diff --git a/app/Http/Controllers/AccountController.php b/app/Http/Controllers/AccountController.php index c18db6c..efbdd2a 100644 --- a/app/Http/Controllers/AccountController.php +++ b/app/Http/Controllers/AccountController.php @@ -35,7 +35,7 @@ class AccountController extends AbstractController /** * Create a new controller instance. * - * @param Guard $guard + * @param Guard $guard * @param PermissionChecker $permissionChecker */ public function __construct(Guard $guard, PermissionChecker $permissionChecker) @@ -84,7 +84,7 @@ public function postProfile(UpdateProfileRequest $request, UserProfileFieldRepos // handle updates to the user model $update = array(); - if($this->permissionChecker->hasPermission('user', null, 'canUseCustomTitle')) { + if ($this->permissionChecker->hasPermission('user', null, 'canUseCustomTitle')) { $update['usertitle'] = $request->get('usertitle'); } @@ -328,7 +328,7 @@ public function postAvatar(Request $request) $this->guard->user()->update(['avatar' => '']); } - return redirect()->route('account.profile')->withSuccess('account.saved_avatar'); + return redirect()->route('account.profile')->withSuccess(trans('account.saved_avatar')); } /** @@ -339,7 +339,7 @@ public function removeAvatar() // TODO: Delete the old file if an uploaded was used $this->guard->user()->update(['avatar' => '']); - return redirect()->route('account.profile')->withSuccess('account.removed_avatar'); + return redirect()->route('account.profile')->withSuccess(trans('account.removed_avatar')); } /** diff --git a/app/Http/Middleware/CheckAccess.php b/app/Http/Middleware/CheckAccess.php index ae0731b..b1edf2f 100644 --- a/app/Http/Middleware/CheckAccess.php +++ b/app/Http/Middleware/CheckAccess.php @@ -63,8 +63,19 @@ protected function checkPermissions($request) { $action = $request->route()->getAction(); // Check for additional permissions required - $requiredPermisions = isset($action['permissions']) ? explode('|', $action['permissions']) : false; - return $this->permissionChecker->hasPermission('user', null, $requiredPermisions); + $requiredPermisions = array(); + + if (isset($action['permissions'])) { + if (!is_array($action['permissions'])) { + $requiredPermisions = explode('|', $action['permissions']); + } else { + foreach ($action['permissions'] as $permission) { + $requiredPermisions = array_merge($requiredPermisions, explode('|', $permission)); + } + } + } + + return $this->permissionChecker->hasPermission('user', null, array_unique($requiredPermisions)); } } diff --git a/app/Http/routes.php b/app/Http/routes.php index 4c2ab9a..b4067f8 100644 --- a/app/Http/routes.php +++ b/app/Http/routes.php @@ -106,9 +106,15 @@ '/password/confirm/{token}', ['as' => 'account.password.confirm', 'uses' => 'AccountController@confirmPassword'] ); - Route::get('/avatar', ['as' => 'account.avatar', 'uses' => 'AccountController@getAvatar']); - Route::post('/avatar', ['as' => 'account.avatar', 'uses' => 'AccountController@postAvatar']); - Route::get('/avatar/remove', ['as' => 'account.avatar.remove', 'uses' => 'AccountController@removeAvatar']); + Route::group([ + 'prefix' => 'avatar', + 'middleware' => 'checkaccess', + 'permissions' => 'canUploadAvatar' + ], function () { + Route::get('/', ['as' => 'account.avatar', 'uses' => 'AccountController@getAvatar']); + Route::post('/', ['as' => 'account.avatar', 'uses' => 'AccountController@postAvatar']); + Route::get('/remove', ['as' => 'account.avatar.remove', 'uses' => 'AccountController@removeAvatar']); + }); Route::get('/notifications', ['as' => 'account.notifications', 'uses' => 'AccountController@getNotifications']); Route::get('/following', ['as' => 'account.following', 'uses' => 'AccountController@getFollowing']); Route::get('/buddies', ['as' => 'account.buddies', 'uses' => 'AccountController@getBuddies']); @@ -121,7 +127,7 @@ Route::group([ 'prefix' => 'conversations', - 'middleware' => ['checkaccess','checksetting'], + 'middleware' => ['checkaccess', 'checksetting'], 'permissions' => 'canUseConversations', 'setting' => 'conversations.enabled' ], function () { diff --git a/app/Presenters/User.php b/app/Presenters/User.php index d18b4e8..f5c27e0 100644 --- a/app/Presenters/User.php +++ b/app/Presenters/User.php @@ -169,7 +169,7 @@ public function avatar() $avatar = $this->wrappedObject->avatar; // Empty? Default avatar - if (empty($avatar)) { + if (empty($avatar) || !$this->hasPermission('canUploadAvatar')) { return asset('images/avatar.png'); } // Link? Nice! elseif (filter_var($avatar, FILTER_VALIDATE_URL) !== false) { diff --git a/database/seeds/PermissionRoleTableSeeder.php b/database/seeds/PermissionRoleTableSeeder.php index 2bcdc86..f2a3bd0 100644 --- a/database/seeds/PermissionRoleTableSeeder.php +++ b/database/seeds/PermissionRoleTableSeeder.php @@ -137,6 +137,18 @@ public function run() 'value' => PermissionChecker::NO, 'content_id' => null ], + [ + 'permission_id' => $this->perm('canUploadAvatar'), + 'role_id' => $this->role('guest'), + 'value' => PermissionChecker::NO, + 'content_id' => null + ], + [ + 'permission_id' => $this->perm('canUploadAvatar'), + 'role_id' => $this->role('banned'), + 'value' => PermissionChecker::NO, + 'content_id' => null + ], ]; DB::table('permission_role')->insert($permissions_role); diff --git a/database/seeds/PermissionsTableSeeder.php b/database/seeds/PermissionsTableSeeder.php index 045115e..81f167d 100644 --- a/database/seeds/PermissionsTableSeeder.php +++ b/database/seeds/PermissionsTableSeeder.php @@ -92,6 +92,11 @@ public function run() 'content_name' => null, 'default_value' => PermissionChecker::YES ], + [ + 'permission_name' => 'canUploadAvatar', + 'content_name' => null, + 'default_value' => PermissionChecker::YES + ], ]; DB::table('permissions')->insert($permissions); diff --git a/resources/lang/en/account.php b/resources/lang/en/account.php index 8510eab..5f9d4aa 100644 --- a/resources/lang/en/account.php +++ b/resources/lang/en/account.php @@ -28,6 +28,8 @@ 'avatar_desc' => 'This photo is your identity on the forum and appears with all your posts.', 'avatar_change' => 'Change Avatar', 'avatar_remove' => 'Remove Avatar', + 'saved_avatar' => 'Your avatar was successfully updated', + 'removed_avatar' => 'Your avatar was successfully removed', 'details' => 'Account Details', 'change_username' => 'Change Username', 'change_email' => 'Change Email Address', diff --git a/resources/views/account/profile.twig b/resources/views/account/profile.twig index ed73b4c..84a2120 100644 --- a/resources/views/account/profile.twig +++ b/resources/views/account/profile.twig @@ -9,17 +9,19 @@ {{ form_open({'url_route': 'account.profile', 'method': 'post'}) }}
-
-

{{ trans('account.avatar') }}

-
- {{ trans('account.your_avatar') }} -

{{ trans('account.avatar_desc') }}

-
- {{ trans('account.avatar_change') }} - {{ trans('account.avatar_remove') }} + {% if auth_user.hasPermission('canUploadAvatar') %} +
+

{{ trans('account.avatar') }}

+
+ {{ trans('account.your_avatar') }} +

{{ trans('account.avatar_desc') }}

+
-
+ {% endif %}

{{ trans('account.details') }}