Lanmikeman/openvk
Lanmikeman/openvk
1
1
Fork 0
mirror of https://github.com/openvk/openvk synced 2025-04-21 07:33:05 +03:00
Code Issues Projects Releases Packages Wiki Activity

&

Browse source
This commit is contained in:
lalka2018 2023-11-19 13:56:53 +03:00
parent 8a8b44e869
commit fea4ce0498
14 changed files with 132 additions and 101 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
VKAPI/Handlers/Friends.php
View file

@ -14,25 +14,22 @@ final class Friends extends VKAPIRequestHandler
$this->requireUser(); $this->requireUser();
if ($user_id == 0) { if ($user_id == 0) {
$user_id = $this->getUser()->getId(); $user_id = $this->getUser()->getId();
} }
$user = $users->get($user_id); $user = $users->get($user_id);
if(!$user || $user->isDeleted())
$this->fail(100, "Invalid user");
if(!$user->getPrivacyPermission("friends.read", $this->getUser()))
$this->fail(15, "Access denied: this user chose to hide his friends.");
if(!$user->canBeViewedBy($this->getUser()))
$this->fail(15, "Access denied");
foreach($user->getFriends($offset, $count) as $friend) { if(!$user || $user->isDeleted())
$friends[$i] = $friend->getId(); $this->fail(100, "Invalid user");
$i++;
} if(!$user->getPrivacyPermission("friends.read", $this->getUser()))
$this->fail(15, "Access denied: this user chose to hide his friends.");
foreach($user->getFriends($offset, $count) as $friend) {
$friends[$i] = $friend->getId();
$i++;
}
$response = $friends; $response = $friends;

52
VKAPI/Handlers/Groups.php
View file

@ -19,14 +19,11 @@ final class Groups extends VKAPIRequestHandler
$users = new UsersRepo; $users = new UsersRepo;
$user = $users->get($user_id); $user = $users->get($user_id);
if(is_null($user) || $user->isDeleted()) if(is_null($user) || $user->isDeleted())
$this->fail(15, "Access denied"); $this->fail(15, "Access denied");
if(!$user->canBeViewedBy($this->getUser()))
$this->fail(15, "Access denied");
if(!$user->getPrivacyPermission('groups.read', $this->getUser())) if(!$user->getPrivacyPermission('groups.read', $this->getUser()))
$this->fail(15, "Access denied: this user chose to hide his groups."); $this->fail(15, "Access denied: this user chose to hide his groups.");
foreach($user->getClubs($offset, $filter == "admin", $count, true) as $club) foreach($user->getClubs($offset, $filter == "admin", $count, true) as $club)
$clbs[] = $club; $clbs[] = $club;
@ -406,9 +403,15 @@ final class Groups extends VKAPIRequestHandler
]; ];
foreach($filds as $fild) { foreach($filds as $fild) {
$canView = $member->canBeViewedBy($this->getUser());
switch($fild) { switch($fild) {
case "bdate": case "bdate":
$arr->items[$i]->bdate = $member->getBirthday()->format('%e.%m.%Y'); if(!$canView) {
$arr->items[$i]->bdate = "01.01.1970";
break;
}
$arr->items[$i]->bdate = $member->getBirthday() ? $member->getBirthday()->format('%e.%m.%Y') : NULL;
break; break;
case "can_post": case "can_post":
$arr->items[$i]->can_post = $club->canBeModifiedBy($member); $arr->items[$i]->can_post = $club->canBeModifiedBy($member);
@ -429,6 +432,11 @@ final class Groups extends VKAPIRequestHandler
$arr->items[$i]->connections = 1; $arr->items[$i]->connections = 1;
break; break;
case "contacts": case "contacts":
if(!$canView) {
$arr->items[$i]->contacts = "secret@gmail.com";
break;
}
$arr->items[$i]->contacts = $member->getContactEmail(); $arr->items[$i]->contacts = $member->getContactEmail();
break; break;
case "country": case "country":
@ -444,15 +452,30 @@ final class Groups extends VKAPIRequestHandler
$arr->items[$i]->has_mobile = false; $arr->items[$i]->has_mobile = false;
break; break;
case "last_seen": case "last_seen":
if(!$canView) {
$arr->items[$i]->last_seen = 0;
break;
}
$arr->items[$i]->last_seen = $member->getOnline()->timestamp(); $arr->items[$i]->last_seen = $member->getOnline()->timestamp();
break; break;
case "lists": case "lists":
$arr->items[$i]->lists = ""; $arr->items[$i]->lists = "";
break; break;
case "online": case "online":
if(!$canView) {
$arr->items[$i]->online = false;
break;
}
$arr->items[$i]->online = $member->isOnline(); $arr->items[$i]->online = $member->isOnline();
break; break;
case "online_mobile": case "online_mobile":
if(!$canView) {
$arr->items[$i]->online_mobile = false;
break;
}
$arr->items[$i]->online_mobile = $member->getOnlinePlatform() == "android" || $member->getOnlinePlatform() == "iphone" || $member->getOnlinePlatform() == "mobile"; $arr->items[$i]->online_mobile = $member->getOnlinePlatform() == "android" || $member->getOnlinePlatform() == "iphone" || $member->getOnlinePlatform() == "mobile";
break; break;
case "photo_100": case "photo_100":
@ -483,12 +506,27 @@ final class Groups extends VKAPIRequestHandler
$arr->items[$i]->schools = 0; $arr->items[$i]->schools = 0;
break; break;
case "sex": case "sex":
if(!$canView) {
$arr->items[$i]->sex = -1;
break;
}
$arr->items[$i]->sex = $member->isFemale() ? 1 : 2; $arr->items[$i]->sex = $member->isFemale() ? 1 : 2;
break; break;
case "site": case "site":
if(!$canView) {
$arr->items[$i]->site = NULL;
break;
}
$arr->items[$i]->site = $member->getWebsite(); $arr->items[$i]->site = $member->getWebsite();
break; break;
case "status": case "status":
if(!$canView) {
$arr->items[$i]->status = "r";
break;
}
$arr->items[$i]->status = $member->getStatus(); $arr->items[$i]->status = $member->getStatus();
break; break;
case "universities": case "universities":

9
VKAPI/Handlers/Likes.php
View file

@ -44,7 +44,7 @@ final class Likes extends VKAPIRequestHandler
if(is_null($postable) || $postable->isDeleted()) if(is_null($postable) || $postable->isDeleted())
$this->fail(100, "One of the parameters specified was missing or invalid: object not found"); $this->fail(100, "One of the parameters specified was missing or invalid: object not found");
if(method_exists($postable, "canBeViewedBy") && !$postable->canBeViewedBy($this->getUser() ?? NULL)) { if(!$postable->canBeViewedBy($this->getUser() ?? NULL)) {
$this->fail(2, "Access to postable denied"); $this->fail(2, "Access to postable denied");
} }
@ -89,7 +89,7 @@ final class Likes extends VKAPIRequestHandler
if(is_null($postable) || $postable->isDeleted()) if(is_null($postable) || $postable->isDeleted())
$this->fail(100, "One of the parameters specified was missing or invalid: object not found"); $this->fail(100, "One of the parameters specified was missing or invalid: object not found");
if(method_exists($postable, "canBeViewedBy") && !$postable->canBeViewedBy($this->getUser() ?? NULL)) { if(!$postable->canBeViewedBy($this->getUser() ?? NULL)) {
$this->fail(2, "Access to postable denied"); $this->fail(2, "Access to postable denied");
} }
@ -111,7 +111,7 @@ final class Likes extends VKAPIRequestHandler
if(is_null($user) || $user->isDeleted()) if(is_null($user) || $user->isDeleted())
$this->fail(100, "One of the parameters specified was missing or invalid: user not found"); $this->fail(100, "One of the parameters specified was missing or invalid: user not found");
if(method_exists($user, "canBeViewedBy") && !$user->canBeViewedBy($this->getUser())) { if(!$user->canBeViewedBy($this->getUser())) {
$this->fail(1984, "Access denied: you can't see this user"); $this->fail(1984, "Access denied: you can't see this user");
} }
@ -181,6 +181,9 @@ final class Likes extends VKAPIRequestHandler
if(!$object || $object->isDeleted()) if(!$object || $object->isDeleted())
$this->fail(56, "Invalid postable"); $this->fail(56, "Invalid postable");
if(!$object->canBeViewedBy($this->getUser()))
$this->fail(665, "Access to postable denied");
$res = (object)[ $res = (object)[
"count" => $object->getLikesCount(), "count" => $object->getLikesCount(),
"items" => [] "items" => []

