Fixed bug in access control. Hide new wiki/page buttons if not channel owner.

2016-05-29 21:23:56 -04:00 · 2016-05-29 21:23:56 -04:00 · 4b350b9090
commit 4b350b9090
parent a3dfdd9d38
3 changed files with 3 additions and 7 deletions
--- a/Zotlabs/Module/Wiki.php
+++ b/Zotlabs/Module/Wiki.php
@ -97,10 +97,8 @@ class Wiki extends \Zotlabs\Web\Controller {
 			$wikiheader = rawurldecode(argv(2)) . ': ' . rawurldecode($pagename);	// show wiki name and page			
 			$p = wiki_get_page_content(array('wiki_resource_id' => $resource_id, 'page' => $pagename));
 			if(!$p['success']) {
-				logger('wiki_get_page_content: ' . $p['message']);
 				$content = 'Error retrieving page content. Try again.';
 			}
-			logger('content: ' . $content);
 			$content = ($p['content'] !== '' ? $p['content'] : '"# New page\n"');
 			$hide_editor = false;
 			$showPageControls = $wiki_owner;
--- a/include/wiki.php
+++ b/include/wiki.php
@ -8,11 +8,7 @@ use \Zotlabs\Storage\GitRepo as GitRepo;
 define ( 'WIKI_ITEM_RESOURCE_TYPE', 'wiki' );

 function wiki_list($channel, $observer_hash) {
-	if (local_channel() || remote_channel()) {
-		$sql_extra = item_permissions_sql($channel['channel_id'], $observer_hash);
-	} else {
-		$sql_extra = " AND item_private = 0 ";
-	}
+	$sql_extra = item_permissions_sql($channel['channel_id'], $observer_hash);
 	$wikis = q("SELECT * FROM item WHERE resource_type = '%s' AND mid = parent_mid AND item_deleted = 0 $sql_extra", 
 			dbesc(WIKI_ITEM_RESOURCE_TYPE)
 	);
--- a/view/tpl/wiki.tpl
+++ b/view/tpl/wiki.tpl
@ -14,8 +14,10 @@
 <div class="generic-content-wrapper">
  <div class="section-title-wrapper">
    <div class="pull-right">
+      {{if $showPageControls}}
      <button class="btn btn-primary btn-xs" onclick="$('#new-page-form-wrapper').hide(); openClose('new-wiki-form-wrapper');">New Wiki</button>
      <button class="btn btn-success btn-xs" onclick="$('#new-wiki-form-wrapper').hide(); openClose('new-page-form-wrapper');">New Page</button>
+      {{/if}}
      <button id="fullscreen-btn" type="button" class="btn btn-default btn-xs" onclick="makeFullScreen();
          adjustFullscreenTopBarHeight();"><i class="fa fa-expand"></i></button>
      <button id="inline-btn" type="button" class="btn btn-default btn-xs" onclick="makeFullScreen(false);