mirror of
https://github.com/openvk/openvk
synced 2025-01-08 00:39:40 +03:00
idk
Запрет likes.isLiked при недоступном user_id, запрет просмотра и доступа через API к опросам которые были созданы закрытым профилем, добавление кнопки блокировки в поддержке для закрытых профилей
This commit is contained in:
lalka2016
parent
c39780c3f9
commit
aef77db697
7 changed files with 36 additions and 10 deletions
|
|
@ -70,9 +70,12 @@ final class Likes extends VKAPIRequestHandler
|
||||||
switch($type) {
|
switch($type) {
|
||||||
case "post":
|
case "post":
|
||||||
$user = (new UsersRepo)->get($user_id);
|
$user = (new UsersRepo)->get($user_id);
|
||||||
if (is_null($user))
|
if(is_null($user))
|
||||||
$this->fail(100, "One of the parameters specified was missing or invalid: user not found");
|
$this->fail(100, "One of the parameters specified was missing or invalid: user not found");
|
||||||
|
|
||||||
|
if(!$user->canBeViewedBy($this->getUser()))
|
||||||
|
$this->fail(1983, "Access to user denied");
|
||||||
|
|
||||||
$post = (new PostsRepo)->getPostById($owner_id, $item_id);
|
$post = (new PostsRepo)->getPostById($owner_id, $item_id);
|
||||||
if (is_null($post))
|
if (is_null($post))
|
||||||
$this->fail(100, "One of the parameters specified was missing or invalid: object not found");
|
$this->fail(100, "One of the parameters specified was missing or invalid: object not found");
|
||||||
|
|
|
||||||
|
|
@ -14,9 +14,12 @@ final class Polls extends VKAPIRequestHandler
|
||||||
{
|
{
|
||||||
$poll = (new PollsRepo)->get($poll_id);
|
$poll = (new PollsRepo)->get($poll_id);
|
||||||
|
|
||||||
if (!$poll)
|
if(!$poll)
|
||||||
$this->fail(100, "One of the parameters specified was missing or invalid: poll_id is incorrect");
|
$this->fail(100, "One of the parameters specified was missing or invalid: poll_id is incorrect");
|
||||||
|
|
||||||
|
if(!$poll->canBeViewedBy($this->getUser()))
|
||||||
|
$this->fail(256, "Access to poll denied");
|
||||||
|
|
||||||
$users = array();
|
$users = array();
|
||||||
$answers = array();
|
$answers = array();
|
||||||
foreach($poll->getResults()->options as $answer) {
|
foreach($poll->getResults()->options as $answer) {
|
||||||
|
|
@ -73,6 +76,9 @@ final class Polls extends VKAPIRequestHandler
|
||||||
if(!$poll)
|
if(!$poll)
|
||||||
$this->fail(251, "Invalid poll id");
|
$this->fail(251, "Invalid poll id");
|
||||||
|
|
||||||
|
if(!$poll->canBeViewedBy($this->getUser()))
|
||||||
|
$this->fail(256, "Access to poll denied");
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$poll->vote($this->getUser(), explode(",", $answers_ids));
|
$poll->vote($this->getUser(), explode(",", $answers_ids));
|
||||||
return 1;
|
return 1;
|
||||||
|
|
@ -95,6 +101,9 @@ final class Polls extends VKAPIRequestHandler
|
||||||
if(!$poll)
|
if(!$poll)
|
||||||
$this->fail(251, "Invalid poll id");
|
$this->fail(251, "Invalid poll id");
|
||||||
|
|
||||||
|
if(!$poll->canBeViewedBy($this->getUser()))
|
||||||
|
$this->fail(256, "Access to poll denied");
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$poll->revokeVote($this->getUser());
|
$poll->revokeVote($this->getUser());
|
||||||
return 1;
|
return 1;
|
||||||
|
|
|
||||||
|
|
@ -293,8 +293,8 @@ class Poll extends Attachable
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
function canBeViewedBy(?User $user): bool
|
function canBeViewedBy(?User $user = NULL): bool
|
||||||
{
|
{
|
||||||
return true;
|
return $this->getOwner()->canBeViewedBy($user);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -19,6 +19,9 @@ final class PollPresenter extends OpenVKPresenter
|
||||||
$poll = $this->polls->get($id);
|
$poll = $this->polls->get($id);
|
||||||
if(!$poll)
|
if(!$poll)
|
||||||
$this->notFound();
|
$this->notFound();
|
||||||
|
|
||||||
|
if(!$poll->canBeViewedBy($this->user->identity))
|
||||||
|
$this->notFound();
|
||||||
|
|
||||||