61
VKAPI/Handlers/Photos.php
View file

@ -307,9 +307,6 @@ final class Photos extends VKAPIRequestHandler
if(!$user->getPrivacyPermission('photos.read', $this->getUser())) if(!$user->getPrivacyPermission('photos.read', $this->getUser()))
$this->fail(21, "This user chose to hide his albums."); $this->fail(21, "This user chose to hide his albums.");
if(!$user->canBeViewedBy($this->getUser()))
$this->fail(15, "Access denied");
$albums = array_slice(iterator_to_array((new Albums)->getUserAlbums($user, 1, $count + $offset)), $offset); $albums = array_slice(iterator_to_array((new Albums)->getUserAlbums($user, 1, $count + $offset)), $offset);
foreach($albums as $album) { foreach($albums as $album) {
@ -365,9 +362,8 @@ final class Photos extends VKAPIRequestHandler
$this->requireUser(); $this->requireUser();
$this->willExecuteWriteAction(); $this->willExecuteWriteAction();
if($user_id == 0 && $group_id == 0 || $user_id > 0 && $group_id > 0) { if($user_id == 0 && $group_id == 0 || $user_id > 0 && $group_id > 0)
$this->fail(21, "Select user_id or group_id"); $this->fail(21, "Select user_id or group_id");
}
if($user_id > 0) { if($user_id > 0) {
$us = (new UsersRepo)->get($user_id); $us = (new UsersRepo)->get($user_id);
@ -376,15 +372,11 @@ final class Photos extends VKAPIRequestHandler
if(!$us->getPrivacyPermission('photos.read', $this->getUser())) if(!$us->getPrivacyPermission('photos.read', $this->getUser()))
$this->fail(21, "This user chose to hide his albums."); $this->fail(21, "This user chose to hide his albums.");
if(!$us->canBeViewedBy($this->getUser()))
$this->fail(15, "Access dennieeeddd");
return (new Albums)->getUserAlbumsCount($us); return (new Albums)->getUserAlbumsCount($us);
} }
if($group_id > 0) if($group_id > 0) {
{
$cl = (new Clubs)->get($group_id); $cl = (new Clubs)->get($group_id);
if(!$cl) { if(!$cl) {
$this->fail(21, "Invalid club"); $this->fail(21, "Invalid club");
@ -409,14 +401,8 @@ final class Photos extends VKAPIRequestHandler
if(!$photo || $photo->isDeleted()) if(!$photo || $photo->isDeleted())
$this->fail(21, "Invalid photo"); $this->fail(21, "Invalid photo");
if($photo->getOwner()->isDeleted())
$this->fail(21, "Owner of this photo is deleted");
if(!$photo->getOwner()->getPrivacyPermission('photos.read', $this->getUser()))
$this->fail(21, "This user chose to hide his photos.");
if(!$photo->canBeViewedBy($this->getUser())) if(!$photo->canBeViewedBy($this->getUser()))
$this->fail(15, "Access denied..."); $this->fail(15, "Access denied");
$res[] = $photo->toVkApiStruct($photo_sizes, $extended); $res[] = $photo->toVkApiStruct($photo_sizes, $extended);
} }
@ -523,7 +509,7 @@ final class Photos extends VKAPIRequestHandler
$this->fail(21, "Invalid photo"); $this->fail(21, "Invalid photo");
if($photo->isDeleted()) if($photo->isDeleted())
$this->fail(21, "Photo already deleted"); $this->fail(21, "Photo is already deleted");
$photo->delete(); $photo->delete();
} else { } else {
@ -535,17 +521,14 @@ final class Photos extends VKAPIRequestHandler
$phot = (new PhotosRepo)->getByOwnerAndVID((int)$id[0], (int)$id[1]); $phot = (new PhotosRepo)->getByOwnerAndVID((int)$id[0], (int)$id[1]);
if($this->getUser()->getId() !== $phot->getOwner()->getId()) { if($this->getUser()->getId() !== $phot->getOwner()->getId())
$this->fail(21, "You can't delete another's photo"); $this->fail(21, "You can't delete another's photo");
}
if(!$phot) { if(!$phot)
$this->fail(21, "Invalid photo"); $this->fail(21, "Invalid photo");
}
if($phot->isDeleted()) { if($phot->isDeleted())
$this->fail(21, "Photo already deleted"); $this->fail(21, "Photo already deleted");
}
$phot->delete(); $phot->delete();
} }
@ -565,17 +548,11 @@ final class Photos extends VKAPIRequestHandler
$this->willExecuteWriteAction(); $this->willExecuteWriteAction();
$comment = (new CommentsRepo)->get($comment_id); $comment = (new CommentsRepo)->get($comment_id);
if(!$comment) { if(!$comment)
$this->fail(21, "Invalid comment"); $this->fail(21, "Invalid comment");
}
if(!$comment->canBeModifiedBy($this->getUser())) { if(!$comment->canBeModifiedBy($this->getUser()))
$this->fail(21, "Forbidden"); $this->fail(21, "Access denied");
}
if($comment->isDeleted()) {
$this->fail(4, "Comment already deleted");
}
$comment->delete(); $comment->delete();
@ -592,14 +569,11 @@ final class Photos extends VKAPIRequestHandler
$photo = (new PhotosRepo)->getByOwnerAndVID($owner_id, $photo_id); $photo = (new PhotosRepo)->getByOwnerAndVID($owner_id, $photo_id);
if(!$photo) if(!$photo || $photo->isDeleted())
$this->fail(180, "Photo not found"); $this->fail(180, "Invalid photo");
if($photo->isDeleted())
$this->fail(189, "Photo is deleted");
if(!$photo->canBeViewedBy($this->getUser())) if(!$photo->canBeViewedBy($this->getUser()))
$this->fail(15, "Access to photo denied."); $this->fail(15, "Access to photo denied");
$comment = new Comment; $comment = new Comment;
$comment->setOwner($this->getUser()->getId()); $comment->setOwner($this->getUser()->getId());
@ -671,11 +645,10 @@ final class Photos extends VKAPIRequestHandler
if(!$user->getPrivacyPermission('photos.read', $this->getUser())) if(!$user->getPrivacyPermission('photos.read', $this->getUser()))
$this->fail(21, "This user chose to hide his albums."); $this->fail(21, "This user chose to hide his albums.");
if(!$user->canBeViewedBy($this->getUser()))
$this->fail(15, "Access denied");
$photos = array_slice(iterator_to_array((new PhotosRepo)->getEveryUserPhoto($user, 1, $count + $offset)), $offset); $photos = array_slice(iterator_to_array((new PhotosRepo)->getEveryUserPhoto($user, 1, $count + $offset)), $offset);
$res = []; $res = [
"items" => [],
];
foreach($photos as $photo) { foreach($photos as $photo) {
if(!$photo || $photo->isDeleted()) continue; if(!$photo || $photo->isDeleted()) continue;
@ -715,4 +688,4 @@ final class Photos extends VKAPIRequestHandler
return $res; return $res;
} }
} }

4
VKAPI/Handlers/Status.php
View file

@ -16,6 +16,10 @@ final class Status extends VKAPIRequestHandler
$this->fail(501, "Group statuses are not implemented"); $this->fail(501, "Group statuses are not implemented");
else { else {
$user = (new UsersRepo)->get($user_id); $user = (new UsersRepo)->get($user_id);
if(!$user || $user->isDeleted() || !$user->canBeViewedBy($this->getUser()))
$this->fail(15, "Invalid user");
$audioStatus = $user->getCurrentAudioStatus(); $audioStatus = $user->getCurrentAudioStatus();
if($audioStatus) { if($audioStatus) {
return [ return [

49
VKAPI/Handlers/Users.php
View file

@ -54,8 +54,8 @@ final class Users extends VKAPIRequestHandler
]; ];
$flds = explode(',', $fields); $flds = explode(',', $fields);
$canView = $usr->canBeViewedBy($this->getUser());
foreach($flds as $field) { foreach($flds as $field) {
switch($field) { switch($field) {
case "verified": case "verified":
$response[$i]->verified = intval($usr->isVerified()); $response[$i]->verified = intval($usr->isVerified());
@ -149,7 +149,7 @@ final class Users extends VKAPIRequestHandler
]; ];
} }
case "music": case "music":
if(!$usr->canBeViewedBy($this->getUser())) { if(!$canView) {
$response[$i]->music = "secret"; $response[$i]->music = "secret";
break; break;
} }
@ -157,7 +157,7 @@ final class Users extends VKAPIRequestHandler
$response[$i]->music = $usr->getFavoriteMusic(); $response[$i]->music = $usr->getFavoriteMusic();
break; break;
case "movies": case "movies":
if(!$usr->canBeViewedBy($this->getUser())) { if(!$canView) {
$response[$i]->movies = "secret"; $response[$i]->movies = "secret";
break; break;
} }
@ -165,7 +165,7 @@ final class Users extends VKAPIRequestHandler
$response[$i]->movies = $usr->getFavoriteFilms(); $response[$i]->movies = $usr->getFavoriteFilms();
break; break;
case "tv": case "tv":
if(!$usr->canBeViewedBy($this->getUser())) { if(!$canView) {
$response[$i]->tv = "secret"; $response[$i]->tv = "secret";
break; break;
} }
@ -173,7 +173,7 @@ final class Users extends VKAPIRequestHandler
$response[$i]->tv = $usr->getFavoriteShows(); $response[$i]->tv = $usr->getFavoriteShows();
break; break;
case "books": case "books":
if(!$usr->canBeViewedBy($this->getUser())) { if(!$canView) {
$response[$i]->books = "secret"; $response[$i]->books = "secret";
break; break;
} }
@ -181,7 +181,7 @@ final class Users extends VKAPIRequestHandler
$response[$i]->books = $usr->getFavoriteBooks(); $response[$i]->books = $usr->getFavoriteBooks();
break; break;
case "city": case "city":
if(!$usr->canBeViewedBy($this->getUser())) { if(!$canView) {
$response[$i]->city = "Воскресенск"; $response[$i]->city = "Воскресенск";
break; break;
} }
@ -189,7 +189,7 @@ final class Users extends VKAPIRequestHandler
$response[$i]->city = $usr->getCity(); $response[$i]->city = $usr->getCity();
break; break;
case "interests": case "interests":
if(!$usr->canBeViewedBy($this->getUser())) { if(!$canView) {
$response[$i]->interests = "secret"; $response[$i]->interests = "secret";
break; break;
} }
@ -197,18 +197,43 @@ final class Users extends VKAPIRequestHandler
$response[$i]->interests = $usr->getInterests(); $response[$i]->interests = $usr->getInterests();
break; break;
case "quotes": case "quotes":
$response[$i]->interests = $usr->getFavoriteQuote(); if(!$canView) {
$response[$i]->quotes = "secret";
break;
}
$response[$i]->quotes = $usr->getFavoriteQuote();
break; break;
case "email": case "email":
$response[$i]->interests = $usr->getEmail(); if(!$canView) {
$response[$i]->email = "secret@gmail.com";
break;
}
$response[$i]->email = $usr->getContactEmail();
break; break;
case "telegram": case "telegram":
$response[$i]->interests = $usr->getTelegram(); if(!$canView) {
$response[$i]->telegram = "@secret";
break;
}
$response[$i]->telegram = $usr->getTelegram();
break; break;
case "about": case "about":
$response[$i]->interests = $usr->getDescription(); if(!$canView) {
$response[$i]->about = "secret";
break;
}
$response[$i]->about = $usr->getDescription();
break; break;
case "rating": case "rating":
if(!$canView) {
$response[$i]->rating = 22;
break;
}
$response[$i]->rating = $usr->getRating(); $response[$i]->rating = $usr->getRating();
break; break;
} }

9
VKAPI/Handlers/Video.php
View file

@ -36,23 +36,16 @@ final class Video extends VKAPIRequestHandler
]; ];
} else { } else {
if ($owner_id > 0) if ($owner_id > 0)
$user = (new UsersRepo)->get($owner_id); $user = (new UsersRepo)->get($owner_id);
else else
$this->fail(1, "Not implemented"); $this->fail(1, "Not implemented");
if(!$user->getPrivacyPermission('videos.read', $this->getUser())) {
$this->fail(20, "Access denied: this user chose to hide his videos");
}
if(!$user || $user->isDeleted()) if(!$user || $user->isDeleted())
$this->fail(14, "Invalid user"); $this->fail(14, "Invalid user");
if(!$user->getPrivacyPermission('videos.read', $this->getUser())) if(!$user->getPrivacyPermission('videos.read', $this->getUser()))
$this->fail(21, "This user chose to hide his videos."); $this->fail(21, "This user chose to hide his videos.");
if(!$user->canBeViewedBy($this->getUser()))
$this->fail(15, "Access denied");
$videos = (new VideosRepo)->getByUser($user, $offset + 1, $count); $videos = (new VideosRepo)->getByUser($user, $offset + 1, $count);
$videosCount = (new VideosRepo)->getUserVideosCount($user); $videosCount = (new VideosRepo)->getUserVideosCount($user);

