From c0acfd7f7fc2caa0b1980a29adb9777f4e68249b Mon Sep 17 00:00:00 2001
From: Maxim Leshchenko <cnmaks90@gmail.com>
Date: Wed, 15 Dec 2021 19:19:13 +0200
Subject: [PATCH] Groups: Remove the ability for those who are not group
 administrators to publish posts, comments and topics on behalf of the group
 Before this commit, this could be done by sending the corresponding parameter
 in the POST request (but the checkbox for this was not displayed by default)

---
 Web/Presenters/CommentPresenter.php | 7 ++++++-
 Web/Presenters/TopicsPresenter.php  | 2 +-
 Web/Presenters/WallPresenter.php    | 2 +-
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/Web/Presenters/CommentPresenter.php b/Web/Presenters/CommentPresenter.php
index c114ba5d..1511aef4 100644
--- a/Web/Presenters/CommentPresenter.php
+++ b/Web/Presenters/CommentPresenter.php
@@ -41,9 +41,14 @@ final class CommentPresenter extends OpenVKPresenter
 
         if($entity instanceof Topic && $entity->isClosed())
             $this->notFound();
+
+        if($entity instanceof Post && $entity->getTargetWall() > 0)
+            $club = (new Clubs)->get(abs($entity->getTargetWall()));
+        else if($entity instanceof Topic)
+            $club = $entity->getClub();
         
         $flags = 0;
-        if($this->postParam("as_group") === "on")
+        if($this->postParam("as_group") === "on" && !is_null($club) && $club->canBeModifiedBy($this->user->identity))
             $flags |= 0b10000000;
 
         $photo = NULL;
diff --git a/Web/Presenters/TopicsPresenter.php b/Web/Presenters/TopicsPresenter.php
index 5fb8eaff..f29c7979 100644
--- a/Web/Presenters/TopicsPresenter.php
+++ b/Web/Presenters/TopicsPresenter.php
@@ -80,7 +80,7 @@ final class TopicsPresenter extends OpenVKPresenter
                 $this->flashFail("err", tr("failed_to_create_topic"), tr("no_title_specified"));
 
             $flags = 0;
-            if($this->postParam("as_group") === "on")
+            if($this->postParam("as_group") === "on" && $club->canBeModifiedBy($this->user->identity))
                 $flags |= 0b10000000;
 
             $topic = new Topic;
diff --git a/Web/Presenters/WallPresenter.php b/Web/Presenters/WallPresenter.php
index 0e2f95f2..acb8f633 100644
--- a/Web/Presenters/WallPresenter.php
+++ b/Web/Presenters/WallPresenter.php
@@ -197,7 +197,7 @@ final class WallPresenter extends OpenVKPresenter
         }
         
         $flags = 0;
-        if($this->postParam("as_group") === "on")
+        if($this->postParam("as_group") === "on" && $wallOwner instanceof Club && $wallOwner->canBeModifiedBy($this->user->identity))
             $flags |= 0b10000000;
         if($this->postParam("force_sign") === "on")
             $flags |= 0b01000000;