jdormit/pterotype
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed outbox permissions for commenters and non-owner users

Browse Source
This commit is contained in:
Jeremy Dormitzer 2018-10-27 12:00:47 -04:00
parent 79f741f332
commit 16efff7396
2 changed files with 20 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
includes/server/actors.php
View File

@ -20,6 +20,14 @@ function get_actor_by_slug ( $slug ) {
return get_actor_from_row( $row );
}
function get_actor_row_by_slug ( $slug ) {
global $wpdb;
$row = $wpdb->get_row( $wpdb->prepare(
"SELECT * FROM {$wpdb->prefix}pterotype_actors WHERE slug = %s", $slug
) );
return $row;
}
function get_actor_id( $slug ) {
global $wpdb;
return $wpdb->get_var( $wpdb->prepare(

14
includes/server/api.php
View File

@ -69,8 +69,18 @@ function get_shares( $request ) {
return \pterotype\shares\get_shares_collection( $object_id );
}
function user_can_post_to_outbox() {
return current_user_can( 'publish_posts' );
function user_can_post_to_outbox( $request ) {
$actor_slug = $request->get_url_params()['actor'];
$actor_row = \pterotype\actors\get_actor_row_by_slug( $actor_slug );
if ( ! $actor_row || is_wp_error( $actor_row ) ) {
return false;
}
if ( $actor_row->type === 'blog' ) {
return \current_user_can( 'publish_posts' );
} else if ( $actor_row->type === 'user' ) {
return \is_user_logged_in();
}
return true;
}
function register_routes() {