add two helper account access levels:

 - read only - can't subscribe to more feeds, feed updates are skipped
 - disabled - can't login
define used access levels as UserHelper constants and refactor code to
use them instead of hardcoded numbers

1 files changed, 12 insertions, 0 deletions

diff --git a/classes/pref/feeds.php b/classes/pref/feeds.php
index 95bbcd190..ac0874259 100755
--- a/classes/pref/feeds.php
+++ b/classes/pref/feeds.php
@@ -538,6 +538,8 @@ class Pref_Feeds extends Handler_Protected {
 				$local_purge_intervals = [ T_nsprintf('%d day', '%d days', $purge_interval, $purge_interval) ];
 			}
 
+			$user = ORM::for_table("ttrss_users")->find_one($_SESSION["uid"]);
+
 			print json_encode([
 				"feed" => $row,
 				"cats" => [
@@ -550,6 +552,9 @@ class Pref_Feeds extends Handler_Protected {
 					"update" => $local_update_intervals,
 					"purge" => $local_purge_intervals,
 				],
+				"user" => [
+					"access_level" => $user->access_level
+				],
 				"lang" => [
 					"enabled" => Config::get(Config::DB_TYPE) == "pgsql",
 					"default" => get_pref(Prefs::DEFAULT_SEARCH_LANGUAGE),
@@ -1207,6 +1212,13 @@ class Pref_Feeds extends Handler_Protected {
 		$login = clean($_REQUEST['login']);
 		$pass = clean($_REQUEST['pass']);
 
+		$user = ORM::for_table('ttrss_users')->find_one($_SESSION["uid"]);
+
+		// TODO: we should return some kind of error code to frontend here
+		if ($user->access_level == UserHelper::ACCESS_LEVEL_READONLY) {
+			return false;
+		}
+
 		$csth = $this->pdo->prepare("SELECT id FROM ttrss_feeds
 						WHERE feed_url = ? AND owner_uid = ?");