Add possibility to anonymous to refresh feeds

Obviously, it's optional! (and deactivate by default)
Need some more tests?
See #351

7 files changed, 42 insertions, 4 deletions

diff --git a/app/Controllers/feedController.php b/app/Controllers/feedController.php
index 264607216..7114fc196 100755
--- a/app/Controllers/feedController.php
+++ b/app/Controllers/feedController.php
@@ -7,7 +7,9 @@ class FreshRSS_feed_Controller extends Minz_ActionController {
 			$token_param = Minz_Request::param ('token', '');
 			$token_is_ok = ($token != '' && $token == $token_param);
 			$action = Minz_Request::actionName ();
-			if (!($token_is_ok && $action === 'actualize')) {
+			if (!(($token_is_ok || Minz_Configuration::allowAnonymousRefresh()) &&
+				$action === 'actualize')
+			) {
 				Minz_Error::error (
 					403,
 					array ('error' => array (Minz_Translate::t ('access_denied')))
diff --git a/app/Controllers/usersController.php b/app/Controllers/usersController.php
index 8314b75fc..bb4f34c5e 100644
--- a/app/Controllers/usersController.php
+++ b/app/Controllers/usersController.php
@@ -54,11 +54,16 @@ class FreshRSS_users_Controller extends Minz_ActionController {
 
 				$anon = Minz_Request::param('anon_access', false);
 				$anon = ((bool)$anon) && ($anon !== 'no');
+				$anon_refresh = Minz_Request::param('anon_refresh', false);
+				$anon_refresh = ((bool)$anon_refresh) && ($anon_refresh !== 'no');
 				$auth_type = Minz_Request::param('auth_type', 'none');
 				if ($anon != Minz_Configuration::allowAnonymous() ||
-					$auth_type != Minz_Configuration::authType()) {
+					$auth_type != Minz_Configuration::authType() ||
+					$anon_refresh != Minz_Configuration::allowAnonymousRefresh()) {
+
 					Minz_Configuration::_authType($auth_type);
 					Minz_Configuration::_allowAnonymous($anon);
+					Minz_Configuration::_allowAnonymousRefresh($anon_refresh);
 					$ok &= Minz_Configuration::writeFile();
 				}
 			}
diff --git a/app/i18n/en.php b/app/i18n/en.php
index 369853610..fd51eb1ca 100644
--- a/app/i18n/en.php
+++ b/app/i18n/en.php
@@ -175,6 +175,7 @@ return array (
 	'password_form'			=> 'Password<br /><small>(for the Web-form login method)</small>',
 	'persona_connection_email'	=> 'Login mail address<br /><small>(for <a href="https://persona.org/" rel="external">Mozilla Persona</a>)</small>',
 	'allow_anonymous'		=> 'Allow anonymous reading of the articles of the default user (%s)',
+	'allow_anonymous_refresh'	=> 'Allow anonymous refresh of the articles',
 	'auth_token'			=> 'Authentication token',
 	'explain_token'			=> 'Allows to access RSS output of the default user without authentication.<br /><kbd>%s?output=rss&token=%s</kbd>',
 	'login_configuration'		=> 'Login',
diff --git a/app/i18n/fr.php b/app/i18n/fr.php
index 275c3b1d8..17e26f493 100644
--- a/app/i18n/fr.php
+++ b/app/i18n/fr.php
@@ -175,6 +175,7 @@ return array (
 	'default_user'			=> 'Nom de l’utilisateur par défaut <small>(16 caractères alphanumériques maximum)</small>',
 	'persona_connection_email'	=> 'Adresse courriel de connexion<br /><small>(pour <a href="https://persona.org/" rel="external">Mozilla Persona</a>)</small>',
 	'allow_anonymous'		=> 'Autoriser la lecture anonyme des articles de l’utilisateur par défaut (%s)',
+	'allow_anonymous_refresh'	=> 'Autoriser le rafraîchissement anonyme des flux',
 	'auth_token'			=> 'Jeton d’identification',
 	'explain_token'			=> 'Permet d’accéder à la sortie RSS de l’utilisateur par défaut sans besoin de s’authentifier.<br /><kbd>%s?output=rss&token=%s</kbd>',
 	'login_configuration'		=> 'Identification',
diff --git a/app/layout/nav_menu.phtml b/app/layout/nav_menu.phtml
index c807e6dd5..98064a6f7 100644
--- a/app/layout/nav_menu.phtml
+++ b/app/layout/nav_menu.phtml
@@ -6,9 +6,11 @@
 	<a class="btn toggle_aside" href="#aside_flux"><?php echo FreshRSS_Themes::icon('category'); ?></a>
 	<?php } ?>
 
