[livejournal] r18048: LJSUP-7727. The role of the moderator is...: changelog

Committer: gprochaev

LJSUP-7727. The role of the moderator is not consistent with its rights

U   trunk/cgi-bin/LJ/Talk.pm
U   trunk/cgi-bin/LJ/User.pm
U   trunk/cgi-bin/taglib.pl
U   trunk/htdocs/community/election.bml
U   trunk/htdocs/community/manage.bml
U   trunk/htdocs/community/pending.bml

Modified: trunk/cgi-bin/LJ/Talk.pm
===================================================================
--- trunk/cgi-bin/LJ/Talk.pm	2011-01-18 11:01:21 UTC (rev 18047)
+++ trunk/cgi-bin/LJ/Talk.pm	2011-01-19 04:31:24 UTC (rev 18048)
@@ -348,15 +348,17 @@
     return 0 unless $remote;
     return 1 if $remote->{'user'} eq $u->{'user'} ||
                 $remote->{'user'} eq (ref $up ? $up->{'user'} : $up) ||
-                $remote->can_manage($u);
+                $remote->can_manage($u) || $remote->can_moderate($u);
     return 0;
 }
 
 sub can_unscreen {
+    return 0 if $_[0]->can_moderate($_[1]);
     return LJ::Talk::can_screen(@_);
 }
 
 sub can_view_screened {
+    return 0 if $_[0]->can_moderate($_[1]);
     return LJ::Talk::can_delete(@_);
 }
 

Modified: trunk/cgi-bin/LJ/User.pm
===================================================================
--- trunk/cgi-bin/LJ/User.pm	2011-01-18 11:01:21 UTC (rev 18047)
+++ trunk/cgi-bin/LJ/User.pm	2011-01-19 04:31:24 UTC (rev 18048)
@@ -5188,12 +5188,39 @@
     return undef if $u->{journaltype} =~ /^[PYR]$/;
 
     # check for supermaintainer access
-    return undef unless LJ::check_rel($u, $remote, 'S');
+    return 1 if LJ::check_rel($u, $remote, 'S');
 
-    # passed checks, return true
-    return 1;
+    # not passed checks, return false
+    return undef;
 }
 
+# name: can_moderate
+# des: Given a target user and determines that the user is an moderator for the target user
+# returns: bool: true if authorized, otherwise fail
+# args: u
+# des-u: user object or userid of target user
+sub can_moderate {
+    my $remote  = shift;
+    my $u       = LJ::want_user(shift);
+
+    return undef unless $remote && $u;
+
+    # can moderate only community
+    return undef unless $u->is_community;
+
+    # do not allow suspended users manage other accounts
+    return 0 if $remote->is_suspended;
+
+    # people/syn/rename accounts can only be managed by the one account
+    return undef if $u->{journaltype} =~ /^[PYR]$/;
+
+    # check for moderate access
+    return 1 if LJ::check_rel($u, $remote, 'M');
+
+    # passed not checks, return false
+    return undef;
+}
+
 # name: can_manage
 # des: Given a target user and determines that the user is an admin for the taget  user
 # returns: bool: true if authorized, otherwise fail

Modified: trunk/cgi-bin/taglib.pl
===================================================================
--- trunk/cgi-bin/taglib.pl	2011-01-18 11:01:21 UTC (rev 18047)
+++ trunk/cgi-bin/taglib.pl	2011-01-19 04:31:24 UTC (rev 18048)
@@ -548,7 +548,7 @@
     } elsif ($perm eq 'friends') {
         return LJ::is_friend($u, $remote);
     } elsif ($perm eq 'private') {
-        return $remote->can_manage($u);
+        return $remote->can_manage($u) || $remote->can_moderate($u);
     } elsif ($perm eq 'author_moder'){
         return ($remote->can_manage($u) || LJ::is_friend($u, $remote));
     } elsif ($perm =~ /^group:(\d+)$/) {

Modified: trunk/htdocs/community/election.bml
===================================================================
--- trunk/htdocs/community/election.bml	2011-01-18 11:01:21 UTC (rev 18047)
+++ trunk/htdocs/community/election.bml	2011-01-19 04:31:24 UTC (rev 18048)
@@ -42,7 +42,7 @@
 
     # Upgrade successful
     $body .= "<?warningbar $warning  warningbar?><br />" if $warning;
-    
+
     my $poll_id = $u->prop ('election_poll_id');
     return $body . '<p>Poll not found</p>' unless $poll_id;
 

Modified: trunk/htdocs/community/manage.bml
===================================================================
--- trunk/htdocs/community/manage.bml	2011-01-18 11:01:21 UTC (rev 18047)
+++ trunk/htdocs/community/manage.bml	2011-01-19 04:31:24 UTC (rev 18048)
@@ -136,6 +136,11 @@
             $ret .= BML::ml('Actionlink', {
                 'link'=>"<a href='/community/members.bml?authas=$user'>$ML{'.commlist.actmembers2'}</a>$pend"}) . "&nbsp;&nbsp;";
         }
+        if ($mods{$id}) {
+            my $pend = $pending{$id} ? BML::ml('.commlist.actpending', { num => $pending{$id},
+                                               aopts => "href=\"/community/pending.bml?authas=$user\"" }) : '';
+            $ret .= BML::ml('Actionlink', {'link'=>$ML{'.commlist.actmembers2'}.$pend}) . "&nbsp;&nbsp;" if $pend;
+        }
         $ret .= "</td><td align='center'>";
         if ($mods{$id}) {
             my $num = $names{$id}->{'count'} || "0"; # relying on this to be <b>-wrapped

Modified: trunk/htdocs/community/pending.bml
===================================================================
--- trunk/htdocs/community/pending.bml	2011-01-18 11:01:21 UTC (rev 18047)
+++ trunk/htdocs/community/pending.bml	2011-01-19 04:31:24 UTC (rev 18048)
@@ -35,7 +35,7 @@
     my $cid = $c->{'userid'};
 
     # is $remote an admin?
-    unless ($remote && $remote->can_manage($c)) {
+    unless ($remote && ($remote->can_manage($c) || $remote->can_moderate($c))) {
         $ret .= "<?h1 $ML{'Error'} h1?><?p ";
         $ret .= BML::ml('/community/members.bml.error.noaccess', 
                         { comm => LJ::ljuser($cname, { type => 'C' }) });

Post a new comment
Error

Anonymous comments are disabled in this journal
We will log you in after post

We will log you in after post

We will log you in after post

We will log you in after post

We will log you in after post

Anonymously

switch

LiveJournal

Facebook

Twitter

OpenId

Google

MailRu

VKontakte

Anonymously

default userpic

Your reply will be screened

Your IP address will be recorded

Preview comment

Help
0 comments

Post a new comment
0 comments

Log in

[livejournal] r18048: LJSUP-7727. The role of the moderator is...

Error