Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Чёрный список #695

Open
wants to merge 10 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 31 additions & 0 deletions Web/Models/Entities/BlacklistItem.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
<?php declare(strict_types=1);
namespace openvk\Web\Models\Entities;
use openvk\Web\Models\RowModel;
use openvk\Web\Util\DateTime;
use openvk\Web\Models\Entities\{User, Manager};
use openvk\Web\Models\Repositories\{Users, Clubs};

class BlacklistItem extends RowModel
{
protected $tableName = "blacklists";

function getId(): int
{
return $this->getRecord()->index;
}

function getAuthor(): ?User
{
return (new Users)->get($this->getRecord()->author);
}

function getTarget(): ?User
{
return (new Users)->get($this->getRecord()->target);
}

function getCreationDate(): DateTime
{
return new DateTime($this->getRecord()->created);
}
}
13 changes: 12 additions & 1 deletion Web/Models/Entities/User.php
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
use openvk\Web\Util\DateTime;
use openvk\Web\Models\RowModel;
use openvk\Web\Models\Entities\{Photo, Message, Correspondence, Gift};
use openvk\Web\Models\Repositories\{Users, Clubs, Albums, Gifts, Notifications};
use openvk\Web\Models\Repositories\{Users, Clubs, Albums, Gifts, Notifications, Blacklists};
use openvk\Web\Models\Exceptions\InvalidUserNameException;
use Nette\Database\Table\ActiveRow;
use Chandler\Database\DatabaseConnection;
Expand Down Expand Up @@ -438,6 +438,12 @@ function getPrivacyPermission(string $permission, ?User $user = NULL): bool
return $permStatus === User::PRIVACY_EVERYONE;
else if($user->getId() === $this->getId())
return true;
else if ((new Blacklists)->isBanned($this, $user)) {
if ($user->isAdmin() && !OPENVK_ROOT_CONF["openvk"]["preferences"]["security"]["blacklists"]["applyToAdmins"])
return true;

return false;
}

switch($permStatus) {
case User::PRIVACY_ONLY_FRIENDS:
Expand Down Expand Up @@ -1017,6 +1023,11 @@ function isActivated(): bool
{
return (bool) $this->getRecord()->activated;
}

function isAdmin(): bool
{
return $this->getChandlerUser()->can("access")->model("admin")->whichBelongsTo(NULL);
}

use Traits\TSubscribable;
}
37 changes: 37 additions & 0 deletions Web/Models/Repositories/Blacklists.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
<?php declare(strict_types=1);
namespace openvk\Web\Models\Repositories;
use openvk\Web\Models\Entities\{User, BlacklistItem};
use openvk\Web\Models\Repositories\{Clubs, Users};
use Nette\Database\Table\ActiveRow;
use Chandler\Database\DatabaseConnection as DB;

class Blacklists
{
private $context;
private $blacklists;

function __construct()
{
$this->context = DB::i()->getContext();
$this->blacklists = $this->context->table("blacklists");
}

function getList(User $user, $page = 1): \Traversable
{
foreach($this->blacklists->where("author", $user->getId())->order("created DESC")->page($page, 10) as $blacklistItem)
yield new BlacklistItem($blacklistItem);
}

function getCount(User $user): int
{
return sizeof($this->blacklists->where("author", $user->getId())->fetch());
}

function isBanned(User $author, User $target): bool
{
if (!$author || !$target)
return FALSE;

return sizeof(DB::i()->getContext()->table("blacklists")->where(["author" => $author->getId(), "target" => $target->getId()])->fetch()) > 0;
n1rwana marked this conversation as resolved.
Show resolved Hide resolved
}
}
43 changes: 43 additions & 0 deletions Web/Presenters/BlacklistPresenter.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
<?php declare(strict_types=1);
namespace openvk\Web\Presenters;
use openvk\Web\Models\Entities\{BlacklistItem};
use openvk\Web\Models\Repositories\{Blacklists, Users};
use Chandler\Database\DatabaseConnection as DB;

final class BlacklistPresenter extends OpenVKPresenter
{
private $blacklists;

function __construct(Blacklists $blacklists)
{
$this->blacklists = $blacklists;
}

function renderAddToBl(): void
n1rwana marked this conversation as resolved.
Show resolved Hide resolved
{
$this->willExecuteWriteAction();
$this->assertUserLoggedIn();

