standardebooks/web
1
0
Fork 0
mirror of https://github.com/standardebooks/web.git synced 2025-07-13 01:52:02 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Don't allow submitters to review their own artwork

Browse source
This commit is contained in:
Alex Cabal 2024-01-13 16:33:57 -06:00
parent 47973970b6
commit f992da84ae
5 changed files with 53 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

11
config/sql/se/Benefits.sql
View file

@ -1,10 +1,11 @@
CREATE TABLE `Benefits` ( CREATE TABLE `Benefits` (
`UserId` int(10) unsigned NOT NULL, `UserId` int(10) unsigned NOT NULL,
`CanAccessFeeds` tinyint(1) unsigned NOT NULL, `CanAccessFeeds` tinyint(1) unsigned NOT NULL DEFAULT 0,
`CanVote` tinyint(1) unsigned NOT NULL, `CanVote` tinyint(1) unsigned NOT NULL DEFAULT 0,
`CanBulkDownload` tinyint(1) unsigned NOT NULL, `CanBulkDownload` tinyint(1) unsigned NOT NULL DEFAULT 0,
`CanUploadArtwork` tinyint(1) unsigned NOT NULL, `CanUploadArtwork` tinyint(1) unsigned NOT NULL DEFAULT 0,
`CanReviewArtwork` tinyint(1) unsigned NOT NULL, `CanReviewArtwork` tinyint(1) unsigned NOT NULL DEFAULT 0,
`CanReviewOwnArtwork` tinyint(1) unsigned NOT NULL DEFAULT 0,
PRIMARY KEY (`UserId`), PRIMARY KEY (`UserId`),
KEY `idxBenefits` (`CanAccessFeeds`,`CanVote`,`CanBulkDownload`) KEY `idxBenefits` (`CanAccessFeeds`,`CanVote`,`CanBulkDownload`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;

1
lib/Benefits.php
View file

@ -5,4 +5,5 @@ class Benefits{
public bool $CanBulkDownload = false; public bool $CanBulkDownload = false;
public bool $CanUploadArtwork = false; public bool $CanUploadArtwork = false;
public bool $CanReviewArtwork = false; public bool $CanReviewArtwork = false;
public bool $CanReviewOwnArtwork = false;
} }

26
www/artworks/get.php
View file

@ -129,21 +129,23 @@ catch(Exceptions\ArtworkNotFoundException){
<? } ?> <? } ?>
<? if($isAdminView){ ?> <? if($isAdminView){ ?>
<h2>Reviewer options</h2> <h2>Editor options</h2>
<p>Review the metadata and PD proof for this artwork submission. Approve to make it available for future producers.</p> <p>Review the metadata and PD proof for this artwork submission. Approve to make it available for future producers.</p>
<form method="post" action="<?= $artwork->Url ?>"> <form method="post" action="<?= $artwork->Url ?>">
<input type="hidden" name="_method" value="PATCH" /> <input type="hidden" name="_method" value="PATCH" />
<label class="select"> <? if(($artwork->SubmitterUserId != $GLOBALS['User']->UserId) || $GLOBALS['User']->Benefits->CanReviewOwnArtwork){ ?>
<span>Artwork approval status</span> <label class="select">
<span> <span>Artwork approval status</span>
<select name="artwork-status"> <span>
<option value="<?= COVER_ARTWORK_STATUS_UNVERIFIED ?>"<? if($artwork->Status == COVER_ARTWORK_STATUS_UNVERIFIED){ ?> selected="selected"<? } ?>>Unverified</option> <select name="artwork-status">
<option value="<?= COVER_ARTWORK_STATUS_DECLINED ?>"<? if($artwork->Status == COVER_ARTWORK_STATUS_DECLINED){ ?> selected="selected"<? } ?>>Declined</option> <option value="<?= COVER_ARTWORK_STATUS_UNVERIFIED ?>"<? if($artwork->Status == COVER_ARTWORK_STATUS_UNVERIFIED){ ?> selected="selected"<? } ?>>Unverified</option>
<option value="<?= COVER_ARTWORK_STATUS_APPROVED ?>"<? if($artwork->Status == COVER_ARTWORK_STATUS_APPROVED){ ?> selected="selected"<? } ?>>Approved</option> <option value="<?= COVER_ARTWORK_STATUS_DECLINED ?>"<? if($artwork->Status == COVER_ARTWORK_STATUS_DECLINED){ ?> selected="selected"<? } ?>>Declined</option>
<option value="<?= COVER_ARTWORK_STATUS_IN_USE ?>"<? if($artwork->Status == COVER_ARTWORK_STATUS_IN_USE){ ?> selected="selected"<? } ?>>In use</option> <option value="<?= COVER_ARTWORK_STATUS_APPROVED ?>"<? if($artwork->Status == COVER_ARTWORK_STATUS_APPROVED){ ?> selected="selected"<? } ?>>Approved</option>
</select> <option value="<?= COVER_ARTWORK_STATUS_IN_USE ?>"<? if($artwork->Status == COVER_ARTWORK_STATUS_IN_USE){ ?> selected="selected"<? } ?>>In use</option>
</span> </select>
</label> </span>
</label>
<? } ?>
<label> <label>
<span>In use by</span> <span>In use by</span>
<span>Ebook file system slug, like <code>c-s-lewis_poetry</code>. If not in use, leave this blank.</span> <span>Ebook file system slug, like <code>c-s-lewis_poetry</code>. If not in use, leave this blank.</span>

32
www/artworks/new.php
View file

@ -19,6 +19,8 @@ try{
throw new Exceptions\InvalidPermissionsException(); throw new Exceptions\InvalidPermissionsException();
} }
$isAdminView = $GLOBALS['User']->Benefits->CanReviewArtwork ?? false;
// We got here because an artwork was successfully submitted // We got here because an artwork was successfully submitted
if($created){ if($created){
http_response_code(201); http_response_code(201);
@ -36,7 +38,7 @@ try{
$artwork = new Artwork(); $artwork = new Artwork();
$artwork->Artist = new Artist(); $artwork->Artist = new Artist();
if($GLOBALS['User']->Benefits->CanReviewArtwork){ if($GLOBALS['User']->Benefits->CanReviewOwnArtwork){
$artwork->Status = COVER_ARTWORK_STATUS_APPROVED; $artwork->Status = COVER_ARTWORK_STATUS_APPROVED;
} }
} }
@ -231,20 +233,22 @@ catch(Exceptions\InvalidPermissionsException){
<textarea maxlength="1024" name="artwork-notes"><?= Formatter::ToPlainText($artwork->Notes) ?></textarea> <textarea maxlength="1024" name="artwork-notes"><?= Formatter::ToPlainText($artwork->Notes) ?></textarea>
</label> </label>
</fieldset> </fieldset>
<? if($GLOBALS['User']->Benefits->CanReviewArtwork){ ?> <? if($isAdminView){ ?>
<fieldset> <fieldset>
<legend>Reviewer options</legend> <legend>Editor options</legend>
<label class="select"> <? if($GLOBALS['User']->Benefits->CanReviewOwnArtwork){ ?>
<span>Artwork approval status</span> <label class="select">
<span> <span>Artwork approval status</span>
<select name="artwork-status"> <span>
<option value="<?= COVER_ARTWORK_STATUS_UNVERIFIED ?>"<? if($artwork->Status == COVER_ARTWORK_STATUS_UNVERIFIED){ ?> selected="selected"<? } ?>>Unverified</option> <select name="artwork-status">
<option value="<?= COVER_ARTWORK_STATUS_DECLINED ?>"<? if($artwork->Status == COVER_ARTWORK_STATUS_DECLINED){ ?> selected="selected"<? } ?>>Declined</option> <option value="<?= COVER_ARTWORK_STATUS_UNVERIFIED ?>"<? if($artwork->Status == COVER_ARTWORK_STATUS_UNVERIFIED){ ?> selected="selected"<? } ?>>Unverified</option>
<option value="<?= COVER_ARTWORK_STATUS_APPROVED ?>"<? if($artwork->Status == COVER_ARTWORK_STATUS_APPROVED){ ?> selected="selected"<? } ?>>Approved</option> <option value="<?= COVER_ARTWORK_STATUS_DECLINED ?>"<? if($artwork->Status == COVER_ARTWORK_STATUS_DECLINED){ ?> selected="selected"<? } ?>>Declined</option>
<option value="<?= COVER_ARTWORK_STATUS_IN_USE ?>"<? if($artwork->Status == COVER_ARTWORK_STATUS_IN_USE){ ?> selected="selected"<? } ?>>In use</option> <option value="<?= COVER_ARTWORK_STATUS_APPROVED ?>"<? if($artwork->Status == COVER_ARTWORK_STATUS_APPROVED){ ?> selected="selected"<? } ?>>Approved</option>
</select> <option value="<?= COVER_ARTWORK_STATUS_IN_USE ?>"<? if($artwork->Status == COVER_ARTWORK_STATUS_IN_USE){ ?> selected="selected"<? } ?>>In use</option>
</span> </select>
</label> </span>
</label>
<? } ?>
<label> <label>
<span>In use by</span> <span>In use by</span>
<span>Ebook file system slug, like <code>c-s-lewis_poetry</code>. If not in use, leave this blank.</span> <span>Ebook file system slug, like <code>c-s-lewis_poetry</code>. If not in use, leave this blank.</span>

