diff --git a/VKAPI/Handlers/Polls.php b/VKAPI/Handlers/Polls.php index 299d35e8..c84f8283 100755 --- a/VKAPI/Handlers/Polls.php +++ b/VKAPI/Handlers/Polls.php @@ -114,6 +114,9 @@ final class Polls extends VKAPIRequestHandler if(!$poll) $this->fail(251, "Invalid poll"); + if($poll->isAnonymous()) + $this->fail(251, "Access denied: poll is anonymous."); + $voters = array_slice($poll->getVoters($answer_ids, 1, $offset + $count), $offset); $res = (object)[ "answer_id" => $answer_ids, diff --git a/VKAPI/Handlers/Wall.php b/VKAPI/Handlers/Wall.php index ee23cfef..ca65e961 100644 --- a/VKAPI/Handlers/Wall.php +++ b/VKAPI/Handlers/Wall.php @@ -120,7 +120,7 @@ final class Wall extends VKAPIRequestHandler "post_type" => "post", "text" => $post->getText(false), "copy_history" => $repost, - "can_edit" => $post->getOwner(false)->getId() == $this->getUser()->getId(), + "can_edit" => $post->canBeEditedBy($this->getUser()), "can_delete" => $post->canBeDeletedBy($this->getUser()), "can_pin" => $post->canBePinnedBy($this->getUser()), "can_archive" => false, # TODO MAYBE @@ -295,7 +295,7 @@ final class Wall extends VKAPIRequestHandler "post_type" => "post", "text" => $post->getText(false), "copy_history" => $repost, - "can_edit" => $post->getOwner(false)->getId() == $this->getUser()->getId(), + "can_edit" => $post->canBeEditedBy($this->getUser()), "can_delete" => $post->canBeDeletedBy($user), "can_pin" => $post->canBePinnedBy($user), "can_archive" => false, # TODO MAYBE @@ -805,7 +805,7 @@ final class Wall extends VKAPIRequestHandler if(empty($message) && empty($attachments)) $this->fail(100, "Required parameter 'message' missing."); - if($post->getOwner(false)->getId() != $this->getUser()->getId()) + if(!$post->canBeEditedBy($this->getUser())) $this->fail(7, "Access to editing denied"); if(!empty($message)) @@ -814,6 +814,7 @@ final class Wall extends VKAPIRequestHandler $post->setEdited(time()); $post->save(true); + # todo добавить такое в веб версию if(!empty($attachments)) { $attachs = parseAttachments($attachments); $newAttachmentsCount = sizeof($attachs); @@ -849,8 +850,8 @@ final class Wall extends VKAPIRequestHandler if(!$comment || $comment->isDeleted()) $this->fail(102, "Invalid comment"); - if($comment->getOwner()->getId() != $this->getUser()->getId()) - $this->fail(15, "Access to comment denied"); + if(!$comment->canBeEditedBy($this->getUser())) + $this->fail(15, "Access to editing comment denied"); if(!empty($message)) $comment->setContent($message); diff --git a/Web/Models/Entities/Comment.php b/Web/Models/Entities/Comment.php index 229716de..fdfb6b8c 100644 --- a/Web/Models/Entities/Comment.php +++ b/Web/Models/Entities/Comment.php @@ -103,4 +103,12 @@ class Comment extends Post return $res; } + + function canBeEditedBy(?User $user = NULL): bool + { + if(!$user) + return false; + + return $user->getId() == $this->getOwner(false)->getId(); + } } diff --git a/Web/Models/Entities/Post.php b/Web/Models/Entities/Post.php index fd6b7346..38a9f850 100644 --- a/Web/Models/Entities/Post.php +++ b/Web/Models/Entities/Post.php @@ -262,6 +262,20 @@ class Post extends Postable return $res; } + + function canBeEditedBy(?User $user = NULL): bool + { + if(!$user) + return false; + + if($this->isDeactivationMessage() || $this->isUpdateAvatarMessage()) + return false; + + if($this->getTargetWall() > 0) + return $this->getPublicationTime()->timestamp() + WEEK > time() && $user->getId() == $this->getOwner(false)->getId(); + + return $user->getId() == $this->getOwner(false)->getId(); + } use Traits\TRichText; }