We are no longer offering accounts on this server. Consider https://gitlab.freedesktop.org/ as a place to host projects.

Commit aef4cc0a authored by Zach Copley's avatar Zach Copley

Make it impossible to block (and thus unsubscribe from your

self-subscription) via the API.  Additionally, make it impossible
to block yourself or unsubscribe from yourself, period.

I also made User use the subs.php helper function for unsubscribing
during a block.

Hopefully, these changes will get rid of the problem of people
accidentally deleting their self-subscriptions once and for all
(knock on wood).
parent c89b10ff
...@@ -98,6 +98,17 @@ class ApiBlockCreateAction extends ApiAuthAction ...@@ -98,6 +98,17 @@ class ApiBlockCreateAction extends ApiAuthAction
return; return;
} }
// Don't allow blocking yourself!
if ($this->user->id == $this->other->id) {
$this->clientError(
_("You cannot block yourself!"),
403,
$this->format
);
return;
}
if ($this->user->hasBlocked($this->other) if ($this->user->hasBlocked($this->other)
|| $this->user->block($this->other) || $this->user->block($this->other)
) { ) {
......
...@@ -502,6 +502,19 @@ class User extends Memcached_DataObject ...@@ -502,6 +502,19 @@ class User extends Memcached_DataObject
{ {
// Add a new block record // Add a new block record
// no blocking (and thus unsubbing from) yourself
if ($this->id == $other->id) {
common_log(LOG_WARNING,
sprintf(
"Profile ID %d (%s) tried to block his or herself.",
$profile->id,
$profile->nickname
)
);
return false;
}
$block = new Profile_block(); $block = new Profile_block();
// Begin a transaction // Begin a transaction
...@@ -520,15 +533,20 @@ class User extends Memcached_DataObject ...@@ -520,15 +533,20 @@ class User extends Memcached_DataObject
// Cancel their subscription, if it exists // Cancel their subscription, if it exists
$sub = Subscription::pkeyGet(array('subscriber' => $other->id, $result = subs_unsubscribe_to($this, $other);
'subscribed' => $this->id));
if ($result !== true) {
if ($sub) { common_log(LOG_WARNING,
$result = $sub->delete(); sprintf(
if (!$result) { "Error trying to unsubscribe profile ID %d (%s) from user ID %d (%s): %s",
common_log_db_error($sub, 'DELETE', __FILE__); $other->id,
return false; $other->nickname,
} $this->id,
$this->nickname,
$result
)
);
return false;
} }
$block->query('COMMIT'); $block->query('COMMIT');
......
...@@ -127,6 +127,12 @@ function subs_unsubscribe_to($user, $other) ...@@ -127,6 +127,12 @@ function subs_unsubscribe_to($user, $other)
if (!$user->isSubscribed($other)) if (!$user->isSubscribed($other))
return _('Not subscribed!'); return _('Not subscribed!');
// Don't allow deleting self subs
if ($user->id == $other->id) {
return _('Couldn\'t delete self-subscription.');
}
$sub = DB_DataObject::factory('subscription'); $sub = DB_DataObject::factory('subscription');
$sub->subscriber = $user->id; $sub->subscriber = $user->id;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment