mirror of
https://github.com/openvk/openvk
synced 2025-05-10 19:16:42 +03:00
apis
This commit is contained in:
parent
08b30b445d
commit
a91a79dc6f
15 changed files with 192 additions and 62 deletions
|
@ -25,6 +25,9 @@ class Notes implements Handler
|
|||
assert($noteOwner instanceof User);
|
||||
if(!$noteOwner->getPrivacyPermission("notes.read", $this->user))
|
||||
$reject(160, "You don't have permission to access this note");
|
||||
|
||||
if(!$note->canBeViewedBy($this->user))
|
||||
$reject(15, "Happy new year");
|
||||
|
||||
$resolve([
|
||||
"title" => $note->getName(),
|
||||
|
|
|
@ -46,7 +46,7 @@ class Search implements Handler
|
|||
break;
|
||||
}
|
||||
|
||||
$res = $repo->find($query, ["doNotSearchMe" => $this->user->getId()], $sort);
|
||||
$res = $repo->find($query, ["doNotSearchMe" => $this->user->getId(), "doNotSearchPrivate" => true,], $sort);
|
||||
|
||||
$results = array_slice(iterator_to_array($res), 0, 5);
|
||||
|
||||
|
|
|
@ -23,6 +23,9 @@ class Wall implements Handler
|
|||
if(!$post || $post->isDeleted())
|
||||
$reject("No post with id=$id");
|
||||
|
||||
if(!$post->canBeViewedBy($this->user))
|
||||
$reject(12, "Aces denid,");
|
||||
|
||||
$res = (object) [];
|
||||
$res->id = $post->getId();
|
||||
$res->wall = $post->getTargetWall();
|
||||
|
|
|
@ -13,6 +13,17 @@ final class Friends extends VKAPIRequestHandler
|
|||
$users = new UsersRepo;
|
||||
|
||||
$this->requireUser();
|
||||
|
||||
$user = $users->get($user_id);
|
||||
|
||||
if(!$user || $user->isDeleted())
|
||||
$this->fail(100, "Invalid user");
|
||||
|
||||
if(!$user->getPrivacyPermission("friends.read", $this->getUser()))
|
||||
$this->fail(15, "Access denied: this user chose to hide his friends.");
|
||||
|
||||
if(!$user->canBeViewedBy($this->getUser()))
|
||||
$this->fail(15, "Access denied");
|
||||
|
||||
foreach($users->get($user_id)->getFriends($offset, $count) as $friend) {
|
||||
$friends[$i] = $friend->getId();
|
||||
|
|
|
@ -19,6 +19,17 @@ final class Gifts extends VKAPIRequestHandler
|
|||
if(!$user || $user->isDeleted())
|
||||
$this->fail(177, "Invalid user");
|
||||
|
||||
if(!$user->canBeViewedBy($this->getUser()))
|
||||
$this->fail(15, "Access denied");
|
||||
|
||||
/*
|
||||
if(!$user->getPrivacyPermission('gifts.read', $this->getUser()))
|
||||
$this->fail(15, "Access denied: this user chose to hide his gifts");*/
|
||||
|
||||
|
||||
if(!$user->canBeViewedBy($this->getUser()))
|
||||
$this->fail(15, "Access denied");
|
||||
|
||||
$gift_item = [];
|
||||
|
||||
$userGifts = array_slice(iterator_to_array($user->getGifts(1, $count, false)), $offset);
|
||||
|
@ -62,6 +73,9 @@ final class Gifts extends VKAPIRequestHandler
|
|||
if(!$user || $user->isDeleted())
|
||||
$this->fail(177, "Invalid user");
|
||||
|
||||
if(!$user->canBeViewedBy($this->getUser()))
|
||||
$this->fail(15, "Access denied");
|
||||
|
||||
