harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

"Can edit my webpages" permissions

Browse Source
This commit is contained in:
Thomas Willingham 2013-08-01 18:40:50 +01:00
parent 2a848c0d37
commit f3791d48b0
3 changed files with 58 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
mod/editwebpage.php
View File

@ -5,26 +5,51 @@ require_once('acl_selectors.php');
function editwebpage_content(&$a) { function editwebpage_content(&$a) {
$o = ''; // We first need to figure out who owns the webpage, grab it from an argument
$which = argv(1);
logger('which: ' . print_r ($which,true));
// We can do better, but for now, editing only works for your own pages, so... // $a->get_channel() and stuff don't work here, so we've got to find the owner for ourselves.
if(! local_user()) { $owner = q("select channel_id from channel where channel_address = '%s'",
notice( t('Permission denied.') . EOL); dbesc($which)
return; );
if((local_user()) && (argc() > 2) && (argv(2) === 'view')) {
$which = $channel['channel_address'];
} }
$post_id = ((argc() > 1) ? intval(argv(1)) : 0);
$o = '';
// Figure out which post we're editing
$post_id = ((argc() > 2) ? intval(argv(2)) : 0);
if(! $post_id) { if(! $post_id) {
notice( t('Item not found') . EOL); notice( t('Item not found') . EOL);
return; return;
} }
// uid and author_xchan alone should be enough - but it doesn't seem to be any more expensive to use both, so keep it in case of edge cases // Now we've got a post and an owner, let's find out if we're allowed to edit it
$itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s and author_xchan = '%s' LIMIT 1",
$observer = $a->get_observer();
$ob_hash = (($observer) ? $observer['xchan_hash'] : '');
$perms = get_all_perms($owner,$ob_hash);
if(! $perms['write_pages']) {
notice( t('Permission denied.') . EOL);
return;
}
// We've already figured out which item we want and whose copy we need, so we don't need anything fancy here
$itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s LIMIT 1",
intval($post_id), intval($post_id),
intval(local_user()), intval($owner)
dbesc(get_observer_hash())
); );
@ -61,9 +86,14 @@ function editwebpage_content(&$a) {
//$tpl = replace_macros($tpl,array('$jotplugins' => $jotplugins)); //$tpl = replace_macros($tpl,array('$jotplugins' => $jotplugins));
//FIXME A return path with $_SESSION doesn't work for observer (at least, not here it doesn't). It'll WSoD instead of loading a sensible page. So, send folk
//back to the channel address until somebody figures out how to fix it - we can't send them back to webpages, because that could leak private pages they can't see
//when ACL is done.
$rp = 'channel' . '/' . $which;
$o .= replace_macros($tpl,array( $o .= replace_macros($tpl,array(
'$return_path' => $_SESSION['return_url'], '$return_path' => $rp,
'$action' => 'item', '$action' => 'item',
'$share' => t('Edit'), '$share' => t('Edit'),
'$upload' => t('Upload photo'), '$upload' => t('Upload photo'),
@ -93,7 +123,7 @@ function editwebpage_content(&$a) {
'$lockstate' => $lockstate, '$lockstate' => $lockstate,
'$acl' => '', '$acl' => '',
'$bang' => '', '$bang' => '',
'$profile_uid' => local_user(), '$profile_uid' => (intval($owner)),
'$preview' => ((feature_enabled(local_user(),'preview')) ? t('Preview') : ''), '$preview' => ((feature_enabled(local_user(),'preview')) ? t('Preview') : ''),
'$jotplugins' => $jotplugins, '$jotplugins' => $jotplugins,
'$sourceapp' => t($a->sourcename), '$sourceapp' => t($a->sourcename),

6
mod/webpages.php
View File

@ -60,10 +60,12 @@ $r = q("select * from item_id where uid = %d and service = 'WEBPAGE'",
} }
//Build the base URL for edit links
$url = z_root() . "/editwebpage/" . $a->profile['channel_address'];
// This isn't pretty, but it works. Until I figure out what to do with the UI, it's Good Enough(TM). // This isn't pretty, but it works. Until I figure out what to do with the UI, it's Good Enough(TM).
return $o . replace_macros(get_markup_template("webpagelist.tpl"), array( return $o . replace_macros(get_markup_template("webpagelist.tpl"), array(
'$editlink' => t('Edit'), '$baseurl' => $url,
'$edit' => t('Edit'),
'$pages' => $pages, '$pages' => $pages,
'$channel' => $a->profile['channel_address'], '$channel' => $a->profile['channel_address'],
'$view' => t('View'), '$view' => t('View'),

13
view/tpl/webpagelist.tpl
View File

@ -1,9 +1,20 @@
<script type="text/javascript" charset="utf-8">
$(document).ready(function(){
$("a[rel^='prettyPhoto']").prettyPhoto({theme: 'dark_rounded'});
});
</script>
{{if $pages}} {{if $pages}}
<div id="pagelist-content-wrapper"> <div id="pagelist-content-wrapper">
{{foreach $pages as $key => $items}} {{foreach $pages as $key => $items}}
{{foreach $items as $item}} {{foreach $items as $item}}
<div class="page-list-item"><a href="editwebpage/{{$item.url}}">{{$editlink}}</a> | <a href="page/{{$channel}}/{{$item.title}}">{{$view}}</a> {{$item.title}}</div> <div class="page-list-item"><a href="{{$baseurl}}/{{$item.url}}">{{$edit}}</a> |
<a href="page/{{$channel}}/{{$item.title}}">{{$view}}</a>
{{$item.title}} |
<a href="page/{{$channel}}/{{$item.title}}?iframe=true&width=80%&height=80%" rel="prettyPhoto[iframes]">Preview</a>
</div>
{{/foreach}} {{/foreach}}
{{/foreach}} {{/foreach}}
</div> </div>