From a9332823b12730a1434b38036e81630e3bddab75 Mon Sep 17 00:00:00 2001 From: n1rwana Date: Fri, 11 Aug 2023 19:19:19 +0300 Subject: [PATCH] =?UTF-8?q?=D0=9E=D1=82=D0=BE=D0=B1=D1=80=D0=B0=D0=B6?= =?UTF-8?q?=D0=B5=D0=BD=D0=B8=D0=B5=20=D0=BF=D0=BE=D0=BB=D1=8C=D0=B7=D0=BE?= =?UTF-8?q?=D0=B2=D0=B0=D1=82=D0=B5=D0=BB=D0=B5=D0=B9=20=D0=B8=20=D1=83?= =?UTF-8?q?=D0=B4=D0=B0=D0=BB=D0=B5=D0=BD=D0=BD=D0=BE=D0=B3=D0=BE=20=D0=BA?= =?UTF-8?q?=D0=BE=D0=BD=D1=82=D0=B5=D0=BD=D1=82=D0=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Web/Models/Entities/Album.php | 5 +++++ Web/Models/Entities/Note.php | 5 +++++ Web/Models/Entities/Post.php | 5 +++++ Web/Models/Entities/Ticket.php | 5 +++++ Web/Models/Entities/TicketComment.php | 5 +++++ Web/Models/Entities/Video.php | 3 +++ Web/Models/Repositories/Users.php | 5 +++++ Web/Presenters/NotesPresenter.php | 5 ++++- Web/Presenters/OpenVKPresenter.php | 14 ++++++++++++++ Web/Presenters/PhotosPresenter.php | 4 +++- Web/Presenters/SupportPresenter.php | 4 +++- Web/Presenters/WallPresenter.php | 6 ++++-- Web/Presenters/templates/Admin/Logs.xml | 15 +++++++++++++-- 13 files changed, 74 insertions(+), 7 deletions(-) diff --git a/Web/Models/Entities/Album.php b/Web/Models/Entities/Album.php index 150cc625..4762f01a 100644 --- a/Web/Models/Entities/Album.php +++ b/Web/Models/Entities/Album.php @@ -93,4 +93,9 @@ class Album extends MediaCollection return $res; } + + function getURL(): string + { + return "/album" . $this->getPrettyId(); + } } diff --git a/Web/Models/Entities/Note.php b/Web/Models/Entities/Note.php index 37d9ac29..22485876 100644 --- a/Web/Models/Entities/Note.php +++ b/Web/Models/Entities/Note.php @@ -138,4 +138,9 @@ class Note extends Postable return $res; } + + function getURL(): string + { + return "/note" . $this->getPrettyId(); + } } diff --git a/Web/Models/Entities/Post.php b/Web/Models/Entities/Post.php index 42941901..bc52cd7c 100644 --- a/Web/Models/Entities/Post.php +++ b/Web/Models/Entities/Post.php @@ -245,6 +245,11 @@ class Post extends Postable $this->unwire(); $this->save(); } + + function getURL(): string + { + return "/wall" . $this->getPrettyId(); + } use Traits\TRichText; } diff --git a/Web/Models/Entities/Ticket.php b/Web/Models/Entities/Ticket.php index 31690ce3..67458d44 100644 --- a/Web/Models/Entities/Ticket.php +++ b/Web/Models/Entities/Ticket.php @@ -64,5 +64,10 @@ class Ticket extends RowModel return false; } + function getURL(): string + { + return "/support/reply/" . $this->getId(); + } + use Traits\TRichText; } diff --git a/Web/Models/Entities/TicketComment.php b/Web/Models/Entities/TicketComment.php index 2f1a5e8f..1dbbe5bf 100644 --- a/Web/Models/Entities/TicketComment.php +++ b/Web/Models/Entities/TicketComment.php @@ -132,5 +132,10 @@ class TicketComment extends RowModel return (bool) $this->getRecord()->deleted; } + function getURL(): string + { + return "/support/reply/" . $this->getTicket()->getId(); + } + use Traits\TRichText; } diff --git a/Web/Models/Entities/Video.php b/Web/Models/Entities/Video.php index cef48e27..1f4fab46 100644 --- a/Web/Models/Entities/Video.php +++ b/Web/Models/Entities/Video.php @@ -1,5 +1,7 @@ create(CurrentUser::i()->getUser()->getChandlerGUID(), "videos", get_class($this), 2, $this, ["deleted" => 1]); $this->setDeleted(1); $this->unwire(); $this->save(); diff --git a/Web/Models/Repositories/Users.php b/Web/Models/Repositories/Users.php index de0d341d..6324bf11 100644 --- a/Web/Models/Repositories/Users.php +++ b/Web/Models/Repositories/Users.php @@ -48,6 +48,11 @@ class Users { return $user ? $this->toUser($this->users->where("user", $user->getId())->fetch()) : NULL; } + + function getByChandlerGUID(string $GUID): ?User + { + return $this->toUser($this->users->where("user", $GUID)->fetch()); + } function find(string $query, array $pars = [], string $sort = "id DESC"): Util\EntityStream { diff --git a/Web/Presenters/NotesPresenter.php b/Web/Presenters/NotesPresenter.php index 50437ad7..80c333a1 100644 --- a/Web/Presenters/NotesPresenter.php +++ b/Web/Presenters/NotesPresenter.php @@ -36,8 +36,11 @@ final class NotesPresenter extends OpenVKPresenter function renderView(int $owner, int $note_id): void { $note = $this->notes->getNoteById($owner, $note_id); - if(!