From f7999c8550a00c88c59352e6a3ff24f2d5ed8639 Mon Sep 17 00:00:00 2001
From: JN-Jones <jones_h1@web.de>
Date: Thu, 21 May 2015 12:58:24 +0200
Subject: [PATCH] WIP #132 Add 'canEditPolls' and 'canEditOwnPolls' permission

---
 app/Database/Models/Poll.php                 |  3 ++
 app/Database/Models/Post.php                 |  3 ++
 app/Database/Models/Topic.php                |  4 +++
 app/Http/Controllers/PollController.php      | 18 ++++++++++++
 app/Presenters/Poll.php                      | 30 +++++++++++++++++++-
 database/seeds/PermissionRoleTableSeeder.php | 18 ++++++++++++
 database/seeds/PermissionsTableSeeder.php    | 10 +++++++
 resources/views/polls/show.twig              | 14 +++++----
 resources/views/topic/polls.twig             | 14 +++++----
 9 files changed, 101 insertions(+), 13 deletions(-)

diff --git a/app/Database/Models/Poll.php b/app/Database/Models/Poll.php
index 939e5ec..159cda8 100644
--- a/app/Database/Models/Poll.php
+++ b/app/Database/Models/Poll.php
@@ -11,6 +11,9 @@
 use Illuminate\Database\Eloquent\Model;
 use McCool\LaravelAutoPresenter\HasPresenter;
 
+/**
+ * @property Topic topic
+ */
 class Poll extends Model implements HasPresenter
 {
 	// @codingStandardsIgnoreStart
diff --git a/app/Database/Models/Post.php b/app/Database/Models/Post.php
index 0ee39fd..7c50cc4 100644
--- a/app/Database/Models/Post.php
+++ b/app/Database/Models/Post.php
@@ -15,6 +15,9 @@
 use McCool\LaravelAutoPresenter\HasPresenter;
 use MyBB\Core\Likes\Traits\LikeableTrait;
 
+/**
+ * @property Topic topic
+ */
 class Post extends Model implements HasPresenter
 {
 	use SoftDeletes;
diff --git a/app/Database/Models/Topic.php b/app/Database/Models/Topic.php
index dcb1ba4..ba6c3b0 100644
--- a/app/Database/Models/Topic.php
+++ b/app/Database/Models/Topic.php
@@ -14,6 +14,10 @@
 use Illuminate\Database\Eloquent\SoftDeletes;
 use McCool\LaravelAutoPresenter\HasPresenter;
 
+/**
+ * @property int forum_id
+ * @property Forum forum
+ */
 class Topic extends Model implements HasPresenter
 {
 	use SoftDeletes;
diff --git a/app/Http/Controllers/PollController.php b/app/Http/Controllers/PollController.php
index 044bbc1..79cee56 100644
--- a/app/Http/Controllers/PollController.php
+++ b/app/Http/Controllers/PollController.php
@@ -353,6 +353,13 @@ public function remove($topicSlug, $topicId)
 
 		$poll = $topic->poll;
 
+		/** @var \MyBB\Core\Presenters\Poll $decoratedPoll */
+		$decoratedPoll = app()->make('MyBB\\Core\\Presenters\\Poll', [$poll]);
+
+		if (!$decoratedPoll->canEdit()) {
+			throw new AccessDeniedHttpException;
+		}
+
 		$this->pollRepository->remove($poll);
 
 		$topic->has_poll = false;
@@ -382,6 +389,13 @@ public function edit($topicSlug, $topicId)
 
 		$this->breadcrumbs->setCurrentRoute('polls.edit', $topic);
 
+		/** @var \MyBB\Core\Presenters\Poll $decoratedPoll */
+		$decoratedPoll = app()->make('MyBB\\Core\\Presenters\\Poll', [$poll]);
+
+		if (!$decoratedPoll->canEdit()) {
+			throw new AccessDeniedHttpException;
+		}
+
 		return view('polls.edit', compact('topic', 'poll'));
 	}
 
@@ -404,8 +418,12 @@ public function postEdit($topicSlug, $topicId, CreateRequest $createRequest)
 		}
 
 		$poll = $topic->poll;
+		/** @var \MyBB\Core\Presenters\Poll $pollPresenter */
 		$pollPresenter = app()->make('MyBB\Core\Presenters\Poll', [$poll]);
 
+		if (!$pollPresenter->canEdit()) {
+			throw new AccessDeniedHttpException;
+		}
 
 		$options = [];
 		$i = 0;
diff --git a/app/Presenters/Poll.php b/app/Presenters/Poll.php
index 32168fe..7496d8f 100644
--- a/app/Presenters/Poll.php
+++ b/app/Presenters/Poll.php
@@ -14,6 +14,7 @@
 use Illuminate\Auth\Guard;
 use MyBB\Core\Database\Models\Poll as PollModel;
 use MyBB\Core\Database\Repositories\PollVoteRepositoryInterface;
+use MyBB\Core\Permissions\PermissionChecker;
 
 class Poll extends BasePresenter
 {
@@ -34,19 +35,27 @@ class Poll extends BasePresenter
 	 */
 	protected $cache = [];
 
+	/**
+	 * @var PermissionChecker
+	 */
+	private $permissionChecker;
+
 	/**
 	 * @param PollModel                   $resource
 	 * @param PollVoteRepositoryInterface $pollVoteRepository
 	 * @param Guard                       $guard
+	 * @param PermissionChecker           $permissionChecker
 	 */
 	public function __construct(
 		PollModel $resource,
 		PollVoteRepositoryInterface $pollVoteRepository,
-		Guard $guard
+		Guard $guard,
+		PermissionChecker $permissionChecker
 	) {
 		$this->wrappedObject = $resource;
 		$this->pollVoteRepository = $pollVoteRepository;
 		$this->guard = $guard;
+		$this->permissionChecker = $permissionChecker;
 	}
 
 	/**
@@ -141,4 +150,23 @@ public function myVote()
 
 		return $this->cache['myVote'];
 	}
+
+	public function canEdit()
+	{
+		// User can edit all polls
+		if ($this->permissionChecker->hasPermission('forum', $this->wrappedObject->topic->forum_id, 'canEditPolls')) {
+			return true;
+		}
+
+		// Not the author -> not allowed to edit this poll
+		if ($this->wrappedObject->user_id != $this->guard->user()->id) {
+			return false;
+		}
+
+		return $this->permissionChecker->hasPermission(
+			'forum',
+			$this->wrappedObject->topic->forum_id,
+			'canEditOwnPolls'
+		);
+	}
 }
diff --git a/database/seeds/PermissionRoleTableSeeder.php b/database/seeds/PermissionRoleTableSeeder.php
index e3a4a7b..b2ff2e4 100644
--- a/database/seeds/PermissionRoleTableSeeder.php
+++ b/database/seeds/PermissionRoleTableSeeder.php
@@ -89,6 +89,24 @@ public function run()
 				'value'         => PermissionChecker::NO,
 				'content_id'    => 0
 			],
+			[
+				'permission_id' => $this->perm('canEditPolls'),
+				'role_id'       => $this->role('admin'),
+				'value'         => PermissionChecker::YES,
+				'content_id'    => 0
+			],
+			[
+				'permission_id' => $this->perm('canEditOwnPolls'),
+				'role_id'       => $this->role('guest'),
+				'value'         => PermissionChecker::NO,
+				'content_id'    => 0
+			],
+			[
+				'permission_id' => $this->perm('canEditOwnPolls'),
+				'role_id'       => $this->role('banned'),
+				'value'         => PermissionChecker::NO,
+				'content_id'    => 0
+			],
 			[
 				'permission_id' => $this->perm('canVoteInPolls'),
 				'role_id'       => $this->role('guest'),
diff --git a/database/seeds/PermissionsTableSeeder.php b/database/seeds/PermissionsTableSeeder.php
index a4d1679..24d8375 100644
--- a/database/seeds/PermissionsTableSeeder.php
+++ b/database/seeds/PermissionsTableSeeder.php
@@ -62,6 +62,16 @@ public function run()
 				'content_name'    => 'forum',
 				'default_value'   => PermissionChecker::YES
 			],
+			[
+				'permission_name' => 'canEditPolls',
+				'content_name'    => 'forum',
+				'default_value'   => PermissionChecker::NO
+			],
+			[
+				'permission_name' => 'canEditOwnPolls',
+				'content_name'    => 'forum',
+				'default_value'   => PermissionChecker::YES
+			],
 			[
 				'permission_name' => 'canVoteInPolls',
 				'content_name'    => 'forum',
diff --git a/resources/views/polls/show.twig b/resources/views/polls/show.twig
index a9291d9..c4bf40b 100644
--- a/resources/views/polls/show.twig
+++ b/resources/views/polls/show.twig
@@ -57,12 +57,14 @@
 			{% endif %}
 			<div class="poll__vote">
 				<div class="poll__buttons">
-					<a class="button button--secondary"
-					   href="{{ url_route('polls.remove', [topic.slug, topic.id]) }}"><i
-								class="fa fa-trash"></i><span class="text">{{ trans('poll.remove') }}</span></a>
-					<a class="button button--secondary"
-					   href="{{ url_route('polls.edit', [topic.slug, topic.id]) }}"><i
-								class="fa fa-pencil"></i><span class="text">{{ trans('poll.edit') }}</span></a>
+					{% if poll.canEdit() %}
+						<a class="button button--secondary"
+						   href="{{ url_route('polls.remove', [topic.slug, topic.id]) }}"><i
+									class="fa fa-trash"></i><span class="text">{{ trans('poll.remove') }}</span></a>
+						<a class="button button--secondary"
+						   href="{{ url_route('polls.edit', [topic.slug, topic.id]) }}"><i
+									class="fa fa-pencil"></i><span class="text">{{ trans('poll.edit') }}</span></a>
+					{% endif %}
 				</div>
 				{% if not poll.is_closed and topic.forum.hasPermission('canVoteInPolls') %}
 					{% if poll.myVote %}
diff --git a/resources/views/topic/polls.twig b/resources/views/topic/polls.twig
index 98db747..ff755ca 100644
--- a/resources/views/topic/polls.twig
+++ b/resources/views/topic/polls.twig
@@ -41,12 +41,14 @@
 				<a class="button button--secondary"
 				   href="{{ url_route('polls.show', [topic.slug, topic.id]) }}"><i
 							class="fa fa-arrow-right"></i><span class="text">{{ trans('poll.results') }}</span></a>
-				<a class="button button--secondary"
-				   href="{{ url_route('polls.remove', [topic.slug, topic.id]) }}"><i
-							class="fa fa-trash"></i><span class="text">{{ trans('poll.remove') }}</span></a>
-				<a class="button button--secondary"
-				   href="{{ url_route('polls.edit', [topic.slug, topic.id]) }}"><i
-							class="fa fa-pencil"></i><span class="text">{{ trans('poll.edit') }}</span></a>
+				{% if poll.canEdit() %}
+					<a class="button button--secondary"
+					   href="{{ url_route('polls.remove', [topic.slug, topic.id]) }}"><i
+								class="fa fa-trash"></i><span class="text">{{ trans('poll.remove') }}</span></a>
+					<a class="button button--secondary"
+					   href="{{ url_route('polls.edit', [topic.slug, topic.id]) }}"><i
+								class="fa fa-pencil"></i><span class="text">{{ trans('poll.edit') }}</span></a>
+				{% endif %}
 			</div>
 			{% if not poll.is_closed and topic.forum.hasPermission('canVoteInPolls') %}
 				{% if poll.myVote %}