16
www/artworks/post.php
View file

@ -44,7 +44,8 @@ try{
$artwork->Notes = HttpInput::Str(POST, 'artwork-notes', false); $artwork->Notes = HttpInput::Str(POST, 'artwork-notes', false);
// Only approved reviewers can set the status to anything but unverified when uploading // Only approved reviewers can set the status to anything but unverified when uploading
if($artwork->Status != COVER_ARTWORK_STATUS_UNVERIFIED && !$GLOBALS['User']->Benefits->CanReviewArtwork){ // The submitter cannot review their own submissions unless they have special permission
if($artwork->Status != COVER_ARTWORK_STATUS_UNVERIFIED && !$GLOBALS['User']->Benefits->CanReviewOwnArtwork){
throw new Exceptions\InvalidPermissionsException(); throw new Exceptions\InvalidPermissionsException();
} }
@ -82,7 +83,6 @@ try{
$artwork->CompletedYear = HttpInput::Int(POST, 'artwork-year') ?? $artwork->CompletedYear; $artwork->CompletedYear = HttpInput::Int(POST, 'artwork-year') ?? $artwork->CompletedYear;
$artwork->CompletedYearIsCirca = HttpInput::Bool(POST, 'artwork-year-is-circa', false) ?? $artwork->CompletedYearIsCirca; $artwork->CompletedYearIsCirca = HttpInput::Bool(POST, 'artwork-year-is-circa', false) ?? $artwork->CompletedYearIsCirca;
$artwork->Tags = HttpInput::Str(POST, 'artwork-tags', false) ?? $artwork->Tags; $artwork->Tags = HttpInput::Str(POST, 'artwork-tags', false) ?? $artwork->Tags;
$artwork->Status = HttpInput::Str(POST, 'artwork-status', false) ?? $artwork->Status;
$artwork->EbookWwwFilesystemPath = HttpInput::Str(POST, 'artwork-ebook-www-filesystem-path', false) ?? $artwork->EbookWwwFilesystemPath; $artwork->EbookWwwFilesystemPath = HttpInput::Str(POST, 'artwork-ebook-www-filesystem-path', false) ?? $artwork->EbookWwwFilesystemPath;
$artwork->IsPublishedInUs = HttpInput::Bool(POST, 'artwork-is-published-in-us', false) ?? $artwork->IsPublishedInUs; $artwork->IsPublishedInUs = HttpInput::Bool(POST, 'artwork-is-published-in-us', false) ?? $artwork->IsPublishedInUs;
$artwork->PublicationYear = HttpInput::Int(POST, 'artwork-publication-year') ?? $artwork->PublicationYear; $artwork->PublicationYear = HttpInput::Int(POST, 'artwork-publication-year') ?? $artwork->PublicationYear;
@ -95,6 +95,18 @@ try{
$artwork->ReviewerUserId = $GLOBALS['User']->UserId; $artwork->ReviewerUserId = $GLOBALS['User']->UserId;
$newStatus = HttpInput::Str(POST, 'artwork-status', false);
if($newStatus !== null){
if($artwork->Status != $newStatus){
// Is the user attempting to review their own artwork?
if($artwork->Status != COVER_ARTWORK_STATUS_UNVERIFIED && $GLOBALS['User']->UserId == $artwork->SubmitterUserId && !$GLOBALS['User']->Benefits->CanReviewOwnArtwork){
throw new Exceptions\InvalidPermissionsException();
}
}
$artwork->Status = $newStatus;
}
$artwork->Save(); $artwork->Save();
$_SESSION['artwork'] = $artwork; $_SESSION['artwork'] = $artwork;