3
Web/Models/Entities/User.php
View file

@ -508,6 +508,9 @@ class User extends RowModel
else if($user->getId() === $this->getId()) else if($user->getId() === $this->getId())
return true; return true;
if($permission != "messages.write" && !$this->canBeViewedBy($user))
return false;
switch($permStatus) { switch($permStatus) {
case User::PRIVACY_ONLY_FRIENDS: case User::PRIVACY_ONLY_FRIENDS:
return $this->getSubscriptionStatus($user) === User::SUBSCRIPTION_MUTUAL; return $this->getSubscriptionStatus($user) === User::SUBSCRIPTION_MUTUAL;

2
Web/Presenters/NotesPresenter.php
View file

@ -19,7 +19,7 @@ final class NotesPresenter extends OpenVKPresenter
{ {
$user = (new Users)->get($owner); $user = (new Users)->get($owner);
if(!$user) $this->notFound(); if(!$user) $this->notFound();
if(!$user->getPrivacyPermission('notes.read', $this->user->identity ?? NULL) || !$user->canBeViewedBy($this->user->identity)) if(!$user->getPrivacyPermission('notes.read', $this->user->identity ?? NULL))
$this->flashFail("err", tr("forbidden"), tr("forbidden_comment")); $this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
$this->template->notes = $this->notes->getUserNotes($user, (int)($this->queryParam("p") ?? 1)); $this->template->notes = $this->notes->getUserNotes($user, (int)($this->queryParam("p") ?? 1));

2
Web/Presenters/PhotosPresenter.php
View file

@ -25,7 +25,7 @@ final class PhotosPresenter extends OpenVKPresenter
if($owner > 0) { if($owner > 0) {
$user = $this->users->get($owner); $user = $this->users->get($owner);
if(!$user) $this->notFound(); if(!$user) $this->notFound();
if (!$user->getPrivacyPermission('photos.read', $this->user->identity ?? NULL) || !$user->canBeViewedBy($this->user->identity)) if (!$user->getPrivacyPermission('photos.read', $this->user->identity ?? NULL))
$this->flashFail("err", tr("forbidden"), tr("forbidden_comment")); $this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
$this->template->albums = $this->albums->getUserAlbums($user, (int)($this->queryParam("p") ?? 1)); $this->template->albums = $this->albums->getUserAlbums($user, (int)($this->queryParam("p") ?? 1));
$this->template->count = $this->albums->getUserAlbumsCount($user); $this->template->count = $this->albums->getUserAlbumsCount($user);

4
Web/Presenters/UserPresenter.php
View file

@ -65,7 +65,7 @@ final class UserPresenter extends OpenVKPresenter
$page = abs((int)($this->queryParam("p") ?? 1)); $page = abs((int)($this->queryParam("p") ?? 1));
if(!$user) if(!$user)
$this->notFound(); $this->notFound();
elseif (!$user->getPrivacyPermission('friends.read', $this->user->identity ?? NULL) || !$user->canBeViewedBy($this->user->identity)) elseif (!$user->getPrivacyPermission('friends.read', $this->user->identity ?? NULL))
$this->flashFail("err", tr("forbidden"), tr("forbidden_comment")); $this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
else else
$this->template->user = $user; $this->template->user = $user;
@ -93,7 +93,7 @@ final class UserPresenter extends OpenVKPresenter
$user = $this->users->get($id); $user = $this->users->get($id);
if(!$user) if(!$user)
$this->notFound(); $this->notFound();
elseif (!$user->getPrivacyPermission('groups.read', $this->user->identity ?? NULL) || !$user->canBeViewedBy($this->user->identity)) elseif (!$user->getPrivacyPermission('groups.read', $this->user->identity ?? NULL))
$this->flashFail("err", tr("forbidden"), tr("forbidden_comment")); $this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
else { else {
if($this->queryParam("act") === "managed" && $this->user->id !== $user->getId()) if($this->queryParam("act") === "managed" && $this->user->id !== $user->getId())

