By default, disallow users to set private_stream

This commit is contained in:
Mikael Nordfeldth 2016-02-17 22:58:31 +01:00
parent 47dc15c9f6
commit 5fbb01130a
2 changed files with 19 additions and 8 deletions

View File

@ -207,13 +207,15 @@ class ProfilesettingsAction extends SettingsAction
(empty($user->subscribe_policy)) ? User::SUBSCRIBE_POLICY_OPEN : $user->subscribe_policy); (empty($user->subscribe_policy)) ? User::SUBSCRIBE_POLICY_OPEN : $user->subscribe_policy);
$this->elementEnd('li'); $this->elementEnd('li');
} }
$this->elementStart('li'); if (common_config('profile', 'allowprivate') || $user->private_stream) {
$this->checkbox('private_stream', $this->elementStart('li');
// TRANS: Checkbox label in profile settings. $this->checkbox('private_stream',
_('Make updates visible only to my followers'), // TRANS: Checkbox label in profile settings.
($this->arg('private_stream')) ? _('Make updates visible only to my followers'),
$this->boolean('private_stream') : $user->private_stream); ($this->arg('private_stream')) ?
$this->elementEnd('li'); $this->boolean('private_stream') : $user->private_stream);
$this->elementEnd('li');
}
$this->elementEnd('ul'); $this->elementEnd('ul');
// TRANS: Button to save input in profile settings. // TRANS: Button to save input in profile settings.
$this->submit('save', _m('BUTTON','Save')); $this->submit('save', _m('BUTTON','Save'));
@ -255,7 +257,6 @@ class ProfilesettingsAction extends SettingsAction
$location = $this->trimmed('location'); $location = $this->trimmed('location');
$autosubscribe = $this->booleanintstring('autosubscribe'); $autosubscribe = $this->booleanintstring('autosubscribe');
$subscribe_policy = $this->trimmed('subscribe_policy'); $subscribe_policy = $this->trimmed('subscribe_policy');
$private_stream = $this->booleanintstring('private_stream');
$language = $this->trimmed('language'); $language = $this->trimmed('language');
$timezone = $this->trimmed('timezone'); $timezone = $this->trimmed('timezone');
$tagstring = $this->trimmed('tags'); $tagstring = $this->trimmed('tags');
@ -310,6 +311,15 @@ class ProfilesettingsAction extends SettingsAction
$user = $this->scoped->getUser(); $user = $this->scoped->getUser();
$user->query('BEGIN'); $user->query('BEGIN');
// Only allow setting private_stream if site policy allows it
// (or user already _has_ a private stream, then you can unset it)
if (common_config('profile', 'allowprivate') || $user->private_stream) {
$private_stream = $this->booleanintstring('private_stream');
} else {
// if not allowed, we set to the existing value
$private_stream = $user->private_stream;
}
// $user->nickname is updated through Profile->update(); // $user->nickname is updated through Profile->update();
// XXX: XOR // XXX: XOR

View File

@ -129,6 +129,7 @@ $default =
array('banned' => array(), array('banned' => array(),
'biolimit' => null, 'biolimit' => null,
'changenick' => false, 'changenick' => false,
'allowprivate' => false, // whether to allow setting stream to private ("only followers can read")
'backup' => false, // can cause DoS, so should be done via CLI 'backup' => false, // can cause DoS, so should be done via CLI
'restore' => false, 'restore' => false,
'delete' => false, 'delete' => false,