$gift = (new GiftsRepo)->get($gift_id);
|
||||
|
||||
if(!$gift)
|
||||
|
|
|
@ -18,9 +18,15 @@ final class Groups extends VKAPIRequestHandler
|
|||
$users = new UsersRepo;
|
||||
$user = $users->get($user_id);
|
||||
|
||||
if(is_null($user))
|
||||
if(is_null($user) || $user->isDeleted())
|
||||
$this->fail(15, "Access denied");
|
||||
|
||||
if(!$user->canBeViewedBy($this->getUser()))
|
||||
$this->fail(15, "Access denied");
|
||||
|
||||
if(!$user->getPrivacyPermission('groups.read', $this->getUser()))
|
||||
$this->fail(15, "Access denied: this user chose to hide his groups.");
|
||||
|
||||
foreach($user->getClubs($offset, false, $count, true) as $club)
|
||||
$clbs[] = $club;
|
||||
|
||||
|
|
|
@ -16,6 +16,9 @@ final class Likes extends VKAPIRequestHandler
|
|||
if(is_null($post))
|
||||
$this->fail(100, "One of the parameters specified was missing or invalid: object not found");
|
||||
|
||||
if(!$post->canBeViewedBy($this->getUser()))
|
||||
$this->fail(15, "Access denied");
|
||||
|
||||
$post->setLike(true, $this->getUser());
|
||||
|
||||
return (object) [
|
||||
|
@ -37,6 +40,9 @@ final class Likes extends VKAPIRequestHandler
|
|||
if (is_null($post))
|
||||
$this->fail(100, "One of the parameters specified was missing or invalid: object not found");
|
||||
|
||||
if(!$post->canBeViewedBy($this->getUser()))
|
||||
$this->fail(15, "Access denied");
|
||||
|
||||
$post->setLike(false, $this->getUser());
|
||||
return (object) [
|
||||
"likes" => $post->getLikesCount()
|
||||
|
@ -60,6 +66,9 @@ final class Likes extends VKAPIRequestHandler
|
|||
if (is_null($post))
|
||||
$this->fail(100, "One of the parameters specified was missing or invalid: object not found");
|
||||
|
||||
if(!$post->canBeViewedBy($this->getUser()))
|
||||
$this->fail(15, "Access denied");
|
||||
|
||||
return (object) [
|
||||
"liked" => (int) $post->hasLikeFrom($user),
|
||||
"copied" => 0 # TODO: handle this
|
||||
|
|
|
@ -51,7 +51,8 @@ final class Newsfeed extends VKAPIRequestHandler
|
|||
{
|
||||
$this->requireUser();
|
||||
|
||||
$queryBase = "FROM `posts` LEFT JOIN `groups` ON GREATEST(`posts`.`wall`, 0) = 0 AND `groups`.`id` = ABS(`posts`.`wall`) WHERE (`groups`.`hide_from_global_feed` = 0 OR `groups`.`name` IS NULL) AND `posts`.`deleted` = 0";
|
||||
$queryBase = "FROM `posts` LEFT JOIN `groups` ON GREATEST(`posts`.`wall`, 0) = 0 AND `groups`.`id` = ABS(`posts`.`wall`) LEFT JOIN `profiles` ON LEAST(`posts`.`wall`, 0) = 0 AND `profiles`.`id` = ABS(`posts`.`wall`)";
|
||||
$queryBase .= "WHERE (`groups`.`hide_from_global_feed` = 0 OR `groups`.`name` IS NULL) AND (`profiles`.`profile_type` = 0 OR `profiles`.`first_name` IS NULL) AND `posts`.`deleted` = 0"; # AND `posts`.`suggested` = 0
|
||||
|
||||
if($this->getUser()->getNsfwTolerance() === User::NSFW_INTOLERANT)
|
||||
$queryBase .= " AND `nsfw` = 0";
|
||||
|
|
|
@ -40,6 +40,9 @@ final class Notes extends VKAPIRequestHandler
