mirror of
https://github.com/openvk/openvk
synced 2024-12-23 00:51:03 +03:00
parent
7dc3e8965d
commit
c16262617d
5 changed files with 24 additions and 2 deletions
|
@ -19,6 +19,8 @@ final class NotesPresenter extends OpenVKPresenter
|
|||
{
|
||||
$user = (new Users)->get($owner);
|
||||
if(!$user) $this->notFound();
|
||||
if(!$user->getPrivacyPermission('notes.read', $this->user->identity ?? NULL))
|
||||
$this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
|
||||
|
||||
$this->template->notes = $this->notes->getUserNotes($user, (int)($this->queryParam("p") ?? 1));
|
||||
$this->template->count = $this->notes->getUserNotesCount($user);
|
||||
|
@ -36,6 +38,8 @@ final class NotesPresenter extends OpenVKPresenter
|
|||
$note = $this->notes->getNoteById($owner, $note_id);
|
||||
if(!$note || $note->getOwner()->getId() !== $owner || $note->isDeleted())
|
||||
$this->notFound();
|
||||
if(!$note->getOwner()->getPrivacyPermission('notes.read', $this->user->identity ?? NULL))
|
||||
$this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
|
||||
|
||||
$this->template->cCount = $note->getCommentsCount();
|
||||
$this->template->cPage = (int) ($this->queryParam("p") ?? 1);
|
||||
|
|
|
@ -29,6 +29,8 @@ final class PhotosPresenter extends OpenVKPresenter
|
|||
if($owner > 0) {
|
||||
$user = $this->users->get($owner);
|
||||
if(!$user) $this->notFound();
|
||||
if (!$user->getPrivacyPermission('photos.read', $this->user->identity ?? NULL))
|
||||
$this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
|
||||
$this->template->albums = $this->albums->getUserAlbums($user, $this->queryParam("p") ?? 1);
|
||||
$this->template->count = $this->albums->getUserAlbumsCount($user);
|
||||
$this->template->owner = $user;
|
||||
|
@ -129,6 +131,10 @@ final class PhotosPresenter extends OpenVKPresenter
|
|||
if($album->getPrettyId() !== $owner . "_" . $id || $album->isDeleted())
|
||||
$this->notFound();
|
||||
|
||||
if($owner > 0 /* bc we currently don't have perms for clubs */) $ownerObject = (new Users)->get($owner);
|
||||
if(!$ownerObject->getPrivacyPermission('photos.read', $this->user->identity ?? NULL))
|
||||
$this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
|
||||
|
||||
$this->template->album = $album;
|
||||
$this->template->photos = iterator_to_array( $album->getPhotos( (int) ($this->queryParam("p") ?? 1) ) );
|
||||
$this->template->paginatorConf = (object) [
|
||||
|
|
|
@ -54,6 +54,8 @@ final class UserPresenter extends OpenVKPresenter
|
|||
$page = abs($this->queryParam("p") ?? 1);
|
||||
if(!$user)
|
||||
$this->notFound();
|
||||
elseif (!$user->getPrivacyPermission('friends.read', $this->user->identity ?? NULL))
|
||||
$this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
|
||||
else
|
||||
$this->template->user = $user;
|
||||
|
||||
|
@ -78,9 +80,11 @@ final class UserPresenter extends OpenVKPresenter
|
|||
$this->assertUserLoggedIn();
|
||||
|
||||
$user = $this->users->get($id);
|
||||
if(!$user) {
|
||||
if(!$user)
|
||||
$this->notFound();
|
||||
} else {
|
||||
elseif (!$user->getPrivacyPermission('groups.read', $this->user->identity ?? NULL))
|
||||
$this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
|
||||
else {
|
||||
$this->template->user = $user;
|
||||
$this->template->page = $this->queryParam("p") ?? 1;
|
||||
$this->template->admin = $this->queryParam("act") == "managed";
|
||||
|
|
|
@ -22,6 +22,8 @@ final class VideosPresenter extends OpenVKPresenter
|
|||
{
|
||||
$user = $this->users->get($id);
|
||||
if(!$user) $this->notFound();
|
||||
if(!$user->getPrivacyPermission('videos.read', $this->user->identity ?? NULL))
|
||||
$this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
|
||||
|
||||
$this->template->user = $user;
|
||||
$this->template->videos = $this->videos->getByUser($user, (int) ($this->queryParam("p") ?? 1));
|
||||
|
@ -38,6 +40,8 @@ final class VideosPresenter extends OpenVKPresenter
|
|||
{
|
||||
$user = $this->users->get($owner);
|
||||
if(!$user) $this->notFound();
|
||||
if(!$user->getPrivacyPermission('videos.read', $this->user->identity ?? NULL))
|
||||
$this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
|
||||
|
||||
if($this->videos->getByOwnerAndVID($owner, $vId)->isDeleted()) $this->notFound();
|
||||
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
{block title}{$user->getCanonicalName()}{/block}
|
||||
|
||||
{block headIncludes}
|
||||
{if $user->getPrivacyPermission('page.read', $thisUser ?? NULL)}
|
||||
<!-- openGraph -->
|
||||
<meta property="og:title" content="{$user->getCanonicalName()}" />
|
||||
<meta property="og:url" content="http://{$_SERVER['HTTP_HOST']}{$user->getURL()}" />
|
||||
|
@ -22,6 +23,9 @@
|
|||
"url": {('http://') . $_SERVER['HTTP_HOST'] . $user->getURL()}
|
||||
}
|
||||
</script>
|
||||
{else}
|
||||
<meta name="robots" content="noindex, noarchive">
|
||||
{/if}
|
||||
{/block}
|
||||
|
||||
{block header}
|
||||
|
|
Loading…
Reference in a new issue