web: require credit to post outside Help categories

[davidpanderson]

Configurable by NEED_CREDIT_TO_POST_EXCEPT_HELP in project.inc (default true)

Also minor code cleanup

Also change ops/delete_account.php to use wipe_account()

---

Summary by cubic

Require computing credit to post outside Help categories, controlled by NEED_CREDIT_TO_POST_EXCEPT_HELP (default true). Also update the delete-user CLI to use wipe_account().

• New Features

  • Block creating threads and replies if the user has zero credit, except in Help categories.
  • Prevent posting in News (dev blog) for non-admins with a clear error message.
  • Keep the “New thread” button visible to logged-in users; server-side checks enforce access.

• Refactors

  • Replace user_can_create_thread() with show_post_button() and centralize rules in check_post_access().
  • Define NEED_CREDIT_TO_POST_EXCEPT_HELP in forum.inc (default true).
  • Switch html/ops/delete_user.php to call wipe_account().
  • Add clarifying comments in delete_account.inc and minor copy cleanups.

^{Written for commit 673b3e7. Summary will update on new commits.}

[cubic-dev-ai]

1 issue found across 5 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="html/inc/forum.inc">

<violation number="1" location="html/inc/forum.inc:1330">
P1: The new help-category credit check can dereference null on team forums because it looks up a category using a team id.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[cubic-dev-ai]

P1: The new help-category credit check can dereference null on team forums because it looks up a category using a team id.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At html/inc/forum.inc, line 1330:

<comment>The new help-category credit check can dereference null on team forums because it looks up a category using a team id.</comment>

<file context>
@@ -1306,34 +1314,49 @@ function check_post_access($user, $forum) {
+    if (NEED_CREDIT_TO_POST_EXCEPT_HELP) {
+        if ($user->total_credit == 0) {
+            $category = BoincCategory::lookup_id($forum->category);
+            if (!$category->is_helpdesk) {
+                error_page(
+                    tra("To create a thread you must have computing credit.")
</file context>

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Adds a configurable rule requiring users to have credit to create threads outside Helpdesk categories, plus some forum posting UX/permission refactoring and an ops script update to use wipe_account() for deletions.

Changes:

• Introduce NEED_CREDIT_TO_POST_EXCEPT_HELP (default true) and enforce “must have credit” outside Helpdesk categories.
• Refactor “New thread” button logic (user_can_create_thread → show_post_button) and move thread-create permission checks into check_post_access().
• Update ops user deletion to call wipe_account().

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
html/user/forum_post.php	Removes inline create-thread gating in favor of centralized check_post_access().
html/user/forum_forum.php	Updates “New thread” button rendering to use show_post_button().
html/ops/delete_user.php	Switches deletion implementation to wipe_account().
html/inc/forum.inc	Adds new config flag + new credit gating logic; refactors post button + access checks.
html/inc/delete_account.inc	Clarifies deletion-method docs and adds editorial note.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

$forum->category is not always a BoincCategory ID (e.g., team forums use category as a team ID—see existing is_moderator() logic). In those cases BoincCategory::lookup_id($forum->category) will return the wrong record or null, and $category->is_helpdesk can break. Fix by applying the Helpdesk exception only for parent_type == 0 (public forums/categories), or otherwise branching per parent_type and only doing BoincCategory lookup when the ID is actually a category ID.

[Copilot]

This introduces a non-localized error string in a user-facing path while nearby errors use tra(). Wrap the message in tra() for translation consistency, and consider aligning wording with the action being blocked (e.g., thread creation vs posting generally) since this function is used for access enforcement.

Suggested change

	error_page("Can't post to News");
	error_page(tra("Can't post to News"));

[Copilot]

PR description says it changes ops/delete_account.php to use wipe_account(), but the actual change here is in html/ops/delete_user.php. Please update the PR description to match the filename being modified (or adjust the code change if the intent was a different script).

[Copilot]

The NOTE is editorial and not actionable documentation for maintainers/users of this API. Consider rephrasing to an objective recommendation (e.g., when/why wipe_account() is preferred) or removing it to keep the header comment focused on behavior and selection logic.

Suggested change

	// NOTE: this is way too complex. Just use the wipe option.
	// Projects that intend to remove the account and all related DB records
	// should prefer the wipe method.

[Copilot]

Correct the phrase 'forums posts' to 'forum posts'.

Suggested change

	// allow edits of forums posts up to one hour after posting.
	// allow edits of forum posts up to one hour after posting.