From 9e8d69739f21e5ac85977d57a2a6c961e318c26e Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Wed, 10 Nov 2021 20:44:51 +0300
Subject: add two helper account access levels:  - read only - can't subscribe
 to more feeds, feed updates are skipped  - disabled - can't login define used
 access levels as UserHelper constants and refactor code to use them instead
 of hardcoded numbers

---
 classes/pref/feeds.php | 12 ++++++++++++
 classes/pref/prefs.php | 16 ++++++++--------
 2 files changed, 20 insertions(+), 8 deletions(-)

(limited to 'classes/pref')

diff --git a/classes/pref/feeds.php b/classes/pref/feeds.php
index 95bbcd190..ac0874259 100755
--- a/classes/pref/feeds.php
+++ b/classes/pref/feeds.php
@@ -538,6 +538,8 @@ class Pref_Feeds extends Handler_Protected {
 				$local_purge_intervals = [ T_nsprintf('%d day', '%d days', $purge_interval, $purge_interval) ];
 			}
 
+			$user = ORM::for_table("ttrss_users")->find_one($_SESSION["uid"]);
+
 			print json_encode([
 				"feed" => $row,
 				"cats" => [
@@ -550,6 +552,9 @@ class Pref_Feeds extends Handler_Protected {
 					"update" => $local_update_intervals,
 					"purge" => $local_purge_intervals,
 				],
+				"user" => [
+					"access_level" => $user->access_level
+				],
 				"lang" => [
 					"enabled" => Config::get(Config::DB_TYPE) == "pgsql",
 					"default" => get_pref(Prefs::DEFAULT_SEARCH_LANGUAGE),
@@ -1207,6 +1212,13 @@ class Pref_Feeds extends Handler_Protected {
 		$login = clean($_REQUEST['login']);
 		$pass = clean($_REQUEST['pass']);
 
+		$user = ORM::for_table('ttrss_users')->find_one($_SESSION["uid"]);
+
+		// TODO: we should return some kind of error code to frontend here
+		if ($user->access_level == UserHelper::ACCESS_LEVEL_READONLY) {
+			return false;
+		}
+
 		$csth = $this->pdo->prepare("SELECT id FROM ttrss_feeds
 						WHERE feed_url = ? AND owner_uid = ?");
 
diff --git a/classes/pref/prefs.php b/classes/pref/prefs.php
index c47a99469..c45d6d6ea 100644
--- a/classes/pref/prefs.php
+++ b/classes/pref/prefs.php
@@ -813,7 +813,7 @@ class Pref_Prefs extends Handler_Protected {
 
 		usort($rv, function($a, $b) { return strcmp($a["name"], $b["name"]); });
 
-		print json_encode(['plugins' => $rv, 'is_admin' => $_SESSION['access_level'] >= 10]);
+		print json_encode(['plugins' => $rv, 'is_admin' => $_SESSION['access_level'] >= UserHelper::ACCESS_LEVEL_ADMIN]);
 	}
 
 	function index_plugins() {
@@ -890,7 +890,7 @@ class Pref_Prefs extends Handler_Protected {
 
 					<?= \Controls\button_tag(\Controls\icon("refresh"), "", ["title" => __("Reload"), "onclick" => "Helpers.Plugins.reload()"]) ?>
 
-					<?php if ($_SESSION["access_level"] >= 10) { ?>
+					<?php if ($_SESSION["access_level"] >= UserHelper::ACCESS_LEVEL_ADMIN) { ?>
 						<?php if (Config::get(Config::CHECK_FOR_UPDATES) && Config::get(Config::CHECK_FOR_PLUGIN_UPDATES)) { ?>
 
 							<button class='alt-warning' dojoType='dijit.form.Button' onclick="Helpers.Plugins.update()">
@@ -1152,7 +1152,7 @@ class Pref_Prefs extends Handler_Protected {
 	}
 
 	function uninstallPlugin() {
-		if ($_SESSION["access_level"] >= 10) {
+		if ($_SESSION["access_level"] >= UserHelper::ACCESS_LEVEL_ADMIN) {
 			$plugin_name = basename(clean($_REQUEST['plugin']));
 			$status = 0;
 
@@ -1167,7 +1167,7 @@ class Pref_Prefs extends Handler_Protected {
 	}
 
 	function installPlugin() {
-		if ($_SESSION["access_level"] >= 10 && Config::get(Config::ENABLE_PLUGIN_INSTALLER)) {
+		if ($_SESSION["access_level"] >= UserHelper::ACCESS_LEVEL_ADMIN && Config::get(Config::ENABLE_PLUGIN_INSTALLER)) {
 			$plugin_name = basename(clean($_REQUEST['plugin']));
 			$all_plugins = $this->_get_available_plugins();
 			$plugin_dir = dirname(dirname(__DIR__)) . "/plugins.local";
@@ -1252,18 +1252,18 @@ class Pref_Prefs extends Handler_Protected {
 	}
 
 	private function _get_available_plugins() {
-		if ($_SESSION["access_level"] >= 10 && Config::get(Config::ENABLE_PLUGIN_INSTALLER)) {
+		if ($_SESSION["access_level"] >= UserHelper::ACCESS_LEVEL_ADMIN && Config::get(Config::ENABLE_PLUGIN_INSTALLER)) {
 			return json_decode(UrlHelper::fetch(['url' => 'https://tt-rss.org/plugins.json']), true);
 		}
 	}
 	function getAvailablePlugins() {
-		if ($_SESSION["access_level"] >= 10) {
+		if ($_SESSION["access_level"] >= UserHelper::ACCESS_LEVEL_ADMIN) {
 			print json_encode($this->_get_available_plugins());
 		}
 	}
 
 	function checkForPluginUpdates() {
-		if ($_SESSION["access_level"] >= 10 && Config::get(Config::CHECK_FOR_UPDATES) && Config::get(Config::CHECK_FOR_PLUGIN_UPDATES)) {
+		if ($_SESSION["access_level"] >= UserHelper::ACCESS_LEVEL_ADMIN && Config::get(Config::CHECK_FOR_UPDATES) && Config::get(Config::CHECK_FOR_PLUGIN_UPDATES)) {
 			$plugin_name = $_REQUEST["name"] ?? "";
 
 			$root_dir = dirname(dirname(__DIR__)); # we're in classes/pref/
@@ -1279,7 +1279,7 @@ class Pref_Prefs extends Handler_Protected {
 	}
 
 	function updateLocalPlugins() {
-		if ($_SESSION["access_level"] >= 10) {
+		if ($_SESSION["access_level"] >= UserHelper::ACCESS_LEVEL_ADMIN) {
 			$plugins = explode(",", $_REQUEST["plugins"] ?? "");
 
 			# we're in classes/pref/
-- 
cgit v1.2.3