|
|||
if($note->getOwner()->isDeleted())
|
||||
$this->fail(403, "Owner is deleted");
|
||||
|
||||
if(!$note->canBeViewedBy($this->getUser()))
|
||||
$this->fail(15, "Access denied");
|
||||
|
||||
if(!$note->getOwner()->getPrivacyPermission('notes.read', $this->getUser()))
|
||||
$this->fail(43, "No access");
|
||||
|
||||
|
@ -187,7 +190,10 @@ final class Notes extends VKAPIRequestHandler
|
|||
$this->fail(15, "Invalid user");
|
||||
|
||||
if(!$user->getPrivacyPermission('notes.read', $this->getUser()))
|
||||
$this->fail(43, "Access denied: this user chose to hide his notes");
|
||||
$this->fail(15, "Access denied: this user chose to hide his notes");
|
||||
|
||||
if(!$user->canBeViewedBy($this->getUser()))
|
||||
$this->fail(15, "Access denied");
|
||||
|
||||
if(empty($note_ids)) {
|
||||
$notes = array_slice(iterator_to_array((new NotesRepo)->getUserNotes($user, 1, $count + $offset, $sort == 0 ? "ASC" : "DESC")), $offset);
|
||||
|
@ -238,6 +244,9 @@ final class Notes extends VKAPIRequestHandler
|
|||
if(!$note->getOwner()->getPrivacyPermission('notes.read', $this->getUser()))
|
||||
$this->fail(40, "Access denied: this user chose to hide his notes");
|
||||
|
||||
if(!$note->canBeViewedBy($this->getUser()))
|
||||
$this->fail(15, "Access to note denied");
|
||||
|
||||
return $note->toVkApiStruct();
|
||||
}
|
||||
|
||||
|
@ -258,6 +267,9 @@ final class Notes extends VKAPIRequestHandler
|
|||
|
||||
if(!$note->getOwner()->getPrivacyPermission('notes.read', $this->getUser()))
|
||||
$this->fail(14, "No access");
|
||||
|
||||
if(!$note->canBeViewedBy($this->getUser()))
|
||||
$this->fail(15, "Access to note denied");
|
||||
|
||||
$arr = (object) [
|
||||
"count" => $note->getCommentsCount(),
|
||||
|
|
|
@ -304,10 +304,12 @@ final class Photos extends VKAPIRequestHandler
|
|||
if(!$user || $user->isDeleted())
|
||||
$this->fail(2, "Invalid user");
|
||||
|
||||
|
||||
if(!$user->getPrivacyPermission('photos.read', $this->getUser()))
|
||||
$this->fail(21, "This user chose to hide his albums.");
|
||||
|
||||
if(!$user->canBeViewedBy($this->getUser()))
|
||||
$this->fail(15, "Access denied");
|
||||
|
||||
$albums = array_slice(iterator_to_array((new Albums)->getUserAlbums($user, 1, $count + $offset)), $offset);
|
||||
|
||||
foreach($albums as $album) {
|
||||
|
@ -368,15 +370,15 @@ final class Photos extends VKAPIRequestHandler
|
|||
}
|
||||
|
||||
if($user_id > 0) {
|
||||
|
||||
$us = (new UsersRepo)->get($user_id);
|
||||
if(!$us || $us->isDeleted()) {
|
||||
if(!$us || $us->isDeleted())
|
||||
$this->fail(21, "Invalid user");
|
||||
}
|
||||
|
||||
if(!$us->getPrivacyPermission('photos.read', $this->getUser())) {
|
||||
if(!$us->getPrivacyPermission('photos.read', $this->getUser()))
|
||||
$this->fail(21, "This user chose to hide his albums.");
|
||||
}
|
||||
|
||||
if(!$us->canBeViewedBy($this->getUser()))
|
||||
