summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--app/Auth.php42
-rw-r--r--app/Fact.php16
-rw-r--r--app/GedcomRecord.php10
-rw-r--r--app/Http/Controllers/IndividualController.php4
-rw-r--r--resources/views/family-page.phtml2
-rw-r--r--resources/views/gedcom-record-page.phtml2
-rw-r--r--resources/views/individual-page.phtml2
-rw-r--r--resources/views/media-page.phtml2
-rw-r--r--resources/views/note-page.phtml2
-rw-r--r--resources/views/repository-page.phtml2
-rw-r--r--resources/views/source-page.phtml2
11 files changed, 63 insertions, 23 deletions
diff --git a/app/Auth.php b/app/Auth.php
index df75463291..9f5afc70b0 100644
--- a/app/Auth.php
+++ b/app/Auth.php
@@ -226,7 +226,11 @@ class Auth
throw new FamilyNotFoundException();
}
- if (!$family->canShow() || $edit && (!$family->canEdit() || $family->isPendingDeletion())) {
+ if (!$family->canShow()) {
+ throw new FamilyAccessDeniedException();
+ }
+
+ if ($edit && !$family->canEdit()) {
throw new FamilyAccessDeniedException();
}
}
@@ -245,7 +249,11 @@ class Auth
throw new IndividualNotFoundException();
}
- if (!$individual->canShow() || $edit && (!$individual->canEdit() || $individual->isPendingDeletion())) {
+ if (!$individual->canShow()) {
+ throw new IndividualAccessDeniedException();
+ }
+
+ if ($edit && !$individual->canEdit()) {
throw new IndividualAccessDeniedException();
}
}
@@ -264,7 +272,11 @@ class Auth
throw new MediaNotFoundException();
}
- if (!$media->canShow() || $edit && (!$media->canEdit() || $media->isPendingDeletion())) {
+ if (!$media->canShow()) {
+ throw new MediaAccessDeniedException();
+ }
+
+ if ($edit && !$media->canEdit()) {
throw new MediaAccessDeniedException();
}
}
@@ -283,7 +295,11 @@ class Auth
throw new NoteNotFoundException();
}
- if (!$note->canShow() || $edit && (!$note->canEdit() || $note->isPendingDeletion())) {
+ if (!$note->canShow()) {
+ throw new NoteAccessDeniedException();
+ }
+
+ if ($edit && !$note->canEdit()) {
throw new NoteAccessDeniedException();
}
}
@@ -302,7 +318,11 @@ class Auth
throw new RecordNotFoundException();
}
- if (!$record->canShow() || $edit && (!$record->canEdit() || $record->isPendingDeletion())) {
+ if (!$record->canShow()) {
+ throw new RecordAccessDeniedException();
+ }
+
+ if ($edit && !$record->canEdit()) {
throw new RecordAccessDeniedException();
}
}
@@ -321,7 +341,11 @@ class Auth
throw new RepositoryNotFoundException();
}
- if (!$repository->canShow() || $edit && (!$repository->canEdit() || $repository->isPendingDeletion())) {
+ if (!$repository->canShow()) {
+ throw new RepositoryAccessDeniedException();
+ }
+
+ if ($edit && !$repository->canEdit()) {
throw new RepositoryAccessDeniedException();
}
}
@@ -340,7 +364,11 @@ class Auth
throw new SourceNotFoundException();
}
- if (!$source->canShow() || $edit && (!$source->canEdit() || $source->isPendingDeletion())) {
+ if (!$source->canShow()) {
+ throw new SourceAccessDeniedException();
+ }
+
+ if ($edit && !$source->canEdit()) {
throw new SourceAccessDeniedException();
}
}
diff --git a/app/Fact.php b/app/Fact.php
index 950d0551f1..86b5cb0898 100644
--- a/app/Fact.php
+++ b/app/Fact.php
@@ -22,6 +22,7 @@ use Fisharebest\Webtrees\Functions\FunctionsPrint;
use Fisharebest\Webtrees\Services\GedcomService;
use Illuminate\Support\Collection;
use InvalidArgumentException;
+use function strpos;
/**
* A GEDCOM fact or event object.
@@ -322,13 +323,16 @@ class Fact
*/
public function canEdit(): bool
{
- // Managers can edit anything
+ if ($this->isPendingDeletion()) {
+ return false;
+ }
+
+ if (Auth::isManager($this->record->tree())) {
+ return true;
+ }
+
// Members cannot edit RESN, CHAN and locked records
- return
- $this->record->canEdit() && !$this->isPendingDeletion() && (
- Auth::isManager($this->record->tree()) ||
- Auth::isEditor($this->record->tree()) && strpos($this->gedcom, "\n2 RESN locked") === false && $this->getTag() !== 'RESN' && $this->getTag() !== 'CHAN'
- );
+ return Auth::isEditor($this->record->tree()) && strpos($this->gedcom, "\n2 RESN locked") === false && $this->getTag() !== 'RESN' && $this->getTag() !== 'CHAN';
}
/**
diff --git a/app/GedcomRecord.php b/app/GedcomRecord.php
index 26fbf44301..0e71c3537f 100644
--- a/app/GedcomRecord.php
+++ b/app/GedcomRecord.php
@@ -503,7 +503,15 @@ class GedcomRecord
*/
public function canEdit(): bool
{
- return Auth::isManager($this->tree) || Auth::isEditor($this->tree) && strpos($this->gedcom, "\n1 RESN locked") === false;
+ if ($this->isPendingDeletion()) {
+ return false;
+ }
+
+ if (Auth::isManager($this->tree)) {
+ return true;
+ }
+
+ return Auth::isEditor($this->tree) && strpos($this->gedcom, "\n1 RESN locked") === false;
}
/**
diff --git a/app/Http/Controllers/IndividualController.php b/app/Http/Controllers/IndividualController.php
index 1377abe036..93436b4dc7 100644
--- a/app/Http/Controllers/IndividualController.php
+++ b/app/Http/Controllers/IndividualController.php
@@ -266,7 +266,7 @@ class IndividualController extends AbstractBaseController
}
$content = ob_get_clean();
- if ($individual->canEdit() && !$fact->isPendingDeletion()) {
+ if ($fact->canEdit()) {
$edit_links =
'<a class="btn btn-link" href="#" data-confirm="' . I18N::translate('Are you sure you want to delete this fact?') . '" onclick="return delete_fact(this.dataset.confirm, \'' . e($individual->tree()->name()) . '\', \'' . e($individual->xref()) . '\', \'' . $fact->id() . '\');" title="' . I18N::translate('Delete this name') . '">' . view('icons/delete') . '<span class="sr-only">' . I18N::translate('Delete this name') . '</span></a>' .
'<a class="btn btn-link" href="' . e(route('edit-name', ['xref' => $individual->xref(), 'fact_id' => $fact->id(), 'ged' => $individual->tree()->name()])) . '" title="' . I18N::translate('Edit the name') . '">' . view('icons/edit') . '<span class="sr-only">' . I18N::translate('Edit the name') . '</span></a>';
@@ -316,7 +316,7 @@ class IndividualController extends AbstractBaseController
$container_class .= ' new';
}
- if ($individual->canEdit() && !$fact->isPendingDeletion()) {
+ if ($individual->canEdit()) {
$edit_links = '<a class="btn btn-link" href="' . e(route('edit-fact', ['xref' => $individual->xref(), 'fact_id' => $fact->id(), 'ged' => $individual->tree()->name()])) . '" title="' . I18N::translate('Edit the gender') . '">' . view('icons/edit') . '<span class="sr-only">' . I18N::translate('Edit the gender') . '</span></a>';
} else {
$edit_links = '';
diff --git a/resources/views/family-page.phtml b/resources/views/family-page.phtml
index 400c1120be..b196bed266 100644
--- a/resources/views/family-page.phtml
+++ b/resources/views/family-page.phtml
@@ -28,7 +28,7 @@ use Fisharebest\Webtrees\View;
<h2 class="wt-page-title mx-auto">
<?= $record->fullName() ?>
</h2>
- <?php if ($record->canEdit() && !$record->isPendingDeletion()) : ?>
+ <?php if ($record->canEdit()) : ?>
<?= view('family-page-menu', ['record' => $record]) ?>
<?php endif ?>
</div>
diff --git a/resources/views/gedcom-record-page.phtml b/resources/views/gedcom-record-page.phtml
index b7cf573b23..14c4ca92d7 100644
--- a/resources/views/gedcom-record-page.phtml
+++ b/resources/views/gedcom-record-page.phtml
@@ -21,7 +21,7 @@
<h2 class="wt-page-title mx-auto">
<?= $record->fullName() ?>
</h2>
- <?php if ($record->canEdit() && !$record->isPendingDeletion()) : ?>
+ <?php if ($record->canEdit()) : ?>
<?= view('gedcom-record-page-menu', ['record' => $record]) ?>
<?php endif ?>
</div>
diff --git a/resources/views/individual-page.phtml b/resources/views/individual-page.phtml
index 8b28784b61..b8fc5eb661 100644
--- a/resources/views/individual-page.phtml
+++ b/resources/views/individual-page.phtml
@@ -27,7 +27,7 @@
<h2 class="wt-page-title mx-auto">
<?= $individual->fullName() ?><?= $user_link ?>, <?= $individual->getLifeSpan() ?> <?= $age ?>
</h2>
- <?php if ($individual->canEdit() && !$individual->isPendingDeletion()) : ?>
+ <?php if ($individual->canEdit()) : ?>
<?= view('individual-page-menu', ['individual' => $individual, 'count_names' => $count_names, 'count_sex' => $count_sex]) ?>
<?php endif ?>
</div>
diff --git a/resources/views/media-page.phtml b/resources/views/media-page.phtml
index bcab90e543..f7e7a65730 100644
--- a/resources/views/media-page.phtml
+++ b/resources/views/media-page.phtml
@@ -22,7 +22,7 @@
<h2 class="wt-page-title mx-auto">
<?= $media->fullName() ?>
</h2>
- <?php if ($media->canEdit() && !$media->isPendingDeletion()) : ?>
+ <?php if ($media->canEdit()) : ?>
<?= view('media-page-menu', ['record' => $media]) ?>
<?php endif ?>
</div>
diff --git a/resources/views/note-page.phtml b/resources/views/note-page.phtml
index 718d0a025d..5389a2383b 100644
--- a/resources/views/note-page.phtml
+++ b/resources/views/note-page.phtml
@@ -21,7 +21,7 @@
<h2 class="wt-page-title mx-auto">
<?= $note->fullName() ?>
</h2>
- <?php if ($note->canEdit() && !$note->isPendingDeletion()) : ?>
+ <?php if ($note->canEdit()) : ?>
<?= view('note-page-menu', ['record' => $note]) ?>
<?php endif ?>
</div>
diff --git a/resources/views/repository-page.phtml b/resources/views/repository-page.phtml
index e0f0bd1fa8..4bd2d05b44 100644
--- a/resources/views/repository-page.phtml
+++ b/resources/views/repository-page.phtml
@@ -25,7 +25,7 @@ use Fisharebest\Webtrees\I18N;
<h2 class="wt-page-title mx-auto">
<?= $repository->fullName() ?>
</h2>
- <?php if ($repository->canEdit() && !$repository->isPendingDeletion()) : ?>
+ <?php if ($repository->canEdit()) : ?>
<?= view('repository-page-menu', ['record' => $repository]) ?>
<?php endif ?>
</div>
diff --git a/resources/views/source-page.phtml b/resources/views/source-page.phtml
index ebde2ba52c..5aa77f2325 100644
--- a/resources/views/source-page.phtml
+++ b/resources/views/source-page.phtml
@@ -21,7 +21,7 @@
<h2 class="wt-page-title mx-auto">
<?= $source->fullName() ?>
</h2>
- <?php if ($source->canEdit() && !$source->isPendingDeletion()) : ?>
+ <?php if ($source->canEdit()) : ?>
<?= view('source-page-menu', ['record' => $source]) ?>
<?php endif ?>
</div>