diff options
Diffstat (limited to 'perllib')
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Moderate.pm | 17 | ||||
| -rw-r--r-- | perllib/FixMyStreet/DB/Result/User.pm | 18 |
2 files changed, 24 insertions, 11 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Moderate.pm b/perllib/FixMyStreet/App/Controller/Moderate.pm index 17e4c6dd2..45a303309 100644 --- a/perllib/FixMyStreet/App/Controller/Moderate.pm +++ b/perllib/FixMyStreet/App/Controller/Moderate.pm @@ -42,6 +42,7 @@ sub moderate : Chained('/') : PathPart('moderate') : CaptureArgs(0) { } sub report : Chained('moderate') : PathPart('report') : CaptureArgs(1) { my ($self, $c, $id) = @_; my $problem = $c->model('DB::Problem')->find($id); + $c->detach unless $problem; my $cobrand_base = $c->cobrand->base_url_for_report( $problem ); my $report_uri = $cobrand_base . $problem->url; @@ -49,9 +50,8 @@ sub report : Chained('moderate') : PathPart('report') : CaptureArgs(1) { $c->stash->{report_uri} = $report_uri; $c->res->redirect( $report_uri ); # this will be the final endpoint after all processing... - # ... and immediately, if the user isn't authorized + # ... and immediately, if the user isn't logged in $c->detach unless $c->user_exists; - $c->detach unless $c->user->can_moderate($problem); $c->forward('/auth/check_csrf_token'); @@ -69,6 +69,9 @@ sub report : Chained('moderate') : PathPart('report') : CaptureArgs(1) { sub moderate_report : Chained('report') : PathPart('') : Args(0) { my ($self, $c) = @_; + # Make sure user can moderate this report + $c->detach unless $c->user->can_moderate($c->stash->{problem}); + $c->forward('report_moderate_hide'); my @types = grep $_, @@ -208,6 +211,9 @@ sub update : Chained('report') : PathPart('update') : CaptureArgs(1) { my ($self, $c, $id) = @_; my $comment = $c->stash->{problem}->comments->find($id); + # Make sure user can moderate this update + $c->detach unless $comment && $c->user->can_moderate($comment); + my $original = $comment->find_or_new_related( moderation_original_data => { detail => $comment->text, photo => $comment->photo, @@ -263,13 +269,6 @@ sub update_moderate_hide : Private { return; } -sub return_text : Private { - my ($self, $c, $text) = @_; - - $c->res->content_type('text/plain; charset=utf-8'); - $c->res->body( $text // '' ); -} - __PACKAGE__->meta->make_immutable; 1; diff --git a/perllib/FixMyStreet/DB/Result/User.pm b/perllib/FixMyStreet/DB/Result/User.pm index 625092740..5afd9d89c 100644 --- a/perllib/FixMyStreet/DB/Result/User.pm +++ b/perllib/FixMyStreet/DB/Result/User.pm @@ -331,9 +331,23 @@ sub split_name { } sub can_moderate { - my ($self, $problem) = @_; + my ($self, $object, %perms) = @_; + + my ($type, $ids); + if ($object->isa("FixMyStreet::DB::Result::Comment")) { + $type = 'update'; + $ids = $object->problem->bodies_str_ids; + } else { + $type = 'problem'; + $ids = $object->bodies_str_ids; + } - return 1 if $self->has_permission_to(moderate => $problem->bodies_str_ids); + my $staff_perm = exists($perms{staff}) ? $perms{staff} : $self->has_permission_to(moderate => $ids); + return 1 if $staff_perm; + + # See if the cobrand wants to allow it in some circumstance + my $cobrand = $self->result_source->schema->cobrand; + return $cobrand->call_hook('moderate_permission', $self, $type => $object); } has body_permissions => ( |