As per title, I've hardened the canContact() permissions check function and added a few additional permissions checks.
Update 1: The viewing user must have permission to start direct messages (Core XF Direct message permissions).
Update 2: The Ad Owner user must have permission to Receive new direct messages (Core XF Direct message permissions). .
These were not included (ON PURPOSE), so that admins could disable the DM system for general use, but still be able to use DMs for CAS Contact purposes. Altho this was done with good intentions, this unfortunately has led to way to many Tickets complaining that members should not be able to contact Ad Owners if they don't have the core XF DM permission to start direct messages (as well as DMing Ad Owners that don't have permission to receive DMs).
For those of you that need to disable the DM system, but still want Members to be able to Contact Ad Owners via DMs, it is an easy File Edit that you can probably hire a developer to whip you up a quick addon that extends the Ad Entity so that you can override the canContact() function with your own.
Update 1: The viewing user must have permission to start direct messages (Core XF Direct message permissions).
Update 2: The Ad Owner user must have permission to Receive new direct messages (Core XF Direct message permissions). .
These were not included (ON PURPOSE), so that admins could disable the DM system for general use, but still be able to use DMs for CAS Contact purposes. Altho this was done with good intentions, this unfortunately has led to way to many Tickets complaining that members should not be able to contact Ad Owners if they don't have the core XF DM permission to start direct messages (as well as DMing Ad Owners that don't have permission to receive DMs).
For those of you that need to disable the DM system, but still want Members to be able to Contact Ad Owners via DMs, it is an easy File Edit that you can probably hire a developer to whip you up a quick addon that extends the Ad Entity so that you can override the canContact() function with your own.
Upvote
0