$note || $note->getOwner()->getId() !== $owner || $note->isDeleted()) + if(!$note || $note->getOwner()->getId() !== $owner) $this->notFound(); + + $this->assertCanViewDeleted($note); + if(!$note->getOwner()->getPrivacyPermission('notes.read', $this->user->identity ?? NULL)) $this->flashFail("err", tr("forbidden"), tr("forbidden_comment")); diff --git a/Web/Presenters/OpenVKPresenter.php b/Web/Presenters/OpenVKPresenter.php index 80ab0621..b29ca747 100644 --- a/Web/Presenters/OpenVKPresenter.php +++ b/Web/Presenters/OpenVKPresenter.php @@ -6,6 +6,7 @@ use Chandler\Session\Session; use Chandler\Security\Authenticator; use Latte\Engine as TemplatingEngine; use openvk\Web\Models\Entities\IP; +use openvk\Web\Models\RowModel; use openvk\Web\Themes\Themepacks; use openvk\Web\Models\Repositories\{IPs, Users, APITokens, Tickets, Reports, CurrentUser}; use WhichBrowser; @@ -148,6 +149,19 @@ abstract class OpenVKPresenter extends SimplePresenter $this->flashFail("err", tr("rate_limit_error"), tr("rate_limit_error_comment", OPENVK_ROOT_CONF["openvk"]["appearance"]["name"], $res), NULL, $json); } } + + protected function assertCanViewDeleted(RowModel $object): void + { + if ($object->isDeleted()) { + if ($this->queryParam("del")) { + if ($this->assertPermission("admin", "access", -1)) { + $this->flash("warn", "Обратите внимание", "Вы просматриваете удаленный контент. Его видят только администраторы"); + } + } else { + $this->notFound(); + } + } + } protected function signal(object $event): bool { diff --git a/Web/Presenters/PhotosPresenter.php b/Web/Presenters/PhotosPresenter.php index 345b2c60..e63f29a5 100644 --- a/Web/Presenters/PhotosPresenter.php +++ b/Web/Presenters/PhotosPresenter.php @@ -134,8 +134,10 @@ final class PhotosPresenter extends OpenVKPresenter { $album = $this->albums->get($id); if(!$album) $this->notFound(); - if($album->getPrettyId() !== $owner . "_" . $id || $album->isDeleted()) + if($album->getPrettyId() !== $owner . "_" . $id) $this->notFound(); + + $this->assertCanViewDeleted($album); if($owner > 0 /* bc we currently don't have perms for clubs */) { $ownerObject = (new Users)->get($owner); diff --git a/Web/Presenters/SupportPresenter.php b/Web/Presenters/SupportPresenter.php index 8163dbf8..3a825c21 100644 --- a/Web/Presenters/SupportPresenter.php +++ b/Web/Presenters/SupportPresenter.php @@ -203,9 +203,11 @@ final class SupportPresenter extends OpenVKPresenter $this->assertPermission('openvk\Web\Models\Entities\TicketReply', 'write', 0); $ticket = $this->tickets->get($id); - if(!$ticket || $ticket->isDeleted() != 0) + if(!$ticket) $this->notFound(); + $this->assertCanViewDeleted($ticket); + $ticketComments = $this->comments->getCommentsById($id); $this->template->ticket = $ticket; $this->template->comments = $ticketComments; diff --git a/Web/Presenters/WallPresenter.php b/Web/Presenters/WallPresenter.php index 3e115ec7..3636c67e 100644 --- a/Web/Presenters/WallPresenter.php +++ b/Web/Presenters/WallPresenter.php @@ -343,9 +343,11 @@ final class WallPresenter extends OpenVKPresenter function renderPost(int $wall, int $post_id): void { $post = $this->posts->getPostById($wall, $post_id); - if(!$post || $post->isDeleted()) + if(!$post) $this->notFound(); - + + $this->assertCanViewDeleted($post); + $this->logPostView($post, $wall); $this->template->post = $post; diff --git a/Web/Presenters/templates/Admin/Logs.xml b/Web/Presenters/templates/Admin/Logs.xml index d953a378..9b44976f 100644 --- a/Web/Presenters/templates/Admin/Logs.xml +++ b/Web/Presenters/templates/Admin/Logs.xml @@ -53,7 +53,14 @@ {$log->getId()} - {$log->getUser()} + {var $_user = (new openvk\Web\Models\Repositories\Users)->getByChandlerGUID($log->getUser())} + + + {$_user->getCanonicalName()} + + + {$_user->getCanonicalName()} @@ -61,7 +68,11 @@ {$log->getObjectName()} - {$log->getObjectName()} + + {$log->getObjectName()} + {_$log->getTypeNom()}