$this->fail(15, "Access dennieeeddd");
|
||||
|
||||
return (new Albums)->getUserAlbumsCount($us);
|
||||
}
|
||||
|
@ -404,17 +406,17 @@ final class Photos extends VKAPIRequestHandler
|
|||
$ph = explode("_", $phota);
|
||||
$photo = (new PhotosRepo)->getByOwnerAndVID((int)$ph[0], (int)$ph[1]);
|
||||
|
||||
if(!$photo || $photo->isDeleted()) {
|
||||
if(!$photo || $photo->isDeleted())
|
||||
$this->fail(21, "Invalid photo");
|
||||
}
|
||||
|
||||
if($photo->getOwner()->isDeleted()) {
|
||||
if($photo->getOwner()->isDeleted())
|
||||
$this->fail(21, "Owner of this photo is deleted");
|
||||
}
|
||||
|
||||
if(!$photo->getOwner()->getPrivacyPermission('photos.read', $this->getUser())) {
|
||||
if(!$photo->getOwner()->getPrivacyPermission('photos.read', $this->getUser()))
|
||||
$this->fail(21, "This user chose to hide his photos.");
|
||||
}
|
||||
|
||||
if(!$photo->canBeViewedBy($this->getUser()))
|
||||
$this->fail(15, "Access denied...");
|
||||
|
||||
$res[] = $photo->toVkApiStruct($photo_sizes, $extended);
|
||||
}
|
||||
|
@ -432,13 +434,11 @@ final class Photos extends VKAPIRequestHandler
|
|||
if(empty($photo_ids)) {
|
||||
$album = (new Albums)->getAlbumByOwnerAndId($owner_id, $album_id);
|
||||
|
||||
if(!$album->getOwner()->getPrivacyPermission('photos.read', $this->getUser())) {
|
||||
$this->fail(21, "This user chose to hide his albums.");
|
||||
}
|
||||
|
||||
if(!$album || $album->isDeleted()) {
|
||||
if(!$album || $album->isDeleted())
|
||||
$this->fail(21, "Invalid album");
|
||||
}
|
||||
|
||||
if(!$album->canBeViewedBy($this->getUser()))
|
||||
$this->fail(15, "Access denied");
|
||||
|
||||
$photos = array_slice(iterator_to_array($album->getPhotos(1, $count + $offset)), $offset);
|
||||
$res["count"] = sizeof($photos);
|
||||
|
@ -456,12 +456,11 @@ final class Photos extends VKAPIRequestHandler
|
|||
"items" => []
|
||||
];
|
||||
|
||||
foreach($photos as $photo)
|
||||
{
|
||||
foreach($photos as $photo) {
|
||||
$id = explode("_", $photo);
|
||||
|
||||
$phot = (new PhotosRepo)->getByOwnerAndVID((int)$id[0], (int)$id[1]);
|
||||
if($phot && !$phot->isDeleted()) {
|
||||
if($phot && !$phot->isDeleted() && $phot->canBeViewedBy($this->getUser())) {
|
||||
$res["items"][] = $phot->toVkApiStruct($photo_sizes, $extended);
|
||||
}
|
||||
}
|
||||
|
@ -477,13 +476,11 @@ final class Photos extends VKAPIRequestHandler
|
|||
|
||||
$album = (new Albums)->get($album_id);
|
||||
|
||||
if(!$album || $album->canBeModifiedBy($this->getUser())) {
|
||||
if(!$album || $album->canBeModifiedBy($this->getUser()))
|
||||
$this->fail(21, "Invalid album");
|
||||
}
|
||||
|
||||
if($album->isDeleted()) {
|
||||
if($album->isDeleted())
|
||||
$this->fail(22, "Album already deleted");
|
||||
}
|
||||
|
||||
$album->delete();
|
||||
|
||||
|
@ -497,13 +494,11 @@ final class Photos extends VKAPIRequestHandler
|
|||
|
||||
$photo = (new PhotosRepo)->getByOwnerAndVID($owner_id, $photo_id);
