WIP #132 Add 'canEditPolls' and 'canEditOwnPolls' permission

JN-Jones · May 21, 2015 · f7999c8 · f7999c8
1 parent bb2ce4e
commit f7999c8
Show file tree

Hide file tree

Showing 9 changed files with 101 additions and 13 deletions.
diff --git a/app/Database/Models/Poll.php b/app/Database/Models/Poll.php
@@ -11,6 +11,9 @@
 use Illuminate\Database\Eloquent\Model;
 use McCool\LaravelAutoPresenter\HasPresenter;
 
+/**
+ * @property Topic topic
+ */
 class Poll extends Model implements HasPresenter
 {
 	// @codingStandardsIgnoreStart

diff --git a/app/Database/Models/Post.php b/app/Database/Models/Post.php
@@ -15,6 +15,9 @@
 use McCool\LaravelAutoPresenter\HasPresenter;
 use MyBB\Core\Likes\Traits\LikeableTrait;
 
+/**
+ * @property Topic topic
+ */
 class Post extends Model implements HasPresenter
 {
 	use SoftDeletes;

diff --git a/app/Database/Models/Topic.php b/app/Database/Models/Topic.php
@@ -14,6 +14,10 @@
 use Illuminate\Database\Eloquent\SoftDeletes;
 use McCool\LaravelAutoPresenter\HasPresenter;
 
+/**
+ * @property int forum_id
+ * @property Forum forum
+ */
 class Topic extends Model implements HasPresenter
 {
 	use SoftDeletes;

diff --git a/app/Http/Controllers/PollController.php b/app/Http/Controllers/PollController.php
@@ -353,6 +353,13 @@ public function remove($topicSlug, $topicId)
 
 		$poll = $topic->poll;
 
+		/** @var \MyBB\Core\Presenters\Poll $decoratedPoll */
+		$decoratedPoll = app()->make('MyBB\\Core\\Presenters\\Poll', [$poll]);
+
+		if (!$decoratedPoll->canEdit()) {
+			throw new AccessDeniedHttpException;
+		}
+
 		$this->pollRepository->remove($poll);
 
 		$topic->has_poll = false;
@@ -382,6 +389,13 @@ public function edit($topicSlug, $topicId)
 
 		$this->breadcrumbs->setCurrentRoute('polls.edit', $topic);
 
+		/** @var \MyBB\Core\Presenters\Poll $decoratedPoll */
+		$decoratedPoll = app()->make('MyBB\\Core\\Presenters\\Poll', [$poll]);
+
+		if (!$decoratedPoll->canEdit()) {
+			throw new AccessDeniedHttpException;
+		}
+
 		return view('polls.edit', compact('topic', 'poll'));
 	}
 
@@ -404,8 +418,12 @@ public function postEdit($topicSlug, $topicId, CreateRequest $createRequest)
 		}
 
 		$poll = $topic->poll;
+		/** @var \MyBB\Core\Presenters\Poll $pollPresenter */
 		$pollPresenter = app()->make('MyBB\Core\Presenters\Poll', [$poll]);
 
+		if (!$pollPresenter->canEdit()) {
+			throw new AccessDeniedHttpException;
+		}
 
 		$options = [];
 		$i = 0;

diff --git a/app/Presenters/Poll.php b/app/Presenters/Poll.php
@@ -14,6 +14,7 @@
 use Illuminate\Auth\Guard;
 use MyBB\Core\Database\Models\Poll as PollModel;
 use MyBB\Core\Database\Repositories\PollVoteRepositoryInterface;
+use MyBB\Core\Permissions\PermissionChecker;
 
 class Poll extends BasePresenter
 {
@@ -34,19 +35,27 @@ class Poll extends BasePresenter
 	 */
 	protected $cache = [];
 
+	/**
+	 * @var PermissionChecker
+	 */
+	private $permissionChecker;
+
 	/**
 	 * @param PollModel                   $resource
 	 * @param PollVoteRepositoryInterface $pollVoteRepository
 	 * @param Guard                       $guard
+	 * @param PermissionChecker           $permissionChecker
 	 */
 	public function __construct(
 		PollModel $resource,
 		PollVoteRepositoryInterface $pollVoteRepository,
-		Guard $guard
+		Guard $guard,
+		PermissionChecker $permissionChecker
 	) {
 		$this->wrappedObject = $resource;
 		$this->pollVoteRepository = $pollVoteRepository;
 		$this->guard = $guard;
+		$this->permissionChecker = $permissionChecker;
 	}
 