$record = new BlacklistItem;
$target = (new Users)->get((int) $this->postParam("id"));

$record->setAuthor($this->user->identity->getId());
$record->setTarget($this->postParam("id"));
$record->setCreated(time());
$record->save();

$this->flashFail("succ", "Успех", $target->getCanonicalName() . " занесён в чёрный список.");
n1rwana marked this conversation as resolved.
Show resolved Hide resolved
}

function renderRemoveFromBl(): void
{
$this->willExecuteWriteAction();
$this->assertUserLoggedIn();

$record = new BlacklistItem(DB::i()->getContext()->table("blacklists")->where([ "author" => $this->user->identity->getId(), "target" => $this->postParam("id") ])->fetch());
n1rwana marked this conversation as resolved.
Show resolved Hide resolved
$name = $record->getTarget()->getCanonicalName();
$record->delete(FALSE);
n1rwana marked this conversation as resolved.
Show resolved Hide resolved

$this->flashFail("succ", "Успех", "$name удалён из чёрного списка.");
n1rwana marked this conversation as resolved.
Show resolved Hide resolved
}
}
n1rwana marked this conversation as resolved.
Show resolved Hide resolved
8 changes: 6 additions & 2 deletions Web/Presenters/NotesPresenter.php
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<?php declare(strict_types=1);
namespace openvk\Web\Presenters;
use openvk\Web\Models\Repositories\{Users, Notes};
use openvk\Web\Models\Repositories\{Users, Notes, Blacklists};
n1rwana marked this conversation as resolved.
Show resolved Hide resolved
use openvk\Web\Models\Entities\Note;

final class NotesPresenter extends OpenVKPresenter
Expand All @@ -18,8 +18,12 @@ function renderList(int $owner): void
{
$user = (new Users)->get($owner);
if(!$user) $this->notFound();
if(!$user->getPrivacyPermission('notes.read', $this->user->identity ?? NULL))
if(!$user->getPrivacyPermission('notes.read', $this->user->identity ?? NULL)) {
if ((new Blacklists)->isBanned($user, $this->user->identity))
$this->flashFail("err", tr("forbidden"), "Пользователь внёс Вас в чёрный список.");
n1rwana marked this conversation as resolved.
Show resolved Hide resolved

$this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
}

$this->template->notes = $this->notes->getUserNotes($user, (int)($this->queryParam("p") ?? 1));
$this->template->count = $this->notes->getUserNotesCount($user);
Expand Down
26 changes: 22 additions & 4 deletions Web/Presenters/PhotosPresenter.php
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<?php declare(strict_types=1);
namespace openvk\Web\Presenters;
use openvk\Web\Models\Entities\{Club, Photo, Album};
use openvk\Web\Models\Repositories\{Photos, Albums, Users, Clubs};
use openvk\Web\Models\Repositories\{Photos, Albums, Users, Clubs, Blacklists};
use Nette\InvalidStateException as ISE;

final class PhotosPresenter extends OpenVKPresenter
Expand All @@ -24,8 +24,12 @@ function renderAlbumList(int $owner): void
if($owner > 0) {
$user = $this->users->get($owner);
if(!$user) $this->notFound();
if (!$user->getPrivacyPermission('photos.read', $this->user->identity ?? NULL))
if (!$user->getPrivacyPermission('photos.read', $this->user->identity ?? NULL)) {
if ((new Blacklists)->isBanned($user, $this->user->identity))
$this->flashFail("err", tr("forbidden"), "Пользователь внёс Вас в чёрный список.");
n1rwana marked this conversation as resolved.
Show resolved Hide resolved

$this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
}
$this->template->albums = $this->albums->getUserAlbums($user, $this->queryParam("p") ?? 1);
$this->template->count = $this->albums->getUserAlbumsCount($user);
$this->template->owner = $user;
Expand Down Expand Up @@ -135,11 +139,20 @@ function renderAlbum(int $owner, int $id): void
if(!$album) $this->notFound();
if($album->getPrettyId() !== $owner . "_" . $id || $album->isDeleted())
$this->notFound();

if ((new Blacklists)->isBanned($album->getOwner(), $this->user->identity)) {
if (!$this->user->identity->isAdmin() OR $this->user->identity->isAdmin() AND OPENVK_ROOT_CONF["openvk"]["preferences"]["security"]["blacklists"]["applyToAdmins"])
$this->flashFail("err", tr("forbidden"), "Пользователь внёс Вас в чёрный список.");
n1rwana marked this conversation as resolved.
Show resolved Hide resolved
}

if($owner > 0 /* bc we currently don't have perms for clubs */) {
$ownerObject = (new Users)->get($owner);
if(!$ownerObject->getPrivacyPermission('photos.read', $this->user->identity ?? NULL))
if(!$ownerObject->getPrivacyPermission('photos.read', $this->user->identity ?? NULL)) {
if ((new Blacklists)->isBanned($ownerObject, $this->user->identity))
$this->flashFail("err", tr("forbidden"), "Пользователь внёс Вас в чёрный список.");
n1rwana marked this conversation as resolved.
Show resolved Hide resolved

$this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
}
}

$this->template->album = $album;
Expand All @@ -157,7 +170,12 @@ function renderPhoto(int $ownerId, int $photoId): void
{
$photo = $this->photos->getByOwnerAndVID($ownerId, $photoId);
if(!$photo || $photo->isDeleted()) $this->notFound();


if ((new Blacklists)->isBanned($photo->getOwner(), $this->user->identity)) {
if (!$this->user->identity->isAdmin() OR $this->user->identity->isAdmin() AND OPENVK_ROOT_CONF["openvk"]["preferences"]["security"]["blacklists"]["applyToAdmins"])
$this->flashFail("err", tr("forbidden"), "Пользователь внёс Вас в чёрный список.");
n1rwana marked this conversation as resolved.
Show resolved Hide resolved
}

if(!is_null($this->queryParam("from"))) {
if(preg_match("%^album([0-9]++)$%", $this->queryParam("from"), $matches) === 1) {
$album = $this->albums->get((int) $matches[1]);
Expand Down
41 changes: 35 additions & 6 deletions Web/Presenters/UserPresenter.php
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
use openvk\Web\Themes\Themepacks;
use openvk\Web\Models\Entities\{Photo, Post, EmailChangeVerification};
use openvk\Web\Models\Entities\Notifications\{CoinsTransferNotification, RatingUpNotification};
use openvk\Web\Models\Repositories\{Users, Clubs, Albums, Videos, Notes, Vouchers, EmailChangeVerifications};
use openvk\Web\Models\Repositories\{Users, Clubs, Albums, Videos, Notes, Vouchers, EmailChangeVerifications, Blacklists};
use openvk\Web\Models\Exceptions\InvalidUserNameException;
use openvk\Web\Util\Validator;
use Chandler\Security\Authenticator;
Expand All @@ -15,19 +15,32 @@
final class UserPresenter extends OpenVKPresenter
{
private $users;
private $blacklists;

public $deactivationTolerant = false;

function __construct(Users $users)
function __construct(Users $users, Blacklists $blacklists)
{
$this->users = $users;
$this->blacklists = $blacklists;

parent::__construct();
}

function renderView(int $id): void
{
$user = $this->users->get($id);

if ($this->user->identity)
if ($this->blacklists->isBanned($user, $this->user->identity)) {
if ($this->user->identity->isAdmin()) {
if (OPENVK_ROOT_CONF["openvk"]["preferences"]["security"]["blacklists"]["applyToAdmins"])
$this->flashFail("err", tr("forbidden"), "Пользователь внёс Вас в чёрный список.");
n1rwana marked this conversation as resolved.
Show resolved Hide resolved
} else {
$this->flashFail("err", tr("forbidden"), "Пользователь внёс Вас в чёрный список.");
n1rwana marked this conversation as resolved.
Show resolved Hide resolved
}
}

if(!$user || $user->isDeleted()) {
if($user->isDeactivated()) {
$this->template->_template = "User/deactivated.xml";
Expand All @@ -43,8 +56,11 @@ function renderView(int $id): void
$this->template->videosCount = (new Videos)->getUserVideosCount($user);
$this->template->notes = (new Notes)->getUserNotes($user, 1, 4);
$this->template->notesCount = (new Notes)->getUserNotesCount($user);

$this->template->blacklists = $this->blacklists;

$this->template->user = $user;
$this->template->isBlacklistedThem = $this->blacklists->isBanned($this->user->identity, $user);
$this->template->isBlacklistedByThem = $this->blacklists->isBanned($user, $this->user->identity);
}
}

Expand All @@ -56,8 +72,12 @@ function renderFriends(int $id): void
$page = abs($this->queryParam("p") ?? 1);
if(!$user)
$this->notFound();
elseif (!$user->getPrivacyPermission('friends.read', $this->user->identity ?? NULL))
elseif (!$user->getPrivacyPermission('friends.read', $this->user->identity ?? NULL)) {
if ($this->blacklists->isBanned($user, $this->user->identity))
$this->flashFail("err", tr("forbidden"), "Пользователь внёс Вас в чёрный список.");

$this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
}
else
$this->template->user = $user;

Expand All @@ -84,8 +104,12 @@ function renderGroups(int $id): void
$user = $this->users->get($id);
if(!$user)
$this->notFound();
elseif (!$user->getPrivacyPermission('groups.read', $this->user->identity ?? NULL))
elseif (!$user->getPrivacyPermission('groups.read', $this->user->identity ?? NULL)) {
if ($this->blacklists->isBanned($user, $this->user->identity))
$this->flashFail("err", tr("forbidden"), "Пользователь внёс Вас в чёрный список.");

$this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
}
else {
if($this->queryParam("act") === "managed" && $this->user->id !== $user->getId())
$this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
Expand Down Expand Up @@ -454,7 +478,7 @@ function renderSettings(): void
$this->flash("succ", tr("changes_saved"), tr("changes_saved_comment"));
}
$this->template->mode = in_array($this->queryParam("act"), [
"main", "privacy", "finance", "finance.top-up", "interface"
"main", "privacy", "finance", "finance.top-up", "interface", "blacklist"
]) ? $this->queryParam("act")
: "main";

Expand All @@ -468,6 +492,11 @@ function renderSettings(): void
$this->template->qrCodeType = substr($qrCode[0], 5);
$this->template->qrCodeData = $qrCode[1];
}

if($this->template->mode == "blacklist") {
$this->template->items = $this->blacklists->getList($user);
$this->template->count = $this->blacklists->getCount($user);
}

$this->template->user = $user;
$this->template->themes = Themepacks::i()->getThemeList();
Expand Down
14 changes: 11 additions & 3 deletions Web/Presenters/VideosPresenter.php
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<?php declare(strict_types=1);
namespace openvk\Web\Presenters;
use openvk\Web\Models\Entities\Video;
use openvk\Web\Models\Repositories\{Users, Videos};
use openvk\Web\Models\Repositories\{Users, Videos, Blacklists};
use Nette\InvalidStateException as ISE;

final class VideosPresenter extends OpenVKPresenter
Expand All @@ -21,8 +21,12 @@ function renderList(int $id): void
{
$user = $this->users->get($id);
if(!$user) $this->notFound();
if(!$user->getPrivacyPermission('videos.read', $this->user->identity ?? NULL))
if(!$user->getPrivacyPermission('videos.read', $this->user->identity ?? NULL)) {
if ((new Blacklists)->isBanned($user, $this->user->identity))
$this->flashFail("err", tr("forbidden"), "Пользователь внёс Вас в чёрный список.");
n1rwana marked this conversation as resolved.
Show resolved Hide resolved

$this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
}

$this->template->user = $user;
$this->template->videos = $this->videos->getByUser($user, (int) ($this->queryParam("p") ?? 1));
Expand All @@ -39,8 +43,12 @@ function renderView(int $owner, int $vId): void
{
$user = $this->users->get($owner);
if(!$user) $this->notFound();
if(!$user->getPrivacyPermission('videos.read', $this->user->identity ?? NULL))
if(!$user->getPrivacyPermission('videos.read', $this->user->identity ?? NULL)) {
if ((new Blacklists)->isBanned($user, $this->user->identity))
$this->flashFail("err", tr("forbidden"), "Пользователь внёс Вас в чёрный список.");
n1rwana marked this conversation as resolved.
Show resolved Hide resolved

$this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
}

if($this->videos->getByOwnerAndVID($owner, $vId)->isDeleted()) $this->notFound();

Expand Down
Loading