$this->template->id = $poll->getId();
|
$this->template->id = $poll->getId();
|
||||||
$this->template->title = $poll->getTitle();
|
$this->template->title = $poll->getTitle();
|
||||||
|
|
@ -53,6 +56,9 @@ final class PollPresenter extends OpenVKPresenter
|
||||||
if(!$poll)
|
if(!$poll)
|
||||||
$this->notFound();
|
$this->notFound();
|
||||||
|
|
||||||
|
if(!$poll->canBeViewedBy($this->user->identity))
|
||||||
|
$this->notFound();
|
||||||
|
|
||||||
if($poll->isAnonymous())
|
if($poll->isAnonymous())
|
||||||
$this->flashFail("err", tr("forbidden"), tr("poll_err_anonymous"));
|
$this->flashFail("err", tr("forbidden"), tr("poll_err_anonymous"));
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -135,13 +135,12 @@
|
||||||
function banClub() {
|
function banClub() {
|
||||||
let name = {$club->getName()}
|
let name = {$club->getName()}
|
||||||
let body = tr("ban_group_desc", {$club->getName()})
|
let body = tr("ban_group_desc", {$club->getName()})
|
||||||
let cool = tr("come_up_with_something_cool")
|
|
||||||
let num = {$club->getId()}
|
let num = {$club->getId()}
|
||||||
body += `
|
body += `
|
||||||
<br>
|
<br>
|
||||||
<input type="text" id="block_reason" name="block_reason" placeholder="` + cool + `">
|
<input type="text" id="block_reason" name="block_reason" placeholder="` + tr("come_up_with_something_cool") + `">
|
||||||
<input type="checkbox" value="1" id="delete_every_post" name="delete_every_post">` + tr('delete_every_post') +
|
<input type="checkbox" value="1" id="delete_every_post" name="delete_every_post"><label for="delete_every_post"> ` + tr('delete_every_post') + `</label>
|
||||||
`<br><input type="checkbox" value="1" id="unsub_everyone" name="unsub_everyone">` + tr('unsubscribe_everyoune')
|
<br><input type="checkbox" value="1" id="unsub_everyone" name="unsub_everyone"><label for="unsub_everyone"> ` + tr('unsubscribe_everyoune') + `</label>`
|
||||||
|
|
||||||
|
|
||||||
MessageBox({_ban_group} + " " + {$club->getName()}, body, [{_ok}, {_cancel}], [
|
MessageBox({_ban_group} + " " + {$club->getName()}, body, [{_ok}, {_cancel}], [
|
||||||
|
|
|
||||||
|
|
@ -110,6 +110,15 @@
|
||||||
<input type="submit" class="profile_link" value="{_friends_reject}" style="width: 194px;" />
|
<input type="submit" class="profile_link" value="{_friends_reject}" style="width: 194px;" />
|
||||||
</form>
|
</form>
|
||||||
{/if}
|
{/if}
|
||||||
|
{if $thisUser->getChandlerUser()->can('write')->model('openvk\Web\Models\Entities\TicketReply')->whichBelongsTo(0)}
|
||||||
|
<a href="javascript:toggleBanInSupport()" class="profile_link" style="width: 194px;">
|
||||||
|
{if $user->isBannedInSupport()}
|
||||||
|
{_unban_in_support_user_action}
|
||||||
|
{else}
|
||||||
|
{_ban_in_support_user_action}
|
||||||
|
{/if}
|
||||||
|
</a>
|
||||||
|
{/if}
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="right_big_block">
|
<div class="right_big_block">
|
||||||
|
|
@ -728,6 +737,8 @@
|
||||||
}
|
}
|
||||||
</script>
|
</script>
|
||||||
|
|
||||||
|
{/if}
|
||||||
|
|
||||||
<script n:if="isset($thisUser) && $thisUser->getChandlerUser()->can('write')->model('openvk\Web\Models\Entities\TicketReply')->whichBelongsTo(0)">
|
<script n:if="isset($thisUser) && $thisUser->getChandlerUser()->can('write')->model('openvk\Web\Models\Entities\TicketReply')->whichBelongsTo(0)">
|
||||||
{if $user->isBannedInSupport()}
|
{if $user->isBannedInSupport()}
|
||||||
function toggleBanInSupport() {
|
function toggleBanInSupport() {
|
||||||
|
|
@ -821,8 +832,6 @@
|
||||||
</script>
|
</script>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
{/if}
|
|
||||||
|
|
||||||
{else} {* isBanned() *}
|
{else} {* isBanned() *}
|
||||||
{include "banned.xml"}
|
{include "banned.xml"}
|
||||||
{/if}
|
{/if}
|
||||||
|
|
|
||||||
Binary file not shown.
|
Before Width: | Height: | Size: 3.6 KiB After Width: | Height: | Size: 3.4 KiB |
Loading…
Reference in a new issue