[ticket/15266] Expand functionality of content_visibility

Added new function "is_visible", and replaced several immediate uses of the above, including a single event in the new function to handle change in all places consistently, and much simpler. PHPBB3-15266
author: javiexin <javiexin@gmail.com> 2017-07-12 13:25:22 +0200
committer: Marc Alexander <admin@m-a-styles.de> 2017-12-27 13:27:38 +0100
commit: bd81af3b9e3174d1ea2dbf405b694e535e8b1b40 (patch)
tree: 36a7797ae5d140a67f31e19e59a9613f5f97e61f /phpBB
parent: 31b93280ee906f7ac4052540cffc210bf323f056 (diff)
download: forums-bd81af3b9e3174d1ea2dbf405b694e535e8b1b40.tar
forums-bd81af3b9e3174d1ea2dbf405b694e535e8b1b40.tar.gz
forums-bd81af3b9e3174d1ea2dbf405b694e535e8b1b40.tar.bz2
forums-bd81af3b9e3174d1ea2dbf405b694e535e8b1b40.tar.xz
forums-bd81af3b9e3174d1ea2dbf405b694e535e8b1b40.zip
6 files changed, 50 insertions, 6 deletions
diff --git a/phpBB/download/file.php b/phpBB/download/file.php
index e60ffad6b0..c0837ab7a9 100644
--- a/phpBB/download/file.php
+++ b/phpBB/download/file.php
@@ -149,6 +149,8 @@ $user->session_begin(false);
 $auth->acl($user->data);
 $user->setup('viewtopic');
 
+$phpbb_content_visibility = $phpbb_container->get('content.visibility');
+
 if (!$config['allow_attachments'] && !$config['allow_pm_attach'])
 {
 	send_status_line(404, 'Not Found');
@@ -215,7 +217,7 @@ else
 			$post_row = $db->sql_fetchrow($result);
 			$db->sql_freeresult($result);
 
-			if (!$post_row || ($post_row['post_visibility'] != ITEM_APPROVED && !$auth->acl_get('m_approve', $post_row['forum_id'])))
+			if (!$post_row || !$phpbb_content_visibility->is_visible('post', $post_row['forum_id'], $post_row))
 			{
 				// Attachment of a soft deleted post and the user is not allowed to see the post
 				send_status_line(404, 'Not Found');
diff --git a/phpBB/includes/functions_download.php b/phpBB/includes/functions_download.php
index 053e362682..ad1762da63 100644
--- a/phpBB/includes/functions_download.php
+++ b/phpBB/includes/functions_download.php
@@ -650,6 +650,8 @@ function phpbb_increment_downloads($db, $ids)
 */
 function phpbb_download_handle_forum_auth($db, $auth, $topic_id)
 {
+	global $phpbb_container;
+
 	$sql_array = array(
 		'SELECT'	=> 't.topic_visibility, t.forum_id, f.forum_name, f.forum_password, f.parent_id',
 		'FROM'		=> array(
@@ -665,7 +667,9 @@ function phpbb_download_handle_forum_auth($db, $auth, $topic_id)
 	$row = $db->sql_fetchrow($result);
 	$db->sql_freeresult($result);
 
-	if ($row && $row['topic_visibility'] != ITEM_APPROVED && !$auth->acl_get('m_approve', $row['forum_id']))
+	$phpbb_content_visibility = $phpbb_container->get('content.visibility');
+
+	if ($row && !$phpbb_content_visibility->is_visible('topic', $row['forum_id'], $row))
 	{
 		send_status_line(404, 'Not Found');
 		trigger_error('ERROR_NO_ATTACHMENT');
diff --git a/phpBB/includes/functions_mcp.php b/phpBB/includes/functions_mcp.php
index 1e08864bdc..0e26ca9b2a 100644
--- a/phpBB/includes/functions_mcp.php
+++ b/phpBB/includes/functions_mcp.php
@@ -197,7 +197,7 @@ function phpbb_get_topic_data($topic_ids, $acl_list = false, $read_tracking = fa
 */
 function phpbb_get_post_data($post_ids, $acl_list = false, $read_tracking = false)
 {
-	global $db, $auth, $config, $user;
+	global $db, $auth, $config, $user, $phpbb_container;
 
 	$rowset = array();
 
@@ -246,6 +246,8 @@ function phpbb_get_post_data($post_ids, $acl_list = false, $read_tracking = fals
 	$result = $db->sql_query($sql);
 	unset($sql_array);
 
