aboutsummaryrefslogtreecommitdiff
path: root/h-source/Application/Controllers/HistoryController.php
diff options
context:
space:
mode:
Diffstat (limited to 'h-source/Application/Controllers/HistoryController.php')
-rw-r--r--h-source/Application/Controllers/HistoryController.php44
1 files changed, 25 insertions, 19 deletions
diff --git a/h-source/Application/Controllers/HistoryController.php b/h-source/Application/Controllers/HistoryController.php
index 997878b..76b1158 100644
--- a/h-source/Application/Controllers/HistoryController.php
+++ b/h-source/Application/Controllers/HistoryController.php
@@ -76,6 +76,7 @@ class HistoryController extends BaseController
'id_name' => 'id_mes',
'field_name' => 'deleted',
'actions' => array('hide','show'),
+ 'group' => 'moderator',
),
@@ -86,6 +87,7 @@ class HistoryController extends BaseController
'id_name' => 'id_talk',
'field_name' => 'deleted',
'actions' => array('hide','show'),
+ 'group' => 'moderator',
),
@@ -96,6 +98,7 @@ class HistoryController extends BaseController
'id_name' => 'id_user',
'field_name' => 'blocked',
'actions' => array('block','unblock'),
+ 'group' => 'moderator',
),
@@ -142,22 +145,23 @@ class HistoryController extends BaseController
if ($this->s['registered']->status['status'] === 'logged')
{
- if ($this->ismoderator)
+ if (!$this->s['registered']->checkCsrf($clean['token'])) die("wrong token");
+
+ if ($this->m['UsersModel']->isBlocked($this->s['registered']->status['id_user'])) die("your account has been blocked");
+
+ $clean['id_user'] = (int)$this->s['registered']->status['id_user'];
+ $clean['id'] = $this->request->post('id',0,'forceInt');
+ $type = $this->request->post('type','','sanitizeAll');
+ $message = $this->request->post('message','');
+
+ $modelName = 'error';
+
+ if (array_key_exists($type,$this->types))
{
- if (!$this->s['registered']->checkCsrf($clean['token'])) die("wrong token");
-
- if ($this->m['UsersModel']->isBlocked($this->s['registered']->status['id_user'])) die("your account has been blocked");
-
- $clean['id_user'] = (int)$this->s['registered']->status['id_user'];
- $clean['id'] = $this->request->post('id',0,'forceInt');
- $type = $this->request->post('type',0,'sanitizeAll');
- $message = $this->request->post('message','');
-
- $modelName = 'error';
-
- if (array_key_exists($type,$this->types))
+ if (in_array($action,$this->types[$type]['actions']))
{
- if (in_array($action,$this->types[$type]['actions']))
+ $clean['group'] = $this->types[$type]['group'];
+ if (in_array($clean['group'],$this->s['registered']->status['groups']))
{
$modelName = $this->types[$type]['model_name'];
$clean['type'] = $this->types[$type]['clean_type'];
@@ -182,6 +186,7 @@ class HistoryController extends BaseController
{
$this->m['HistoryModel']->setFields('id:forceInt,type,message','sanitizeAll');
$this->m['HistoryModel']->values['created_by'] = $clean['id_user'];
+ $this->m['HistoryModel']->values['gr'] = $clean['group'];
$this->m['HistoryModel']->values['action'] = $this->strings[$action]['action'];
$this->m['HistoryModel']->updateTable('insert');
@@ -217,12 +222,13 @@ class HistoryController extends BaseController
if ($this->s['registered']->status['status'] === 'logged')
{
- if ($this->ismoderator)
+ if (!$this->m['UsersModel']->isBlocked($this->s['registered']->status['id_user']))
{
- if (!$this->m['UsersModel']->isBlocked($this->s['registered']->status['id_user']))
+ $clean['id'] = (int)$id;
+ if (array_key_exists($type,$this->types))
{
- $clean['id'] = (int)$id;
- if (array_key_exists($type,$this->types))
+ $clean['group'] = $this->types[$type]['group'];
+ if (in_array($clean['group'],$this->s['registered']->status['groups']))
{
$clean['type'] = $this->types[$type]['clean_type'];
@@ -237,7 +243,7 @@ class HistoryController extends BaseController
break;
}
- $data['res'] = $this->m['HistoryModel']->select()->where(array('id'=>$clean['id'],'type'=>$clean['type']))->send();
+ $data['res'] = $this->m['HistoryModel']->select()->where(array('id'=>$clean['id'],'type'=>$clean['type'],'gr'=>$clean['group']))->send();
$data['md_action'] = array('hide'=>'hidden','show'=>'restored','block'=>'blocked','unblock'=>'un-blocked');