mirror of
https://github.com/openvk/openvk
synced 2025-01-06 16:00:00 +03:00
idk
Запрет likes.isLiked при недоступном user_id, запрет просмотра и доступа через API к опросам которые были созданы закрытым профилем, добавление кнопки блокировки в поддержке для закрытых профилей
This commit is contained in:
lalka2016
parent
c39780c3f9
commit
aef77db697
7 changed files with 36 additions and 10 deletions
|
|
@ -70,9 +70,12 @@ final class Likes extends VKAPIRequestHandler
|
|||
switch($type) {
|
||||
case "post":
|
||||
$user = (new UsersRepo)->get($user_id);
|
||||
if (is_null($user))
|
||||
if(is_null($user))
|
||||
$this->fail(100, "One of the parameters specified was missing or invalid: user not found");
|
||||
|
||||
if(!$user->canBeViewedBy($this->getUser()))
|
||||
$this->fail(1983, "Access to user denied");
|
||||
|
||||
$post = (new PostsRepo)->getPostById($owner_id, $item_id);
|
||||
if (is_null($post))
|
||||
$this->fail(100, "One of the parameters specified was missing or invalid: object not found");
|
||||
|
|
|
|||
|
|
@ -14,9 +14,12 @@ final class Polls extends VKAPIRequestHandler
|
|||
{
|
||||
$poll = (new PollsRepo)->get($poll_id);
|
||||
|
||||
if (!$poll)
|
||||
if(!$poll)
|
||||
$this->fail(100, "One of the parameters specified was missing or invalid: poll_id is incorrect");
|
||||
|
||||
if(!$poll->canBeViewedBy($this->getUser()))
|
||||
$this->fail(256, "Access to poll denied");
|
||||
|
||||
$users = array();
|
||||
$answers = array();
|
||||
foreach($poll->getResults()->options as $answer) {
|
||||
|
|
@ -73,6 +76,9 @@ final class Polls extends VKAPIRequestHandler
|
|||
if(!$poll)
|
||||
$this->fail(251, "Invalid poll id");
|
||||
|
||||
if(!$poll->canBeViewedBy($this->getUser()))
|
||||
$this->fail(256, "Access to poll denied");
|
||||
|
||||
try {
|
||||
$poll->vote($this->getUser(), explode(",", $answers_ids));
|
||||
return 1;
|
||||
|
|
@ -95,6 +101,9 @@ final class Polls extends VKAPIRequestHandler
|
|||
if(!$poll)
|
||||
$this->fail(251, "Invalid poll id");
|
||||
|
||||
if(!$poll->canBeViewedBy($this->getUser()))
|
||||
$this->fail(256, "Access to poll denied");
|
||||
|
||||
try {
|
||||
$poll->revokeVote($this->getUser());
|
||||
return 1;
|
||||
|
|
|
|||
|
|
@ -293,8 +293,8 @@ class Poll extends Attachable
|
|||
}
|
||||
}
|
||||
|
||||
function canBeViewedBy(?User $user): bool
|
||||
function canBeViewedBy(?User $user = NULL): bool
|
||||
{
|
||||
return true;
|
||||
return $this->getOwner()->canBeViewedBy($user);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -19,6 +19,9 @@ final class PollPresenter extends OpenVKPresenter
|
|||
$poll = $this->polls->get($id);
|
||||
if(!$poll)
|
||||
$this->notFound();
|
||||
|
||||
if(!$poll->canBeViewedBy($this->user->identity))
|
||||
$this->notFound();
|
||||
|
||||
$this->template->id = $poll->getId();
|
||||
$this->template->title = $poll->getTitle();
|
||||
|
|
@ -53,6 +56,9 @@ final class PollPresenter extends OpenVKPresenter
|
|||
if(!$poll)
|
||||
$this->notFound();
|
||||
|
||||
if(!$poll->canBeViewedBy($this->user->identity))
|
||||
$this->notFound();
|
||||
|
||||
if($poll->isAnonymous())
|
||||
$this->flashFail("err", tr("forbidden"), tr("poll_err_anonymous"));
|
||||
|
||||
|
|
|
|||
|
|
@ -135,13 +135,12 @@
|
|||
function banClub() {
|
||||
let name = {$club->getName()}
|
||||
let body = tr("ban_group_desc", {$club->getName()})
|
||||
let cool = tr("come_up_with_something_cool")
|
||||
let num = {$club->getId()}
|
||||
body += `
|
||||
<br>
|
||||
<input type="text" id="block_reason" name="block_reason" placeholder="` + cool + `">
|
||||
<input type="checkbox" value="1" id="delete_every_post" name="delete_every_post">` + tr('delete_every_post') +
|
||||
`<br><input type="checkbox" value="1" id="unsub_everyone" name="unsub_everyone">` + tr('unsubscribe_everyoune')
|
||||
<input type="text" id="block_reason" name="block_reason" placeholder="` + tr("come_up_with_something_cool") + `">
|
||||
<input type="checkbox" value="1" id="delete_every_post" name="delete_every_post"><label for="delete_every_post"> ` + tr('delete_every_post') + `</label>
|
||||
<br><input type="checkbox" value="1" id="unsub_everyone" name="unsub_everyone"><label for="unsub_everyone"> ` + tr('unsubscribe_everyoune') + `</label>`
|
||||
|
||||
|
||||
MessageBox({_ban_group} + " " + {$club->getName()}, body, [{_ok}, {_cancel}], [
|
||||
|
|
|
|||
|
|
@ -110,6 +110,15 @@
|
|||
<input type="submit" class="profile_link" value="{_friends_reject}" style="width: 194px;" />
|
||||
</form>
|
||||
{/if}
|
||||
{if $thisUser->getChandlerUser()->can('write')->model('openvk\Web\Models\Entities\TicketReply')->whichBelongsTo(0)}
|
||||
<a href="javascript:toggleBanInSupport()" class="profile_link" style="width: 194px;">
|
||||
{if $user->isBannedInSupport()}
|
||||
{_unban_in_support_user_action}
|
||||
{else}
|
||||
{_ban_in_support_user_action}
|
||||
{/if}
|
||||
</a>
|
||||
{/if}
|
||||
</div>
|
||||
</div>
|
||||
<div class="right_big_block">
|
||||
|
|
@ -728,6 +737,8 @@
|
|||
}
|
||||
</script>
|
||||
|
||||
{/if}
|
||||
|
||||
<script n:if="isset($thisUser) && $thisUser->getChandlerUser()->can('write')->model('openvk\Web\Models\Entities\TicketReply')->whichBelongsTo(0)">
|
||||
{if $user->isBannedInSupport()}
|
||||
function toggleBanInSupport() {
|
||||
|
|
@ -821,8 +832,6 @@
|
|||
</script>
|
||||
</div>
|
||||
|
||||
{/if}
|
||||
|
||||
{else} {* isBanned() *}
|
||||
{include "banned.xml"}
|
||||
{/if}
|
||||
|
|
|
|||
Binary file not shown.
|
Before Width: | Height: | Size: 3.6 KiB After Width: | Height: | Size: 3.4 KiB |
Loading…
Reference in a new issue