin
LJSV-915 (ESN refactoring, part 1 // Tracking subscription: access level and letter format errors):

- alter AJAX ESN endpoint to check user capabilities (and to prevent them from subscribing to events they shouldn't be able to subscribe to)
- disable "track this thread" popup window in case remote isn't able to track it (so that they can go to comments.bml and see that they can upgrade)

U   trunk/cgi-bin/weblib.pl
U   trunk/htdocs/js/esn.js
U   trunk/htdocs/tools/endpoints/esn_subs.bml
Modified: trunk/cgi-bin/weblib.pl
===================================================================
--- trunk/cgi-bin/weblib.pl	2010-01-28 07:23:41 UTC (rev 16155)
+++ trunk/cgi-bin/weblib.pl	2010-01-28 08:38:57 UTC (rev 16156)
@@ -2107,6 +2107,7 @@
                 currentJournalBase => "$journal_base",
                 currentJournal => "$journal",
                 has_remote => $hasremote,
+                remote_can_track_threads => $remote && $remote->get_cap('track_thread'),
                 remote_is_suspended => $remote_is_suspended,
                 ctx_popup => $ctxpopup,
                 inbox_update_poll => $inbox_update_poll,

Modified: trunk/htdocs/js/esn.js
===================================================================
--- trunk/htdocs/js/esn.js	2010-01-28 07:23:41 UTC (rev 16155)
+++ trunk/htdocs/js/esn.js	2010-01-28 08:38:57 UTC (rev 16156)
@@ -74,6 +74,7 @@
         if (!trackBtn || !trackBtn.getAttribute) return;
 
         if (!trackBtn.getAttribute("lj_subid") && !trackBtn.getAttribute("lj_journalid")) return;
+        if (trackBtn.getAttribute("lj_dtalkid") && !Site.remote_can_track_threads) return;
 
         DOM.addEventListener(trackBtn, 'click', ESN.trackBtnClickHandler.bindEventListener(trackBtn));
     });
@@ -134,7 +135,7 @@
     var newEntryTrackBtn;
     var commentsTrackBtn;
 
-    if (Number(trackBtn.getAttribute("lj_dtalkid"))) {
+    if (trackBtn.getAttribute("lj_dtalkid")) {
         // this is a thread tracking button
         // always checked: either because they're subscribed, or because
         // they're going to subscribe.

Modified: trunk/htdocs/tools/endpoints/esn_subs.bml
===================================================================
--- trunk/htdocs/tools/endpoints/esn_subs.bml	2010-01-28 07:23:41 UTC (rev 16155)
+++ trunk/htdocs/tools/endpoints/esn_subs.bml	2010-01-28 08:38:57 UTC (rev 16156)
@@ -77,6 +77,13 @@
         my ($subscr) = $remote->has_subscription(%subparams);
 
         $subparams{flags} = 0;
+        
+        my $evt = LJ::Event->new_from_raw_params(map { $subparams{$_} }
+            qw(etypeid journalid arg1 arg2));
+
+        return $err->("This user isn't allowed to subscribe to this event")
+            unless $evt->available_for_user($remote);
+
         eval { $subscr ||= $remote->subscribe(%subparams) };
         return $err->($@) if $@;
 

Tags: andy, bml, js, livejournal, pl
Subscribe

  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 0 comments