From 03c6304e19d5d3ecd276dd3f42220db301ab511d Mon Sep 17 00:00:00 2001
From: Lukas Fleischer <archlinux@cryptocrack.de>
Date: Tue, 15 Jul 2014 20:52:54 +0200
Subject: Rework permission handling

Add a new function has_credential() that checks whether the currently
logged in user is allowed to perform a given action. Moving all
permission handling to this central place makes adding new user groups
and adjusting permissions much more convenient.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
---
 web/lib/pkgfuncs.inc.php | 36 +++++++-----------------------------
 1 file changed, 7 insertions(+), 29 deletions(-)

(limited to 'web/lib/pkgfuncs.inc.php')

diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php
index a2b8a0d2..29da97b2 100644
--- a/web/lib/pkgfuncs.inc.php
+++ b/web/lib/pkgfuncs.inc.php
@@ -9,17 +9,15 @@ include_once("pkgbasefuncs.inc.php");
  * comments. This function is used for the backend side of comment deletion.
  *
  * @param string $comment_id The comment ID in the database
- * @param string $atype The account type of the user trying to delete a comment
- * @param string|int $uid The user ID of the individual trying to delete a comment
  *
  * @return bool True if the user can delete the comment, otherwise false
  */
-function can_delete_comment($comment_id=0, $atype="", $uid=0) {
-	if (!$uid) {
+function can_delete_comment($comment_id=0) {
+	if (!uid_from_sid($_COOKIE["AURSID"])) {
 		/* Unauthenticated users cannot delete anything. */
 		return false;
 	}
-	if ($atype == "Trusted User" || $atype == "Developer") {
+	if (has_credential(CRED_COMMENT_DELETE)) {
 		/* TUs and developers can delete any comment. */
 		return true;
 	}
@@ -45,23 +43,11 @@ function can_delete_comment($comment_id=0, $atype="", $uid=0) {
  * comments. This function is used for the frontend side of comment deletion.
  *
  * @param array $comment All database information relating a specific comment
- * @param string $atype The account type of the user trying to delete a comment
- * @param string|int $uid The user ID of the individual trying to delete a comment
  *
  * @return bool True if the user can delete the comment, otherwise false
  */
-function can_delete_comment_array($comment, $atype="", $uid=0) {
-	if (!$uid) {
-		/* Unauthenticated users cannot delete anything. */
-		return false;
-	} elseif ($atype == "Trusted User" || $atype == "Developer") {
-		/* TUs and developers can delete any comment. */
-		return true;
-	} else if ($comment['UsersID'] == $uid) {
-		/* Users can delete their own comments. */
-		return true;
-	}
-	return false;
+function can_delete_comment_array($comment) {
+	return has_credential(CRED_COMMENT_DELETE, array($comment['UsersID']));
 }
 
 /**
@@ -70,18 +56,10 @@ function can_delete_comment_array($comment, $atype="", $uid=0) {
  * Only Trusted Users and Developers can delete blacklisted packages. Packages
  * are blacklisted if they are include in the official repositories.
  *
- * @param string $atype The account type of the user
- *
  * @return bool True if the user can submit blacklisted packages, otherwise false
  */
-function can_submit_blacklisted($atype = "") {
-	if ($atype == "Trusted User" || $atype == "Developer") {
-		/* Only TUs and developers can submit blacklisted packages. */
-		return true;
-	}
-	else {
-		return false;
-	}
+function can_submit_blacklisted() {
+	return has_credential(CRED_PKGBASE_SUBMIT_BLACKLISTED);
 }
 
 /**
-- 
cgit v1.2.3-24-g4f1b