diff options
| author | Andrew Dolgov <[email protected]> | 2021-11-10 20:44:51 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2021-11-10 20:44:51 +0300 |
| commit | 9e8d69739f21e5ac85977d57a2a6c961e318c26e (patch) | |
| tree | 0fc52f7be644b5f86e236cc7cb8f4dc4351da8f9 /classes/pref | |
| parent | 7a52560e4e3b0652d32645b60ae13e4904f606bc (diff) | |
add two helper account access levels:
- read only - can't subscribe to more feeds, feed updates are skipped
- disabled - can't login
define used access levels as UserHelper constants and refactor code to
use them instead of hardcoded numbers
Diffstat (limited to 'classes/pref')
| -rwxr-xr-x | classes/pref/feeds.php | 12 | ||||
| -rw-r--r-- | classes/pref/prefs.php | 16 |
2 files changed, 20 insertions, 8 deletions
diff --git a/classes/pref/feeds.php b/classes/pref/feeds.php index 95bbcd190..ac0874259 100755 --- a/classes/pref/feeds.php +++ b/classes/pref/feeds.php @@ -538,6 +538,8 @@ class Pref_Feeds extends Handler_Protected { $local_purge_intervals = [ T_nsprintf('%d day', '%d days', $purge_interval, $purge_interval) ]; } + $user = ORM::for_table("ttrss_users")->find_one($_SESSION["uid"]); + print json_encode([ "feed" => $row, "cats" => [ @@ -550,6 +552,9 @@ class Pref_Feeds extends Handler_Protected { "update" => $local_update_intervals, "purge" => $local_purge_intervals, ], + "user" => [ + "access_level" => $user->access_level + ], "lang" => [ "enabled" => Config::get(Config::DB_TYPE) == "pgsql", "default" => get_pref(Prefs::DEFAULT_SEARCH_LANGUAGE), @@ -1207,6 +1212,13 @@ class Pref_Feeds extends Handler_Protected { $login = clean($_REQUEST['login']); $pass = clean($_REQUEST['pass']); + $user = ORM::for_table('ttrss_users')->find_one($_SESSION["uid"]); + + // TODO: we should return some kind of error code to frontend here + if ($user->access_level == UserHelper::ACCESS_LEVEL_READONLY) { + return false; + } + $csth = $this->pdo->prepare("SELECT id FROM ttrss_feeds WHERE feed_url = ? AND owner_uid = ?"); diff --git a/classes/pref/prefs.php b/classes/pref/prefs.php index c47a99469..c45d6d6ea 100644 --- a/classes/pref/prefs.php +++ b/classes/pref/prefs.php @@ -813,7 +813,7 @@ class Pref_Prefs extends Handler_Protected { usort($rv, function($a, $b) { return strcmp($a["name"], $b["name"]); }); - print json_encode(['plugins' => $rv, 'is_admin' => $_SESSION['access_level'] >= 10]); + print json_encode(['plugins' => $rv, 'is_admin' => $_SESSION['access_level'] >= UserHelper::ACCESS_LEVEL_ADMIN]); } function index_plugins() { @@ -890,7 +890,7 @@ class Pref_Prefs extends Handler_Protected { <?= \Controls\button_tag(\Controls\icon("refresh"), "", ["title" => __("Reload"), "onclick" => "Helpers.Plugins.reload()"]) ?> - <?php if ($_SESSION["access_level"] >= 10) { ?> + <?php if ($_SESSION["access_level"] >= UserHelper::ACCESS_LEVEL_ADMIN) { ?> <?php if (Config::get(Config::CHECK_FOR_UPDATES) && Config::get(Config::CHECK_FOR_PLUGIN_UPDATES)) { ?> <button class='alt-warning' dojoType='dijit.form.Button' onclick="Helpers.Plugins.update()"> @@ -1152,7 +1152,7 @@ class Pref_Prefs extends Handler_Protected { } function uninstallPlugin() { - if ($_SESSION["access_level"] >= 10) { + if ($_SESSION["access_level"] >= UserHelper::ACCESS_LEVEL_ADMIN) { $plugin_name = basename(clean($_REQUEST['plugin'])); $status = 0; @@ -1167,7 +1167,7 @@ class Pref_Prefs extends Handler_Protected { } function installPlugin() { - if ($_SESSION["access_level"] >= 10 && Config::get(Config::ENABLE_PLUGIN_INSTALLER)) { + if ($_SESSION["access_level"] >= UserHelper::ACCESS_LEVEL_ADMIN && Config::get(Config::ENABLE_PLUGIN_INSTALLER)) { $plugin_name = basename(clean($_REQUEST['plugin'])); $all_plugins = $this->_get_available_plugins(); $plugin_dir = dirname(dirname(__DIR__)) . "/plugins.local"; @@ -1252,18 +1252,18 @@ class Pref_Prefs extends Handler_Protected { } private function _get_available_plugins() { - if ($_SESSION["access_level"] >= 10 && Config::get(Config::ENABLE_PLUGIN_INSTALLER)) { + if ($_SESSION["access_level"] >= UserHelper::ACCESS_LEVEL_ADMIN && Config::get(Config::ENABLE_PLUGIN_INSTALLER)) { return json_decode(UrlHelper::fetch(['url' => 'https://tt-rss.org/plugins.json']), true); } } function getAvailablePlugins() { - if ($_SESSION["access_level"] >= 10) { + if ($_SESSION["access_level"] >= UserHelper::ACCESS_LEVEL_ADMIN) { print json_encode($this->_get_available_plugins()); } } function checkForPluginUpdates() { - if ($_SESSION["access_level"] >= 10 && Config::get(Config::CHECK_FOR_UPDATES) && Config::get(Config::CHECK_FOR_PLUGIN_UPDATES)) { + if ($_SESSION["access_level"] >= UserHelper::ACCESS_LEVEL_ADMIN && Config::get(Config::CHECK_FOR_UPDATES) && Config::get(Config::CHECK_FOR_PLUGIN_UPDATES)) { $plugin_name = $_REQUEST["name"] ?? ""; $root_dir = dirname(dirname(__DIR__)); # we're in classes/pref/ @@ -1279,7 +1279,7 @@ class Pref_Prefs extends Handler_Protected { } function updateLocalPlugins() { - if ($_SESSION["access_level"] >= 10) { + if ($_SESSION["access_level"] >= UserHelper::ACCESS_LEVEL_ADMIN) { $plugins = explode(",", $_REQUEST["plugins"] ?? ""); # we're in classes/pref/ |