diff options
| -rw-r--r-- | app/Auth.php | 42 | ||||
| -rw-r--r-- | app/Fact.php | 16 | ||||
| -rw-r--r-- | app/GedcomRecord.php | 10 | ||||
| -rw-r--r-- | app/Http/Controllers/IndividualController.php | 4 | ||||
| -rw-r--r-- | resources/views/family-page.phtml | 2 | ||||
| -rw-r--r-- | resources/views/gedcom-record-page.phtml | 2 | ||||
| -rw-r--r-- | resources/views/individual-page.phtml | 2 | ||||
| -rw-r--r-- | resources/views/media-page.phtml | 2 | ||||
| -rw-r--r-- | resources/views/note-page.phtml | 2 | ||||
| -rw-r--r-- | resources/views/repository-page.phtml | 2 | ||||
| -rw-r--r-- | resources/views/source-page.phtml | 2 |
11 files changed, 63 insertions, 23 deletions
diff --git a/app/Auth.php b/app/Auth.php index df75463291..9f5afc70b0 100644 --- a/app/Auth.php +++ b/app/Auth.php @@ -226,7 +226,11 @@ class Auth throw new FamilyNotFoundException(); } - if (!$family->canShow() || $edit && (!$family->canEdit() || $family->isPendingDeletion())) { + if (!$family->canShow()) { + throw new FamilyAccessDeniedException(); + } + + if ($edit && !$family->canEdit()) { throw new FamilyAccessDeniedException(); } } @@ -245,7 +249,11 @@ class Auth throw new IndividualNotFoundException(); } - if (!$individual->canShow() || $edit && (!$individual->canEdit() || $individual->isPendingDeletion())) { + if (!$individual->canShow()) { + throw new IndividualAccessDeniedException(); + } + + if ($edit && !$individual->canEdit()) { throw new IndividualAccessDeniedException(); } } @@ -264,7 +272,11 @@ class Auth throw new MediaNotFoundException(); } - if (!$media->canShow() || $edit && (!$media->canEdit() || $media->isPendingDeletion())) { + if (!$media->canShow()) { + throw new MediaAccessDeniedException(); + } + + if ($edit && !$media->canEdit()) { throw new MediaAccessDeniedException(); } } @@ -283,7 +295,11 @@ class Auth throw new NoteNotFoundException(); } - if (!$note->canShow() || $edit && (!$note->canEdit() || $note->isPendingDeletion())) { + if (!$note->canShow()) { + throw new NoteAccessDeniedException(); + } + + if ($edit && !$note->canEdit()) { throw new NoteAccessDeniedException(); } } @@ -302,7 +318,11 @@ class Auth throw new RecordNotFoundException(); } - if (!$record->canShow() || $edit && (!$record->canEdit() || $record->isPendingDeletion())) { + if (!$record->canShow()) { + throw new RecordAccessDeniedException(); + } + + if ($edit && !$record->canEdit()) { throw new RecordAccessDeniedException(); } } @@ -321,7 +341,11 @@ class Auth throw new RepositoryNotFoundException(); } - if (!$repository->canShow() || $edit && (!$repository->canEdit() || $repository->isPendingDeletion())) { + if (!$repository->canShow()) { + throw new RepositoryAccessDeniedException(); + } + + if ($edit && !$repository->canEdit()) { throw new RepositoryAccessDeniedException(); } } @@ -340,7 +364,11 @@ class Auth throw new SourceNotFoundException(); } - if (!$source->canShow() || $edit && (!$source->canEdit() || $source->isPendingDeletion())) { + if (!$source->canShow()) { + throw new SourceAccessDeniedException(); + } + + if ($edit && !$source->canEdit()) { throw new SourceAccessDeniedException(); } } diff --git a/app/Fact.php b/app/Fact.php index 950d0551f1..86b5cb0898 100644 --- a/app/Fact.php +++ b/app/Fact.php @@ -22,6 +22,7 @@ use Fisharebest\Webtrees\Functions\FunctionsPrint; use Fisharebest\Webtrees\Services\GedcomService; use Illuminate\Support\Collection; use InvalidArgumentException; +use function strpos; /** * A GEDCOM fact or event object. @@ -322,13 +323,16 @@ class Fact */ public function canEdit(): bool { - // Managers can edit anything + if ($this->isPendingDeletion()) { + return false; + } + + if (Auth::isManager($this->record->tree())) { + return true; + } + // Members cannot edit RESN, CHAN and locked records - return - $this->record->canEdit() && !$this->isPendingDeletion() && ( - Auth::isManager($this->record->tree()) || - Auth::isEditor($this->record->tree()) && strpos($this->gedcom, "\n2 RESN locked") === false && $this->getTag() !== 'RESN' && $this->getTag() !== 'CHAN' - ); + return Auth::isEditor($this->record->tree()) && strpos($this->gedcom, "\n2 RESN locked") === false && $this->getTag() !== 'RESN' && $this->getTag() !== 'CHAN'; } /** diff --git a/app/GedcomRecord.php b/app/GedcomRecord.php index 26fbf44301..0e71c3537f 100644 --- a/app/GedcomRecord.php +++ b/app/GedcomRecord.php @@ -503,7 +503,15 @@ class GedcomRecord */ public function canEdit(): bool { - return Auth::isManager($this->tree) || Auth::isEditor($this->tree) && strpos($this->gedcom, "\n1 RESN locked") === false; + if ($this->isPendingDeletion()) { + return false; + } + + if (Auth::isManager($this->tree)) { + return true; + } + + return Auth::isEditor($this->tree) && strpos($this->gedcom, "\n1 RESN locked") === false; } /** diff --git a/app/Http/Controllers/IndividualController.php b/app/Http/Controllers/IndividualController.php index 1377abe036..93436b4dc7 100644 --- a/app/Http/Controllers/IndividualController.php +++ b/app/Http/Controllers/IndividualController.php @@ -266,7 +266,7 @@ class IndividualController extends AbstractBaseController } $content = ob_get_clean(); - if ($individual->canEdit() && !$fact->isPendingDeletion()) { + if ($fact->canEdit()) { $edit_links = '<a class="btn btn-link" href="#" data-confirm="' . I18N::translate('Are you sure you want to delete this fact?') . '" onclick="return delete_fact(this.dataset.confirm, \'' . e($individual->tree()->name()) . '\', \'' . e($individual->xref()) . '\', \'' . $fact->id() . '\');" title="' . I18N::translate('Delete this name') . '">' . view('icons/delete') . '<span class="sr-only">' . I18N::translate('Delete this name') . '</span></a>' . '<a class="btn btn-link" href="' . e(route('edit-name', ['xref' => $individual->xref(), 'fact_id' => $fact->id(), 'ged' => $individual->tree()->name()])) . '" title="' . I18N::translate('Edit the name') . '">' . view('icons/edit') . '<span class="sr-only">' . I18N::translate('Edit the name') . '</span></a>'; @@ -316,7 +316,7 @@ class IndividualController extends AbstractBaseController $container_class .= ' new'; } - if ($individual->canEdit() && !$fact->isPendingDeletion()) { + if ($individual->canEdit()) { $edit_links = '<a class="btn btn-link" href="' . e(route('edit-fact', ['xref' => $individual->xref(), 'fact_id' => $fact->id(), 'ged' => $individual->tree()->name()])) . '" title="' . I18N::translate('Edit the gender') . '">' . view('icons/edit') . '<span class="sr-only">' . I18N::translate('Edit the gender') . '</span></a>'; } else { $edit_links = ''; diff --git a/resources/views/family-page.phtml b/resources/views/family-page.phtml index 400c1120be..b196bed266 100644 --- a/resources/views/family-page.phtml +++ b/resources/views/family-page.phtml @@ -28,7 +28,7 @@ use Fisharebest\Webtrees\View; <h2 class="wt-page-title mx-auto"> <?= $record->fullName() ?> </h2> - <?php if ($record->canEdit() && !$record->isPendingDeletion()) : ?> + <?php if ($record->canEdit()) : ?> <?= view('family-page-menu', ['record' => $record]) ?> <?php endif ?> </div> diff --git a/resources/views/gedcom-record-page.phtml b/resources/views/gedcom-record-page.phtml index b7cf573b23..14c4ca92d7 100644 --- a/resources/views/gedcom-record-page.phtml +++ b/resources/views/gedcom-record-page.phtml @@ -21,7 +21,7 @@ <h2 class="wt-page-title mx-auto"> <?= $record->fullName() ?> </h2> - <?php if ($record->canEdit() && !$record->isPendingDeletion()) : ?> + <?php if ($record->canEdit()) : ?> <?= view('gedcom-record-page-menu', ['record' => $record]) ?> <?php endif ?> </div> diff --git a/resources/views/individual-page.phtml b/resources/views/individual-page.phtml index 8b28784b61..b8fc5eb661 100644 --- a/resources/views/individual-page.phtml +++ b/resources/views/individual-page.phtml @@ -27,7 +27,7 @@ <h2 class="wt-page-title mx-auto"> <?= $individual->fullName() ?><?= $user_link ?>, <?= $individual->getLifeSpan() ?> <?= $age ?> </h2> - <?php if ($individual->canEdit() && !$individual->isPendingDeletion()) : ?> + <?php if ($individual->canEdit()) : ?> <?= view('individual-page-menu', ['individual' => $individual, 'count_names' => $count_names, 'count_sex' => $count_sex]) ?> <?php endif ?> </div> diff --git a/resources/views/media-page.phtml b/resources/views/media-page.phtml index bcab90e543..f7e7a65730 100644 --- a/resources/views/media-page.phtml +++ b/resources/views/media-page.phtml @@ -22,7 +22,7 @@ <h2 class="wt-page-title mx-auto"> <?= $media->fullName() ?> </h2> - <?php if ($media->canEdit() && !$media->isPendingDeletion()) : ?> + <?php if ($media->canEdit()) : ?> <?= view('media-page-menu', ['record' => $media]) ?> <?php endif ?> </div> diff --git a/resources/views/note-page.phtml b/resources/views/note-page.phtml index 718d0a025d..5389a2383b 100644 --- a/resources/views/note-page.phtml +++ b/resources/views/note-page.phtml @@ -21,7 +21,7 @@ <h2 class="wt-page-title mx-auto"> <?= $note->fullName() ?> </h2> - <?php if ($note->canEdit() && !$note->isPendingDeletion()) : ?> + <?php if ($note->canEdit()) : ?> <?= view('note-page-menu', ['record' => $note]) ?> <?php endif ?> </div> diff --git a/resources/views/repository-page.phtml b/resources/views/repository-page.phtml index e0f0bd1fa8..4bd2d05b44 100644 --- a/resources/views/repository-page.phtml +++ b/resources/views/repository-page.phtml @@ -25,7 +25,7 @@ use Fisharebest\Webtrees\I18N; <h2 class="wt-page-title mx-auto"> <?= $repository->fullName() ?> </h2> - <?php if ($repository->canEdit() && !$repository->isPendingDeletion()) : ?> + <?php if ($repository->canEdit()) : ?> <?= view('repository-page-menu', ['record' => $repository]) ?> <?php endif ?> </div> diff --git a/resources/views/source-page.phtml b/resources/views/source-page.phtml index ebde2ba52c..5aa77f2325 100644 --- a/resources/views/source-page.phtml +++ b/resources/views/source-page.phtml @@ -21,7 +21,7 @@ <h2 class="wt-page-title mx-auto"> <?= $source->fullName() ?> </h2> - <?php if ($source->canEdit() && !$source->isPendingDeletion()) : ?> + <?php if ($source->canEdit()) : ?> <?= view('source-page-menu', ['record' => $source]) ?> <?php endif ?> </div> |