-	<?php if ($this->loginOk) { ?>
+	<?php if ($this->loginOk || Minz_Configuration::allowAnonymousRefresh()) { ?>
 	<a id="actualize" class="btn" href="<?php echo _url ('feed', 'actualize'); ?>"><?php echo FreshRSS_Themes::icon('refresh'); ?></a>
+	<?php } ?>
 
+	<?php if ($this->loginOk) { ?>
 	<?php
 		$get = false;
 		$string_mark = Minz_Translate::t ('mark_all_read');
diff --git a/app/views/configure/users.phtml b/app/views/configure/users.phtml
index a9465d431..1305feac9 100644
--- a/app/views/configure/users.phtml
+++ b/app/views/configure/users.phtml
@@ -70,6 +70,16 @@
 			</div>
 		</div>
 
+		<div class="form-group">
+			<div class="group-controls">
+				<label class="checkbox" for="anon_refresh">
+					<input type="checkbox" name="anon_refresh" id="anon_refresh" value="1"<?php echo Minz_Configuration::allowAnonymousRefresh() ? ' checked="checked"' : '',
+						Minz_Configuration::canLogIn() ? '' : ' disabled="disabled"'; ?> />
+					<?php echo Minz_Translate::t('allow_anonymous_refresh'); ?>
+				</label>
+			</div>
+		</div>
+
 		<?php if (Minz_Configuration::canLogIn()) { ?>
 		<div class="form-group">
 			<label class="group-name" for="token"><?php echo Minz_Translate::t('auth_token'); ?></label>
diff --git a/lib/Minz/Configuration.php b/lib/Minz/Configuration.php
index 572b9984d..b3de9e39e 100644
--- a/lib/Minz/Configuration.php
+++ b/lib/Minz/Configuration.php
@@ -52,6 +52,7 @@ class Minz_Configuration {
 	private static $delay_cache = 3600;
 	private static $default_user = '';
 	private static $allow_anonymous = false;
+	private static $allow_anonymous_refresh = false;
 	private static $auth_type = 'none';
 
 	private static $db = array (
@@ -118,6 +119,9 @@ class Minz_Configuration {
 	public static function allowAnonymous() {
 		return self::$allow_anonymous;
 	}
+	public static function allowAnonymousRefresh() {
+		return self::$allow_anonymous_refresh;
+	}
 	public static function authType() {
 		return self::$auth_type;
 	}
@@ -131,6 +135,9 @@ class Minz_Configuration {
 	public static function _allowAnonymous($allow = false) {
 		self::$allow_anonymous = ((bool)$allow) && self::canLogIn();
 	}
+	public static function _allowAnonymousRefresh($allow = false) {
+		self::$allow_anonymous_refresh = ((bool)$allow) && self::allowAnonymous();
+	}
 	public static function _authType($value) {
 		$value = strtolower($value);
 		switch ($value) {
@@ -170,6 +177,7 @@ class Minz_Configuration {
 				'title' => self::$title,
 				'default_user' => self::$default_user,
 				'allow_anonymous' => self::$allow_anonymous,
+				'allow_anonymous_refresh' => self::$allow_anonymous_refresh,
 				'auth_type' => self::$auth_type,
 			),
 			'db' => self::$db,
@@ -276,7 +284,16 @@ class Minz_Configuration {
 			self::_authType($general['auth_type']);
 		}
 		if (isset ($general['allow_anonymous'])) {
-			self::$allow_anonymous = ((bool)($general['allow_anonymous'])) && ($general['allow_anonymous'] !== 'no');
+			self::$allow_anonymous = (
+				((bool)($general['allow_anonymous'])) &&
+				($general['allow_anonymous'] !== 'no')
+			);
+		}
+		if (isset ($general['allow_anonymous_refresh'])) {
+			self::$allow_anonymous_refresh = (
+				((bool)($general['allow_anonymous_refresh'])) &&
+				($general['allow_anonymous_refresh'] !== 'no')
+			);
 		}
 
 		// Base de données