+	$phpbb_content_visibility = $phpbb_container->get('content.visibility');
+
 	while ($row = $db->sql_fetchrow($result))
 	{
 		if ($acl_list && !$auth->acl_gets($acl_list, $row['forum_id']))
@@ -253,7 +255,7 @@ function phpbb_get_post_data($post_ids, $acl_list = false, $read_tracking = fals
 			continue;
 		}
 
-		if ($row['post_visibility'] != ITEM_APPROVED && !$auth->acl_get('m_approve', $row['forum_id']))
+		if (!$phpbb_content_visibility->is_visible('post', $row['forum_id'], $row))
 		{
 			// Moderators without the permission to approve post should at least not see them. ;)
 			continue;
diff --git a/phpBB/phpbb/content_visibility.php b/phpBB/phpbb/content_visibility.php
index 6abf8f996e..be552c7761 100644
--- a/phpBB/phpbb/content_visibility.php
+++ b/phpBB/phpbb/content_visibility.php
@@ -131,6 +131,42 @@ class content_visibility
 		return (int) $data[$mode . '_approved'] + (int) $data[$mode . '_unapproved'] + (int) $data[$mode . '_softdeleted'];
 	}
 
+
+	/**
+	* Check topic/post visibility for a given forum ID
+	*
+	* Note: Read permissions are not checked.
+	*
+	* @param $mode		string	Either "topic" or "post"
+	* @param $forum_id	int		The forum id is used for permission checks
+	* @param $data		array	Array with item information to check visibility
+	* @return bool		True if the item is visible, false if not
+	*/
+	public function is_visible($mode, $forum_id, $data)
+	{
+		$is_visible = $this->auth->acl_get('m_approve', $forum_id) || $data[$mode . '_visibility'] == ITEM_APPROVED;
+
+		/**
+		* Allow changing the result of calling is_visible
+		*
+		* @event core.phpbb_content_visibility_is_visible
+		* @var	bool		is_visible			Default visibility condition, to be modified by extensions if needed.
+		* @var	string		mode				Either "topic" or "post"
+		* @var	int			forum_id			Forum id of the current item
+		* @var	array		data				Array of item information
+		* @since 3.1.12-RC1
+		*/
+		$vars = array(
+			'is_visible',
+			'mode',
+			'forum_id',
+			'data',
+		);
+		extract($this->phpbb_dispatcher->trigger_event('core.phpbb_content_visibility_is_visible', compact($vars)));
+
+		return $is_visible;
+	}
+
 	/**
 	* Create topic/post visibility SQL for a given forum ID
 	*
diff --git a/phpBB/viewforum.php b/phpBB/viewforum.php
index 5c51975150..5e62b3c68a 100644
--- a/phpBB/viewforum.php
+++ b/phpBB/viewforum.php
@@ -520,7 +520,7 @@ if ($forum_data['forum_type'] == FORUM_POST)
 
 	while ($row = $db->sql_fetchrow($result))
 	{
-		if ($row['topic_visibility'] != ITEM_APPROVED && !$auth->acl_get('m_approve', $row['forum_id']))
+		if (!$phpbb_content_visibility->is_visible('topic', $row['forum_id'], $row))
 		{
 			// Do not display announcements that are waiting for approval or soft deleted.
 			continue;
diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php
index 378e2d8f97..0dad2796b3 100644
--- a/phpBB/viewtopic.php
+++ b/phpBB/viewtopic.php
@@ -262,7 +262,7 @@ if (!$topic_data)
 $forum_id = (int) $topic_data['forum_id'];
 
 // Now we know the forum_id and can check the permissions
-if ($topic_data['topic_visibility'] != ITEM_APPROVED && !$auth->acl_get('m_approve', $forum_id))
+if (!$phpbb_content_visibility->is_visible('topic', $forum_id, $topic_data))
 {
 	trigger_error('NO_TOPIC');
 }
author	javiexin <javiexin@gmail.com>	2017-07-12 13:25:22 +0200
committer	Marc Alexander <admin@m-a-styles.de>	2017-12-27 13:27:38 +0100
commit	bd81af3b9e3174d1ea2dbf405b694e535e8b1b40 (patch)
tree	36a7797ae5d140a67f31e19e59a9613f5f97e61f /phpBB
parent	31b93280ee906f7ac4052540cffc210bf323f056 (diff)
download	forums-bd81af3b9e3174d1ea2dbf405b694e535e8b1b40.tar forums-bd81af3b9e3174d1ea2dbf405b694e535e8b1b40.tar.gz forums-bd81af3b9e3174d1ea2dbf405b694e535e8b1b40.tar.bz2 forums-bd81af3b9e3174d1ea2dbf405b694e535e8b1b40.tar.xz forums-bd81af3b9e3174d1ea2dbf405b694e535e8b1b40.zip