We are no longer offering accounts on this server. Consider https://gitlab.freedesktop.org/ as a place to host projects.

Commit aef4cc0a authored by Zach Copley's avatar Zach Copley

Make it impossible to block (and thus unsubscribe from your

self-subscription) via the API.  Additionally, make it impossible
to block yourself or unsubscribe from yourself, period.

I also made User use the subs.php helper function for unsubscribing
during a block.

Hopefully, these changes will get rid of the problem of people
accidentally deleting their self-subscriptions once and for all
(knock on wood).
parent c89b10ff
......@@ -98,6 +98,17 @@ class ApiBlockCreateAction extends ApiAuthAction
return;
}
// Don't allow blocking yourself!
if ($this->user->id == $this->other->id) {
$this->clientError(
_("You cannot block yourself!"),
403,
$this->format
);
return;
}
if ($this->user->hasBlocked($this->other)
|| $this->user->block($this->other)
) {
......
......@@ -502,6 +502,19 @@ class User extends Memcached_DataObject
{
// Add a new block record
// no blocking (and thus unsubbing from) yourself
if ($this->id == $other->id) {
common_log(LOG_WARNING,
sprintf(
"Profile ID %d (%s) tried to block his or herself.",
$profile->id,
$profile->nickname
)
);
return false;
}
$block = new Profile_block();
// Begin a transaction
......@@ -520,15 +533,20 @@ class User extends Memcached_DataObject
// Cancel their subscription, if it exists
$sub = Subscription::pkeyGet(array('subscriber' => $other->id,
'subscribed' => $this->id));
if ($sub) {
$result = $sub->delete();
if (!$result) {
common_log_db_error($sub, 'DELETE', __FILE__);
return false;
}
$result = subs_unsubscribe_to($this, $other);
if ($result !== true) {
common_log(LOG_WARNING,
sprintf(
"Error trying to unsubscribe profile ID %d (%s) from user ID %d (%s): %s",
$other->id,
$other->nickname,
$this->id,
$this->nickname,
$result
)
);
return false;
}
$block->query('COMMIT');
......
......@@ -127,6 +127,12 @@ function subs_unsubscribe_to($user, $other)
if (!$user->isSubscribed($other))
return _('Not subscribed!');
// Don't allow deleting self subs
if ($user->id == $other->id) {
return _('Couldn\'t delete self-subscription.');
}
$sub = DB_DataObject::factory('subscription');
$sub->subscriber = $user->id;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment