We are no longer offering accounts on this server. Consider https://gitlab.freedesktop.org/ as a place to host projects.

Commit d3d97974 authored by Brion Vibber's avatar Brion Vibber

Prevent group creation by silenced users.

* adds Right::CREATEGROUP
* logic in Profile::hasRight() checks for silencing
* NewgroupAction checks for the permission before letting you see or process the form in the UI
* User_group::register() logic does a low-level check on the specified initial group admin, and rejects creation if that user doesn't have the right; guaranteeing that API methods etc will also have this restriction applied sensibly.
parent 46123e37
...@@ -66,6 +66,13 @@ class NewgroupAction extends Action ...@@ -66,6 +66,13 @@ class NewgroupAction extends Action
return false; return false;
} }
$user = common_current_user();
$profile = $user->getProfile();
if (!$profile->hasRight(Right::CREATEGROUP)) {
// TRANS: Client exception thrown when a user tries to create a group while banned.
throw new ClientException(_('You are not allowed to create groups on this site.'), 403);
}
return true; return true;
} }
......
...@@ -909,6 +909,7 @@ class Profile extends Memcached_DataObject ...@@ -909,6 +909,7 @@ class Profile extends Memcached_DataObject
case Right::NEWNOTICE: case Right::NEWNOTICE:
case Right::NEWMESSAGE: case Right::NEWMESSAGE:
case Right::SUBSCRIBE: case Right::SUBSCRIBE:
case Right::CREATEGROUP:
$result = !$this->isSilenced(); $result = !$this->isSilenced();
break; break;
case Right::PUBLICNOTICE: case Right::PUBLICNOTICE:
......
...@@ -465,6 +465,16 @@ class User_group extends Memcached_DataObject ...@@ -465,6 +465,16 @@ class User_group extends Memcached_DataObject
} }
static function register($fields) { static function register($fields) {
if (!empty($fields['userid'])) {
$profile = Profile::staticGet('id', $fields['userid']);
if ($profile && !$profile->hasRight(Right::CREATEGROUP)) {
common_log(LOG_WARNING, "Attempted group creation from banned user: " . $profile->nickname);
// TRANS: Client exception thrown when a user tries to create a group while banned.
throw new ClientException(_('You are not allowed to create groups on this site.'), 403);
}
}
// MAGICALLY put fields into current scope // MAGICALLY put fields into current scope
extract($fields); extract($fields);
......
...@@ -61,5 +61,6 @@ class Right ...@@ -61,5 +61,6 @@ class Right
const GRANTROLE = 'grantrole'; const GRANTROLE = 'grantrole';
const REVOKEROLE = 'revokerole'; const REVOKEROLE = 'revokerole';
const DELETEGROUP = 'deletegroup'; const DELETEGROUP = 'deletegroup';
const CREATEGROUP = 'creategroup';
} }
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment