harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

some work on events permissions

Browse Source
This commit is contained in:
friendica 2013-12-01 23:49:52 -08:00
parent 55d8ed17a7
commit 3fdc3515b5
2 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
mod/events.php
View File

@ -11,7 +11,7 @@ function events_post(&$a) {
return; return;
$event_id = ((x($_POST,'event_id')) ? intval($_POST['event_id']) : 0); $event_id = ((x($_POST,'event_id')) ? intval($_POST['event_id']) : 0);
$cid = ((x($_POST,'cid')) ? intval($_POST['cid']) : 0); $xchan = ((x($_POST,'xchan')) ? dbesc($_POST['xchan']) : '');
$uid = local_user(); $uid = local_user();
$startyear = intval($_POST['startyear']); $startyear = intval($_POST['startyear']);
$startmonth = intval($_POST['startmonth']); $startmonth = intval($_POST['startmonth']);
@ -28,6 +28,11 @@ function events_post(&$a) {
$adjust = intval($_POST['adjust']); $adjust = intval($_POST['adjust']);
$nofinish = intval($_POST['nofinish']); $nofinish = intval($_POST['nofinish']);
// only allow editing your own events.
if(($xchan) && ($xchan !== get_observer_hash()))
return;
// The default setting for the `private` field in event_store() is false, so mirror that // The default setting for the `private` field in event_store() is false, so mirror that
$private_event = false; $private_event = false;
@ -389,11 +394,9 @@ function events_content(&$a) {
else else
$sh_checked = (($orig_event['allow_cid'] === '<' . $channel['channel_hash'] . '>' && (! $orig_event['allow_gid']) && (! $orig_event['deny_cid']) && (! $orig_event['deny_gid'])) ? '' : ' checked="checked" ' ); $sh_checked = (($orig_event['allow_cid'] === '<' . $channel['channel_hash'] . '>' && (! $orig_event['allow_gid']) && (! $orig_event['deny_cid']) && (! $orig_event['deny_gid'])) ? '' : ' checked="checked" ' );
if($cid) if($orig_event['event_xchan'])
$sh_checked .= ' disabled="disabled" '; $sh_checked .= ' disabled="disabled" ';
$tpl = get_markup_template('event_form.tpl'); $tpl = get_markup_template('event_form.tpl');
$sdt = ((x($orig_event)) ? $orig_event['start'] : 'now'); $sdt = ((x($orig_event)) ? $orig_event['start'] : 'now');
@ -426,6 +429,15 @@ function events_content(&$a) {
require_once('include/acl_selectors.php'); require_once('include/acl_selectors.php');
$perm_defaults = array(
'allow_cid' => $channel['channel_allow_cid'],
'allow_gid' => $channel['channel_allow_gid'],
'deny_cid' => $channel['channel_deny_cid'],
'deny_gid' => $channel['channel_deny_gid']
);
$o .= replace_macros($tpl,array( $o .= replace_macros($tpl,array(
'$post' => $a->get_baseurl() . '/events', '$post' => $a->get_baseurl() . '/events',
'$eid' => $eid, '$eid' => $eid,
@ -453,8 +465,7 @@ function events_content(&$a) {
'$t_orig' => $t_orig, '$t_orig' => $t_orig,
'$sh_text' => t('Share this event'), '$sh_text' => t('Share this event'),
'$sh_checked' => $sh_checked, '$sh_checked' => $sh_checked,
// FIXME '$acl' => (($orig_event['event_xchan']) ? '' : populate_acl(((x($orig_event)) ? $orig_event : $perm_defaults))),
'$acl' => (($cid) ? '' : populate_acl(((x($orig_event)) ? $orig_event : $a->user),false)),
'$submit' => t('Submit') '$submit' => t('Submit')
)); ));

2
view/tpl/event_form.tpl
View File

@ -7,7 +7,7 @@
<form action="{{$post}}" method="post" > <form action="{{$post}}" method="post" >
<input type="hidden" name="event_id" value="{{$eid}}" /> <input type="hidden" name="event_id" value="{{$eid}}" />
<input type="hidden" name="cid" value="{{$cid}}" /> <input type="hidden" name="xchan" value="{{$xchan}}" />
<input type="hidden" name="mid" value="{{$mid}}" /> <input type="hidden" name="mid" value="{{$mid}}" />
<div id="event-start-text">{{$s_text}}</div> <div id="event-start-text">{{$s_text}}</div>