From 5d6b6bfd3494a7829c8fdccfdf85278811db83c8 Mon Sep 17 00:00:00 2001
From: Evan Prodromou <evan@status.net>
Date: Sun, 27 Dec 2009 11:04:53 -0800
Subject: [PATCH] admin page checks for right to review flags

---
 plugins/UserFlag/UserFlagPlugin.php   | 12 +++++++-
 plugins/UserFlag/adminprofileflag.php | 43 +++++++++++++++++++++++++++
 2 files changed, 54 insertions(+), 1 deletion(-)

diff --git a/plugins/UserFlag/UserFlagPlugin.php b/plugins/UserFlag/UserFlagPlugin.php
index 75dcca4fcb..b4f9bd783e 100644
--- a/plugins/UserFlag/UserFlagPlugin.php
+++ b/plugins/UserFlag/UserFlagPlugin.php
@@ -43,6 +43,8 @@ if (!defined('STATUSNET') && !defined('LACONICA')) {
 
 class UserFlagPlugin extends Plugin
 {
+    const REVIEWFLAGS = 'UserFlagPlugin::reviewflags';
+
     function onCheckSchema()
     {
         $schema = Schema::get();
@@ -138,7 +140,7 @@ class UserFlagPlugin extends Plugin
 
     function onEndShowStatusNetStyles($action)
     {
-        $action->cssLink(common_path('plugins/UserFlag/userflag.css'), 
+        $action->cssLink(common_path('plugins/UserFlag/userflag.css'),
                          null, 'screen, projection, tv');
         return true;
     }
@@ -148,4 +150,12 @@ class UserFlagPlugin extends Plugin
         $action->inlineScript('if ($(".form_entity_flag").length > 0) { SN.U.FormXHR($(".form_entity_flag")); }');
         return true;
     }
+
+    function onUserRightsCheck($user, $right, &$result) {
+        if ($right == self::REVIEWFLAGS) {
+            $result = $user->hasRole('moderator');
+            return false; // done processing!
+        }
+        return true; // unchanged!
+    }
 }
diff --git a/plugins/UserFlag/adminprofileflag.php b/plugins/UserFlag/adminprofileflag.php
index 20b8086377..5d6acf0863 100644
--- a/plugins/UserFlag/adminprofileflag.php
+++ b/plugins/UserFlag/adminprofileflag.php
@@ -43,6 +43,8 @@ if (!defined('STATUSNET')) {
 
 class AdminprofileflagAction extends Action
 {
+    var $page = null;
+
     /**
      * Take arguments for running
      *
@@ -55,6 +57,47 @@ class AdminprofileflagAction extends Action
     {
         parent::prepare($args);
 
+        $user = common_current_user();
+
+        // User must be logged in.
+
+        if (!common_logged_in()) {
+            $this->clientError(_('Not logged in.'));
+            return;
+        }
+
+        $user = common_current_user();
+
+        // ...because they're logged in
+
+        assert(!empty($user));
+
+        // It must be a "real" login, not saved cookie login
+
+        if (!common_is_real_login()) {
+            // Cookie theft is too easy; we require automatic
+            // logins to re-authenticate before admining the site
+            common_set_returnto($this->selfUrl());
+            if (Event::handle('RedirectToLogin', array($this, $user))) {
+                common_redirect(common_local_url('login'), 303);
+            }
+        }
+
+        // User must have the right to review flags
+
+        if (!$user->hasRight(UserFlagPlugin::REVIEWFLAGS)) {
+            $this->clientError(_('You cannot review profile flags.'));
+            return false;
+        }
+
+        $page = $this->int('page');
+
+        if (empty($page)) {
+            $this->page = 1;
+        } else {
+            $this->page = $page;
+        }
+
         return true;
     }