"Can edit my webpages" permissions
This commit is contained in:
Thomas Willingham
parent
2a848c0d37
commit
f3791d48b0
@ -5,26 +5,51 @@ require_once('acl_selectors.php');
|
||||
|
||||
function editwebpage_content(&$a) {
|
||||
|
||||
$o = '';
|
||||
// We first need to figure out who owns the webpage, grab it from an argument
|
||||
$which = argv(1);
|
||||
logger('which: ' . print_r ($which,true));
|
||||
|
||||
// We can do better, but for now, editing only works for your own pages, so...
|
||||
if(! local_user()) {
|
||||
notice( t('Permission denied.') . EOL);
|
||||
return;
|
||||
// $a->get_channel() and stuff don't work here, so we've got to find the owner for ourselves.
|
||||
$owner = q("select channel_id from channel where channel_address = '%s'",
|
||||
dbesc($which)
|
||||
);
|
||||
|
||||
|
||||
if((local_user()) && (argc() > 2) && (argv(2) === 'view')) {
|
||||
$which = $channel['channel_address'];
|
||||
}
|
||||
|
||||
$post_id = ((argc() > 1) ? intval(argv(1)) : 0);
|
||||
|
||||
$o = '';
|
||||
|
||||
|
||||
// Figure out which post we're editing
|
||||
$post_id = ((argc() > 2) ? intval(argv(2)) : 0);
|
||||
|
||||
|
||||
if(! $post_id) {
|
||||
notice( t('Item not found') . EOL);
|
||||
return;
|
||||
}
|
||||
|
||||
// uid and author_xchan alone should be enough - but it doesn't seem to be any more expensive to use both, so keep it in case of edge cases
|
||||
$itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s and author_xchan = '%s' LIMIT 1",
|
||||
// Now we've got a post and an owner, let's find out if we're allowed to edit it
|
||||
|
||||
$observer = $a->get_observer();
|
||||
$ob_hash = (($observer) ? $observer['xchan_hash'] : '');
|
||||
|
||||
$perms = get_all_perms($owner,$ob_hash);
|
||||
|
||||
if(! $perms['write_pages']) {
|
||||
notice( t('Permission denied.') . EOL);
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
|
||||
// We've already figured out which item we want and whose copy we need, so we don't need anything fancy here
|
||||
$itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s LIMIT 1",
|
||||
intval($post_id),
|
||||
intval(local_user()),
|
||||
dbesc(get_observer_hash())
|
||||
intval($owner)
|
||||
);
|
||||
|
||||
|
||||
@ -61,9 +86,14 @@ function editwebpage_content(&$a) {
|
||||
|
||||
//$tpl = replace_macros($tpl,array('$jotplugins' => $jotplugins));
|
||||
|
||||
//FIXME A return path with $_SESSION doesn't work for observer (at least, not here it doesn't). It'll WSoD instead of loading a sensible page. So, send folk
|
||||
//back to the channel address until somebody figures out how to fix it - we can't send them back to webpages, because that could leak private pages they can't see
|
||||
//when ACL is done.
|
||||
|
||||
$rp = 'channel' . '/' . $which;
|
||||
|
||||
$o .= replace_macros($tpl,array(
|
||||
'$return_path' => $_SESSION['return_url'],
|
||||
'$return_path' => $rp,
|
||||
'$action' => 'item',
|
||||
'$share' => t('Edit'),
|
||||
'$upload' => t('Upload photo'),
|
||||
@ -93,7 +123,7 @@ function editwebpage_content(&$a) {
|
||||
'$lockstate' => $lockstate,
|
||||
'$acl' => '',
|
||||
'$bang' => '',
|
||||
'$profile_uid' => local_user(),
|
||||
'$profile_uid' => (intval($owner)),
|
||||
'$preview' => ((feature_enabled(local_user(),'preview')) ? t('Preview') : ''),
|
||||
'$jotplugins' => $jotplugins,
|
||||
'$sourceapp' => t($a->sourcename),
|
||||
|
||||
@ -60,10 +60,12 @@ $r = q("select * from item_id where uid = %d and service = 'WEBPAGE'",
|
||||
}
|
||||
|
||||
|
||||
|
||||
//Build the base URL for edit links
|
||||
$url = z_root() . "/editwebpage/" . $a->profile['channel_address'];
|
||||
// This isn't pretty, but it works. Until I figure out what to do with the UI, it's Good Enough(TM).
|
||||
return $o . replace_macros(get_markup_template("webpagelist.tpl"), array(
|
||||
'$editlink' => t('Edit'),
|
||||
'$baseurl' => $url,
|
||||
'$edit' => t('Edit'),
|
||||
'$pages' => $pages,
|
||||
'$channel' => $a->profile['channel_address'],
|
||||
'$view' => t('View'),
|
||||
|
||||
@ -1,9 +1,20 @@
|
||||
<script type="text/javascript" charset="utf-8">
|
||||
$(document).ready(function(){
|
||||
$("a[rel^='prettyPhoto']").prettyPhoto({theme: 'dark_rounded'});
|
||||
});
|
||||
</script>
|
||||
|
||||
{{if $pages}}
|
||||
|
||||
<div id="pagelist-content-wrapper">
|
||||
{{foreach $pages as $key => $items}}
|
||||
{{foreach $items as $item}}
|
||||
<div class="page-list-item"><a href="editwebpage/{{$item.url}}">{{$editlink}}</a> | <a href="page/{{$channel}}/{{$item.title}}">{{$view}}</a> {{$item.title}}</div>
|
||||
<div class="page-list-item"><a href="{{$baseurl}}/{{$item.url}}">{{$edit}}</a> |
|
||||
<a href="page/{{$channel}}/{{$item.title}}">{{$view}}</a>
|
||||
{{$item.title}} |
|
||||
<a href="page/{{$channel}}/{{$item.title}}?iframe=true&width=80%&height=80%" rel="prettyPhoto[iframes]">Preview</a>
|
||||
|
||||
</div>
|
||||
{{/foreach}}
|
||||
{{/foreach}}
|
||||
</div>
|
||||
|
||||
Reference in New Issue
Block a user