4
Web/Presenters/VideosPresenter.php
View file

@ -22,7 +22,7 @@ final class VideosPresenter extends OpenVKPresenter
{ {
$user = $this->users->get($id); $user = $this->users->get($id);
if(!$user) $this->notFound(); if(!$user) $this->notFound();
if(!$user->getPrivacyPermission('videos.read', $this->user->identity ?? NULL) || !$user->canBeViewedBy($this->user->identity)) if(!$user->getPrivacyPermission('videos.read', $this->user->identity ?? NULL))
$this->flashFail("err", tr("forbidden"), tr("forbidden_comment")); $this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
$this->template->user = $user; $this->template->user = $user;
@ -43,7 +43,7 @@ final class VideosPresenter extends OpenVKPresenter
if(!$user) $this->notFound(); if(!$user) $this->notFound();
if(!$video || $video->isDeleted()) $this->notFound(); if(!$video || $video->isDeleted()) $this->notFound();
if(!$user->getPrivacyPermission('videos.read', $this->user->identity ?? NULL) || !$video->canBeViewedBy($this->user->identity)) if(!$user->getPrivacyPermission('videos.read', $this->user->identity ?? NULL))
$this->flashFail("err", tr("forbidden"), tr("forbidden_comment")); $this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
$this->template->user = $user; $this->template->user = $user;

2
Web/Presenters/WallPresenter.php
View file

@ -238,7 +238,7 @@ final class WallPresenter extends OpenVKPresenter
$wallOwner = ($wall > 0 ? (new Users)->get($wall) : (new Clubs)->get($wall * -1)) $wallOwner = ($wall > 0 ? (new Users)->get($wall) : (new Clubs)->get($wall * -1))
?? $this->flashFail("err", tr("failed_to_publish_post"), tr("error_4")); ?? $this->flashFail("err", tr("failed_to_publish_post"), tr("error_4"));
if ($wallOwner->isBanned() || !$wallOwner->canBeViewedBy($this->user->identity)) if ($wallOwner->isBanned())
$this->flashFail("err", tr("error"), tr("forbidden")); $this->flashFail("err", tr("error"), tr("forbidden"));
if($wall > 0) { if($wall > 0) {

5
Web/Presenters/templates/components/attachment.xml
View file

@ -10,7 +10,6 @@
</a> </a>
{/if} {/if}
{elseif $attachment instanceof \openvk\Web\Models\Entities\Video} {elseif $attachment instanceof \openvk\Web\Models\Entities\Video}
{if !$attachment->isDeleted()}
{if $attachment->getType() === 0} {if $attachment->getType() === 0}
<div class="bsdn media" data-name="{$attachment->getName()}" data-author="{$attachment->getOwner()->getCanonicalName()}"> <div class="bsdn media" data-name="{$attachment->getName()}" data-author="{$attachment->getOwner()->getCanonicalName()}">
<video class="media" src="{$attachment->getURL()}"></video> <video class="media" src="{$attachment->getURL()}"></video>
@ -28,10 +27,6 @@
<img src="/assets/packages/static/openvk/img/videoico.png" /> <img src="/assets/packages/static/openvk/img/videoico.png" />
<a href="/video{$attachment->getPrettyId()}" id="videoOpen" data-id="{$attachment->getId()}">{$attachment->getName()}</a> <a href="/video{$attachment->getPrettyId()}" id="videoOpen" data-id="{$attachment->getId()}">{$attachment->getName()}</a>
</div> </div>
{else}
<span style="color:gray;">{_video_is_deleted}</span>
{/if}
{elseif $attachment instanceof \openvk\Web\Models\Entities\Poll} {elseif $attachment instanceof \openvk\Web\Models\Entities\Poll}
{presenter "openvk!Poll->view", $attachment->getId()} {presenter "openvk!Poll->view", $attachment->getId()}
{elseif $attachment instanceof \openvk\Web\Models\Entities\Note} {elseif $attachment instanceof \openvk\Web\Models\Entities\Note}