From 472072c9412a6a7e696d544a204d750682dcd136 Mon Sep 17 00:00:00 2001 From: n1rwana Date: Mon, 7 Aug 2023 21:24:48 +0300 Subject: [PATCH] =?UTF-8?q?=D0=A1=D0=BB=D1=83=D0=B6=D0=B5=D0=B1=D0=BD?= =?UTF-8?q?=D1=8B=D0=B5=20=D0=B0=D0=BA=D0=BA=D0=B0=D1=83=D0=BD=D1=82=D1=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Web/Models/Entities/User.php | 12 ++++++++++++ Web/Presenters/CommentPresenter.php | 10 +++++++--- Web/Presenters/GiftsPresenter.php | 6 +++--- Web/Presenters/PhotosPresenter.php | 7 +++++-- Web/Presenters/UserPresenter.php | 8 ++++++++ Web/Presenters/WallPresenter.php | 16 +++++++++++++--- Web/Presenters/templates/Messenger/Index.xml | 2 +- Web/Presenters/templates/User/View.xml | 12 +++++++++--- install/sqls/00038-service-account-notifies.sql | 2 ++ 9 files changed, 60 insertions(+), 15 deletions(-) create mode 100644 install/sqls/00038-service-account-notifies.sql diff --git a/Web/Models/Entities/User.php b/Web/Models/Entities/User.php index d132e015d..9b80cd586 100644 --- a/Web/Models/Entities/User.php +++ b/Web/Models/Entities/User.php @@ -438,6 +438,8 @@ function getPrivacySetting(string $id): int function getPrivacyPermission(string $permission, ?User $user = NULL): bool { + if ($this->isServiceAccount() && $permission !== "page.read" && ($user !== NULL && $user->getId() !== $this->getId())) return false; + $permStatus = $this->getPrivacySetting($permission); if(!$user) return $permStatus === User::PRIVACY_EVERYONE; @@ -1113,6 +1115,16 @@ function canUnbanThemself(): bool return true; } + function getServiceAccountNotify(): ?string + { + return $this->getRecord()->service_account_notify; + } + + function isServiceAccount(): bool + { + return !is_null($this->getServiceAccountNotify()); + } + function toVkApiStruct(): object { $res = (object) []; diff --git a/Web/Presenters/CommentPresenter.php b/Web/Presenters/CommentPresenter.php index dad79ac42..e75d75635 100644 --- a/Web/Presenters/CommentPresenter.php +++ b/Web/Presenters/CommentPresenter.php @@ -22,8 +22,9 @@ function renderLike(int $id): void $comment = (new Comments)->get($id); if(!$comment || $comment->isDeleted()) $this->notFound(); - - if(!is_null($this->user)) $comment->toggleLike($this->user->identity); + + if (!($comment->getTarget() instanceof Post && $comment->getTarget()->getOwner() instanceof User && $comment->getTarget()->getOwner()->isServiceAccount())) + if(!is_null($this->user)) $comment->toggleLike($this->user->identity); $this->redirect($_SERVER["HTTP_REFERER"]); } @@ -48,6 +49,9 @@ function renderMakeComment(string $repo, int $eId): void else if($entity instanceof Topic) $club = $entity->getClub(); + if ($entity instanceof Post && $entity->getOwner()->isServiceAccount()) + $this->flashFail("err", tr("error"), tr("forbidden")); + if($_FILES["_vid_attachment"] && OPENVK_ROOT_CONF['openvk']['preferences']['videos']['disableUploading']) $this->flashFail("err", tr("error"), "Video uploads are disabled by the system administrator."); @@ -128,7 +132,7 @@ function renderDeleteComment(int $id): void $comment = (new Comments)->get($id); if(!$comment) $this->notFound(); - if(!$comment->canBeDeletedBy($this->user->identity)) + if(!$comment->canBeDeletedBy($this->user->identity) || ($comment->getTarget() instanceof Post && $comment->getTarget()->getOwner() instanceof User && $comment->getTarget()->getOwner()->isServiceAccount())) $this->throwError(403, "Forbidden", "У вас недостаточно прав чтобы редактировать этот ресурс."); $comment->delete(); diff --git a/Web/Presenters/GiftsPresenter.php b/Web/Presenters/GiftsPresenter.php index 8f59bdcb0..21cb7f40e 100644 --- a/Web/Presenters/GiftsPresenter.php +++ b/Web/Presenters/GiftsPresenter.php @@ -20,7 +20,7 @@ function renderUserGifts(int $user): void $this->assertUserLoggedIn(); $user = $this->users->get($user); - if(!$user) + if(!$user || $user->isServiceAccount()) $this->notFound(); $this->template->user = $user; @@ -33,7 +33,7 @@ function renderUserGifts(int $user): void function renderGiftMenu(): void { $user = $this->users->get((int) ($this->queryParam("user") ?? 0)); - if(!$user) + if(!$user || $user->isServiceAccount()) $this->notFound(); $this->template->page = $page = (int) ($this->queryParam("p") ?? 1); @@ -65,7 +65,7 @@ function renderConfirmGift(): void $user = $this->users->get((int) ($this->queryParam("user") ?? 0)); $gift = $this->gifts->get((int) ($this->queryParam("elid") ?? 0)); $cat = $this->gifts->getCat((int) ($this->queryParam("pack") ?? 0)); - if(!$user || !$cat || !$gift || !$cat->hasGift($gift)) + if(!$user || !$cat || !$gift || !$cat->hasGift($gift) || $user->isServiceAccount()) $this->flashFail("err", "Не удалось подарить", "Не удалось подтвердить права на подарок."); if(!$gift->canUse($this->user->identity)) diff --git a/Web/Presenters/PhotosPresenter.php b/Web/Presenters/PhotosPresenter.php index 02d6ae469..18e5fccd2 100644 --- a/Web/Presenters/PhotosPresenter.php +++ b/Web/Presenters/PhotosPresenter.php @@ -1,6 +1,6 @@ photos->getByOwnerAndVID($ownerId, $photoId); if(!$photo || $photo->isDeleted()) $this->notFound(); - + + if ($photo->getOwner() instanceof User && $photo->getOwner()->isServiceAccount()) + $this->notFound(); + if(!is_null($this->queryParam("from"))) { if(preg_match("%^album([0-9]++)$%", $this->queryParam("from"), $matches) === 1) { $album = $this->albums->get((int) $matches[1]); diff --git a/Web/Presenters/UserPresenter.php b/Web/Presenters/UserPresenter.php index 9cfa36544..281071267 100644 --- a/Web/Presenters/UserPresenter.php +++ b/Web/Presenters/UserPresenter.php @@ -296,6 +296,8 @@ function renderSub(): void $user = $this->users->get((int) $this->postParam("id")); if(!$user) exit("Invalid state"); + if ($user->isServiceAccount()) + $this->flashFail("err", tr("error"), tr("forbidden")); $user->toggleSubscription($this->user->identity); @@ -654,6 +656,9 @@ function renderCoinsTransfer(): void if($this->user->identity->getCoins() < $value) $this->flashFail("err", tr("failed_to_tranfer_points"), tr("you_dont_have_enough_points")); + if ($receiver->isServiceAccount()) + $this->flashFail("err", tr("error"), tr("forbidden")); + if($this->user->id !