By default, disallow users to set private_stream
This commit is contained in:
parent
47dc15c9f6
commit
5fbb01130a
|
@ -207,13 +207,15 @@ class ProfilesettingsAction extends SettingsAction
|
||||||
(empty($user->subscribe_policy)) ? User::SUBSCRIBE_POLICY_OPEN : $user->subscribe_policy);
|
(empty($user->subscribe_policy)) ? User::SUBSCRIBE_POLICY_OPEN : $user->subscribe_policy);
|
||||||
$this->elementEnd('li');
|
$this->elementEnd('li');
|
||||||
}
|
}
|
||||||
$this->elementStart('li');
|
if (common_config('profile', 'allowprivate') || $user->private_stream) {
|
||||||
$this->checkbox('private_stream',
|
$this->elementStart('li');
|
||||||
// TRANS: Checkbox label in profile settings.
|
$this->checkbox('private_stream',
|
||||||
_('Make updates visible only to my followers'),
|
// TRANS: Checkbox label in profile settings.
|
||||||
($this->arg('private_stream')) ?
|
_('Make updates visible only to my followers'),
|
||||||
$this->boolean('private_stream') : $user->private_stream);
|
($this->arg('private_stream')) ?
|
||||||
$this->elementEnd('li');
|
$this->boolean('private_stream') : $user->private_stream);
|
||||||
|
$this->elementEnd('li');
|
||||||
|
}
|
||||||
$this->elementEnd('ul');
|
$this->elementEnd('ul');
|
||||||
// TRANS: Button to save input in profile settings.
|
// TRANS: Button to save input in profile settings.
|
||||||
$this->submit('save', _m('BUTTON','Save'));
|
$this->submit('save', _m('BUTTON','Save'));
|
||||||
|
@ -255,7 +257,6 @@ class ProfilesettingsAction extends SettingsAction
|
||||||
$location = $this->trimmed('location');
|
$location = $this->trimmed('location');
|
||||||
$autosubscribe = $this->booleanintstring('autosubscribe');
|
$autosubscribe = $this->booleanintstring('autosubscribe');
|
||||||
$subscribe_policy = $this->trimmed('subscribe_policy');
|
$subscribe_policy = $this->trimmed('subscribe_policy');
|
||||||
$private_stream = $this->booleanintstring('private_stream');
|
|
||||||
$language = $this->trimmed('language');
|
$language = $this->trimmed('language');
|
||||||
$timezone = $this->trimmed('timezone');
|
$timezone = $this->trimmed('timezone');
|
||||||
$tagstring = $this->trimmed('tags');
|
$tagstring = $this->trimmed('tags');
|
||||||
|
@ -310,6 +311,15 @@ class ProfilesettingsAction extends SettingsAction
|
||||||
$user = $this->scoped->getUser();
|
$user = $this->scoped->getUser();
|
||||||
$user->query('BEGIN');
|
$user->query('BEGIN');
|
||||||
|
|
||||||
|
// Only allow setting private_stream if site policy allows it
|
||||||
|
// (or user already _has_ a private stream, then you can unset it)
|
||||||
|
if (common_config('profile', 'allowprivate') || $user->private_stream) {
|
||||||
|
$private_stream = $this->booleanintstring('private_stream');
|
||||||
|
} else {
|
||||||
|
// if not allowed, we set to the existing value
|
||||||
|
$private_stream = $user->private_stream;
|
||||||
|
}
|
||||||
|
|
||||||
// $user->nickname is updated through Profile->update();
|
// $user->nickname is updated through Profile->update();
|
||||||
|
|
||||||
// XXX: XOR
|
// XXX: XOR
|
||||||
|
|
|
@ -129,6 +129,7 @@ $default =
|
||||||
array('banned' => array(),
|
array('banned' => array(),
|
||||||
'biolimit' => null,
|
'biolimit' => null,
|
||||||
'changenick' => false,
|
'changenick' => false,
|
||||||
|
'allowprivate' => false, // whether to allow setting stream to private ("only followers can read")
|
||||||
'backup' => false, // can cause DoS, so should be done via CLI
|
'backup' => false, // can cause DoS, so should be done via CLI
|
||||||
'restore' => false,
|
'restore' => false,
|
||||||
'delete' => false,
|
'delete' => false,
|
||||||
|
|
Loading…
Reference in New Issue
Block a user