diff options
author | Andrew Dolgov <[email protected]> | 2021-11-10 20:44:51 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2021-11-10 20:44:51 +0300 |
commit | 9e8d69739f21e5ac85977d57a2a6c961e318c26e (patch) | |
tree | 0fc52f7be644b5f86e236cc7cb8f4dc4351da8f9 /classes/rssutils.php | |
parent | 7a52560e4e3b0652d32645b60ae13e4904f606bc (diff) |
add two helper account access levels:
- read only - can't subscribe to more feeds, feed updates are skipped
- disabled - can't login
define used access levels as UserHelper constants and refactor code to
use them instead of hardcoded numbers
Diffstat (limited to 'classes/rssutils.php')
-rwxr-xr-x | classes/rssutils.php | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/classes/rssutils.php b/classes/rssutils.php index 87e52ba42..927a6c251 100755 --- a/classes/rssutils.php +++ b/classes/rssutils.php @@ -123,7 +123,8 @@ class RSSUtils { ttrss_feeds f, ttrss_users u LEFT JOIN ttrss_user_prefs2 p ON (p.owner_uid = u.id AND profile IS NULL AND pref_name = 'DEFAULT_UPDATE_INTERVAL') WHERE - f.owner_uid = u.id + f.owner_uid = u.id AND + u.access_level NOT IN (".sprintf("%d, %d", UserHelper::ACCESS_LEVEL_DISABLED, UserHelper::ACCESS_LEVEL_READONLY).") $login_thresh_qpart $update_limit_qpart $updstart_thresh_qpart @@ -163,7 +164,8 @@ class RSSUtils { FROM ttrss_feeds f, ttrss_users u LEFT JOIN ttrss_user_prefs2 p ON (p.owner_uid = u.id AND profile IS NULL AND pref_name = 'DEFAULT_UPDATE_INTERVAL') WHERE - f.owner_uid = u.id + f.owner_uid = u.id AND + u.access_level NOT IN (".sprintf("%d, %d", UserHelper::ACCESS_LEVEL_DISABLED, UserHelper::ACCESS_LEVEL_READONLY).") AND feed_url = :feed $login_thresh_qpart $update_limit_qpart @@ -352,6 +354,19 @@ class RSSUtils { if (!$feed_language) $feed_language = mb_strtolower(get_pref(Prefs::DEFAULT_SEARCH_LANGUAGE, $feed_obj->owner_uid)); if (!$feed_language) $feed_language = 'simple'; + $user = ORM::for_table('ttrss_users')->find_one($feed_obj->owner_uid); + + if ($user) { + if ($user->access_level == UserHelper::ACCESS_LEVEL_READONLY) { + Debug::log("error: denied update for $feed: permission denied by owner access level"); + return false; + } + } else { + // this would indicate database corruption of some kind + Debug::log("error: owner not found for feed: $feed"); + return false; + } + } else { Debug::log("error: feeds table record not found for feed: $feed"); return false; |