|
||||
|
||||
if(!$photo) {
|
||||
if(!$photo)
|
||||
$this->fail(21, "Invalid photo");
|
||||
}
|
||||
|
||||
if($photo->isDeleted()) {
|
||||
if($photo->isDeleted())
|
||||
$this->fail(21, "Photo is deleted");
|
||||
}
|
||||
|
||||
if(!empty($caption)) {
|
||||
$photo->setDescription($caption);
|
||||
|
@ -521,17 +516,14 @@ final class Photos extends VKAPIRequestHandler
|
|||
if(empty($photos)) {
|
||||
$photo = (new PhotosRepo)->getByOwnerAndVID($owner_id, $photo_id);
|
||||
|
||||
if($this->getUser()->getId() !== $photo->getOwner()->getId()) {
|
||||
if($this->getUser()->getId() !== $photo->getOwner()->getId())
|
||||
$this->fail(21, "You can't delete another's photo");
|
||||
}
|
||||
|
||||
if(!$photo) {
|
||||
if(!$photo)
|
||||
$this->fail(21, "Invalid photo");
|
||||
}
|
||||
|
||||
if($photo->isDeleted()) {
|
||||
if($photo->isDeleted())
|
||||
$this->fail(21, "Photo already deleted");
|
||||
}
|
||||
|
||||
$photo->delete();
|
||||
} else {
|
||||
|
@ -595,21 +587,20 @@ final class Photos extends VKAPIRequestHandler
|
|||
$this->requireUser();
|
||||
$this->willExecuteWriteAction();
|
||||
|
||||
if(empty($message) && empty($attachments)) {
|
||||
if(empty($message) && empty($attachments))
|
||||
$this->fail(100, "Required parameter 'message' missing.");
|
||||
}
|
||||
|
||||
$photo = (new PhotosRepo)->getByOwnerAndVID($owner_id, $photo_id);
|
||||
|
||||
if(!$photo->getAlbum()->getOwner()->getPrivacyPermission('photos.read', $this->getUser())) {
|
||||
$this->fail(21, "This user chose to hide his albums.");
|
||||
}
|
||||
|
||||
if(!$photo)
|
||||
$this->fail(180, "Photo not found");
|
||||
|
||||
if($photo->isDeleted())
|
||||
$this->fail(189, "Photo is deleted");
|
||||
|
||||
if(!$photo->canBeViewedBy($this->getUser()))
|
||||
$this->fail(15, "Access to photo denied.");
|
||||
|
||||
$comment = new Comment;
|
||||
$comment->setOwner($this->getUser()->getId());
|
||||
$comment->setModel(get_class($photo));
|
||||
|
@ -669,19 +660,19 @@ final class Photos extends VKAPIRequestHandler
|
|||
$this->requireUser();
|
||||
$this->willExecuteWriteAction();
|
||||
|
||||
if($owner_id < 0) {
|
||||
if($owner_id < 0)
|
||||
$this->fail(4, "This method doesn't works with clubs");
|
||||
}
|
||||
|
||||
$user = (new UsersRepo)->get($owner_id);
|
||||
|
||||
if(!$user) {
|
||||
if(!$user)
|
||||
$this->fail(4, "Invalid user");
|
||||
}
|
||||
|
||||
if(!$user->getPrivacyPermission('photos.read', $this->getUser())) {
|
||||
if(!$user->getPrivacyPermission('photos.read', $this->getUser()))
|
||||
$this->fail(21, "This user chose to hide his albums.");
|
||||
}
|
||||
|
||||
if(!$user->canBeViewedBy($this->getUser()))
|
||||
$this->fail(15, "Access denied");
|
||||
|
||||
$photos = array_slice(iterator_to_array((new PhotosRepo)->getEveryUserPhoto($user, 1, $count + $offset)), $offset);
|
||||
$res = [];
|
||||
|
@ -702,17 +693,11 @@ final class Photos extends VKAPIRequestHandler
|
|||
$photo = (new PhotosRepo)->getByOwnerAndVID($owner_id, $photo_id);
|
||||
$comms = array_slice(iterator_to_array($photo->getComments(1, $offset + $count)), $offset);
|
||||
|
||||
if(!$photo) {
|
||||
if(!$photo || $photo->isDeleted())
|
||||
$this->fail(4, "Invalid photo");
|
||||
}
|
||||
|
||||
if(!$photo->getAlbum()->getOwner()->getPrivacyPermission('photos.read', $this->getUser())) {
|
||||
$this->fail(21, "This user chose to hide his photos.");
|
||||
}
|
||||
|
||||
if($photo->isDeleted()) {
|
||||
$this->fail(4, "Photo is deleted");
|
||||
}
|
||||
if(!$photo->canBeViewedBy($this->getUser()))
|
||||
$this->fail(21, "Access denied");
|
||||
|
||||
$res = [
|
||||
"count" => sizeof($comms),
|
||||
|
|
|
@ -142,21 +142,51 @@ final class Users extends VKAPIRequestHandler
|
|||
];
|
||||
}
|
||||
case "music":
|
||||
if(!$usr->canBeViewedBy($this->getUser())) {
|
||||
$response[$i]->music = "secret";
|
||||
break;
|
||||
}
|
||||
|
||||
$response[$i]->music = $usr->getFavoriteMusic();
|
||||
break;
|
||||
case "movies":
|
||||
if(!$usr->canBeViewedBy($this->getUser())) {
|
||||
$response[$i]->movies = "secret";
|
||||
break;
|
||||
}
|
||||
|
||||
$response[$i]->movies = $usr->getFavoriteFilms();
|
||||
break;
|
||||
case "tv":
|
||||
if(!$usr->canBeViewedBy($this->getUser())) {
|
||||
$response[$i]->tv = "secret";
|
||||
break;
|
||||
}
|
||||
|
||||
$response[$i]->tv = $usr->getFavoriteShows();
|
||||
break;
|
||||
case "books":
|
||||
if(!$usr->canBeViewedBy($this->getUser())) {
|
||||
$response[$i]->books = "secret";
|
||||
break;
|
||||
}
|
||||
|
||||
$response[$i]->books = $usr->getFavoriteBooks();
|
||||
break;
|
||||
case "city":
|
||||
if(!$usr->canBeViewedBy($this->getUser())) {
|
||||
$response[$i]->city = "Воскресенск";
|
||||
break;
|
||||
}
|
||||
|
||||
$response[$i]->city = $usr->getCity();
|
||||
break;
|
||||
case "interests":
|
||||
if(!$usr->canBeViewedBy($this->getUser())) {
|
||||
$response[$i]->interests = "secret";
|
||||
break;
|
||||
}
|
||||
|
||||
$response[$i]->interests = $usr->getInterests();
|
||||
break;
|
||||
case "rating":
|
||||
|
@ -185,6 +215,14 @@ final class Users extends VKAPIRequestHandler
|
|||
|
||||
$this->requireUser();
|
||||
|
||||
$user = $users->get($user_id);
|
||||
|
||||
if(!$user || $user->isDeleted())
|
||||
$this->fail(14, "Invalid user");
|
||||
|
||||
if(!$user->canBeViewedBy($this->getUser()))
|
||||
$this->fail(15, "Access denied");
|
||||
|
||||
foreach($users->get($user_id)->getFollowers($offset, $count) as $follower)
|
||||
$followers[] = $follower->getId();
|
||||
|
||||
|
@ -277,6 +315,7 @@ final class Users extends VKAPIRequestHandler
|
|||
"fav_shows" => !empty($fav_shows) ? $fav_shows : NULL,
|
||||
"fav_books" => !empty($fav_books) ? $fav_books : NULL,
|
||||
"fav_quotes" => !empty($fav_quotes) ? $fav_quotes : NULL,
|
||||