 	/**
@@ -141,4 +150,23 @@ public function myVote()
 
 		return $this->cache['myVote'];
 	}
+
+	public function canEdit()
+	{
+		// User can edit all polls
+		if ($this->permissionChecker->hasPermission('forum', $this->wrappedObject->topic->forum_id, 'canEditPolls')) {
+			return true;
+		}
+
+		// Not the author -> not allowed to edit this poll
+		if ($this->wrappedObject->user_id != $this->guard->user()->id) {
+			return false;
+		}
+
+		return $this->permissionChecker->hasPermission(
+			'forum',
+			$this->wrappedObject->topic->forum_id,
+			'canEditOwnPolls'
+		);
+	}
 }
diff --git a/database/seeds/PermissionRoleTableSeeder.php b/database/seeds/PermissionRoleTableSeeder.php
@@ -89,6 +89,24 @@ public function run()
 				'value'         => PermissionChecker::NO,
 				'content_id'    => 0
 			],
+			[
+				'permission_id' => $this->perm('canEditPolls'),
+				'role_id'       => $this->role('admin'),
+				'value'         => PermissionChecker::YES,
+				'content_id'    => 0
+			],
+			[
+				'permission_id' => $this->perm('canEditOwnPolls'),
+				'role_id'       => $this->role('guest'),
+				'value'         => PermissionChecker::NO,
+				'content_id'    => 0
+			],
+			[
+				'permission_id' => $this->perm('canEditOwnPolls'),
+				'role_id'       => $this->role('banned'),
+				'value'         => PermissionChecker::NO,
+				'content_id'    => 0
+			],
 			[
 				'permission_id' => $this->perm('canVoteInPolls'),
 				'role_id'       => $this->role('guest'),

diff --git a/database/seeds/PermissionsTableSeeder.php b/database/seeds/PermissionsTableSeeder.php
@@ -62,6 +62,16 @@ public function run()
 				'content_name'    => 'forum',
 				'default_value'   => PermissionChecker::YES
 			],
+			[
+				'permission_name' => 'canEditPolls',
+				'content_name'    => 'forum',
+				'default_value'   => PermissionChecker::NO
+			],
+			[
+				'permission_name' => 'canEditOwnPolls',
+				'content_name'    => 'forum',
+				'default_value'   => PermissionChecker::YES
+			],
 			[
 				'permission_name' => 'canVoteInPolls',
 				'content_name'    => 'forum',

diff --git a/resources/views/polls/show.twig b/resources/views/polls/show.twig
@@ -57,12 +57,14 @@
 			{% endif %}
 			<div class="poll__vote">
 				<div class="poll__buttons">
-					<a class="button button--secondary"
-					   href="{{ url_route('polls.remove', [topic.slug, topic.id]) }}"><i
-								class="fa fa-trash"></i><span class="text">{{ trans('poll.remove') }}</span></a>
-					<a class="button button--secondary"
-					   href="{{ url_route('polls.edit', [topic.slug, topic.id]) }}"><i
-								class="fa fa-pencil"></i><span class="text">{{ trans('poll.edit') }}</span></a>
+					{% if poll.canEdit() %}
+						<a class="button button--secondary"
+						   href="{{ url_route('polls.remove', [topic.slug, topic.id]) }}"><i
+									class="fa fa-trash"></i><span class="text">{{ trans('poll.remove') }}</span></a>
+						<a class="button button--secondary"
+						   href="{{ url_route('polls.edit', [topic.slug, topic.id]) }}"><i
+									class="fa fa-pencil"></i><span class="text">{{ trans('poll.edit') }}</span></a>
+					{% endif %}
 				</div>
 				{% if not poll.is_closed and topic.forum.hasPermission('canVoteInPolls') %}
 					{% if poll.myVote %}

diff --git a/resources/views/topic/polls.twig b/resources/views/topic/polls.twig
@@ -41,12 +41,14 @@
 				<a class="button button--secondary"
 				   href="{{ url_route('polls.show', [topic.slug, topic.id]) }}"><i
 							class="fa fa-arrow-right"></i><span class="text">{{ trans('poll.results') }}</span></a>
-				<a class="button button--secondary"
-				   href="{{ url_route('polls.remove', [topic.slug, topic.id]) }}"><i
-							class="fa fa-trash"></i><span class="text">{{ trans('poll.remove') }}</span></a>
-				<a class="button button--secondary"
-				   href="{{ url_route('polls.edit', [topic.slug, topic.id]) }}"><i
-							class="fa fa-pencil"></i><span class="text">{{ trans('poll.edit') }}</span></a>
+				{% if poll.canEdit() %}
+					<a class="button button--secondary"
+					   href="{{ url_route('polls.remove', [topic.slug, topic.id]) }}"><i
+								class="fa fa-trash"></i><span class="text">{{ trans('poll.remove') }}</span></a>
+					<a class="button button--secondary"
+					   href="{{ url_route('polls.edit', [topic.slug, topic.id]) }}"><i
+								class="fa fa-pencil"></i><span class="text">{{ trans('poll.edit') }}</span></a>
+				{% endif %}
 			</div>
 			{% if not poll.is_closed and topic.forum.hasPermission('canVoteInPolls') %}
 				{% if poll.myVote %}