== $receiver->getId()) { $this->user->identity->setCoins($this->user->identity->getCoins() - $value); $this->user->identity->save(); @@ -695,6 +700,9 @@ function renderIncreaseRating(): void if($this->user->identity->getCoins() < $value) $this->flashFail("err", tr("failed_to_increase_rating"), tr("you_dont_have_enough_points")); + if ($receiver->isServiceAccount()) + $this->flashFail("err", tr("error"), tr("forbidden")); + $this->user->identity->setCoins($this->user->identity->getCoins() - $value); $this->user->identity->save(); diff --git a/Web/Presenters/WallPresenter.php b/Web/Presenters/WallPresenter.php index 727101ffe..d89fc4077 100644 --- a/Web/Presenters/WallPresenter.php +++ b/Web/Presenters/WallPresenter.php @@ -90,6 +90,9 @@ function renderWallEmbedded(int $user): void function renderRSS(int $user): void { $owner = ($user < 0 ? (new Clubs) : (new Users))->get(abs($user)); + if ($owner instanceof User && $owner->isServiceAccount()) + $this->flashFail("err", tr("error"), tr("forbidden")); + if(is_null($this->user)) { $canPost = false; } else if($user > 0) { @@ -212,6 +215,10 @@ function renderMakePost(int $wall): void $wallOwner = ($wall > 0 ? (new Users)->get($wall) : (new Clubs)->get($wall * -1)) ?? $this->flashFail("err", tr("failed_to_publish_post"), tr("error_4")); + + if ($wallOwner instanceof User && $wallOwner->isServiceAccount()) + $this->flashFail("err", tr("error"), tr("forbidden")); + if($wall > 0) { if(!$wallOwner->isBanned()) $canPost = $wallOwner->getPrivacyPermission("wall.write", $this->user->identity); @@ -342,7 +349,10 @@ function renderPost(int $wall, int $post_id): void $post = $this->posts->getPostById($wall, $post_id); if(!$post || $post->isDeleted()) $this->notFound(); - + + if ($post->getOwner() instanceof User && $post->getOwner()->isServiceAccount()) + $this->flashFail("err", tr("error"), tr("forbidden")); + $this->logPostView($post, $wall); $this->template->post = $post; @@ -367,7 +377,7 @@ function renderLike(int $wall, int $post_id): void $this->assertNoCSRF(); $post = $this->posts->getPostById($wall, $post_id); - if(!$post || $post->isDeleted()) $this->notFound(); + if(!$post || $post->isDeleted() || ($post->getOwner() instanceof User && $post->getOwner()->isServiceAccount())) $this->notFound(); if(!is_null($this->user)) { $post->toggleLike($this->user->identity); @@ -384,7 +394,7 @@ function renderShare(int $wall, int $post_id): void $post = $this->posts->getPostById($wall, $post_id); - if(!$post || $post->isDeleted()) + if(!$post || $post->isDeleted() || ($post->getOwner() instanceof User && $post->getOwner()->isServiceAccount())) $this->notFound(); $where = $this->postParam("type") ?? "wall"; diff --git a/Web/Presenters/templates/Messenger/Index.xml b/Web/Presenters/templates/Messenger/Index.xml index ff7ccfd12..814f2dc15 100644 --- a/Web/Presenters/templates/Messenger/Index.xml +++ b/Web/Presenters/templates/Messenger/Index.xml @@ -29,7 +29,7 @@ alt="Фотография пользователя" />
- {$recipient->getCanonicalName()}
+ {$recipient->getCanonicalName()}
{$lastMsg->getSendTimeHumanized()}
diff --git a/Web/Presenters/templates/User/View.xml b/Web/Presenters/templates/User/View.xml index 1fa710263..a50e09ce8 100644 --- a/Web/Presenters/templates/User/View.xml +++ b/Web/Presenters/templates/User/View.xml @@ -393,7 +393,7 @@
-

{$user->getFullName()}

+

{$user->getFullName()}

{if !is_null($user->getStatus())}
{$user->getStatus()}
{elseif $thatIsThisUser} @@ -592,8 +592,14 @@
- - {presenter "openvk!Wall->wallEmbedded", $user->getId()} + + {if $user->isServiceAccount() && $user->getId() !== $thisUser->getId()} +
+ {$user->getServiceAccountNotify()|noescape} +
+ {else} + {presenter "openvk!Wall->wallEmbedded", $user->getId()} + {/if}