"doNotSearchPrivate" => true,
|
||||
];
|
||||
|
||||
$find = $users->find($q, $parameters, $sortg);
|
||||
|
|
|
@ -40,6 +40,15 @@ final class Video extends VKAPIRequestHandler
|
|||
else
|
||||
$this->fail(1, "Not implemented");
|
||||
|
||||
if(!$user || $user->isDeleted())
|
||||
$this->fail(14, "Invalid user");
|
||||
|
||||
if(!$user->getPrivacyPermission('videos.read', $this->getUser()))
|
||||
$this->fail(21, "This user chose to hide his videos.");
|
||||
|
||||
if(!$user->canBeViewedBy($this->getUser()))
|
||||
$this->fail(15, "Access denied");
|
||||
|
||||
$videos = (new VideosRepo)->getByUser($user, $offset + 1, $count);
|
||||
$videosCount = (new VideosRepo)->getUserVideosCount($user);
|
||||
|
||||
|
|
|
@ -37,6 +37,9 @@ final class Wall extends VKAPIRequestHandler
|
|||
if ($owner_id > 0)
|
||||
if(!$wallOnwer || $wallOnwer->isDeleted())
|
||||
$this->fail(18, "User was deleted or banned");
|
||||
|
||||
if(!$wallOnwer->canBeViewedBy($this->getUser()))
|
||||
$this->fail(15, "Access denied");
|
||||
else
|
||||
if(!$wallOnwer)
|
||||
$this->fail(15, "Access denied: wall is disabled"); // Don't search for logic here pls
|
||||
|
@ -220,7 +223,11 @@ final class Wall extends VKAPIRequestHandler
|
|||
foreach($psts as $pst) {
|
||||
$id = explode("_", $pst);
|
||||
$post = (new PostsRepo)->getPostById(intval($id[0]), intval($id[1]));
|
||||
|
||||
if($post && !$post->isDeleted()) {
|
||||
if(!$post->canBeViewedBy($this->getUser()))
|
||||
continue;
|
||||
|
||||
$from_id = get_class($post->getOwner()) == "openvk\Web\Models\Entities\Club" ? $post->getOwner()->getId() * (-1) : $post->getOwner()->getId();
|
||||
$attachments = [];
|
||||
$repost = []; // чел высрал семь сигарет 😳 помянем 🕯
|
||||
|
@ -389,7 +396,7 @@ final class Wall extends VKAPIRequestHandler
|
|||
$wallOwner = ($owner_id > 0 ? (new UsersRepo)->get($owner_id) : (new ClubsRepo)->get($owner_id * -1))
|
||||
?? $this->fail(18, "User was deleted or banned");
|
||||
if($owner_id > 0)
|
||||
$canPost = $wallOwner->getPrivacyPermission("wall.write", $this->getUser());
|
||||
$canPost = $wallOwner->getPrivacyPermission("wall.write", $this->getUser()) && $wallOwner->canBeViewedBy($this->getUser());
|
||||
else if($owner_id < 0)
|
||||
if($wallOwner->canBeModifiedBy($this->getUser()))
|
||||
$canPost = true;
|
||||
|
@ -508,6 +515,9 @@ final class Wall extends VKAPIRequestHandler
|
|||
$post = (new PostsRepo)->getPostById((int) $postArray[1], (int) $postArray[2]);
|
||||
if(!$post || $post->isDeleted()) $this->fail(100, "One of the parameters specified was missing or invalid");
|
||||
|
||||
if(!$post->canBeViewedBy($this->getUser()))
|
||||
$this->fail(15, "Access denied");
|
||||
|
||||
$nPost = new Post;
|
||||
$nPost->setOwner($this->user->getId());
|
||||
|
||||
|
@ -546,6 +556,9 @@ final class Wall extends VKAPIRequestHandler
|
|||
|
||||
$post = (new PostsRepo)->getPostById($owner_id, $post_id);
|
||||
if(!$post || $post->isDeleted()) $this->fail(100, "One of the parameters specified was missing or invalid");
|
||||
|
||||
if(!$post->canBeViewedBy($this->getUser()))
|
||||
$this->fail(15, "Access denied");
|
||||
|
||||
$comments = (new CommentsRepo)->getCommentsByTarget($post, $offset+1, $count, $sort == "desc" ? "DESC" : "ASC");
|
||||
|
||||
|
@ -624,6 +637,12 @@ final class Wall extends VKAPIRequestHandler
|
|||
|
||||
$comment = (new CommentsRepo)->get($comment_id); # один хуй айди всех комментов общий
|
||||
|
||||
if(!$comment || $comment->isDeleted())
|
||||
$this->fail(100, "Invalid comment");
|
||||
|
||||
if(!$comment->canBeViewedBy($this->getUser()))
|
||||
$this->fail(15, "Access denied");
|
||||
|
||||
$profiles = [];
|
||||
|
||||
$attachments = [];
|
||||
|
@ -685,6 +704,9 @@ final class Wall extends VKAPIRequestHandler
|
|||
$post = (new PostsRepo)->getPostById($owner_id, $post_id);
|
||||
if(!$post || $post->isDeleted()) $this->fail(100, "Invalid post");
|
||||
|
||||
if(!$post->canBeViewedBy($this->getUser()))
|
||||
$this->fail(15, "Access denied");
|
||||
|
||||
if($post->getTargetWall() < 0)
|
||||
$club = (new ClubsRepo)->get(abs($post->getTargetWall()));
|
||||
|
||||
|
|
|
@ -188,7 +188,7 @@
|
|||
</div>
|
||||
{elseif $type == "posts"}
|
||||
<div n:foreach="$data as $dat" class="content">
|
||||
{if !$dat || $dat->getTargetWall() < 0 && $dat->getWallOwner()->isHideFromGlobalFeedEnabled()}
|
||||
{if !$dat || $dat->getTargetWall() < 0 && $dat->getWallOwner()->isHideFromGlobalFeedEnabled() || !$dat->canBeViewedBy($thisUser)}
|
||||
{_closed_group_post}.
|
||||
{else}
|
||||
{include "../components/post.xml", post => $dat, commentSection => true, onWallOf => true}
|
||||
|
|
|
@ -150,6 +150,18 @@
|
|||
"user_banned" = "Unfortunately, we had to block the <b>$1</b> user page.";
|
||||
"user_banned_comment" = "Moderator's comment:";
|
||||
|
||||
"closed_page" = "Closed page";
|
||||
|
||||
"limited_access_to_page_m" = "$1 limited access to his page.";
|
||||
"limited_access_to_page_f" = "$1 limited access to her page.";
|
||||
|
||||
"you_can_add" = "You can";
|
||||
"add_to_friends_m" = "add him to friends.";
|
||||
"add_to_friends_f" = "add her to friends.";
|
||||
|
||||
"register_to_access_page_m" = "Sign up to get access to his page.";
|
||||
"register_to_access_page_f" = "Sign up to get access to her page.";
|
||||
|
||||
/* Wall */
|
||||
|
||||
"feed" = "News";
|
||||
|
@ -528,6 +540,10 @@
|
|||
"privacy_value_only_me_dative" = "Only me";
|
||||
"privacy_value_nobody" = "Nobody";
|
||||
|
||||
"profile_type" = "Profile type";
|
||||
"profile_type_open" = "Open";
|
||||
"profile_type_closed" = "Closed";
|
||||
|
||||
"your_email_address" = "Your Email address";
|
||||
"your_page_address" = "Your address page";
|
||||
"page_address" = "Address page";
|
||||
|
|
Loading…
Reference in a new issue