From d761c251bfd236882d50e24a6e2ae1cd9834bd5b Mon Sep 17 00:00:00 2001 From: Flatlogic Bot Date: Fri, 20 Feb 2026 19:47:42 +0000 Subject: [PATCH] ReleaseV10+EventsRights --- api_v1_events.php | 8 ++--- api_v1_roles.php | 5 ++- assets/js/main.js | 12 +++++++ includes/permissions.php | 3 ++ index.php | 67 ++++++++++++++++++++++++++++++++++++++-- 5 files changed, 87 insertions(+), 8 deletions(-) diff --git a/api_v1_events.php b/api_v1_events.php index 7e02417..7be64ad 100644 --- a/api_v1_events.php +++ b/api_v1_events.php @@ -41,7 +41,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { $server_id = $channel['server_id']; // Check permission - if (!Permissions::hasPermission($user_id, $server_id, Permissions::MANAGE_CHANNELS)) { + if (!Permissions::canDoInChannel($user_id, $channel_id, Permissions::CREATE_EVENT)) { echo json_encode(['success' => false, 'error' => 'Permission refusée']); exit; } @@ -122,7 +122,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { exit; } - if ($event['user_id'] != $user_id && !Permissions::hasPermission($user_id, $event['server_id'], Permissions::MANAGE_CHANNELS)) { + if ($event['user_id'] != $user_id && !Permissions::canDoInChannel($user_id, $event['channel_id'], Permissions::EDIT_EVENT)) { echo json_encode(['success' => false, 'error' => 'Permission refusée']); exit; } @@ -198,8 +198,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { exit; } - // Check permission (creator or manage_channels) - if ($event['user_id'] != $user_id && !Permissions::hasPermission($user_id, $event['server_id'], Permissions::MANAGE_CHANNELS)) { + // Check permission (creator or delete_event) + if ($event['user_id'] != $user_id && !Permissions::canDoInChannel($user_id, $event['channel_id'], Permissions::DELETE_EVENT)) { echo json_encode(['success' => false, 'error' => 'Permission refusée']); exit; } diff --git a/api_v1_roles.php b/api_v1_roles.php index 7ee3c76..2d90d80 100644 --- a/api_v1_roles.php +++ b/api_v1_roles.php @@ -72,7 +72,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ['value' => 256, 'name' => 'Pin Threads'], ['value' => 512, 'name' => 'Lock Threads'], ['value' => 1024, 'name' => 'Send Messages in Threads'], - ['value' => 2048, 'name' => 'Speak'] + ['value' => 2048, 'name' => 'Speak'], + ['value' => 4096, 'name' => 'Créer un événement'], + ['value' => 8192, 'name' => 'Modifier un événement'], + ['value' => 16384, 'name' => 'Supprimer un événement'] ] ]); exit; diff --git a/assets/js/main.js b/assets/js/main.js index e5a0915..1ffc3d3 100644 --- a/assets/js/main.js +++ b/assets/js/main.js @@ -1456,6 +1456,12 @@ document.addEventListener('DOMContentLoaded', () => { } else { statusContainer.style.display = 'none'; } + + // Show/Hide event permissions + const eventPerms = document.querySelectorAll('.event-permission-only'); + eventPerms.forEach(p => { + p.style.setProperty('display', channelType === 'event' ? 'block' : 'none', channelType === 'event' ? '' : 'important'); + }); }); }); @@ -1475,6 +1481,12 @@ document.addEventListener('DOMContentLoaded', () => { rssTabNav.style.display = (type === 'announcement') ? 'block' : 'none'; statusContainer.style.display = (type === 'voice') ? 'block' : 'none'; + // Show/Hide event permissions + const eventPerms = document.querySelectorAll('.event-permission-only'); + eventPerms.forEach(p => { + p.style.setProperty('display', type === 'event' ? 'block' : 'none', type === 'event' ? '' : 'important'); + }); + // Rules specific visibility const rulesRoleContainer = document.getElementById('edit-channel-rules-role-container'); if (rulesRoleContainer) { diff --git a/includes/permissions.php b/includes/permissions.php index 089a231..596ff22 100644 --- a/includes/permissions.php +++ b/includes/permissions.php @@ -13,6 +13,9 @@ class Permissions { const LOCK_THREADS = 512; const SEND_MESSAGES_IN_THREADS = 1024; const SPEAK = 2048; + const CREATE_EVENT = 4096; + const EDIT_EVENT = 8192; + const DELETE_EVENT = 16384; public static function hasPermission($user_id, $server_id, $permission) { $stmt = db()->prepare("SELECT is_admin FROM users WHERE id = ?"); diff --git a/index.php b/index.php index 1470727..f9b8336 100644 --- a/index.php +++ b/index.php @@ -234,6 +234,12 @@ if ($is_dm_view) { Permissions::hasPermission($current_user_id, $active_server_id, Permissions::MANAGE_MESSAGES) || Permissions::hasPermission($current_user_id, $active_server_id, Permissions::ADMINISTRATOR) || $is_owner; + + // Event permissions + $can_create_event = Permissions::canDoInChannel($current_user_id, $active_channel_id, Permissions::CREATE_EVENT); + $can_edit_event = Permissions::canDoInChannel($current_user_id, $active_channel_id, Permissions::EDIT_EVENT); + $can_delete_event = Permissions::canDoInChannel($current_user_id, $active_channel_id, Permissions::DELETE_EVENT); + break; } } @@ -887,7 +893,7 @@ $projectImageUrl = $_SERVER['PROJECT_IMAGE_URL'] ?? '';

Événements

Découvrez et gérez les événements à venir.

- + @@ -901,7 +907,7 @@ $projectImageUrl = $_SERVER['PROJECT_IMAGE_URL'] ?? '';

Aucun événement prévu pour le moment.

- +

Cliquez sur "Ajouter un événement" pour commencer.

@@ -982,7 +988,7 @@ $projectImageUrl = $_SERVER['PROJECT_IMAGE_URL'] ?? '';
- + + + @@ -2887,6 +2895,59 @@ document.addEventListener('DOMContentLoaded', () => {
+ + + + + + + +